SQL identifier allowlist audit hardening closes a class of injection surface in query-building paths
/healthz now returns three states: ok, degraded (Hasura unreachable), and error — callers can distinguish partial outages
Tracked binary endpoint-auth-checker removed from version control and gitignored
Changes
Features
- feat(security): SQL identifier allowlist audit hardening (P1 W18-T01)
Fixes
- fix(health): three-state /healthz
v1.1.5Patch
v1.1.5
What's Changed
* fix(server): add panic recovery middleware to HTTP server by @acamarata in https://github.com/nself-org/cli/pull/122
* chore(version): bump CLI to v1.1.5 by @acamarata in https://github.com/nself-org/cli/pull/123
What's Changed
* fix(server): add panic recovery middleware to HTTP server by @acamarata in https://github.com/nself-org/cli/pull/122
* chore(version): bump CLI to v1.1.5 by @acamarata in https://github.com/nself-org/cli/pull/123
Full Changelog: https://github.com/nself-org/cli/compare/v1.1.4...v1.1.5
`nself bundle install <name>` (S13.T11) — install all plugins in a bundle in one command. Supported: sentry (13 plugins), family (9 plugins), clawde (8 plugins), claw, chat, tv,
Full signing + verification details: [release-signing.md](https://github.com/nself-org/nself/blob/main/.claude/docs/operations/release-signing.md)
Artifacts
Platform tarballs (linux/darwin × amd64/arm64) + Windows zips (amd64/arm64)
checksums.txt — SHA-256 of all tarballs
sbom.spdx.json
v1.0.14Patch
nSelf CLI v1.0.14
nSelf CLI v1.0.14
nSelf CLI v1.0.14
Channel:stable
Changelog
[Unreleased] — v1.0.14
P98 Batch 1. Performance hardening and operational documentation.
Added
Redis connection-pool tuning (P98-T01). REDIS_POOL_SIZE, REDIS_MIN_IDLE, REDIS_CONNECT_TIMEOUT_MS, REDIS_READ_TIMEOUT_MS, REDIS_WRITE_TIMEOUT_MS env vars. Pool defaults to runtime.NumCPU() * 2 with a min-idle of 2. Backoff on failed pool acquisition. Docs: [[operations/redis-tuning]].
MeiliSearch index warm-up
v1.0.13Patch
v1.0.13
nSelf CLI v1.0.13
nSelf CLI v1.0.13
Channel:stable
Changelog
[Unreleased] — v1.0.13
P97 Wave 11. CLI coverage gates extended past the 75% per-package floor.
Changed
Coverage gate (`.github/workflows/coverage.yml`) extended to enforce 75% per-package floor on internal/trust, internal/ui, internal/watchdog alongside internal/auth + internal/license (G0-T11). Path A fix per CI/CD 100% Green Hard Rule: root-cause coverage authoring, not gate lowering.
P93 LTS release. 50-sprint phase covering CLI stabilization, admin parity, plugin
depth work, reference app polish, web monorepo refresh, release engineering, and
full doc-sync ritual. CLI and admin now ship in lockstep (same version, same cadence).
Added
CLI = Admin lockstep versioning. From v1.0.9 onward, the CLI binary and the
nself/nself-admin Docker image carry the same version number. Version bumps
go through a single coordinated release. Both surfaces can drive local,
staging, and prod environments from a single install (S05, S27).
`nself license` subcommand family hardened.license set, license show,
license revoke
v1.0.8Patch
v1.0.8 — plugin-ai default URL
nSelf CLI v1.0.8
nSelf CLI v1.0.8
One-line quick fix from the P92 inbox triage.
Fixed
- \`nself ai\` default plugin URL. All \nself ai\ subcommands (pool, local, model) defaulted to \http://ai:3680\ which matched neither the real plugin-ai port (3709) nor the generated docker-compose service name. Default is now \http://plugin-ai:3709\; \PLUGIN_AI_INTERNAL_URL\ override still wins.
Upgrade
\brew upgrade nself\ or \brew reinstall nself\.
P92 Wave 7 companion patch release — three bugfixes on top of v1.0.6.
Fixed
- Billing subcommands reachable.nself billing usage, invoice-preview, report, retry-event now dispatch. Parent RunE was unconditionally returning cmd.Help(), shadowing every subcommand. Parent is now conditional.
