• bundle/dev-0.128.1 2464fe9488

    CT-Ops customer bundle dev-0.128.1
    All checks were successful
    CI Policy / Workflow runner policy (push) Successful in 7s
    Build and publish development Docker images / Resolve development image versions (push) Successful in 7s
    Release / Detect merged release PR (push) Successful in 9s
    Release / Create release tags (push) Has been skipped
    Release / Build agent linux/arm64 (push) Has been skipped
    Release / Build agent linux/amd64 (push) Has been skipped
    Release / Build agent darwin/arm64 (push) Has been skipped
    Release / Build agent darwin/amd64 (push) Has been skipped
    Release / Build agent windows/amd64 (push) Has been skipped
    Release / Build agent windows/arm64 (push) Has been skipped
    Release / Create or update release PR (push) Successful in 14s
    Release / Build and publish web image (push) Has been skipped
    Release / Build and publish ingest image (push) Has been skipped
    Release / Build and publish ansible-api image (push) Has been skipped
    Release / Build ansible-api image (push) Successful in 0s
    Release / Publish ansible-api release (push) Has been skipped
    Release / Publish agent release (push) Has been skipped
    Release / Publish customer bundle (push) Has been skipped
    Release / Build web image (push) Successful in 0s
    Release / Build ingest image (push) Successful in 0s
    Release / Publish web release (push) Has been skipped
    Release / Publish customer bundle release (push) Has been skipped
    Release / Publish ingest release (push) Has been skipped
    Build and publish development Docker images / Build and publish web dev image (push) Successful in 5m0s
    Build and publish development Docker images / Build and publish ingest dev image (amd64) (push) Successful in 8m4s
    Build and publish development Docker images / Publish development customer bundle (push) Successful in 1m10s
    Build and publish development Docker images / Build and publish ingest dev image (arm64) (push) Successful in 11m12s
    Build and publish development Docker images / Publish ingest dev multi-arch tag (push) Successful in 43s
    Pre-release

    simon released this 2026-06-17 15:47:45 +00:00 | 25 commits to main since this release

    CT-Ops customer bundle v0.128.1 roll-up changelog

    Published 2026-06-17

    Included products

    • Customer bundle: v0.128.1
    • Web: v0.257.1
    • Agent: v0.50.0
    • Ingest: v0.32.1
    • Ansible API: v0.5.0
    • CT-Vault API: v0.1.4

    Component changes

    Customer bundle v0.128.1

    Bug Fixes

    • release: resolve bundle images from production tags (0e6c3e7)

    v0.128.0

    Features

    • upgrade: support development image channel (0f52203)

    v0.127.1

    Bug Fixes

    • host-editor: share tools panel empty state (7e36e98)

    v0.127.0

    Features

    • host-editor: add file tabs and browser actions (#690) (e439ae4)

    v0.126.3

    Bug Fixes

    • host-editor: browse remote directories from root (87ceb5c)

    v0.126.2

    Bug Fixes

    • host-editor: make blocked path preset explicit (e0cf20b)

    v0.126.1

    Bug Fixes

    • web: score actionable risk posture (b3d6d1a)

    v0.126.0

    Features

    • host-editor: add persistent editor panel (07b4a43)

    v0.125.2

    Bug Fixes

    • host-editor: accept trusted ssh host fingerprints (93f1f7e)

    v0.125.1

    Bug Fixes

    • host-editor: clarify SSH host key denial (3190adb)

    v0.125.0

    Features

    • host-editor: add SSH-backed remote file editor (e1bbe16)

    v0.124.0

    Features

    • hosts: add host editor access policy (b5dfcad)

    v0.123.0

    Features

    • search LDAP when adding domain accounts (d5cc0a1)

    v0.122.0

    Features

    • track domain service accounts (82b743c)

    v0.121.3

    Bug Fixes

    • itil: improve service impact UX (b9a7391)

    v0.121.2

    Bug Fixes

    • notifications: fill trend chart date buckets (9bc05c5)

    v0.121.1

    Bug Fixes

    • web: expand container network fullscreen dialog (2c3c56a)

    v0.121.0

    Features

    • web: add container exploit risk details (03d7f52)

    v0.120.1

    Bug Fixes

    • web: use global date formatter across app (24c4ee2)

    v0.120.0

    Features

    • settings: add global date format preference (4c64d0c)

    v0.119.3

    Bug Fixes

    • web: include CT-CVE script deps in image (13e85ee)

    v0.119.2

    Bug Fixes

    • ct-cve: repair inventory hash scan (dc8fbc3)

    v0.119.1

    Bug Fixes

    • settings: move host intelligence settings (d827fd0)

    v0.119.0

    Features

    • docker: add central Grype scan worker pool (380ac57)

    v0.118.1

    Bug Fixes

    • docker: serialize central grype scans (48676c2)

    v0.118.0

    Features

    • docker: reuse central image scan results (9752bbb)

    v0.117.7

    Bug Fixes

    • containers: add image scan request button (171d15d)

    v0.117.6

    Bug Fixes

    • containers: show readable exploit risk labels (246a5aa)

    v0.117.5

    Bug Fixes

    • docker: label image scans by Grype exploit risk (97a1146)

    v0.117.4

    Bug Fixes

    • bundle: backfill bundled agent on start (8a8db51)

    v0.117.3

    Bug Fixes

    • bundle: replace agent binary during upgrades (13f63ce)

    v0.117.2

    Bug Fixes

    • bundle: publish bundle-only agent binary releases (7ec3f9e)

    v0.117.1

    Bug Fixes

    • bundle: include agent binary in customer bundle (5a9b58f)

    v0.117.0

    Features

    • itil: expand operations and CMDB workbench (b9b276d)

    Bug Fixes

    • docker: allow larger syft sboms (15e0084)

    v0.116.2

    Bug Fixes

    • docker: allow long image scan uploads (3e579e1)

    v0.116.1

    Bug Fixes

    • docker: allow grype database updates (d131235)

    v0.116.0

    Features

    • logs: add host log error purge (5a66a82)

    Bug Fixes

    • ingest: align log ignores query with schema (252ccc0)
    • hosts: improve container network graph layout (91d8f30)

    v0.115.4

    Bug Fixes

    • docker: persist image scan rows with ids (bf89787)

    v0.115.3

    Bug Fixes

    • logs: require http context for 5xx scan matches (525a077)

    v0.115.2

    Bug Fixes

    • checks: ignore suppressed log scan findings (c08ec42)

    v0.115.1

    Bug Fixes

    • checks: stack log scan chart counts (414c2e0)

    v0.115.0

    Features

    • monitoring: allow multiple check alerts (b8817d1)

    v0.114.1

    Bug Fixes

    • checks: summarise log scan output (d2d3605)

    v0.114.0

    Features

    • db: compress retained metric hypertables (9211dd9)

    v0.113.6

    Bug Fixes

    • release: trigger soft delete removal deployment (c9833f5)

    v0.113.5

    Bug Fixes

    • hosts: spread network graph nodes (96468b1)

    v0.113.4

    Bug Fixes

    • certificates: hard delete replaced renewals (69f283b)

    v0.113.3

    Bug Fixes

    • ci: gate web release bundle dispatch (cf8f0d5)

    v0.113.2

    Bug Fixes

    • web: show container io deltas in charts (7ff6821)
    • certificates: retire replaced certificate renewals (b66154e)
    • ci: use build digest output for release images (#584) (60a8319)

    v0.113.1

    Bug Fixes

    • ct-cve: resolve removed package findings (1781c98)

    v0.113.0

    Features

    • docker: support server image scanning mode (e2cf44f)

    v0.112.3

    Bug Fixes

    • web: bundle detected app icons (a8003ce)

    v0.112.2

    Bug Fixes

    • security: allow app icon image CDN (707f80b)

    v0.112.1

    Bug Fixes

    • bundle: retry customer image pulls (0bca223)

    v0.112.0

    Features

    • docker: add image vulnerability scanning (4cdec33)

    v0.111.0

    Features

    • hosts: show detected app icons (deba7e2)

    v0.111.0

    Features

    • hosts: show detected app icons (deba7e2)

    v0.110.0

    Features

    • hosts: show log error rows on host overview (3766ed6)

    v0.109.0

    Features

    • networks: map discovered internal connections (4e86061)

    v0.108.1

    Bug Fixes

    • hosts: remove log error dial labels (058806b)

    v0.108.0

    Features

    • hosts: highlight host log search matches (643cab7)

    v0.107.0

    Features

    • hosts: add log error overview card (f409fa9)
    • hosts: open logs from error summary (faed414)

    v0.106.3

    Bug Fixes

    • hosts: debounce vulnerability search (5c5b90e)

    v0.106.2

    Bug Fixes

    • ct-cve: preserve finding import status (9483797)

    v0.106.1

    Bug Fixes

    • hosts: show log error dial breakdown (5712bd4)

    v0.106.0

    Features

    • hosts: add log error summary tabs (b38451c)

    v0.105.0

    Features

    • hosts: show service resource usage (d6a9520)

    v0.104.0

    Features

    • logs: add host log error scanning (1d6b336)

    v0.103.3

    Bug Fixes

    • dsum: preserve rollover task creation dates (515cbb1)

    v0.103.2

    Bug Fixes

    • dsum: expire standups at local midnight (95304bd)

    v0.103.1

    Bug Fixes

    • web: keep linked service graph roots together (aefac91)

    v0.103.0

    Features

    • web: add host potential savings report (adae589)

    v0.102.0

    Features

    • dsum: add table scheduling and engineer filters (040201b)

    v0.101.0

    Features

    • itil: display services by relationships (6baeede)

    v0.100.0

    Features

    • cmdb: add impact relationship vocabulary (536137f)

    v0.99.1

    Bug Fixes

    • services: preserve table hierarchy order (60388d0)

    v0.99.0

    Features

    • cmdb: link services to monitored resource health (9a47b85)

    Bug Fixes

    • web: roll open DSUM items forward (7a12e38)

    v0.98.0

    Features

    • services: add graph node context menu (69b180c)

    v0.97.2

    Bug Fixes

    • services: improve graph hierarchy layout (3696dbc)

    v0.97.1

    Bug Fixes

    • web: prevent service form select overlap (cdaaf24)

    v0.97.0

    Features

    • cmdb: add reference data options (85c8f7e)

    v0.96.1

    Bug Fixes

    • web: simplify DSUM action list (11d87a7)

    v0.96.0

    Features

    • itil: add CMDB and service model (1ddeacc)

    v0.95.1

    Bug Fixes

    • web: enable DSUM engineer view controls (1b683ca)

    v0.95.0

    Features

    • web: add DSUM engineer organiser view (936e4aa)

    v0.94.1

    Bug Fixes

    • web: confirm DSUM deletions (d0bf2b3)

    v0.94.0

    Features

    • web: improve DSUM task engineer summary (a59907b)

    v0.93.1

    Bug Fixes

    • web: add empty workspace icon (3f0e4e4)

    v0.93.0

    Features

    • web: add live editable DSUM boards (804b572)

    v0.92.2

    Bug Fixes

    • web: show DSUM title in workspace tabs (da387f8)

    v0.92.1

    Bug Fixes

    • web: allow closing final workspace tab (5b5d846)

    v0.92.0

    Features

    • web: add manual DSUM history actions (56ed589)

    v0.91.0

    Features

    • web: add workspace tab context actions (d054498)

    v0.90.0

    Features

    v0.89.0

    Features

    • web: add dsum stand-up view (475269a)

    v0.88.0

    Features

    • incidents: add incident workspace (c5e35c9)

    v0.87.1

    Bug Fixes

    • dashboard: disambiguate engineer event check query (fff2a3f)

    v0.87.0

    Features

    • dashboard: surface engineer operational events (370f776)

    v0.86.0

    Features

    • monitoring: consolidate host alerts into checks (270e1b5)

    v0.85.1

    Bug Fixes

    • upgrade: refresh release-owned image tag overrides (55e87b3)

    v0.85.0

    Features

    • work-queue: add engineer issue workflow (1062eab)

    v0.84.0

    Features

    • web: add check interval units (12e2985)

    v0.83.4

    Bug Fixes

    • web: darken check chart tooltip values (9ceceb5)

    v0.83.3

    Bug Fixes

    • web: align service account overview dial colours (55e2021)

    v0.83.2

    Bug Fixes

    • release: support local image overrides in bundles (995ad2a)

    v0.83.1

    Bug Fixes

    • monitoring: show relevant check history metrics (44ed2a4)

    v0.83.0

    Features

    • monitoring: add Docker volume size checks (bf0960a)

    v0.82.2

    Bug Fixes

    • dashboard: prioritize expired service accounts (879420b)

    v0.82.1

    Bug Fixes

    • monitoring: measure folder usage for disk checks (0094e71)

    v0.82.0

    Features

    • dashboard: add service account overview (909b5cc)

    v0.81.0

    Features

    • services: add alert actions (27ed59b)

    v0.80.0

    Features

    • web: add risk posture detail page (76ea9a2)

    v0.79.0

    Features

    • monitoring: add path size checks (886a9e4)

    v0.78.1

    Bug Fixes

    • services: secure agent service refreshes (87f90d9)

    v0.78.0

    Features

    • patch-status: refresh host patch telemetry (c43b768)

    v0.77.2

    Bug Fixes

    • agent: resend patch telemetry on reconnect (afa5512)

    v0.77.1

    Bug Fixes

    • patch-status: report host patch telemetry (ec1b4dd)

    v0.77.0

    Features

    • hosts: enrich host patch status detail (edbf921)

    v0.76.1

    Bug Fixes

    • hosts: restrict host logs to text files (5327268)

    v0.76.0

    Features

    • automation: show generated host group inventory (834c78d)

    v0.75.0

    Features

    • automation: label trial runs in history (c5aadf9)

    v0.74.1

    Bug Fixes

    • automation: align job list columns (08f1ccb)

    v0.74.0

    Features

    • hosts: add service status and live log tabs (dba1ee9)

    v0.73.1

    Bug Fixes

    • automation: reset launch button after completed runs (abaeab4)

    v0.73.0

    Features

    • automation: show job template run health (c99d6f4)

    v0.72.3

    Bug Fixes

    • automation: refresh job launch status (7d8a142)

    v0.72.2

    Bug Fixes

    • web: restrict read-only service account controls (ee79f67)

    v0.72.1

    Bug Fixes

    • auth: add setup email sign out (89a4a1d)

    v0.72.0

    Features

    • automation: add job launch options (0a7707b)

    v0.71.7

    Bug Fixes

    • automation: show ct-automation host counters (194ac86)

    v0.71.6

    Bug Fixes

    • automation: map ct-automation live event hosts (06df25e)

    v0.71.5

    Bug Fixes

    • automation: refresh ct-automation run mirrors live (b998c9b)

    v0.71.4

    Bug Fixes

    • automation: allow editing template targets (f551bf1)

    v0.71.3

    Bug Fixes

    • automation: refresh host status summaries (ec9e4d4)

    v0.71.2

    Bug Fixes

    • automation: harden template save retries (7636ba0)

    v0.71.1

    Bug Fixes

    • automation: refresh CT-Automation inventory before launch (43dc13d)

    v0.71.0

    Features

    • automation: improve CT-Automation job run history (84b8eb5)

    v0.70.2

    Bug Fixes

    • automation: refresh ct-automation launches (0f30f91)

    v0.70.1

    Bug Fixes

    • ingest: handle duplicate certificate renewals (d34a8c3)

    v0.70.0

    Features

    • automation: add CT-Automation run drill-down tabs (317d0a6)

