v1.16.0 — get started onboarding + Hermes deployment

Full Changelog: v1.15.0...v1.16.0

v1.15.0 — security hardening and runtime cleanup

Highlights

• Hardened controller auth so non-public read endpoints require API auth when configured.
• Changed controller startup defaults to safer local-only binding and explicit non-loopback auth requirements.
• Replaced wildcard controller CORS with an allowlist model.
• Removed browser localStorage persistence for API keys.
• Cleared frontend dependency audit issues so npm audit now reports 0 vulnerabilities.
• Removed tracked test-output/ artifacts from the repo tree.

Included commits since v1.14.0

• fix(ui): ensure timer doesn't display negative values
• feat: ship run-state machines and local agent tooling across apps
• cleanup: simplify chat message pipeline and redesign sidebar navigation
• fix(agent): fix browser URL stacked tabs, update curl to follow redirects, and keep spinner during agent tool execution
• fix(security): harden auth, remove leaked artifacts, and close audit alerts

Verification

• Controller typecheck: pass
• Controller tests: pass
• Frontend lint: pass
• Frontend tests: pass
• Frontend build: pass
• Frontend npm audit: pass (0 vulnerabilities)
• Desktop dist + installed app update: pass

Known issues / blockers

• Controller lint remains red from a pre-existing repo-wide backlog unrelated to this patch set.
• Docker staging verification was blocked locally because Docker daemon checks hung in this environment.

v1.14.0 - New chat reliability + sidebar UI polish

What's New

Fixed

• Plan persists after new chat: startNewSession now clears agent plan and files, preventing stale plan data from showing in a fresh chat
• Stream race condition on new chat: Bootstrap effect now snapshots the abort controller to avoid accidentally killing a newly started run during session reset
• Sidebar tab color inconsistency: Removed accent styling from Browser, Computer, and Files tabs so all sidebar tabs use a consistent color scheme

Added

• Run-machine state machine extracted into lib/systems/run-machine for cleaner, testable event handling
• Provider routing config UI and studio API endpoints
• Tool tracker utilities in lib/systems/tools

Changed

• Run event handler refactored to use centralized run-machine pattern
• Daytona sandbox cleanup to resolve agent file 500 errors

v1.11.1 — Mobile plan UI fix

• Mobile: removed the plan chip/toggles that were absolutely positioned and could overlay chat content.\n- Plan remains accessible via Results (Activity tab) and the desktop plan drawer.\n\nVerification:\n- frontend: npm run build\n- frontend: npm run lint

v1.11.0 — Sync controller/frontend + studio pages

What We Did

• Synced the production backend/frontend workspace to match GitHub main, making this repository the single source of truth.
• Audited production-only diffs and kept the repo version where production had drifted.
• Verified builds across the stack (Swift client + controller + frontend).

What's New

• Frontend
  • New/expanded Studio pages: Recipes, Usage, and Logs.
  • Chat refactor and UX upgrades: artifacts viewer, agent files panel (previews + versions), mobile results drawer, toast stack.
  • Configs connection flow improvements and Discover UI improvements.
  • Playwright integration tests added for key flows.
• Controller
  • Agent runtime refactor: SSE streaming, persistence helpers, system prompt builder, and modular tool registries (agentfs/MCP/plan).
  • Usage plumbing with SQLite/Postgres helpers.
  • Download helpers (including Hugging Face utilities) and safer process/runtime utilities.
  • Log retention utilities to prevent unbounded log growth.
• Swift client
  • Chat feature re-org (agent/detail/list/messages/parsing) and new/expanded views for Logs, Recipes, and Usage.

What's Not New

• No new required environment variables. Optional toggles were added (for example: mock inference for UI/E2E testing).
• No intentional breaking changes to the OpenAI-compatible API surface.

Verification

• swift-client: ./setup.sh and xcodebuild ... clean build (iPhone 15 simulator, iOS 18.1)
• controller: bun run typecheck and bun test
• frontend: npm run build and npm run lint

v0.4.1

• Harden proxy SSE parsing and line-level filtering\n- Return non-OK LiteLLM errors directly instead of streaming invalid SSE\n- Send proper SSE headers for streaming responses

v0.4.0 - Repository Automation

🎉 Repository Automation Release

This release brings comprehensive automation to significantly improve development workflow and agent readiness score.

🔒 Branch Protection

• Configured strict branch protection for main branch
• Requires 1 approval and all CI checks to pass
• Blocks force pushes and deletions

🤖 Dependency Automation

• Dependabot configured for weekly updates
• Covers npm (controller, cli, frontend), pip (python), and GitHub Actions

🛡️ Security & Quality

• TruffleHog secret scanning
• CodeQL static analysis
• Dependency review for vulnerabilities
• CodeRabbit AI for automated PR reviews

📊 CI/CD & Metrics

• CI metrics tracking workflow
• Deployment automation
• Enhanced PR template with security section

🏷️ Issue Management

• Comprehensive label schema created
• Label sync workflow configured

Impact

Improves agent readiness from Level 3 to Level 4 by enabling branch protection, dependency automation, security scanning, and automated PR reviews.

---

Full changelog: https://github.com/0xSero/vllm-studio/blob/main/CHANGELOG.md

v1.0.0

1.0.0 (2026-01-01)

🚀 Features

• add landing page, sponsorship, and release automation (b206ddd)