v0.14.0

Features

• SSH key management from the CLI: register/list/remove keys under your account and use them by default on instance create.
• Delegated SSH key management: --on-behalf-of on account ssh-key add/remove.
• instance create --ssh-key resolves against both owner and signer keys (signer wins on conflict).
• instance ssh: -4/-6 to select the IP family.
• Credit history filters and a spend summary.

What's Changed

• feat(cli): credit history filters and spend summary by @odesenfans in #272
• feat(instance): add -4/-6 IP family selection to instance ssh by @odesenfans in #273
• feat(account): manage SSH keys and use them by default on instance create by @odesenfans in #274
• feat(account): support --on-behalf-of on ssh-key add/remove by @odesenfans in #275
• feat(instance): --ssh-key resolves against owner+signer keys (signer wins) by @odesenfans in #276

Full Changelog: v0.13.2...v0.14.0

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.13.2

Features

• Support for aleph instance reinstall.

What's Changed

• feat(instance): add instance reinstall command by @odesenfans in #270

Full Changelog: v0.13.1...v0.13.2

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.13.1

Features

• aleph account set to update an account's chain and name (#267) - a generic aleph account set [ACCOUNT] [--chain <CHAIN>] [--name <NAME>] command for editing an existing account in place. Previously the chain was fixed at import time, which bit users whose accounts were migrated from the Python CLI on a non-ETH chain (e.g. BASE), breaking confidential-VM operations.

  aleph account set --chain BASE --name my-account
  

  --chain is restricted to the same signature family (EVM<->EVM, SVM<->SVM) since the address is invariant within a family. --name safely stages the key under the new name before committing, so a failure never loses secret material. The account argument defaults to the active account.

Fixes

• Confidential VMs work on non-ETH EVM accounts (#266) - the ephemeral-key auth embedded the account's concrete chain (e.g. BASE) in the X-SignedPubKey payload, which the CRN rejects as an opaque HTTP 400 Invalid X-SignedPubKey data, breaking init-session/start for any account imported on a non-ETH EVM chain. EVM chains are now normalized to ETH (SVM to SOL), mirroring aleph-sdk-python. This is the fix that pairs with account set above.
• instance show --verbose shows the real address (#269) - now displays the VM's IPv6 and hides its private IPv4, which was useless to users.

Internal

• Extract CID computation into a standalone, independently released aleph-cid crate (#260), with PyO3 bindings published to PyPI as aleph-cid (#263).
• Cut release CI wall-clock time (#265).

What's Changed

• Extract CID computation into a standalone, independently released aleph-cid crate by @odesenfans in #260
• feat: aleph-cid-python, PyO3 bindings published to PyPI as aleph-cid by @odesenfans in #263
• ci(release): cut release CI wall-clock time by @odesenfans in #265
• fix(crn): normalize EVM chains to ETH in confidential-VM auth by @odesenfans in #266
• feat(account): add account set to update an account's chain and name by @odesenfans in #267
• fix(instance): show IPv6/IPv4 in instance show --verbose by @odesenfans in #269

Full Changelog: v0.13.0...v0.13.1

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.13.0

Features

• Password-protected encrypted accounts (keystore V3) (#259) - adds a third account kind, keystore, alongside local (OS keyring) and ledger. EVM chains only. This provides a middle ground solution for users who do not want to rely on the OS keychain without having to use a hardware wallet.

Creating an encrypted account is as easy as:

aleph account create myaccount --encrypted

• aleph token swap --venue ophis (#258) - adds Ophis as a third swap venue (alongside cow and uniswap) on Ethereum mainnet, selling ETH or USDC for ALEPH. Ophis is a partner of Aleph Cloud.

  aleph token swap --sell-token usdc --amount 100 --venue ophis
  

What's Changed

• feat: add Ophis as a token swap venue by @odesenfans in #258
• feat(cli): password-protected encrypted accounts (keystore V3) by @odesenfans in #259

Full Changelog: v0.12.0...v0.13.0

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

aleph-cid v0.1.0

What's Changed

• Extract CID computation into a standalone, independently released aleph-cid crate by @odesenfans in #260

Full Changelog: v0.13.0...aleph-cid-v0.1.0

---

📦 Published to crates.io: aleph-cid v0.1.0

---

📦 Published to crates.io: aleph-cid v0.1.0
🐍 Published to PyPI: aleph-cid 0.1.0

v0.12.0

Features

• aleph token swap --venue uniswap (#250) - Uniswap V3 (Ethereum mainnet, via SwapRouter02) is now a second swap venue, selectable with --venue uniswap; CoW Swap stays the default. Useful as a fallback when thin-pair CoW orders expire unfilled, since Uniswap executes immediately at the pool price. Quoting is pure on-chain through QuoterV2 (no API key), routes target where ALEPH liquidity actually sits, and slippage is enforced on-chain via amountOutMinimum.

