Commit graph

  • 1617285d23 infra: add kubectl + authentik providers across 6 stacks Viktor Barzin 2026-05-21 08:07:22 +00:00
  • c09230815c openclaw: enable recruiter-api plugin (allowlist + manifest contracts) Viktor Barzin 2026-05-20 21:56:11 +00:00
  • 57ab903a0c recruiter-responder: deploy d7892396 — OpenClaw-driven flow Viktor Barzin 2026-05-20 21:14:11 +00:00
  • 18928eb8ac recruiter-responder + openclaw: wire gpt-mini secret keys + VIKTOR_CHAT_ID Viktor Barzin 2026-05-20 21:10:56 +00:00
  • 0c8b46df55 k8s-version-upgrade: fix two more grep-pipefail bugs Viktor Barzin 2026-05-20 20:59:10 +00:00
  • 10b261d2db k8s-version-upgrade: fix pipefail abort when no alerts are firing Viktor Barzin 2026-05-19 22:19:06 +00:00
  • f5917f0eb3 security(wave1): W1.6 expand observation from recruiter-responder pilot → tier 3+4 (82 namespaces) Viktor Barzin 2026-05-19 22:14:16 +00:00
  • e9054e6b1b security(wave1): W1.6 observe phase LIVE — Calico GNP action:Log pilot on recruiter-responder Viktor Barzin 2026-05-19 22:10:42 +00:00
  • 7a1751a668 upgrade-state: filter transient registry digest-check errors Viktor Barzin 2026-05-19 22:06:21 +00:00
  • 359b0277f8 dbaas: opt MySQL out of Keel + add do-not-bump warning Viktor Barzin 2026-05-19 13:21:03 +00:00
  • 0fab599dbc state(dbaas): update encrypted state Viktor Barzin 2026-05-19 13:20:39 +00:00
  • 9fd54143c2 docs: design + plan for MySQL 8.4.8 → 8.4.9 upgrade Viktor Barzin 2026-05-19 13:10:00 +00:00
  • 669ba97078 security(wave1): W1.1 audit-log shipping LIVE + W1.5 trusted-registries Enforce LIVE Viktor Barzin 2026-05-19 06:37:54 +00:00
  • 8ef4f06ac0 recruiter-responder: bump image to 444fa58c (header CRLF fix) Viktor Barzin 2026-05-18 22:55:09 +00:00
  • 6024cfb410 docs: update MySQL restore runbook + CLAUDE.md after 8.4.9 recovery Viktor Barzin 2026-05-18 22:51:52 +00:00
  • ea475c3d86 dbaas: pin MySQL to 8.4.8, recover from broken 8.4.9 DD upgrade Viktor Barzin 2026-05-18 22:46:54 +00:00
  • a04bf3a7f3 state(dbaas): update encrypted state Viktor Barzin 2026-05-18 22:31:52 +00:00
  • 90e074a4a2 kyverno(wave1): swap kubernetes_manifest → kubectl_manifest + flip 3 security policies to Enforce Viktor Barzin 2026-05-18 20:10:27 +00:00
  • 0560d81f3a monitoring(wave1): re-enable Loki+Alloy, deploy wave1 alert rules, add #security Slack lane Viktor Barzin 2026-05-18 19:51:57 +00:00
  • 34c1d64a88 upgrade-state: suppress known-benign Keel slack-bot-not-configured noise Viktor Barzin 2026-05-18 19:45:40 +00:00
  • 82fedf1336 security(wave1): Vault audit-tail sidecar (live) + doc reality-check Viktor Barzin 2026-05-18 19:37:36 +00:00
  • 3af3f0507b state(vault): update encrypted state Viktor Barzin 2026-05-18 19:33:17 +00:00
  • f30c141270 security(wave1): W1.2 Vault XFF (applied) + W1.4/W1.5 Kyverno code prep (apply blocked on provider crash) Viktor Barzin 2026-05-18 19:26:39 +00:00
  • b85a5ecebd monitoring(wealth): drop 6y timeFrom override on META vest cadence Viktor Barzin 2026-05-18 19:25:29 +00:00