Added
- JWT secret auto-persist on `nself build`. When Hasura is enabled but HASURA_GRAPHQL_JWT_SECRET is absent, CLI generates a secure random secret via crypto/rand and writes to .env.secrets
v1.0.6Patch
ɳSelf v1.0.6 — P89/P90 + P92 coordinated release
Highlights
- P89: goreleaser configuration, homebrew webhook fix, monitoring compose wiring, compliance checker, expanded env documentation
- P90: fixes + polish across the command tree
- Coordinated with plugins-pro v1.0.1 P92: 200-OK fixes, handler test coverage (AI + Notify Qu
Highlights
- P89: goreleaser configuration, homebrew webhook fix, monitoring compose wiring, compliance checker, expanded env documentation
- P90: fixes + polish across the command tree
- Coordinated with plugins-pro v1.0.1 P92: 200-OK fixes, handler test coverage (AI + Notify Querier interface refactor), 8 Grafana dashboards, Alertmanager rules, BaseURL injection, health tool wiring, AI/Google/Claw/Mux/Voice/Notify/Browser hardening
v1.0.4 marks ɳClaw as production-ready, shipping a complete AI personal assistant experience built entirely on the nSelf plugin ecosystem. This release includes major new features across knowledge management, prompt engineering, agent orchestration, image generation, and chat UX.
What shipped
Session Identity Fix
Root cause of production session issues identified and resolved. Sessions now correctly maintain identity across all API calls.
Knowledge Graph
- Memory rooms for organizing knowledge by topic
- Brain health scoring to track knowledge quality
- Full Obsidian-compatible markdown export
- Bidirectional linking between memory entries
Prompt Library
- 45+ built-in prompt templates across categories
- Prompt chaining for multi-step workflows
- User-created custom prompts with variables
- Share and import prompt collections
Agent Dashboard
- 8 built-in personas (researcher, writer, coder, analyst, etc.)
- Agent marketplace for discovering community agents
- Per-agent conversation history and settings
- Custom agent creation with system prompts
Image Generation
- Multi-provider support (DALL-E, Stable Diffusion, Midjourney API)
- In-conversation image generation and editing
- Gallery view with generation history
- Style presets and negative prompts
v1.0.3Patch
ɳSelf v1.0.3: Security, Observability, 87 Plugins
What's New in v1.0.3
What's New in v1.0.3
New Command: nself security
- nself security audit — Run security checks on your running stack (ufw, fail2ban, sshd, Docker port exposure, env file permissions)
- nself security setup --apply — Apply hardening steps (requires root)
- nself security status — Show current security posture
Plugin Ecosystem: 87 Plugins
- 25 free MIT plugins — core infrastructure
- 62 paid plugins — advanced features including AI, email pipeline, budget tracking, news intelligence, browser automation, voice, and more
- New plugin: nself-claw-budget — Personal expense tracking with AI insights, category management, budget limits, recurring expense detection
nClaw (AI Assistant) Improvements
- WebAuthn passkey authentication with real cryptographic verification
- Standard JWT (golang-jwt/jwt/v5) with token rotation (15min access / 30day refresh)
- Rate limiting on all /claw/* endpoints
- Shell command injection protection
- 19+ tool categories fully wired (agents, audio, browser, contacts, config, cron, feed, git, google, monitoring, mux, notify, nself, openapi, post, secretary, shell, transactions)
- OpenClaw dynamic config pattern — AI can read plugin schemas and configure itself conversationally
- MCP (Model Context Protocol) client for connecting to external tool servers
- Unified federated search across conversations, memories, documents, contacts, topics
- Event visibility system (np_claw_events) for non-AI events from mux, cron, notify
This release completes the security hardening started in v0.9.8 by fixing custom services port bindings.
Bug #13: Custom Services Security ✅
Problem: Custom services (CS_1 through CS_10) were binding to 0.0.0.0 (all network interfaces), allowing external access.
Fix: All custom services now bind to 127.0.0.1 (localhost only), accessible only via nginx reverse proxy.
Changed: src/services/docker/compose-modules/custom-services-templates.sh line 64
Impact: Custom services are now secure by default - no direct external access possible.
Bug #14: .env.computed Generation Debugging ✅
Problem: .env.computed file generation was failing silently with no visibility into the process.
Fix
v0.9.8Patch
nself v0.9.8 - Production Readiness & Help Contract
nself v0.9.8 - Production Readiness & Help Contract
nself v0.9.8 - Production Readiness & Help Contract
Release Date: February 10, 2026
Type: Quality & Portability Release
Status: Production Ready ✅
---
🎯 Release Highlights
This release achieves maximum portability (Bash 3.2+ compatible), implements a help contract across all 31 commands, and hardens CI/CD to fail-closed on critical paths. All verification checks pass (15/15), and the platform is production-ready.
