Changelog

**Detected at**: 2026-03-05T17:00:56.698Z
**Issues**: 18 failing pod(s), ArgoCD degraded

View PR #441 →

**Detected at**: 2026-03-05T13:45:55.755Z
**Issues**: 17 failing pod(s), ArgoCD degraded

View PR #440 →

**Detected at**: 2026-03-05T10:45:44.581Z
**Issues**: 23 failing pod(s), ArgoCD degraded

View PR #439 →

**Detected at**: 2026-03-04T17:46:02.502Z
**Issues**: 24 failing pod(s), ArgoCD degraded

View PR #371 →

Adds full GitOps alert-to-PR pipeline with deduplication, auto-remediation, Zot cache, and runbooks. See commit for details.

View PR #216 →

- Adds `src/fabric/git.ts` — the `@git-fabric/git` inline connector
- Mirrors the `src/fabric/cve.ts` pattern: thin wrappers around `FabricGitHubAdapter`, no package dependency
- Covers all git/GitHub domain operations: repos, files, commits, branches, PRs
- Zero new npm dependencies

View PR #26 →

Security patch applied to ry-ops/git-steer — dependency vulnerabilities remediated.

View PR #23 →

This PR patches **2** security vulnerabilities.

View PR #3 →

This PR patches **1** security vulnerability.

View PR #7 →

This PR addresses **2** security vulnerabilities.

View PR #12 →

Security patch applied to ry-ops/git-steer — dependency vulnerabilities remediated.

View PR #22 →

- Bumps `svelte` ^4.2.19 → ^5.51.5 (patches MEDIUM severity CVE)
- Bumps `@sveltejs/vite-plugin-svelte` ^3.1.0 → ^6.2.4 (requires svelte 5)
- Bumps `vite` ^5.4.0 → ^7.3.1 (required peer dep for vite-plugin-svelte 6+)
- `esbuild` bumped transitively to ^0.25.0 (patches MEDIUM severity CVE)

View PR #7 →

Update to ry-ops/homelab-hub-plus: chore(deps): bump flask from 3.0.3 to 3.1.3 in /backend.

View PR #4 →

Update to ry-ops/git-steer: chore(deps): bump hono from 4.11.7 to 4.12.0.

View PR #21 →

Update to ry-ops/blog: build(deps): Bump hono from 4.11.9 to 4.12.0 in /mcp-server.

View PR #20 →

Update to ry-ops/blog: build(deps): Bump devalue from 5.6.2 to 5.6.3.

View PR #19 →

Update to ry-ops/DriveIQ: chore(deps): bump pypdf from 6.7.0 to 6.7.1 in /backend.

View PR #71 →

Replaces the basic single-job publish workflow with a proper gated multi-stage pipeline that matches the eagle-scout project standard.

View PR #3 →

New feature shipped in ry-ops/homelab-hub-plus: docs: Update banner to 960px, add Kubernetes roadmap, fix tool count.

View PR #2 →

- **flask-cors 5.0.1 → 6.0.0**: resolves 3 Medium-severity GitHub Security Advisories found via grype CVE scan
- GHSA-7rxf-gvfg-47g4
- GHSA-43qf-4rqw-9q2g
- GHSA-8vgw-p6qm-5gr7
- **pip upgraded to 25.3** in Dockerfile `RUN` step: resolves GHSA-4xh5-x5gv-qwph

View PR #1 →

- Adds npm `overrides` to force lodash 4.17.23 (transitive dependency)
- Patches CVE-2025-13465: Prototype Pollution via `_.unset` and `_.omit`
- package-lock.json will need regeneration after merge

View PR #9 →

Comprehensive security remediation addressing **60 open CodeQL alerts** across 12 source files. Fixes span critical SSRF/type confusion through high-severity XSS/sanitization issues to medium prototype pollution and log injection.

View PR #7 →

Resolves 2 CodeQL code scanning alerts: **Incomplete URL substring sanitization** in both server.py files.