  • 0eb5c8c292 state(vault): update encrypted state Viktor Barzin 2026-05-18 19:17:04 +00:00
  • 4f64f51bba realestate-crawler: dockerhub pull-secret + lift image-pin on ui/api Viktor Barzin 2026-05-18 19:11:43 +00:00
  • 0a4ce162f8 monitoring(wealth): keep only FIFO-realized PNL table; pair Positions + vest-cadence side-by-side Viktor Barzin 2026-05-18 19:11:13 +00:00
  • 01de3babd6 docs(security): wave 1 plan — Kyverno enforce, NetworkPolicy egress, audit logging, source-IP anomaly Viktor Barzin 2026-05-18 19:10:16 +00:00
  • 20018cd9b4 monitoring(wealth): per-vest realized PNL via FIFO sell-match Viktor Barzin 2026-05-18 18:43:46 +00:00
  • 14befe3998 monitoring(wealth): META vest cadence chart — value vs shares (dual axis) Viktor Barzin 2026-05-18 18:38:36 +00:00
  • 3d5841a776 monitoring(wealth): META vest + sell PNL tables with FIFO cost basis Viktor Barzin 2026-05-18 18:36:00 +00:00
  • 37c7668181 monitoring(wealth): pin META RSU panel to 6y window Viktor Barzin 2026-05-18 18:30:10 +00:00
  • 9a06a76883 k8s-version-upgrade: switch detection cron from weekly to daily Viktor Barzin 2026-05-18 18:29:08 +00:00
  • 2d6082c724 monitoring(wealth): META RSU vest value panel (Schwab account) Viktor Barzin 2026-05-18 18:25:34 +00:00
  • 9e045e2c16 upgrade-state: skill + script + Keel scrape for periodic three-pipeline audit Viktor Barzin 2026-05-18 10:50:43 +00:00
  • a9cb806e86 beads-server: codify Keel annotations on Dolt deployment (drift cleanup) Viktor Barzin 2026-05-17 22:22:40 +00:00
  • 8a6ec72039 RecentNodeReboot: 24h → 1h threshold, matching upgrade-chain preflight Viktor Barzin 2026-05-17 22:22:01 +00:00
  • 62fb46353c beads-server: add presence_claims table for agent coordination Viktor Barzin 2026-05-17 21:24:24 +00:00
  • 4f2959866d k8s-version-upgrade: FQDN SSH targets + python3 in place of envsubst Viktor Barzin 2026-05-17 21:10:58 +00:00
  • dd1ec4f1be docs/plans: add agent presence implementation plan (2026-05-17) Viktor Barzin 2026-05-17 21:03:17 +00:00
  • bcf22640b2 keel: enroll 11 more namespaces (operators + critical infra) Viktor Barzin 2026-05-17 20:59:14 +00:00
  • 1b340ef531 keel: enroll 15 critical-path namespaces for digest-only auto-update Viktor Barzin 2026-05-17 12:13:22 +00:00
  • a2d23c1dfb nvidia: bump driver container memory limit 128Mi → 2Gi Viktor Barzin 2026-05-17 11:23:52 +00:00
  • d06a34ccc7 docs: known-issues entry for the Ubuntu 26.04 / NVIDIA driver gap Viktor Barzin 2026-05-17 11:15:26 +00:00
  • 9521bb0b17 paperless-mcp: deploy MCP for AI document search Viktor Barzin 2026-05-17 11:14:35 +00:00
  • 2eb611fd6d recruiter-responder: bump image to 05b95943 (split callback routes) Viktor Barzin 2026-05-17 11:01:49 +00:00
  • 128cfbbc30 nvidia: pin chart to v25.10.1 after v26.3.1 upgrade revealed missing ubuntu26.04 driver images Viktor Barzin 2026-05-17 10:56:05 +00:00
  • 38602f7974 wireguard: switch to iptables-nft so PostUp MASQUERADE works Viktor Barzin 2026-05-17 10:13:37 +00:00
  • f4807a22f8 terminal: probe + alerts after Traefik replica routing-table skew Viktor Barzin 2026-05-17 10:04:26 +00:00