Key Achievements
✅ Bash 3.2 Compatibility (works on macOS default, all Linux, WSL)
✅ Help Contract Implemented (all 31 commands exit 0 with --help)
✅ CI/CD Fail-Closed (critical checks now fail CI on issues)
✅ Zero Credentials in Git (8 credentials sanitized)
✅ 209 Service Templates (verified across 17 languages)
v0.9.7Patch
nself v0.9.7 - Security & CI/CD Complete
nself v0.9.7 - Security & CI/CD Complete
nself v0.9.7 - Security & CI/CD Complete
Release Date: January 31, 2026
Type: Security & Infrastructure Release
Status: Production Ready ✅
---
🎯 Release Highlights
This release achieves 100% CI/CD passing and implements enterprise-grade security features across the entire platform. All 7 GitHub Actions workflows are now green, tenant isolation is fully tested, and comprehensive security scanning is in place.
nself v0.9.6 completes the command consolidation initiative, reducing the CLI from 79 top-level commands to 31 organized commands with logical subcommand hierarchies. This 60.8% reduction dramatically improves discoverability and creates a more intuitive developer experience.
✅ 285+ Subcommands: Organized into logical hierarchies
✅ 100% Backward Compatible: All old commands still work with deprecation warnings
✅ 97% Test Pass Rate: 160/165 comprehensive tests passing
✅ Zero Breaking Changes: Gradual migration path provided
✅ Production Ready: Approved for immediate use
---
🔄 Command Structure
Before v0.9.6 (79 Commands)
Flat list of all commands - hard to remember, difficult to discover
After v0.9.6 (31 Commands)
v0.9.5Patch
nself cli v0.9.5
nself v0.9.5 - Feature Parity & Hardening
Release Date: January 30, 2026
Status: Released
---
Overview
ɳSelf v0.9.5 delivers feature parity with Supabase and Nhost while maintaining superior security, control, and self-hosted flexibility. This release introduces compre
nself v0.9.5 - Feature Parity & Hardening
Release Date: January 30, 2026
Status: Released
---
## Overview
ɳSelf v0.9.5 delivers feature parity with Supabase and Nhost while maintaining superior security, control, and self-hosted flexibility. This release introduces comprehensive real-time communication, OAuth flow improvements, security hardening fixes, and complete feature documentation.
Key Highlights:
- Complete real-time communication system (WebSocket, channels, presence, subscriptions)
- Enhanced OAuth flows with PKCE and state validation
- SQL injection vulnerability fixes across billing system
- Content Security Policy (CSP) framework
- Comprehensive security checklist and audit tools
- Complete documentation for all features
- Migration guides from Supabase and Nhost
## What's New
### 🔄 Real-Time Communication System
Complete Supabase/Nhost-compatible real-time system with database subscriptions, channels, presence tracking, and broadcast messaging.
Database Subscriptions (Change Data Capture):
- Subscribe to INSERT, UPDATE, DELETE events on any table
- Real-time CDC streaming from PostgreSQL
- Row-level filtering with WHERE conditions
- Schema-level and table-level subscriptions
- Event replay from timestamp
- Subscription lifecycle management
Channel Management:
- Public channels (open to all)
- Private channels (invite-only)
- Presence channels (track online users)
- Dynamic channel creation and deletion
- Channel member management
- Metadata and permissions per channel
CI / Chores
- chore(git): remove tracked binary endpoint-auth-checker and add to .gitignore
Notes
Lockstep with admin v1.1.6
The pglite Emscripten ABI shim (NSELF_POSTGRES_MODE) introduced in P1 planning remains experimental and is not part of this release log; no commits landed for it in this window
`nself feature list` (S13.T12) — list all feature flags (cloud-waitlist, sentry-rum-cdn, family-csam-strict, etc.) with current state.
`nself feature enable <flag>` (S13.T12) — flip a feature flag on at runtime; persisted in .env.features.
`nself feature disable <flag>` (S13.T12) — flip a feature flag off.
`nself feature status <flag>` (S13.T12) — show one flag's state plus the source (env, file, default).
`nself backup drill` (S13.T13) — run the full backup → restore → verify cycle against a scratch DB; reports RTO/RPO measured timings. Wired into OPS-DRILL-01 doctor check.
`nself man` (S13.T14) — generate man pages from cobra command tree; installs to $prefix/share/man/man1/nself*.1.
ɳSentry Prometheus auto-scrape (S10.T16) — nself build emits scrape_configs targeting every installed ɳSentry plugin endpoint; no manual prometheus.yml edits.
Loki + Promtail build wiring (S10.T17) — nself build provisions Loki on port 3100 and Promtail tail rules for plugin containers; structured log ingest by default.
ɳSentry Grafana dashboards (S10.T18) — 13 pre-built dashboards (uptime, incidents, SLO burn, RUM CWV, anomaly) auto-imported on nself start when Grafana is enabled.
Alertmanager nsentry receiver (S10.T19) — alert routing config block generated when ɳSentry bundle is installed; routes critical alerts to alert-router plugin.
