v0.2.0-alpha.31

What's Changed

• chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 in /kagenti-operator by @dependabot[bot] in #302
• chore(deps): Bump k8s.io/apiextensions-apiserver from 0.35.3 to 0.35.4 in /kagenti-operator by @dependabot[bot] in #301
• cve: Upgrade gRPC and otel packages to fix critical CVEs by @ChristianZaccaria in #305

Full Changelog: v0.2.0-alpha.30...v0.2.0-alpha.31

v0.2.0-alpha.30

What's Changed

• fix: Proxy-sidecar reinvocation check and routes volume mount by @huang195 in #303

Full Changelog: v0.2.0-alpha.29...v0.2.0-alpha.30

v0.2.0-alpha.29

What's Changed

• feat: Generate per-agent ConfigMap for authbridge at injection time by @huang195 in #297

Full Changelog: v0.2.0-alpha.28...v0.2.0-alpha.29

v0.2.0-alpha.28

What's Changed

• refactor(mlflow): use external gateway URL for tracking by @Ygnas in #294
• fix: collision-free port assignment for proxy-sidecar mode by @huang195 in #296

Full Changelog: v0.2.0-alpha.27...v0.2.0-alpha.28

v0.2.0-alpha.27

What's Changed

• fix: add SPIRE trust bundle ConfigMap to scoped cache by @ChristianZaccaria in #271
• feat: mode-aware image selection and proxy-sidecar injection by @huang195 in #295

Full Changelog: v0.2.0-alpha.26...v0.2.0-alpha.27

v0.2.0-alpha.26

What's Changed

• fix: add deployments/finalizers RBAC marker for AgentCardSync controller by @Bobbins228 in #240
• chore(deps): Bump controller-runtime to 0.23.3 and k8s.io/* to 0.35.2 by @pdettori in #264
• fix: resolve flaky E2E metrics test caused by webhook race condition by @pdettori in #267
• feat(E2E): create E2E tests for AgentRuntime CRD by @r3v5 in #270
• feat: create CI infrastructure for integration tests by @r3v5 in #274
• feat: create AuthBridge sidecar injection E2E tests by @r3v5 in #275
• fix: prevent cyclic pod restarts from resign-trigger by @pdettori in #272
• feat: defaults-only sidecar injection without AgentRuntime CR by @varshaprasad96 in #276
• chore(deps): Bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in #273
• build(deps): bump go-spiffe to v2.6.0, fix go-jose CVE by @pdettori in #288
• build(deps): bump k8s.io modules from 0.35.2 to 0.35.3 by @pdettori in #286
• ci: Add org-wide project automation workflow by @rubambiza in #285
• Swap envoy-with-processor to authbridge-unified image by @huang195 in #289
• docs: add AgentRuntime documentation for Phase 4 (#862) by @varshaprasad96 in #290
• chore(deps): Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in #291

Full Changelog: v0.2.0-alpha.25...v0.2.0-alpha.26

v0.2.0-alpha.25

What's Changed

• chore(deps): Bump azure/setup-helm from 4 to 5 by @dependabot[bot] in #241
• chore(deps): Bump github/codeql-action from 4.32.6 to 4.35.1 by @dependabot[bot] in #255
• fix: update proactive restart demo defaults to match Helm conventions by @cwiklik in #244
• test(controller): add unit tests for AgentCard syncPeriod validation by @Schimuneck in #257
• test: add trust bundle rotation integration test by @Schimuneck in #256
• chore(deps): Bump golang from 1.24 to 1.26 in /kagenti-operator by @dependabot[bot] in #226
• feat: add MLflow integration controller for agent deployments by @Ygnas in #262
• fix: add AgentRuntime CRD to config/crd/kustomization.yaml by @Schimuneck in #254
• chore(deps): Bump golang from 1.24 to 1.26 in /kagenti-operator/cmd/agentcard-signer by @dependabot[bot] in #227
• chore(deps): Bump github.com/onsi/gomega from 1.35.1 to 1.39.1 in /kagenti-operator by @dependabot[bot] in #228
• chore(deps): Bump github.com/prometheus/client_golang from 1.19.1 to 1.23.2 in /kagenti-operator by @dependabot[bot] in #232
• 🐛 Align configMapKey default to bundle.spiffe across Helm and make deploy by @ChristianZaccaria in #248
• test: expand envtest and unit coverage for controllers … by @Bobbins228 in #266
• fix(rbac): align Helm ClusterRole with controller-gen output by @ChristianZaccaria in #249
• fix(mlflow): use kubernetes-namespaced tracking auth by @Ygnas in #265

