github builderz-labs/mission-control v2.2.0
v2.2.0 — Security Hardening & Workspace Isolation

10 hours ago

This release strengthens Mission Control's self-hosted security boundary, adds native workspace isolation foundations, and modernizes the frontend and release toolchain.

Added

  • Opt-in sandbox flags for host CLI dispatch (#766, closes #720): validated allowedTools, clamped budget limits, and workspace-scoped working directories.
  • Native workspace brand and isolation fields with migration 052 and validated shared | strict isolation modes (#767, refs #677).
  • Strict workspace enforcement across routes, dispatch, schedulers, events, audit records, agent identity, gateway registries, filesystem access, and host administration (#804 through #823).
  • Standalone artifact-boundary verification, immutable GitHub Actions pin checks, and property-based security fuzzing (#783, #788, #873, #885).

Security

  • Workspace isolation now fails closed for ambiguous or unowned resources.
  • Hardened privileged runtime, CLI, TUI, MCP, installer, gateway, operator, filesystem, and configuration boundaries (#784, #790 through #799, #828 through #835, #866 through #884, #886 through #889).
  • Added descriptor-based filesystem operations, atomic writes, randomized build scratch paths, stronger path confinement, resource bounds, HTML sanitization, cryptographic event identifiers, adapter-key isolation, and workspace-scoped MCP receipts.
  • Replaced deployment shell sourcing with a strict environment-file data parser and added regression coverage for the security audit command (#886, #888).
  • Pinned workflow actions to reviewed commit SHAs and enforced standalone runtime-data and secret boundaries.
  • Dependency audit reports no known high-severity vulnerabilities at release time.

Changed

  • Migrated to Tailwind CSS v4 with CSS theme tokens and verified all 11 themes (#768).
  • Hardened OSS contribution intake with structured issue forms and focused provenance, risk, and evidence requirements (#803, #814, #816, #824).
  • Corrected model pricing semantics and billing estimates, including Kimi K2.5 and MiniMax M2.1 output rates (#769, supersedes #751).

Fixed

  • Restored websocket reconnection after transient disconnects (#832).
  • Aligned authentication diagnostics and security reports with encoded-password deployments (#887).
  • Restored the Docker release build context for the strict environment loader (#889).
  • Aligned the standalone MCP server's advertised version with Mission Control 2.2.0 (#891).

Upgrade notes

  • Run database migrations before enabling strict workspace isolation in an existing multi-workspace deployment.
  • Review MC_WORKSPACE_ROOT, trusted proxy settings, gateway credentials, and host-runtime permissions after upgrading.
  • Tailwind CSS v4 replaces the previous JavaScript configuration; downstream custom themes should migrate extensions to CSS theme tokens.
  • Workspace classification and isolation metadata do not grant execution authority; the approval policy engine remains deferred.

Full changelog: v2.1.0...v2.2.0

Don't miss a new mission-control release

NewReleases is sending notifications on new releases.