v0.3.22-weekly

Changelog

• a49116f: Merge pull request #9513 from Pranjal6955/hooks/test (@kubestellar-prow[bot])
• 4448ce9: refactor: consolidate version check tests and add new tests for federation actions and MCP hooks (@Pranjal6955)
• 5bbbdef: refactor: update MCP hook exports to useDeployments, useServices, and useIngresses in tests (@Pranjal6955)
• fdd8227: ✨ Add Right-Size Advisor card to Cost dashboard (#9680) (@clubanderson)
• ed5686a: ✨ Add friendly 404 page with feature request CTA (#9684) (@clubanderson)
• 66c6bfc: ✨ feat: compliance report generator (PDF/JSON) (@clubanderson)
• 4abf541: 🌱 : Test/agent server http coverage (#9540) (@lightyagami2109)
• 4db1773: 🌱 Resize Right-Size Advisor and Cluster Costs to half-width (#9681) (@clubanderson)
• 0ca5802: 🐛 Fix compliance framework test failures blocking release (#9688) (@clubanderson)
• eeef5e8: 🐛 address 12 Copilot review comments on compliance engine (#9679) (@clubanderson)
• 4402d2a: 🐛 fix 4 community bugs: token flush, spin-loop, localStorage, concurrency (#9626) (@clubanderson)
• 29483e6: 🐛 fix YouTube playlist feed — add Invidious API fallback (#9573) (@clubanderson)
• d85d586: 🐛 fix nightly test timeouts and compliance criterion-c assertion (#9624) (@clubanderson)
• 56bc5c7: 🐛 fix remaining bugs: debounce saves, orphaned goroutines, nightly git conflict (#9634) (@clubanderson)
• 13d29c5: 🐛 rebaseline perf budgets: bundle 3.3M→3.65M, react commits 20→25 (#9625) (@clubanderson)

v0.3.22-nightly.20260423

Changelog

• c3a11e0: Clean up 2 screenshot(s) older than 7 days (@github-actions[bot])
• b022daf: ✨ add server-side caching to ACMM badge endpoint (#9565) (@clubanderson)
• e728117: ✨ harden Netlify ACMM badge caching (#9566) (@clubanderson)
• 9b1b1bd: 🌱 add unit tests for ACMM badge cache handler (#9571) (@clubanderson)
• 658eb15: 🌱 remove stale TODO comments across 4 files (#9543, #9544) (#9552) (@clubanderson)
• 43ad0b5: 🐛 add demo data support to IframeEmbed card (#9572) (@clubanderson)
• afa1fd7: 🐛 fix distribution filter and kubescape modal cluster switching (#9531, #9541) (#9553) (@clubanderson)
• 6d35a4b: 🐛 fix kagenti provider unable to retrieve cluster list (#9535) (#9555) (@clubanderson)
• 91420a3: 🐛 fix nightly test regressions (#9556–#9563) (#9567) (@clubanderson)
• 6df9bea: 🐛 fix unaddressed Copilot review findings from 50 merged PRs (#9554) (@clubanderson)

v0.3.22-nightly.20260422

Changelog

• 032ec2b: Add screenshot 1 for issue #9356 (@github-actions[bot])
• 728b70a: Add screenshot 1 for issue #9357 (@github-actions[bot])
• 666adfb: Add screenshot 1 for issue #9358 (@github-actions[bot])
• 0884047: Add screenshot 1 for issue #9528 (@github-actions[bot])
• be38e8c: Add screenshot 1 for issue #9532 (@github-actions[bot])
• 40d8869: Add screenshot 1 for issue #9541 (@github-actions[bot])
• a7aee5b: Clean up 1 screenshot(s) older than 7 days (@github-actions[bot])
• 5e0ae10: Merge pull request #9460 from aashu2006/feat/fluid-card (@kubestellar-prow[bot])
• a9159c7: feat(federation): OCM provider + Phase 1 UI (#9380) (@clubanderson)
• 7b1f4d5: feat(federation): add Karmada provider (PR C) (#9394) (@clubanderson)
• 832ffde: feat(federation): add provider interface + multi-hub fan-out skeleton (#9377) (@clubanderson)
• fd2790b: feat: Mission Control Request Approval with deep link review (#9422) (@clubanderson)
• 55e4f03: feat: add CAPI federation actions (PR H) (#9401) (@clubanderson)
• 88b67b0: feat: add Cilium status backend handler for live data (#9407) (@clubanderson)
• 705b27a: feat: add Cluster API (CAPI) federation provider (PR D) (#9395) (@clubanderson)
• d6edf63: feat: add Clusternet, Liqo, and KubeAdmiral federation actions (PR I) (#9399) (@clubanderson)
• 6d1d0ea: feat: add Clusternet, Liqo, and KubeAdmiral federation providers (#9396) (@clubanderson)
• 096c10c: feat: add Fluid monitoring card (@aashu2006)
• 8e22f71: feat: add GPU taint filtering to nodes dashboard and support ReactNode in EmptyState description (#9408) (@Pranjal6955)
• 4c4cb30: feat: add Karmada federation actions (PR G) (#9398) (@clubanderson)
• 7ffa8e8: feat: add Knative serverless monitoring card (#9253) (@aashu2006)
• 01824e7: feat: add federation action framework and OCM actions (PR F) (#9397) (@clubanderson)
• 225e798: feat: add in-cluster client injection for self-upgrade testing and refactor code formatting (#9374) (@Pranjal6955)
• 900a5f1: feat: implement request collapsing for concurrent ACMM scans and add integration tests (#9370) (@Pranjal6955)
• c129d4b: feat: orbit resource targeting + post-mission monitor offer (#9378) (@clubanderson)
• fed4107: fix(HardwareHealthCard): fix hooks order and memoize sortedAlerts (#9368) (@clubanderson)
• 3b52f8f: fix(acmm): shorten badge cache to prevent hour-long inaccessible windows (#9367) (@clubanderson)
• dec282e: fix(cards): propagate isDemoFallback to ResourceQuota and Ingress status badges (#9360) (@clubanderson)
• 9251a5c: fix(e2e): restore clusters-page testid for cross-browser nightly (#9366) (@clubanderson)
• 5f9a1c8: fix(feedback): clear form state on success to skip unsaved-changes prompt (#9361) (@clubanderson)
• 5c9a906: fix(k8s): resolve 4 health/GPU probing bugs in pkg/k8s (#9342) (@clubanderson)
• f85aa9d: fix(missions): align kubara info tooltip button on same row as root node (#9432) (@clubanderson)
• 52b43b8: fix(msw): add missing passthroughs for 11 Netlify Function endpoints (#9402) (@clubanderson)
• a506a1e: fix(nodes): surface per-cluster RBAC errors when nodes list returns empty (#9359) (@clubanderson)
• 2ebf081: fix(orbits): confirm before creating orbit with empty cluster selection (#9376) (@clubanderson)
• 665a2cc: fix(pods): reconcile detailed pod list with cluster summary count (#9354) (@clubanderson)
• 3fed579: fix(release): disable cosign new-bundle-format so signing step works on v3.x (#9365) (@clubanderson)
• e789f16: fix(tests): repair 3 localStorage.test.ts failures from PR 9369 (#9375) (@clubanderson)
• 6fb8f15: fix(tests): resolve 3 Coverage Suite failures from PRs 9359 and 9361 (#9364) (@clubanderson)
• 515965f: fix(tests): resolve remaining Coverage Suite failures from run #1190 (#9350) (@clubanderson)
• 1c6cc29: fix(tests): simplify saveMissions error test to avoid DOMException prototype issues (#9327) (@clubanderson)
• 00a2b9d: fix(tests): update test mocks for taint-aware filtering, mission sidebar, and DashboardPage changes (#9437) (@clubanderson)
• 8114f23: fix(workflow): shorten test label description to stay under 100-char limit (#9363) (@clubanderson)
• 2ef076e: fix: ACMM stat blocks clarity and MAX_LEVEL bug (#9465) (@clubanderson)
• 4740dc1: fix: GPU inventory multi-cluster aggregation and version compare test (#9507) (@clubanderson)
• 5b6b170: fix: ML Jobs/Notebooks demo badge and display inconsistencies (#9457) (@clubanderson)
• b4f5bf7: fix: add CSRF header to all raw fetch POST calls and CORS config (#9450) (@clubanderson)
• c78c28a: fix: add cluster context threading, secret scrubbing, and prompt injection guards (#9492) (@clubanderson)
• fc5efea: fix: add missing user feedback toasts on form submissions and cache refresh (#9433) (@clubanderson)
• 5354445: fix: add per-session aggregate token quota to prevent exhaustion (#9445) (@clubanderson)
• 88ec0b5: fix: add tool dependency check for AI agents and sync settings UI with registry (#9494) (@clubanderson)
• 4c34898: fix: add user-facing error toasts for silent catch blocks (#9391) (@clubanderson)
• 4b2f1eb: fix: allow keyboard arrow navigation to advance wizard steps (#9503) (@clubanderson)
• ba6c68f: fix: allow reconciliation to drop none cluster sentinel (#9415) (@clubanderson)
• 768b648: fix: auto-generate agent token when unset and batch token usage writes (#9489) (@clubanderson)
• 9a2c976: fix: cancel AI suggestion stream on timeout and prevent phantom overwrite (#9498) (@clubanderson)
• 84c21a1: fix: clarify System Update settings descriptions (#9493) (@clubanderson)
• 106fa9c: fix: close feedback modal on outside click (#9421) (@clubanderson)
• 7af14c9: fix: gateway and MCS installation banners and error handling (#9472) (@clubanderson)
• a695776: fix: guard against nil pointer in RewardsHandler.fetchUserRewardsForBadge (#9411) (@clubanderson)
• 89463d7: fix: guard against null kubectlProxy responses in agent fetchers (#9410) (@clubanderson)
• 3fd5e2c: fix: guard against undefined arrays in AlertsContext evaluation loop (#9412) (@clubanderson)
• 1ba8ac3: fix: handle backend cancel result payload to resolve Cancelling deadlock (#9478) (@clubanderson)
• 6beb063: fix: harden mixed-mode command parsing and synchronize token persistence (#9444) (@clubanderson)
• 05055f7: fix: improve update check feedback and timestamp handling (#9499) (@clubanderson)
• 160dece: fix: kagent card display issues — light mode, error boundary, refresh animation (#9458) (@clubanderson)
• 10b1c6f: fix: kill process group on mission timeout to prevent zombie sub-processes (#9449) (@clubanderson)
• 98bcd2a: fix: make mission timeout configurable and respect user's primary agent selection (#9490) (@clubanderson)
• e56aa4a: fix: match Agent button font size to other navbar buttons (#9436) (@clubanderson)
• 219b1d2: fix: match Learn button icon size to other navbar buttons (#9463) (@clubanderson)
• 0cd9f67: fix: match agent selector button height to + button in compact mode (#9431) (@clubanderson)
• 00b5961: fix: mock useToast in ClusterLocations tests (#9393) (@clubanderson)
• 0940251: fix: move + button outside overflow-hidden container so dropdown renders (#9417) (@clubanderson)
• 863385c: fix: navbar dropdowns hidden behind mission sidebar, tooltip show delay, dashboard padding symmetry (#9464) (@clubanderson)
• a5412c2: fix: network card data accuracy and i18n wrapping (#9473) (@clubanderson)
• 63cdf83: fix: network controls feedback and topology UX (#9474) (@clubanderson)
• a67afab...