    v0.69.9

    Bug Fixes

    • automation: accept current run summary responses (b9cc705)

    v0.69.8

    Bug Fixes

    • automation: accept direct launch run responses (22d71fa)

    v0.69.7

    Bug Fixes

    • automation: sync ct-automation inventory before template save (7455a95)

    v0.69.6

    Bug Fixes

    • automation: delete CT-Automation repositories (0a658d2)

    v0.69.5

    Bug Fixes

    • automation: purge failed repository credentials (11010ee)

    v0.69.4

    Bug Fixes

    • web: preserve repository SSH key newline (26edb62)

    v0.69.3

    Bug Fixes

    • web: validate repository SSH keys (4ad1b94)

    v0.69.2

    Bug Fixes

    • web: include git in runtime image (8e4a61b)

    v0.69.1

    Bug Fixes

    • web: include ssh-keyscan in runtime image (9ed3fc8)

    v0.69.0

    Features

    • automation: test ct-automation repositories (52ce750)

    v0.68.0

    Features

    • automation: configure ct-automation repositories (45f8dda)

    v0.67.2

    Bug Fixes

    • terminal: disable mobile username autocapitalization (2565fa1)

    v0.67.1

    Bug Fixes

    • certificates: restore deleted tracked certificates (a84e444)

    v0.67.0

    Features

    • web: add workspace tab refresh controls (f884b42)

    v0.66.1

    Bug Fixes

    • web: confirm certificate deletion (a2065c9)

    v0.66.0

    Features

    • tools: add user favourite tools page (4417046)

    v0.65.5

    Bug Fixes

    • automation: open job creation in modal (e2b3442)

    v0.65.4

    Bug Fixes

    • web: publish quieter e2e output (df7a5bb)

    v0.65.3

    Bug Fixes

    • web: preserve distinct workspace tab content (6e029c0)

    v0.65.2

    Bug Fixes

    • web: repair workspace tab switching (9381a39)

    v0.65.1

    Bug Fixes

    • web: preserve workspace tab state on switch (3f9a5a5)

    v0.65.0

    Features

    • web: add dashboard workspace tabs (c40bde1)

    v0.64.0

    Features

    • automation: improve ct-automation credential tab (0347f97)

    v0.63.1

    Bug Fixes

    • automation: align ct-automation credential creation (43c3a92)

    v0.63.0

    Features

    • automation: add CT-Automation credential creation (6812324)

    v0.62.4

    Bug Fixes

    • automation: clarify CT-Automation jobs workflow (92d8efa)

    v0.62.3

    Bug Fixes

    • agent: allow offline agents to renew credentials (a60b442)

    v0.62.2

    Bug Fixes

    • automation: require external automation services (781120f)

    v0.62.1

    Bug Fixes

    • automation: guard user table migration references (a952732)

    v0.62.0

    Features

    • automation: add CT-Automation run summaries (5b66cde)

    v0.61.0

    Features

    • automation: add live CT-Automation run log (171dc96)

    v0.60.0

    Features

    • automation: launch CT-Automation jobs (2a08c06)

    v0.59.0

    Features

    • automation: save ct automation job templates (7d2e0a2)

    v0.58.0

    Features

    • automation: add CT-Automation credential selector (9e39866)

    v0.57.0

    Features

    • automation: add host group inventory step (9af76e9)

    v0.56.0

    Features

    • automation: add repository playbook discovery step (3940c7e)

    v0.55.0

    Features

    • automation: add ct-automation job wizard shell (6eaadd0)

    v0.54.0

    Features

    • automation: add ct-automation connection settings (983947e)

    v0.53.0

    Features

    • automation: define ct-automation client contract (9d28fd3)

    v0.52.3

    Bug Fixes

    • agent: allow takeover of stale active hosts (2856571)

    v0.52.2

    Bug Fixes

    • agent: wait for takeover client cert (f204b6b)

    v0.52.1

    Bug Fixes

    • service-accounts: separate expiring password buckets (6249f2b)

    v0.52.0

    Features

    • agent: add inactive host takeover approval (f3f7976)

    v0.51.0

    Features

    • service-accounts: add expiry policy dashboard counts (ee08c22)

    v0.50.4

    Bug Fixes

    • agents: delete terminal vault credentials with hosts (ee9ad7e)

    v0.50.3

    Bug Fixes

    • web: rename vulnerability posture panel (cd7f833)

    v0.50.2

    Bug Fixes

    • web: resolve latest agent version live (522fc90)

    v0.50.1

    Bug Fixes

    • agent: renew JWTs before expiry (76f5330)

    v0.50.0

    Features

    • web: add Docker container network graph (872d197)

    v0.49.0

    Features

    • hosts: show resource usage details (74bbaa6)

    v0.48.1

    Bug Fixes

    • dashboard: show short agent downtime (15da585)

    v0.48.0

    Features

    • dashboard: show agent connection stability (85f7d80)

    v0.47.2

    Bug Fixes

    • releases: render release note markdown once (64bd50b)

    v0.47.1

    Bug Fixes

    • dashboard: widen agent status chart (a033643)

    v0.47.0

    Features

    • web: show vulnerability CVE breadth (11391ec)

    v0.46.2

    Bug Fixes

    • web: align dashboard vulnerability counts (08db01d)

    v0.46.1

    Bug Fixes

    • web: serialize overview availability date parameters (746a3cb)

    v0.46.0

    Features

    • dashboard: show seven day agent availability (f8c44ba)

    v0.45.2

    Bug Fixes

    • web: clarify CT-Vault member identifiers (6c7fa74)

    v0.45.1

    Bug Fixes

    • vulnerabilities: count relevant report findings (5b05896)

    v0.45.0

    Features

    • vulnerabilities: add executive posture overview (df3ea6f)

    v0.44.0

    Features

    • web: add dashboard drill-down links (ff2ea50)

    v0.43.1

    Bug Fixes

    • web: correct dashboard vulnerability dial segments (ba38c01)

    v0.43.0

    Features

    • branding: update CT login logo (2c8d47b)

    v0.42.0

    Features

    • web: add overview vulnerability posture (7b5a9fb)

    v0.41.0

    Features

    • web: refresh overview branding (96930ee)

    v0.40.1

    Bug Fixes

    • upgrade: ignore stale env backups during backup (08445e5)

    v0.40.0

    Features

    • terminal: add personal vault credential login (74aa8e6)

    v0.39.2

    Bug Fixes

    • password-manager: rebrand integration as ct-vault (3fab9ce)

    v0.39.1

    Bug Fixes

    • releases: fetch update status without caching (549e453)

    v0.39.0

    Features

    • releases: publish customer bundle rollup changelog (7c90173)

    v0.38.2

    Bug Fixes

    • releases: read installed bundle version at runtime (5752184)

    v0.38.1

    Bug Fixes

    • release: preserve image repository for digest capture (68a0b0c)

    v0.38.0

    Features

    • upgrade: add host-side systemd updater (ec33703)

    v0.37.2

    Bug Fixes

    • releases: align displayed version with customer bundle (171d6fb)

    v0.37.1

    Bug Fixes

    • release: derive missing Docker publish tags (7c1bca3)

    v0.37.0

    Features

    • releases: add bundle update panel (9eb7ddb)

    v0.36.2

    Bug Fixes

    • release: preserve reusable workflow tag inputs (92c7e38)

    v0.36.1

    Bug Fixes

    • ct-cve: avoid inventory push timeout (3a3a86c)

    v0.36.0

    Features

    • reports: filter vulnerabilities by network (cd01f79)

    v0.35.2

    Bug Fixes

    • release: repair ansible image workflow yaml (3d3bb3b)

    v0.35.1

    Bug Fixes

    • release: no-op disabled image publishes (cd223ed)

    v0.35.0

    Features

    • vulnerabilities: clarify report metrics and export (411faa5)

    Bug Fixes

    • release: gate component image jobs (876767d)

    v0.34.2

    Bug Fixes

    • release: refresh Forgejo release metadata (92620ab)

    v0.34.1

    Bug Fixes

    • ct-cve: ship RPM source EVR inventory fix in customer bundle (#87) (fdc9530)

    v0.34.0

    Features

    • hosts: ship affected-host visibility for CVE details in customer bundle (#85) (48ecfbc)

    v0.33.1

    Bug Fixes

    • hosts: ship host vulnerability CVE counting fix in customer bundle (#82) (f424133)

    v0.33.0

    Features

    • hosts: ship improved vulnerability finding controls in customer bundle (#71) (8ce0a25)

    Bug Fixes

    • release: ship portable customer bundle templates (#79) (653d293)

    v0.32.1

    Bug Fixes

    • web: ship stale inventory failure banner fix in customer bundle (#68) (cbba5fd)

    v0.32.0

    Features

    • hosts: ship paginated vulnerability findings in customer bundle (#66) (4936dde)

    v0.31.5

    Bug Fixes

    • tasks: ship patch task dispatch fix in customer bundle (#64) (74b6c69)

    v0.31.4

    Bug Fixes

    • ct-cve: ship finding callback persistence fix in customer bundle

    v0.31.3

    Bug Fixes

    • ct-cve: ship callback retry fixes in customer bundle

    v0.31.2

    Bug Fixes

    • ct-cve: ship printable inventory package fingerprints in customer bundle

    v0.31.1

    Bug Fixes

    • upgrade: show customer bundle and CT-Ops versions during upgrade

    v0.31.0

    Features

    • ct-cve: ship automatic package-change inventory pushes in customer bundle

    v0.30.0

    Features

    • ct-cve: ship manual inventory push in customer bundle

    v0.29.0

    Features

    • ct-cve: ship simple CT-CVE pairing in customer bundle
    • web: ship documentation sidebar link in customer bundle

    v0.28.10

    Bug Fixes

    • calendar: ship inclusive all-day host event date display in customer bundle

    v0.28.9

    Bug Fixes

    • ingest: ship web-aligned agent update discovery in customer bundle
    • web: ship stale server action recovery in customer bundle

    v0.28.8

    Bug Fixes

    • release: ship agent 0.38.2 web image in customer bundle

    v0.28.7

    Bug Fixes

    • release: ship calendar all-day event web image in customer bundle

    v0.28.6

    Bug Fixes

    • web: ship container inventory fix in customer bundle

    v0.28.4

    Bug Fixes

    • release: skip existing Forgejo bundle assets on rerun

    v0.28.3

    Bug Fixes

    • release: package bundles with the latest component image tags

    v0.28.2

    Bug Fixes

    • upgrade: download customer bundles from Forgejo (6a07269)

    v0.28.0

    Features

    • ansible: add simple pairing flow (79d8e20)

    v0.27.3

    Bug Fixes

    • settings: improve LDAP certificate editing (44e5492)

    v0.27.2

    Bug Fixes

    • terminal: prefer host IP for SSH sessions (1388ea3)

    v0.27.1

    Bug Fixes

    • hosts: clean docker rows on delete (306848b)

    v0.27.0

    Features

    • terminal: support custom SSH ports (36872a6)

    v0.26.0

    Features

    • deploy: add SSH access to agent dev containers (8bea994)

    v0.25.1

    Bug Fixes

    • ldap: align add form with AD defaults (d1deb2b)

    v0.25.0

    Features

    • password-manager: refresh unlocked vault entries (525f7ee)

    v0.24.0

    Features

    • web: add Ansible automation runbook (afd64cd)

    v0.23.0

    Features

    v0.22.0

    Features

    v0.21.0

    Features

    • hosts: add activity dialog association tabs (d8ed7dc)

    v0.20.3

    Bug Fixes

    • password-manager: align launch assertion tenant claims (aebc947)

    v0.20.2

    Bug Fixes

    • dev: connect agent containers to dev network (29807ef)

    v0.20.1

    Bug Fixes

    • agent: include token in enrollment view command (370aa08), closes #1426

    v0.20.0

    Features

    v0.19.4

    Bug Fixes

    • dev-stack: run web containers as local user (ed83e98)

    v0.19.3

    Bug Fixes

    • web: rename host admin tab to activity (6a1c69c)

    v0.19.2

    Bug Fixes

    • web: resolve focused validation issues (59adfef)

    v0.19.1

    Bug Fixes

    • calendar: refresh host-linked entries automatically (#1415) (76363c7)

    v0.19.0

    Features

    • web: improve host container telemetry views (#1409) (b143565)

    Bug Fixes

    • agents: show enrolment install URL when viewing tokens (#1412) (eb90bd4)
    • calendar: contain operations calendar scrolling (#1406) (2235d87)

    v0.18.1

    Bug Fixes

    • auth: prevent prehydration login form submits (aaeb305)

    v0.18.0

    Features

    • dev: expose local stack for agent testing (fb3d5dc)

    v0.17.0

    Features

    • dev: add local full-stack dev launcher (3b3d96c)

    v0.16.0

    Features

    v0.15.1

    Bug Fixes

    • ingest: close docker inventory rows before lifecycle inserts (#1392) (cba037a)

    v0.15.0

    Features

    • web: add host admin tab for notes (9c1fd6d)

    v0.14.1

    Bug Fixes

    • docker: collect running container metrics (8e5dca4)

    v0.14.0

    Features

    • docker: add container alert rules (b76feb2)

    v0.13.0

    Features

    • docker: add container lifecycle timeline (a527cb6)

    v0.12.0

    Features

    • docker: add top container rankings (04a75c5)

    v0.11.0

    Features

    • ingest: add docker telemetry retention sweeper (3e236b5)

    v0.10.0

    Features

    • web: add host docker retention override (11dd597)

    v0.9.0

    Features

    • settings: add Docker metric retention setting (0231f78)

    v0.8.0

    Features

    • web: add docker container metric charts (b7f06f3)

    v0.7.0

    Features

    • docker: upload container telemetry batches (83a9de4)

    v0.6.0

    Features

    v0.5.0

    Features

    • ingest: upsert docker container inventory (#1353) (376e81e)

    v0.4.0

    Features

    v0.3.0

    Features

    • ingest: persist Docker runtime status (2be7dff)

    v0.2.0

    Features

    • proto: add Docker telemetry contract (6801f46)
    • proto: add Docker telemetry contract (3a5251b)

    v0.1.7

    Bug Fixes

    • ansible: scope ping logs by host name (f13561f)

    v0.1.6

    Bug Fixes

    • automation: hide ansible controls when disabled (0250e35)

    v0.1.5

    Bug Fixes

    • upgrade: avoid self-overwriting running script (7cb15a6)

    v0.1.4

    Bug Fixes

    • web: remove auth secrets from Docker build args (#1329) (e91baf7)

    v0.1.3

    Bug Fixes

    • bundle: verify ansible profile image pin (1db8184)

    v0.1.2

    Bug Fixes

    • bundle: resolve released image version tags (68dd07c)

    v0.1.1

    Bug Fixes

    • ansible-api: report hostnames in ping output (1af0cb6), closes #1316
    • ansible: scope ping output per host (96ea431)
    • bundle: release customer bundle independently (026dbdb)

