Skip to content

chore(main): release 1.0.0#497

Open
msn-ci-bot[bot] wants to merge 1 commit into
mainfrom
release-please--branches--main
Open

chore(main): release 1.0.0#497
msn-ci-bot[bot] wants to merge 1 commit into
mainfrom
release-please--branches--main

Conversation

@msn-ci-bot

@msn-ci-bot msn-ci-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 I have created a release beep boop

1.0.0 (2026-07-08)

⚠ BREAKING CHANGES

  • i18n: Translation keys changed from flat strings to nested objects

Features

  • a11y: axe-core test harness for the Button primitives (#370) (991c92f)
  • achieve 100% config parity between CLI, TUI, and WebUI (e42fe2a)
  • add _project_specs session management structure (b8f3373)
  • add Cloud Native Buildpacks support (1ffde0f)
  • add lighthouse, i18n validation, and package targets (3043e6b)
  • add packaging infrastructure (DEB, RPM, PKG) (47f016c)
  • add Phase 2-5 production readiness improvements (eaab585)
  • add Phase 3 documentation and i18n support (6a69e5b)
  • add Phase 3 operational readiness improvements (ac2533b)
  • add production readiness features and WebUI improvements (366865d)
  • add test parallelization, build profiles, and iperf3 bundling (f42bf7a)
  • add tests/integration/ directory (13b6e8d)
  • add websocket streaming and api auth (69c569b)
  • api: add go-playground/validator + tags on hot DTOs (#294) (95236b5)
  • api: capability registry for declarative route policy (register) (#401) (55ae19a)
  • api: complete frontend-to-backend config plumbing (7b8b2bc)
  • api: make request body-size limit declarative in the route registry (#415) (1aa020e)
  • api: port invopop/jsonschema generator from NIAC (#297) (d489eef), closes #269
  • api: port seed's strict JSON decode helpers (#320) (#322) (9499f86)
  • api: stream live test progress + reflector stats + mode broadcasts via SSE (#302) (6dd72ff), closes #296
  • auth: add ACME/Let's Encrypt, OAuth SSO, and UserStore from Seed (966fd91)
  • auth: argon2id password hashing + zxcvbn strength + hibp breach check (#233) (4d85f83)
  • auth: TOTP MFA + WebAuthn passkeys (Wave 3) (#234) (91fcfac)
  • ci: add frontend artifact sharing and todo tracker (2ddbf1a)
  • ci: Add provenance_only mode for SLSA backfill (#75) (#226) (04af510)
  • ci: add unsafe logging pattern detection (43ccf06)
  • ci: pin actions to v6 and enhance security scanning (488132b)
  • cli: help entries for tui/list-tests/install-ca + completeness test (#371) (85d56a1)
  • close all UI parity gaps between CLI, TUI, and WebUI (317803c)
  • config: make biome.json significantly stricter (4ce8338)
  • configure C23 linting and formatting (NOT C++) (c0337e4)
  • database: add SQLite database layer with repositories (311952f)
  • forms: adopt react-hook-form + valibot resolver, Y.1564 pilot (#325) (#328) (bf7937a)
  • forms: adopt react-hook-form for MFA setup + disable (#325) (#331) (92cffef)
  • forms: finish react-hook-form rollout — App.tsx auth + Recovery + Setup (#332) (#333) (2afb218)
  • forms: sweep 6 remaining ConfigForms onto react-hook-form (#325) (#330) (224b39d)
  • Graceful port fallback when canonical port is in use (#69) (#222) (750704b)
  • help: surface version in HelpDrawer header (in-app About) (#372) (86b76b5)
  • i18n: add errors.license.* keys for tier-gating UI (#313) (0e406de)
  • i18n: add per-repo dynamic-prefixes allowlist for check-keys.py (#335) (cd6a793)
  • i18n: add TypeScript type safety for translations (0720b05)
  • i18n: add useLocale hook + migrate HelpDrawer plurals (#324) (771a07c)
  • i18n: en/es key parity + DNT compliance test (stem) (#373) (f36d954)
  • i18n: expand settings translations for 95%+ coverage (#132) (316aa7e)
  • i18n: extract ModuleCard a11y strings to locale keys (#319) (56eacd5)
  • i18n: port check-keys.py + add phase 6 unit tests (#327) (85a3382)
  • i18n: unified frontend/backend i18n with JSON single source of truth (40a74d0)