New Contributors

• @Schimuneck made their first contribution in #257
• @ChristianZaccaria made their first contribution in #248

Full Changelog: v0.2.0-alpha.24...v0.2.0-alpha.25

Release latest features

What's Changed

• feat: unify CI on Dockerfiles by @r3v5 in #258
• feat: create E2E tests for AgentCard by @r3v5 in #243
• feat: migrate AuthBridge webhook from extensions into operator by @cwiklik in #261
• fix: use /manager entrypoint in Helm chart values by @cwiklik in #263

Full Changelog: v0.2.0-alpha.23...v0.2.0-alpha.24

v0.2.0-alpha.23

Changelog

• d83d172 Merge pull request #247 from akram/feature/operator-managed-client-registration
• bd2e67e keycloak: key admin token cache by base URL and username
• 60cf6e9 Fix golangci-lint errcheck and unparam in client registration tests
• 4b041c0 Address review feedback for operator-managed client registration
• 6136613 feat(operator): reconcile client registration by default; skip when legacy label=true
• bc2ce3f docs(operator): document cluster-wide Secret RBAC for client registration
• 7d9d86f fix(operator): Keycloak client registration review follow-ups
• 255571b operator: Keycloak client credentials Secret naming and annotation
• b6b6c21 docs: add operator-managed client registration design
• 9637c03 feat(operator): add Keycloak client registration controller
• 77ce5f9 Merge pull request #242 from varshaprasad96/improve-agentruntime-controller
• 3de1df7 docs: clarify fail-open scope in AgentRuntime webhook docs
• fcd8e7a feat(AgentRuntime): add validating webhook for duplicate targetRef rejection
• 06e0419 Merge pull request #237 from r3v5/increase-a2a-compatibility
• 9df99a6 Merge pull request #236 from kevincogan/feat/agentcard-signer-ci-publish
• 97ec40c refactor: modify description for InputModes in AgentSkill
• e154dbc feat(AgentCard): align CRD field descriptions with A2A proto spec Signed-off-by: Ian Miller milleryan2003@gmail.com
• 3415618 feat(AgentCard): add provider, documentation/icon URLs, and extensions to AgentCardData Signed-off-by: Ian Miller milleryan2003@gmail.com
• 261f936 Merge pull request #222 from r3v5/add-missing-attributes-to-agent-skill
• c04f1bc fix(AgentCard): align descriptions with A2A protocol Signed-off-by: Ian Miller milleryan2003@gmail.com
• 019ef44 Merge pull request #218 from varshaprasad96/feat-agentruntime-controller
• 83f3906 fix: address linter findings in AgentRuntime controller
• 4ff6141 fix(AgentCard): add missing id, tags, examples attributes to AgentSkill Signed-off-by: Ian Miller milleryan2003@gmail.com
• 9ab36f0 fix: address review findings in AgentRuntime controller
• 38b6134 feat(ci): add agentcard-signer to build-image workflow job Add signer metadata extraction and docker build-push step to the build-image job so the agentcard-signer image is also published on PR merges to main and manual workflow_dispatch triggers, matching the operator image pipeline.
• dfcc243 Merge branch 'kagenti:main' into feat/agentcard-signer-ci-publish
• a7bc082 feat(ci): publish agentcard-signer image to GHCR via GoReleaser Add agentcard-signer build and ko entry to .goreleaser.yaml so the signer image is built and pushed to ghcr.io/kagenti/kagenti-operator/ agentcard-signer on release tags alongside the operator image. Update Makefile and demo manifest to use the GHCR image path by default. Closes #234
• 5d0bb33 feat: add AgentRuntime controller with 3-layer config merge