    Web v0.257.1

    Bug Fixes

    • host-editor: share tools panel empty state (7e36e98)

    v0.257.0

    Features

    • host-editor: add file tabs and browser actions (#690) (e439ae4)

    v0.256.3

    Bug Fixes

    • host-editor: browse remote directories from root (87ceb5c)

    v0.256.2

    Bug Fixes

    • host-editor: make blocked path preset explicit (e0cf20b)

    v0.256.1

    Bug Fixes

    • web: score actionable risk posture (b3d6d1a)

    v0.256.0

    Features

    • host-editor: add persistent editor panel (07b4a43)

    v0.255.2

    Bug Fixes

    • host-editor: accept trusted ssh host fingerprints (93f1f7e)

    v0.255.1

    Bug Fixes

    • host-editor: clarify SSH host key denial (3190adb)

    v0.255.0

    Features

    • host-editor: add SSH-backed remote file editor (e1bbe16)

    v0.254.0

    Features

    • hosts: add host editor access policy (b5dfcad)

    v0.253.0

    Features

    • search LDAP when adding domain accounts (d5cc0a1)

    v0.252.0

    Features

    • track domain service accounts (82b743c)

    v0.251.3

    Bug Fixes

    • itil: improve service impact UX (b9a7391)

    v0.251.2

    Bug Fixes

    • notifications: fill trend chart date buckets (9bc05c5)

    v0.251.1

    Bug Fixes

    • web: expand container network fullscreen dialog (2c3c56a)

    v0.251.0

    Features

    • web: add container exploit risk details (03d7f52)

    v0.250.1

    Bug Fixes

    • web: use global date formatter across app (24c4ee2)

    v0.250.0

    Features

    • settings: add global date format preference (4c64d0c)

    v0.249.2

    Bug Fixes

    • web: include CT-CVE script deps in image (13e85ee)

    v0.249.1

    Bug Fixes

    • settings: move host intelligence settings (d827fd0)

    v0.249.0

    Features

    • docker: add central Grype scan worker pool (380ac57)

    v0.248.3

    Bug Fixes

    • containers: add image scan request button (171d15d)

    v0.248.2

    Bug Fixes

    • containers: show readable exploit risk labels (246a5aa)

    v0.248.1

    Bug Fixes

    • docker: label image scans by Grype exploit risk (97a1146)

    v0.248.0

    Features

    • itil: expand operations and CMDB workbench (b9b276d)

    v0.247.0

    Features

    • logs: add host log error purge (5a66a82)

    Bug Fixes

    • hosts: improve container network graph layout (91d8f30)

    v0.246.1

    Bug Fixes

    • checks: stack log scan chart counts (414c2e0)

    v0.246.0

    Features

    • monitoring: allow multiple check alerts (b8817d1)

    v0.245.1

    Bug Fixes

    • checks: summarise log scan output (d2d3605)

    v0.245.0

    Features

    • db: compress retained metric hypertables (9211dd9)

    v0.244.3

    Bug Fixes

    • release: trigger soft delete removal deployment (c9833f5)

    v0.244.2

    Bug Fixes

    • hosts: spread network graph nodes (96468b1)

    v0.244.1

    Bug Fixes

    • web: show container io deltas in charts (7ff6821)

    v0.244.0

    Features

    • docker: support server image scanning mode (e2cf44f)

    v0.243.2

    Bug Fixes

    • web: bundle detected app icons (a8003ce)

    v0.243.1

    Bug Fixes

    • security: allow app icon image CDN (707f80b)

    v0.243.0

    Features

    • docker: add image vulnerability scanning (4cdec33)

    v0.242.0

    Features

    • hosts: show detected app icons (deba7e2)

    v0.242.0

    Features

    • hosts: show detected app icons (deba7e2)

    v0.241.0

    Features

    • hosts: show log error rows on host overview (3766ed6)

    v0.240.0

    Features

    • networks: map discovered internal connections (4e86061)

    v0.239.1

    Bug Fixes

    • hosts: remove log error dial labels (058806b)

    v0.239.0

    Features

    • hosts: highlight host log search matches (643cab7)

    v0.238.0

    Features

    • hosts: add log error overview card (f409fa9)
    • hosts: open logs from error summary (faed414)

    v0.237.2

    Bug Fixes

    • hosts: debounce vulnerability search (5c5b90e)

    v0.237.1

    Bug Fixes

    • hosts: show log error dial breakdown (5712bd4)

    v0.237.0

    Features

    • hosts: add log error summary tabs (b38451c)

    v0.236.0

    Features

    • hosts: show service resource usage (d6a9520)

    v0.235.0

    Features

    • logs: add host log error scanning (1d6b336)

    v0.234.3

    Bug Fixes

    • dsum: preserve rollover task creation dates (515cbb1)

    v0.234.2

    Bug Fixes

    • dsum: expire standups at local midnight (95304bd)

    v0.234.1

    Bug Fixes

    • web: keep linked service graph roots together (aefac91)

    v0.234.0

    Features

    • web: add host potential savings report (adae589)

    v0.233.0

    Features

    • dsum: add table scheduling and engineer filters (040201b)

    v0.232.0

    Features

    • itil: display services by relationships (6baeede)

    v0.231.0

    Features

    • cmdb: add impact relationship vocabulary (536137f)

    v0.230.1

    Bug Fixes

    • services: preserve table hierarchy order (60388d0)

    v0.230.0

    Features

    • cmdb: link services to monitored resource health (9a47b85)

    Bug Fixes

    • web: roll open DSUM items forward (7a12e38)

    v0.229.0

    Features

    • services: add graph node context menu (69b180c)

    v0.228.2

    Bug Fixes

    • services: improve graph hierarchy layout (3696dbc)

    v0.228.1

    Bug Fixes

    • web: prevent service form select overlap (cdaaf24)

    v0.228.0

    Features

    • cmdb: add reference data options (85c8f7e)

    v0.227.1

    Bug Fixes

    • web: simplify DSUM action list (11d87a7)

    v0.227.0

    Features

    • itil: add CMDB and service model (1ddeacc)

    v0.226.1

    Bug Fixes

    • web: enable DSUM engineer view controls (1b683ca)

    v0.226.0

    Features

    • web: add DSUM engineer organiser view (936e4aa)

    v0.225.1

    Bug Fixes

    • web: confirm DSUM deletions (d0bf2b3)

    v0.225.0

    Features

    • web: improve DSUM task engineer summary (a59907b)

    v0.224.1

    Bug Fixes

    • web: add empty workspace icon (3f0e4e4)

    v0.224.0

    Features

    • web: add live editable DSUM boards (804b572)

    v0.223.2

    Bug Fixes

    • web: show DSUM title in workspace tabs (da387f8)

    v0.223.1

    Bug Fixes

    • web: allow closing final workspace tab (5b5d846)

    v0.223.0

    Features

    • web: add manual DSUM history actions (56ed589)

    v0.222.0

    Features

    • web: add workspace tab context actions (d054498)

    v0.221.0

    Features

    v0.220.0

    Features

    • web: add dsum stand-up view (475269a)

    v0.219.0

    Features

    • incidents: add incident workspace (c5e35c9)

    v0.218.1

    Bug Fixes

    • dashboard: disambiguate engineer event check query (fff2a3f)

    v0.218.0

    Features

    • dashboard: surface engineer operational events (370f776)

    v0.217.0

    Features

    • monitoring: consolidate host alerts into checks (270e1b5)

    v0.216.0

    Features

    • work-queue: add engineer issue workflow (1062eab)

    v0.215.0

    Features

    • web: add check interval units (12e2985)

    v0.214.3

    Bug Fixes

    • web: darken check chart tooltip values (9ceceb5)

    v0.214.2

    Bug Fixes

    • web: align service account overview dial colours (55e2021)

    v0.214.1

    Bug Fixes

    • monitoring: show relevant check history metrics (44ed2a4)

    v0.214.0

    Features

    • monitoring: add Docker volume size checks (bf0960a)

    v0.213.2

    Bug Fixes

    • dashboard: prioritize expired service accounts (879420b)

    v0.213.1

    Bug Fixes

    • monitoring: measure folder usage for disk checks (0094e71)

    v0.213.0

    Features

    • dashboard: add service account overview (909b5cc)

    v0.212.0

    Features

    • services: add alert actions (27ed59b)

    v0.211.0

    Features

    • web: add risk posture detail page (76ea9a2)

    v0.210.0

    Features

    • monitoring: add path size checks (886a9e4)

    v0.209.1

    Bug Fixes

    • services: secure agent service refreshes (87f90d9)

    v0.209.0

    Features

    • patch-status: refresh host patch telemetry (c43b768)

    v0.208.1

    Bug Fixes

    • patch-status: report host patch telemetry (ec1b4dd)

    v0.208.0

    Features

    • hosts: enrich host patch status detail (edbf921)

    v0.207.1

    Bug Fixes

    • hosts: restrict host logs to text files (5327268)

    v0.207.0

    Features

    • automation: show generated host group inventory (834c78d)

    v0.206.0

    Features

    • automation: label trial runs in history (c5aadf9)

    v0.205.1

    Bug Fixes

    • automation: align job list columns (08f1ccb)

    v0.205.0

    Features

    • hosts: add service status and live log tabs (dba1ee9)

    v0.204.1

    Bug Fixes

    • automation: reset launch button after completed runs (abaeab4)

    v0.204.0

    Features

    • automation: show job template run health (c99d6f4)

    v0.203.3

    Bug Fixes

    • automation: refresh job launch status (7d8a142)

    v0.203.2

    Bug Fixes

    • web: restrict read-only service account controls (ee79f67)

    v0.203.1

    Bug Fixes

    • auth: add setup email sign out (89a4a1d)

    v0.203.0

    Features

    • automation: add job launch options (0a7707b)

    v0.202.7

    Bug Fixes

    • automation: show ct-automation host counters (194ac86)

    v0.202.6

    Bug Fixes

    • automation: map ct-automation live event hosts (06df25e)

    v0.202.5

    Bug Fixes

    • automation: refresh ct-automation run mirrors live (b998c9b)

    v0.202.4

    Bug Fixes

    • automation: allow editing template targets (f551bf1)

    v0.202.3

    Bug Fixes

    • automation: refresh host status summaries (ec9e4d4)

    v0.202.2

    Bug Fixes

    • automation: harden template save retries (7636ba0)

    v0.202.1

    Bug Fixes

    • automation: refresh CT-Automation inventory before launch (43dc13d)

    v0.202.0

    Features

    • automation: improve CT-Automation job run history (84b8eb5)

    v0.201.1

    Bug Fixes

    • automation: refresh ct-automation launches (0f30f91)

    v0.201.0

    Features

    • automation: add CT-Automation run drill-down tabs (317d0a6)

    v0.200.9

    Bug Fixes

    • automation: accept current run summary responses (b9cc705)

    v0.200.8

    Bug Fixes

    • automation: accept direct launch run responses (22d71fa)

    v0.200.7

    Bug Fixes

    • automation: sync ct-automation inventory before template save (7455a95)

    v0.200.6

    Bug Fixes

    • automation: delete CT-Automation repositories (0a658d2)

    v0.200.5

    Bug Fixes

    • automation: purge failed repository credentials (11010ee)

    v0.200.4

    Bug Fixes

    • web: preserve repository SSH key newline (26edb62)

    v0.200.3

    Bug Fixes

    • web: validate repository SSH keys (4ad1b94)

    v0.200.2

    Bug Fixes

    • web: include git in runtime image (8e4a61b)

    v0.200.1

    Bug Fixes

    • web: include ssh-keyscan in runtime image (9ed3fc8)

    v0.200.0

    Features

    • automation: test ct-automation repositories (52ce750)

    v0.199.0

    Features

    • automation: configure ct-automation repositories (45f8dda)

    v0.198.2

    Bug Fixes

    • terminal: disable mobile username autocapitalization (2565fa1)

    v0.198.1

    Bug Fixes

    • certificates: restore deleted tracked certificates (a84e444)

    v0.198.0

    Features

    • web: add workspace tab refresh controls (f884b42)

    v0.197.1

    Bug Fixes

    • web: confirm certificate deletion (a2065c9)

    v0.197.0

    Features

    • tools: add user favourite tools page (4417046)

    v0.196.5

    Bug Fixes

    • automation: open job creation in modal (e2b3442)

    v0.196.4

    Bug Fixes

    • web: publish quieter e2e output (df7a5bb)

    v0.196.3

    Bug Fixes

    • web: preserve distinct workspace tab content (6e029c0)

    v0.196.2

    Bug Fixes

    • web: repair workspace tab switching (9381a39)

    v0.196.1

    Bug Fixes

    • web: preserve workspace tab state on switch (3f9a5a5)

    v0.196.0

    Features

    • web: add dashboard workspace tabs (c40bde1)

    v0.195.0

    Features

    • automation: improve ct-automation credential tab (0347f97)

    v0.194.1

    Bug Fixes

    • automation: align ct-automation credential creation (43c3a92)

    v0.194.0

    Features

    • automation: add CT-Automation credential creation (6812324)

    v0.193.3

    Bug Fixes

    • automation: clarify CT-Automation jobs workflow (92d8efa)

    v0.193.2

    Bug Fixes

    • automation: require external automation services (781120f)

    v0.193.1

    Bug Fixes

    • automation: guard user table migration references (a952732)

    v0.193.0

    Features

    • automation: add CT-Automation run summaries (5b66cde)

    v0.192.0

    Features

    • automation: add live CT-Automation run log (171dc96)

    v0.191.0

    Features

    • automation: launch CT-Automation jobs (2a08c06)

    v0.190.0

    Features

    • automation: save ct automation job templates (7d2e0a2)

    v0.189.0

    Features

    • automation: add CT-Automation credential selector (9e39866)

    v0.188.0

    Features

    • automation: add host group inventory step (9af76e9)

    v0.187.0

    Features

    • automation: add repository playbook discovery step (3940c7e)

    v0.186.0

    Features

    • automation: add ct-automation job wizard shell (6eaadd0)

    v0.185.0

    Features

    • automation: add ct-automation connection settings (983947e)

    v0.184.0

    Features

    • automation: define ct-automation client contract (9d28fd3)

    v0.183.2

    Bug Fixes

    • agent: allow takeover of stale active hosts (2856571)

    v0.183.1

    Bug Fixes

    • service-accounts: separate expiring password buckets (6249f2b)

    v0.183.0

    Features

    • agent: add inactive host takeover approval (f3f7976)

    v0.182.0

    Features

    • service-accounts: add expiry policy dashboard counts (ee08c22)

    v0.181.3

    Bug Fixes

    • agents: delete terminal vault credentials with hosts (ee9ad7e)

    v0.181.2

    Bug Fixes

    • web: rename vulnerability posture panel (cd7f833)

    v0.181.1

    Bug Fixes

    • web: resolve latest agent version live (522fc90)

    v0.181.0

    Features

    • web: add Docker container network graph (872d197)

    v0.180.0

    Features

    • hosts: show resource usage details (74bbaa6)

    v0.179.1

    Bug Fixes

    • dashboard: show short agent downtime (15da585)

    v0.179.0

    Features

    • dashboard: show agent connection stability (85f7d80)

    v0.178.2

    Bug Fixes

    • releases: render release note markdown once (64bd50b)

    v0.178.1

    Bug Fixes

    • dashboard: widen agent status chart (a033643)

    v0.178.0

    Features

    • web: show vulnerability CVE breadth (11391ec)

    v0.177.2

    Bug Fixes

    • web: align dashboard vulnerability counts (08db01d)

    v0.177.1

    Bug Fixes

    • web: serialize overview availability date parameters (746a3cb)

    v0.177.0

    Features

    • dashboard: show seven day agent availability (f8c44ba)

    v0.176.2

    Bug Fixes

    • web: clarify CT-Vault member identifiers (6c7fa74)

    v0.176.1

    Bug Fixes

    • vulnerabilities: count relevant report findings (5b05896)

    v0.176.0

    Features

    • vulnerabilities: add executive posture overview (df3ea6f)

    v0.175.0

    Features

    • web: add dashboard drill-down links (ff2ea50)

    v0.174.1

    Bug Fixes

    • web: correct dashboard vulnerability dial segments (ba38c01)

    v0.174.0

    Features

    • branding: update CT login logo (2c8d47b)

    v0.173.0

    Features

    • web: add overview vulnerability posture (7b5a9fb)

    v0.172.0

    Features

    • web: refresh overview branding (96930ee)

    v0.171.0

    Features

    • terminal: add personal vault credential login (74aa8e6)

    v0.170.2

    Bug Fixes

    • password-manager: rebrand integration as ct-vault (3fab9ce)

    v0.170.1

    Bug Fixes

    • releases: fetch update status without caching (549e453)

    v0.170.0

    Features

    • releases: publish customer bundle rollup changelog (7c90173)

    v0.169.1

    Bug Fixes

    • releases: read installed bundle version at runtime (5752184)

    v0.169.0

    Features

    • upgrade: add host-side systemd updater (ec33703)

    v0.168.1

    Bug Fixes

    • releases: align displayed version with customer bundle (171d6fb)

    v0.168.0

    Features

    • releases: add bundle update panel (9eb7ddb)

    v0.167.0

    Features

    • reports: filter vulnerabilities by network (cd01f79)

    v0.166.0

    Features

    • vulnerabilities: clarify report metrics and export (411faa5)

    v0.165.1

    Bug Fixes

    • ct-cve: send RPM source EVR in inventory (#87) (fdc9530)

    v0.165.0

    Features

    • hosts: show affected hosts for CVE details (#85) (48ecfbc)

    v0.164.1

    Bug Fixes

    • hosts: count host vulnerabilities by CVE (#82) (f424133)

    v0.164.0

    Features

    • hosts: improve vulnerability finding controls (#71) (8ce0a25)