Doctor check `OBS-SCRAPE-01` (S10.T16) — verifies every ɳSentry plugin endpoint is scraped by Prometheus.
Doctor check `OPS-DRILL-01` (S13.T13) — verifies backup drill has run in the last 7 days; warns at 14d, fails at 30d.
Doctor check `OBS-REDACT-01` (S10.T20) — verifies log/metric redaction rules are present in Promtail config for PII fields.
Doctor check `LEGAL-COPPA-01` (S11.T08) — verifies COPPA age-gate is enabled when ɳFamily social plugin is installed.
Doctor check `LEGAL-GDPR-A9-01` (S11.T09) — verifies GDPR Article 9 special-category-data consent flow is wired when family medical plugins are installed.
Changed
License gate (S08.T03) — nself plugin install now checks ɳSentry bundle entitlements for all 13 ɳSentry plugins.
`nself doctor` (S10.T16, S13.T13, S10.T20, S11.T08, S11.T09) — five new checks added (OBS-SCRAPE-01, OPS-DRILL-01, OBS-REDACT-01, LEGAL-COPPA-01, LEGAL-GDPR-A9-01).
Minimum nSelf CLI version requirement for ɳSentry, ɳFamily, nCloud features: v1.1.0.
Brand display updated in command help text — ɳSelf eta marks now render in non-ASCII-stripped help (S13.T22).
Fixed
Idempotent macOS trust install (S13.T05) — nself trust install, nself dns-setup, nself ports, nself ssl install now state-check before invoking osascript with administrator privileges. Eliminates the 24-prompt burst incident (Admin Prompt Hygiene Hard Rule). Calls return immediately when target state is already configured.
Port collision resolution (S13.T06): ports 3820–3849 block fully documented and enforced in nself doctor --ports.
nself build no longer emits stale prometheus.yml blocks when bundles are removed (S10.T16).
Deprecated
Legacy `nself monitor` subcommands (S10.T21) — nself monitor uptime and nself monitor status are superseded by nself sentry uptime / nself sentry status-page. Wrappers remain for one minor cycle; will be removed in v1.2.0.
Security
Trust install state-checks (S13.T05) close the burst-prompt vector where 30 parallel agents could stack 24 macOS auth dialogs in <30s — see Admin Prompt Hygiene Hard Rule in PPI.
Log redaction (OBS-REDACT-01, S10.T20) ensures PII fields (email, phone, full-name) are redacted at ingest time, never persisted in Loki.
---
Commits since previous release
fix: split synthetic Stripe test fixture to bypass push protection false-positive (6f50547a)
Merge fix/ts-sdk-version-1.0.16 for v1.1.0 release (b912cd53)
after service health check passes; re-runs on config change detected by the watchdog. Docs: [[operations/meilisearch-warmup]].
JWT key rotation operations page (P98-T03). Documents the zero-downtime dual-key rotation flow (already shipped v1.0.10). Includes env var reference, rotation runbook, and rollback steps. Docs: [[operations/jwt-rotation]].
docker-compose.yml header audit (P98-T05). 108 generated compose files across the ecosystem now carry the # GENERATED BY nself build — DO NOT HAND EDIT header. nSelf-First Doctrine CI gate enforces this on every PR.
SPORT F02 sync — pentest-kit (P98-T06). nself pentest-kit added to the command inventory (F02-COMMAND-INVENTORY.md). Command count: 83.
Bus-factor D9 backup-admin deferrals (P98-T07). D9 deferred for 9 external accounts (Apple Developer, Google Play, LiveKit, HubSpot, Email-on-Acid, GitHub Sponsors). Documented in bus-factor.md with deferred-until date and re-evaluation trigger.
Notes
No new CLI commands added to the binary in this batch (pentest-kit existed; F02 was stale).
No version bump yet. v1.0.14 tag pending user approval.
Added (Batch 2)
Hasura metadata backup cron (P98-T13). Daily 02:00 UTC backup via cli/internal/backup/hasura_metadata.go and cli/internal/maintenance/hasura_metadata_cron.go. Systemd timer + macOS LaunchDaemon (TZ=UTC enforced). New BACKUP-METADATA-01 doctor check in --deep. File mode 0600. Docs: [[operations/hasura-metadata-backup]].
SSRF guard partial — claw DNS-rebinding hotfix (P98-T12 partial). Closes a TOCTOU bug in claw browser client. Multi-service migration to a unified shared SSRF package (notify, mux, browser, ai) deferred to v1.1.0 per Opus CR-C findings.