v0.3.22-nightly.20260421

Changelog

• 073f39b: Add screenshot 1 for issue #9150 (@github-actions[bot])
• 3633a93: Clean up 5 screenshot(s) older than 7 days (@github-actions[bot])
• 7014a91: chore(ci): upgrade CodeQL action v3→v4, opt into Node.js 24 (#9281) (@clubanderson)
• b95c9cb: chore(deps): Bump @axe-core/playwright from 4.11.1 to 4.11.2 in /web (#9188) (@dependabot[bot])
• 0c2efad: chore(deps): Bump @sqlite.org/sqlite-wasm in /web (#9189) (@dependabot[bot])
• 87e9ff9: chore(deps): Bump @types/dompurify from 3.0.5 to 3.2.0 in /web (#9191) (@dependabot[bot])
• 034bbfe: chore(deps): Bump @types/node from 25.5.2 to 25.6.0 in /web (#9176) (@dependabot[bot])
• da00da1: chore(deps): Bump @vitest/ui from 4.1.2 to 4.1.4 in /web (#9181) (@dependabot[bot])
• ea62529: chore(deps): Bump actions/setup-go from 5.2.0 to 6.4.0 (#9177) (@dependabot[bot])
• c40fba9: chore(deps): Bump autoprefixer from 10.4.27 to 10.5.0 in /web (#9186) (@dependabot[bot])
• a2d45b5: chore(deps): Bump docker/metadata-action from 5.7.0 to 6.0.0 (#9180) (@dependabot[bot])
• 8e2358e: chore(deps): Bump golang.org/x/time from 0.9.0 to 0.15.0 (#9173) (@dependabot[bot])
• 8f95627: chore(deps): Bump googleapis from 144.0.0 to 171.4.0 in /web (#9185) (@dependabot[bot])
• e797318: chore(deps): Bump goreleaser/goreleaser-action from 6.3.0 to 7.1.0 (#9178) (@dependabot[bot])
• dd9ea0f: chore(deps): Bump k8s.io/apiextensions-apiserver from 0.35.3 to 0.35.4 (#9175) (@dependabot[bot])
• 88aba74: chore(deps): Bump modernc.org/sqlite from 1.48.2 to 1.49.1 (#9179) (@dependabot[bot])
• ee63c64: chore(deps): Bump react-dom from 19.2.4 to 19.2.5 in /web (#9206) (@dependabot[bot])
• bc705e5: chore(deps): Bump sigstore/cosign-installer from 3.8.2 to 4.1.1 (#9183) (@dependabot[bot])
• 422812c: chore(deps): Bump typescript-eslint from 8.57.2 to 8.58.2 in /web (#9174) (@dependabot[bot])
• 1e398c3: chore(deps): Bump zaproxy/action-baseline from 0.14.0 to 0.15.0 (#9184) (@dependabot[bot])
• 8a7ed0f: feat(api): add ghGetWithRetry helper for rate-limit retries (Fixes #9059) (#9245) (@clubanderson)
• c59079d: feat(cards): add NATS monitoring card (Closes #5944) (#9227) (@clubanderson)
• 93d082c: feat(ci): sync workflow files from kubestellar/infra (#9130) (@clubanderson)
• ba4fcab: feat(gpu): scrape DCGM exporter for real GPU memory metrics (#9314) (@clubanderson)
• a7250d8: fix(acmm): L2 Instructed gate uses OR-group for agent instruction files (#9190) (@clubanderson)
• 055ae39: fix(acmm): update computeLevel tests for OR-group logic (Fixes #9209) (#9214) (@clubanderson)
• cb8efc2: fix(build): remove unused imports after refactor-split cascade (#9306) (@clubanderson)
• c30b2e6: fix(ci): add least-privilege permissions blocks to GitHub Actions workflows (Fixes #9123) (#9141) (@clubanderson)
• 41a2e0a: fix(ci): harden Coverage Gate against flakiness and orphaned runs (Fixes #9107) (#9145) (@clubanderson)
• 8c11149: fix(ci): pin all GitHub Actions refs to full commit SHAs (Fixes #9128) (#9138) (@clubanderson)
• 5898c78: fix(ci): raise nightly suite wall-clock caps and test timeouts (#9134) (@clubanderson)
• 2edeb7c: fix(coverage): exclude .md files from v8 coverage scope (#9316) (@clubanderson)
• 221369d: fix(deps): align react to 19.2.5 to match react-dom (#9318) (@clubanderson)
• f790ffb: fix(e2e): fix ai-ml-test nightly timeout — replace networkidle with domcontentloaded (Fixes #9103) (#9156) (@clubanderson)
• 469ae4c: fix(e2e): isolate deploy-dashboard mock state per-test (Fixes #9087) (#9249) (@clubanderson)
• d9497cb: fix(e2e): remove local setupAuth redefinition in mission-control spec (Fixes #9230) (#9250) (@clubanderson)
• d0cbde0: fix(e2e): replace page.evaluate() with addInitScript() for webkit auth (#9096) (#9151) (@clubanderson)
• 116be6b: fix(e2e): replace vacuous cards-have-proper-structure assertion (Fixes #9074) (#9244) (@clubanderson)
• 002df03: fix(e2e): resolve 7 nightly suite failures (#4086) (#9313) (@clubanderson)
• f03eafe: fix(e2e): restore drilldown-modal testid trigger for UX Journey tests (Fixes #9166) (#9203) (@clubanderson)
• d1b9ad5: fix(e2e): stabilize Nightly UX Journey Tests — tour scoping, mobile title, settings overflow (Fixes #9110) (#9113) (@clubanderson)
• feeb5f0: fix(e2e): unroute prior mockAPI handlers so latest call wins (Fixes #9085) (#9247) (@clubanderson)
• 0ea8ef5: fix(e2e): update benchmark tests to handle demo-mode fallback in CI (#9133) (@clubanderson)
• 3177326: fix(security): add least-privilege permissions to remaining workflows (Fixes #9167) (#9168) (@clubanderson)
• aa4c1ac: fix(security): alloc bounds check, regex anchors, DOMPurify, atomic file ops (Fixes #9127) (#9147) (@clubanderson)
• cdade0d: fix(security): allocation-size-overflow guard and postMessage origin checks (Fixes #9220) (#9229) (@clubanderson)
• 9d2f96a: fix(security): avoid shell interpolation in server_gitops.go (Fixes #9122) (#9139) (@clubanderson)
• c221091: fix(security): move sensitive keys from localStorage to sessionStorage (Fixes #9124) (#9140) (@clubanderson)
• 14e27f7: fix(security): prevent XSS-through-DOM and stack trace exposure (#9226) (@clubanderson)
• bc3ad3f: fix(security): property allowlists and safe escaping for DOM injection cluster (#9143) (@clubanderson)
• f1cb6b7: fix(security): replace Math.random with crypto API; sanitize localStorage keys (Fixes #9125) (#9146) (@clubanderson)
• 13f7463: fix(security): replace shell interpolation with exec.Command (@clubanderson)
• 68bfcb1: fix(security): replace string URL checks with parsed hostname (Fixes #9119) (#9198) (@clubanderson)
• f442103: fix(security): resolve CodeQL js/xss and go/path-injection (@clubanderson)
• be90ce9: fix(security): suppress XSS and URL-redirect CodeQL alerts in OperatorDrillDown and AgentSelector (Fixes #9218) (#9228) (@clubanderson)
• 22a699e: fix(security): suppress clear-text sessionStorage CodeQL alerts (Fixes #9199) (#9201) (@clubanderson)
• 691062f: fix(security): suppress clear-text storage CodeQL alerts in hooks and Weather (Fixes #9211) (@clubanderson)
• 7fd96d9: fix(tests): correct 4 failing test assertions in coverage test suite (#9325) (@clubanderson)
• 9444224: fix(tests): correct analytics-session and useMissionStorage test failures (#9312) (@clubanderson)
• 1c9a65f: fix(tests): correct i18n key names in CreateDashboardModal.test.tsx (#9321) (@clubanderson)
• ca5a6ba: fix(tests): resolve 3 Coverage Suite failures from test-split cascade (#9319) (@clubanderson)
• 8fbd701: fix(tests): update cache tests from localStorage to sessionStorage after #9147 (Fixes #9161) (#9202) (@clubanderson)
• e7f2e74: refactor(analytics): split analytics.ts into focused modules (#9293) (@clubanderson)
• 6ebf978: refactor(drasi): split DrasiReactiveGraph.tsx into subcomponents (#9291) (@clubanderson)
• 9f34bf6: refactor(e2e): extract shared setupAuth/setupDashboardTest/setupMCP helpers (Fixes #9233) (#9251) (@clubanderson)
• 2571932: refactor(hooks): split useCachedData.ts into focused modules (#9295) (@clubanderson)
• 5a288ee: refactor(hooks): split useMissions.tsx into focused sub-modules (#9289) (@clubanderson)
• 23e7763: refactor(mission-control): split FlightPlanBlueprint.tsx into subcomponents (#9290) (@clubanderson)
• df0804e: refactor(missions): split MissionBrowser.tsx into focused subcomponents (#9288) (@clubanderson)
• a6aaad8: refactor(tests): split 7 large test files into focused modules (#9302) (@clubanderson)
• 9e9f47a: refactor(tests): split AlertsContext, kubectlProxy, and cache test files (#9287) (@clubanderson)
• 541feda: refactor(tests): split useCachedData and useMissions test files (#9292) (@clubanderson)
• 2b20f98...

