Skip to content

Release: 7 features, 7 fixes, 1 refactor, 1 test, 2 chores → Main#8123

Merged
h0lybyte merged 18 commits intomainfrom
dev
Mar 17, 2026
Merged

Release: 7 features, 7 fixes, 1 refactor, 1 test, 2 chores → Main#8123
h0lybyte merged 18 commits intomainfrom
dev

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 16, 2026
edited
Loading

Release: Dev → Main

18 atomic commits ready for main

Features

Bug Fixes

Refactoring

  • refactor(isometric): unify creature systems under NpcDb-driven registry (86d2470)

Tests

  • test(axum-kbve-e2e): assert COOP/COEP headers on isometric paths (b88c99f)

Chores

  • chore(kbve): minor version bump. (2184f2b)
  • chore(isometric): added the new web build. (084a07d)

This PR is automatically maintained by CI — KBVE Studio

h0lybyte added 2 commits March 16, 2026 18:41
@h0lybyte
refactor(isometric): unify creature systems under NpcDb-driven registry
86d2470 
Migrate fireflies, butterflies, and frogs to shared Creature component
with render-specific companions (EmissiveData, BillboardData, SpriteData).
Add CreatureRegistry bridging bevy_npc NpcDb to game-specific configs.
Add Astro npcdb entries for all three ambient creature types.
@h0lybyte
fix(axum-kbve): add COOP/COEP headers to /arcade/isometric/ for Share…
b71b0ff 
…dArrayBuffer

The HTML page at /arcade/isometric/ was missing cross-origin isolation
headers, causing SharedArrayBuffer to be undefined and WASM worker
threads to silently not spawn.
@github-project-automation github-project-automation bot moved this to Review in KBVE Mar 16, 2026
@h0lybyte
feat(discordsh): integrate bevy_quests proto-driven quest system (#8111
e324c98 
…) (#8121)

Add quest tracking to DiscordSH dungeon crawler using bevy_quests crate.
Creates 6 dungeon quests (3-quest main chain + 3 standalone), QuestJournal
state on SessionState, quest accept/abandon/view actions, and automatic
objective progression on enemy kills and room exploration. 662 tests pass.
@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 16, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 6 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/ci-nx-security.yml

PackageVersionLicenseIssue Type
actions/checkout6.*.*NullUnknown License
actions/github-script8.*.*NullUnknown License
actions/setup-node6.*.*NullUnknown License
actions/setup-python5.*.*NullUnknown License
pnpm/action-setup4.*.*NullUnknown License

apps/discordsh/axum-discordsh/Cargo.toml

PackageVersionLicenseIssue Type
lru>= 0.16.0, < 0.17.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 6.*.* 🟢 5.9
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 8SAST tool detected but not run on all commits
actions/actions/github-script 8.*.* 🟢 7.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1013 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/setup-node 6.*.* 🟢 6.1
Details
CheckScoreReason
Maintained🟢 1012 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 9binaries present in source code
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
actions/actions/setup-python 5.*.* 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
actions/pnpm/action-setup 4.*.* 🟢 5
Details
CheckScoreReason
Maintained🟢 33 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 10all dependencies are pinned
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/lru >= 0.16.0, < 0.17.0 UnknownUnknown

Scanned Files

  • .github/workflows/ci-nx-security.yml
  • apps/discordsh/axum-discordsh/Cargo.toml

@github-actions github-actions bot changed the title Release: 1 fix, 1 refactor → Main Release: 1 feature, 1 fix, 1 refactor → Main Mar 16, 2026
h0lybyte added 2 commits March 16, 2026 18:45
@h0lybyte
chore(kbve): minor version bump.
2184f2b
@h0lybyte
test(axum-kbve-e2e): assert COOP/COEP headers on isometric paths
b88c99f 
Verify /arcade/isometric/ and /isometric/ assets return the
cross-origin isolation headers required for SharedArrayBuffer.
@github-actions github-actions bot changed the title Release: 1 feature, 1 fix, 1 refactor → Main Release: 1 feature, 1 fix, 1 refactor, 1 test, 1 chore → Main Mar 16, 2026
@h0lybyte
fix(edge): use version.toml as single source of truth for version and…
4450b66 
… function registry (#8125)

Bake version.toml into the Docker image with proper deno user permissions.
Health endpoint now reads version and function metadata from version.toml
at startup, serving it in the JSON response. Dashboard fetches the function
list dynamically from health instead of hardcoding it. Added e2e tests to
validate version and function registry match version.toml.
@github-actions github-actions bot changed the title Release: 1 feature, 1 fix, 1 refactor, 1 test, 1 chore → Main Release: 1 feature, 2 fixes, 1 refactor, 1 test, 1 chore → Main Mar 16, 2026
@h0lybyte
fix(pydesk): sanitize user-controlled data in innerHTML to prevent XSS (
247c4ca 
#8128)

