chore(ci): bump docker/login-action from 3 to 4#5
Closed
dependabot[bot] wants to merge 1257 commits into
Closed
Conversation
Create ai_mission_templates with JSONB phases, approval_gates, rejection_mappings, skill_compositions columns. Add mission_template_id and custom_phases to ai_missions.
…solution Ai::MissionTemplate provides phase sequences, approval gates, rejection mappings, and gate names. Ai::Mission resolves phases from template with no hardcoded fallback. RalphTask broadcasts status changes via MissionChannel for real-time updates.
Orchestrator resolves job classes, gate names, and rejection targets from template phase config. New SkillCompositionService creates RalphLoop tasks from discovered skills matched to template phases.
…oints MissionTemplatesController with CRUD. Missions controller gains task_graph, save_as_template, and compose_plan actions. Routes registered in AI namespace.
…ase types Add React Flow task graph with RalphTaskNode/ApprovalGateNode, useMissionTaskGraph hook with real-time WebSocket updates. Clickable PhaseTimeline with phase filtering. Template selection step in NewMissionWizard. MissionPhase changed to string for template-driven phases. Workflow Builder demoted in navigation order.
…ites Add ai_mission_template factory with development/research/operations traits. Update ai_mission factory to auto-assign templates. Rewrite mission model and orchestrator specs for template-driven architecture. Stub WorkerJobService in orchestrator and request specs.
… integration Implement Situation-Task-Action-Result structured reasoning service that forces explicit goal articulation before reasoning begins, surfacing implicit constraints. Wire into AgentToolBridgeService alongside existing chain-of-thought and plan-and-execute modes. Enhance SkillCompositionService with STAR-refined phase queries for richer skill discovery. Fix pre-existing bugs in find_or_create_ralph_loop! (stale loop_type attribute, invalid status).
…composition specs
MCP client agents are now transient — always created fresh per session, archived on disconnect, and blocked from non-workspace teams. Fixes stale agent accumulation and prevents misuse in missions/teams.
SSE streams held a checked-out DB connection for their entire lifetime (hours/days), exhausting the pool and blocking all HTTP requests with ConnectionTimeoutError. Now releases the connection after setup and borrows briefly via with_connection for each keepalive ping.
Merge the separate Devops::Repository model into Devops::GitRepository via 4-stage migration (add columns, migrate data, update FKs, drop table). Update serializer, controllers, factories, and specs accordingly.
…lients Delete Ai::Llm::Client, adapter factory, all provider adapters, and Ai::ProviderClientService with its adapters. Replace with WorkerLlmClient and WorkerEmbeddingClient that proxy LLM calls through the worker service. Add AgentBackedService concern for shared proxy plumbing.
Migrate all AI services from direct Ai::Llm::Client / ProviderClientService calls to WorkerLlmClient and WorkerEmbeddingClient. Services now delegate LLM completions and embeddings to the worker process via HTTP.
…Service Delete all server/app/jobs/ai/ job classes and their specs. These jobs now run in the worker process; the server dispatches them via WorkerJobService HTTP API calls.
Add internal API controllers for self-healing, ralph loops, trajectory, and worktree sessions (worker → server callbacks). Update LLM proxy controller to remove direct completion endpoints. Add provider_config and embedding_config routes for worker credential resolution.
Add 12 AI job classes relocated from server (conversation, worktree, ralph, self-healing, trajectory, merge, conflict detection). Expand LlmProxyClient with direct provider calls using CredentialResolver. Add AI service layer for worker-side LLM operations. Update Sidekiq config with AI-specific queues and scheduled jobs.
Update test helpers, factories, and specs to use WorkerLlmClient stubs instead of direct LLM client mocks. Add WorkerJobService stub helpers. Update AI service specs for proxy-based LLM calls. Add MCP client identity service spec.
…se submodule Minor StepPlanReview UI adjustment, add AI utility agents seed, update maintenance page, and update enterprise submodule pointer.