  • implement dataplane-backed certification and measurement tests (d01e4bd)
  • implement versioning and CI/CD infrastructure (e72eafb)
  • license: replace forgeable rotor cipher with Ed25519-signed tokens (#409) (b78e407)
  • make: add capability-aware dev-run target (#197) (ba3f344)
  • makefile: add deployment automation targets (204f80c)
  • makefile: add developer experience enhancements (726f0fb)
  • makefile: add testing and quality enhancements (b76708f)
  • modules: add 6-module architecture with Reflector separation (5f7cd6f)
  • platform: add platform detection with improved error messages (#56) (8187ce7)
  • product favicons + drop per-file copyright headers (SPDX for Go) (#198) (faef765)
  • security: add CSRF protection, setup wizard, and password recovery (2769f21)
  • security: add RFC 1918 CORS validation and fix CSP (71f6da4)
  • stories: Primitive Storybook coverage + biome pin (Wave 5 / #236) (#241) (b26dc80)
  • storybook: add Storybook 10.x with component stories (#131) (c5fff23)
  • theme: add themeTypography barrel module (Phase 3) (0f69005)
  • theme: adopt botanical-earth surface palette (Phase 4) (d82ae9d)
  • theme: Apply 2026-05-22 brand audit — Stem becomes blue (24576de)
  • theme: fix button contrast against constant brand anchor (Phase 7) (901eb9b)
  • theme: identity shift — Stem becomes blue (Phase 5) (0475681)
  • theme: self-host Inter + JetBrains Mono via @fontsource-variable (Phase 2) (78459f0)
  • theme: swap status palette to canonical brand-tied anchors (Phase 1) (40e298c)
  • tls by default + canonical port 8444 + http redirector + csrf fail-closed (#232) (406bc43)
  • tui: add Reflector TUI filter profiles and keyboard shortcuts (4448f8c), closes #82
  • types: add profile types aligned with Seed patterns (b9f2f59)
  • ui,api: Reflector platform-guard + E2E cleanup of imaginary-UI specs (#70 / #64) (#224) (d765f62)
  • ui,api: Wire RoleChip to backend mode-switch endpoint (#74) (#225) (cf69a9d)
  • ui: add ARIA labels for accessibility (#111) (2610fdb)
  • ui: add canonical help-drawer testids (Phase 3b) (#354) (f2a1518)
  • ui: add focus traps to modals for accessibility (#110) (05810e6)
  • ui: add ModuleCard component with per-test results display (c61697a)
  • ui: add profile store, i18n test sections, and more stories (8336c50)
  • ui: add React Error Boundary for crash recovery (#109) (efbaf2a)
  • ui: add React Query + migrate the interfaces read (W5.2a) (#431) (12e073c)
  • ui: add types/generated directory for backend types (18feccc)
  • ui: canonical shell — modernize Sidebar + PageHeader (Phase 1) (#339) (3983689)
  • ui: comprehensive tooltip parity — add ~42 tooltips for icon-only buttons + complex actions (5a9ef39)
  • ui: converge settings drawer shell — a11y + testids (Phase 3c) (#353) (6138e4b)
  • ui: expand UI primitive barrel exports (Wave 5 / #236) (#240) (798772b)
  • ui: extract auth to auth-store + harden authFetch (W5.3) (#434) (7075ea6)
  • ui: Flat sidebar + header role-chip + slimmed Settings + valid-interface filter (#210) (1cb58bd)
  • ui: generate TypeScript types from JSON Schemas (#299) (a4ea7d5)
  • ui: harden RoleContext with valibot schemas (#295) (ef93f25), closes #272
  • ui: harmonize Card system with Seed patterns (e11f23c)
  • ui: harmonize RecoveryForm with Seed patterns (ea6ef1f)
  • ui: harmonize SetupWizard with Seed patterns (a24ab49)
  • ui: harmonize UI components with Seed patterns (#122-#129) (76a357f)
  • ui: lift primitive kit, add command palette, polish dark mode (#206) (b4339de)
  • ui: migrate the stats poll to React Query (W5.2b) (#432) (4f17830)
  • ui: phase A router + sidebar architecture (multi-page) (207129b)
  • ui: port useTheme hook from seed for cross-repo parity (a6d7494)
  • ui: require auth and add live stats (46b01a7)
  • web: route test execution through module system (b2b9d22)