Add escapeHtml() helper and apply it to all WebSocket message data
and user input before innerHTML insertion. Resolves CodeQL alert #15
(js/xss, CWE-79).
@github-actions github-actions bot changed the title Release: 1 feature, 2 fixes, 1 refactor, 1 test, 1 chore → Main Release: 1 feature, 3 fixes, 1 refactor, 1 test, 1 chore → Main Mar 16, 2026
@h0lybyte
feat(discordsh): add quest NPC encounters and SVG quest tracker (#8111)…
016a15e 
… (#8126)

Quest givers now appear in city and merchant rooms, showing available
quests filtered by player level, prerequisites, and completion status.
AcceptQuest is now allowed at merchants. SVG game card displays up to 2
active quest progress trackers in the footer. 670 tests pass.
@github-actions github-actions bot changed the title Release: 1 feature, 3 fixes, 1 refactor, 1 test, 1 chore → Main Release: 2 features, 3 fixes, 1 refactor, 1 test, 1 chore → Main Mar 16, 2026
@h0lybyte
feat(bevy_kbve_net): add npcdb feature flag for shared CreatureRegist…
4964073 
…ry (#8127)

Move CreatureRegistry, CreatureConfig, slot helpers, and
build_creature_registry() into bevy_kbve_net behind an optional npcdb
feature. Both isometric-game and axum-kbve enable the feature so they
share identical creature definitions.

Wire process_creature_captures on the server to validate capture
requests against the registry pool_size before broadcasting.
@github-actions github-actions bot changed the title Release: 2 features, 3 fixes, 1 refactor, 1 test, 1 chore → Main Release: 3 features, 3 fixes, 1 refactor, 1 test, 1 chore → Main Mar 16, 2026
@h0lybyte
fix(kbve): replace hardcoded HTTP URL with env var in n8n service call (
b7edec5 
#8129)

Move internal n8n URL to N8N_WORKFLOWS_URL env var with HTTPS default,
removing the hardcoded http:// URL. Resolves CodeQL alert #264
(rust/non-https-url).
@github-actions github-actions bot changed the title Release: 3 features, 3 fixes, 1 refactor, 1 test, 1 chore → Main Release: 3 features, 4 fixes, 1 refactor, 1 test, 1 chore → Main Mar 16, 2026
@h0lybyte
feat(dashboard): add ClickHouse logs dashboard with proxy and log exp…
5b40513 
…lorer (#8130)

- Add ClickHouse logs proxy route in axum-kbve using existing SUPABASE_URL and service role key
- Create ReactClickHouseDashboard with namespace overview, log explorer, filters
- Add ClickHouse summary card to dashboard home page
- Wire up Astro component and MDX page at /dashboard/clickhouse/
@github-actions github-actions bot changed the title Release: 3 features, 4 fixes, 1 refactor, 1 test, 1 chore → Main Release: 4 features, 4 fixes, 1 refactor, 1 test, 1 chore → Main Mar 17, 2026
@h0lybyte
fix(fudster): resolve all CodeQL alerts and add async context manager (
2a71639 
…#8132)

Replace bare except-pass blocks with debug logging for optional
dependency imports, fix mixed-return paths in APIConnector,
ChromeClient, and DiscordClient, add async context manager support
to APIConnector, and fix raise-from-variable anti-pattern.
@github-actions github-actions bot changed the title Release: 4 features, 4 fixes, 1 refactor, 1 test, 1 chore → Main Release: 4 features, 5 fixes, 1 refactor, 1 test, 1 chore → Main Mar 17, 2026
@h0lybyte
fix(axum-kbve): add bevy_npc to Docker build pipeline (#8133)
898e0c0 
* fix(axum-kbve): add bevy_npc to Docker build pipeline

bevy_kbve_net now depends on bevy_npc via the npcdb feature flag.
Without this change the Docker build fails because the bevy_npc crate
path is missing from the container context.

* ci(utils-file-alterations): add bevy_kbve_net and bevy_npc to kbve_base trigger paths

Without these paths, changes to bevy_kbve_net or bevy_npc would not
trigger a rebuild of the kbve-build-base Docker image.
@h0lybyte h0lybyte self-requested a review as a code owner March 17, 2026 01:09
@github-actions github-actions bot changed the title Release: 4 features, 5 fixes, 1 refactor, 1 test, 1 chore → Main Release: 4 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Mar 17, 2026
@h0lybyte
feat(astro-kbve): add NpcDB sidebar and NPCDBPanel rendering (#8131)
48bd390 
* feat(astro-kbve): add NpcDB sidebar entry and NPCDBPanel rendering component

Add NpcDB to Starlight sidebar config for navigation. Create NPCDBPanel.astro
component that renders NPC frontmatter data: identity, combat stats grid,
behavior, flavor text by action, lore, and technical footer. Wire all 26 NPC
MDX files to import and render the panel from their frontmatter.