v0.3.22-nightly.20260420

Changelog

• b7ef0c5: Add audit logging for authentication events (#9024) (@khushal-winner)
• d8e178b: Add health check endpoint for GitHub token validation (#9064) (@khushal-winner)
• 5effd47: Add rate limiting to WebSocket endpoint to prevent connection flooding DoS (#9012) (@khushal-winner)
• 3e88875: Add resource limits to db-restore init container (#9068) (@khushal-winner)
• e253f7e: Add runtime type guard for IntotoSupplyChain error translation (#9035) (@khushal-winner)
• b6f1ba8: Add screenshot 1 for issue #8974 (@github-actions[bot])
• f13d78c: Add screenshot 1 for issue #8979 (@github-actions[bot])
• 4aff74e: Add values.schema.json for Helm chart validation (#9065) (@khushal-winner)
• 80da8bc: Centralize RBAC timeout constant to fix API/agent inconsistency (#8998) (@khushal-winner)
• b962878: Clean up 1 screenshot(s) older than 7 days (@github-actions[bot])
• 5f25c12: Fix ServiceAccount token automount configuration override (#9066) (@khushal-winner)
• da656a4: Fix XSS vulnerabilities in ReactMarkdown components (#9028) (@khushal-winner)
• 1dd7c9a: Fix inconsistent K8s name validation in GitOps handlers (#9021) (@khushal-winner)
• d100767: Fix path traversal vulnerability in GitOps handlers (#9022) (@khushal-winner)
• b79acfb: feat(api): add stale cache fallback to GitHub Pipelines handler (#9053) (@khushal-winner)
• cdd1bfa: feat(api): forward GitHub rate limit headers in pipelines handler (#9051) (@khushal-winner)
• 29d3bf5: feat(api): validate PIPELINE_REPOS format at startup (#9057) (@khushal-winner)
• 3e8b286: feat: add GPU utilization threshold alerting (#9006) (@khushal-winner)
• 516d558: fix(acmm): repair sidebar count, search timeout, info bar, README badge (#9010) (@clubanderson)
• 6918631: fix(cards): restore missing legend in Cluster Metrics per-cluster drilldown (#8973) (#9004) (@clubanderson)
• fe60099: fix(drilldown): unify cluster overview tile navigation with lens buttons (#9009) (@clubanderson)
• 16461f2: fix(e2e): skip dashboard-nav recovery reload when link not in primary nav (#9007) (@clubanderson)
• 4b450c2: fix(events): add timeout/error state and correct Errors stat filter (#9046) (@clubanderson)
• 52fde98: fix(github-pipelines): add context timeout to ghGet requests (#9055) (@khushal-winner)
• 70db05f: fix(security): allow iframe embedding for /embed/* routes (#9048) (@khushal-winner)
• e921e9a: fix: raise bundle budget to 3,300,000 bytes to accommodate RIP-0308 and Zod validation (#8972) (@MichaelSovereign)
• 78608b2: ✨ : Add WebSocket connection limit to prevent resource exhaustion (#9016) (@khushal-winner)
• 6adc91a: ✨ feat(rewards): Phase 1 of RFC #8862 — port tiers to Go + codegen (#9070) (@clubanderson)
• 9404faa: ✨ feat(rewards): Phase 2 of RFC #8862 — public badge endpoint (#9072) (@clubanderson)
• 875bbb6: ✨ feat(rewards): Phase 3 of RFC #8862 — Netlify Function mirror (#9073) (@clubanderson)
• 101bcfb: ✨: Make SQLite connection pool settings configurable via environment var… (#8994) (@khushal-winner)
• 3263a91: ✨: Modernize Thanos Monitoring Card with Unified Development Patterns (#8801) (@Pranjal6955)
• 255c4b7: ✨: add Artifact Hub monitoring card (#8610) (@ANAMASGARD)
• 5d01bf5: 🐛 fix(cards): align Compliance Score card total with drilldown bucket sum (#9005) (@clubanderson)
• 2d003cc: 🐛 fix(e2e): persist resilience results to disk to avoid shared-state bug (#9002) (#9017) (@clubanderson)
• 83baaef: 🐛 fix(events): aashu2006 QA cluster — timestamp bucketing, filter state, i18n, pluralization, symbol consistency (#9054) (@clubanderson)
• f109d1b: 🐛 fix(nightly): recover compliance/perf harnesses + raise suite timeouts (#9019) (@clubanderson)
• 635ec04: 🐛 fix(styles): normalize inconsistent spacing values flagged by Auto-QA (#8988) (#9003) (@clubanderson)
• 94a0b61: 🐛 fix(ui): add loading/error states to auto-QA flagged components (#9036) (#9045) (@clubanderson)
• 868a97b: 🐛 fix: Playwright Cross-Browser test assertions (Fixes #8980) (#9018) (@clubanderson)
• 081a099: 🐛 fix: card controls overflow when AI Missions panel is open (#9014) (@Darshit42)
• 950fa72: 🐛 fix: render valid Custom Cards on dashboard; JSON field replaces sample on first focus (#9069) (@clubanderson)
• 49899fe: 🔐 Nightly health checks + deploy wiring for kubestellar-console-bot App (#7861) (@clubanderson)
• 039bf26: 🔒 fix(security): sanitize remaining XSS call sites (#9029) (#9032) (@clubanderson)
• 653db8f: 🔒 fix(security): validate remaining gitops paths in server_gitops.go (#9030) (#9031) (@clubanderson)