Bug Fixes

  • add missing braces and fix data race in test executor (aaf8b42)
  • add missing help-content data file and @types/node dependency (f0e3d12)
  • address golangci-lint issues across codebase (26075d0)
  • address remaining code quality issues from Codex review (cb1997a)
  • align dataplane MEF results and docs (7e7286a)
  • api: add SPA fallback for client-side routes (#214) (ae5a51a)
  • api: authenticate reflector config/stats + pin govulncheck (#398) (7d9a4e3)
  • api: make RFC1918 CORS reflection opt-in (STEM_CORS_ALLOW_PRIVATE) (#399) (554fc76)
  • api: update fs.Sub subdir to "ui" to match embed glob (058d44f)
  • auth: remove t.Parallel from HIBP tests that mutate shared endpoint (#315) (08ef121)
  • auth: Serialise HIBP test seams behind a sync.RWMutex (#235) (5f87f35)
  • build: expose linux feature APIs for c23 (ef93e2a)
  • build: fix packaging targets and add build-darwin/build-linux (faefd65)
  • ci: add target_tag input to SLSA backfill (#75 follow-up) (#228) (6e00400)
  • ci: align container and license validation (655c917)
  • ci: allow gitleaks to inspect pull requests (cd5728a)
  • ci: allow MPL npm dependencies (5b03f31)
  • ci: auto-trigger release-please on CI completion (was manual-only) (5334db2)
  • ci: build browser test server without cgo (46d3a3b)
  • ci: build stem native library with clang (59f46a0)
  • ci: build stem native test dependencies (dfb6d45)
  • ci: bump Dockerfile go-build to golang:1.26-bookworm (032a37e)
  • ci: correct artifact path + Docker @locales copy (b4902e4)
  • ci: fetch full history for security scans (655c135)
  • ci: handle missing dataplane contexts (8736134)
  • ci: inject UIBuildHash ldflag (Universal Build Contract) (#282) (ca443be)
  • ci: keep stem analysis advisory (74f779e)
  • ci: link native dataplane tests (b6da226)
  • ci: point Lighthouse at the real served URLs (#65) (#220) (cde7653)
  • ci: race detector needs C dataplane deps + serialize SSE tests (#199) (34fad0d)
  • ci: rename status import to statusColor to avoid noShadow lint (da4d3d9)
  • ci: repair buildpacks project metadata (cdcb63f)
  • ci: repair label sync workflow (7acb464)
  • ci: report stem analyzer findings (d726b50)
  • ci: resolve stem workflow blockers (314785d)
  • ci: restore stem validation pipeline (c1a26b2)
  • ci: run stub unit tests without race (6272714)
  • ci: satisfy servicetest lint (ec275df)
  • ci: scope stem container and license checks (d267154)
  • ci: scope stem e2e smoke suite (4ce2153)
  • ci: skip stem docker publish without dockerfile (a5a9deb)
  • ci: split native compile from unit tests (f1f8c82)
  • ci: stabilize automated validation (76209fa)
  • ci: stabilize stem browser smoke gate (7dc7655)
  • ci: start stem web server in browser jobs (2c9f44b)
  • ci: suppress biome noBarrelFile on intentional theme barrel (ee76bd3)
  • ci: trigger CodeQL on PR + push + weekly schedule (#293) (736fed4)
  • ci: unblock main — race in sse, lighthouse cert, e2e selectors (#345) (533f7f8)
  • ci: unblock stem main — PageHeader testid, E2E selector, robots.txt (#347) (6a5de95)
  • ci: unescape apostrophe in target_tag description (#229) (e0c3d16)
  • ci: use compatible labeler action (99c9c57)
  • ci: use current intel macos release runner (715b7bf)
  • ci: use go-version-file and fix c lint (cf34ecb)
  • ci: use hosted node setup in container workflow (9023b15)
  • ci: use labeler yaml format (8d68517)
