Release v0.6.0

🚀 AGNTCY Dir v0.6.0 Release

This release consolidates improvements from v0.5.1 through v0.5.7, focusing on operational
reliability, integration enhancements, and cross-registry support, including:

🌟 What's New

Tooling & Integration

• Enhanced local search implementation with wildcard support
• Configurable server-side OASF validation with auto-deployment support
• Extended MCP tools for record enrichment and import/export workflows
• Domain-based enrichment capabilities for importer service
• Support across different OCI Registry storage backends

Observability & Operations

• Enhanced SPIRE support for reliability and multi-SPIRE deployments
• Prometheus metrics with ServiceMonitor and gRPC interceptors

What's Changed

• feat(mcp): tools for importer enricher by @akijakya in #680
• chore(brew): update brew formula to v0.5.0 by @ramizpolic in #684
• chore(dir): update readme versions by @arpad-csepi in #685
• feat(dir/helm): add dnsNameTemplates support to DIR API by @tkircsi in #681
• feat(dir/helm): enable external secret config for api server and zot by @tkircsi in #691
• feat(importer): use oasf-sdk/translator by @akijakya in #624
• release(dir): prepare release v0.5.1 by @tkircsi in #695
• feat(importer): enrichment with domains by @akijakya in #696
• chore(dirctl): update brew formula to v0.5.1 by @github-actions[bot] in #702
• feat(mcp): add import/export tools and prompts by @akijakya in #705
• fix(brew): use brew updater after release is public by @arpad-csepi in #686
• feat(dir/helm): add pvc configuration to sqlite and fix unit tests by @tkircsi in #713
• release(dir): prepare release v0.5.2 by @tkircsi in #716
• chore(dirctl): update brew formula to v0.5.2 by @build-agntcy in #717
• fix(dir/helm): add tmp volume when rootfs is readonly by @tkircsi in #718
• feat(sdk): add missing grpc calls to sdk by @arpad-csepi in #709
• release(dir): prepare release v0.5.2 by @tkircsi in #719
• feat(dir/helm): add Recreate deployment strategy to prevent PVC lock conflicts by @tkircsi in #720
• release(dir/helm): release v0.5.2 by @tkircsi in #721
• feat(dir/dirctl): add SPIFFE CSI driver support and auto home-dir volume by @tkircsi in #724
• chore(dirctl): update brew formula to v0.5.2 by @build-agntcy in #723
• release(dir/helm): prepare release/v0.5.3 by @tkircsi in #729
• chore(dirctl): update brew formula to v0.5.3 by @build-agntcy in #731
• chore(dir): turn off go workspace for go toolchain by @arpad-csepi in #732
• fix(client): add retry logic for X509-SVID availability in SPIRE auth by @tkircsi in #735
• release(client): prepare release/v0.5.4 by @tkircsi in #736
• ci(dir): fix no unit test in CI by @arpad-csepi in #733
• chore(dirctl): update brew formula to v0.5.4 by @build-agntcy in #738
• fix(dir): add cleanup and sudo to spire task by @arpad-csepi in #734
• feat(dir): add workflow for building images and charts from feature branches by @tkircsi in #739
• fix(dir): reusable build workflow use the component tag if presented by @tkircsi in #742
• chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /server by @dependabot[bot] in #744
• chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 in /sdk/dir-js by @dependabot[bot] in #745
• feat(mcp, dir/server): add OASF API validation by @akijakya in #711
• feat(importer): prioritize dedup checker by @akijakya in #743
• feat(dir): add job to fetch latest release version for container security scan workflow by @paralta in #746
• fix(client): fix SPIFFE X509-SVID retry logic for timing issues by @tkircsi in #741
• fix(dir): release/v0.5.5 by @tkircsi in #750
• chore(dirctl): update brew formula to v0.5.5 by @build-agntcy in #752
• ci(dir): avoid no space left in runner by @arpad-csepi in #749
• feat(dir): add basic prometheus metrics by @tkircsi in #757
• ci(dir): use fixed code for avoid pr label duplication by @arpad-csepi in #755
• refactor(dir): local search by @adamtagscherer in #747
• chore(dir/server): update oasf api validation envs and remaining invalid records by @akijakya in #754
• refactor(dir): remove search subcommands by @adamtagscherer in #759
• release(dir/client): prepare release/v0.5.6 by @tkircsi in #760
• chore(dirctl): update brew formula to v0.5.6 by @build-agntcy in #763
• chore(deps): update zot and fix codeql workflow warning by @paralta in #761
• chore(deps): bump github.com/sigstore/cosign by @paralta in #773
• feat(helm/dir): add OASF configuration by @akijakya in #769
• fix(helm/dir/dirctl): add className field to ClusterSPIFFEID resources by @tkircsi in #774
• release(helm/dir/dirctl): prepare release/v0.5.7 by @tkircsi in #775
• release(helm/dir/dirctl): prepare release v0.5.7 by @tkircsi in #776
• chore(dirctl): update brew formula to v0.5.7 by @build-agntcy in #778
• chore(ci): add helm linting to lint task by @paralta in #780
• chore(cleanup): remove outdated components by @ramizpolic in #783
• release(dir): prepare release v0.6.0 by @ramizpolic in #787

