bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity
682 Commits 67 Branches 0 Tags
70ede651fb87212151155b2419165069b50e22c9
Commit Graph

100 Commits

Author SHA1 Message Date
Andrew Stoltz
70ede651fb deploy(drift-refresh): aistation-web 37-behind -> current main (eb9d513) 
aistation-web a8a3e9d (06-16, 37 commits behind) -> main 88ef7ab + Dockerfile.deploy (cross-RID). Built arm64 + imported (RKE2 socket).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 09:01:48 -05:00
Andrew Stoltz
bfa1d011c1 deploy(drift-refresh): scoreboard gx10-v1 -> current master (981d4b5) 
scoreboard 981d4b5 (master 54546c9 + Dockerfile.deploy + NU1903 suppress). Built arm64 + imported (RKE2 socket).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 08:34:20 -05:00
Andrew Stoltz
f132d04e3f deploy(drift-refresh): library + retail gx10-v1 -> current master 
library 0e027cc (main 6526113 + Dockerfile.deploy + NU1903 suppress), retail faae9db (main 29f6b0f + Dockerfile.deploy + NU1903 suppress). NFS-free, built arm64 + imported (RKE2 socket).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 08:30:14 -05:00
Andrew Stoltz
bf30cf0503 deploy(drift-refresh): presentations + llm-bridge gx10-v1/v2 -> current master 
presentations a67ef22 (master d254737 + NU1903 suppress), llm-bridge 6ba5986 (master d354881 + NU1903 suppress + Shared.Chat 1.6.1 fix). Both NFS-free, built arm64 + imported (RKE2 socket).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 08:24:06 -05:00
Andrew Stoltz
5f3bf05258 deploy(drift-refresh): distribution + worldbuilder gx10-v1 -> current master 
Drift sweep: refresh stale migration-era gx10-v1 baselines to current master (distribution 592ad75, worldbuilder edd6efc). Both built clean from arm64; imported to RKE2 socket. Other stale services (presentations/llm-bridge/library) blocked by SQLitePCLRaw 2.1.11 transitive vuln (NU1903) — pending dep bump.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 07:52:32 -05:00
Andrew Stoltz
5725c9b36b deploy(updater): enable Kiosk share link on GX10 2026-06-19 07:48:12 -05:00
Andrew Stoltz
5e7d9338b5 deploy(dms): current main (Phase 5->13) -> v20260619-dms-b203a71 
Replaces stale generic gx10-v1 image (missing /openapi etc.) with current DMS main (b203a71). Auth gate-off default (no lockout). Image built+imported (RKE2 socket).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 07:31:58 -05:00
Robot
e543d4053a Verify DeviceManagement agent client certificates 2026-06-19 07:22:01 -05:00
Robot
5ce4f0d1e7 deploy(gx10): add DeviceManagement enrollment CA runtime 2026-06-19 06:45:09 -05:00
Andrew Stoltz
4c369cc7ec deploy(kiosk): bump GX10 web image for KI admin 2026-06-19 05:15:43 -05:00
Robot
299ce5aeed deploy(gx10): accept DER agent client cert headers 2026-06-19 01:58:12 -05:00
Robot
57a1afe159 deploy(gx10): bump DeviceManagement enrollment fix 2026-06-19 01:21:47 -05:00
Robot
0d71a789c2 deploy(gx10): add DeviceManagement agent mTLS route 2026-06-19 00:51:01 -05:00
Robot
14d89ba49d deploy(gx10): restore DeviceManagement agent heartbeat auth 2026-06-19 00:22:31 -05:00
Robot
0eda4362ce deploy(gx10): restore DeviceManagement agent cert auth 2026-06-19 00:05:00 -05:00
Andrew Stoltz
6f12ace02d deploy(knowledge): SEC-3 Search/Editions authorize + rebuild_index gate -> v20260619-sec3-6370c95 
Removes [AllowAnonymous] bypass on Search/Editions + role-gates rebuild_index (PR #14, 6370c95). Image built+imported (RKE2 socket). Fail-open while auth off (inert until SEC-1); image now carries the hardening.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 23:58:30 -05:00
Andrew Stoltz
0c03e53df9 deploy(chat): SEC-3 /api/memory + MCP write-tool auth -> v20260619-sec3-5a8859b 
