Skip to content

Latest commit

 

History

History
139 lines (95 loc) · 8.97 KB

File metadata and controls

139 lines (95 loc) · 8.97 KB

Changelog

All notable changes to the Artifact Keeper CLI (ak) will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

1.0.0 - 2026-02-23

Stable Release

First stable release of the Artifact Keeper CLI. The CLI is feature-complete with 29 top-level commands, 100+ subcommands, interactive TUI, multi-instance management, and multi-platform distribution.

Security

  • Bumped SonarSource/sonarqube-scan-action from v5 to v6 to fix argument injection vulnerability
  • Updated lru transitive dependency to 0.16.3 to resolve IterMut unsoundness
  • Added explicit permissions blocks to all CI workflow jobs (least-privilege)
  • Added CodeQL workflow with exclusions for generated SDK code
  • Removed URL paths from test helper error messages

Changed

  • Bumped MSRV from 1.85.0 to 1.86.0
  • Bumped ratatui from 0.29 to 0.30, crossterm from 0.28 to 0.29

[0.9.0] - 2026-02-21

Added

  • Snapshot tests using insta for JSON and table output regression detection across all command modules (~40 snapshot tests)
  • E2E integration test suite running against a real backend via Docker Compose (20+ test files covering auth, repo, admin, governance, analytics, webhook, and more)
  • Docker Compose stack (tests/docker-compose.yml) with backend, PostgreSQL, and Meilisearch for local E2E development
  • Shared test helpers in tests/common/ for E2E environment setup, auth, and API access
  • CI pipeline job for automated E2E testing on push to main and PRs
  • Start/stop scripts (tests/start-backend.sh, tests/stop-backend.sh) for local E2E test development

Fixed

  • Removed plain-text password from TOTP command examples in CLI help text

[0.6.0] - 2026-02-21

Added

  • Signing and key management - ak sign key list, show, create, delete, revoke, rotate, export for managing signing keys; ak sign config show/update/export-key for repository signing configuration
  • SBOM operations - ak sbom generate, show, list, get, delete, components, export for SBOM lifecycle; ak sbom cve history/trends/update-status for CVE tracking and triage
  • License compliance - ak license policy list, show, create, delete for managing license policies; ak license check for CI-friendly compliance checking (exits non-zero on violations)
  • Dependency-Track integration - ak dt status, project list/show/components/findings/violations/metrics/metrics-history, metrics, policies, analyze for vulnerability management (alias: ak dependency-track)
  • Enhanced scanning - ak scan dashboard and scores for security overview; ak scan finding ack/revoke for finding triage; ak scan policy list/show/create/update/delete for scan policy management; ak scan security show/update for repository security config
  • TUI security panel - new panel (press 4 or Tab) showing security dashboard, recent scans with drill-down into individual findings

0.5.0 - 2026-02-21

Added

  • Group managementak group list, show, create, delete, add-member, remove-member for managing user groups and membership
  • Permission managementak permission list, create, delete with filtering by target type and principal type for fine-grained access control
  • Promotion workflowsak promotion promote to move artifacts between repositories, ak promotion rule list/create/delete for automated promotion rules, ak promotion history to view promotion audit trail
  • Approval workflowsak approval list, show, approve, reject for promotion approval gates with optional notes
  • Quality gatesak quality-gate list, show, create, update, delete, check (alias: ak qg) for defining and evaluating artifact quality thresholds; check exits non-zero on failure for CI integration
  • Lifecycle policiesak lifecycle list, show, create, delete, preview, execute for managing security-based lifecycle policies with dry-run preview support
  • Repository labelsak label repo list, add, remove for tagging repositories with key=value labels
  • Admin user managementak admin users update (email, display name, admin/active flags) and ak admin users reset-password subcommands

0.4.2 - 2026-02-16

Changed

  • Code cleanup — removed dead code (unused fields, empty modules, unreachable branches), simplified match/if-let patterns, used saturating_sub and #[derive(Default)] where appropriate (#49)
  • Unit tests — added 251 unit tests across all 13 CLI modules covering parsing, config, credentials, instance management, diagnostics, scan helpers, setup detection, error types, and output rendering; introduced shared test mutex to prevent env var races (#50)

0.4.1 - 2026-02-16

Fixed

  • Setup writes to home directoryak setup npm now writes .npmrc to ~/ and ak setup nuget writes NuGet.Config to ~/.nuget/NuGet/ instead of the project directory, preventing accidental token commits to git (#47)

0.4.0 - 2026-02-16

Added

  • TUI global search — press s to search across all repositories on the selected instance using the Meilisearch-powered advanced_search endpoint; results show artifact name, repository, format, version, and size with a faceted sidebar displaying format, repository, and content type distribution; Enter on a result navigates to that artifact in the 3-panel view (#45)

0.3.0 - 2026-02-16

Fixed

  • TUI server status — instances now show "online (N repos)" in green instead of incorrectly showing "offline"; health probe switched from broken /health endpoint to list_repositories (#43)
  • TUI keychain prompts — credentials are cached in memory per instance, eliminating repeated macOS Keychain Access password dialogs on every navigation action (#43)

0.2.0 - 2026-02-16

Added

  • Config commandsak config list, get, set, and path are now fully implemented with validation and table/json/yaml output (#41)

Fixed

  • Release CI — fixed nfpm version, download URL format, and redundant package rename step (#38, #39, #40)
  • DEB/RPM packages — added Debian and RPM package builds (amd64, arm64/aarch64) via nfpm to release workflow
  • Homebrew tap — automated formula generation and push to artifact-keeper/homebrew-tap on release

0.1.0 - 2026-02-16

Initial release of the Artifact Keeper CLI.

Added

  • Multi-instance management — add, remove, list, and switch between Artifact Keeper instances with ak instance
  • Authentication — interactive login with username/password or token (similar to gh auth login), credential storage via OS keychain, logout, whoami, API token management
  • Repository operations — list, show, create, delete, and browse repositories; public repos accessible without auth
  • Artifact operations — push, pull, list, info, delete, search, and cross-instance copy with progress bars and streaming uploads/downloads
  • Setup wizards — auto-detect and configure 11 package ecosystems (npm, pip, cargo, maven, gradle, nuget, go, docker, helm, cocoapods, swift)
  • Security scanning — trigger and view vulnerability scans with ak scan
  • Admin commands — backup management, storage cleanup, server metrics, user management, WASM plugin management
  • Doctor diagnostics — check instance connectivity, authentication status, package manager configs, and CLI health
  • Interactive TUI — full-screen dashboard with ratatui for browsing repos and artifacts
  • Output formats — table (default for TTY), JSON, YAML, quiet mode; auto-detected via --format or AK_FORMAT env var
  • Shell completions — bash, zsh, fish, PowerShell via ak completion
  • Man pages — generate man pages for all commands via ak man-pages
  • Cross-instance copy — bulk artifact migration between instances
  • Release CI — GitHub Actions workflow builds binaries for Linux (x86_64, aarch64), macOS (x86_64, aarch64), and Windows (x86_64)
  • Distribution — install script, Docker image, Snap package, Homebrew tap

SDK

  • Generated Rust SDK from the Artifact Keeper OpenAPI spec via Progenitor
  • Covers 250+ API endpoints across all backend features
  • OpenAPI 3.1 → 3.0 conversion handled automatically by the xtask