v0.1.0

Summary

hypeman 0.1.0 ships a faster, more observable runtime for snapshot-heavy workloads.

faster forks and restores

• UFFD snapshot paging for initial fork restores
• improved Firecracker fork concurrency
• parallelized and optimized restore network setup
• faster standby through diff snapshot reuse and reflink cloning

stronger lifecycle management

• instance health checks and restart policies
• auto-standby, scheduled snapshots, and retention cleanup
• idempotent lifecycle transitions
• waitForState for blocking state changes

better production visibility

• always-on metrics
• per-phase instance timings
• restore network telemetry
• lifecycle, hypervisor, and guest exec tracing
• disk, capacity, latency, and age metrics

cleaner networking and resource control

• burst-proof admission control
• active memory reclaim
• bandwidth reservation fixes
• TAP cleanup and tc class collision fixes
• optional egress MITM proxy support

platform updates

• Cloud Hypervisor v51.1 support
• image-label kernel selection
• auto-pull images on instance create
• OCI cache garbage collection
• scoped API key permissions and tags

overall: faster restores, fewer lifecycle edge cases, and much better visibility into what hypeman is doing in production.

Changelog

• acc8ac4 Use UFFD only for initial snapshot fork restores (#270)
• 2211346 Improve Firecracker fork concurrency (#263)
• 6458cf3 Add UFFD snapshot pager (#262)
• 43d1210 Remove mailbox for now (#268)
• 6da67d7 Add mailbox resume network handoff (#260)
• fcb0faf Parallelize fork network setup (#266)
• 51ccad4 Add restore network telemetry (#265)
• 83d97f8 Optimize restore network setup (#264)
• 97416d8 Instrument guest exec steps (#246)
• 34e1032 Count shared snapshot extents separately (#244)
• 44a6da4 Fix warm fork guest MAC reconfiguration (#245)
• aa65a64 Speed up guest-agent exec readiness retries (#242)
• fa9e5c3 Avoid serial console readiness dependency for systemd guests (#243)
• 9672690 Bump Cloud Hypervisor default to v51.1 (#241)
• 2b58e51 Preserve snapshot fork restore paths (#239)
• 58b9a9f Decouple bandwidth reservations from oversubscription (#238)
• 4acbfdc Add instance restart policy (#233)
• 9db1f75 Add instance health checks (#234)
• 8eeeeff Revert "Introduce "template" as a VM state (#229)" (#231)
• c2d7bbd Add AWS deployment assets (#230)
• a3274ed Add cloud-hypervisor v51.1 with backwards-compatible version flag (CVE-2026-27211) (#200)
• 2e62fdb Introduce "template" as a VM state (#229)
• 6ebfa03 forkvm: clone fork files via FICLONE reflink with sparse-copy fallback (#212)
• 23e332a Track per-phase duration on each instance (#223)
• 0c9574c Cache hypervisor state and bound /vm.info calls in list path (#225)
• 23578ce Return 404 on restore when instance not found (#224)
• 87e791a Bump image manifest resolve timeout to 5s (#226)
• 8524169 network: periodic TAP reaper and stop/create release fallbacks (#222)
• a1b7f3b cloudhypervisor: route serial through a hypeman-owned unix socket (#210)
• d32a762 qemu: open serial log with O_APPEND via chardev (#209)
• 16710cd Add mark-and-sweep GC for shared OCI cache (#199)
• b494c87 Add tracer spans inside list path so slow ps calls are visible (#208)
• 1a0284b Stabilize Hypeman network lifecycle tests (#206)
• 1ca5e52 Speed up instance name resolution (#203)
• e23740e Make lifecycle no-op transitions idempotent (#205)
• 62ab3c8 Fix snapshot disk utilization classification for Firecracker (#198)
• 968c7aa Add standby compression start delay (#184)