New Contributors

• @build-agntcy made their first contribution in #717

Full Changelog: v0.5.0...v0.6.0

Release v0.5.7

🚀 AGNTCY Dir v0.5.7 Release

We're excited to announce the release of AGNTCY Dir v0.5.7, a patch release that fixes a critical SPIRE integration bug and adds OASF configuration support for improved API validation.

🌟 What's New

Critical SPIRE Fix

• Added mandatory className field to ClusterSPIFFEID resources in both apiserver and dirctl Helm charts
• Critical fix for SPIRE authentication failures, especially when SPIRE and workloads share the same namespace
• Fixes issue #770 where workloads failed to authenticate due to missing className

OASF Configuration Support

• Added OASF configuration support for API validation settings in Helm chart
• OASF server deployment option with directory for local development and testing
• Enhanced API validation capabilities with configurable OASF settings

Dependencies & Maintenance

• Updated github.com/sigstore/cosign dependency for improved security
• Updated zot dependency for better OCI registry support
• Fixed CodeQL workflow version mismatch issue

CI/CD Improvements

• Automated Homebrew formula update

What's Changed

• fix(helm/dir/dirctl): add className field to ClusterSPIFFEID resources by @tkircsi in #774
• feat(helm/dir): add OASF configuration by @ajaky in #769
• chore(deps): bump github.com/sigstore/cosign by @paralta in #773
• chore(deps): update zot and fix codeql workflow warning by @paralta in #761
• chore: update brew formula version by @github-actions in #763

Full Changelog: v0.5.6...v0.5.7

Release v0.5.6

🚀 AGNTCY Dir v0.5.6 Release

We're excited to announce the release of AGNTCY Dir v0.5.6, a patch release that introduces Prometheus metrics for observability, improves search functionality, and updates OASF API validation configuration.

🌟 What's New

Observability & Monitoring

• Prometheus metrics support with gRPC interceptors
• ServiceMonitor resource for Kubernetes deployments
• Comprehensive metrics E2E tests
• HTTP metrics endpoint for scraping

Search Improvements

• Added --format flag to search command for flexible output formatting
• Improved local search implementation with better performance
• Enhanced search query handling and testing

Configuration Updates

• Updated OASF API validation environment variable names for clarity
• Aligned server configuration with environment variable naming
• Updated remaining invalid OASF module references in test data

CI/CD Improvements

• Fixed PR label duplication issues
• Addressed disk space problems in CI runners
• Improved build stability and reliability