Use the repository's default_branch instead of the hardcoded column default of "main" when creating missions. Prevents branch creation failures on repos that use master or other default branches.
Add server/config/database.yml.example with pool default of 30. Track .env.mcp.example, .env.production.example, and .env.staging.example by adding !.env.*.example negation to .gitignore. Update RAILS_MAX_THREADS to 10 in all env examples.
…r handling ExtractionService called client.provider.name on WorkerLlmClient which has nil provider when initialized with agent_id only — use provider_name safe accessor instead. StreamableHttpController rescue ArgumentError was catching parameter validation errors and silently returning null via introspection fallback — scope to only catch unknown tool errors.
…alidation Expand .gitleaks.toml allowlist from 12 to 21 path rules and 9 to 18 content regexes to suppress false positives from CI workflows, test fixtures, seed data, and Docker configs. Add gitleaks as step 4/4 in validate.sh with --skip-secrets flag. Add on-demand full-history scan script for security audits across main repo and submodules.
Navigate to mission page with openApproval state flag so the ApprovalGateModal auto-opens instead of just showing the mission detail
…odule Skip cooldown check in llm_probability, agent_ensemble, and sentiment_analysis when training? is true. Prevents false cooldown blocks in fast-tick training mode where tick_interval (8s) < cooldown_seconds (15-60s). Exit checks and position management remain unaffected. Update trading submodule: settlement bypass, fee deduction, compounding defaults, backtest pair registration, paper mode, category blacklist fix.
…cher, and job infrastructure
…te systemd config
… extraction, and evaluator concerns
…chain, and system ops
…, supply chain, reconciliation
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
rett
added a commit
that referenced
this pull request
May 3, 2026
… previously stated Earlier appendix incorrectly listed P0 #3, P0 #5, and P0 #6 as still open. Re-checking against live code confirms all three are closed: P0 #3 — Idempotency token: tasks_controller#create accepts idempotency_key param + DB unique-by-account; the controller short-circuits on duplicate to return the existing task. P0 #5 — Account dependent cascade: account_decorator uses :restrict_with_error (not :destroy) for every system_* association that holds infrastructure state. Account deletion cannot orphan cloud resources without an explicit drain. P0 #6 — Azure provider: rewritten to use raw HTTP via Faraday 2, dropping the Track 1 SDK that pinned faraday <2.0. Loads cleanly via Rails.application.eager_load!. Replaces the open-items list with a status table covering all 13 P0/P1/P2/P3 items from §5, separating "closed" / "partial" / "open" / "deferred". 9 of 13 closed, 2 partial, 2 open, P3 deferred.
rett
added a commit
that referenced
this pull request
May 9, 2026
… plan Bumps the system extension pointer from 1eefe41a7 → 5de5d61ca, absorbing 13 submodule commits that land Phases 0–2 of the agent stub implementation plan plus the github.com/nodealchemy org migration: Phase 0 — Shared infrastructure: refactor(agent): consolidate atomic-write into internal/fsutil feat(agent): phase 0 building blocks for stub implementation plan feat(system/server): agent fleet events ingestion endpoint Phase 1 — Service-loop core (autonomous reconciliation + cert rotation + task lease): feat(agent): rewrite oci.Puller for HTTP-driven streaming pull feat(agent): add Verifier interface + seccomp drop-in writer feat(agent): module reconciler goroutine + service wiring feat(agent): cert rotation goroutine + K3s applier doc finalize feat(system/server): /enroll/refresh + modules OCI metadata exposure feat(agent): task lease loop + handler registry feat(system/server): /status/tasks/:id show endpoint Phase 2 — Operator CLI module lifecycle: feat(agent): phase 2 CLI module lifecycle (verify/update/sync/attach/detach/init) feat(system/server): /modules/:id/rsync_spec + module member routes Path migration: chore: rename Go module + docs paths to github.com/nodealchemy Stubs landed: 13 of 18 (#2 task lease, #3 cert rotation, #4 reconcile, #5 verify, #6 update, #7 sync, #8 OCI pull, #9 cosign Verifier, #10 seccomp drop-in, #11 attach, #12 detach, #15 init, #18 K3s finalize). Stubs remaining: #1 boot, #13 commit, #14 exec, #16 volume-setup, #17 puppet apply (all in Phase 3 + 4). Plan reference: ~/.claude/plans/find-stubs-in-powernde-agent-kind-lecun.md