JWT key rotation hardening (P98-T11 fixes from CR-C). 11 follow-on fixes from the security review: flock(2) on rotation log to prevent concurrent races, XDG_STATE_HOME fallback for log path, --to-file and --no-print flags on nself self-heal --jwt, escalate-to-fail in JWT-ROT-01 doctor check, tighter dir perms (0700), strconv.Atoi for env parsing. 14 new tests covering concurrency, crypto round-trip, dry-run, error paths.
Multi-tenant convention wall — web docs (P98-T08). web/docs/src/content/multi-tenancy/conventions.mdx documents the source_account_id (multi-app) vs tenant_id (Cloud) distinction with a decision tree. Companion to the PERM-RLS-01 doctor check.
AGPL/SSPL warn-gate uniform across 5 repos (P98-T04). Workflows standardized in cli, plugins (license-gate.yml), plugins-pro, admin (license-gate.yml), web. All warn-only through 2026-05-20 triage window, then flips to fail-PR.
Bus-factor D9 deferrals (P98-T05). 9 critical vendor accounts marked DEFERRED to P99 per the D9 escape hatch, awaiting user backup-admin nominations.
Secondary-domain Namecheap verification (P98-T07). clawde.io / clawde.net / claw-de.com confirmed registered at Namecheap (expiry 2027-02-16). Transfer-lock OFF flagged to user as T1-28.
CLI gap catalog T1 mappings (P98-T02). G-001..G-008 in nself-first-cli-gaps.md now have explicit T1 user-decision blocks (T1-23..T1-26).
Changed (Batch 2)
ntask now nSelf-First (P98-T14). The ntask/ reference app no longer uses docker-compose up directly. make up and make down delegate to nself start / nself stop. The D6 "any-stack" exception is superseded.
Compose audit doc reconciled (P98-T01 follow-up). The 130-file ecosystem inventory at .claude/docs/doctrines/nself-first-compose-audit.md had per-category counts corrected.
Security (Batch 2)
claw DNS-rebinding TOCTOU closed (P98-T12 hotfix). The claw browser http.Client now uses a Transport with DialContext that re-validates resolved IPs at dial time, blocking RFC1918, link-local, loopback, and metadata IPs.
Doctor SSRF-01 honesty fix. The check no longer passes vacuously on file-stat alone. It now verifies guard packages reference DialContext and IsBlockedIP-style guard symbols. Three states: PASS, WARN, FAIL.
Secret-scrub runbook published. .claude/docs/operations/secret-scrub-runbook.md documents triage, rotation, and (when authorized) git-history scrub procedures. Cross-references bus-factor and destructive-deny-list rules.
Notes (Batch 2)
02.T11 CRIT-1 (JWT dual-key grace period not implemented in code despite documentation) is escalated to T1-27. User must choose: implement real JWKS dual-key support (defer to v1.1.0) or strip grace-period language from code and docs (XS effort, ship-ready).
02.T12 multi-service SSRF migration captured in .claude/ideas/p99-ssrf-shared-migration.md for v1.1.0.
8 qa/bugs closed by the STORM rigor pass on 2026-04-30: BUG-16dd1758, BUG-52c481a1, Chain-fcc4ef6e, chain-50e9faf5, Chain-48771a51, admin-lockstep-drift, og-package-untracked, trivy-action-kev-cve.
---
Commits since previous release
fix(scripts): replace unsupported gh api -w/--timeout flags in admin-merge.sh (fccd8e68)
feat(P98): CI green rate fixes, doctor checks, JWT rotation, Hasura backup, SDK scaffolding (110498cd)
fix(version): bump .github/VERSION to 1.0.13 (#79) (a336d5ff)
Install
brew install nself-org/nself/nself
# or download a tarball below for your platform
Smart Model Routing
- User-defined rules for automatic model selection
- Route by task type, conversation length, or cost preference
- Fallback chains when primary model is unavailable
- Per-conversation model override
Chat UX Overhaul
- Auto-titling conversations based on content
- Pin important conversations to the top
- Quick links for frequent actions
- WebSocket streaming for real-time responses
- Markdown rendering improvements
PWA with Offline Support
- Full progressive web app capabilities
- Offline access to conversation history
- Background sync when connection returns
- Install prompt on mobile and desktop
30 Community-Inspired Features
Voice input, keyboard shortcuts, conversation search, export to PDF, dark mode improvements, accessibility enhancements, and more.
Upgrade
nself update
# or
brew upgrade nself
Verify: nself version should show v1.0.4.