    Bug Fixes

    • release: use portable customer bundle templates (#79) (653d293)

    v0.163.1

    Bug Fixes

    • web: hide stale inventory failure banner (#68) (cbba5fd)

    v0.163.0

    Features

    • hosts: paginate vulnerability findings (#66) (4936dde)

    v0.162.3

    Bug Fixes

    • tasks: show final task errors when no output was captured (#64) (74b6c69)

    v0.162.2

    Bug Fixes

    • ct-cve: persist finding callback timestamp conflicts

    v0.162.1

    Bug Fixes

    • ct-cve: use internal callback URL for pairing

    v0.162.0

    Features

    • ct-cve: add manual inventory push

    v0.161.0

    Features

    • ct-cve: add simple pairing flow
    • web: add documentation sidebar link

    v0.160.3

    Bug Fixes

    • calendar: show all-day host event dates inclusively

    v0.160.2

    Bug Fixes

    • web: recover stale server action clients

    v0.160.1

    Bug Fixes

    • release: bake agent 0.38.2 into web image

    v0.160.0

    Features

    • calendar: add all-day event creation from week views

    v0.159.5

    Bug Fixes

    • web: hide not-present container inventory rows

    v0.159.3

    Bug Fixes

    • release: inline Forgejo web image publish

    v0.159.2

    Bug Fixes

    • web: include agent binary checksum sidecars

    v0.159.1

    Bug Fixes

    • web: simplify host container screen (002cc40)

    v0.159.0

    Features

    • ansible: add simple pairing flow (79d8e20)

    v0.158.2

    Bug Fixes

    • settings: improve LDAP certificate editing (44e5492)

    v0.158.1

    Bug Fixes

    • hosts: clean docker rows on delete (306848b)

    v0.158.0

    Features

    • terminal: support custom SSH ports (36872a6)

    v0.157.1

    Bug Fixes

    • ldap: align add form with AD defaults (d1deb2b)

    v0.157.0

    Features

    • password-manager: refresh unlocked vault entries (525f7ee)

    v0.156.0

    Features

    • web: add Ansible automation runbook (afd64cd)

    v0.155.0

    Features

    v0.154.0

    Features

    v0.153.0

    Features

    • hosts: add activity dialog association tabs (d8ed7dc)

    v0.152.2

    Bug Fixes

    • password-manager: align launch assertion tenant claims (aebc947)

    v0.152.1

    Bug Fixes

    • agent: include token in enrollment view command (370aa08), closes #1426

    v0.152.0

    Features

    v0.151.4

    Bug Fixes

    • dev-stack: run web containers as local user (ed83e98)

    v0.151.3

    Bug Fixes

    • web: rename host admin tab to activity (6a1c69c)

    v0.151.2

    Bug Fixes

    • web: resolve focused validation issues (59adfef)

    v0.151.1

    Bug Fixes

    • calendar: refresh host-linked entries automatically (#1415) (76363c7)

    v0.151.0

    Features

    • web: improve host container telemetry views (#1409) (b143565)

    Bug Fixes

    • agents: show enrolment install URL when viewing tokens (#1412) (eb90bd4)
    • calendar: contain operations calendar scrolling (#1406) (2235d87)

    v0.150.1

    Bug Fixes

    • auth: prevent prehydration login form submits (aaeb305)

    v0.150.0

    Features

    • dev: add local full-stack dev launcher (3b3d96c)

    v0.149.0

    Features

    v0.148.0

    Features

    • web: add host admin tab for notes (9c1fd6d)

    v0.147.1

    Bug Fixes

    • docker: collect running container metrics (8e5dca4)

    v0.147.0

    Features

    • docker: add container alert rules (b76feb2)

    v0.146.0

    Features

    • docker: add container lifecycle timeline (a527cb6)

    v0.145.0

    Features

    • docker: add top container rankings (04a75c5)

    v0.144.0

    Features

    • web: add host docker retention override (11dd597)

    v0.143.0

    Features

    • settings: add Docker metric retention setting (0231f78)

    v0.142.0

    Features

    • web: add docker container metric charts (b7f06f3)

    v0.141.0

    Features

    • docker: upload container telemetry batches (83a9de4)

    v0.140.0

    Features

    v0.139.0

    Features

    • ingest: upsert docker container inventory (#1353) (376e81e)

    v0.138.0

    Features

    v0.137.0

    Features

    • ingest: persist Docker runtime status (2be7dff)

    v0.136.2

    Bug Fixes

    • automation: hide ansible controls when disabled (0250e35)

    v0.136.1

    Bug Fixes

    • web: remove auth secrets from Docker build args (#1329) (e91baf7)

    v0.136.0

    Features

    v0.135.2

    Bug Fixes

    • web: cover bundle restart port guard regression (#1307) (94c90c4)

    v0.135.1

    Bug Fixes

    • web: cover customer start script query regression (#1304) (557d214)

    v0.135.0

    Features

    • automation: add feature flags and ansible provider foundation (#1301) (d8959fc)

    v0.134.0

    Features

    • password-manager: add instance audit view (d990582)

    Bug Fixes

    • password-manager: hide vault mutation UI for read-only roles (#1300) (c33362f)

    v0.133.1

    Bug Fixes

    • password-manager: simplify vault member settings (9d0b301)

    v0.133.0

    Features

    • password-manager: add entry field copy controls (fef37e3)

    v0.132.1

    Bug Fixes

    • agent: align enrolment token environment (713f007)

    v0.132.0

    Features

    • web: surface instance name context (230cd2c)

    v0.131.11

    Bug Fixes

    • auth: prevent cached session data after account changes (b6a6947)

    v0.131.10

    Bug Fixes

    • web: refresh people list after invite conflicts (#1280) (56f571d)

    v0.131.9

    Bug Fixes

    • auth: create configured standalone instance scope (132af34)

    v0.131.8

    Bug Fixes

    • auth: show unscoped direct signups in people (13147cb)

    v0.131.7

    Bug Fixes

    • auth: hold direct signups for role assignment (c553185)

    v0.131.6

    Bug Fixes

    • auth: persist direct signup instance membership (5aab11e)

    v0.131.5

    Bug Fixes

    • web: guard team invites without instance scope (8c4bebc)

    v0.131.4

    Bug Fixes

    • password-manager: tolerate undecryptable vault records (da67394)

    v0.131.3

    Bug Fixes

    • password-manager: fetch rotation public keys (f2a9acf)

    v0.131.2

    Bug Fixes

    • password-manager: surface vault rotation feedback (60ea344)

    v0.131.1

    Bug Fixes

    • password-manager: allow standalone launch assertions (1ece1e3)

    v0.131.0

    Features

    • web: remove instance scope from web baseline (0b41340)
    • web: remove instance scope from web baseline (c1a8e54)

    v0.130.0

    Features

    • web: remove org inputs from reporting surfaces (bb0e67f)
    • web: remove org inputs from reporting surfaces (98fa687)

    v0.129.3

    Bug Fixes

    • web: restore standalone admin access (b5ab5f1)

    v0.129.2

    Bug Fixes

    • web: allow standalone sidebar routes (c77d54b)

    v0.129.1

    Bug Fixes

    v0.129.0

    Features

    • web: remove org ids from task 11 surfaces (#1235) (46cfa5e)

    v0.128.0

    Features

    • web: remove org scope from task runs and schedules (#1232) (16f1f47)

    v0.127.0

    Features

    • web: remove org scope from host detail core (#1226) (d540a3d)
    • web: remove org scope from host groups and networks (#1229) (19045b8)
    • web: remove org scope from host settings slice (#1228) (48184a2)

    v0.126.0

    Features

    • web: remove org scope from host inventory (#1223) (8fe035f)

    v0.125.0

    Features

    • web: remove instance onboarding from auth setup (#1218) (863f40e)

    v0.124.5

    Bug Fixes

    • release: bake latest agent manifest into ct-ops images (79a22a4)

    v0.124.4

    Bug Fixes

    • calendar: lay out overlapping timed events (7aaf6b1)
    • web: cover generated ct-ops TLS certificate SAN (2f4d62e)

    v0.124.3

    Bug Fixes

    • web: resolve latest agent download release (1113753)

    v0.124.2

    Bug Fixes

    • calendar: replace operations calendar renderer (#1197) (5e56336)

    v0.124.1

    Bug Fixes

    • hosts: hard-delete pending certificate signing rows (f4b64af)

    v0.124.0

    Features

    v0.123.2

    Bug Fixes

    • calendar: restore time grid slot layout (8ae2c58)

    v0.123.1

    Bug Fixes

    • calendar: improve operations calendar layouts (1f8f474)

    v0.123.0

    Features

    • calendar: add operations planning calendar (80d6217)

    v0.122.4

    Bug Fixes

    v0.122.3

    Bug Fixes

    • notifications: await inbox mutation refreshes (c922465), closes #998

    v0.122.2

    Bug Fixes

    v0.122.1

    Bug Fixes

    • notifications: await bell mark-read before navigation (#1179) (2d43715)

    v0.122.0

    Features

    • web: configure CT-CVE connector in app (415cac3)

    v0.121.1

    Bug Fixes

    • web: await network mutation refreshes (62778fe), closes #996

    v0.121.0

    Features

    • password-manager: add entry password visibility toggles (47ab2b4)

    Bug Fixes

    • web: replace CT-Ops logo asset (dc2138a)

    v0.120.1

    Bug Fixes

    • web: improve password manager generator layout (#1165) (513402c)

    v0.120.0

    Features

    • web: add CarrTech logo and favicon (b46f58d)

    Bug Fixes

    • web: update patch status chart semantics (c49c095)

    v0.119.0

    Features

    v0.118.0

    Features

    • password-manager: add SSH key pair view and copy actions (a8fed28)

    v0.117.0

    Features

    • password-manager: add SSH key pair entries (217f25d)

    v0.116.9

    Bug Fixes

    • web: reject blocked certificate checker ports (2dc255f)

    v0.116.8

    Bug Fixes

    v0.116.7

    Bug Fixes

    • profile: derive updates from session (7327b43), closes #1112

    v0.116.6

    Bug Fixes

    • auth: align LDAP session cookie with secure auth URL (2626387)

    v0.116.5

    Bug Fixes

    • ldap: support UPN login search (12f1c4b)

    v0.116.4

    Bug Fixes

    • auth: select LDAP login integration (d5f3ee7)

    v0.116.3

    Bug Fixes

    • password-manager: rename vault settings action (9ddcbc2)

    v0.116.2

    Bug Fixes

    • password-manager: use icon entry actions (f61da1a)

    v0.116.1

    Bug Fixes

    v0.116.0

    Features

    • password-manager: harden vault secret handling (722a50c)

    v0.115.0

    Features

    • profile: add 2fa qr setup code (c233b83)

    v0.114.0

    Features

    • auth: add user two-factor enforcement (9f41683)
    • password-manager: add entry templates (c6789fb)

    v0.113.1

    Bug Fixes

    • password-manager: require confirmation for vault exports (acedafc)

    v0.113.0

    Features

    • terminal: trust SSH host keys from agents (2ab4e2e)

    v0.112.0

    Features

    • password-manager: focus workspace on passwords (94d6d39)

    v0.111.1

    Performance Improvements

    • password-manager: reduce browser workload (55b4681)

    v0.111.0

    Features

    • password-manager: add member recipient selector (#1101) (1695481)

    v0.110.4

    Bug Fixes

    • auth: respect invite signup verification policy (d4601b2)

    v0.110.3

    Bug Fixes

    • password-manager: pin api image from release descriptor (5238842)

    v0.110.2

    Bug Fixes

    • certs: block DNS rebinding in tracked refresh (73ade2b), closes #968

    v0.110.1

    Bug Fixes

    • password-manager: close hosted readiness gaps (#1087) (ab85db7)

    v0.110.0

    Features

    v0.109.0

    Features

    • password-manager: add sharing and rotation workspace (#1072) (f467941)

    v0.108.0

    Features

    • web: add password manager vault workspace (#1067) (79dfa04)

    v0.107.0

    Features

    Bug Fixes

    • authz: require write access for instance mutations (1f2d660)

    v0.106.0

    Features

    v0.105.1

    Bug Fixes

    v0.105.0

    Features

    • web: add password manager client and browser crypto (#1053) (23884c9)

    v0.104.0

    Features

    • web: add password manager launch assertions (#1048) (cfc60dd)

    v0.103.20

    Bug Fixes

    • audit: record privileged lifecycle mutations (c779ed0), closes #960

    v0.103.19

    Bug Fixes

    • web: tighten production script csp (ca642c6), closes #950

    v0.103.18

    Bug Fixes

    • security: ignore spoofed bundle transfer origins (f93f6ca)

    v0.103.17

    Bug Fixes

    • auth: allow Better Auth bootstrap under RLS (ac3cbd7), closes #1029

    v0.103.16

    Bug Fixes

    v0.103.15

    Bug Fixes

    • security: restrict agent ca rotation (fbab9f9)

    v0.103.14

    Bug Fixes

    • db: fail closed for instance RLS scope (0612b94), closes #980

    v0.103.13

    Bug Fixes

    v0.103.12

    Bug Fixes

    v0.103.11

    Bug Fixes

    • web: stabilize e2e isolation and db pooling (#978) (943f372)

    v0.103.10

    Bug Fixes

    • auth: scope LDAP login to instance slug (f5e331e)

    v0.103.9

    Bug Fixes

    • ct-cve: share service nonce replay protection (d4df6b0), closes #910

    v0.103.8

    Bug Fixes

    • db: add licence verifier migration snapshot (#966) (aee2b9d)

    v0.103.7

    Bug Fixes

    • agent: verify downloaded agent binaries (4846ba0), closes #959

    v0.103.6

    Bug Fixes

    • alerts: redact Slack webhook URLs (046a74e)

    v0.103.5

    Bug Fixes

    • web: verify agent enrolment TLS by default (#958) (1fe3dbc)

    v0.103.4

    Bug Fixes

    v0.103.3

    Bug Fixes

    • authz: derive privileged action actors from session (#952) (db28c0c)