  • ci: verify UIBuildHash embedded in built binary (#286) (b35a6f4)
  • comprehensive code quality improvements (4a25f5a)
  • comprehensive lint, format, and test cleanup (e26662a)
  • correct API paths and TLS config in smoke test (25c7b10)
  • dataplane: replace interface{} with typed ConfigUpdate struct (8e2ee57), closes #2
  • dataplane: require full payload length in RFC2544/Y.1564 frame validators (#410) (1a2239c)
  • dataplane: return error on invalid OUI in UpdateConfig (#11) (499dcc3)
  • deps: bump golang.org/x/net to v0.55.0 (GO-2026-5026) (855f165)
  • deps: Bump golang.org/x/net to v0.55.0 (GO-2026-5026) (4011ac4)
  • docs: correct PR template 'cd web' -> 'cd ui' (#283) (79c2782)
  • e2e: role-chip-test_master uses underscore not hyphen (#388) (8a3e683)
  • handle --help correctly in test command and smoke test runner (6f7ad30)
  • harden API security and resolve all open issues (2e671ea)
  • i18n-es: normalize accents and add missing diacritics (107 fixes) (#321) (c4e5870)
  • i18n: resolve 48 t() calls referencing missing EN locale keys (#329) (b0232aa)
  • i18n: update document.lang on locale change for a11y (#316) (963bf12)
  • license: add RWMutex to Manager for safe concurrent access (#312) (cf8afe3)
  • lint: Clear gocognit, godoclint, nestif, tparallel (#262) (19a2234)
  • lint: Extract test-type + standard-name consts (partial goconst cleanup) (#263) (9bcb8aa)
  • lint: resolve all remaining lint issues (fe4bac2)
  • metrics: serialize tests that share Prometheus counter labels (3e413bc)
  • modules: resolve all golangci-lint warnings (2fd1bad)
  • prevent smoke test early exit on assertion failures (7408218)
  • quality-gates: honest exit codes, fmt-check, npm audit fix, CI/make parity (#468) (0993c8d)
  • reflector/web: use writeJSON and secure CORS headers (f121557)
  • regenerate lockfiles to resolve esbuild vulnerability (dbbcd7e)
  • release: Replace broken SLSA generator with attest-build-provenance (#208) (4af33d0)
  • resolve 15 frontend-backend integration issues (1560a2f)
  • resolve all lint warnings and errors (134b8ab)
  • resolve concurrent request hang in smoke test (22b9083)
  • resolve errcheck and gocritic lint warnings (7eefef9)
  • resolve golangci-lint warnings and wire remaining module executors (a997f25)
  • rpm: add user/group Provides for Fedora compatibility (a539c93)
  • rpm: auto-enable and start stem service on install (a662684)
  • scripts: clean up all shellcheck warnings + pin severity=warning (#307) (43c2d62)
  • scripts: deploy-validate default scheme=https + port=8444 (#292) (acdf2a6)
  • security: add TLS, httpOnly cookies, and security headers (04082fb)
  • security: auth-gate /mode /settings /interfaces /stats + first-run hardening (#340, #356) (#357) (5cd6489)
  • security: bump Go 1.26.5 and gate Trivy SARIF (#496) (a7aa351)
  • security: complete Phase 1 critical security fixes (9f42f6c)
  • security: Hardcode HTTPS-only auth, cipher overflow safety, fixture renames (#1070) (#260) (de2d166)
  • security: prevent rate limiter memory exhaustion DoS (#112) (d32c8be)
  • security: resolve gosec issues and improve auth test coverage (2b342d3)
  • security: scope generated TLS certificate writes (83f6cef)
  • server: clean lint issues (652af1c)
  • set vite outDir to internal/api/dist for Go embed (500f676)
  • smoke test handles missing C dataplane gracefully (6f34d6f)