• c025ab2 Add heartbeats to StreamBuildEvents wait-for-log-file loop (#176)
• 623d118 Add failure diagnostics for cloud-hypervisor startup (#195)
• 2c5790d Fix qemu startup cleanup (#197)
• 0c34825 Retry instance directory deletion on ENOTEMPTY (#191)
• 4dc8607 Forward CI env into Linux sudo test runs (#190)
• 9f6b171 Auto-standby (#183)
• 76a8772 Add burst-proof admission control and fast resource accounting (#187)
• ce389be Consolidate instance lifecycle subscriptions (#189)
• 36a62ee Remove unused local Grafana dashboard infrastructure (#188)
• ae94713 feat: select guest kernel from image label (#181)
• 3258e81 fix: saveClassID error and clear stale classid files (#180)
• ea5e61e Fix tc class collision with retry and class ID persistence (#179)
• abe56f0 Update default kernel for in-VM Docker networking (#177)
• ddd8e85 Handle recovered image unpack panics (#175)
• a05ff49 Allow regular user JWTs on registry endpoints. (#174)
• cc53c42 Use OIDC for Stainless npm publishing (#173)
• 3381417 Include Stainless config in merged PR sync (#172)
• bc52a28 Fix Stainless TypeScript production repo target
• 8321f96 Optional automatic image cleanup (#171)
• 4748a40 Add waitForState endpoint for blocking state transitions (#167)
• ba1ec42 Add actual disk utilization metric by component (#170)
• 568ae32 Add shared duration histogram buckets (#169)
• 66259ff Add running latency metric and compression labels (#168)
• 5a92174 Add oldest instance age metric by state (#165)
• 0414092 Reduce tracing volume for read-heavy paths (#164)
• 4a24278 Add lifecycle and hypervisor tracing spans (#163)
• dce3318 Add resource capacity monitoring metrics (#162)
• e40c5c6 Add scheduled instance snapshots with retention cleanup (#139)
• 23ebbed fix: image surfaces and dry-run reclaim semantics (#161)
• e43d9a2 Add optional snapshot compression defaults and standby integration (#149)
• 75c3289 feat: add active ballooning reclaim controller (#160)
• 4215cf1 feat: support updating egress proxy secret envs for key rotation (#158)
• f985341 Optional VM egress MITM proxy with mock-secret header rewriting (#134)
• 0cee62d Add scoped permissions for API keys (#148)
• 4f29634 Auto-pull images on instance creation (#147)
• 6d85d59 perf: speed up firecracker standby with diff snapshot reuse (#146)
• c95fad2 feat: default-disabled guest memory reclaim (#129)
• 3ee0c14 Add Initializing state and optimize speed to init (#136)
• 2e16427 Enable hypeman to run inside of hypeman (#141)
• 27492b9 Add always-on /metrics endpoint with dual pull/push telemetry (#138)
• 22703a2 Rename tag fields from metadata to tags (#140)
• 2b1ed88 Tags (#127)
• 5ba2d25 Snapshot (#125)
• 95f54e2 Enforce sparse-only guest directory copy (#123)

v0.0.7

Changelog

• 561e34f Add standby / restore + fork support for Mac vz hypervisor (#115)
• e57e856 Fork VM (#114)
• 50f4539 Don't break docker networking (#104)
• f8f791b feat: add Firecracker hypervisor support (#112)
• 416706e fix: delete orphaned digest directories when last tag is removed (#111)
• e9afa23 Pin oapi generator version (#113)
• 08958b8 Delete should also attempt graceful stop before hard kill (#109)
• 6d9e538 Fix orphaned mdev cleanup on startup (#110)
• 3ae1b0b feat: wire up memory_mb and cpus in builds API (#108)
• 6a66bca regenerate oapi spec (#107)
• 4fadfde Disable default hotplug memory allocation (#106)
• 46d281b feat: channel-based image notifications + erofs default (#105)
• eb40457 feat: add metadata and state filtering to GET /instances (#103)

