Releases: trydirect/stacker
Releases · trydirect/stacker
v0.2.9
What's new
stacker logs— fixed for cloud/remote deployments; now uses live container discovery instead of the cached snapshotstacker logs— log output now shown correctly (messages were fetched but not printed)stacker agent health— fixed "Container 'all' not found" error when no--appflag given; no-arg now lists all containers with CPU% and MEM%stacker proxy detect— fixed for remote deployments; now uses live container scan instead of snapshotstacker agent status— added PORTS column to container table; separator lines aligned to table width- Status icons —
online,running,exited,offline,restartingstates now show correct icons instead of? - Auto-inject
default_network— services exposed via nginx-proxy-manager automatically get the shared proxy network added to their compose config
v0.2.8
Highlights
- Remote service/app target secrets for deployable service targets
- MCP remote service secret tools with auth hardening
- Cloud firewall operations and cloud deploy SSH backup access
- Managed Nginx Proxy Manager duplication fix and firewall port detection improvements
- Local Pipe Mode and canonical runtime environment rendering
- App-only deploy environment selection for
stacker agent deploy-appandstacker secrets push
Latest stabilization fixes included
stacker agent deploy-appnow preserves the shared project.envin the deploy-app config bundle when the runtime topology uses rootenv_file: .env- App-local compose/env deploy-app flows now merge into the project topology instead of replacing the remote stack compose
- Deploy-app reuses stored private registry auth for Status-managed pulls
Paired release
- Release this together with Status v0.1.9 so the recent env/deploy-app fixes ship consistently across both repos.
v0.2.7 — Security Hardening & Pipe Feature
🔒 Security
- 69 IDOR security tests across 12 test files covering every API endpoint
- Defense-in-depth:
user_idparameter added to all DB delete/fetch functions (project, cloud, server) - Cross-user isolation: list endpoints return only the authenticated user's resources
- CLI endpoint tests: 18 dedicated tests verifying
stacker list,deploy, anddestroyhonor user boundaries - Credential logging hardened: sensitive data no longer printed to server logs
🔧 Pipe Feature (Phase 1)
stacker pipe list— query and display pipe instances with status, triggers, errorsstacker pipe create— interactive flow: scan both apps, pick endpoints, auto-match fields, create template + instancestacker pipe activate— set pipe to active, sendactivate_pipeagent command with full configstacker pipe deactivate— pause pipe, senddeactivate_pipeagent commandstacker pipe trigger— one-shot pipe execution with optional JSON inputPUT /api/v1/pipes/instances/{id}/status— new REST endpoint- Agent command types:
activate_pipe,deactivate_pipe,trigger_pipewith full validation (9 unit tests) - 6 new client methods + 4 API request/response structs
🐛 Fixes
- Per-target deployment lock files prevent
stacker deploy --target localfrom overwriting cloud deployment records - Cloud credential duplicate-key error on repeated deploys
- Upstream validation fix for cargo dependencies
📊 Test Coverage
- 772 unit tests passing
- 69 integration security tests (skip gracefully without Postgres)
- 18 CLI endpoint IDOR tests
v0.2.6 — Kata Containers, Pipes, Audit, Marketplace
What's New in v0.2.6
🔒 Kata Containers Runtime Support
runtimefield ondeploy_app/deploy_with_configscommands — values:runc(default),kata- Server-side validation rejects unknown runtime values (HTTP 422)
- Capability gating: agents without
katafeature are rejected before command dispatch --runtime kata|runcflag onstacker deployandstacker agent deploy-app- DB migration:
runtimecolumn persisted per deployment - Vault: per-deployment runtime preference + org-level "must use Kata" policy
- Compose templates conditionally emit
runtime: kataper service - Hetzner CCX (dedicated-CPU/KVM) provisioning via Terraform + Ansible
- Full docs:
