v1.222.0-rc.5

🚀 Enhancements

Fix AWS store auth and add Floci E2E coverage Erik Osterman (Cloud Posse) (@osterman) (#2625)

## what

• Fix AWS SSM/Secrets Manager store auth during hooks, describe, and secret commands, including inherited identities and secret-store access enforcement.
• Make slash kind notation canonical, add AWS store/secrets gists, document the fix, and add custom endpoint support for AWS, GCP Secret Manager, and Azure Key Vault.
• Add opt-in Floci E2E tests and CI coverage for AWS, GCP, and Azure store/secrets workflows.

why

• The reported SSM hook workflow could fall back to ambient AWS credentials or fail with a missing auth resolver even when the Terraform identity was valid.
• The feature needed full-circle examples plus emulator-backed regression coverage so AWS stores and declared secrets stay working across providers.

references

• No issue linked.

Summary by CodeRabbit

Release Notes

• New Features

  • Standardized store backends on canonical kind identifiers (legacy type supported as aliases) and added clearer secret scope: global documentation.
  • Added opt-in Floci-backed E2E coverage (AWS/GCP/Azure) and runnable AWS gist examples for declared secrets and store output loops.

• Bug Fixes

  • Fixed auth/credential resolver wiring for hook-driven and component inspection executions.
  • Enforced secret: true store read restrictions (!store/!store.get/atmos.Store now reject); improved endpoint handling with lazy client initialization.

• Documentation

  • Updated stores/secrets/function docs and added Floci testing guidance.

• CI & Tests

  • Toolchain bumps, Codecov upload runs only when coverage exists, and added a floci-go job to the release pipeline.

Fix use-version before command resolution Erik Osterman (Cloud Posse) (@osterman) (#2629)

## what

• Run explicit --use-version / ATMOS_USE_VERSION re-exec before Cobra resolves subcommands.
• Add regression coverage for env var, --use-version=..., and --use-version ... forms with commands unknown to the current binary.
• We also took the liberty of adding a few unrelated, test-only coverage improvements to satisfy Codecov; these do not change production behavior.

why

• Cobra rejected newly added commands before PersistentPreRun could switch Atmos versions.
• This restores the workflow for testing new commands from ref:, sha:, and PR Atmos builds.

references

• Closes #2624
• Tested with go test ./cmd -run 'UseVersion|UnknownSubcommand|ParseUseVersion' and go test ./pkg/version -run 'CheckAndReexec|UseVersion|RefVersion'.

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Improved handling of explicit version requests via --use-version or ATMOS_USE_VERSION, ensuring the correct Atmos version is selected earlier during startup—even when the command is not yet recognized.

• Tests

  • Expanded automated coverage for version re-execution timing, profiler and CLI override parsing, usage/path-resolution helpers, heatmap toggling, shell completion, docs link opening, color output modes, identity flag parsing, early --chdir, and packer error handling.
  • Added HTTP request/response tests for Grok, Ollama, and OpenAI chat clients.