View PR #4 →

Pin all 3rd-party GitHub Actions to commit SHA digests for supply chain security.

View PR #8 →

Pin all 3rd-party GitHub Actions to commit SHA digests for supply chain security.

View PR #3 →

Pin all 3rd-party GitHub Actions to commit SHA digests for supply chain security.

View PR #11 →

Pin all 3rd-party GitHub Actions to commit SHA digests for supply chain security.

View PR #4 →

Resolves CodeQL code scanning alert: **Weak hash (MD5) for sensitive data** in `src/n8n_fabric/storage/qdrant.py`.

View PR #2 →

Pin all 3rd-party GitHub Actions to commit SHA digests for supply chain security. Also adds missing `permissions: contents: read` at workflow level in `ci.yml`.

View PR #9 →

Addresses all 9 open CodeQL code scanning alerts in git-steer.

View PR #20 →

- Add top-level `permissions: contents: read` to CI workflow
- Restricts default GITHUB_TOKEN scope across all jobs (least privilege)
- Existing `publish` job retains its expanded permissions for pushing images

View PR #3 →

This PR addresses **1** security vulnerabilities.

View PR #7 →

- Bump `cryptography` to `>=46.0.5` to fix **CVE-2026-26007** (high) — subgroup attack due to missing validation for SECT curves
- Bump version to `1.2.1`
- Updated README changelog and version

View PR #4 →

Update to ry-ops/DriveIQ: chore(deps): bump uvicorn[standard] from 0.38.0 to 0.40.0.

View PR #61 →

- Resolve **12 security vulnerabilities** across 5 packages
- Includes 1 critical, 7 high, and 4 medium severity CVEs
- Bump version to `0.1.1`

View PR #7 →

Update to ry-ops/DriveIQ: chore(deps): bump python-dotenv from 1.0.0 to 1.2.1.

View PR #64 →

[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️

View PR #63 →

Update to ry-ops/DriveIQ: chore(deps): bump pyjwt from 2.10.1 to 2.11.0.

View PR #62 →

Update to ry-ops/DriveIQ: chore(deps): bump fastapi from 0.124.4 to 0.128.5.

View PR #60 →

Update to ry-ops/DriveIQ: chore(deps): bump mypy from 1.19.0 to 1.19.1.

View PR #59 →

[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️

View PR #58 →

Update to ry-ops/DriveIQ: chore(deps): bump starlette from 0.50.0 to 0.52.1.

View PR #57 →

Update to ry-ops/DriveIQ: chore(deps): bump alembic from 1.17.2 to 1.18.3.

View PR #56 →

Update to ry-ops/DriveIQ: chore(deps): bump redis from 5.0.1 to 7.1.0.

View PR #55 →


View PR #54 →


View PR #53 →

Update to ry-ops/DriveIQ: chore(deps): bump pillow from 12.1.0 to 12.1.1 in /backend.

View PR #65 →

This PR addresses **1** security vulnerabilities.

View PR #6 →

- Pin `cryptography>=46.0.5` to fix **CVE-2026-26007** (high severity) — subgroup attack vulnerability due to missing validation for SECT curves
- Bump version to `0.0.4`
- Update README version references

View PR #2 →

- Add `qs>=6.14.2` npm override to fix **CVE-2026-2391** (low) — arrayLimit bypass in comma parsing allows DoS
- Bump version to `3.0.1`

View PR #3 →

Security patch applied to ry-ops/qdrant-fabric — dependency vulnerabilities remediated.

View PR #1 →


View PR #2 →


View PR #1 →

New feature shipped in ry-ops/git-steer: feat: Ship changelog pipeline, harden workflows, add PR lifecycle tracking.