Dependencies

• Automated Homebrew formula update

What's Changed

• feat(dir): add basic prometheus metrics by @tkircsi in #757
• refactor(dir): local search by @adamtagscherer in #747
• refactor(dir): remove search subcommands by @adamtagscherer in #759
• chore(dir/server): update oasf api validation envs and remaining invalid records by @ajaky in #754
• ci(dir): use fixed code for avoid pr label duplication by @arpad-csepi in #755
• ci(dir): avoid no space left in runner by @arpad-csepi in #749
• chore: update brew formula version by @tkircsi in #752
• release(dir/client): prepare release/v0.5.6 by @tkircsi in #760

Full Changelog: v0.5.5...v0.5.6

Release v0.5.5

🚀 AGNTCY Dir v0.5.5 Release

We're excited to announce the release of AGNTCY Dir v0.5.5, a feature release that introduces OASF API validation, improves SPIFFE authentication, enhances the importer, and strengthens CI/CD workflows.

🌟 What's New

OASF API Validation

• Optional validation of records against OASF API specification
• Configurable strict mode (reject vs. warn-only)
• Environment variable configuration: OASF_API_VALIDATOR_ENABLED and OASF_API_VALIDATOR_STRICT_MODE
• Disabled by default for backward compatibility

Importer Enhancements

• Prioritized deduplication checker for better performance
• Checks for duplicates before processing
• Deduplication available in dry-run mode

SPIFFE Authentication Improvements

• Enhanced X509-SVID retry logic for edge case timing issues
• Improved SPIFFE ID validation during certificate fetching
• Added X509Source wrapper to support TLS handshake operations

CI/CD & Development Workflow

• Feature branch builds for testing changes in isolation
• Container security scanning against latest release versions
• Improved test reliability - CI now properly fails when unit tests fail
• Better build workflow with component-specific tagging

Developer Experience

• Taskfile improvements with cleanup and sudo support for SPIRE
• Automated Homebrew formula updates

Dependencies

• Updated golang.org/x/crypto from 0.43.0 to 0.45.0
• Updated js-yaml from 4.1.0 to 4.1.1 in SDK

What's Changed

• feat(mcp, dir/server): add OASF API validation by @ajaky in #711
• feat(importer): prioritize dedup checker by @ajaky in #743
• feat(dir): add workflow for building images and charts from feature branches by @tkircsi in #739
• feat: add job to fetch latest release version for container security scan workflow by @paralta in #746
• fix(client): fix SPIFFE X509-SVID retry logic for timing issues by @tkircsi in #741
• fix: reusable build workflow use the component tag if presented by @tkircsi in #742
• fix(dir): add cleanup and sudo to spire task by @arpad-csepi in #734
• ci(dir): fail when unit test fail by @arpad-csepi in #733
• chore: update brew formula version by @tkircsi in #738
• chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot in #744
• chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot in #745

Full Changelog: v0.5.4...v0.5.5

Release v0.5.4

🚀 AGNTCY Dir v0.5.4 Release

We're excited to announce the release of AGNTCY Dir v0.5.4, a patch release that improves SPIFFE authentication reliability for short-lived workloads and CronJobs.

🌟 What's New

SPIFFE Authentication Reliability

• Client-side retry logic with exponential backoff for X509-SVID fetching
• Handles SPIRE agent sync delays in CronJobs and ephemeral pods
• Prevents "certificate contains no URI SAN" authentication failures
• Resilient to timing issues where SPIRE entries haven't synced to the agent yet

Reliability Improvements

• Exponential backoff strategy: 500ms → 1s → 2s → 4s → 8s → 10s (capped)
• Up to 10 retry attempts before failing
• Graceful handling of SPIRE agent-to-server synchronization delays
• Works seamlessly with SPIFFE CSI driver from v0.5.3

Developer Experience

• No configuration changes required - automatic retry behavior
• Improved reliability for CronJobs and short-lived workloads
• Better error messages when retries are exhausted

What's Changed

• fix(client): add X509-SVID retry logic for SPIRE agent sync delays by @tkircsi in https://github.com/agntcy/dir/pull/725

Full Changelog: v0.5.3...v0.5.4

Release v0.5.3

🚀 AGNTCY Dir v0.5.3 Release

We're excited to announce the release of AGNTCY Dir v0.5.3, a patch release that improves SPIFFE identity injection reliability and chart security for production deployments.

