Skip to main content

Release 0.4.15 — Curl Private Endpoints

Sri Aradhyula
Sri Aradhyula

Released: 2026-05-20 Chart: oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.4.15 Previous release: 0.4.14

Highlights

0.4.15 is a small follow-up release. The curl builtin tool gains an opt-in allow_non_public_urls flag so dynamic agents can reach private or internal endpoints when explicitly configured, while domain ACLs still apply. The release also quiets noisy Jira MCP logs by default and closes several CodeQL findings by removing sensitive data from logs and stdout.

What's New

Dynamic Agents

  • curl private-endpoint opt-in — a new per-agent allow_non_public_urls field (default false) on the curl builtin tool bypasses the SSRF IP-routing check so agents can reach private/internal endpoints; the domain ACL still applies, and fetch_url is unchanged. The field is surfaced in the agent configuration UI alongside https_only and allowed_domains (#1476)

Bug Fixes

  • jira: default the Jira MCP server log level to WARNING to reduce protocol noise and lower the chance of Jira payloads appearing in logs; verbose logging stays available via MCP_JIRA_LOG_LEVEL (#1475)

Security

  • Close active CodeQL alerts — stop echoing catalog HTTP response bodies from caipe-skills.py, remove bearer-token stdout printing from get_token.py (tokens can now be written to a 0600 file), and bound scan-content API responses to sanitized severity/exit-code fields while avoiding logging of raw scan exceptions and HTTP error metadata (#1474)

Breaking Changes

No breaking changes. Drop-in upgrade from 0.4.14.

Known Issues

None known at this time.

Upgrade

helm upgrade ai-platform-engineering \
  oci://ghcr.io/cnoe-io/charts/ai-platform-engineering \
  --version 0.4.15 \
  -f your-values.yaml

Upgrade Guide: 0.4.14 → 0.4.15

Overview

0.4.15 is a drop-in upgrade — no values.yaml edits are required. There are no Helm values changes between 0.4.14 and 0.4.15.

Helm Values Changes

No Helm values changes between 0.4.14 and 0.4.15. Drop-in upgrade.

Data Migrations

No data migrations are required.

Upgrade Runbook

1. Update chart version

helm upgrade ai-platform-engineering \
  oci://ghcr.io/cnoe-io/charts/ai-platform-engineering \
  --version 0.4.15 \
  -f your-values.yaml

2. (Optional) Allow private endpoints for curl

If a dynamic agent must reach a private or internal endpoint, set builtin_tools.curl.allow_non_public_urls: true for that agent (default false). Keep allowed_domains scoped — the domain ACL is still enforced.

3. Verify

kubectl get pods -n <namespace>