This release strengthens Mission Control's self-hosted security boundary, adds native workspace isolation foundations, and modernizes the frontend and release toolchain.
Added
- Opt-in sandbox flags for host CLI dispatch (#766, closes #720): validated
allowedTools, clamped budget limits, and workspace-scoped working directories. - Native workspace
brandandisolationfields with migration052and validatedshared | strictisolation modes (#767, refs #677). - Strict workspace enforcement across routes, dispatch, schedulers, events, audit records, agent identity, gateway registries, filesystem access, and host administration (#804 through #823).
- Standalone artifact-boundary verification, immutable GitHub Actions pin checks, and property-based security fuzzing (#783, #788, #873, #885).
Security
- Workspace isolation now fails closed for ambiguous or unowned resources.
- Hardened privileged runtime, CLI, TUI, MCP, installer, gateway, operator, filesystem, and configuration boundaries (#784, #790 through #799, #828 through #835, #866 through #884, #886 through #889).
- Added descriptor-based filesystem operations, atomic writes, randomized build scratch paths, stronger path confinement, resource bounds, HTML sanitization, cryptographic event identifiers, adapter-key isolation, and workspace-scoped MCP receipts.
- Replaced deployment shell sourcing with a strict environment-file data parser and added regression coverage for the security audit command (#886, #888).
- Pinned workflow actions to reviewed commit SHAs and enforced standalone runtime-data and secret boundaries.
- Dependency audit reports no known high-severity vulnerabilities at release time.
Changed
- Migrated to Tailwind CSS v4 with CSS theme tokens and verified all 11 themes (#768).
- Hardened OSS contribution intake with structured issue forms and focused provenance, risk, and evidence requirements (#803, #814, #816, #824).
- Corrected model pricing semantics and billing estimates, including Kimi K2.5 and MiniMax M2.1 output rates (#769, supersedes #751).
Fixed
- Restored websocket reconnection after transient disconnects (#832).
- Aligned authentication diagnostics and security reports with encoded-password deployments (#887).
- Restored the Docker release build context for the strict environment loader (#889).
- Aligned the standalone MCP server's advertised version with Mission Control 2.2.0 (#891).
Upgrade notes
- Run database migrations before enabling strict workspace isolation in an existing multi-workspace deployment.
- Review
MC_WORKSPACE_ROOT, trusted proxy settings, gateway credentials, and host-runtime permissions after upgrading. - Tailwind CSS v4 replaces the previous JavaScript configuration; downstream custom themes should migrate extensions to CSS theme tokens.
- Workspace classification and isolation metadata do not grant execution authority; the approval policy engine remains deferred.
Full changelog: v2.1.0...v2.2.0