github robintra/perf-sentinel chart-v0.2.37
perf-sentinel chart v0.2.37

latest releases: chart-v0.9.3, v0.9.3, chart-v0.9.2...
one month ago

What's new in chart-v0.2.37

This is a metadata-only chart bump: appVersion advances from 0.7.1 to 0.7.2, the default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.7.2, and the artifacthub.io/changes annotation refreshes to surface the new hash-bake subcommand on Artifact Hub. No chart-level template diff, no values.yaml schema change, no new RBAC, no new optional ConfigMap or Secret, no .perf-sentinel.toml review needed. The chart-v0.2.36 surface is preserved byte-for-byte.

The 0.7.2 daemon image is a small-feature release. It adds the perf-sentinel hash-bake CLI subcommand (canonical content_hash baking for test fixture generation and debugging), tightens terminal ANSI sanitisation across every render boundary, and aligns a 64 MiB local read cap between hash-bake and verify-hash --report <local>. Full release notes for the daemon at v0.7.2. None of these changes touches a chart-level template, a daemon HTTP route, a Prometheus metric, or the OTLP listener wire format.

Changed

  • appVersion bumped from 0.7.1 to 0.7.2, default image.tag now resolves to ghcr.io/robintra/perf-sentinel:0.7.2.
  • artifacthub.io/changes annotation refreshed to surface the hash-bake subcommand addition on Artifact Hub.
  • No chart-level config change. values.yaml, every template, the ServiceMonitor rendering, the NetworkPolicy rendering, the optional [daemon.ack] and [daemon.cors] plumbing, and the ack-toml-baseline mount are byte-for-byte identical to chart-v0.2.36.

Behavior

  • Daemon binary side: new hash-bake CLI subcommand. Reads a periodic disclosure JSON, recomputes the canonical content_hash, writes it back via an atomic temp+rename. CLI-only, the daemon does not invoke it at runtime. A chart upgrade neither enables it nor exposes it on any Service or Ingress.
  • Daemon binary side: terminal sanitisation extended. sanitize_for_terminal and safe_url now strip the C1 control range 0x80..=0x9F (CSI U+009B, ST U+009C, OSC U+009D), workspace-wide. Affects every log line and dashboard render that quotes an attacker-controlled string.
  • Daemon binary side: TOML config validation extended. has_control_char rejects the same C1 range, so a .perf-sentinel.toml placing a C1 byte in disclose_output_path, auth_token, or any free-form path field is refused at load time before reaching tracing::warn!.
  • Daemon binary side: verify-hash --report <local> now caps the local file at 64 MiB, matching the new hash-bake cap. Remote --url mode unchanged (10 MiB cap preserved).
  • No HTTP-shape change on the daemon side. Every /api/* route, every /metrics line, the OTLP HTTP and gRPC routes, and every JSON shape are byte-for-byte identical to chart-v0.2.36 for already-clean inputs.
  • No upgrade hook required, no on-disk migration. The runtime ack store JSONL schema is unchanged. Existing acks survive the upgrade.

Install

helm install perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.37

Upgrade an existing release:

helm upgrade perf-sentinel oci://ghcr.io/robintra/charts/perf-sentinel --version 0.2.37

The bump is metadata-only on the chart side. The new daemon binary brings a CLI-only feature (hash-bake), so no .perf-sentinel.toml edit, no RBAC change, and no Service or Ingress reconfiguration is needed.

Full Changelog: chart-v0.2.36...chart-v0.2.37

Don't miss a new perf-sentinel release

NewReleases is sending notifications on new releases.