v0.0.6

Changelog

• 2465caa fix: remove hard-coded CLI branch from e2e install test
• 0a8b795 feat: migrate config system from dotenv to koanf/YAML (#102)
• eeb78cf Add image_name parameter to builds (#96)
• 1c69f41 feat: add macOS VM support via Apple Virtualization.framework (#90)
• 564c4f7 Better stop behavior, support override entrypoint (#99)
• bca7c57 revert: remove in-VM erofs creation, use host-side umoci extraction (#98)
• 5bba7bb Add metadata field to instances for user-defined key-value pairs (#97)
• 8f3e617 perf: switch app rootfs from ext4 to erofs with LZ4 compression (#94)
• aadafb9 feat: pre-cache base images and serve via BuildKit mirror (#91)
• 0d8b876 Remove CLI section from stainless.yaml (#93)
• 0e769f2 perf(builds): native overlayfs snapshotter + zstd compression (#92)
• 5c29ba8 refactor: cross-platform foundation for macOS support (#89)
• f21c072 fix: add image-manifest=true to BuildKit cache export for ephemeral VMs (#83)
• cbb694a fix: resource limits for starting instances (#81)
• 5735f59 feat(api): add POST /volumes/from-archive endpoint for multipart uploads (#80)
• e61d19f Terminal window resizing (#79)
• f13a410 fix: regenerate oapi.go to include two-tier cache fields (#78)
• a4982bc fix: implement proper Docker registry token auth for BuildKit (#75)
• ba18214 fix: env vars in exec and systemd mode (#76)
• c539d3c feat(builds): implement two-tier build cache with per-repo token scopes (#70)
• 0383db5 feat(builds): expose builder VM instance ID in build response (#69)
• da690d7 Fix image parsing in middleware (#73)
• fc295bd Fix VMs stopping on hypeman update (#72)
• 7ad40bc Fix image name parsing (#71)
• 200e25d feat: add boot time optimizations for faster VM startup (#68)
• 408650d feat(metrics): add per-VM resource utilization metrics (#67)
• 1616beb GPU load balancing (#66)
• e018522 fix(caddy): isolate routes by listen port to prevent wildcard conflicts (#63)
• 81c03b9 fix: wait for image conversion before reporting build ready (KERNEL-863) (#65)
• 57b83c1 Fix stop / start instance with network (#64)
• 9edbbfa fix: build registry auth and Docker image OCI compatibility (#59)
• 2434228 fix(ingress): deduplicate TLS hostnames to allow same hostname on multiple ports (#61)
• ae11c1c fix: prevent HTTPS redirect loop & add API_HOSTNAME config (#60)
• 2cc6cd5 Add to stainless config new API endpoints (#62)

v0.0.5

Changelog

• d0c0bbc Add vGPU support (#52)
• b77bd93 feat: add script to build from source and support binary path with install.sh (#58)

v0.0.4

Changelog

• 157365b fix: increase ext4 filesystem overhead from 20% to 50% (#55)
• d353357 hypeman build (#53)
• 58df3eb Resource accounting (#51)
• a08c2c8 feat: add systemd mode for full VM experience (#50)
• 73750f6 Qemu capabilities (#49)
• 5e522f2 QEMU support (#48)
• e4b8399 feat: add hypeman cp for file copy to/from running VMs (#45)
• 8328365 feat: add arm64/aarch64 multi-arch support (#44)
• 08ac241 publish ts package (#43)
• cb29ca4 Move VMM calls behind an interface (#41)
• 4b0c8f3 gpu passthrough (#17)
• bd634e5 Add Discord link to README (#40)

v0.0.3

Changelog

• 2db3dff Update kernel link (#39)
• 00aa392 Disable cache for Go setup in release workflow
• 61ffb1c Update kernel to include network capabilities (#38)
• 4d86dae Fix Homebrew installation command for hypeman
• 1356047 README updates (#37)

v0.0.2

This is an early preview release—APIs may have breaking changes

Hypeman is a lightweight API server for managing microVMs powered by Cloud Hypervisor.

