Changes
New Features
- feat: auto-provision ACL tags and Funnel, fix broken-service dashboard hang and lint issues
Security Updates
Bug Fixes
- fix(tailscale): release mtx during exposure.Start to prevent dashboard deadlock
- fix(tailscale): re-advertise service listener after auto-approval
- fix(ci): use find instead of glob for chmod (paths are nested 2-3 levels)
- fix(docker): set executable permissions on binaries in CI images
- fix(ci): use slash-free artifact names for dev build matrix
- fix(docker): copy internal/ to frontend stage so Tailwind can scan .templ files
- fix(web): sync package.json versions with bun.lock
- fix(web): update bun.lock for frozen-lockfile CI builds
- fix(ci): pin cosign-installer to v4.1.2 (no major tag exists)
- fix(ci): correct Docker binary path mapping for armv6/armv7
Dependency Updates
Documentation
- docs(v3): fix image tag from :2 to :dev in v3 documentation
Other Changes
- ci: bump actions/cache to v5 (Node 24)
- ci: optimize release workflows with shared module cache, pre-built templ, and Docker GHA cache
- ci: use pre-built templ binary in PR workflow
- ci: eliminate redundant frontend+templ builds across matrix jobs
- ci: parallelize binary builds via matrix strategy (8 platforms → ~2 min wall time)
- ci: replace GoReleaser with plain GitHub Actions