  aleph token swap --sell-token eth --amount 0.5 --venue uniswap
  

• Manual aggregate editing (#252) - closes the gap with the Python aleph-client:

  • aggregate create is now create-only (refuses an existing key, pointing you to edit) and accepts any valid JSON, not just objects.
  • aggregate edit --key K updates an existing key three ways: targeted subkey (--subkey S --content C, with --content null to delete), whole-content (diffs and nulls removed subkeys), or interactive ($VISUAL/$EDITOR/vi).
  • aggregate unset --key K --subkey s1,s2 soft-deletes subkeys in bulk via merge-null.
  • All three guard the protected security aggregate and honor --on-behalf-of, --dry-run, --json, --channel, and -y.

• aleph program update (#257) - update a deployed program's code in place: validates ownership (against owner(), so delegated programs work) and allow_amend, hashes the new archive, and submits a STORE amending the previous code hash (the program item hash is unchanged). Pre-flight errors on an encoding mismatch with the existing program. Supports --on-behalf-of, matching create.

Changes

• aleph instance confidential create renamed to launch (#254) - the command never created the instance (the VM must already exist via instance create --confidential); it orchestrates bring-up of an existing confidential VM (allocate, init session, poll for measurement, validate and inject the disk secret). create is retained as a hidden alias, so existing scripts keep working.

Fixes

• Clean shell prompt after Ctrl+C (#251) - interrupting a command like aleph instance logs now dies by re-raised SIGINT instead of exit(130), so bash redraws its prompt at column 0 instead of garbling the next typed line.
• TLS certificate-validation advisories patched + cargo-audit CI (#253) - bumps rustls-webpki and aws-lc-sys to clear six RUSTSEC advisories (name-constraint/CRL bypasses and a reachable panic) on the HTTPS cert-validation path used by every CCN, CRN, CoW, and RPC call. Adds a cargo audit CI workflow (on Cargo.toml/Cargo.lock changes plus a weekly cron) so future advisories surface automatically.

Documentation

• Refreshed --image/--runtime help (#255) - instance create help now points at the vm-images aggregate with examples instead of a hardcoded preset list, switches examples to ubuntu26, and fixes the runtime slug example to python3.12.

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.11.1

Highlights

Buy ALEPH with ETH or USDC (aleph token swap)

An in-CLI on-ramp via CoW Swap: sell native ETH or USDC for ALEPH, leaving the ALEPH in your wallet, so credit buy no longer requires acquiring ALEPH elsewhere first.

• aleph token swap --sell-token eth|usdc --amount N [--slippage 0.5] [--receiver ADDR] [--valid-for SECS] [--dry-run]: quote -> confirm -> submit, then prints the order UID (USDC) or tx hash (ETH) with a CoW Explorer link. --dry-run stops after the quote.
• New aleph_sdk::swap module behind the swap cargo feature: orderbook REST client, GPv2 EIP-712 order signing (typehash and appData hash pinned in tests), and the native-ETH path through the on-chain CoWSwapEthFlow.createOrder contract.
• Mainnet and EVM accounts only in this first version (Ledger and Solana are rejected with clear messages).

Scheduler v0.1.1 alignment

Takes advantage of the aleph-vm-scheduler v0.1.1 API:

• aleph instance list now enriches VMs you sent but do not own (permission-delegation) with a single bulk sender-filtered call instead of one request per VM.
• The VM listing moved from the deprecated owners query parameter to owner.
• --crn on instance lifecycle commands accepts a unique node hash prefix or suffix, so the shorthand node IDs printed by aleph instance list (hash suffixes) can be passed directly.

Quality of life

• aleph instance ssh accepts -i as the conventional short form of --identity.