  • smoke: annotate STEM_AUTH_PASSWORD assignment as gitleaks:allow (#389) (579774e)
  • systemd: remove invalid --config flag from service file (5e0f2c0)
  • tests: add captureStdout helper for error-checked output capture (d139a30)
  • tests: fix errcheck warnings in test files (#7) (3161abd)
  • tests: gate remaining measure tests under -short (#201) (b0fc1be)
  • tests: improve test coverage and fix all lint issues (29652b9)
  • tests: make race detector pass on Linux + CGO (#200) (23cb945)
  • tests: resolve all exhaustruct lint issues in test files (c6a30c8)
  • tests: resolve goroutine leaks and auth test failures (c7c56e5)
  • tests: use SetOutput for proper stdout capture in help tests (53cd204)
  • ui,api: replace hardcoded "0.1.0" with /__version + add the endpoint (#212) (69fe359)
  • ui: add explicit type annotations in HelpDrawer (c263cff)
  • ui: add logging for silently ignored errors (#113) (0b8b110)
  • ui: add role=alert to stem login error display (#385) (d4a76a7)
  • ui: close token-gate escapes in themeComponents + narrow the gate (S5) (#425) (483b7b6)
  • ui: complete httpOnly cookie auth migration (1c987f0)
  • ui: correct import casing and add explicit type annotations (4e59556)
  • ui: correct import path casing for RFC/TSN components (96d056c)
  • ui: drop sidebar-*-button testids on the mobile aside copy (#381) (b91ce7e)
  • ui: enable erasableSyntaxOnly + refactor ApiError TS-only syntax (#290) (1cc7d6a), closes #285
  • ui: give module-certify a distinct violet hue (S7) (#430) (5ab0891)
  • ui: i18n the Account nav group label (S3) (#419) (4922212)
  • ui: render sidebar product name from t('app.title'), not hardcoded (#350) (446b639)
  • ui: repair token-discipline guard and close white/black color leaks (#361) (e33fd7f)
  • ui: replace undefined status-danger token with status-error (#366) (69e1e30)
  • ui: stop emitted vite.config.js shadowing vite.config.ts (#416) (65421cd)
  • ui: suppress node dep0205 build warning (2ffcaf8)
  • update Logf function callers in main.go (1fc6c9a)
  • update test types to use module-prefixed names (3b6d7a7)
  • vite: stop inlining font assets as data: URLs (CSP fix) (2f3099f)
  • vite: Stop inlining font assets as data: URLs (CSP fix) (96b4b8a)
  • web: add interface validation to handleSettings (#4) (71578cc)
  • web: add observability for config update operations (#5) (a9eea18)
  • web: add writeJSON error handling and HTTP server timeouts (c6a65e5)
  • web: implement actual test execution via module executors (#9) (b23eb48)
  • wire reflector API config/stats to dataplane and add stop support (fc95ea0)

Performance Improvements

  • e2e: bump CI workers 1->2 and retries 2->1 (#255) (6b8c658)
  • tests: optimize test performance with caching and fast bcrypt (e4364e7)
  • ui: split vendor chunks, add bundle analyzer (#417) (cd30725)

This PR was generated with Release Please. See documentation.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

License Compliance Report

All dependencies pass license compliance checks

Go Dependencies

  • Unknown: 35 package(s)
  • MIT: 25 package(s)
  • BSD-3-Clause: 16 package(s)
  • Apache-2.0: 11 package(s)
  • BSD-2-Clause: 1 package(s)

npm Dependencies

See full report in workflow artifacts

Allowed Licenses: MIT, Apache-2.0, BSD-*, ISC, CC0-1.0, MPL-2.0
Forbidden: GPL, AGPL, SSPL (strong copyleft)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

0 participants