Skip to content

Releases: GlassHaven/Haven

v5.66.2

Choose a tag to compare

@github-actions github-actions released this 01 Jul 01:54

Fixes importing a rootfs from a plain-HTTP LAN mirror (#284).

🌐 Import a custom rootfs from a self-hosted HTTP mirror — importing from an http:// URL on your local network (a home-lab package/rootfs mirror without TLS) failed with "Cleartext HTTP traffic ... not permitted". Android blocks plain HTTP by default, and the declarative allowlist can only name specific domains, not an arbitrary LAN IP. Haven now falls back to a direct download for this one explicit, user-typed URL when that happens — every other network request in the app is unaffected. Verified against a real local HTTP mirror serving a real Alpine rootfs, end to end (download → extract → a working guest shell).

Full Changelog: v5.66.1...v5.66.2

v5.66.1

Choose a tag to compare

@github-actions github-actions released this 01 Jul 01:47

USB-drive connections reopen with a tap, and a CI fix.

🔖 "USB: …" connections reopen with a tap — a USB-drive connection used to go dead as soon as its little Linux VM stopped (eject, phone sleep, app restart), leaving a bookmark that just failed. Tap it again (with the drive still plugged in) and Haven now reboots the VM and reconnects automatically — no need to go back through "Open USB drive…" each time. If the drive isn't plugged in, Haven tells you to plug it back in instead of failing silently.

🔧 Fixed a broken CI check — a set of unit tests hadn't been updated for a recent internal change and were failing to compile, which had started blocking the automated test run on main. Fixed; no user-facing change.

Full Changelog: v5.66.0...v5.66.1

v5.65.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 22:25

A new way to read USB drives the phone can't open, a fuller email tool surface, and a USB/IP fix.

💾 Read USB drives the phone can't open (#287) — plug in a USB flash drive or SSD and open its files, even Linux-formatted (ext4/GPT) or other drives Android can't read itself. Just go to Desktop → Manage → "Open USB drive…" — no setting to enable first; the open is a deliberate, read-only action. Haven hands the drive to a small on-device Linux virtual machine (which does have the kernel drivers a phone lacks), mounts it read-only, and surfaces the files as an ordinary "USB: …" connection — so the normal file browser, a terminal into the drive, and the MCP file tools all work unchanged. Because an un-rooted phone has no hardware virtualisation, the VM is emulated and slow (it's for pulling files off a drive, not a daily-driver desktop) — a live progress line shows what it's doing while it boots. Drivable over MCP (open_usb_drive / list_usb_drives / close_usb_drive). New guide: Reading USB drives. Read-only, one drive at a time, no encrypted (LUKS) drives yet; webcams/microphones still can't pass.

📧 More email tools for the agent (MCP) — the IMAP/Gmail mail surface is filled out: search_mail (server-side IMAP SEARCH), save_mail_draft, create_mail_folder / delete_mail_folder, and modify_mail_message (mark read/unread, flag, move, copy/apply-label, delete). send_mail now threads replies correctly (In-Reply-To/References), list_mail_messages paginates and reads Cc, and a dropped IMAP idle socket reconnects instead of erroring. Device-verified on Gmail.

🔑 USB/IP re-export fix — exporting a phone USB device over USB/IP (to a remote host or the new on-device VM), stopping, and re-exporting within one app session failed with "Address already in use". The server now releases its port cleanly on stop, so re-export works.

Full Changelog: v5.63.0...v5.65.0

v5.63.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 15:44

More reporter-requested local-Linux-desktop control, a bring-your-own-rootfs path, and a security-key fix.

🔗 Custom mounts (#301)Desktop → Manage → Custom mounts lets you expose extra Android paths inside a distro's guest, on top of the system mounts. Per-distro, read-write, any path (so a work-profile user can mount /storage/emulated/9/…, or share a folder between two distros). Picks up in the interactive shell, desktop sessions, and run_in_proot. Also drivable over MCP (get_custom_binds / set_custom_binds).

📦 Import a custom rootfs (#284)Desktop → Manage → Import rootfs… brings your own rootfs tarball (.tar.gz or .tar.xz) — a proot-distro image, a docker export, or a second copy of a distro you already have. It's extracted and registered as a first-class distro (appears in the picker, set_active_distro, desktop installs) and used as-is (no packages forced). Also drivable over MCP (import_distro).

🧬 Multiple instances of a distro (#302) — falls out of the import path: give the import a new id and you get a second, isolated Ubuntu/Debian/… alongside your working one (clean vs. tinkered, per-project, testing). Each instance is a full rootfs.

🔑 Security keys ignore non-FIDO USB devices — FIDO2 auth no longer breaks when a USB audio dongle (or any non-FIDO USB device) is attached. Haven now matches only a real CTAPHID interface, so an audio dongle's volume-button HID is ignored, and a USB device that turns out to hold no usable key falls through to your NFC key instead of failing the connection.

Full Changelog: v5.62.0...v5.63.0

v5.62.0

Choose a tag to compare

@github-actions github-actions released this 29 Jun 22:24

Three reporter-requested additions for the local Linux desktop and the connect flow.

🔌 Remap low ports (#300) — a new toggle in Desktop → Manage lets guest services bind privileged ports (below 1024). With it on, a service on port N inside the guest becomes reachable at N+2000 (e.g. 802080), working around Android blocking the app from binding low ports directly. Off by default; it affects every privileged port, including a guest sshd.