v0.3.21-weekly

Changelog

• 3c595a6: Add exponential backoff + jitter to WebSocket reconnections (#8142) (@khushal-winner)
• 4801b96: Add screenshot 1 for issue #8841 (@github-actions[bot])
• 369cd4b: Add screenshot 1 for issue #8857 (@github-actions[bot])
• 2fdd4e6: Clean up 2 screenshot(s) older than 7 days (@github-actions[bot])
• 5a3d7bc: feat: Daily Issues chart loads incrementally — shows data as it arrives (#8828) (@clubanderson)
• 3bb0127: feat: add Install Falco (AI mission) button to FalcoAlerts card (#8846) (#8953) (@clubanderson)
• 0a4501a: feat: add OpenYurt edge computing monitoring card (#6186) (@XxSURYANSHxX)
• 7f89694: feat: add level-up section break buttons between ACMM levels in Feedback Loops card (#8829) (@clubanderson)
• 4df9884: fix(a11y): Auto-QA modal safety + event-parity bundle (#8962, #8963) (#8967) (@clubanderson)
• f353bce: fix(a11y): add aria-label to stat block move-up button (#8907) (@clubanderson)
• bb98a30: fix(acmm): contain RepoPicker divider to page content width (#8857) (#8945) (@clubanderson)
• 84b9a1b: fix(acmm): surface server-side demoFallback as isDemoData (#8848) (#8956) (@clubanderson)
• c3cdc74: fix(clusters): stabilize RenameModal close-animation test (#8952) (#8964) (@clubanderson)
• 9c71c3e: fix: ACMM card cluster (5 bugs: #8847/8849/8850/8851/8852) (#8946) (@clubanderson)
• 40ec469: fix: Alerts Resolved drillDown matches stat block count (#8844) (#8954) (@clubanderson)
• ac7e4ca: fix: Auto-QA keyboard navigation gaps (#8883) (#8955) (@clubanderson)
• 69cd584: fix: add Token settings validation (warning < critical, limit > 0 confirm) (#8888) (@clubanderson)
• 36dff1a: fix: add aria-label to icon-only buttons on 3 cards (#8903) (@clubanderson)
• c3f860a: fix: add confirmation dialog before cluster group delete (#8933) (@clubanderson)
• 8815279: fix: add keyboard navigation to 3 cards (partial #8837) (#8951) (@clubanderson)
• c977d4d: fix: add keyboard navigation to 3 list-style cards (#8902) (@clubanderson)
• 0bef740: fix: add keyboard navigation to 3 more cards (batch 2 of #8883) (#8910) (@clubanderson)
• 510f569: fix: address Auto-QA ARIA label and role gaps (#8884) (#8961) (@clubanderson)
• 7ffaa38: fix: arcade/gaming cards cluster — score persistence, pause, i18n, modal width (#8965) (@clubanderson)
• 1e65080: fix: clarify console-submitted vs GitHub-authored bug counts (#8896) (@clubanderson)
• ae51bfc: fix: cluster info cards no longer overflow on hover (#8841) (#8949) (@clubanderson)
• 3160571: fix: confirm before kubeconfig upload overwrites pasted YAML (#8930) (@clubanderson)
• 21be4bd: fix: dashboard Nodes drillDown aggregates nodes across clusters (#8840) (#8959) (@clubanderson)
• 632f6af: fix: dashboard title no longer obscured by sidebar collapse button (#8891) (#8950) (@clubanderson)
• 19623fd: fix: disable Token Settings Save button during post-save feedback (#8876) (#8889) (@clubanderson)
• 05d6917: fix: extract slice(0, 3) magic number in useCICDStats.ts (#8833) (@clubanderson)
• 8bd6739: fix: gate Add Cluster button on test-connection result (#8924) (@clubanderson)
• 2377e3c: fix: guard notification-verified localStorage write against quota errors (#8897) (@clubanderson)
• 1b43d46: fix: i18n hardcoded English strings across cluster admin/groups/rename dialogs (#8932) (@clubanderson)
• 861dd15: fix: parallelize per-cluster metric collection in captureSnapshot (#8853) (#8865) (@clubanderson)
• 3eca7e7: fix: pin/collapse button UI — solid bg, remove border bleed (Issue 8843) (#8968) (@clubanderson)
• b94dc20: fix: preserve Add Cluster dialog form data across tab switches (#8929) (@clubanderson)
• d483ebb: fix: prevent RenameModal button flash during close animation (#8931) (@clubanderson)
• c6f423f: fix: prevent cluster groups card text overflow on narrow viewports (#8826) (@clubanderson)
• 27a585a: fix: reduce Auto-QA detector false positives + add useModal hook (#8815, #8816) (#8831) (@clubanderson)
• a748811: fix: remove redundant Pin icon from Dashboard header (#8887) (#8948) (@clubanderson)
• 91924b9: fix: rename Predictive Health Monitor to AI Cluster Issue Predictor (#8845) (#8895) (@clubanderson)
• 6d620e9: fix: resolve deploy-test and cache-test nightly failures (#8819) (@clubanderson)
• 3e47aa0: fix: resolve nightly consistency-test and gosec violations (#8817) (@clubanderson)
• 9372282: fix: send X-Requested-With on all /api requests (#8830) (#8832) (@clubanderson)
• b4fdf14: fix: show Next button when Cloud IAM auth is selected in Add Cluster (#8928) (@clubanderson)
• f3acc33: fix: show card count for Multi-Tenancy dashboard in sidebar (#8842) (#8859) (@clubanderson)
• 94ca953: fix: subscribe FluentdStatus to demo mode toggle (#8901) (@clubanderson)
• 3074d86: fix: subscribe KedaStatus to demo mode toggles (#8905) (@clubanderson)
• c1127ce: fix: support Cmd/Ctrl+Enter to submit bug report modal (#8899) (@clubanderson)
• bd76ab5: fix: surface 401 as expired-token error on feedback submit (#8864) (@clubanderson)
• 4f061f5: fix: use bounded fresh context for SQLite ROLLBACK (#8854) (#8855) (@clubanderson)
• 6b1e131: fix: validate SMTP port and prevent silent default-revert (#8894) (@clubanderson)
• 944f8c3: fix: validate Slack webhook URL before test/save (#8874) (#8892) (@clubanderson)
• 24f5a16: fix: validate profile email before save (#8867) (#8890) (@clubanderson)
• 60285f2: fix: wire isDemoData + freshness on Kagent/Keda/Fluentd cards (#8836) (#8957) (@clubanderson)
• fd700e6: fix: wrap Profile/TokenUsage/OpsGenie strings in t() for i18n (#8886) (@clubanderson)
• 08d84e6: fix: wrap Quiet Hours section strings in t() for i18n (#8872) (#8875) (@clubanderson)
• ed75fb9: fix: wrap Settings sync status + PagerDuty strings in t() for i18n (#8885) (@clubanderson)
• 7212b53: refactor: extract AI card result types from CardFactoryModal.tsx (#8608) [part 2] (#8838) (@clubanderson)
• ccff027: refactor: extract AiCardTab subcomponent from CardFactoryModal.tsx (#8608) [part 6] (#8908) (@clubanderson)
• 06e95f4: refactor: extract FieldSuggestChips from CardFactoryModal.tsx (#8608) [part 4] (#8898) (@clubanderson)
• b056ed6: refactor: extract InlineAIAssist result types from CardFactoryModal.tsx (#8608) [part 5] (#8904) (@clubanderson)
• 235c8fa: refactor: extract ManageCardsTab subcomponent from CardFactoryModal.tsx (#8608) [part 7] (#8912) (@clubanderson)
• 4d9df87: refactor: extract T1_TEMPLATES from CardFactoryModal.tsx (#8608) (#8834) (@clubanderson)
• c3b096d: refactor: extract constants from MissionBrowser.tsx (#8624) (#8835) (@clubanderson)
• 6930071: refactor: extract deep-link match helpers from MissionBrowser.tsx (#8624) [part 3] (#8906) (@clubanderson)
• 551d57f: refactor: extract filter-state helpers from MissionBrowser.tsx (#8624) [part 4] (#8909) (@clubanderson)
• 448226f: refactor: extract preview components from CardFactoryModal.tsx (#8608) [part 3] (#8861) (@clubanderson)
• 6ab2a50: refactor: extract pure filter/facet helpers from MissionBrowser.tsx (#8624) [part 2] (#8900) (@clubanderson)
• e425d6a: refactor: extract tree-node fetch helpers from MissionBrowser.tsx (#8624) [part 5] (#8911) (@clubanderson)
• 783597c: ✨ Add comprehensive unit tests for namespace components (#8115) (@Pranjal6955)
• 98432cc: 🌱 : add unit tests for namespace handlers (#8839) (@Pranjal6955)
• f50cfa5: 🌱 Sync workflows from kubestellar/infra (#8934) (@clubanderson)

