Skip to content

Tags: WeLikeCode/mintkey

Tags

v0.2.0-preview.1

Toggle v0.2.0-preview.1's commit message 
v0.2.0-preview.1 — SSH bastion + native auth schemes + security harde…

…ning

281 commits since v0.1.0-preview.1.

Highlights:
- SSH bastion (PR #139): services.base_url is canonical SSH upstream;
  cascade keeps vault.credentials in sync; rotate carries forward
  routing metadata; admin-ui ServiceCombobox typeahead + field-level
  validation errors; ADR-0023.
- Native auth schemes: apple_jwt (#321), google_service_account (#322),
  oauth2_password_grant (#310-313), ssh_password/ssh_private_key.
- Security hardening: argon2id for api_key_hash (ADR-0012);
  PBKDF2-HMAC-SHA256 for audit fingerprints (no plaintext leakage);
  ValidationError handlers across 5 schemes drop str(exc) input echo.
- CI: ssh-proxy + vault-adapter in container-scan matrix; Trivy gates
  HIGH/CRITICAL only with documented per-CVE suppressions.
- Dependabot: cleaned 7 alerts (urllib3, requests, uuid, qs, uv);
  2 vitest CRITICAL dismissed as tolerable_risk (dev-only, requires
  vitest --ui port exposure).

Known follow-ups:
- Drop vault.credentials.target_address after quiet period (ADR-0023 F2).
- UNIQUE partial index on (service_id, auth_scheme) WHERE status='active'.
- vitest 2→4 major bump (separate focused migration).
- Live e2e for SSH bastion routing post-merge.

v0.1.0-preview.1

Toggle v0.1.0-preview.1's commit message 
Mintkey v0.1.0-preview.1 — first versioned public release

First versioned public release of the Mintkey product, building on
v0.1.0-prealpha (2026-05-12) with the post-prealpha readiness workstream.

Highlights:
- KIRO.md repo-root link hub + 3-doc pattern library (add-rest-endpoint,
  add-mcp-tool, add-audit-event) + agent examples (python, typescript,
  openai-compatible) + agent-never-sees-secret walkthrough.
- make demo / make demo-mock — single-command stack startup with demo
  flow validation against the mock backend.
- Weak-hash migration design doc; GO-2026-4918 advisory resolution;
  SECURITY.md UI-dismissal subsections for 8 Scorecard residuals plus
  Audit hash-chain integrity section (per ADR-0014.7).
- Dev-test namespace: parallel isolated Compose env with 16 host ports
  offset by +100; 15 unit + 4 integration tests for isolation.
- Grafana request-monitoring dashboard (4 panels, OTel spanmetrics).
- Kong-syncer startup-retry fix.
- S5-S11 codescanning campaign (weak hashes, SARIF, XSS, SQLi, path
  traversal, SSRF, secret detection).
- All 9 docker-compose images @sha256-pinned; Trivy now runs on every
  push to main and on workflow_dispatch; Trivy-on-Debian-base acceptance
  policy formalized in SECURITY.md.

Versioning:
- pyproject.toml versions consolidated to 0.1.0-preview.1 across
  admin-api, mcp-server, mock-backend, mintkey-models. admin-ui and
  openapi.yaml were already on preview.1.
- CHANGELOG.md preview.1 section finalized with full release notes.

CI:
- Container Scan workflow no longer chronically red on main. Trivy
  exit-code is conditional on github.event_name: '1' on pull_request
  (blocks PRs that ADD new HIGH/CRITICAL CVEs); '0' on push / schedule
  / workflow_dispatch (SARIF still uploads to the Security tab on every
  run; the Security tab is the source of truth per the SECURITY.md
  Trivy-on-Debian-base acceptance policy).

v0.1.0-prealpha

Toggle v0.1.0-prealpha's commit message 
Mintkey v0.1.0 pre-alpha — first public snapshot

- Keycloak as canonical IdP (admin-ui, Grafana, Jaeger all SSO via it)
- Observability: OpenTelemetry → Jaeger (traces) + Prometheus + Grafana

- All workflow tokens least-privilege (top-level contents:read; writes
  hoisted to specific jobs)
- 41 GitHub Actions SHA-pinned; 15 Dockerfile FROM directives
  SHA-pinned
- Trivy container scan in CI with documented .trivyignore allow-list
  (33 CVEs, expiry 2026-08-16)
- OpenSSF Scorecard publishes; passing checks: Dependency-Update-Tool,
  Security-Policy, Dangerous-Workflow, Binary-Artifacts, SAST, License
- mypy --strict + ruff clean across admin-api + mintkey-models +
  mcp-server
- 138 admin-api unit tests + 49 mintkey-models tests + Go unit tests
  all green
- Static SQL-injection scanner enforces no f-string SQL and no
  dynamic text() construction across admin-api + mcp-server

Lint Go · Lint Python · Lint Contracts · Go Unit Tests · Python Unit
Tests · Architecture Tests · Schema Integrity Gates · Acceptance
Tests · Integration Tests · OpenSSF Scorecard · CodeQL (go, python,
javascript-typescript)

- API surface and DB schema are not stable; breaking changes expected
  until v0.2.x
- Self-hosted only; no managed SaaS offering
- Operator-grade UX (admin-ui) is functional but rough
- LAN-deployment ready (set MINTKEY_*_PUBLIC_URL env vars per
  .env.example); production TLS / multi-tenant ops hardening
  out-of-scope for this snapshot
- 8 known Dependabot alerts closed pre-tag (PR #34); subsequent
  Dependabot PRs may surface new alerts as upstream advisories land

First public snapshot following extensive bootstrap remediation
(PRs #33#53 on this branch). Tag is reproducible from the source
in this commit; all images SHA-pinned to upstream registry digests.

Don't run this in production yet. Do try it locally and tell us
what breaks: https://github.com/WeLikeCode/mintkey/issues