    v0.103.2

    Bug Fixes

    • bundle-transfer: verify host bundle downloads (99dbfe8), closes #935

    v0.103.1

    Bug Fixes

    • agent: use configured installer origin (f09e229)

    v0.102.2

    Bug Fixes

    • auth: gate LDAP 2FA on issued challenge (#933) (3ca1b14)

    v0.102.1

    Bug Fixes

    v0.100.1

    Bug Fixes

    • notifications: bind inbox actions to session user (#922) (e8d7252)

    v0.97.2

    Bug Fixes

    • alerts: block stored private notification targets (#904) (eda2d31)

    v0.97.1

    Bug Fixes

    • web: require tooling auth for agent lifecycle actions (#900) (561efa4)

    v0.96.4

    Bug Fixes

    • web: limit e2e database pool usage (d14c2f2)

    v0.96.3

    Bug Fixes

    v0.96.2

    Bug Fixes

    • web: repair licence key upgrade permissions (#862) (ef422a4)

    v0.96.1

    Bug Fixes

    • web: trigger licence verifier image release (#859) (0d01a3c)

    v0.96.0

    Features

    • licence: persist verifier keys for rotation (#854) (94a66a9)

    v0.95.1

    Bug Fixes

    • auth: preserve invite redemption during signup (#852) (fbd3a47)

    v0.95.0

    Features

    v0.94.3

    Bug Fixes

    • web: accept postgres env in entrypoint (#847) (271c05c)

    v0.94.2

    Bug Fixes

    • install: encode generated database passwords (#843) (a8ddc88)

    v0.94.1

    Bug Fixes

    v0.94.0

    Features

    v0.93.0

    Features

    • web: schedule CT-CVE inventory pushes (#831) (a7434ab)

    v0.92.2

    Bug Fixes

    • web: recognise secure auth session cookies (#829) (a3e30c1)

    v0.92.1

    Bug Fixes

    • web: prevent stale auth redirect loops (#827) (614de18)

    v0.92.0

    Features

    • web: persist CT-CVE connection status (#825) (a7af2ea)

    v0.91.0

    Features

    • web: add CT-CVE inventory export helper (#823) (85676e2)

    v0.90.0

    Features

    v0.89.0

    Features

    • web: add ct-cve service token boundary (#818) (ffd7529)

    v0.88.0

    Features

    v0.87.0

    Features

    v0.86.0

    Features

    v0.85.0

    Features

    • web: add seat capacity licence payload (#796) (7f8725a)

    v0.84.3

    Bug Fixes

    • web: delete patch status rows with hosts (#782) (4404cf0)

    v0.84.2

    Bug Fixes

    • web: restore tokenized agent enrolment command (#778) (073febe)

    v0.84.1

    Bug Fixes

    v0.84.0

    Features

    • web: support multi-role team membership (#771) (db57845)

    Bug Fixes

    • web: restrict tooling access to engineer roles (#768) (9a7d607)

    v0.83.0

    Features

    • vuln: harden confirmed Linux CVE matching (#764) (6929342)

    v0.82.3

    Bug Fixes

    • web: avoid build-doc editor hydration mismatch (#748) (1d8aebb)

    v0.82.2

    Bug Fixes

    • web: revoke stale sessions for inactive users (#757) (be66e20)

    v0.82.1

    Bug Fixes

    • agent: stop leaking enrolment tokens in install URLs (#753) (0552877)

    v0.82.0

    Features

    • web: improve build docs markdown editor (#732) (7db8fd3)

    v0.81.0

    Features

    v0.80.2

    Bug Fixes

    • web: end terminal sessions on logout (#731) (7ab6f2d)

    v0.80.1

    Bug Fixes

    • web: add stable selectors for directory lookup e2e (#727) (5428d48)

    v0.80.0

    Features

    Bug Fixes

    • web: allow certificate checks on private hosts (#724) (be685be)

    v0.79.0

    Features

    v0.78.0

    Features

    • web: add vulnerability management interface (#717) (ebebd7b)

    v0.77.1

    Bug Fixes

    • web: add network and enrolment e2e coverage (966675e)

    v0.77.0

    Features

    v0.76.1

    Bug Fixes

    • web: send auth emails via SMTP relay (#706) (c8b071f)

    v0.76.0

    Features

    Bug Fixes

    • web: refresh filtered certificate results (#701) (49f3dad)

    v0.75.4

    Bug Fixes

    • web: move host networks tab to infrastructure (#687) (f4f8cdc)

    v0.75.3

    Bug Fixes

    • web: add local account password reset (#695) (8060e3a)

    v0.75.2

    Bug Fixes

    v0.75.1

    Bug Fixes

    • web: sanitise LDAP configuration responses (#686) (791c6f7)

    v0.75.0

    Features

    • web: reorganise administration settings (#679) (bcdb0ce)

    v0.74.3

    Bug Fixes

    v0.74.2

    Bug Fixes

    • web: stabilise schedule form e2e selectors (#682) (0fcedfb)

    v0.74.1

    Bug Fixes

    v0.74.0

    Features

    • web: prompt for SMTP relay test recipient (#674) (3582481)

    v0.73.8

    Bug Fixes

    • web: enforce a single style for simple reads (#672) (818ba03)

    v0.73.7

    Bug Fixes

    • auth: persist security throttles across replicas (#667) (e05b5a2)

    v0.73.6

    Bug Fixes

    • web: require admin auth for LDAP settings actions (#664) (4062b53)

    v0.73.5

    Bug Fixes

    • web: enforce LDAP TLS certificate validation (#662) (8639cf8)
    • web: restore schema metadata unit tests (#657) (7b404b4)

    v0.73.4

    Bug Fixes

    • auth: bind invite redemption to invited email (#656) (ff3b469)

    v0.73.3

    Bug Fixes

    • web: add missing dashboard and host e2e coverage (#654) (9953996)

    v0.73.2

    Bug Fixes

    • certificates: verify tracked refreshes by default (#652) (5d634bb)

    v0.73.1

    Bug Fixes

    v0.73.0

    Features

    v0.72.0

    Features

    • auth: add email verification resend flow (bd23fd9)
    • auth: add email verification resend flow (ad767f5)
    • notifications: purge old soft-deleted rows (fd0b96f)
    • notifications: purge old soft-deleted rows (593a8cd)

    v0.71.0

    Features

    • auth: make email verification optional (#626) (755f3f3)

    v0.70.20

    Bug Fixes

    • web: validate licence revocation bundles (#624) (20507d2)

    v0.70.19

    Bug Fixes

    v0.70.18

    Bug Fixes

    • security: validate jsonb metadata at runtime (#620) (8e2adaf)

    v0.70.17

    Bug Fixes

    • auth: require BETTER_AUTH env configuration (#612) (a09e9ea)

    v0.70.16

    Bug Fixes

    • web: retry pnpm install in docker build (#590) (6778770)

    v0.70.15

    Bug Fixes

    • release: ship digest-pinned compose bundle (e42347c)
    • release: ship digest-pinned compose bundle (a292b49)

    v0.70.14

    Bug Fixes

    • web: remove root startup from web image (#591) (e1aa368)

    v0.70.13

    Bug Fixes

    • certificates: use X509Certificate for untrusted parsing (a889dd6)
    • certificates: use X509Certificate for untrusted parsing (bd65122)

    v0.70.12

    Bug Fixes

    • agent: enforce enrolment token expiry and usage caps (5a3ef14)
    • agent: enforce enrolment token expiry and usage caps (a783c2c)

    v0.70.11

    Bug Fixes

    • web: validate trusted origins for mutations (2bf5662)
    • web: validate trusted origins for mutations (a7cb750)

    v0.70.10

    Bug Fixes

    • auth: add per-account login lockout (H-01) (#582) (1c15c9e)

    v0.70.9

    Bug Fixes

    • web: require org auth for server actions (#578) (bdfacb9)

    v0.70.8

    Bug Fixes

    v0.70.7

    Bug Fixes

    • web: block private notification test targets (#573) (043a5a7)

    v0.70.6

    Bug Fixes

    • security: lock down certificate checker SSRF surface (#570) (824bfb9)

    v0.70.5

    Bug Fixes

    • security: require SSH credentials for terminal access (#566) (c0616dc)

    v0.70.4

    Bug Fixes

    • auth: require email verification for local sign-ups (#564) (e10d30a)

    v0.70.3

    Bug Fixes

    • web: derive team management actor from session (#562) (8aad96b)
    • web: transfer bundles via agent connection (#561) (48fc4a0)

    v0.70.2

    Bug Fixes

    • web: stream bundle transfers server-side (#559) (b74e194)

    v0.70.1

    Bug Fixes

    • web: align bundle transfer route with ssh2 types (#557) (1d29c21)

    v0.70.0

    Features

    • web: transfer bundler archives to hosts (#555) (cb21cff)

    v0.69.0

    Features

    • web: fetch latest GitLab target version (#553) (322b11f)

    v0.68.1

    Bug Fixes

    • auth: scope LDAP login links to instance (96d28df), closes #273

    v0.68.0

    Features

    • web: add GitLab air-gap bundler (c6ba334)

    v0.67.2

    Bug Fixes

    • web: improve Jenkins plugin download status (78b127c)
    • web: improve Jenkins plugin download status (f6747f6)

    v0.67.1

    Bug Fixes

    • web: harden installer release checks (83d84f3)
    • web: harden installer release checks (e43e090)

    v0.67.0

    Features

    • web: Jenkins bundler — recursive plugin dependency traversal (d646a01)
    • web: Jenkins bundler — recursive plugin dependency traversal (be1c7d7)

    v0.66.0

    Features

    • web: drop Java compat check, add offline-script Jenkins bundle (87477aa)

    v0.65.2

    Bug Fixes

    • web: Jenkins bundler — query LTS catalogue, drop hard-coded Java baselines (7e0b91e)
    • web: Jenkins bundler — query LTS catalogue, drop hard-coded Java baselines (f166274)

    v0.65.1

    Bug Fixes

    • web: Jenkins bundler — live Java requirement, allow WAR-only (a2a2b97)
    • web: Jenkins bundler — live Java requirement, allow WAR-only (c2ca272)

    v0.65.0

    Features

    • web: add Jenkins WAR + plugins air-gap bundler (3f5892d)
    • web: Jenkins WAR + plugins air-gap bundler (16f570a)

    Bug Fixes

    • web: make Jenkins bundler proxy SSRF-safe (ded99d9)

    v0.64.1

    Bug Fixes

    • web: propagate skip_verify to bootstrap curl in install script (#517) (4190c52)

    v0.64.0

    Features

    • deploy: bundle nginx TLS terminator with pinned-cert rotation (#514) (b3a43c9)

    v0.63.0

    Features

    • security: mTLS on all agent↔server gRPC (#511) (81da1fd)

    v0.62.0

    Features

    • web: bake agent binaries into the web image (#508) (aa052eb)

    Bug Fixes

    • web: cascade delete host_network_memberships when deleting host (#510) (9f76abf)

    v0.61.8

    Bug Fixes

    • security: require re-approval after keypair rotation and restrict direct terminal access (#503) (f3cd3c9)

    v0.61.7

    Bug Fixes

    • sec: H-24 add composite index on host_metrics; M-17 hash enrolment tokens (#501) (4c88ef5)

    v0.61.6

    Bug Fixes

    • sec: enforce GCM auth tag length; sanitise log interpolation (d23c174)
    • sec: M-07 terminal regex, H-03/H-04 LDAP encryption, M-14 crypto-lint CI, M-29 autoApprove gate (feb0a87)
    • sec: M-07 tighten terminal username regex; H-03/H-04 per-record salt + LDAP key; M-14 crypto-lint CI; M-29 restrict autoApprove tokens to super_admin (5b151c4)
    • sec: move nosemgrep annotations inline with createDecipheriv calls (abc77a2)
    • sec: remove console.warn with tainted parameters from autoApprove gate (4d18106)
    • sec: remove user-supplied label from autoApprove audit log (81e8921)
    • terminal: support same-origin WebSocket for Cloudflare tunnel (195a6ec)
    • terminal: support same-origin WebSocket for Cloudflare tunnel (490882e)

    v0.61.5

    Bug Fixes

    • sec: H-05 encrypt bindDn and tlsCertificate for LDAP configs at rest (880b446)
    • sec: H-06 raise minimum password length to 12 characters (6eb847f)
    • sec: H-09 align LDAP session cookie signing with Hono's exact format (61bd0f9)

    v0.61.4

    Bug Fixes

    • auth/db/ldap: rate limits, host deletion TOCTOU, LDAP filter injection (H-25, M-21, C-04, M-32) (3cc7911)
    • auth: add per-IP rate limiting to auth-adjacent endpoints (H-25) (0c4853d)
    • certs: move SSRF guard to fetchCertificateFromUrl to restore CodeQL-clean shape (41a2d80)
    • certs: suppress intentional CodeQL certificate-validation alert in fetch.ts (ab9bc18)
    • db: move host existence check inside transaction with FOR UPDATE (M-21) (096cdc0)
    • ldap: escape user input in LDAP filter strings to prevent injection (M-32) (43b857c)
    • security: LDAP enumeration/timing (M-01), error leaks (M-02), CodeQL suppression (1596c9b)
    • security: SSRF denylist for cert fetch; rate-limit agent install/download (H-15, H-13) (54a72ff)
    • security: SSRF denylist, agent rate limits, LDAP enumeration/timing, error leaks (H-15, H-13, M-01, M-02) (74d5b2e)
    • ssrf: extract SSRF guard to lib/net/ssrf-guard.ts; restore fetch.ts to main (a3bdc6c)

    v0.61.3

    Bug Fixes

    • security: require HTTPS for notification webhooks, restrict SMTP ports, remove default DB password (M-12, H-31) (9d05c3e)

    v0.61.2

    Bug Fixes

    • security: agent/latest caching+rate-limit, licence JWT typ, entrypoint fail-fast (M-25, M-03, L-12) (7c8d3b0)
    • security: assert JWT typ header in licence validation; fail-fast env var checks (M-03, L-12) (168cfe6)

    v0.61.1

    Bug Fixes

    • certs: cap TLS cert size/chain depth and reject dangerous cert-file paths (M-19, M-11) (4801101)
    • certs: cap TLS cert size/chain depth and reject dangerous cert-file paths (M-19, M-11) (c26af0b)

    v0.61.0

    Features

    • licence: add LICENCE_PUBLIC_KEY env var override with dev-key-in-prod rejection (26c65fc), closes #399
    • licence: LICENCE_PUBLIC_KEY env var override with dev-key-in-prod rejection (b7af559)

    Bug Fixes

    • auth: always include BETTER_AUTH_URL in trustedOrigins (a78d927)
    • auth: always include BETTER_AUTH_URL in trustedOrigins (5ab0388)
    • certs: bound upload size and require PEM format in trackCertificateFromUpload (b7fdb85), closes #342
    • reports: use tab prefix for CSV formula-injection mitigation (M-23) (588d073), closes #338

    v0.60.0

    Features

    • tasks: add cron-driven scheduled task runner (#456) (deee1cc)