  • 1fad83a805 recruiter-responder: bump image_tag to 50f43004 (backtest --persist) Viktor Barzin 2026-05-17 09:57:17 +00:00
  • a3bebd5c0d nfs-csi: pin chart v4.13.1 + controller affinity (post-mortem) Viktor Barzin 2026-05-17 09:11:09 +00:00
  • 98b7ef40fd broker-sync(fidelity): un-suspend monthly CronJob Viktor Barzin 2026-05-17 00:36:23 +00:00
  • 32db6760cc keel: use +() anchors on policy/match-tag so per-workload overrides stick Viktor Barzin 2026-05-17 00:32:06 +00:00
  • 05473ab501 Woodpecker CI Update TLS Certificates Commit root 2026-05-17 00:10:49 +00:00
  • 0365ed83ca keel: expand critical-namespace exclude list — protects vault/cnpg/authentik/etc. Viktor Barzin 2026-05-17 00:07:32 +00:00
  • cdd6781bb9 keel: bump default policy patch → major (user wants latest version) Viktor Barzin 2026-05-16 23:53:59 +00:00
  • b37d15fe33 recruiter-responder: bump image_tag to 94b37a9c (follow-up detection) Viktor Barzin 2026-05-16 23:47:16 +00:00
  • 055030fa24 kyverno: bump background-controller memory 384Mi → 2Gi (OOMKilled processing keel URs) Viktor Barzin 2026-05-16 23:36:16 +00:00
  • 7ef386871f recruiter-responder: bump image_tag to 02a01c9a (Reply-To + quoted body in replies) Viktor Barzin 2026-05-16 23:35:52 +00:00
  • de0e7b9dd6 kyverno: codify aggregated ClusterRole for keel mutate-existing Viktor Barzin 2026-05-16 23:30:07 +00:00
  • fc1c98de69 recruiter-responder: bump image_tag to 59df5f8a (Reply-To honoured) Viktor Barzin 2026-05-16 23:27:47 +00:00
  • bc714755ea kyverno: add mutateExistingOnPolicyUpdate=true so existing workloads get annotated Viktor Barzin 2026-05-16 23:27:27 +00:00
  • 8b9727ac3e final wave: enroll immich + status-page, retrigger 17 pending Bucket A Viktor Barzin 2026-05-16 23:18:59 +00:00
  • 73af01a277 Woodpecker CI deploy [CI SKIP] root 2026-05-16 23:17:44 +00:00
  • e956b78951 Bucket C: enroll 5 raw-deploy stacks in Keel auto-update Viktor Barzin 2026-05-16 23:14:43 +00:00
  • eb99ee5635 Bucket A retrigger + Bucket D enrollment (5 module-nested stacks) Viktor Barzin 2026-05-16 23:10:38 +00:00
  • 629fe24305 kyverno: exclude calico-system from inject-keel-annotations Viktor Barzin 2026-05-16 22:58:20 +00:00
  • 57e3059f5b ci: retrigger v4 — remaining 16 Keel stacks (#701 failed one of them) Viktor Barzin 2026-05-16 14:13:59 +00:00
  • cbbb394e88 ci: retrigger v3 — apply remaining 22 Keel-enrolled stacks Viktor Barzin 2026-05-16 14:06:39 +00:00
  • e030750507 openclaw: native MCP servers + daily claude-memory sync Viktor Barzin 2026-05-16 14:01:46 +00:00
  • 7bcd3f745c ci: retrigger v2 — apply pending Keel-enrolled stacks (#697 was cancelled by #698) Viktor Barzin 2026-05-16 13:46:35 +00:00
  • a4b5dfd361 Woodpecker CI deploy [CI SKIP] root 2026-05-16 13:45:45 +00:00
  • 2841347ec2 wealth: dav_corrected view fixes pension gains-offset miscategorisation Viktor Barzin 2026-05-16 13:43:36 +00:00
  • 70d0623b21 ci: retrigger apply for pending Keel enrollment (~58 stacks) Viktor Barzin 2026-05-16 13:42:57 +00:00