v0.3.21-nightly.20260419

Changelog

• 3c595a6: Add exponential backoff + jitter to WebSocket reconnections (#8142) (@khushal-winner)
• 4801b96: Add screenshot 1 for issue #8841 (@github-actions[bot])
• 369cd4b: Add screenshot 1 for issue #8857 (@github-actions[bot])
• 2fdd4e6: Clean up 2 screenshot(s) older than 7 days (@github-actions[bot])
• 5a3d7bc: feat: Daily Issues chart loads incrementally — shows data as it arrives (#8828) (@clubanderson)
• 3bb0127: feat: add Install Falco (AI mission) button to FalcoAlerts card (#8846) (#8953) (@clubanderson)
• 0a4501a: feat: add OpenYurt edge computing monitoring card (#6186) (@XxSURYANSHxX)
• 7f89694: feat: add level-up section break buttons between ACMM levels in Feedback Loops card (#8829) (@clubanderson)
• 4df9884: fix(a11y): Auto-QA modal safety + event-parity bundle (#8962, #8963) (#8967) (@clubanderson)
• f353bce: fix(a11y): add aria-label to stat block move-up button (#8907) (@clubanderson)
• bb98a30: fix(acmm): contain RepoPicker divider to page content width (#8857) (#8945) (@clubanderson)
• 84b9a1b: fix(acmm): surface server-side demoFallback as isDemoData (#8848) (#8956) (@clubanderson)
• c3cdc74: fix(clusters): stabilize RenameModal close-animation test (#8952) (#8964) (@clubanderson)
• 9c71c3e: fix: ACMM card cluster (5 bugs: #8847/8849/8850/8851/8852) (#8946) (@clubanderson)
• 40ec469: fix: Alerts Resolved drillDown matches stat block count (#8844) (#8954) (@clubanderson)
• ac7e4ca: fix: Auto-QA keyboard navigation gaps (#8883) (#8955) (@clubanderson)
• 69cd584: fix: add Token settings validation (warning < critical, limit > 0 confirm) (#8888) (@clubanderson)
• 36dff1a: fix: add aria-label to icon-only buttons on 3 cards (#8903) (@clubanderson)
• c3f860a: fix: add confirmation dialog before cluster group delete (#8933) (@clubanderson)
• 8815279: fix: add keyboard navigation to 3 cards (partial #8837) (#8951) (@clubanderson)
• c977d4d: fix: add keyboard navigation to 3 list-style cards (#8902) (@clubanderson)
• 0bef740: fix: add keyboard navigation to 3 more cards (batch 2 of #8883) (#8910) (@clubanderson)
• 510f569: fix: address Auto-QA ARIA label and role gaps (#8884) (#8961) (@clubanderson)
• 7ffaa38: fix: arcade/gaming cards cluster — score persistence, pause, i18n, modal width (#8965) (@clubanderson)
• 1e65080: fix: clarify console-submitted vs GitHub-authored bug counts (#8896) (@clubanderson)
• ae51bfc: fix: cluster info cards no longer overflow on hover (#8841) (#8949) (@clubanderson)
• 3160571: fix: confirm before kubeconfig upload overwrites pasted YAML (#8930) (@clubanderson)
• 21be4bd: fix: dashboard Nodes drillDown aggregates nodes across clusters (#8840) (#8959) (@clubanderson)
• 632f6af: fix: dashboard title no longer obscured by sidebar collapse button (#8891) (#8950) (@clubanderson)
• 19623fd: fix: disable Token Settings Save button during post-save feedback (#8876) (#8889) (@clubanderson)
• 05d6917: fix: extract slice(0, 3) magic number in useCICDStats.ts (#8833) (@clubanderson)
• 8bd6739: fix: gate Add Cluster button on test-connection result (#8924) (@clubanderson)
• 2377e3c: fix: guard notification-verified localStorage write against quota errors (#8897) (@clubanderson)
• 1b43d46: fix: i18n hardcoded English strings across cluster admin/groups/rename dialogs (#8932) (@clubanderson)
• 861dd15: fix: parallelize per-cluster metric collection in captureSnapshot (#8853) (#8865) (@clubanderson)
• 3eca7e7: fix: pin/collapse button UI — solid bg, remove border bleed (Issue 8843) (#8968) (@clubanderson)
• b94dc20: fix: preserve Add Cluster dialog form data across tab switches (#8929) (@clubanderson)
• d483ebb: fix: prevent RenameModal button flash during close animation (#8931) (@clubanderson)
• c6f423f: fix: prevent cluster groups card text overflow on narrow viewports (#8826) (@clubanderson)
• 27a585a: fix: reduce Auto-QA detector false positives + add useModal hook (#8815, #8816) (#8831) (@clubanderson)
• a748811: fix: remove redundant Pin icon from Dashboard header (#8887) (#8948) (@clubanderson)
• 91924b9: fix: rename Predictive Health Monitor to AI Cluster Issue Predictor (#8845) (#8895) (@clubanderson)
• 6d620e9: fix: resolve deploy-test and cache-test nightly failures (#8819) (@clubanderson)
• 3e47aa0: fix: resolve nightly consistency-test and gosec violations (#8817) (@clubanderson)
• 9372282: fix: send X-Requested-With on all /api requests (#8830) (#8832) (@clubanderson)
• b4fdf14: fix: show Next button when Cloud IAM auth is selected in Add Cluster (#8928) (@clubanderson)
• f3acc33: fix: show card count for Multi-Tenancy dashboard in sidebar (#8842) (#8859) (@clubanderson)
• 94ca953: fix: subscribe FluentdStatus to demo mode toggle (#8901) (@clubanderson)
• 3074d86: fix: subscribe KedaStatus to demo mode toggles (#8905) (@clubanderson)
• c1127ce: fix: support Cmd/Ctrl+Enter to submit bug report modal (#8899) (@clubanderson)
• bd76ab5: fix: surface 401 as expired-token error on feedback submit (#8864) (@clubanderson)
• 4f061f5: fix: use bounded fresh context for SQLite ROLLBACK (#8854) (#8855) (@clubanderson)
• 6b1e131: fix: validate SMTP port and prevent silent default-revert (#8894) (@clubanderson)
• 944f8c3: fix: validate Slack webhook URL before test/save (#8874) (#8892) (@clubanderson)
• 24f5a16: fix: validate profile email before save (#8867) (#8890) (@clubanderson)
• 60285f2: fix: wire isDemoData + freshness on Kagent/Keda/Fluentd cards (#8836) (#8957) (@clubanderson)
• fd700e6: fix: wrap Profile/TokenUsage/OpsGenie strings in t() for i18n (#8886) (@clubanderson)
• 08d84e6: fix: wrap Quiet Hours section strings in t() for i18n (#8872) (#8875) (@clubanderson)
• ed75fb9: fix: wrap Settings sync status + PagerDuty strings in t() for i18n (#8885) (@clubanderson)
• 7212b53: refactor: extract AI card result types from CardFactoryModal.tsx (#8608) [part 2] (#8838) (@clubanderson)
• ccff027: refactor: extract AiCardTab subcomponent from CardFactoryModal.tsx (#8608) [part 6] (#8908) (@clubanderson)
• 06e95f4: refactor: extract FieldSuggestChips from CardFactoryModal.tsx (#8608) [part 4] (#8898) (@clubanderson)
• b056ed6: refactor: extract InlineAIAssist result types from CardFactoryModal.tsx (#8608) [part 5] (#8904) (@clubanderson)
• 235c8fa: refactor: extract ManageCardsTab subcomponent from CardFactoryModal.tsx (#8608) [part 7] (#8912) (@clubanderson)
• 4d9df87: refactor: extract T1_TEMPLATES from CardFactoryModal.tsx (#8608) (#8834) (@clubanderson)
• c3b096d: refactor: extract constants from MissionBrowser.tsx (#8624) (#8835) (@clubanderson)
• 6930071: refactor: extract deep-link match helpers from MissionBrowser.tsx (#8624) [part 3] (#8906) (@clubanderson)
• 551d57f: refactor: extract filter-state helpers from MissionBrowser.tsx (#8624) [part 4] (#8909) (@clubanderson)
• 448226f: refactor: extract preview components from CardFactoryModal.tsx (#8608) [part 3] (#8861) (@clubanderson)
• 6ab2a50: refactor: extract pure filter/facet helpers from MissionBrowser.tsx (#8624) [part 2] (#8900) (@clubanderson)
• e425d6a: refactor: extract tree-node fetch helpers from MissionBrowser.tsx (#8624) [part 5] (#8911) (@clubanderson)
• 783597c: ✨ Add comprehensive unit tests for namespace components (#8115) (@Pranjal6955)
• 98432cc: 🌱 : add unit tests for namespace handlers (#8839) (@Pranjal6955)
• f50cfa5: 🌱 Sync workflows from kubestellar/infra (#8934) (@clubanderson)