What's Changed

• feat(cli): accept a node hash prefix or suffix in --crn by @odesenfans in #244
• feat(cli): accept -i as short form of instance ssh --identity by @odesenfans in #245
• feat(cli): enrich sender-only instances with one bulk scheduler call by @odesenfans in #246
• fix(sdk): query the scheduler with owner instead of deprecated owners by @odesenfans in #247
• feat: aleph token swap - buy ALEPH with ETH or USDC via CoW Swap by @odesenfans in #248

Full Changelog: v0.11.0...v0.11.1

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.11.0

Highlights

Confidential VMs (aleph instance confidential)

Full confidential (AMD SEV) VM lifecycle support, in both the SDK and the CLI:

• New subcommands: aleph instance confidential init-session, start, and create (all-in-one), with hash-prefix addressing like the other instance commands.
• New aleph_sdk::confidential module implementing the SEV-ES launch crypto: HMAC-SHA256 measurement validation (AMD SEV API 6.5.2) and AES-128-CTR secret injection, byte-locked against the aleph-sdk-python fixtures.
• Stronger than the Python CLI: the platform certificate chain is verified with sevctl verify before session keys are derived (no --insecure bypass), and measurement comparison is constant-time.

GPU instances, end to end

• aleph instance create --gpu <model> now sizes the VM from the GPU tier's pricing-aggregate minimum; --size, --vcpus, or --memory can raise it above the minimum, and --disk-size defaults to the tier disk.
• The interactive flow (-i) gained a GPU prompt listing each available model with VRAM and tier.
• --list-gpus output now explains the per-tier compute-unit definition and points to the create command; sizing errors that match a GPU tier hint at --gpu.

Buy credits with native ETH

aleph credit buy --token eth pays by a plain value transfer to the credit contract; ALEPH and USDC keep their ERC20 path.

Quality of life

• aleph file upload and aleph program create/update now show a byte-progress bar during uploads (suppressed under --json).
• The interactive instance create flow can now let the scheduler pick a node automatically (the new default) instead of forcing a specific CRN.
• New --crn flag accepts either a node hash or a URL on instance lifecycle commands (--crn-url remains as a hidden alias).
• Lifecycle commands (start, stop, logs, ...) now resolve the CRN automatically for scheduled VMs; --crn-url is no longer required there.
• CRN allocation failures (e.g. 503 "Insufficient capacity") now surface the CRN's actual error message instead of an opaque serde failure.

Breaking changes (aleph-sdk)

• CreditToken::token_address() now returns Option<Address> (native ETH has no token contract). Callers must handle None.
• CreditToken gained the Eth variant; exhaustive matches on it need a new arm.

What's Changed

• feat(sdk+cli): aleph instance confidential by @odesenfans in #229
• feat: show progress bar during file uploads to the CCN by @odesenfans in #230
• docs(cli): replace "tombstone" with plain deletion wording by @odesenfans in #231
• test(sdk): gate authorization heph tests behind account-evm by @odesenfans in #232
• feat(cli): allow scheduler-chosen node in interactive instance create by @odesenfans in #233
• feat(cli): guide users from --list-gpus to the create command by @odesenfans in #234
• feat(cli): add GPU selection to interactive instance create by @odesenfans in #235
• feat(cli): size GPU instances from the pricing aggregate minimum by @odesenfans in #236
• fix(cli): point GPU --size errors at the right namespace by @odesenfans in #237
• feat(cli): buy credits with native ETH by @odesenfans in #238
• fix(sdk): surface CRN allocation errors instead of a serde failure by @odesenfans in #239
• fix(cli): resolve CRN for scheduled VMs without --crn-url by @odesenfans in #240
• feat(cli): accept a node hash or URL via --crn by @odesenfans in #241
• test(cli): retry sevctl tests on ETXTBSY by @odesenfans in #242

Full Changelog: v0.10.3...v0.11.0

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.10.3

What's Changed

• feat(sdk+cli): aleph instance port-forwarder by @odesenfans in #212
• feat(cli+sdk): aleph instance backup (create/info/download/delete/restore) by @odesenfans in #221
• feat(cli): add --payment-type to aleph file pin by @odesenfans in #224
• fix(cli): verify Ledger device address before signing by @odesenfans in #223
• feat(cli): add 'aleph message retry' for rejected messages by @odesenfans in #226
• fix(cli): map Ledger APDU retcodes to typed errors by @odesenfans in #225
• feat(cli): add aleph instance show command by @odesenfans in #222
• feat(cli): resolve rootfs, firmware, and program runtime via vm-images aggregate by @odesenfans in #195
• fix(types): make key-zeroize guarantee explicit and self-checking by @odesenfans in #227

Full Changelog: v0.10.2...v0.10.3

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli

v0.10.2

Bug fixes.

What's Changed

• fix(cli): accept hash prefixes in aleph instance delete by @odesenfans in #218
• fix: tolerate missing/null fields in domains aggregate by @odesenfans in #219

Full Changelog: v0.10.1...v0.10.2

---

✅ Published to crates.io

• aleph-types
• aleph-sdk
• aleph-cli