    Bug Fixes

    • certificates: drop SHA1 fingerprint from cert checker (3765bad)
    • certificates: drop SHA1 fingerprint from cert checker (#348) (4ae8106)
    • security: constant-time comparison for admin key + cert fingerprint (740f489)
    • security: constant-time comparison for admin key + cert fingerprint (#352) (245eacd)

    v0.59.2

    Bug Fixes

    • web: satisfy react-hooks purity / set-state-in-effect rules (49225a9)
    • web: satisfy react-hooks purity / set-state-in-effect rules (0940029)

    v0.59.1

    Bug Fixes

    • notes: visibility toggle label wraps and overlaps tabs (6e7ef1c)

    v0.59.0

    Features

    • notes: host detail integration (PR 3) (e876237)
    • notes: host detail integration (PR 3) (f1b3b9a)

    v0.58.0

    Features

    • licence: bind licences to install via activation token (41a912e)
    • licence: bind licences to install via activation token (7a5d03c)

    v0.57.1

    Bug Fixes

    • licence: align issuer and audience across sign and verify paths (314c1c9)
    • licence: align issuer/audience between sign and verify (43bf32c)

    v0.57.0

    Features

    • licence: bake production public key into the web image (66703a9)
    • licence: bake production public key into the web image (f96a813)

    Bug Fixes

    • db: make 0037 migration idempotent for domain_accounts.deleted_at (8dbfadf)
    • db: make migration 0037 idempotent for domain_accounts.deleted_at (b001797)

    v0.56.0

    Features

    • web: add Cmd+K command palette scaffold (f6c7273)

    v0.55.1

    Bug Fixes

    • security: add auth/org check to deleteCertificate (#281) (48bbbd1)
    • security: add auth/org check to deleteCertificate (C-09) (60a8a16)

    v0.55.0

    Features

    • notes: data layer for shared engineer notes (e3b12ed)
    • notes: data layer for shared engineer notes (PR 2) (5515967)

    v0.54.1

    Bug Fixes

    • correct docs base path and rename simonjcarr/infrawatch to carrtech-dev/ct-ops (1a5dc35)
    • correct docs base path and replace simonjcarr/infrawatch references (349eacd)

    v0.54.0

    Features

    • paginate, filter, sort hosts page and add fleet overview (6a4d604)
    • paginate, filter, sort hosts page and add fleet overview (1390de4)

    Bug Fixes

    • move filter-reset setState out of useEffect (d6b7ddb)

    v0.53.0

    Features

    • split host Tools tabs so Tasks shows only user-triggered runs (d8335e7)

    v0.52.0

    Features

    • enforce Pro/Enterprise licence gates on certificates, service accounts, and reports (4c653ba)
    • enforce Pro/Enterprise licence gates on certs, service accounts, and reports (86151d9)

    v0.51.0

    Features

    • expand licence tier model with feature flags, guard, and docs (3ff4665)
    • expand licence tier model with feature flags, guard, and docs (a38810c)
    • tag assignment for hosts (settings, enrolment, CLI, bulk rules) (ddf5b16)
    • tag assignment for hosts across settings, enrolment, CLI, and bulk rules (58cf0cd)

    Bug Fixes

    • use next/link for Bulk Tag cross-reference on Tag Rules page (f4865f3)

    v0.50.0

    Features

    • infrawatch-loadtest tool for capacity planning (fef4da8)
    • infrawatch-loadtest tool for capacity planning (993d2c8)

    v0.49.0

    Features

    • certificates: track certificates from the Certificate Checker (d8dcdfa)
    • certificates: track certificates from the Certificate Checker (e5eaf8a)

    v0.48.0

    Features

    • certificate checker — paste + drag-drop for certs and keys (1a9f828)
    • certificate checker — paste + drag-drop for certs and keys (f4070ef)

    v0.47.0

    Features

    • add SSL certificate checker tool (082d372)
    • ingest: dedupe host registrations by hostname / IP overlap (8e34db9)
    • SSL certificate checker tool (8853991)

    Bug Fixes

    • read enrolment URL from AGENT_DOWNLOAD_BASE_URL env var (b3fed72)
    • use NEXT_PUBLIC_APP_URL for agent enrolment install URL (295e27c)
    • use NEXT_PUBLIC_APP_URL for agent enrolment install URL (66de4a8)

    v0.46.0

    Features

    • download agents as zip for offline/manual install (ae060f9)
    • download agents as zip for offline/manual install (7df1f04), closes #244

    v0.45.0

    Features

    • group filter always visible and humanise LDAP timestamps (75e53fe)
    • group filter always visible and humanise LDAP timestamps (07235c2)

    Bug Fixes

    • portal directory-lookup suggestions out of card overflow (b5b874e)
    • portal directory-lookup suggestions out of card overflow (38d8063)

    v0.44.2

    Bug Fixes

    • disable set-state-in-effect rule for one-shot hydration effect (9630a11)
    • hydrate terminal panel state after mount to avoid SSR mismatch (48f9ed2)
    • terminal panel hydration mismatch breaking dashboard interactivity (e255a9a)

    v0.44.1

    Bug Fixes

    • surface server-action errors in directory lookup (1698e91)
    • surface server-action errors in directory lookup typeahead (5fe5ea0)

    v0.44.0

    Features

    • directory user lookup (live LDAP query, no sync) (b96037d)
    • directory user lookup (live LDAP query, no sync) (dd954ca)

    v0.43.0

    Features

    • terminal text size settings (global + per-tab) (4332aab)
    • terminal text size settings (global default + per-tab override) (11635d4)

    v0.42.0

    Features

    • add tab colours, reorder, rename, and split panes to terminal (f5f7df9)
    • tab colours, reorder, rename, and split panes for terminal (9c464d9)

    v0.41.3

    Bug Fixes

    • avoid setState-in-effect lint error in HostNodeTerminalDialog (9e9f374)
    • move terminal dialog to parent to survive context menu unmount (6696382)
    • Open Terminal from network graph context menu now works (667f100)

    v0.41.2

    Bug Fixes

    • restore pointer-events on host nodes for context menu to work (a16c20a)
    • restore pointer-events on host nodes so right-click context menu works (ac14b8e)

    v0.41.1

    Bug Fixes

    • switch network graph context menu to onNodeContextMenu approach (3f3946d)
    • switch network graph context menu to React Flow onNodeContextMenu (be8392f)

    v0.41.0

    Features

    • add right-click context menu to network graph host nodes (eb8dfdf)
    • add right-click context menu to network graph host nodes (d7a2fa8)

    v0.40.0

    Features

    • replace moving circles with subtle dashed bezier edge animation (e219ea7)
    • subtle dashed bezier edges on network graphs (ee56359)

    v0.39.0

    Features

    • add animated flowing dots to network graph edges (08c5f22)
    • animated flowing dots on network graph edges (bc0edf5)

    Bug Fixes

    • make React Flow controls and minimap respect dark mode (ac27713)

    v0.38.0

    Features

    • add network topology graph visualizations (9543b4b)
    • add network topology graph visualizations (e42213e)

    v0.37.0

    Features

    • add network management with CIDR-based auto-assignment (2be6169)
    • add network management with CIDR-based auto-assignment (0550654)

    v0.36.2

    Bug Fixes

    • reports: sliding window rate limit (3/10s), errors in modal (54001af)
    • reports: sliding window rate limit (3/10s), fix error message, show errors in modal (52d2c1d)

    v0.36.1

    Bug Fixes

    • reports: chart labels visible in dark mode, reduce export rate limit (31d0a0d)
    • reports: chart labels visible in dark mode, reduce export rate limit to 10s (f1eadce)

    v0.36.0

    Features

    • reports: add first-seen column, OS/version charts, and fix export data (83ecf13)
    • reports: first-seen column, OS/version charts, and fix export data (dc12bd9)

    v0.35.1

    Bug Fixes

    • reports: clickable hostnames and fix CSV/PDF export (b17e619)
    • reports: make hostnames clickable and fix CSV/PDF export parameters (6843695)

    v0.35.0

    Features

    • reports: unify software search results into a single sortable table (1ae7c42)
    • reports: unify software search results into single sortable table (5ad70bb)

    v0.34.6

    Bug Fixes

    • agents: delete software_scans before task_run_hosts in deleteHost (1b95ee4)
    • agents: delete software_scans before task_run_hosts in deleteHost cascade (f6c9217)

    v0.34.5

    Bug Fixes

    • agents: complete deleteHost FK cascade for all referencing tables (7faea5a)
    • agents: complete deleteHost FK cascade for all referencing tables (c6dcb2a)

    v0.34.4

    Bug Fixes

    • agents: delete notifications before alert_instances when deleting host (fd0e78d)
    • agents: delete notifications before alert_instances when deleting host (4a38216)

    v0.34.3

    Bug Fixes

    • ingest: persist JWT signing key in database to survive volume resets (385caa2)
    • ingest: persist JWT signing key in database to survive volume resets (661d2a3)

    v0.34.2

    Bug Fixes

    • inventory: surface failed scan errors in host inventory tab (cb94381)
    • inventory: surface failed scan errors in host inventory tab (26b9095)

    v0.34.1

    Bug Fixes

    • inventory: poll for scan completion and show live scan status (7276799)
    • inventory: poll for scan completion and show live scan status (8f7eae3)

    v0.34.0

    Features

    • reports: overhaul software report UX and fix inventory wipe bug (19167fe)
    • reports: overhaul software report UX and fix inventory wipe bug (4f49c92)

    v0.33.3

    Bug Fixes

    • monitoring: eliminate false 100% CPU spikes and fix alert double-evaluation (01e7146)
    • monitoring: eliminate false 100% CPU spikes and fix alert double-evaluation (4e6ca6a)

    v0.33.2

    Bug Fixes

    • reports: use sentinel for "All sources" Select value (423694f)
    • reports: use sentinel for "All sources" Select value (d1efd71)

    v0.33.1

    Bug Fixes

    • reports: remove dead useDebounce hook and fix React fragment key (1802104)
    • reports: remove dead useDebounce hook and fix React fragment keys (923b4b7)

    v0.33.0

    Features

    • software-inventory: full software inventory and reporting feature (e98cf6f)
    • software-inventory: installed software tracking, global reports, and export (903e772)

    v0.32.0

    Features

    • hosts: remote agent uninstall on host deletion (0613f6c)
    • hosts: remote agent uninstall on host deletion (8b3fe3d)

    v0.31.1

    Bug Fixes

    • terminal: pin terminal panel to bottom of viewport (8c648cc)
    • terminal: pin terminal panel to bottom of viewport (4e532e1)

    v0.31.0

    Features

    • hosts: add notification severity and trend charts to metrics tab (e009d6c)
    • hosts: notification severity and trend charts on metrics tab (271df68)

    v0.30.0

    Features

    • notifications: add time-range selector to notification trend chart (04c2392)
    • notifications: time-range selector on notification trend chart (40e8b96)

    v0.29.1

    Bug Fixes

    • notifications: soft-delete notifications and fix chart axis label colours (1508afb)
    • notifications: soft-delete notifications and fix chart axis label colours (5742c30)

    v0.29.0

    Features

    • notifications: add bulk actions, charts, and mark-unread support (31a956f)
    • notifications: bulk actions, severity charts, and mark-unread support (25671ef)

    v0.28.0

    Features

    • notifications: add Slack, Telegram, and in-app notification channels (69c00ff)
    • notifications: Slack, Telegram, and in-app notification channels (6bc5799)

    v0.27.0

    Features

    • terminal: remember last username and reconnect on exit (33711ea)
    • terminal: remember last username and reconnect on exit (167b83a)

    Bug Fixes

    • terminal: use useMemo instead of useEffect for saved username (f5ff889)

    v0.26.0

    Features

    • terminal: persist tabs across browser refresh (a8b3dc3)
    • terminal: persist tabs across browser refresh via sessionStorage (94da926)

    v0.25.1

    Bug Fixes

    • terminal: move provider above sidebar for context access (f465ff3)
    • terminal: move TerminalPanelProvider above sidebar so trigger has context (2bf71c6)

    v0.25.0

    Features

    • terminal: persistent bottom panel with tabs (67aad5d)
    • terminal: redesign as persistent bottom panel with tabs (1031bfd)

    Bug Fixes

    • terminal: resolve lint errors for setState-in-effect and unused vars (ca5e9fe)

    v0.24.0

    Features

    • terminal: require per-user host authentication (8539f5d)
    • terminal: require per-user host authentication for terminal sessions (5a51c21)

    v0.23.3

    Bug Fixes

    • terminal: add DB session diagnostics for agent connection debugging (fbf89b9)
    • terminal: add real-time session diagnostics to trace agent connection failure (6bb458e)

    v0.23.2

    Bug Fixes

    • terminal: add agent connection signaling and diagnostic messages (ae7183f)
    • terminal: add agent connection signaling and diagnostics (c4549e5)

    v0.23.1

    Bug Fixes

    • terminal: show xterm container during connecting state to fix 0x0 dimensions (e40f6d6)
    • terminal: show xterm container during connecting to fix 0x0 PTY (48032dc)

    v0.23.0

    Features

    • terminal: add WebSocket terminal and restructure host page tabs (8313aa4)
    • terminal: add WebSocket terminal and restructure host page tabs (71d37d3)

    v0.22.0

    Features

    • tasks: add service autocomplete, interactive terminal, and task history management (6246d21)
    • tasks: service autocomplete, interactive terminal, and task history management (b2601a1)

    Bug Fixes

    • terminal: replace useEffect setState with setInterval callback to satisfy react-hooks/set-state-in-effect (3ac45f6)

    v0.21.0

    Features

    • tasks: add custom script runner and service management task types (50c5eaa)
    • tasks: add custom script runner and service management task types (471baf1)

    v0.20.0

    Features

    • metrics: add chart zoom and smart metrics bucketing (73db515)
    • metrics: add chart zoom and smart metrics bucketing (07b12cd)

    v0.19.0

    Features

    • profile: add dark mode with per-user theme preference (065b7b3)
    • profile: add dark mode with per-user theme preference (ad01296)

    v0.18.0

    Features

    • tasks: add task cancellation with agent-side process kill and UI (017e9e0)
    • tasks: add task cancellation with agent-side process kill and UI (81315a1)

    v0.17.1

    Bug Fixes

    • tasks: resolve patch output deadlock, add timeouts and debug UI (74a9a87)
    • tasks: resolve patch output deadlock, add timeouts and debug UI (7bfd4f8)

    v0.17.0

    Features

    • tasks: add general agent task framework with Linux host patching (#106) (1a6b48a)
    • tasks: add general agent task framework with Linux host patching (#106) (4cd4efa)

    v0.16.0

    Features

    • hosts: add host groups with strategic collapsible nav (#105) (d75cf5e)
    • hosts: host groups + strategic collapsible nav (#105) (5883273)

    v0.15.0

    Features

    • agents: add copy actions to enrollment token list (14bd87e)
    • agents: add copy actions to enrollment token list (#101) (c850aa8)

    v0.14.3

    Bug Fixes

    • ldap: cap TLS certificate preview at 5 lines with vertical scroll (17245ca)
    • ldap: cap TLS certificate preview at 5 lines with vertical scroll (3923409)

    v0.14.2

    Bug Fixes

    • ldap: properly constrain TLS certificate preview within modal (10103cb)
    • ldap: properly constrain TLS certificate preview within modal (5e70044), closes #92

    v0.14.1

    Bug Fixes

    • ldap: constrain TLS certificate preview to modal width (f160e3c)
    • ldap: constrain TLS certificate preview to modal width (6d76f44), closes #92

    v0.14.0

    Features

    • agent: auto re-register after host deletion (b6de1d8)
    • agent: auto re-register after host deletion; fix service accounts UI (1eb533d)

    v0.13.0

    Features

    • phase4: service accounts, LDAP login & identity management (c5ba9c1)

    v0.12.2

    Bug Fixes

    • ci: add validate-migrations.js to ESLint ignores and add dev.sh (8590f9b)

    v0.12.1

    Bug Fixes

    • db: add migration timestamp validation (644d265)
    • db: add migration timestamp validation to prevent skipped migrations (b915029)

    v0.12.0

    Features

    • ldap: add edit dialog for LDAP configs and TLS certificate upload (6fc619f)
    • phase4: service accounts, LDAP sync & directory management (db3ebf6)

    v0.11.1

    Bug Fixes

    • phase4: fix migration ordering, metadata overwrite & add password/lock tracking (96a9fd0)
    • phase4: fix migration ordering, metadata overwrite & add password/lock tracking (1e303c2)

    v0.11.0

    Features

    • phase4: restructure service accounts, add host settings & LDAP login (da1cc9b)
    • phase4: restructure service accounts, add host settings & LDAP login (cda5150)