v0.3.21-nightly.20260418

Changelog

• 863511f: Add screenshot 1 for issue #8644 (@github-actions[bot])
• 85a0d10: Clean up 12 screenshot(s) older than 7 days (@github-actions[bot])
• 6ee8b68: feat(alerts): DND toggle in alerts card + quiet hours in settings (#8732) (@clubanderson)
• 974de39: feat(alerts): per-alert snooze buttons + duration preset chips (#8742) (@clubanderson)
• b540609: feat: ACMM scan auto-refreshes after mission completion (#8615) (@clubanderson)
• 5e58b0d: feat: ACMM scan works on localhost/cluster via Go handler (#8614) (@clubanderson)
• 99cd777: feat: AI Diagnose button on failing CI/CD workflow items (#8731) (@clubanderson)
• 58727f4: feat: AI audit for skipped/stale workflows (#8745) (@clubanderson)
• d6d15a1: feat: CI/CD stat blocks with repo-contextual metrics (#8733) (@clubanderson)
• fcae200: feat: Daily Issues summary cards update on chart zoom/pan (#8779) (@clubanderson)
• 6bce3e3: feat: PR context + repo name + fresh releases across CI/CD cards (#8673) (@clubanderson)
• 47412af: feat: add GA4 events for ACMM mission launches (#8663) (@clubanderson)
• 6ad938f: feat: add SQLite audit table + admin query API (Phase 3 of #8670) (#8782) (@clubanderson)
• 7b868d7: feat: add Zod runtime validation for critical API responses (#8743) (@clubanderson)
• 6e55be4: feat: add Zod runtime validation for critical Kubernetes API responses (#8765) (@clubanderson)
• db5edf4: feat: add audit logging helper + wire RBAC handlers (Phase 1 of #8670) (#8768) (@clubanderson)
• 478e0c4: feat: add container query infra + convert 5 pilot cards (Phase 2 of #8695) (#8781) (@clubanderson)
• c0472ac: feat: add expandable details blurb to all ACMM criteria (#8625) (@clubanderson)
• 5f359ae: feat: add per-user/IP composite rate limit keys + failure tracker (Phase 1 of #8676) (#8767) (@clubanderson)
• 5b87aed: feat: add rate-limit admin visibility + metrics endpoint (Phase 3 of #8676) (#8784) (@clubanderson)
• 80b42c9: feat: add re-scan button to ACMM Feedback Loop Inventory card (#8775) (@clubanderson)
• a39ab80: feat: consistent repo display + central selection across GitHub cards (#8682) (@clubanderson)
• 691d7f6: feat: extract CSRF middleware for consistent protection (#8738) (@clubanderson)
• 509861e: feat: guided decision points in all AI mission prompts (#8630) (@clubanderson)
• 198140b: feat: in-place upgrade smoke workflow (#8721) (@clubanderson)
• 23bb43e: feat: progressive rate-limit thresholds + Retry-After escalation (Phase 2 of #8676) (#8772) (@clubanderson)
• 962c9cf: feat: rollout container queries to remaining cards (Phase 3 of #8695) (#8789) (@clubanderson)
• bfcc221: feat: show day-of-week on Daily Issues chart axis and tooltip (#8726) (@clubanderson)
• 796e9eb: feat: show upgrade-in-progress state on navbar update indicator (#8802) (@clubanderson)
• 799fc5d: feat: unified pipeline data fetch for CI/CD dashboard (#8724) (@clubanderson)
• 0a511fd: feat: wire audit logging into all sensitive handlers (Phase 2 of #8670) (#8769) (@clubanderson)
• 2f92982: fix(acmm): non-scannable .claude/* criteria + .editorconfig + build-deploy.yml detection (#8700) (@clubanderson)
• 4478f20: fix(acmm): rename L5 Semi-Automated / L6 Fully Autonomous + update intro modal + recommendations card for 6 levels (#8692) (@clubanderson)
• 2bfbfb6: fix(acmm): tighten copy, spell out badges, shorten gauge label (#8708) (@clubanderson)
• 6a59b7a: fix(alerts): solid background on DND dropdown — was translucent against card content (#8737) (@clubanderson)
• cd1b716: fix: CI/CD stat accuracy — failure details, PR count, avg duration (#8764) (@clubanderson)
• 1b3f970: fix: Daily Issues & PRs shows demo data on Netlify instead of zeros (#8640) (@clubanderson)
• d7448ad: fix: Export Widgets panel scrolls within modal instead of overflowing (#8657) (@clubanderson)
• 2fc9e18: fix: What's New modal shows recent merged PRs when no release notes (#8667) (@clubanderson)
• 46a6a61: fix: What's New only shows PRs merged since the running commit (#8786) (@clubanderson)
• a6bba75: fix: add a11y attrs and test coverage for dashboard name validation (Fixes #8760) (#8761) (@clubanderson)
• 674aa66: fix: add ci-cd category to widget registry test assertions (#8620) (#8622) (@clubanderson)
• 75c9bd6: fix: add flex-wrap + truncation to all card control bars (#8695 Phase 1) (#8735) (@clubanderson)
• d74c0ce: fix: add rate limit retry logic to Auto-QA workflow (#8794) (@clubanderson)
• 6257387: fix: address 5 Copilot review findings on ACMM scan handler (#8616) (#8619) (@clubanderson)
• a43f575: fix: address 6 Copilot review comments from PR #8654 (#8656) (@clubanderson)
• d0fbf11: fix: address 6 Copilot review comments on CI/CD stat blocks (#8736) (#8744) (@clubanderson)
• e32e250: fix: address Copilot review comments on CI/CD stats (PR #8770) (#8793) (@clubanderson)
• b2217f3: fix: address Copilot review comments on FeatureRequestModal refactor (#8759) (@clubanderson)
• c9ee46b: fix: address Copilot review comments on RepoSubtitle from #8682 (#8701) (@clubanderson)
• faa6677: fix: address Copilot review feedback on DashboardPage (#8631) (#8637) (@clubanderson)
• 564d17f: fix: auto-generate nightly release notes from merged PR titles (#8788) (@clubanderson)
• 690caba: fix: auto-scroll to widget card + accurate CI/CD previews (#8635) (@clubanderson)
• 3645e10: fix: batch UI fixes — sidebar border, configurator overflow, mission icons, profile dropdown (#8746) (@clubanderson)
• 4304f5e: fix: card retry buttons refetch data instead of reloading page (#8698) (@clubanderson)
• 5925c9f: fix: change default Helm pullPolicy to IfNotPresent (#8747) (@clubanderson)
• 31163de: fix: cmd/ctrl+enter submit, sidebar pin in collapsed state, negative bar height (#8653) (@clubanderson)
• 297f8d2: fix: complete PR context across all CI/CD cards (#8699) (@clubanderson)
• 5fa6bd7: fix: derive widget test categories from source-of-truth constants (#8628) (@clubanderson)
• 759837b: fix: eliminate false positives in auto-QA unused deps check (#8629) (@clubanderson)
• 5515466: fix: grant Write/Edit/Glob/Grep tools to mission agent (#8617) (@clubanderson)
• f165870: fix: keep widget preview panel visible while card list scrolls (#8652) (@clubanderson)
• 5a960b3: fix: make critical issue badge apply severity filter on Alerts page (#8740) (@clubanderson)
• 2efe889: fix: make nodes clickable and visible in drill-down views (#8654) (@clubanderson)
• 6869c4c: fix: move Create Cluster with AI button adjacent to Add Cluster (#8642) (#8649) (@clubanderson)
• eb5a04f: fix: move NAME_ERROR_ID to module scope for naming consistency (#8763) (@clubanderson)
• 2efd971: fix: nightly release tag + Daily Issues demo data on Netlify (#8711) (@clubanderson)
• 591b997: fix: prevent stale closure from resetting drill-down navigation stack (#8648) (@clubanderson)
• a1c9e57: fix: reduce GitHub API load to prevent secondary rate limiting (#8720) (@clubanderson)
• f2dec8c: fix: reduce benchmark retry storms causing nightly test suite timeout (#8797) (@clubanderson)
• 2df9ccc: fix: remove redundant gap-y-2 and trailing spaces in card control bars (#8748) (@clubanderson)
• 10a6ac8: fix: rename Open PRs → Active PR Runs, replace Avg Duration with Runs Today (#8770) (@clubanderson)
• af22cbb: fix: replace hardcoded English strings with i18n translations (#8713) (@clubanderson)
• 8b7fdce: fix: resolve 7 arcade game bugs — key trap, chess AI, restart, styling (#8712) (@clubanderson)
• 9709fdd: fix: resolve FAB button truncation on narrow viewports (#8785) (@clubanderson)
• d5130d0...