🌟 What's New

SPIFFE Identity & Authentication Improvements

• SPIFFE CSI driver support for both dirctl and apiserver charts
• Eliminates "certificate contains no URI SAN" authentication failures
• Synchronous workload registration before pod starts
• Configurable CSI driver vs hostPath for debugging scenarios

Security & Reliability

• Automatic writable home directory when readOnlyRootFilesystem is enabled
• Fixes MCP host config file write errors in security-hardened environments
• Read-only SPIRE socket mounts for enhanced security
• Consistent behavior across both dirctl and apiserver charts

Developer Experience

• Production-ready defaults with opt-out capability
• Backwards compatible with legacy hostPath mounting
• Explicit spire.useCSIDriver: true configuration for clarity

What's Changed

• feat(dir/dirctl): add SPIFFE CSI driver support and auto home-dir volume by @tkircsi in #724

Full Changelog: v0.5.2...v0.5.3

Release v0.5.2

🚀 AGNTCY Dir v0.5.2 Release

We're excited to announce the release of AGNTCY Dir v0.5.2 which focuses on storage improvements, SDK enhancements, MCP tooling, and operational stability, with significant updates to Helm chart storage capabilities, SDK gRPC client coverage, MCP import/export functionality, and production-ready deployment configurations.

🌟 What's New

Storage & Deployment Improvements

• SQLite PVC configuration support for persistent storage in Kubernetes deployments
• Recreate deployment strategy to prevent database lock conflicts during rolling updates
• Preserves search index, sync state, and publication queue across pod restarts
• Faster recovery with no need to rebuild index from OCI registry
• Production-ready stateful workload configuration with optional persistence
• Automatic /tmp emptyDir mount when readOnlyRootFilesystem is enabled for security hardening
• Fixes compatibility issue between SQLite temp files and read-only root filesystem

SDK Enhancements

• Added Events (listen) gRPC client to Python and JavaScript SDKs
• Added Publication gRPC client to Python and JavaScript SDKs
• Comprehensive test coverage for new SDK methods
• Background process handling with workerpool for JavaScript SDK

MCP Enhancements

• Import/export tools for MCP and A2A format conversion to OASF
• Export OASF records to A2A and GitHub Copilot formats
• Comprehensive format guidance and enrichment workflows
• Domain enrichment capabilities with proper ID extraction from OASF schema
• Refactored enricher with minimal code duplication

CI/CD Improvements

• Brew formula updater process improvements for better automation
• Automated release workflow enhancements
• Comprehensive test coverage for import flags

What's Changed

• fix(brew): use brew updater after release is public by @arpad-csepi in #686
• feat(importer): enrichment with domains by @akijakya in #696
• feat(mcp): add import/export tools and prompts by @akijakya in #705
• feat(sdk): add missing grpc calls to sdk by @arpad-csepi in #709
• feat(dir/helm): add pvc configuration to sqlite and fix unit tests by @tkircsi in #713
• fix: add tmp volume when rootfs is readonly by @tkircsi in #718
• feat: add update strategy to helm chart by @tkircsi in #720

Full Changelog: v0.5.1...v0.5.2

Release v0.5.1

🚀 AGNTCY Dir v0.5.1 Release

We're excited to announce the release of AGNTCY Dir v0.5.1 which focuses on
operational improvements and deployment enhancements, with significant updates to
Helm chart security, MCP tooling capabilities, and OASF SDK improvements.