* fix(npcdb): add missing proto enum values and regenerate all schemas

Add minion rank, passive personality, nature/light elements to npcdb.proto.
Set skipUnspecified=false for NpcRarity and NpcRank so common/normal are
included in generated Zod schemas. Run gen-all.mjs to regenerate all four
schema files (npcdb, itemdb, mapdb, questdb). Add nature/light element
colors and emoji to NPCDBPanel component.

* feat(npcdb): add Passive personality, integer enum API, and regenerate npcdb.json

Add Personality::Passive variant to all Rust consumers (bevy_battle,
discordsh types, proto_bridge, battle_bridge, and all 13 flavor text
match blocks in content.rs) with gentle/ambient creature flavor text.

Update npcdb.json API endpoint to convert string enum values to proto
integer equivalents and output a flat array matching the Rust from_json
format. Regenerate npcdb.json with correct integer enum values after
proto renumbering (Elite 1→2, Minion added at 1).
@github-actions github-actions bot changed the title Release: 4 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Release: 5 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Mar 17, 2026
@h0lybyte
feat(ci): add weekly NX security audit workflow (#8135)
762dc53 
* feat(ci): add weekly NX security audit workflow and report generator

New CI workflow that aggregates security audits from pnpm, cargo,
pip-audit, CodeQL, and Dependabot into a Starlight MDX dashboard
page and structured JSON, auto-creating a PR to dev every Wednesday.

* feat(dashboard): add security audit card to infrastructure dashboard

Fetch nx-security.json (public, no auth needed) and display a
Security Audit ServiceCard with critical/high/medium/total metrics
alongside the existing Grafana, ArgoCD, Edge, and ClickHouse cards.

* fix(ci): remove dead code in pip-audit parser flagged by CodeQL

Remove unused variable assignment with constant conditional
(if False) and redundant reassignment in parse_python().
@github-actions github-actions bot changed the title Release: 5 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Release: 6 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Mar 17, 2026
@h0lybyte
feat(discordsh): add Phase 4 session persistence for dungeon profiles (
c977bc7 
…#8136)

Add Supabase-backed player persistence so dungeon progress (level, XP,
gold, gear, inventory, quests, lifetime stats) survives across sessions.

Proto: DungeonProfile, DungeonRun, LeaderboardEntry messages + RPCs
SQL: dungeon_profiles + dungeon_runs tables with advisory locks,
     append-only enforcement, JSONB inventory validation, per-category
     leaderboard queries with deterministic tie-breakers
Rust: ProfileStore (LRU cache + PostgREST RPC), death penalty logic
      (25% XP + 50% run gold on defeat), save on game-over/end/leave/expire,
      load on start/join, /dungeon leaderboard subcommand

Closes #8111
@github-actions github-actions bot changed the title Release: 6 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Release: 7 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Mar 17, 2026
@github-actions github-actions bot changed the title Release: 7 features, 6 fixes, 1 refactor, 1 test, 1 chore → Main Release: 7 features, 6 fixes, 1 refactor, 1 test, 2 chores → Main Mar 17, 2026
@h0lybyte
fix(npcdb): align proto enum indices and add missing personality vari…
d171a59 
…ants (#8138)

Set skipUnspecified: false on all npcdb codegen enums so generated
array indices match proto integer values (fixes off-by-one for
Personality, Element, CreatureFamily, MovementType, DifficultyMode,
EquipSlot). Regenerate all four schema files via gen-all.mjs.

Add Cheerful, Mysterious, Cowardly, Noble personality variants to
bevy_battle::Personality, discordsh session types, proto_bridge,
battle_bridge, and all 13 flavor text match blocks in content.rs.
Extend proto_personality test to cover proto values 1-11.

Regenerate npcdb.json with corrected integer enum values.
@github-actions github-actions bot changed the title Release: 7 features, 6 fixes, 1 refactor, 1 test, 2 chores → Main Release: 7 features, 7 fixes, 1 refactor, 1 test, 2 chores → Main Mar 17, 2026
@h0lybyte h0lybyte merged commit fb42e2d into main Mar 17, 2026
16 of 17 checks passed
@github-project-automation github-project-automation bot moved this from Review to Done in KBVE Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h0lybyte h0lybyte h0lybyte approved these changes

Assignees

No one assigned

Labels

auto-pr dev→main

Projects

KBVE
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h0lybyte