Closes the live anon /api/memory GET leak (PR #25, 5a8859b). Image built+imported (RKE2 socket). 0 anon consumers verified; UI reads via DI. Fail-closed 401, scheme reg'd unconditionally.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 23:53:42 -05:00
Robot
62a3e75ddc deploy(gx10): roll DeviceManagement REST auth hardening 2026-06-18 23:53:18 -05:00
Andrew Stoltz
4bbd157c8f deploy(php): enable generated route WAF 2026-06-18 23:47:04 -05:00
Andrew Stoltz
1969285e4f deploy(gateway): SEC-3 /api/gateway auth -> v20260619-sec3-429e6cf 
Closes the live anon /api/gateway/* REST bypass (PR #2, 429e6cf). Image built+imported to GX10 containerd. No consumers of the REST group; agent-zero uses /mcp (keyed).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 23:44:25 -05:00
Andrew Stoltz
68a5f1ac5d deploy(php): allow manager DELETE through WAF 2026-06-18 20:37:47 -05:00
Andrew Stoltz
f0b122bac7 deploy(php): bump HM-4 Drupal ready image 2026-06-18 20:33:18 -05:00
Andrew Stoltz
c9538eeeef deploy(php): bump HM-4 probe fix image 2026-06-18 20:13:49 -05:00
Andrew Stoltz
c968e1c4d9 deploy(gx10): roll php web scoped templates 2026-06-18 19:11:14 -05:00
Robot
bc39da26a1 deploy(gx10): roll DeviceManagement auth challenge image 2026-06-18 19:09:22 -05:00
Robot
984e3423db deploy(gx10): roll DeviceManagement auth401 common image 2026-06-18 19:00:27 -05:00
Andrew Stoltz
5d0baa0fdd deploy(gx10): roll php web site-id recovery 2026-06-18 18:56:52 -05:00
Robot
f594d82c65 deploy(gx10): bump DeviceManagement auth status image 2026-06-18 18:43:06 -05:00
Andrew Stoltz
0b7d0fa476 deploy(gx10): roll php web tenant header fix 2026-06-18 18:30:25 -05:00
Andrew Stoltz
500b2484ab deploy(gx10): bump DeviceManagement web readiness image 2026-06-18 18:23:17 -05:00
Andrew Stoltz
c0a0341cef fix(gx10): route php operator to in-cluster manager 2026-06-18 18:16:42 -05:00
Robot
adafbb41f7 secure gx10 device management writes 2026-06-18 18:15:14 -05:00
Andrew Stoltz
09dce583bb deploy(gx10): roll mysql web tenant namespace fix 2026-06-18 18:05:12 -05:00
Andrew Stoltz
6d0464ec17 fix(gx10): add default tenant namespace 2026-06-18 17:40:38 -05:00
Andrew Stoltz
3b96a6272a deploy(gx10): restart php web for autodns config 2026-06-18 17:35:47 -05:00
Andrew Stoltz
061a0d61a8 fix(gx10): point php autodns at gx10 vip 2026-06-18 17:34:07 -05:00
Andrew Stoltz
ae6dfe9144 deploy: bump GX10 PHP and MySQL bypass proof images 2026-06-18 17:22:49 -05:00
Andrew Stoltz
9cef99739a security: add tenant allowlist and WAF canary proof 2026-06-18 16:21:08 -05:00
Robot
bd050c3d9b deploy(devicemgmt): roll command result hotfix 2026-06-18 15:02:50 -05:00
Robot
a41b22bca4 deploy(devicemgmt): roll APK artifact endpoint image 2026-06-18 14:39:48 -05:00
Andrew Stoltz
38590d3d5a deploy(knowledge): roll qwen3 canary profile image 2026-06-18 14:21:40 -05:00
Andrew Stoltz
27815cefca deploy(knowledge): roll catalog filter image 2026-06-18 14:12:04 -05:00
Andrew Stoltz
6e0d33b5b9 deploy(tenant): add bluejay.dev edge controls 2026-06-18 12:56:41 -05:00
Andrew Stoltz
b015c8a8e1 deploy(updater): roll feed signed manifest image 2026-06-18 12:42:42 -05:00
Andrew Stoltz
d51e55c78d deploy(updater): roll corrected GX10 containment image 2026-06-18 11:26:01 -05:00
Robot
f78e6747b4 deploy(apple-mdm): route scep to noc1 ca 
Adds the GX10 /scep route to the noc1 Apple MDM SCEP CA without exposing NanoHUB APIs.
 2026-06-18 11:23:00 -05:00
Andrew Stoltz
e543018bdc deploy(updater): recover GX10 image after packaging failure 2026-06-18 11:20:11 -05:00
Andrew Stoltz
d0c9717d90 deploy(updater): roll GX10 containment image 2026-06-18 11:08:12 -05:00
Robot
aba9d7c995 deploy(gx10): pin DeviceManagement MDM-N8 image 2026-06-18 09:45:14 -05:00
Robot
a56e98422f deploy(gx10): wire Apple MDM runtime secret keys 2026-06-18 08:41:44 -05:00