v0.3.21-nightly.20260417

Changelog

• 68b24fc Add Playwright test for OAuth flow detection (#8342)
• 8be6ed2 Add screenshot 1 for issue #8376
• 0b88cc4 Add screenshot 1 for issue #8380
• 167df5a Add screenshot 1 for issue #8385
• 8ba7679 Add screenshot 1 for issue #8494
• 7b45946 Add screenshot 1 for issue #8561
• 516748a Add screenshot 1 for issue #8565
• 0c8524e Add screenshot 2 for issue #8380
• fb83298 Add screenshot 2 for issue #8494
• 6c4ff45 Clean up 1 screenshot(s) older than 7 days
• cd68dcb feat: show GitHub OAuth setup wizard on Login page when OAuth is not configured (#8545)
• 99568d4 fix(ui): increase FAB right clearance to 64px (#8551 follow-up) (#8567)
• 83ff940 fix: ACMM scan falls back to demo data on localhost/cluster deployments (#8579)
• cc20fc0 fix: CI/CD cards respect repo dropdown selection (#8556) (#8562)
• 1a11132 fix: prevent Settings sidebar flickering on scroll (#8578) (#8587)
• b7483be fix: prevent cluster info cards from overflowing on hover (#8569)
• 1cf1c92 ♻️ Centralize pipeline repo list: server-driven, env-configurable (#8419)
• 41f45cf ♿ fix: replace low-contrast gray text with semantic classes (#8553) (#8574)
• 12b0d3c ⚡ acmm: cache badge + scan for 1 h to scale to 200+ badged repos (#8362)
• 85bbff5 ✨ ACMM: add Launch AI mission star to Feedback Loops Inventory items (#8350)
• 0ee7f1e ✨ ACMM: target-level slider + projected AI/Human balance charts (#8375)
• b275082 ✨ Add educational intro modal to /acmm + grammar fix (#8360)
• 941b273 ✨ GitHub Pipelines dashboard: 4 new cards on /ci-cd (#8394)
• f4c58ac ✨ Multi-repo pulse card + matrix newest-first (#8463)
• 338bfbe ✨ Pipeline repo CRUD + multi-select in filter bar (#8435)
• b73ab41 ✨ Port github-pipelines to Go backend for localhost/in-cluster deploys (#8408)
• 7e4d6c2 ✨ Shared repo filter bar for /ci-cd pipeline cards (#8424)
• 7187a8c ✨ acmm: add 'What is ACMM?' link to re-open the intro modal (#8370)
• a34777a ✨ acmm: enrich Current Level card with why + how to level up (#8434)
• b8bc46a ✨ acmm: scan input accepts full github.com URLs in addition to owner/repo (#8377)
• 25ae12d ✨ acmm: smooth curve transitions on slider drag (#8450)
• 5c68a7f ✨ acmm: stat blocks with mini-graphs in Stats Overview bar (#8478)
• ec45851 ✨ feat(agent): register RamaLama as a local OpenAI-compatible runner (#8400)
• 41fd8f7 ✨ feat(navbar): rotating tagline with AI-generated subtitle slot (#8430)
• 10e4a26 ✨ feat: Kubara Mission Control — AI suggestions, prompt embedding, cluster sizing (#8481, #8482, #8485) (#8540)
• 8400608 ✨ feat: Kubara UX — Mission Explorer CTA + Phase 2/3 badges (#8483, #8484) (#8543)
• 18294eb ✨ feat: Kubara foundation — PayloadProject type, server cache, demo fixtures (#8539)
• 865dfb3 ✨ feat: embeddable widget mode for CI/CD cards (#8571) (#8583)
• 9d260bc 🌱 Add Kmesh to ADOPTERS.md (#4041)
• d86d376 🎨 ACMM: self-rendered badge preview (no shields.io dependency) (#8418)
• ab05c7a 🎨 acmm intro modal: hide misleading Esc/Space hints (#8368)
• 1f2cfdd 🎨 acmm: add ACMM to default sidebar nav (#8465)
• f8b636b 🎨 acmm: breathing room on Current Level + sort inventory by level (#8442)
• 4898ff7 🎨 acmm: right-align 'Ask agent for help' in Feedback Loops expanded row (#8364)
• 3a1fc49 🎨 docs: ACMM badge uses KubeStellar globe-and-star logo
• 13cfd7b 🎨 docs: add ACMM badge to README
• 3eaa30a 🎨 docs: enlarge ACMM badge logo
• 348705b 🎨 fix(navbar): random tagline start + expand tagline pool (#8490)
• 08b1b9f 🎨 fix: card +/kebab overlap, PredictiveHealth button align, EventStream pagination (#8383 #8385 #8381) (#8401)
• 29b9084 🎨 fix: clarify 'Live' card-badge tooltip (#8363) (#8371)
• 85b80d0 🐛 Fix: Daily Issues & PRs respects central repo selection (#8573)
• 8220ed0 🐛 Fix: Nightly Release Pulse respects repo filter (#8566)
• 471396f 🐛 Fix: What's New button does nothing on click (kill-switch removal) (#8527)
• 38cc481 🐛 Pulse card: NightlyE2E-style dots, newest-first, hourly cache rotation, demo install prompt (#8441)
• fb9e1f1 🐛 docs: cache-bust ACMM badge to force GitHub camo re-fetch
• 311f3a8 🐛 fix(mission-control): modal top inset clears navbar instead of hiding behind it (#8555)
• 00bb4ee 🐛 fix(missions): auto-seed sidebar key + stop setup dialog re-popping on refresh (#8440)
• 589be48 🐛 fix(missions): persist sidebar open/closed state instead of guessing from mission status (#8436)
• dcbad61 🐛 fix(missions): sidebar ESC yields to open modals instead of closing both (#8429)
• 37f74b4 🐛 fix(missions): stop sidebar from auto-opening on refresh for terminal missions (#8428)
• 56f9c49 🐛 fix(modals): ESC closes only the front-most stacked modal + taller prompt editor (#8414)
• 6888931 🐛 fix(nightly-gh-aw-version-check): exclude pre-releases (#8356)
• 68300dc 🐛 fix(nodes-drilldown): explain empty list when RBAC blocks node enumeration (#8359)
• a60b04f 🐛 fix(pipelines): correct event name for install dialog gate (#8473)
• 996e051 🐛 fix(test): DashboardGrid min-height test tracks EXPANDED_CARD_ROW_MIN_HEIGHT_PX (#8351) (#8357)
• 73c1d3e 🐛 fix(ui): FAB button clipped to half-circle by scrollbar (#8551)
• 7352d18 🐛 fix(ux): NPS graceful fallback on localhost + ACMM intro modal closes on ESC (#8406)
• ec7d317 🐛 fix(watchdog): return JSON 503 for XHR/fetch calls, not HTML (#8407)
• 3bc887f 🐛 fix: ACMM GA4 event dedup, dead code removal, zero-criteria tracking (#8498) (#8501)
• 2891bf3 🐛 fix: BaseModal close tooltip reflects escape enablement (#8386) (#8395)
• 7d225da 🐛 fix: CTA button text truncation on smaller screens (#8421)
• a36e1f3 🐛 fix: Cluster Info Card click targets and GPU flicker (#8597) (#8599)
• fd7fb88 🐛 fix: GPU fallback respects authoritative empty + footer cursor scoping (#8601) (#8602)
• 71d8770 🐛 fix: GPU zero-state, warning empty state, PVC status, cluster selection feedback (#8511, #8515, #8516, #8519) (#8530)
• 465cec0 🐛 fix: IssueActivityChart fetches live data in demo mode (#8585)
• 871a99f 🐛 fix: Login wizard — Copilot review + hex ratchet (#8546, #8547) (#8558)
• 3975080 🐛 fix: Pod Health Trend time range + Cluster Health responsive layout (#8512, #8518) (#8531)
• 2a491f5 🐛 fix: System Updates checker rapid-fire errors (#8584) (#8591)
• 49c38a8 🐛 fix: What's New modal for developer-mode (SHA-based) updates (#8548)
• 7ed773a 🐛 fix: add MSW mock for /gpu-nodes/stream SSE endpoint (#8489)
• 6f9ada9 🐛 fix: add acmm to enabled dashboards + address Copilot review (#8468) (#8475)
• e910a61 🐛 fix: add missing headers to forceRefetch test mock response (#8590) (#8594)
• df83c40 🐛 fix: address Copilot review on cardHooks + add keyboard focus to insert button (#8413)
• 94ac31b 🐛 fix: address Copilot review on github-pipelines + restore ratchet (#8417, #8422) (#8427)
• 144fe78 🐛 fix: align ACMM badge preview counts with shields.io endpoint (#8432)
• 9092613 🐛 fix: allow pipeline cards to query any GitHub repo (#8563)
• e169303 🐛 fix: banner X button propagation opens modal instead of dismissing (#8420)
• bfb4de3 🐛 fix: broaden card prune filter to include component-only cards (#8438) (#8449)
• 68e4d0a 🐛 fix: card removal error handling + duplicate toast ...

