* [Yasin Bursali (yasinBursali)](https://github.com/yasinBursali) — Fixed CI workflow discovery, added dashboard-api router test coverage with security-focused tests (auth enforcement, path traversal protection), documented all 14 undocumented extension services, fixed macOS disk space preflight to check the correct volume for external drive installs, moved embeddings platform override to prevent orphaned service errors when RAG is disabled, fixed macOS portability issues restoring broken Apple Silicon Neural Engine detection (GNU date/grep to POSIX), fixed docker compose failure diagnostic unreachable under pipefail, added stderr warning on manifest parse failure in compose resolver, fixed socket FD leak in dashboard-api, added open-webui health gate to prevent 502 errors during model warmup, hardened ComfyUI with loopback binding and no-new-privileges on both NVIDIA and AMD, fixed Apple Silicon memory limit variable mismatch, added `set -euo pipefail` to the installer catching silent failures, secured OpenCode with loopback binding and auto-generated passwords, added missing external_port_env to token-spy and dashboard manifests fixing hardcoded port resolution, fixed Apple Silicon dashboard to show correct RAM and GPU info using HOST_RAM_GB unified memory override, added VRAM gate fallback for Apple Silicon so features no longer incorrectly show insufficient_vram on unified memory machines, set OLLAMA_PORT=8080 in the macOS compose overlay with GPU_BACKEND=apple alignment, added dynamic port conflict detection from extension manifests on macOS, added cross-platform `_sed_i` helper for BSD/GNU sed compatibility, removed API key from token-spy HTML response replacing it with a sessionStorage-based login overlay, added WSL2 host RAM detection via powershell.exe for correct tier selection, fixed dashboard health checks to treat HTTP 4xx as unhealthy, replaced GNU-only `date +%s%N` with portable `_now_ms()` timestamps across 8 files, fixed COMPOSE_FLAGS word-splitting bugs by converting to arrays, added a macOS readiness sidecar for native llama-server before open-webui starts, added mode-aware compose overlays for litellm/openclaw/perplexica depends_on (local/hybrid only), fixed subprocess leak on client disconnect in setup.py, added Bash 4+ guard with Homebrew re-exec for macOS health checks replacing associative arrays with portable indexed arrays, and added .get() defaults for optional manifest feature fields preventing KeyError on sparse manifests, added Langfuse LLM observability extension (foundation) shipping disabled by default with auto-generated secrets and telemetry suppression, added Bash 4+ guard with portable indexed arrays for macOS health checks, wired LiteLLM to Langfuse with conditional callback activation, removed duplicate network definition in docker-compose.base.yml, fixed macOS llama-server DNS resolution for LiteLLM via extra_hosts, surfaced manifest YAML parse errors in the dashboard-api status response with narrowed exception handling, and led the extensions-library hardening campaign: bulk manifest corrections, security hardening (localhost binding, credential requirements, session isolation), setup hooks for 10+ services, image digest pinning, healthcheck fixes, and port conflict resolution across the entire 19-service extension catalog. Continued with a second wave of 24 extensions-library PRs: standardized all 33 extension READMEs to a consistent format (-760 net lines), added platform compatibility matrix, made service.description a required schema field, replaced localhost with 127.0.0.1 in healthcheck URLs across all extensions (IPv6 fix), added Weaviate RAFT single-node config, fixed open-interpreter starlette dependency conflict and gcc build deps, added fooocus GPU compose overlay, added milvus standalone env vars, fixed paperless-ngx Redis config, aligned rvc/bark env vars between compose and manifest, removed stale top-level name from 7 compose files, and fixed immich postgres image to pgvecto-rs
0 commit comments