Changes summary

• Stability fixes for demo-ready Hypeman
• Fetch Hypeman logs, Cloud Hypervisor logs corresponding to your VM
• Automated installation script

Changelog

• c76e9e9 fix: allocate fresh network on start VM (#36)
• a076e43 Operational logs over API: hypeman.log, vmm.log (#34)
• fddc707 Fix hanging on exec for missing command (#33)
• c9c5580 fix: incorrect reporting of Stopped, add better error reporting (#32)
• e398e4f fix: random port selection and cleanup server stop (#31)
• 9d31e90 Installer script (#30)

v0.0.1

🚀 Initial Release

This is an early preview release—APIs may have breaking changes

Hypeman is a lightweight API server for managing microVMs powered by Cloud Hypervisor.

Key Features

• VM images from OCI — Convert Docker images to bootable VMs
• Instance Management — Create, start, stop, and manage microVM instances
• OCI Registry — Built-in Docker registry with docker push support
• Networking — Automatic IP allocation, bridge networking, DNS
• Ingress — HTTP/HTTPS routing to instances with automatic TLS
• Volumes — Persistent storage with multi-attach support
• Exec — Remote command execution in VMs via vsock
• Log Streaming — Real-time VM log access via SSE
• Observability — OpenTelemetry integration for metrics, traces, and logs

Changelog

• 7223bf6 Sort changelog chronologically
• 81544b0 Fix release-prep
• 2a853d2 Support TLS for ingress (#27)
• 71e4964 Setup Github Release automation (#29)
• b815c15 Start and Stop VM (#26)
• 57d7ce7 you get a new name, you get a new name (#25)
• 6ab0c9a Ingress (#24)
• af3dfb0 feat(registry): Add OCI Distribution registry for docker push support (#19)
• c4f95e1 Add observability (#23)
• 2e42f22 Initialize volume with data (#22)
• 045a5b2 Volume multi-attach (#20)
• 207bf1c Fix exec concurrency and rapid open/close issues (#21)
• 32fc530 Volumes (#16)
• 2df5dd5 fix(exec): add vsock timeout and fix init script for Debian images (#18)
• 9e69646 Json encode SSE data (#15)
• 12ce2d5 Log streaming (#14)
• 71fea66 Remove exec from openapi spec (#13)
• bb6c6bb Update stainless config
• 73e0b47 Version bump API spec
• a64fd72 Fix openapi spec (#12)
• db26f38 Network manager (#7)
• f78b592 Add License
• ee8e038 Remote command execution in microVM instances via vsock (#9)
• 3cfa5fd Instance manager (#6)
• 4990e47 Cloud Hypervisor client (#5)
• 1d06a97 gen jwt script (#4)
• 65a64a5 Image manager (#3)
• 98c320d Essential API setup (#2)
• ef6b33d Optional memory compression
• b8c4a70 Handle dyanmic unplug memory
• 2f6a3da Add restore timing information
• 7a4fdd3 Fix standby - fix stopping vm
• b2797a6 Restore should recreate tap device
• 9ba8baf Fix ssh
• 9056086 Fix channel forwarding and premature exit
• 46d6cbe Fix init scripts
• feecd15 Add SSH
• 9f8c390 Fix --disk flag
• c34b48a Generate minimal POC from project plan
• bded0c8 Ignore data dir
• 9f34450 Update binary name from 'ch-root' to 'ch-remote'
• 050aa51 Update README with Cloud Hypervisor setup instructions
• 24f2df3 Fix grammar and clarity issues in README
• 4670278 Add README
• cc7d138 Delete old file
• 9f0989d Update scripts to use chrome socket name
• ee3356b Runs with 2GB memory
• d1162c1 overlay fs setup
• e818e8f Chrome starting, needs de-crufting
• aedf1ba Drop to interactive shell when fails to start
• 89e9c2d Booting works but app not starting, can see logs from wrapper
• 6d4643a Build initrd and get kernel
• e27c877 Update gitignore
• 5108a66 Save basic test scripts