Skip to content

Hop3 0.5.0 Released

June 08, 2026 Release Announcement

Hop3 0.5.0 is out. Where 0.4 turned a deployment script into a full PaaS, 0.5 is a consolidation release — its focus is reliability, security, reproducible builds, and a CLI that gets out of your way.

What's New in 0.5

A reworked CLI

The biggest day-to-day change. Hop3 0.5 implements a proper context model (ADR 042) and a redesigned command surface (ADR 036):

  • Contexts — register a server once (hop3 context init), switch with hop3 context use prod, and every command targets it. Manage many servers from one laptop.
  • Sticky default app — pick the app you're working on once, and hop3 deploy, hop3 logs, hop3 ps, and hop3 app status all resolve it. When you need to be explicit, the app is a --app flag.
  • App resolution from the project — run a command inside a project directory and Hop3 reads the app from hop3.toml's [metadata].id.
  • Helpful errors — a mistyped command gets a "did you mean…?" suggestion; a command with no resolvable app gets a structured, actionable message.
  • Aliases, categorized help, and consistent exit codes round it out.
hop3 context use prod
cd ./my-app
hop3 deploy          # app resolved from hop3.toml, targeting the prod context
hop3 logs            # same app, no flags needed

Reproducible builds with Nix

Hop3 0.5 lands phase 1 of Nix integration: build and deploy an app from a Nix expression for a bit-for-bit reproducible environment, with a growing set of templates (a generic nixpkgs wrapper, Node-with-pnpm, and more) so common apps need no hand-written derivation. Native builders remain the default; Nix is opt-in per app.

Security hardening

Four waves of security work landed in 0.5:

  1. Input validation at the RPC boundary — every value crossing the client→server edge is validated before it reaches the filesystem or a subprocess.
  2. Auth hardening — tightened handling of the unsafe-mode switch and the streaming log endpoint.
  3. Credential encryption v2 — a stronger at-rest scheme for addon credentials, with an automatic migration from v1.
  4. Archive-bomb defense — deploy uploads are bounded against decompression bombs, and backup directories get strict permissions.

On top of that: rate-limiting on the API, and a new privileged-operations agent (hop3-rootd, ADR 041) that performs the handful of root-level operations behind a narrow, audited boundary, retiring the previous sudoers approach.

Failures you can diagnose

When a deploy goes wrong, 0.5 gives you a verdict. A structured Diagnosis (ADR 043) classifies the failure — build-failure, app-crash, proxy-502, addon-unreachable, timeout — and surfaces the decisive logs. That includes the fix for the "silent-502" class: a healthy app behind a 502 because the proxy points at the wrong port now reports exactly that.

More addons and deployment polish

  • A new S3 / MinIO addon for object storage, wired end to end with installer support.
  • Backup migration — restore a backup into a different instance, for moving an app between servers (ADR 024).
  • Multi-domain apps — a [domains] section in hop3.toml and hop3 domains commands.
  • Smoother upgrades — a redeploy runs pending migrations and leaves the app's virtualenv intact.
  • WSGI auto-discovery, computed environment variables, and an expanded PostgreSQL extension allow-list.

A consolidated test architecture

Under the hood, 0.5 unifies a sprawling test surface into three runners, three layers, and four speed tiers (ADR 043), and adds the nightly Test Lab (ADR 044) that runs the whole suite against real cloud servers and reports on it. We wrote a whole series about it: How Hop3 is Tested.

Installing

On your server:

curl -LsSf https://hop3.cloud/install-server.py | sudo python3 -

On your laptop:

pip install hop3-cli

Existing installs upgrade in place; the credential-encryption (v2) and schema migrations run automatically.

What's Next

0.6 turns from consolidation toward a curated, advertised set of working apps and the production-readiness around them:

  • The Test Lab dashboard — trends, flakiness, and a nightly green/red across the full app catalog.
  • A reworked TLS / certificate path with pluggable engines, plus a monitoring dashboard.
  • Wider Nix template coverage and the four-variant packaging push.

Get Involved

Hop3 is open source (Apache 2.0):

New to Hop3? Start with Your First Deployment. Curious how we keep it reliable? Read How Hop3 is Tested.