v0.1.3

Bug Fixes

• Fix CLI hangs when Docker daemon is unresponsive - All Docker daemon probes (docker version, docker buildx version, docker buildx inspect) now use a 5-second timeout via Child::try_wait() polling. Previously, an unresponsive Docker daemon caused bulkhead doctor, bulkhead status, bulkhead shell, and other commands to hang indefinitely with no output.
• Guard warn_rebuild_if_running with daemon check - The mount add, mount remove, and config git commands no longer hang after completing their primary operation when Docker is unreachable.

Other

• Pre-commit hook now includes gitleaks secret scanning

v0.1.2

Bulkhead v0.1.2 focuses on safer generated devcontainers, isolated clone workflows, and managed agent setup.

Highlights

• Added Bulkhead-managed isolated clone mode for agent work under .bulkhead/clones/, including clone shell, clone list, and clone remove.
• Added managed preinstall support for agent CLIs, with persistent config volumes and environment forwarding for supported agents.
• Added Pi agent support alongside Claude and Codex.
• Hardened devcontainer generation and validation around Docker flags, mounts, build paths, container env, and devcontainer features.
• Added repo-managed verification with a pinned Rust 1.95.0 toolchain, pre-commit hook, CI workflow, and cargo-deny policy.

Security Hardening

• Replaced permissive Docker capability handling with an explicit allowlist. Only NET_ADMIN and NET_RAW are accepted.
• Rejects dangerous container options such as privileged mode, host namespace joins, --volumes-from, security-opt, Docker socket mounts, and broad host exposure patterns.
• Rejects variable-based mount sources and unsafe writable/read-only mount sources that could escape intended host exposure.
• Validates generated build context and Dockerfile paths against symlink escapes.
• Reserves Bulkhead-managed agent env keys and mount targets so user config cannot override agent bootstrap behavior.
• Hardens template installation against symlinked .devcontainer destinations.

Clone Mode

• Adds an isolated Git workflow via bulkhead clone shell <name>.
• Creates independent local clones with isolated checkout files and Git metadata.
• Supports explicit clone creation, base refs, branch selection, detached checkouts, listing, and removal.
• Adds validation for clone names and branch targets.

Agent Support

• Adds agents = ["claude", "codex", "pi"] support in bulkhead.toml.
• Persists ~/.claude, ~/.codex, and ~/.pi in dedicated container volumes.
• Forwards relevant host provider credentials into generated devcontainers.
• Bootstraps pinned Node/nvm tooling for supported npm-installed agents.

Tooling And CI

• Adds ./scripts/verify.sh as the canonical local and CI verification entrypoint.
• Adds GitHub Actions CI running format, clippy, tests, and dependency policy checks.
• Adds shell syntax validation for the bundled post-create script.
• Adds deny.toml and tracks dependency policy with cargo deny check.

Compatibility Notes

This release intentionally rejects some devcontainer and bulkhead.toml configurations that earlier versions may have allowed. Configs using privileged containers, unsafe Docker run args, Docker socket mounts, unknown devcontainer features, unsafe symlinked build paths, or reserved Bulkhead agent env/mount keys now fail validation instead of generating a workspace.

Documentation

• Adds clone-mode documentation and workflow examples.
• Updates README coverage for presets, agents, mount behavior, and validation policy.
• Uses a neutral remote_user = "developer" example.

Verification

• ./scripts/verify.sh
• 76 unit tests pass.
• cargo deny check passes advisories, bans, licenses, and sources. Existing duplicate-version warnings for TOML-related crates remain warnings.

Full changelog: v0.1.1...v0.1.2

v0.1.1

#Bulkhead 0.1.1

Changes:

• add Homebrew install instructions to the README
• bump crate version to 0.1.1

Initial release

Initial release of Bulkhead.

Bulkhead is a hardened devcontainer CLI for local agent work.