v0.3.21-nightly.20260416

Changelog

• 63971f0 Add screenshot 1 for issue #7083
• 9cb8e3d Add screenshot 1 for issue #7084
• 50177e6 Add screenshot 1 for issue #7184
• b474b9f Add screenshot 1 for issue #7405
• 50d4eee Add screenshot 1 for issue #7881
• 130ac5a Add screenshot 1 for issue #7944
• e74f3ca Add screenshot 1 for issue #8202
• b899fdd Add screenshot 1 for issue #8291
• 7a93ed5 Add screenshot 1 for issue #8297
• 0afcb73 Add screenshot 1 for issue #8299
• b8a845f Add screenshot 1 for issue #8337
• 54e36ee Add screenshot 2 for issue #8202
• 29a1053 Clean up 1 screenshot(s) older than 7 days
• 446669b Clean up 2 screenshot(s) older than 7 days
• f8a7df9 Clean up 5 screenshot(s) older than 7 days
• 96ddbb8 chore(deps): Bump @eslint/js from 9.39.2 to 10.0.1 in /web (#7627)
• 3630de4 chore(deps): Bump @netlify/functions from 5.1.5 to 5.2.0 in /web (#7636)
• ea99044 chore(deps): Bump @storybook/addon-a11y from 10.3.4 to 10.3.5 in /web (#7634)
• 89df68d chore(deps): Bump @vitest/coverage-v8 from 4.1.2 to 4.1.4 in /web (#7631)
• 9ca47ee chore(deps): Bump azure/setup-helm from 4.2.0 to 5.0.0 (#7625)
• 9ac03d0 chore(deps): Bump azure/setup-kubectl from 3.2 to 5 (#7621)
• 611bb6a chore(deps): Bump docker/build-push-action from 6.16.0 to 7.1.0 (#7620)
• 1483ba9 chore(deps): Bump docker/login-action from 3.4.0 to 4.1.0 (#7626)
• 95b2007 chore(deps): Bump eslint from 9.39.2 to 10.2.0 in /web (#7628)
• 5e3b9b8 chore(deps): Bump golang.org/x/sync from 0.19.0 to 0.20.0 (#7623)
• 08e8661 chore(deps): Bump modernc.org/sqlite from 1.48.1 to 1.48.2 (#7619)
• 794385f chore(deps): Bump msw from 2.12.14 to 2.13.2 in /web (#7635)
• 38be29c chore(deps): Bump projectdiscovery/nuclei-action from 2 to 3 (#7622)
• fff47db chore(deps): Bump react-is from 19.2.4 to 19.2.5 in /web (#7624)
• fc43c61 chore(deps): Bump storybook from 10.3.4 to 10.3.5 in /web (#7630)
• 07d6893 chore(deps): Bump tailwind-merge from 2.6.1 to 3.5.0 in /web (#7632)
• a680a3b chore(deps): Bump vitest from 4.1.2 to 4.1.4 in /web (#7629)
• 6ac6a1c docs(adopters): drop user @-mentions from Submariner row (#6224)
• 4cb7b3e feat(backend): implement WorkloadDeployment reconciliation loop (#6513) (#6934)
• 0a06e5c feat(drasi): real integration — REST adapters + SSE stream + gear CRUD (#8158)
• fb65481 feat(drasi): route spanning-query to sse-stream + varied traffic patterns (#7883)
• e90060b feat(drasi): selected query with results spans full width (#7880)
• e0635b8 feat(drasi): visual polish — line state colors + hover dimming + KPIs (#8163)
• dece78b feat: HTTPS/HTTP2 support on watchdog for connection pool multiplexing (#7744)
• 82ae93c feat: add Drasi reactive graph dashboard (#7832)
• eebf509 feat: add OpenKruise monitoring card (#7437)
• 58517b1 feat: add route and modal smoke test with hourly CI workflow (#7662)
• baf0283 feat: remaining loading states, PVC drilldown, list drilldowns, unified storage source (#6772,#6812,#6813,#6814) (#6919)
• 2c7f103 feat: vertical card resize, cluster AI button, mission rollback (#6313, #6454, #6463) (#6977)
• 15f50f4 fix ci nohup (#7807)
• 7c74183 fix(agent): restart-backend resolves real port + console binary (#7945) (#7983)
• 1438eb0 fix(auth): add CSRF header to AuthCallback /auth/refresh call (#6925)
• beb9c5f fix(auth): clear session hint on 401 to prevent refresh loop (#6930) (#6931)
• 71303f5 fix(auth): persist auto-generated JWT secret across restarts in dev mode (#6850) (#6910)
• be946db fix(auth): return JWT token in /auth/refresh response body
• 5b2013f fix(auth): skip /auth/refresh when no session cookie exists (#6925) (#6928)
• e7bacfa fix(backend): GPU metrics races, proxy safety, connection reuse, cache stampede (#7015-#7025) (#7051)
• 2e7d408 fix(backend): SSE goroutine safety, MCP error propagation, notification persistence (#6945-#6956) (#6973)
• c2896e4 fix(backend): SSE/WS safety, exec goroutine join, nightly E2E hardening (#7041-#7057) (#7069)
• a4772a9 fix(backend): auth gaps, race conditions, panic guards, selector injection (#6996-#7004) (#7027)
• 6b554a5 fix(backend): dashboard limits, cluster group persistence, validation, parallel queries (#7005-#7013) (#7026)
• 2d7fddb fix(backend): feedback client reuse, media limits, GHE support, cache stampede (#7058-#7066) (#7070)
• 0c38d39 fix(backend): nil-safety guards for 32 nilaway findings (#6848) (#6971)
• c34d0b6 fix(charts): 6 data display bugs — version ordering, progress calc, usage vs requests, multi-cluster delta, null gaps, header sync (#6878)
• d39e33d fix(ci): address Copilot review on nightly dev-login retry loop (#7941) (#7954)
• c7c6dfe fix(ci): auth smoke test checks HTTP 200 not JSON /health
• bc140d9 fix(ci): disable remaining agentic workflow files (.lock.yml)
• eaa7db6 fix(ci): mirror fullstack-e2e pattern — separate steps, PORT env, PID file
• 9e34f5e fix(ci): only open issues for Build failures on main, not PR branches (#7646)
• b2f7027 fix(ci): revert to static serve — Go backend has systemic CI ERR_CONNECTION_REFUSED
• 73cfe0a fix(ci): rewrite auth smoke test to use local backend instead of production (#7770)
• 77929ae fix(ci): serve built frontend for UX journey tests (#7678)
• dc20a09 fix(ci): switch UX nightly from static serve to Go backend in dev mode (#7776)
• 7aa7c43 fix(ci): wait for /auth/dev-login JSON in nightly auth contract test (#7940)
• c8048dc fix(ci): wait for /healthz not /health in UX nightly
• 2205f6d fix(cluster-admin): show total cluster count to match other dashboards (#7996)
• d2c8710 fix(dashboard): pin scroll position drifts after navigating back (#7944) (#7953)
• 61b8c22 fix(deploy): switch vllm-d console storage to IBM VPC block (#7928) (#7946)
• 82d2a8a fix(drasi): dynamic line positioning and working node controls (#7868)
• a9efd92 fix(drasi): match original layout — vertical trunks, dashed/solid flow, node controls (#7857)
• 1e98ab6 fix(drasi): narrow node blocks, give trunk lines more room (#7879)
• 6ae7268 fix(drasi): show demo counts in stats overview (#7859)
• e085f91 fix(drasi): shrink flow dots and connection lines (#7863)
• 07863a3 fix(drasi): trunk2 gets a dedicated column + trunks show flow dots (#7886)
• d4d68e2 fix(e2e): address Copilot review comments from PR #7768 (#7775)
• 1a07a5b fix(e2e): remove combined a11y test (60s timeout) + add list reporter (#7740)
• f066553 fix(e2e): stabilize UX journey tests — selectors, error filters, demo setup (#7766)
• 7b7d0e6 fix(e2e): stabilize round 3 — CORS filter, search shortcut, drilldown skip (#7768)
• 8756f77 fix(exec): add WS ping/pong heartbeat to prevent zombie goroutines (#6891) (#6892)
• d8577e9 fix(exec): address Copilot review on #7997 (#8002) (#8008)
• 14cabe3 fix(exec): log + count dropped stdin frames (#7995) (#7997)
• 649ef47 fix(gpu): reservation validation, TOCTOU race, capacity consistency, query batching (#6957-#6964) (#6972)
• 0764347 fix(gpu): utilization query limit, cancellable worker, per-reservation context (#6965-#6967) (#6974)
• 6971c58 fix(handlers): cap io.ReadAll on upstream streams (#7963, #7964) (#7987)
• 2e4af07 fix(handlers)...