    Bug Fixes

    • lint: use const for existingUser, remove unused TAG_LENGTH (39e38ba)

    v0.10.1

    Bug Fixes

    • db: bump migration 0014 timestamp to be monotonically after 0013 (039d084)
    • db: bump migration 0014 timestamp to be monotonically after 0013 (2ace491)

    v0.10.0

    Features

    • phase4: implement service account and SSH key discovery (a175e9a)
    • phase4: service account and SSH key discovery (ba4c754)

    v0.9.0

    Features

    • CI pr-checks workflow, system health page, and debt documentation cleanup (aba140c)
    • CI pr-checks, system health page, gen_cuid fix, and PROGRESS.md cleanup (fc30879)

    Bug Fixes

    • ci: fix all PR Checks lint and Go build failures (99253fe)

    v0.8.4

    Bug Fixes

    • web: fix certificate page crashes — server action mismatches and invalid date RangeError (5c0941b)
    • web: fix RangeError in certificate chain dates — Go uses snake_case JSON keys (4dcd267)

    v0.8.3

    Bug Fixes

    • web: replace server action queryFns with API routes on certificates pages (52cb1c5)
    • web: resolve Failed to find Server Action errors on certificates pages (7b219e8)

    v0.8.2

    Bug Fixes

    • web: stop calling server action from useQuery on certificate detail page (66b3fd6)
    • web: stop calling server action from useQuery on certificate detail page (e4c8117)

    v0.8.1

    Bug Fixes

    • web: fix EACCES on agent-dist volume mount (b098402)
    • web: fix EACCES on agent-dist volume mount by using root entrypoint (909494d)

    v0.8.0

    Features

    • checks: add cert_file check type and fix cert result display (bcb6cfb)

    v0.7.1

    Bug Fixes

    • ci: track agent-dist dir so Docker COPY succeeds in CI (15ee866)
    • ci: track agent-dist dir so Docker COPY succeeds in CI (288291d)

    v0.7.0

    Features

    • web: add certificate check type to Add Check dialog (64e1192)
    • web: add certificate check type to Add Check dialog (42f8ea3)

    v0.6.1

    Bug Fixes

    • web: agent self-update 503 — baked fallback + manifest version sync (42a2626)
    • web: agent self-update 503 — baked fallback + manifest version sync (1a5670d)

    v0.6.0

    Features

    • certificates: implement Phase 3 certificate lifecycle management (cf6826b)
    • certificates: Phase 3 — certificate lifecycle management (6de140e)

    v0.5.1

    Bug Fixes

    • web: use ISO string for Date params in db.execute() raw SQL queries (822d9df)
    • web: use ISO string for Date params in db.execute() raw SQL queries (78bf7d1)

    v0.5.0

    Features

    • web: heartbeat interval chart on host metrics tab (270d79c)

    Bug Fixes

    • agent: gRPC reconnect reliability + heartbeat interval chart (02baa79)

    v0.4.0

    Features

    • phase2: alert history pagination, TimescaleDB CAGGs, metric retention (63f5676)
    • phase2: alert history pagination, TimescaleDB CAGGs, metric retention (ac5ff93)

    v0.3.0

    Features

    • dist: customer bundle + hardcoded agent repo + first-run start.sh (d055a59)
    • dist: customer bundle, hardcoded agent repo, first-run start.sh (711cd04)

    v0.2.0

    Features

    • agent --version flag, UI version in sidebar, update-available badge (2e93adf)
    • agent --version flag, UI version in sidebar, update-available badge (5468ffb)
    • agent,ingest,web: collect real system metrics and add host detail page (da19fae)
    • agent: add --tls-skip-verify flag to agent install flow (c6abbdc)
    • agent: add --tls-skip-verify flag to agent install flow (ab124d2)
    • agent: add automated releases, distribution, and self-update (bc315dc)
    • agent: agent install, TLS, cross-platform builds, and auto-download (b12296d)
    • agent: multi-platform service install and version-aware binary cache (b875381)
    • agent: one-command install with token and add -token/-address CLI flags (cd3c228)
    • agent: pin required agent version and auto-download on startup (dd037af)
    • agent: server-hosted binaries and agent self-install (87ba22c)
    • alerts: host silencing + fix migration runner skipping pending entries (460bf0c)
    • alerts: test notifications, edit channels, and SMTP dispatch (7ff498b)
    • alerts: test notifications, edit channels, and SMTP dispatch (bcd42fb)
    • checks: add ad-hoc agent queries for port and service discovery (dfad656)
    • checks: add ad-hoc agent queries for port and service discovery (cfafed1)
    • checks: add check definition system with port, process, and HTTP checks (76d0a01)
    • checks: add check definition system with port, process, and HTTP checks (d33c458)
    • initial monorepo commit — Phase 0 foundation (ca9b1f9)
    • metrics: metric history, TimescaleDB hypertable, and offline chart visualisation (c5081dc)
    • metrics: persist metric history and add chart with offline visualisation (bc2b3d9)
    • Phase 0 — user profiles, settings, team management, and feature gating (585998c)
    • Phase 1 — Go agent, gRPC ingest service, and host inventory UI (ddf5a0a)
    • web: add SMTP email notification channel for alert rules (2003bfa)
    • web: add SSE streaming and host detail real-time updates (3f823b3)
    • web: alert rule builder, state machine, and webhook notifications (94f1509)
    • web: alert rules, notifications, and global alert defaults (89926ce)
    • web: global alert defaults that auto-apply to new hosts on agent approval (c60cad9)
    • web: prewarm agent binary cache on server startup (8eae9d8)
    • web: SSE streaming and host detail real-time updates (704c738)

    Bug Fixes

    • add standalone-compatible migration script for Docker deployments (6c56773)
    • add workspace node_modules/.bin to PATH in builder stage (dbab3a3)
    • agent: derive required agent version from release-please manifest (5e97869)
    • agent: update required agent version to v0.9.0 (833ad8d)
    • checks: remove type exports from 'use server' file causing ReferenceError (90939f2)
    • checks: remove type exports from 'use server' file causing ReferenceError (26285e8)
    • copy apps/web/node_modules from deps stage into builder (2db1423)
    • copy workspace config into builder stage so pnpm resolves node_modules (f957fbf)
    • correct both Dockerfiles for monorepo workspace builds (1485264)
    • correct standalone paths for pnpm monorepo in web Dockerfile (075f144)
    • team: restore soft-deleted users on re-invite instead of re-registering (f29bb96)
    • use monorepo root context for web Docker build (a3500b2)
    • web: remove instrumentationHook from next.config (built-in since Next.js 15) (f1bea56)

    Agent v0.50.0

    Features

    • docker: reuse central image scan results (9752bbb)

    v0.49.4

    Bug Fixes

    • docker: label image scans by Grype exploit risk (97a1146)

    v0.49.3

    Bug Fixes

    • docker: allow larger syft sboms (15e0084)

    v0.49.2

    Bug Fixes

    • docker: allow long image scan uploads (3e579e1)

    v0.49.1

    Bug Fixes

    • logs: require http context for 5xx scan matches (525a077)

    v0.49.0

    Features

    • docker: support server image scanning mode (e2cf44f)

    v0.48.0

    Features

    • docker: add image vulnerability scanning (4cdec33)

    v0.47.0

    Features

    • networks: map discovered internal connections (4e86061)

    v0.46.0

    Features

    • hosts: show service resource usage (d6a9520)

    v0.45.0

    Features

    • logs: add host log error scanning (1d6b336)

    v0.44.0

    Features

    • monitoring: add Docker volume size checks (bf0960a)

    v0.43.1

    Bug Fixes

    • monitoring: measure folder usage for disk checks (0094e71)

    v0.43.0

    Features

    • monitoring: add path size checks (886a9e4)

    v0.42.1

    Bug Fixes

    • services: secure agent service refreshes (87f90d9)

    v0.42.0

    Features

    • patch-status: refresh host patch telemetry (c43b768)

    v0.41.3

    Bug Fixes

    • agent: resend patch telemetry on reconnect (afa5512)

    v0.41.2

    Bug Fixes

    • patch-status: report host patch telemetry (ec1b4dd)

    v0.41.1

    Bug Fixes

    • hosts: restrict host logs to text files (5327268)

    v0.41.0

    Features

    • hosts: add service status and live log tabs (dba1ee9)

    v0.40.2

    Bug Fixes

    • agent: wait for takeover client cert (f204b6b)

    v0.40.1

    Bug Fixes

    • agent: renew JWTs before expiry (76f5330)

    v0.40.0

    Features

    • web: add Docker container network graph (872d197)

    v0.39.0

    Features

    • hosts: show resource usage details (74bbaa6)

    v0.38.4

    Bug Fixes

    • ct-cve: send RPM source EVR in inventory (#87) (fdc9530)

    v0.38.3

    Bug Fixes

    • agent: dispatch patch tasks from heartbeat (#64) (74b6c69)

    v0.38.2

    Bug Fixes

    • agent: close Docker socket polling connections (#33) (08e6600)

    v0.38.1

    Bug Fixes

    • docker: collect running container metrics (8e5dca4)

    v0.38.0

    Features

    • docker: upload container telemetry batches (83a9de4)

    v0.37.0

    Features

    v0.36.0

    Features

    • agent: collect Docker container inventory (2f18d7b)

    v0.35.0

    Features

    • agent: report Docker runtime status (d3a44b5)

    v0.34.5

    Bug Fixes

    • agent: align enrolment token environment (713f007)

    v0.34.4

    Bug Fixes

    • ingest: remove instance-scoped agent identity (#1248) (3be0471)

    v0.34.3

    Bug Fixes

    • agent: cover self-update HTTP client defaults (08b6b9e)

    v0.34.2

    Bug Fixes

    • hosts: ignore virtual bridge IPs for host dedupe (7110f42)

    v0.34.1

    Bug Fixes

    • agent: round patch age partial days up (43cb491)

    v0.34.0

    Features

    • terminal: trust SSH host keys from agents (2ab4e2e)

    v0.33.0

    Features

    • vuln: ingest red hat csaf package fixes (#786) (624b52f)

    v0.32.3

    Bug Fixes

    • agent: stop leaking enrolment tokens in install URLs (#753) (0552877)

    v0.32.2

    Bug Fixes

    • release: correct package changelog paths (#711) (3dd5f74)

    v0.32.1

    Bug Fixes

    • agent: restore automatic self-updates (#699) (43b7cf6)

    v0.32.0

    Features

    v0.31.0

    Features

    • web: reorganise administration settings (#679) (bcdb0ce)

    v0.30.8

    Bug Fixes

    • agent: cap buffered heartbeat task output (cc5384b)
    • agent: cap buffered heartbeat task output (ae69da9)

    v0.30.7

    Bug Fixes

    v0.30.6

    Bug Fixes

    • agent: validate config file ownership and mode (#614) (8451d1f)

    v0.30.5

    Bug Fixes

    • agent: preserve inherited script timeouts (c2643c5)
    • agent: preserve inherited script timeouts (6e52742)

    v0.30.4

    Bug Fixes

    • agent: constrain custom script tasks (#604) (5580168)

    v0.30.3

    Bug Fixes

    • agent: disable unsigned self-update (7fc1101)
    • agent: disable unsigned self-update (fea0879)

    v0.30.2

    Bug Fixes

    v0.30.1

    Bug Fixes

    • security: require SSH credentials for terminal access (#566) (c0616dc)

    v0.30.0

    Features

    • deploy: bundle nginx TLS terminator with pinned-cert rotation (#514) (b3a43c9)

    v0.29.0

    Features

    • security: mTLS on all agent↔server gRPC (#511) (81da1fd)

    v0.28.3

    Bug Fixes

    • sec: M-07 terminal regex, H-03/H-04 LDAP encryption, M-14 crypto-lint CI, M-29 autoApprove gate (feb0a87)
    • sec: M-07 tighten terminal username regex; H-03/H-04 per-record salt + LDAP key; M-14 crypto-lint CI; M-29 restrict autoApprove tokens to super_admin (5b151c4)

    v0.28.2

    Bug Fixes

    • agent: write to Windows Event Log when running as a service (#463) (254739e)

    v0.28.1

    Bug Fixes

    • agent: create agent and uninstall logs with 0640 (#357) (51a7d56)
    • agent: create agent and uninstall logs with mode 0640 (2a82873)

    v0.28.0

    Features

    • loadtest: widen synthetic CPU/memory to 0-100 (2f946f6)
    • loadtest: widen synthetic CPU/memory to 0-100 range (6f61737)

    v0.27.1

    Bug Fixes

    • correct docs base path and rename simonjcarr/infrawatch to carrtech-dev/ct-ops (1a5dc35)
    • correct docs base path and replace simonjcarr/infrawatch references (349eacd)

    v0.27.0

    Features

    • tag assignment for hosts (settings, enrolment, CLI, bulk rules) (ddf5b16)
    • tag assignment for hosts across settings, enrolment, CLI, and bulk rules (58cf0cd)

    v0.26.2

    Bug Fixes

    • release registration semaphore before heartbeat loop (4ebd195)
    • release registration semaphore before heartbeat loop (f4eb44b)

    v0.26.1

    Bug Fixes

    • normalize negative agent indexes in ConnPool.Get (c094110)
    • normalize negative agent indexes in ConnPool.Get (92cd151)

    v0.26.0

    Features

    • infrawatch-loadtest tool for capacity planning (fef4da8)
    • infrawatch-loadtest tool for capacity planning (993d2c8)

    v0.25.0

    Features

    • ingest: dedupe host registrations by hostname / IP overlap (8e34db9)

    v0.24.1

    Bug Fixes

    • inventory: add per-collector logging and ingest scan diagnostics (21beda1)
    • inventory: add per-collector logging and ingest scan-start diagnostics (4598052)

    v0.24.0

    Features

    • reports: overhaul software report UX and fix inventory wipe bug (19167fe)
    • reports: overhaul software report UX and fix inventory wipe bug (4f49c92)

    v0.23.2

    Bug Fixes

    • monitoring: eliminate false 100% CPU spikes and fix alert double-evaluation (01e7146)
    • monitoring: eliminate false 100% CPU spikes and fix alert double-evaluation (4e6ca6a)

    v0.23.1

    Bug Fixes

    • agent: alias windows/registry import to avoid conflict with tasks.registry var (492502f)
    • agent: alias windows/registry import to avoid conflict with tasks.registry var (6f6d08f)

    v0.23.0

    Features

    • software-inventory: full software inventory and reporting feature (e98cf6f)
    • software-inventory: installed software tracking, global reports, and export (903e772)

    v0.22.1

    Bug Fixes

    • agent: escape systemd cgroup when uninstalling remotely (a05f6c9)
    • agent: escape systemd cgroup when uninstalling remotely (d36111b)

    v0.22.0

    Features

    • hosts: remote agent uninstall on host deletion (0613f6c)
    • hosts: remote agent uninstall on host deletion (8b3fe3d)