Notes
Homebrew SHA256 will be updated after the git tag is created
No breaking changes from v1.0.3
All 87 plugins (25 free + 62 Pro) remain compatible
AI Layer
- 5-tier provider routing: Ollama (local) → Gemini free pool → Claude CLI → API keys → max effort
- Claude CLI as a provider (uses Claude Max subscription accounts)
- Smart model usage with workflow store (expensive models build workflows, cheap models execute)
- Gemini auto-provisioning (pool status, key management, account suggestions)
- Per-provider timeouts in fallback chain
- Response cache with provider-aware keys and bypass flag
Email Pipeline (Mux)
- Gmail push reliability: X-Internal-Token on all plugin-to-plugin calls
- /mux/diagnostics endpoint with per-account watch status and message flow metrics
- Activity watchdog with Telegram alerting on silent failures
- AI smart rules: suggestion engine, natural language rule generation, auto-compilation from AI to regex
- mark_read/discard actions now actually call Gmail API (were no-ops)
- Top-level regex condition in rules engine
- DLQ auth failure tracking with degraded account detection
Claw Web UI
- Two-zone architecture: Chat Zone (conversations only) + Settings Zone (31 sections)
- CSS variable theme system (light/dark/system that actually works)
- Persistent message, conversation, model, settings, and plugin stores
- Command palette (Cmd+K) with keyboard shortcuts
- Dynamic plugin config forms via JSON Schema
- Multi-plugin API proxy routing (claw, mux, ai, budget, notify)
- 30 fully implemented settings pages
Telegram Bot Parity
- Full ReAct loop with all 19+ tool categories (was simple text completion)
- Streaming responses via progressive message edits
- Shared conversation history with web UI
- /new, /model, /tools, /memory, /diag commands
- File and image intake
- Per-user rate limiting
Code Health
- ~190,000 lines of legacy Rust/TypeScript deleted from 45 plugins
- All 87 plugins build clean (Go + SvelteKit)
- CI workflows for free and paid plugin smoke tests
- Unit tests for JWT, tool dispatch, rate limiting, cache hashing, rule matching
Upgrade
nself update
# or
brew upgrade nself
# or
curl -fsSL https://install.nself.org | bash
Usage: Run DEBUG=true nself build to see generation process
Deployment
This release is ready for production deployment. The installer will now deliver v0.9.9 with all security fixes.
Verification
After deployment, verify security with:
# Check port bindings - ALL should show 127.0.0.1
docker ps --format "table {{.Names}}\t{{.Ports}}"
Test external access (should FAIL)
curl http://your-domain.com:8080/healthz # Should timeout
curl http://your-domain.com:8001/health # Should timeout
Test nginx proxy access (should WORK)
curl https://api.your-domain.com/healthz # Should work
curl https://custom-service.your-domain.com/ # Should work
```
What's Included
✅ All core services (Hasura, Auth, PostgreSQL) bind to localhost (from v0.9.8)
✅ All utility services (MinIO, Redis, etc.) bind to localhost (from v0.9.8)
✅ All monitoring services (Prometheus, Grafana, etc.) bind to localhost (from v0.9.8)
✅ NEW: All custom services (CS_1-CS_10) bind to localhost (v0.9.9)
✅ NEW: Debug logging for .env.computed generation (v0.9.9)
Upgrade Instructions
# Reinstall nself to get v0.9.9
curl -fsSL https://raw.githubusercontent.com/acamarata/nself/main/install.sh | bash
Verify version
nself version # Should show v0.9.9
Rebuild your project
cd /path/to/your/project
nself build
Verify security fix is present
grep "127.0.0.1" docker-compose.yml | wc -l # Should show multiple matches
Restart services
nself restart
```
Full Changelog
Security: Custom services now bind to 127.0.0.1 only
Debug: Added logging for .env.computed generation process
Fix: Improved error handling for computed environment variables
Impact:
- ✅ Works on macOS Bash 3.2 (default installation)
- ✅ Works on all Linux distributions
- ✅ Works in WSL environments
- ✅ Works in restrictive/embedded environments
Verification:
``bash
# No Bash 4+ features found
grep -r "declare -A" src/lib/ # Returns nothing
grep -r '\${[^}]*,,}' src/lib/ # Returns nothing
grep -r '\${[^}]*\^\^}' src/lib/ # Returns nothing
---
📝 Help Contract Implementation
Universal Help Bypass Pattern
New Feature: Every CLI command implements help bypass
Contract Rules:
1. ✅ --help or -h exits with code 0 (success)
2. ✅ Help executes BEFORE environment/Docker checks
3. ✅ No side effects (no Docker operations, no .env requirements)
4. ✅ Consistent output schema across all commands
Implementation:
``bash
# Applied to 18+ CLI scripts
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
# Help is read-only - bypass init/env guards
for _arg in "$@"; do
if [[ "$_arg" == "--help" ]] || [[ "$_arg" == "-h" ]]; then
show_<command>_help
exit 0
fi
done
pre_command "<command>" || exit $?
