Skip to content

fix readme #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sourcehawk merged 1 commit into from
Jun 2, 2026
Merged

fix readme #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .release-notes-v0.3.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
## Overview

v0.3.0 extends triagent past the Kubernetes layer: the operator agent can now investigate the GCP or AWS cloud beneath an incident — reachability, IAM, managed-cluster config, logs, and the audit trail — without a human leaving the loop. The cloud access is read-only by construction (no shell, positive allowlist, hardcoded deny floor) and pinned to a deployment-chosen identity the agent can't select or escalate. The rest of the release is documentation that reframes the project around cloud incident triage. No breaking changes; upgrading is drop-in.

## What's new

- **Cloud-context MCP for GCP and AWS.** Before, an investigation that bottomed out at the cloud layer — a node that can't reach an API, an IAM binding that changed, a managed-cluster setting — meant a human leaving the loop to run `gcloud`/`aws` by hand. The new read-only cloud MCP (`triagent-cloud-<alias>`, one package behind a `Provider` interface selected by `--provider=<gcp|aws>`) lets the agent orient through two typed tools and reach the long tail through a gated, no-shell CLI, so the cloud layer is now part of the same triage loop as the cluster. Read-only is guaranteed by construction — a no-shell `execve`, an exact-match allowlist, a deny floor config can never re-enable, and a pinned read-only identity as the outermost backstop. Cloud auth readiness is visible before a session starts, and a stale cloud credential degrades that source visibly rather than blocking Kubernetes triage. (#53)

## Fixes

- **Docs no longer point at a tool that doesn't exist.** References to the removed `dump-meta` tool now describe the in-process tool catalog that actually serves the metadata, so following the docs lands you on real surface area. (#55)

<details>
<summary>Changelog</summary>

- feat(cloud): read-only cloud-context MCP for GCP and AWS (#53)
- docs(readme): reframe for cloud incident triage in plain language (#62)
- docs: correct stale dump-meta references to the in-process tool catalog (#55)

**Full diff:** https://github.com/sourcehawk/triagent/compare/v0.2.0...v0.3.0

</details>
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ cd frontend && npm run typecheck # frontend types
`make build` rebuilds the embedded frontend bundle and both binaries. For the UI dev loop (no Go rebuild for frontend changes):

```sh
go run . start # terminal 1
go run ./cmd/triagent start # terminal 1
cd frontend && npm run dev # terminal 2, proxies /api/* to :8080
```

Expand Down
Loading