rett
added a commit
that referenced
this pull request
May 12, 2026
…rchitectures (T2.A) Brings in the submodule's canonicalization work — every PackageRepository.architectures JSONB now stores canonical names from the NodeArchitecture catalog (apt-convention: amd64, arm64, armhf, i386, ppc64el, s390x, riscv64). Adapters translate to kind-specific form at sync time via PackageRepository#architectures_for_kind. Closes audit caveat #5 — cross-repo aggregation queries no longer need per-kind normalization. Counter caches stay accurate via the existing find_normalized resolution. Parent's schema.rb regenerated to include the new 20260511180001_canonicalize_package_repository_architectures migration.
rett
added a commit
that referenced
this pull request
May 17, 2026
Three BaseJob children that fire from the Sidekiq cron and POST to the system extension's /worker_api/* endpoints. The server side does all the work; jobs are thin envelopes so retries + queue routing live in the worker process and the server stays idempotent on the calling side. - FederationCapabilityAutoSyncJob — every 5min; sweeps auto-flow capabilities, dispatches per-row sync transport (P9.1) - FederationAuditShipmentJob — daily at 04:30 UTC; WORM-ships FleetEvent rows older than 30d into sha256-addressed JSON-Lines (P9.2 + Social Contract #5) - MigrationChainAdvanceJob — every 60s; advances each active chain by one hop per tick (cooperative scheduling so a long chain can't monopolize the worker) (P9.5) Each job logs the sweep result counts. sidekiq.yml carries the cron entries with the cadence rationale in the comment.
rett
added a commit
that referenced
this pull request
May 20, 2026
…cme DNS-resolver fix
Two related fixes for the ops single-node bootstrap path:
1) Rsync exclude additions (single-node-bootstrap.md):
- config/extensions_state.json — dev tree disables `trading` only;
ops/prod must also disable `business` (gotcha #5 NameError on
InstallWorkflow during eager_load). Overwriting from dev wipes the
prod-side choice. Documented as gotcha #16.
- frontend/.proxy-config-cache.json — host allowlists are per-env.
2) System submodule bumps to dc10401 — adds env-controlled DNS resolver
overrides (POWERNODE_ACME_DNS_RESOLVERS, POWERNODE_ACME_DISABLE_PROPAGATION_CHECK)
in powernode-acme so split-brain hosts (e.g. ops with opnsense
internal + Cloudflare public for ipnode.net) can point lego at a
public resolver for the propagation precheck without touching
/etc/resolv.conf. Verified end-to-end against LE-staging on ops:
cert issued in 15.9s with resolv.conf on the systemd stub and only
the env var in place.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps docker/login-action from 3 to 4.
Release notes
Sourced from docker/login-action's releases.
... (truncated)
Commits
b45d80fMerge pull request #929 from crazy-max/node24176cb9cnode 24 as default runtimecad8984Merge pull request #920 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...92cbcb2chore: update generated content5a2d6a7build(deps): bump the aws-sdk-dependencies group with 2 updates44512b6Merge pull request #928 from docker/dependabot/npm_and_yarn/docker/actions-to...28737a5chore: update generated contentdac0793build(deps): bump@docker/actions-toolkitfrom 0.76.0 to 0.77.062029f3Merge pull request #919 from docker/dependabot/npm_and_yarn/actions/core-3.0.008c8f06chore: update generated contentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)