diff --git a/.release-notes-v0.3.0.md b/.release-notes-v0.3.0.md new file mode 100644 index 0000000..7ec282d --- /dev/null +++ b/.release-notes-v0.3.0.md @@ -0,0 +1,22 @@ +## Overview + +v0.3.0 extends triagent past the Kubernetes layer: the operator agent can now investigate the GCP or AWS cloud beneath an incident — reachability, IAM, managed-cluster config, logs, and the audit trail — without a human leaving the loop. The cloud access is read-only by construction (no shell, positive allowlist, hardcoded deny floor) and pinned to a deployment-chosen identity the agent can't select or escalate. The rest of the release is documentation that reframes the project around cloud incident triage. No breaking changes; upgrading is drop-in. + +## What's new + +- **Cloud-context MCP for GCP and AWS.** Before, an investigation that bottomed out at the cloud layer — a node that can't reach an API, an IAM binding that changed, a managed-cluster setting — meant a human leaving the loop to run `gcloud`/`aws` by hand. The new read-only cloud MCP (`triagent-cloud-`, one package behind a `Provider` interface selected by `--provider=`) lets the agent orient through two typed tools and reach the long tail through a gated, no-shell CLI, so the cloud layer is now part of the same triage loop as the cluster. Read-only is guaranteed by construction — a no-shell `execve`, an exact-match allowlist, a deny floor config can never re-enable, and a pinned read-only identity as the outermost backstop. Cloud auth readiness is visible before a session starts, and a stale cloud credential degrades that source visibly rather than blocking Kubernetes triage. (#53) + +## Fixes + +- **Docs no longer point at a tool that doesn't exist.** References to the removed `dump-meta` tool now describe the in-process tool catalog that actually serves the metadata, so following the docs lands you on real surface area. (#55) + +
+Changelog + +- feat(cloud): read-only cloud-context MCP for GCP and AWS (#53) +- docs(readme): reframe for cloud incident triage in plain language (#62) +- docs: correct stale dump-meta references to the in-process tool catalog (#55) + +**Full diff:** https://github.com/sourcehawk/triagent/compare/v0.2.0...v0.3.0 + +
diff --git a/README.md b/README.md index d2258ad..289a9be 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ cd frontend && npm run typecheck # frontend types `make build` rebuilds the embedded frontend bundle and both binaries. For the UI dev loop (no Go rebuild for frontend changes): ```sh -go run . start # terminal 1 +go run ./cmd/triagent start # terminal 1 cd frontend && npm run dev # terminal 2, proxies /api/* to :8080 ```