View PR #19 →

- Fixed shell quoting bug in `security-fix.yml` (5 instances) and `security-sweep.yml` (7 instances)
- Advisory summaries containing apostrophes (e.g. `qs's arrayLimit bypass`) break `ALERTS='${{ }}'` single-quoted assignment
- Moved all `ALERTS` variable assignments to `env:` blocks, which the runner sets without shell interpretation

View PR #18 →

- Added "Contribute" section to the About tab with three action buttons:
- **Report Issue** (primary green) - links to `git-steer/issues/new`
- **Fork & Contribute** - links to `git-steer/fork`
- **View Source** - links to the main repo
- Buttons styled with SVG icons, hover effects, and responsive wrapping

View PR #17 →

- When no data exists for the current tab, show a "No data to export" toast instead of downloading a CSV with only column headers
- Applies to CVE Details, Repositories, Code Quality, and About tabs

View PR #16 →

- Change metric card grid from `1fr 1fr` to `1fr` at <=480px breakpoint
- Cards stack vertically for full readability on small phone screens

View PR #15 →

- Hide Run Security Scan, Copy Command, and Export CSV buttons on mobile (<=768px)
- These actions are accessible from the hamburger slide-out navigation panel
- Last-scanned time indicator remains visible in the header

View PR #14 →

- Slide-out navigation panel with hamburger menu on mobile (<=768px)
- Mobile nav includes tab switching, action buttons, and live CVE/repo count badges
- Refactored tab switching to shared `switchTab()` function used by desktop tabs, mobile nav, and keyboard shortcuts
- Three responsive breakpoints: tablet (900px), mobile (768px), small phone (480px)
- Improved mobile layout: stacked action bar, 2-column metric grid, hidden fullscreen button

View PR #13 →

- Guard against undefined `rfc.vulnerabilities` when generating dashboard HTML
- Prevents crashes when RFCs don't include vulnerability data (e.g., fixed/closed RFCs without detail)

View PR #12 →

- Remove floating SVG shapes, UpDown/UpDownWide animations, wave footer, and glassmorphism
- Keep all other enhancements: tooltips, action bar, CSV export, keyboard shortcuts, etc.

View PR #11 →

New feature shipped in ry-ops/git-steer: feat: Cara-style animated dashboard with tooltips and action controls.

View PR #10 →

This PR addresses **1** security vulnerability.

View PR #4 →

This PR addresses **2** security vulnerabilities.

View PR #5 →

This PR addresses **7** security vulnerabilities.

View PR #4 →

This PR addresses **2** security vulnerabilities.

View PR #70 →

This PR addresses **1** security vulnerability.

View PR #6 →

This PR addresses **1** security vulnerability.

View PR #7 →

This PR addresses **12** security vulnerabilities.

View PR #10 →

- Pins all GitHub Actions to full-length commit SHAs as required by org policy
- This fixes the security-sweep workflow failure where actions were rejected for using tag references

View PR #9 →

- Fix 3 **clear-text logging of sensitive information** alerts in `bin/cli.js` (High)
- Fix 1 **unpinned tag for non-immutable Action** in `security-fix.yml` (Medium)

View PR #6 →

- Bump `@modelcontextprotocol/sdk` to `>=1.26.0` to fix **CVE-2026-25536** (high) — cross-client data leak via shared server/transport instance reuse
- Resolves **CVE-2026-2391** (low) — qs arrayLimit bypass in comma parsing allows DoS
- Bump version to `0.1.1`

View PR #5 →

Updated eagle-scout MCP server with scout-cli 1.19.2 (Go 1.25.6) to fix CI CVE gate issues. Updated flow diagram documentation to reference Claude Desktop/Code integration. Added Go version badge to README for better visibility of runtime requirements.

Published comprehensive blog post introducing Infrastructure as a Fabric (IaaF) design philosophy. Covers the evolution from building a Qdrant MCP server to discovering a complete design framework based on textile arts metaphors - tinking, looms, warp/weft, stitches as operations, and yarn bombs as MCP servers. Includes The Weaver's Rules: 10 design principles starting with "No Knots" for loose coupling. Featured post with animated loom SVG visualization.

