Skip to content
Capsem

v0.14

0.14.0 | 2026-03-28

A major release adding Linux support, a config-driven build system, and the KVM hypervisor backend.

Highlights

Section titled “Highlights”

Linux Support (KVM)

Section titled “Linux Support (KVM)”

Capsem now runs on Linux via KVM in addition to macOS via Apple Virtualization.framework. The new hypervisor abstraction layer (Hypervisor, VmHandle, SerialConsole traits) enables platform-agnostic VM management. The KVM backend is a ~5,500 LOC embedded VMM using rust-vmm crates with virtio console, block, vsock, and VirtioFS devices.

Release artifacts include .deb and .AppImage packages alongside the macOS DMG.

capsem-builder

Section titled “capsem-builder”

A new Python package (src/capsem/builder/) replaces the old images/build.py with a config-driven build system:

  • Pydantic models for all guest image TOML configs
  • Jinja2 Dockerfile templates for rootfs and kernel (multi-arch)
  • Compiler-style validation linter with 12 error/warning categories
  • Click CLI with validate, build, inspect, init, add, audit, new, mcp, and doctor commands
  • 408 tests at 97% coverage

Multi-Arch Asset Pipeline

Section titled “Multi-Arch Asset Pipeline”

VM assets (kernel, initrd, rootfs) are now built per-architecture:

  • CI builds arm64 and x86_64 in parallel on native runners
  • Per-arch subdirectories (assets/arm64/, assets/x86_64/)
  • Unified manifest.json with BLAKE3 hashes for both architectures
  • SLSA build provenance attestation per architecture

Settings Schema

Section titled “Settings Schema”

The settings system is now fully config-driven with Pydantic as the canonical schema source:

  • Two-node-type design (GroupNode + SettingNode)
  • JSON Schema generation with cross-language conformance tests (Python/Rust/TypeScript)
  • Batch IPC commands replace 3 parallel calls with 1
  • Settings UI is fully data-driven with no hardcoded group-name checks

Other Changes

Section titled “Other Changes”
  • Direct clonefile(2) syscall: snapshot create dropped from 50ms to 3.7ms (93% faster)
  • Hardlink-based snapshots for cross-platform support
  • 30+ FUSE ops unit tests for the embedded VirtioFS server
  • VirtioFS security hardening: resource limits, async worker thread, safe deserialization
  • Claude Code installed via native installer (curl instead of npm)
  • Guest artifacts reorganized from images/ to guest/config/ and guest/artifacts/
  • Site deployment fixed (npm to pnpm)
  • Snapshot MCP no longer hangs (blocking I/O on spawn_blocking)
  • Numerous snapshot, vacuum, and telemetry fixes

Patch Releases

Section titled “Patch Releases”

0.14.11

Section titled “0.14.11”
  • CI Linux build complete — Tauri signing keys, full updater artifact collection, multi-arch matrix (arm64 + x86_64).
  • just cross-compile — build Linux app (agent + deb + AppImage) in a container from macOS. Clean build, no stale volumes.
  • Container-native compilation — eliminates cross-compile cfg gating issues that caused v0.14.5-v0.14.10.
  • Platform gating — all macOS-only APIs cfg-gated, static analysis test catches ungated symbols.
  • Builder clock skew fixAcquire::Check-Date=false and sync_container_clock() for Podman VM drift.
  • Developer toolingjust doctor codesign verification, platform-aware install hints, actionable errors.
  • Boot timing display — formatted table with proportional bar chart.
  • capsem-bench refactored — split into capsem_bench/ Python package with per-category modules.
  • Site restructuring — capsem-doctor moved to Debugging section, new Benchmarks section with results.

0.14.2

Section titled “0.14.2”
  • KVM virtio_blk split-borrow.take() pattern avoids split-borrow in queue_notify.
  • Guest agent libc::time_t — replaced deprecated type with i64.
  • Developer onboarding — bootstrap script, .dev-setup sentinel, uv check in doctor, README prerequisites, dev-start skill.

0.14.1

Section titled “0.14.1”
  • Builder uses Python blake3 — no longer shells out to b3sum CLI.
  • Site pnpm 10 — fixed workspace detection issues.

See the full changelog for details.