# ... normal execution
fi
P0-008: Fixed run-all-tests.sh false-green behavior
- Issue: 5 bugs causing tests to pass when they should fail
- Bugs Fixed:
1. Missing set -e caused continued execution after failures
2. Incorrect exit code propagation
3. Test count mismatch logic errors
4. Improper error aggregation
5. Silent failures in test harness
P0-009: Rewrote v1 command structure test
- Issue: Test still checked for 79 commands (pre-consolidation)
- Fix: Updated to verify 31 top-level commands (v1.0 structure)
PostgreSQL, Hasura, GraphQL API ✅
- Database system complete
- Hasura GraphQL engine integrated
- Remote schema support working
- Migration system (nself db) functional
Authentication System ✅
- nHost authentication service operational
- JWT token handling working
- Multi-provider OAuth (Google, GitHub, etc.)
- MFA/2FA capabilities available
Custom Services System ✅
- 209 service templates verified across 17 languages:
- JavaScript/TypeScript: 19 templates (Express, Fastify, Nest, Hono, Socket.io)
- Python: 12 templates (FastAPI, Django, Flask, Tornado)
- Go: 6 templates
- Rust, C++, C#, Java, Kotlin, PHP, Ruby, Swift, Elixir, Lua, Zig
- Template scaffolding system working
- CS_1 through CS_10 custom service slots functional
- Docker compose generation working
- Environment variable injection working
Plugin System ✅
- Plugin CLI commands functional (nself plugin)
- Plugin registry and installation working
- Official plugins verified: Stripe, Shopify, GitHub
- Plugin SDK available for custom plugins
Multi-App / Frontend Apps ✅
- FRONTEND_APP_1 through FRONTEND_APP_10 support verified
- External app routing working (localhost:3000 → app1.domain)
- Framework detection functional
- Environment-specific routes configured
- Build system integration complete
Nginx Reverse Proxy ✅
- SSL/TLS support configured
- Auto-generated route configuration working
- Security headers (CSP, HSTS, etc.) applied
- Gzip compression enabled
- WebSocket support functional
Benefits:
- Consistent test interface for CI/CD
- Delegates to run-all-tests.sh with all arguments
- Provides help output with -h or --help
- Works across all platforms
Monorepo Support
P1-015: Added monorepo detection and support
Implementation:
- monorepo_check() function in src/lib/build/core.sh
- Detects monorepo structure
- Provides appropriate warnings
- Handles build path resolution
Frontend Directory Support
P1-016: FRONTEND_DIR environment variable support
Usage:
```bash
# In .env file
FRONTEND_DIR=frontend/app1
Or in monorepo
FRONTEND_DIR=apps/frontend
```
Impact:
- Build system aware of custom frontend paths
- Proper routing configuration
- Works with monorepo structures
---
🔄 Improvements
Enhanced CLI Output
All CLI commands now use standardized output:
- Consistent color coding (green for success, red for error)
- Proper icons (✓, ✗, ⚠, ℹ)
- Structured output format
- Platform-compatible (no emoji by default)
Manual
nself update # If installed via install script
```
⚠️ Breaking Changes: None. This is a backward-compatible release.
Migration Notes:
- All Bash 4+ features removed - may affect custom scripts using nself libraries
- Help contract now enforced - --help always exits 0
- CI workflows now fail-closed - may expose previously hidden issues
---
📋 What's Deferred (Non-Blocking)
The following items were deferred to v0.9.9 as they are quality improvements, not blockers:
Documentation Cleanup (v0.9.9)
- Fix 588 broken documentation links
- Remove 1,751 .md extensions for wiki compatibility
- Clean up 40 TODO/FIXME markers
- Normalize historical command-truth claims
Enhancement Features (v0.9.9)
- P1-019: Configurable dev-auth test users
- P1-020: Schema validation workflow in CI
- P1-017/018: Enhanced port conflict diagnostics
- P1-021/022: Help output schema formalization
- P2-002-011: Various quality improvements
Impact: None of these block production use or affect core functionality.
---
🎯 What's Next (v0.9.9 Roadmap)
Planned Improvements
1. Documentation Quality
- Fix all 588 broken links
- Wiki format corrections (remove .md extensions)
- Clean up TODO markers
Major Fix: Resolved all tenant isolation test failures
Issues Fixed:
1. Auto-create owner as tenant member (trigger-based)
2. SECURITY DEFINER for RLS bypass
3. Fixed db_query_raw psql output (added -q flag)
4. Correct JSONB value extraction in tests
Commits:
- 901907e - Auto-create owner as tenant member trigger
- c5e3871 - Update tests to verify trigger behavior
- 7ac4c1f - Make trigger SECURITY DEFINER to bypass RLS
- b0af0e0 - Add -q flag to suppress psql command tags
- 5184aa5 - Correct JSONB value extraction
Test Results:
``
✅ Test 1.1: Create Tenant A
✅ Test 1.2: Create Tenant B
✅ Test 1.3: Verify user A auto-added as member
✅ Test 1.4: Verify user B auto-added as member
✅ Test 1.5: Create tenant-specific settings
✅ Test 1.6: Verify RLS - Tenant A isolation
✅ Test 1.7: Verify RLS - Tenant B isolation
Manual
nself update # If installed via install script
```
⚠️ Breaking Changes: None. This is a backward-compatible release.
