Skip to main content
Sri Aradhyula

Sri Aradhyula

View all authors

Release 0.5.8 — Skills FGA, catalog API keys BFF, and RBAC migrations

Sri Aradhyula
Sri Aradhyula

Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.5.8 (when published) Previous release: 0.5.4

Highlights

0.5.8 continues enterprise RBAC work: skill team shares reconcile through the shared OpenFGA shareable-resource module, catalog API keys can be minted from the CAIPE UI BFF without the supervisor, and admin ReBAC migrations cover agent/skill FGA backfills. See the upgrade guide below for the catalog API key hash change before upgrading production.

Release 0.5.2 — RAG Access Control and Gateway Routing

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-29 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.5.2 Previous release: 0.5.1

Highlights

0.5.2 completes the OpenFGA relationship-based access model for RAG and Knowledge Bases — knowledge bases can now be shared with teams, every Knowledge sidebar tab is gated on a real OpenFGA capability, and the RAG server and BFF enforce deny-by-default. AgentGateway gains an MCP route bridge so platform MCP endpoints (including the built-in Knowledge Base server) can be rendered straight from Helm, and the default now routes all gateway-managed MCP servers through the gateway. Keycloak adds strict client-secret reconciliation for production installs and a migration-health panel in the admin UI, while a RAG ingestor SSRF fix and pinned TLS dependencies harden the web loader.

Release 0.5.3 — CRD-Free Gateway and Release-Name Defaults

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-29 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.5.3 Previous release: 0.5.2

Highlights

0.5.3 makes AgentGateway CRD-free by default. The new global.agentgateway.routingMode defaults to static, so enabling the gateway renders the standalone proxy's own config instead of Gateway API / AgentGateway custom resources — no cluster-scoped CRDs and no controller install required, which keeps helm diff and helm upgrade clean on clusters you do not own. The chart also stops hardcoding ai-platform-engineering-* service URLs: in-cluster defaults are now computed from the Helm release name in the deployment templates, so installs under a custom release name resolve their supervisor, Keycloak, OpenFGA, skill-scanner, and bot URLs correctly without manual overrides. Rounding out the release, every agent gains proper Kubernetes startup/liveness/readiness probe semantics, and a Twisted bump closes a DNS-compression DoS in the RAG web loader.

Release 0.5.4 — Admin UI Polish and Keycloak Realm Fix

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-29 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.5.4 Previous release: 0.5.3

Highlights

0.5.4 is a small maintenance release focused on admin UI consistency and a Keycloak fix. Native agent and team <select> controls are replaced with the shared searchable picker components, and the Slack and Webex admin panels are consolidated into a single ConnectorAdminPanel, so connector management looks and behaves the same everywhere. Team cards now surface knowledge-base, agent, and tool counts at a glance, the team Knowledge tab's create links point at the correct /knowledge-bases route, and Keycloak renders the configured realm name instead of assuming caipe. There are no values.yaml changes — this is a drop-in upgrade from 0.5.3.

Release 0.5.1 — Fine-Grained Knowledge Base RBAC

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-27 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.5.1 Previous release: 0.5.0

Highlights

0.5.1 makes OpenFGA the source of truth for human access to the RAG knowledge base surfaces — Search, Data Sources, Graph, and MCP Tools — and lets admins share individual knowledge bases with teams through relationship-based grants. Under the hood, team membership is consolidated into a single canonical store so every reader and writer agrees on who belongs to a team, eliminating the drift that caused authorized users to fall back to the Default CAIPE Supervisor instead of their configured agent. The release also adds a searchable team picker across admin panels, a friendlier first-run experience that seeds a working Hello-World agent, and an intentionally noisy emergency flag to bypass UI RBAC while repairing an OpenFGA/Keycloak stack.

Release 0.5.0 — Enterprise RBAC and OpenFGA Authorization

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-26 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.5.0 Previous release: 0.4.18

Highlights

0.5.0 is a headline minor release that lands CAIPE's enterprise authorization foundation: a full cutover from legacy role-based access control to relationship-based access control (ReBAC) backed by OpenFGA, with Keycloak as the identity provider and an AgentGateway ext_authz bridge enforcing per-call MCP decisions. The release introduces a new Webex bot alongside ReBAC-aware Slack routing, an envelope-encrypted credential store and OAuth connector platform, and a hardened secrets bootstrap that fails loudly on dev placeholders instead of silently shipping insecure defaults. The entire authorization stack is opt-in and disabled by default — for a stock 0.4.18 deployment this is a drop-in upgrade with no values.yaml edits required. Operators who adopt RBAC get team-based access control, per-document RAG ACLs, channel-derived team binding for bots, and a redesigned admin UI for managing teams, identity-group sync, and onboarding defaults.

Release 0.4.17 — Scrapy 2.16 Crawl Fix

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-22 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.4.17 Previous release: 0.4.16

Highlights

0.4.17 is a targeted fix for RAG web ingestion. Scrapy 2.16.0 added validation that raised AttributeError whenever a spider defined a singular start_url attribute without a populated start_urls, which broke every crawl mode — single, recursive, and sitemap — resulting in zero pages crawled for any web ingestion request. This release renames the conflicting attribute, adds the new async spider entrypoint, and pins a stable Twisted to resolve a Scrapy 2.16 TLS bug.

Release 0.4.18 — Dynamic Agent Chat Regression Fix

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-22 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.4.18 Previous release: 0.4.17

Highlights

0.4.18 fixes a regression introduced in 0.4.17 where dynamic agent configs stored with null fields in MongoDB raised a pydantic ValidationError on every chat request, effectively breaking chat for affected deployments. A new _strip_nulls() helper now removes explicit null values before pydantic construction so default_factory defaults apply correctly. This release also fixes Jira internal-comment creation, which was failing with a JSM 404 authentication error.

Release 0.4.16 — RAG Truncation and Seed Persistence Fixes

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-21 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.4.16 Previous release: 0.4.15

Highlights

0.4.16 is a maintenance release focused on correctness. The RAG_MAX_OUTPUT_CHARS cap now actually fires for MCP tool results (previously a type check silently skipped truncation), seed agent configs once again persist their ui, features, and interrupt_on fields to MongoDB, and two reopened CodeQL code-scanning alerts are closed. The bundled CAIPE API reference docs were also refreshed to match the current BFF and RAG surfaces.

Release 0.4.14 — Slack and Chat Reliability

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-20 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.4.14 Previous release: 0.4.13

Highlights

0.4.14 is a maintenance release focused on Slack and chat reliability. It fixes several cases where the Slack bot silently failed to respond — overthink skip logic that never fired on auto-routed channel messages, and alert integrations that put all their content inside attachment blocks. The /invoke chat endpoint gains optional conversation-history persistence, the skill scanner now returns actionable validation errors for malformed skills, and Jira agents can post internal (non-customer-visible) service desk comments.