docs/kata/— setup guide, Hetzner KVM guide, network constraints, monitoring
🔗 Pipe (Container Linking) Foundation
stacker pipe scan|create|list— connect containerized appsProbeEndpointsagent command: auto-discovers OpenAPI, HTML forms, REST endpoints- Two-level storage:
pipe_templates(reusable) +pipe_instances(per-deployment) - REST API:
POST/GET/DELETE /api/v1/pipes/templatesand/instances
📊 Agent Audit Ingest & Query
POST /api/v1/agent/audit— receive audit event batches from Status PanelGET /api/v1/agent/audit— query audit log with filters- Migration:
agent_audit_logtable
🛒 Marketplace Developer & Buyer Flows
stacker submit— package and submit stack to marketplacestacker marketplace status|logs— track submissions- Buyer install/download endpoints + agent self-registration
🔥 Firewall (iptables) Management
- MCP tools:
configure_firewall,list_firewall_rules,configure_firewall_from_role - Status Panel and SSH execution methods
- Public/private port rules with persistence
🐛 Fixes
- Casbin ACL:
group_adminGET access to/admin/project/:id/compose
Full changelog: https://github.com/trydirect/stacker/blob/v0.2.6/CHANGELOG.md
v0.2.5
What's Changed
- Redeploy. FIX:Casbin policies use 'client' as the subject not numeric… by @vsilent in #125
- chore(deps): update postgres docker tag to v16.13 by @renovate[bot] in #85
- enrich service catalog, nginx proxy auto inject docker hub image by @vsilent in #124
- Feature redeploy lock by @vsilent in #127
- Add interactive cloud credential selection on
stacker deploy --target cloudby @Copilot in #129 - Dev by @vsilent in #134
Full Changelog: v0.2.4...v0.2.5
Contributors
vsilent and renovate
Assets 5
v0.2.4
Contributors
vsilent
Assets 5
v0.2.3
What's Changed
- feat: add pricing columns to stack_template + enrich webhook payload by @vsilent in #106
- feat(mcp): Add Ansible roles management tools for SSH deployments by @vsilent in #105
- Dev by @vsilent in #107
- Cli by @vsilent in #114
- Feature ai chat driven by @vsilent in #111
Full Changelog: v0.2.2...v0.2.3
Contributors
vsilent
Assets 2
v0.2.2
What's Changed
- Issue 17 by @vsilent in #18
- Dev by @vsilent in #21
- Update README.md by @vsilent in #22
- Issue auth by @smart--petea in #23
- Issue auth by @smart--petea in #24
- Issue auth by @smart--petea in #27
- Merge dev by @vsilent in #32
- Bump h2 from 0.3.21 to 0.3.24 by @dependabot[bot] in #29
- Bump tracing from 0.1.39 to 0.1.40 by @dependabot[bot] in #28
- 30 access policies by @smart--petea in #36
- Issue 33 by @vsilent in #39
- 30 access policies by @vsilent in #40
- Issue 33 by @vsilent in #41
- Casbin debug by @smart--petea in #46
- Update README.md by @vsilent in #48
- Update README.md by @vsilent in #49
- Update README.md by @vsilent in #50
- Update README.md by @vsilent in #51
- 43 secure cloud tokens by @vsilent in #52
- 47 delete endpoints by @smart--petea in #53
- 54 parallel dockerhub requests by @smart--petea in #56
- 57 conditional rating serialization by @smart--petea in #58
- Dev by @vsilent in #59
- Configure Renovate by @renovate[bot] in #63
- Update Rust crate sqlx to 0.8.0 [SECURITY] by @renovate[bot] in #64
- Update Rust crate base64 to v0.22.1 by @renovate[bot] in #65
- Update Rust crate sqlx to 0.8.1 [SECURITY] by @renovate[bot] in #67
- Update actions/cache action to v3.5.0 by @renovate[bot] in #84
- Potential fix for code scanning alert no. 18: Cleartext logging of sensitive information by @vsilent in #95
- Update GitHub Artifact Actions (major) by @renovate[bot] in #90
- Rename is_plan_upgrade to is_plan_higher_tier by @Copilot in #98
- Extract parse_bool_env helper to deduplicate boolean parsing logic by @Copilot in #99
- Potential fix for code scanning alert no. 5: Cleartext logging of sensitive information by @vsilent in #100
- Feature user service refactoring by @vsilent in #94
New Contributors
- @dependabot[bot] made their first contribution in #29
- @renovate[bot] made their first contribution in #63
- @Copilot made their first contribution in #98
Full Changelog: v0.2.1...v0.2.2
Contributors
vsilent, renovate, and 2 other contributors