🌟 What's New

Helm & Deployment Improvements

• External Secrets Operator integration for secure credential management
• SPIRE ClusterSPIFFEID DNS name templates support for external access
• Improved TLS certificate SAN configuration for production deployments
• Automatic credential rotation with configurable refresh intervals

MCP Enhancements

• OASF schema exploration tools for AI-assisted record enrichment
• Hierarchical domain and skill navigation capabilities
• OASF SDK translator for MCP Registry conversion
• Deduplication and debug diagnostics for importer workflow

Dependencies & Stability

• OASF SDK upgrade to v0.0.11 with latest schema improvements
• SDK testing fixes for X.509 authentication mode
• Updated CI/CD workflows and documentation

What's Changed

• fix(sdk): use x509 auth mode for testing by @arpad-csepi in #678
• chore(deps): update oasf-sdk v0.0.9 -> v0.0.11 by @akijakya in #679
• feat(mcp): tools for importer enricher by @akijakya in #680
• feat(dir/helm): add dnsNameTemplates support to DIR API by @tkircsi in #681
• ci(dir): update upload-artifacts version by @arpad-csepi in #682
• chore(dir): update brew formula version by @ramizpolic in #684
• chore(dir): update readme versions by @arpad-csepi in #685
• feat(dir/helm): enable external secret config for api server and zot by @tkircsi in #691
• feat(importer): use oasf-sdk/translator by @akijakya in #624

Full Changelog: v0.5.0...v0.5.1

Release v0.5.0

🚀 AGNTCY Dir v0.5.0 Release

We're excited to announce the release of AGNTCY Dir v0.5.0 which focuses on
extending API functionalities, improving operational reliability, strengthening security
capabilities, and adding MCP (Model Context Protocol) integrations support.

Check out the v0.5.0 Discussion Post for full information about the release.

🌟 What's New

MCP Integrations

• MCP registry importer for automated OASF record ingestion
• MCP server implementation with OASF and Directory tools
• Added support for MCP server announce and discovery via DHT

API & Client Improvements

• Event listener RPC for real-time updates across services
• gRPC connection management and streaming enhancements
• Rate limiting at application layer for improved stability
• Health checks migrated from HTTP to gRPC

Security & Reliability

• Simplified TLS-based authentication support for SDKs
• Panic recovery middleware and structured logging for gRPC
• Critical resource leak fixes and improved context handling
• Enhanced security scanning with CodeQL workflows

Developer Experience

• MCP tooling for easy record management and API access
• LLM-based enrichment for OASF records
• Simplified SDK integration in secure environments
• Unified CLI output formats with --output flag and JSONL support