Migration Notes:
- Tenant isolation tests now use hardcoded UUIDs instead of auth.users
- db_query_raw now includes -q flag (may affect custom scripts)
- New trigger auto-creates owner as member (no manual insertion needed)
---
📊 Statistics
Code Changes
Commits: 12 since v0.9.6
Files Changed: 85+
Lines Added: ~15,000
Lines Removed: ~500
New Files: 25+
Test Coverage
Unit Tests: All passing
Integration Tests: All passing (including tenant isolation)
4. Deployment Enhancements
- One-click cloud deployments
- Infrastructure as Code templates
- Enhanced rollback support
Feedback Welcome
We received comprehensive feedback from the nself-chat team (34 migrations, 9-step wizard). Key priorities from that feedback:
- Working installer at install.nself.org ✅ (v0.9.7)
- Core commands functional ✅ (v0.9.7)
- Production deployment examples (planned v0.9.8)
- Community channels (coming soon)
See: FEEDBACK.md for full details
---
🙏 Acknowledgments
Special thanks to:
- nself-chat team for comprehensive feedback
- Security contributors for vulnerability reports
- CI/CD maintainers for workflow improvements
- Community beta testers
---
📝 Full Changelog
See: [CHANGELOG.md](../CHANGELOG.md) for complete version history
v0.9.7 Commits
5184aa5 fix: correct JSONB value extraction in tenant settings tests
b0af0e0 fix: add -q flag to db_query_raw to suppress psql command tags
7ac4c1f fix: make trigger function SECURITY DEFINER to bypass RLS
c5e3871 fix: update tests to verify trigger auto-creates owner as member
901907e fix: auto-create owner as tenant member to resolve RLS chicken-and-egg issue
539d4c4 fix: resolve CI/CD failures for v0.9.6
e4fb32a release: v0.9.6 - Command Consolidation Complete
f504ea6 docs: add v1.0 command tree and migration guide
4466377 refactor: modernize help system and standardize CLI output
f7a895f fix: correct grep exclusion pattern in portability check
78a7a7b fix: resolve CI/CD failures for v0.9.6
Developer Tools:
- nself frontend → nself dev frontend
- nself ci → nself dev ci
- nself docs → nself dev docs
- nself whitelabel → nself dev whitelabel
---
🚨 Breaking Changes
NONE. This release maintains 100% backward compatibility. All old commands display deprecation warnings but continue to work.
---
🔧 What's Fixed
Fixed syntax error in stripe.sh billing module
Fixed path resolution errors in perf/backup/dev commands
Fixed infinite loop in infra k8s/helm routing
Fixed service.sh file permissions (644→755)
Fixed missing help output in service/config commands
Fixed MFA module path calculation in auth backup files
---
📚 Documentation
Full Release Notes: [docs/releases/v0.9.6.md](https://github.com/acamarata/nself/blob/main/docs/releases/v0.9.6.md)
This release represents a massive refactoring effort with 179 files changed, 19,003 insertions, and comprehensive QA testing. Thank you to everyone who contributed feedback and testing.
Release Status: Production Ready ✅
Test Pass Rate: 97% (160/165)
Backward Compatibility: 100%
- Send messages to channel subscribers
- Custom event types
- JSON payload support
- Message history and replay
- Event filtering and routing
- Rate limiting per channel
Presence Tracking:
- Track user online/away/offline status
- Per-channel presence
- Global presence tracking
- Presence heartbeat mechanism
- Automatic cleanup of stale presence
- Presence statistics and analytics
bash
# Apply all v0.9.5 migrations
nself db migrate
# Check migration status
nself db migrate status
# Rollback if needed
nself db migrate down
## Breaking Changes
**None.** v0.9.5 is fully backward compatible with v0.9.0.
All new features are optional and additive. Existing deployments continue working without changes.
### Security Fixes
The SQL injection fixes are **non-breaking** - they only change internal query implementation, not the API surface.
## Upgrade Guide
### Upgrading from v0.9.0 to v0.9.5
1. **Update ɳSelf:**
https://github.com/acamarata/nself/issues
## Contributors
Built with continuous autonomous development.
## License
ɳSelf is source-available software. See LICENSE file for details.
---