v0.2.0-alpha.22

Changelog

• cc1bbef Merge pull request #235 from huang195/ci/latest-tag-on-merge
• 96fbbf7 ci: Apply latest image tag on PR merges and manual triggers
• 260ac4e Merge pull request #216 from kagenti/orchestrate/ci
• 259a618 Merge pull request #221 from kevincogan/feat/agentcard-signing-production-readiness
• d0a3eb5 fix: address PR review feedback - Harden regex in teardown-demo.sh from .* to \S+ for defensive coding - Convert fetcher_test.go assertions to gomega for project consistency Signed-off-by: Kevin Cogan kevin.s.cogan@gmail.com
• 6efcfcf fix: address PR review feedback
• 7d57b18 feat: targeted K8s API egress for unverified agent NetworkPolicies
• b86d0ca Style: fix golangci-lint line length and empty branch violations
• 1cf7755 fix(demos): add RBAC for signer, Istio opt-out, and preserve operator args
• 8b9ef02 fix: add proactive restart cooldown and auto-configure identity binding
• e29e532 fix: simplify NetworkPolicy egress to allow-all for OVN-Kubernetes compatibility
• b6073aa feat(signer): write signed card to ConfigMap for operator fallback
• 5317b6d feat: support PEM trust bundles and add ConfigMap-based card fetcher
• e124b5a feat(helm): make imagePullPolicy configurable and update trust bundle defaults
• 2bb0108 fix(helm): correct RBAC rules and remove broken helpers
• 8ad9f60 Merge pull request #212 from varshaprasad96/feat-agent-runtime
• dc1e76f feat: add security scanning workflows (Trivy, CodeQL, Scorecard, Hadolint)
• b3aa892 fix: address PR review feedback
• aeb0189 feat: add AgentRuntime CRD types and documentation
• f49ff3f Merge pull request #214 from Ygnas/tekton-patch
• d39363d Merge pull request #215 from rubambiza/feat/self-assign-caller
• 932febc feat: add TektonConfig controller for pipeline security settings
• f1c5657 feat: Add issue self-assign workflow and update CONTRIBUTING.md
• bb24ef8 Merge pull request #210 from Bobbins228/remove-toolhive-references
• 5409e05 chore: remove toolhive and mcpserver references
• 5b4eb05 Merge pull request #211 from kagenti/ignore-golangci-lint-action-major
• 1686dc0 🔒 chore(deps): ignore golangci-lint-action major bumps in Dependabot
• 705eb02 Merge pull request #202 from Ygnas/agent-build-references
• 8b2e4b4 docs: remove AgentBuild references from operator documentation
• fab983b fix: remove AgentBuild/Tekton references and duplicate RBAC rules
• 7970e34 Merge pull request #208 from kagenti/orchestrate/replicate
• 2187b26 Merge pull request #207 from kagenti/orchestrate/security
• 9714e60 Merge pull request #206 from kagenti/orchestrate/tests
• 36df778 Merge pull request #196 from pavelanni/fix/update-agentcard-wellknown-endpoint
• a655d64 Merge pull request #201 from kevincogan/fix/webhook-duplicate-targetref
• c82e981 feat: bootstrap orchestrate skills for self-sufficient orchestration
• c58c152 feat: add security governance (CODEOWNERS, SECURITY.md, .gitignore hardening)
• 0dfa2ad feat: add unit tests for signature metrics and controller indexers
• 2eff066 Merge pull request #205 from pdettori/ci/consolidate-workflows
• 0206b67 fix: update metrics log check to match JSON logging format
• 23ba3e9 fix: restore namespace to kagenti-operator-system for E2E tests
• 600f3eb fix: remove phantom AgentBuild references from kustomization
• 0f702ae fix: bump golangci-lint to v1.64.8 and only lint new issues
• c147536 Address review: duplicate check on update, fail-open comment
• b61c326 Merge upstream/main into fix/webhook-duplicate-targetref
• 7393d68 ci: consolidate workflows and enable tests in CI
• 9c7fc58 Address PR #196 review feedback
• 51eb458 Add fallback to legacy A2A agent card endpoint
• b8e24f3 Update A2A well-known endpoint from agent.json to agent-card.json
• e0dd82e Merge pull request #204 from pdettori/chore/fix-precommit-hooks
• 9c6081d chore: run go mod tidy
• 3f2afe1 chore: fix pre-commit hooks across repository
• b830452 Merge pull request #191 from kevincogan/fix/agentcard-test-gaps
• 70793b4 Merge pull request #197 from kagenti/dependabot/github_actions/docker/login-action-4
• b01de1b Merge pull request #203 from rubambiza/ci/add-stale-workflow
• d4ec26d ci: add org-wide stale issue/PR workflow
• c3e5ce5 fix: enforce AgentCard targetRef uniqueness via webhook admission
• 134c32b Merge pull request #198 from mrsabath/claude-assisted-by
• aaec601 Address review feedback: license header, ctx shadows, IsNotFound, reconcileTwice comment, magic number
• 2af094c docs: add commit attribution policy and commit-msg hook
• c68bfbb Bump docker/login-action from 3 to 4
• 29efdea Merge pull request #195 from cwiklik/remove-obsolete-tekton-webhook-templates
• bb10687 Remove obsolete tekton and webhook Helm templates
• 5e9fb68 Add unit tests for NetworkPolicy controller, fetcher, webhook, proactive restart, and negative signature verification
• df93d1c Merge pull request #184 from kagenti/dependabot/github_actions/goreleaser/goreleaser-action-7
• e8bbe53 Merge pull request #189 from usize/bump
• c41345a Bump goreleaser/goreleaser-action from 6 to 7