  • 3ed201f873 ci: retry after Keel rollout cascade settled Viktor Barzin 2026-05-16 13:36:43 +00:00
  • 175ebc5cd0 enrolled-patch stacks: ignore image drift from Keel auto-update Viktor Barzin 2026-05-16 13:24:16 +00:00
  • 6d71a91fad calico: unenroll from Keel — tigera-operator owns DaemonSet spec Viktor Barzin 2026-05-16 13:18:35 +00:00
  • 2b236a1629 keel: default policy → patch (semver-bounded opt-out auto-update) Viktor Barzin 2026-05-16 13:17:33 +00:00
  • 8bb704bfd1 recruiter-triage: AI culture & tooling section + warm-engage AI ask Viktor Barzin 2026-05-16 13:14:27 +00:00
  • d656e38c9d keel: default policy → never (post-incident safe default) Viktor Barzin 2026-05-16 13:13:16 +00:00
  • 06f48c73ca keel: enable Slack notifications on every upgrade Viktor Barzin 2026-05-16 13:01:35 +00:00
  • 8f4b19565c recruiter-responder: bump image_tag to 189ef901 Viktor Barzin 2026-05-16 12:41:05 +00:00
  • d0f0e10da5 keel: pin chart 1.0.6 → 1.2.0 (1.0.6 doesn't exist) Viktor Barzin 2026-05-16 12:30:19 +00:00
  • 48abb7c520 kured: drop Mon-Fri restriction, reboot any day Viktor Barzin 2026-05-16 12:29:01 +00:00
  • 8cbfa6856c Phase 1a: enroll 4 self-hosted services in Keel auto-update Viktor Barzin 2026-05-16 12:28:54 +00:00
  • 32e3b09d85 recruiter-responder: bump image_tag to f3cb91ff (180d research_cache TTL) Viktor Barzin 2026-05-16 12:26:15 +00:00
  • 95fb859ea1 recruiter-triage v3: Perks & Office Life section + cache-first deep_research Viktor Barzin 2026-05-16 12:21:23 +00:00
  • 910167105e Phase 0: install Keel + Kyverno auto-update annotation injector Viktor Barzin 2026-05-16 12:19:34 +00:00
  • a8302072eb docs/pm: kured silently stalled 6 days + Anubis HA lift (2026-05-16) Viktor Barzin 2026-05-16 12:17:26 +00:00
  • a726e963e3 kured + cnpg: drain-safe defaults ahead of Monday reboot wave Viktor Barzin 2026-05-16 12:06:30 +00:00
  • 16a470e950 state(dbaas): update encrypted state Viktor Barzin 2026-05-16 12:05:55 +00:00
  • 1361dfa994 state(dbaas): update encrypted state Viktor Barzin 2026-05-16 12:05:16 +00:00
  • 6e920f96af anubis: HA with shared valkey/redis store + replicas=2 Viktor Barzin 2026-05-16 11:54:54 +00:00
  • cf5b169cbb claude-agent-service: ship recruiter-triage agent + restore missing terragrunt.hcl Viktor Barzin 2026-05-16 11:53:49 +00:00
  • 7e5e0e7080 docs: add CONTEXT.md domain glossary [ci skip] Viktor Barzin 2026-05-16 11:48:19 +00:00
  • 0bb647342d recruiter-responder: expose Gmail IMAP creds for backtest CLI Viktor Barzin 2026-05-16 11:28:51 +00:00
  • c17d87e179 kured: fix sentinel path mismatch that stalled rolling reboots Viktor Barzin 2026-05-16 11:19:13 +00:00
  • 4a12ac60b0 recruiter-responder: bump image_tag to 559e5c57 Viktor Barzin 2026-05-16 11:13:14 +00:00
  • 43a6eb8b38 recruiter-responder: bump image_tag to bbd178da (structured Telegram + comp floor) Viktor Barzin 2026-05-16 10:58:47 +00:00
  • b1b14ee370 service-catalog: add aiostreams entry Viktor Barzin 2026-05-16 10:47:41 +00:00