    v0.21.2

    Bug Fixes

    • terminal: cross-distro su with dropped privileges (9a0e6b0)
    • terminal: use su with dropped privileges instead of login for cross-distro compatibility (dcc6857)

    v0.21.1

    Bug Fixes

    • terminal: use login instead of su for per-user auth (a6fa358)
    • terminal: use login instead of su for per-user authentication (d07b957)

    v0.21.0

    Features

    • terminal: require per-user host authentication (8539f5d)
    • terminal: require per-user host authentication for terminal sessions (5a51c21)

    v0.20.1

    Bug Fixes

    • agent: set TERM, HOME, and prefer bash for terminal PTY (f094ac3)
    • agent: set TERM, HOME, and prefer bash for terminal PTY (ea9a899)

    v0.20.0

    Features

    • terminal: add WebSocket terminal and restructure host page tabs (8313aa4)
    • terminal: add WebSocket terminal and restructure host page tabs (71d37d3)

    v0.19.0

    Features

    • tasks: add custom script runner and service management task types (50c5eaa)
    • tasks: add custom script runner and service management task types (471baf1)

    v0.18.0

    Features

    • tasks: add task cancellation with agent-side process kill and UI (017e9e0)
    • tasks: add task cancellation with agent-side process kill and UI (81315a1)

    v0.17.1

    Bug Fixes

    • tasks: resolve patch output deadlock, add timeouts and debug UI (74a9a87)
    • tasks: resolve patch output deadlock, add timeouts and debug UI (7bfd4f8)

    v0.17.0

    Features

    • tasks: add general agent task framework with Linux host patching (#106) (1a6b48a)
    • tasks: add general agent task framework with Linux host patching (#106) (4cd4efa)

    v0.16.0

    Features

    • agent: auto re-register after host deletion (b6de1d8)
    • agent: auto re-register after host deletion; fix service accounts UI (1eb533d)

    v0.15.0

    Features

    • agent: add -uninstall flag (4069a90)
    • agent: add -uninstall flag to remove agent service and files (b4f7b5d)

    v0.14.1

    Bug Fixes

    • phase4: fix migration ordering, metadata overwrite & add password/lock tracking (96a9fd0)
    • phase4: fix migration ordering, metadata overwrite & add password/lock tracking (1e303c2)

    v0.14.0

    Features

    • phase4: implement service account and SSH key discovery (a175e9a)
    • phase4: service account and SSH key discovery (ba4c754)

    v0.13.1

    Bug Fixes

    • agent: make check delivery resilient to stream reconnects and hostID failures (251455d)
    • agent: make check delivery resilient to stream reconnects and hostID resolution failures (abf93d3)

    v0.13.0

    Features

    • checks: add cert_file check type and fix cert JSON display (9ad2882)
    • checks: add cert_file check type and fix cert result display (bcb6cfb)

    v0.12.0

    Features

    • certificates: implement Phase 3 certificate lifecycle management (cf6826b)
    • certificates: Phase 3 — certificate lifecycle management (6de140e)

    v0.11.3

    Bug Fixes

    • agent: fresh gRPC conn per stream attempt + TCP keepalive (7426d3e)
    • agent: gRPC reconnect reliability + heartbeat interval chart (02baa79)

    v0.11.2

    Bug Fixes

    • agent: reset heartbeat backoff after stable stream (fe139da)
    • agent: reset heartbeat backoff after stable stream (3a2a68b)

    v0.11.1

    Bug Fixes

    • agent: self-update now survives systemd and Restart=always (18c6d5c)
    • agent: self-update survives systemd (syscall.Exec + Restart=always) (ef17a26)

    v0.11.0

    Features

    • agent --version flag, UI version in sidebar, update-available badge (2e93adf)
    • agent --version flag, UI version in sidebar, update-available badge (5468ffb)

    v0.10.0

    Features

    • alerts: test notifications, edit channels, and SMTP dispatch (7ff498b)

    Bug Fixes

    • agent,ingest: add gRPC keepalive to prevent silent stream death (008aba8)

    v0.9.1

    Bug Fixes

    • agent: reuse HTTP client and reset stream dedup map on reconnect (8f8e1df)
    • agent: reuse HTTP client and reset stream dedup map on reconnect (b6214ed)

    v0.9.0

    Features

    • agent: agent install, TLS, cross-platform builds, and auto-download (b12296d)

    Bug Fixes

    • agent: build all platform binaries to the correct dist directory (ce54b74)

    v0.8.0

    Features

    • agent: add --tls-skip-verify flag to agent install flow (c6abbdc)
    • agent: add --tls-skip-verify flag to agent install flow (ab124d2)

    v0.7.0

    Features

    • checks: add ad-hoc agent queries for port and service discovery (dfad656)
    • checks: add ad-hoc agent queries for port and service discovery (cfafed1)

    v0.6.0

    Features

    • checks: add check definition system with port, process, and HTTP checks (76d0a01)
    • checks: add check definition system with port, process, and HTTP checks (d33c458)

    v0.5.1

    Bug Fixes

    • agent,ingest: populate OS and architecture on hosts (7cdd25b)

    v0.5.0

    Features

    • agent,ingest,web: collect real system metrics and add host detail page (da19fae)
    • agent: add tls_skip_verify option and improve install config merging (5ff70a5)

    v0.4.0

    Features

    • agent: multi-platform service install and version-aware binary cache (b875381)
    • agent: server-hosted binaries and agent self-install (87ba22c)

    v0.3.0

    Features

    • agent: one-command install with token and add -token/-address CLI flags (cd3c228)

    v0.2.0

    Features

    • agent: add automated releases, distribution, and self-update (bc315dc)
    • initial monorepo commit — Phase 0 foundation (ca9b1f9)
    • Phase 1 — Go agent, gRPC ingest service, and host inventory UI (ddf5a0a)

    Ingest v0.32.1

    Bug Fixes

    • ct-cve: repair inventory hash scan (dc8fbc3)

    v0.32.0

    Features

    • docker: add central Grype scan worker pool (380ac57)

    v0.31.1

    Bug Fixes

    • docker: serialize central grype scans (48676c2)

    v0.31.0

    Features

    • docker: reuse central image scan results (9752bbb)

    v0.30.11

    Bug Fixes

    • containers: show readable exploit risk labels (246a5aa)

    v0.30.10

    Bug Fixes

    • docker: label image scans by Grype exploit risk (97a1146)

    v0.30.9

    Bug Fixes

    • docker: allow larger syft sboms (15e0084)

    v0.30.8

    Bug Fixes

    • docker: allow grype database updates (d131235)

    v0.30.7

    Bug Fixes

    • ingest: align log ignores query with schema (252ccc0)

    v0.30.6

    Bug Fixes

    • docker: persist image scan rows with ids (bf89787)

    v0.30.5

    Bug Fixes

    • checks: ignore suppressed log scan findings (c08ec42)

    v0.30.4

    Bug Fixes

    • release: trigger soft delete removal deployment (c9833f5)

    v0.30.3

    Bug Fixes

    • certificates: hard delete replaced renewals (69f283b)

    v0.30.2

    Bug Fixes

    • certificates: retire replaced certificate renewals (b66154e)

    v0.30.1

    Bug Fixes

    • ct-cve: resolve removed package findings (1781c98)

    v0.30.0

    Features

    • docker: support server image scanning mode (e2cf44f)

    v0.29.0

    Features

    • docker: add image vulnerability scanning (4cdec33)

    v0.28.0

    Features

    • networks: map discovered internal connections (4e86061)

    v0.27.1

    Bug Fixes

    • ct-cve: preserve finding import status (9483797)

    v0.27.0

    Features

    • logs: add host log error scanning (1d6b336)

    v0.26.0

    Features

    • cmdb: add reference data options (85c8f7e)

    v0.25.0

    Features

    • itil: add CMDB and service model (1ddeacc)

    v0.24.0

    Features

    • monitoring: add Docker volume size checks (bf0960a)

    v0.23.1

    Bug Fixes

    • services: secure agent service refreshes (87f90d9)

    v0.23.0

    Features

    • patch-status: refresh host patch telemetry (c43b768)

    v0.22.1

    Bug Fixes

    • patch-status: report host patch telemetry (ec1b4dd)

    v0.22.0

    Features

    • hosts: add service status and live log tabs (dba1ee9)

    v0.21.4

    Bug Fixes

    • ingest: handle duplicate certificate renewals (d34a8c3)

    v0.21.3

    Bug Fixes

    • agent: allow offline agents to renew credentials (a60b442)

    v0.21.2

    Bug Fixes

    • agent: allow takeover of stale active hosts (2856571)

    v0.21.1

    Bug Fixes

    • agent: wait for takeover client cert (f204b6b)

    v0.21.0

    Features

    • agent: add inactive host takeover approval (f3f7976)

    v0.20.1

    Bug Fixes

    • agent: renew JWTs before expiry (76f5330)

    v0.20.0

    Features

    • web: add Docker container network graph (872d197)

    v0.19.0

    Features

    • hosts: show resource usage details (74bbaa6)

    v0.18.4

    Bug Fixes

    • ct-cve: avoid inventory push timeout (3a3a86c)

    v0.18.3

    Bug Fixes

    • ct-cve: send RPM source EVR in inventory (#87) (fdc9530)

    v0.18.2

    Bug Fixes

    • ct-cve: retry failed finding callbacks

    v0.18.1

    Bug Fixes

    • ct-cve: send printable inventory package fingerprints

    v0.18.0

    Features

    • ct-cve: push inventory after package changes

    v0.17.3

    Bug Fixes

    • ingest: align agent update discovery with web

    v0.17.2

    Bug Fixes

    • terminal: prefer host IP for SSH sessions (1388ea3)

    v0.17.1

    Bug Fixes

    • hosts: clean docker rows on delete (306848b)

    v0.17.0

    Features

    • terminal: support custom SSH ports (36872a6)

    v0.16.0

    Features

    • dev: add local full-stack dev launcher (3b3d96c)

    v0.15.1

    Bug Fixes

    • ingest: close docker inventory rows before lifecycle inserts (#1392) (cba037a)

    v0.15.0

    Features

    • docker: add container alert rules (b76feb2)

    v0.14.0

    Features

    • docker: add container lifecycle timeline (a527cb6)

    v0.13.0

    Features

    • ingest: add docker telemetry retention sweeper (3e236b5)

    v0.12.0

    Features

    • docker: upload container telemetry batches (83a9de4)

    v0.11.0

    Features

    • ingest: upsert docker container inventory (#1353) (376e81e)

    v0.10.0

    Features

    • ingest: persist Docker runtime status (2be7dff)

    v0.9.7

    Bug Fixes

    • ingest: remove instance-scoped agent identity (#1248) (3be0471)

    v0.9.6

    Bug Fixes

    • release: bake latest agent manifest into ct-ops images (79a22a4)

    v0.9.5

    Bug Fixes

    • hosts: ignore virtual bridge IPs for host dedupe (7110f42)

    v0.9.4

    Bug Fixes

    v0.9.3

    Bug Fixes

    • ingest: consume enrolment tokens atomically (#1146) (f631974)

    v0.9.2

    Bug Fixes

    • terminal: throttle ssh authentication attempts (23512dd)

    v0.9.1

    Bug Fixes

    • ingest: throttle unauthenticated registrations (511056b)

    v0.9.0

    Features

    • terminal: trust SSH host keys from agents (2ab4e2e)

    v0.8.9

    Bug Fixes

    • certs: block DNS rebinding in tracked refresh (73ade2b), closes #968

    v0.8.8

    Bug Fixes

    • ingest: bind heartbeat JWT to mTLS identity (62d113f), closes #1055

    v0.8.7

    Bug Fixes

    v0.8.6

    Bug Fixes

    • terminal: require pinned SSH host keys (#973) (ae5d5cb)

    v0.8.5

    Bug Fixes

    • ingest: reject cross-org agent re-registration (1b2df29)

    v0.8.4

    Bug Fixes

    • ingest: prevent agent identity takeover on re-registration (639fe92), closes #909

    v0.8.3

    Bug Fixes

    • alerts: block stored private notification targets (#904) (eda2d31)

    v0.8.2

    Bug Fixes

    • install: encode generated database passwords (#843) (a8ddc88)

    v0.8.1

    Bug Fixes

    • vuln: prefer full rpm evr for matching (#788) (4024fc4)

    v0.8.0

    Features

    • vuln: ingest red hat csaf package fixes (#786) (624b52f)

    v0.7.0

    Features

    • vuln: match rhel-compatible rpm hosts (#772) (ff68d4a)

    v0.6.2

    Bug Fixes

    • ingest: use canonical agent release repository (#765) (ac68119)

    v0.6.1

    Bug Fixes

    • ingest: enforce inventory JWT expiry (#762) (94603ba)

    v0.6.0

    Features

    v0.5.0

    Features

    v0.4.3

    Bug Fixes

    • release: correct package changelog paths (#711) (3dd5f74)

    v0.4.2

    Bug Fixes

    • ingest: repair stuck task timeout interval encoding (#705) (7a47d3a)

    v0.4.1

    Bug Fixes

    • agent: restore automatic self-updates (#699) (43b7cf6)

    v0.4.0

    Features

    v0.3.1

    Bug Fixes

    • certificates: verify tracked refreshes by default (#652) (5d634bb)

    v0.3.0

    Features

    v0.2.1

    Bug Fixes

    • ingest: restrict terminal websocket origins (#639) (1e56c0f)

    v0.2.0

    Features

    • notifications: purge old soft-deleted rows (fd0b96f)
    • notifications: purge old soft-deleted rows (593a8cd)

    v0.1.6

    Bug Fixes

    • ingest: cap inventory chunk size (fc60ae3)
    • ingest: cap inventory chunk size (4b0a3d8)

    v0.1.5

    Bug Fixes

    • ingest: cap grpc message and stream limits (#608) (730e8e4)

    v0.1.4

    Bug Fixes

    v0.1.3

    Bug Fixes

    • security: reject invalid heartbeat jwt fallback (660985b)
    • security: reject invalid heartbeat jwt fallback (64d0f13)

    v0.1.2

    Bug Fixes

    • security: require SSH credentials for terminal access (#566) (c0616dc)

    v0.1.1

    Bug Fixes

    • ingest: set ReadHeaderTimeout on JWKS/healthz HTTP server (45fc1b5)
    • ingest: set ReadHeaderTimeout on JWKS/healthz HTTP server (7237a66)

    Ansible API v0.5.0

    Features

    • ansible: add simple pairing flow (79d8e20)

    v0.4.0

    Features

    v0.3.3

    Bug Fixes

    • ansible: scope ping logs by host name (f13561f)

    v0.3.2

    Bug Fixes

    • ansible: scope ping output per host (96ea431)

    v0.3.1

    Bug Fixes

    v0.3.0

    Features

    v0.2.0

    Features

    • automation: add feature flags and ansible provider foundation (#1301) (d8959fc)

    CT-Vault API v0.1.4

    Version changed; no local changelog entries were found for this component.

    Images:

    • docker.io/carrtechdev/ct-ops-web@sha256:c482718012617761bb2e5a375674bc085af96031b3ca5e19a4437b3ff96be0f2
    • carrtechdev/ct-ops-ingest@sha256:b020c1da7dbf0eb19f09c7eb8739b8b2aadf832881df60ead15aba4242671254

    Roll-up changelog assets:

    • ct-ops-bundle-rollup-dev-0.128.1.md
    • ct-ops-bundle-rollup-dev-0.128.1.json
    Downloads