What's Changed

• ci(security): container security scanning workflow by @muscariello in #547
• fix(dirctl,sdk): jwt auth test and small fixes by @arpad-csepi in #545
• chore(deps): update brew formula to v0.4.0 by @ramizpolic in #557
• chore(ci): update container tags for security scans by @ramizpolic in #558
• refactor(dir): unit test coverage for all go modules by @paralta in #555
• feat(dir): expose event listener rpc by @tkircsi in #537
• feat(dir/importer): mcp registry importer by @paralta in #544
• refactor(dir/server): store Capability Interfaces Refactoring by @tkircsi in #562
• feat(dir): add create and validate record tools by @adamtagscherer in #465
• refactor(sdk): use local generated proto stubs by @arpad-csepi in #569
• feat(dir/cli,dir/install): add mcp importer to cli docs and to dirctl cronjobs by @paralta in #568
• feat(dir/server): add Structured gRPC Request/Response Logging Interceptor by @tkircsi in #566
• feat(dir/install): zot configuration and authentication in helm chart by @paralta in #576
• chore(dir): bump zot to latest by @paralta in #578
• feat(dir/server): add Panic Recovery Middleware for gRPC Handler by @tkircsi in #573
• ci(dir): fix zot version by @arpad-csepi in #579
• feat(dir): add push record tool by @adamtagscherer in #574
• chore(dir): set spire version in taskfile and update security scan workflow by @paralta in #583
• feat(dir): add CodeQL security workflows by @muscariello in #584
• fix(client): fix Critical Resource Leaks and Context Handling in Client Package by @tkircsi in #577
• feat(dir): add readiness checks to apiserver services by @paralta in #582
• feat(dir): new api push pull by @mtrinell in #585
• fix(sdk): add spiffe sign test by @arpad-csepi in #592
• feat(dir/server): implement Application-Layer Rate Limiting for gRPC by @tkircsi in #593
• fix(dir): update hub apis by @mtrinell in #595
• fix(dir): rate limit e2e tests by @tkircsi in #598
• chore(helm): fix ingress deployment by @ramizpolic in #600
• feat(helm): add routing service deployment configuration by @tkircsi in #599
• chore(helm): fix helm deployment by @ramizpolic in #601
• chore(dir): security fixes by @paralta in #602
• feat(helm): support extra envs in dir chart by @ramizpolic in #605
• chore(deps): bump oasf-sdk v0.0.8 -> v0.0.9 by @akijakya in #603
• feat(client): tls token-based auth support for go client/cli by @ramizpolic in #606
• release(dir): prepare version v0.5.0-rc.1 by @paralta in #607
• fix(sdk): add proto stubs to repository by @arpad-csepi in #588
• test(dir): enable e2e coverage by @paralta in #591
• feat(dir): add local search tool by @adamtagscherer in #611
• feat(dir): migrate health checks from http to grpc by @paralta in #597
• release(dir/sdk): prepare v0.5.0-rc.1 by @paralta in #610
• ci(sdk/js): add tag for package releases by @arpad-csepi in #617
• feat(dir/mcp): add mcp dockerfile by @paralta in #615
• release(dir): prepare v0.5.0-rc.2 by @paralta in #618
• fix(dir/server): fix oci e2e concurrent issues and healthcheck service by @tkircsi in #620
• feat(dir): pull record MCP tool by @adamtagscherer in #619
• fix(sdk/js): prefix for rc tags and default latest otherwise by @arpad-csepi in #621
• fix(dir): mcp search limit by @adamtagscherer in #623
• chore(cli/hub): add hub sign/verify commands back by @jubarbot-cisco in #612
• ci(brew): fix needs for fromula updater by @arpad-csepi in #625
• feat(dir): add OASF 0.8.0 support by @adamtagscherer in #640
• fix(dir/client): push stream hanging when more than one error occurs by @paralta in #644
• chore(ci): add 'triage/ready-for-review' label by @ramizpolic in #643
• release(dir): prepare v0.5.0 rc.3 by @paralta in #645
• feat(dir/cli): unify CLI Output Formats with --output Flag and Add JSONL Support by @tkircsi in #587
• feat(dir/server): implement grpc connection management by @tkircsi in #647
• feat(dir/importer): enrich records with skills using llm by @paralta in #646
• feat(dir): add local search over domain by @adamtagscherer in #650
• chore(deps): remove HELP_TEXT_UPDATE_SUMMARY.md by @ramizpolic in #662
• feat(dir): add mcp dirctl subcommand by @adamtagscherer in #660
• refactor(dir): comment out mcp server docker image by @adamtagscherer in #663
• fix(dir): cleaner apikey methods by @mtrinell in #659
• fix(dir): sign and verify options by @mtrinell in #673
• docs(dir): update MCP server docs by @adamtagscherer in #674
• feat(sdk): add tls grpc auth method by @arpad-csepi in #649
• docs(dir): update MCP server docs by @adamtagscherer in #677
• release(dir): prepare release v0.5.0 by @ramizpolic in #675
• fix(sdk): use x509 auth mode for testing by @arpad-csepi in #678
• chore(deps): update oasf-sdk v0.0.9 -> v0.0.11 by @akijakya in #679
• ci(dir): update upload-artifacts version by @arpad-csepi in #682

New Contributors

• @mtrinell made their first contribution in #585

Full Changelog: v0.4.0...v0.5.0

Release v0.5.0-rc.3

Release v0.5.0-rc.3