🗂️ Share device storage toggle (#301) — also in Desktop → Manage, and on by default. Turn it off to stop a local session mounting your shared storage (/storage and /sdcard) into the guest, keeping your photos and downloads hidden from the local Linux environment.

🔗 haven://connect deep link (#305) — a new link to launch a connection, e.g. haven://connect?host=<h>&user=<u>&port=<p>&transport=mosh&session=<s>. If it matches one saved connection it asks for confirmation, then connects and attaches the named session; otherwise it opens the New Connection form pre-filled. Nothing is connected or saved without a tap (links carry no credentials). Useful for a self-hosted dashboard that drops you straight into a host or tmux session in one tap.

Full Changelog: v5.61.1...v5.62.0

v5.61.1

Choose a tag to compare

@github-actions github-actions released this 29 Jun 18:43

Fixes and refinements to the SPICE viewer and desktop gestures, from the first round of testing.

🎨 SPICE colours corrected — red and blue were swapped on-device; SPICE frames now render with correct colours. (Known issue still under investigation: colours can briefly flip during video streaming.)

👌 Two-finger desktop gestures — viewport control now lives on two fingers across SPICE, RDP and VNC: pinch to zoom, drag to pan the view or scroll the remote (toggle in the viewer toolbar), and a two-finger tap for a middle click. The previous three-finger gesture didn't work on OnePlus/OxygenOS, which intercepts three-finger touches system-wide before they reach the app.

🔑 Security-key SSH tunnels — a SPICE, VNC, RDP or SMB connection tunnelled through a jump host set to "Any hardware key" now fires the FIDO touch prompt instead of falling back to a password prompt.

⌨️ Standard keyboard (#298) — characters composed by an IME / gesture typing now flush to the shell when you press Enter.

The SPICE decoder is now developed in its own repository — GlassOnTin/spice-kotlin (AGPL-3.0) — and pulled into Haven as a submodule.

Full Changelog: v5.61.0...v5.61.1

v5.61.0

Choose a tag to compare

@github-actions github-actions released this 29 Jun 11:53

Highlights

🖥️ SPICE remote desktop (#286) — a native SPICE client for QEMU/KVM and libvirt VMs, alongside the existing VNC and RDP viewers. The display channel decodes the SPICE image codecs (raw, LZ, GLZ, ZLIB-GLZ, and QUIC) plus the image cache, server draw operations, hardware-cursor shape/position, and multiple display surfaces. Input covers keyboard, absolute pointer, mouse buttons and the scroll wheel; the viewer shares the VNC/RDP gestures (two-finger pinch-zoom and pan). SSH tunnelling is supported. Add SPICE connections in the Connections tab or via the agent (MCP). Decoding is verified pixel-correct against QEMU and Windows Server 2025 guests. See the Desktops feature page.

🔑 "Any hardware key" authentication — a new authentication method that lets a connection authenticate with any enrolled FIDO2/security key (touch whichever one is present), instead of pinning to a single key. Edit Connection → Authentication methods → add Any hardware key (FIDO).

🔒 Listing several keys now requires all of them — adding more than one key to a connection's authentication methods now means "present every listed key" (AND), not "any one of them". Use Any hardware key for the either-of behaviour. (Note: a true "must present both" challenge also depends on the server being configured with AuthenticationMethods publickey,publickey.)

Also

  • The FIDO security-key path is now honoured on jump hosts (-J), so a SPICE/VNC/RDP/SSH connection tunnelled through a jump host can authenticate with a hardware key.
  • A heads-up notification appears while a connect is waiting on a security-key touch.
  • Dark-theme readability sweep: VNC/RDP/SPICE viewer toolbar icons, SSH key names, and a couple of black-on-dark text spots are now visible.

Full Changelog: v5.60.7...v5.61.0

v5.60.7

Choose a tag to compare

@github-actions github-actions released this 28 Jun 23:23

Two terminal fixes.

Standard keyboard mode (#298): a toolbar Ctrl/Alt tapped before a typed character could get stuck, so Ctrl+D didn't work and Enter was sent as Ctrl+Enter (showing up as garbage like ^[[13;5u, breaking zsh's first-run wizard). Control combos now reach the shell immediately and the modifier is consumed. Secure mode (the default) was never affected.

Local proot shell (#299): bash/zsh process substitution — diff <(cmd) <(cmd) and echo <(cmd) — failed with "write error: Broken pipe". Fixed /dev/fd handling in the bundled proot.

Full Changelog: v5.60.6...v5.60.7

v5.60.6

Choose a tag to compare

@github-actions github-actions released this 28 Jun 08:55

Highlights

🔑 Security-key SSH reconnect no longer crashes — a FIDO2/YubiKey (SK) SSH profile that re-authenticated after a dropped connection could crash with a NullPointerException: the auto-reconnect path rebuilt the SSH client without carrying over the security-key authenticator. Reconnect now re-authenticates correctly. As a safety net, any other connect path missing the authenticator now fails with a clear, diagnosable error instead of a bare crash.

Full Changelog: v5.60.5...v5.60.6

v5.60.5

Choose a tag to compare

@github-actions github-actions released this 28 Jun 05:28

Highlights

🔎 Local shell exits are now diagnosable — a local Linux (proot) shell that exits immediately, e.g. a session manager like tmux/zellij that won't start, now records its exit code and last output in the connection log (Settings → View connection log) instead of vanishing without a trace. (#294)

For agents/MCP: set_preference / get_preference gain connection_logging_enabled, so connection logging can be toggled over MCP to diagnose a failing connection (enable → reproduce → get_connection_log).

Full Changelog: v5.60.4...v5.60.5