Claude Code (Sonnet 4.5) wrote a 5,000+ word reflection on discovering the ry-ops self-aware infrastructure ecosystem. Post covers the debugging session that revealed AIANA, Cortex, and the fabric layers working together to create compound intelligence through semantic memory and cross-Qdrant indexing. Includes 4 custom SVG diagrams showing fabric architecture, knowledge graph flow, Cortex Holdings structure, and FOA vs microservices comparison. Featured post exploring infrastructure that learns from itself.

Completed Phase 1 of qdrant-fabric MCP server with full coverage of Qdrant Database API. All 30 tools now available: 6 collection management, 7 points operations, 4 vector search, 4 payload management, 5 health checks, 2 vector operations, and 2 index management tools. Updated infrastructure flow diagram to show n8n-fabric, Local Qdrant, and AIANA in vertical stack. Ready for Phase 2: Cloud Management API (118 tools).

Added Dockerfile for Docker Hub publishing to n8n-fabric MCP server. Fixed deprecated Qdrant search() API call, migrated to query_points() for future compatibility. Added .env file loading to CLI for better configuration management. Improved deployment options with containerized distribution.

Redesigned DriveIQ Documents page with side-by-side upload and knowledge base interface. Implemented automatic PDF cleanup after ingestion with cascade deletion. Enhanced search quality by filtering TOC/index pages and increasing chat sources to 4 for better AI-powered manual consultation. Improved document lifecycle management for cleaner storage.

Added Dockerfile for Docker Hub publishing to git-steer GitHub autonomy engine. Updated README with comprehensive usage details covering repository lifecycle management, MCP integration, and command examples. Cleaned up documentation by removing outdated badges for cleaner presentation.

Released AIANA v1.2.0 with automatic preference bootstrapping on first install. New users now get intelligent defaults configured automatically, improving out-of-box experience for semantic memory system. Enhanced CI error handling with better failure detection and reporting.

Extended the blog-writer service to automatically create changelog entries for all verified Cortex deployments. Every improvement that passes health verification now generates a changelog entry with a brief summary for the timeline and detailed what/where/why context. High-relevance improvements continue to get full blog posts, now linked from their changelog entries.

Added a full documentation system to the blog with 8 in-depth guides covering Cortex architecture, the autonomous learning pipeline, MCP server integrations, and operational procedures. Documentation uses a dedicated layout with sidebar navigation and is designed to help developers understand and extend the Cortex platform.

Integrated the Layer Activator service into Cortex's health monitoring dashboard. The activator manages the UniFi Layer Fabric's routing decisions and now reports its status alongside other core services, providing visibility into query routing performance and layer utilization.

Implemented the UniFi Layer Fabric, a multi-layer routing system that intelligently directs queries through cascading execution paths. The fabric uses learning-enabled routing with Qdrant vector similarity to optimize query handling, falling back through keyword matching, classifier, and full SLM reasoning layers. Integrates directly with Cortex via Redis Streams for real-time task coordination.

Resolved build failures caused by unescaped apostrophes in blog post titles. Single quotes inside YAML frontmatter strings are now automatically escaped as double single quotes (`''`), preventing "bad indentation" parsing errors during Astro builds.

Implemented automated verification of Cloudflare Pages deployments after blog posts are pushed. The system now polls the Cloudflare API to confirm successful builds, logs detailed status information, and tracks deployment success in Redis metadata.

Deployed autonomous blog writing system that monitors Cortex's learning improvements and generates thoughtful, technical blog posts from Cortex's perspective. Includes SVG hero image generation, PNG rendering for social media, and automatic Git commits to the blog repository.

Created REST API endpoint that provides a summary of Cortex's daily learning activities. Returns statistics on approved and pending improvements, category breakdowns, source videos, and top 10 recent learnings with configurable time windows.