robintra/perf-sentinel chart-v0.2.32

perf-sentinel chart v0.2.32

on GitHub

What's new in chart-v0.2.32

This is a daemon-version-only chart bump: appVersion advances from 0.5.28 to 0.6.0, the default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.6.0, and the .perf-sentinel.toml ConfigMap loaded by the daemon is the only operator-facing surface that may need editing before upgrade. No chart-level template diff, no values.yaml schema change, no new RBAC, no new optional ConfigMap or Secret. The chart-v0.2.31 surface is preserved byte-for-byte.

The 0.6.0 daemon image is the first SemVer-incompatible release of the 0.x line. Three things break together. The public Config Rust API splits into sectioned sub-structs (thresholds, detection, green, daemon), the eight legacy top-level keys deprecated since 0.5.26 are removed so a .perf-sentinel.toml that still uses any of them now hard-fails at daemon startup with a ConfigError::Validation whose message names both the removed key and its replacement, and the OTLP ingest path no longer reaches into report::metrics::MetricsState directly (a new MetricsSink trait owned by ingest closes a long-standing layering leak). For chart consumers, only the .perf-sentinel.toml removal is operator-visible: the public Rust API split is invisible from Helm, and the MetricsSink trait is an internal refactor that does not change the /metrics shape, the OTLP HTTP / gRPC routes, or any other on-the-wire surface.

The eight removed top-level keys are n_plus_one_threshold, window_duration_ms, n_plus_one_sql_critical_max, n_plus_one_http_warning_max, io_waste_ratio_max, listen_port, max_events_per_trace, max_payload_size. Operators shipping a flat .perf-sentinel.toml through the chart's daemon.config ConfigMap should move each occurrence into the matching section ([detection], [thresholds], [daemon]) before rolling the upgrade. The error message names the replacement, so a tail of the daemon's startup logs after a failed rollout tells you exactly what to edit. The chart's daemon.config plumbing itself is unchanged, no template tweak required.

The 0.6.0 daemon image also lands the first wave of the audit's user-facing alignments. The CLI now reports Found N finding(s) instead of Found N issue(s) so the wording lines up with the data model, the JSON output, the SARIF emission, and the daemon API. fan-out becomes fanout across docs to match the ExcessiveFanout enum and the excessive_fanout finding label. A single Acknowledgement (UK) drift in docs/SUPPLY-CHAIN.md was aligned to the 386 Acknowledgment (US) occurrences elsewhere. docs/ARCHITECTURE.md gains a Glossary section pinning down event vs finding vs pattern vs detection, plus the four operating modes (batch, CI, daemon, watch) and the Confidence axis. docs/ACK-WORKFLOW.md adds a "Service renames invalidate acks" section covering signature breakage on service.name change, http.route refactors, and SQL/HTTP template changes. docs/LIMITATIONS.md adds a "Long-running traces and TTL eviction" section explaining sparse-burst undercounting in streaming mode. README.md adds a Grafana Pyroscope row to the comparison table positioning the two tools as complementary. None of these is operator-visible from a chart perspective, the daemon HTTP API and the chart-rendered ConfigMap and Secret schemas keep their prior contracts.

The eight tautological template_carries_* HTML drift guards in crates/sentinel-core/src/report/html.rs are dropped. The X-API-Key header value is centralized as a single pub const API_KEY_HEADER: &str = "X-API-Key"; in crates/sentinel-core/src/http_client.rs, both the daemon check_ack_auth and the outbound fetch_with_body consume it through this constant. The new template_propagates_api_key_header_constant test asserts the live-mode JS propagates the same constant. From the chart's perspective, this is invisible: the static HTML report shape is unchanged, the live-mode X-API-Key header value is unchanged, the daemon [daemon.ack] api_key workflow keeps its prior contract.

The HTTP API surface, the v0.5.21 ack Prometheus counters, the v0.5.23 [daemon.cors] config section, the v0.5.25 Scaphandre scrape counters on /metrics, the v0.5.27 hardening (terminal-injection-safe error messages, ack file 0700 parent dir on Unix, mixed-content / wildcard-CORS / --auth-header operator WARNs), the v0.5.28 32-hex finding signature, the ServiceMonitor rendering, the NetworkPolicy rendering, and the optional [daemon.ack] ConfigMap-and-Secret plumbing all keep their prior contracts. A helm upgrade from chart-v0.2.31 to chart-v0.2.32 is metadata-only on the chart side, the daemon-side breaking change reduces to validating the .perf-sentinel.toml against the eight removed keys before the rollout.

Changed

• appVersion bumped from 0.5.28 to 0.6.0, default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.6.0.
• No chart-level config change. values.yaml, every template, the ServiceMonitor rendering, the NetworkPolicy rendering, the optional [daemon.ack] ConfigMap-and-Secret plumbing, the optional [daemon.cors] plumbing, and the ack-toml-baseline mount are byte-for-byte identical to chart-v0.2.31.

Behavior

• Breaking, daemon side: 8 legacy top-level config keys removed. .perf-sentinel.toml files that still use n_plus_one_threshold, window_duration_ms, n_plus_one_sql_critical_max, n_plus_one_http_warning_max, io_waste_ratio_max, listen_port, max_events_per_trace, or max_payload_size at the top level fail daemon startup with ConfigError::Validation. The error names the replacement key and its target section. Move each occurrence into [detection], [thresholds], or [daemon] before upgrading.
• Breaking, daemon side: Config Rust public API split into sectioned sub-structs. Library consumers that depend on perf-sentinel-core directly need to swap config.green_*, config.tls_*, config.n_plus_one_* for the config.<section>.* form. Invisible from Helm.
• Internal: MetricsSink trait owned by ingest replaces the direct MetricsState import, closing the ingest to report layering leak. The /metrics exemplars, the OTLP HTTP and gRPC routes, the /api/findings, /api/status, /api/correlations, /api/explain/*, and /api/export/report shapes are byte-for-byte identical to chart-v0.2.31 for already-clean inputs.
• No HTTP-shape change on the daemon side. The three ack endpoints, the ack /metrics counters, the Scaphandre scrape counters, and every other route keep their v0.5.28 status codes and JSON shapes.
• No upgrade hook required, no on-disk migration. The runtime ack store JSONL schema is unchanged, the 32-hex signatures introduced in 0.5.28 carry over byte-for-byte. Existing acks survive the upgrade.
• CLI lexicon: Found N issue(s) becomes Found N finding(s). The HTML report, JSON, SARIF and daemon API wording now align. Operator-visible only on the CLI side, no chart-rendered output is affected.

Notes

• artifacthub.io/changes still references the 0.5.28 signature width bump. The annotation was not refreshed for chart-v0.2.32. Operators reading the Artifact Hub listing should treat this release as carrying the 0.6.0 daemon image and the .perf-sentinel.toml validation tightening listed above. A follow-up chart bump will refresh the annotation alongside any further chart-template change.

Install

helm install perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.32

Upgrade an existing release:

helm upgrade perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.32

Validate the .perf-sentinel.toml ConfigMap before rolling the upgrade. The eight legacy top-level keys removed in 0.6.0 hard-fail daemon startup, so a stale ConfigMap blocks the rollout. Move each occurrence into its target section ([detection], [thresholds], [daemon]) and re-apply the ConfigMap before bumping the chart.

See docs/CONFIGURATION.md "Migration from 0.5.x" for the canonical mapping table.

Full Changelog: chart-v0.2.31...chart-v0.2.32