Releases: kj187/jarvis
Release list
v1.7.0
What's changed
Focus on multi-cluster support and faster incident triage: Alertmanager HA gossip clusters, a firing-pattern heatmap, one-click group silencing, and a new alerts overview for spotting what's on fire at a glance.
Added
- Alerts Overview — a Karma-style modal (pie-chart icon next to the view toggle) that breaks the current alert list down by label value, independent of any active filters. Click a value to instantly apply it as a filter.
- Firing-pattern heatmap on alert cards and the detail panel (24h / 7d / 30d ranges), so recurring alerts are visible at a glance.
- Alertmanager HA gossip cluster support — Jarvis now dedups alerts by fingerprint across cluster members instead of double-counting the same alert reported by multiple Alertmanager instances.
- Group Fast-Silence and a persistent bell action rail for one-click silencing of multiple alerts at once.
- Release workflow supports release-candidate (
-rc.N) tags for validating a batch of changes before a real release.
Fixed
- Silence matching now mirrors Alertmanager's anchored-regex semantics exactly, eliminating cases where the affected-alerts preview showed "0 affected" while Alertmanager silenced alerts anyway.
- Silence matchers are validated server-side, with Alertmanager rejections relayed to the user instead of failing silently.
- Group Fast-Silence scope corrected and covered with 100% test coverage.
- Editing a real regex silence matcher as tags no longer corrupts it — falls back to raw-text editing for patterns that can't round-trip.
- Removed per-client Alertmanager load: reads are served from poll snapshots instead of proxying every open browser tab, roughly halving Alertmanager CPU in a real deployment.
- WebSocket clients register synchronously, fixing events dropped immediately after connect.
- Fast-Silence menu redesigned with aligned submenu icons.
Changed
- Cluster health checks use the shared fallback refetch interval.
Full diff: v1.6.0...v1.7.0
Container image
docker pull ghcr.io/kj187/jarvis:1.7.0Digest: sha256:9eb5054a3741d44f7a1f2bc8576efcbace08131ed85ae7fa157d7a7b57c9cc5c
Verify image signature (cosign)
cosign verify ghcr.io/kj187/jarvis@sha256:9eb5054a3741d44f7a1f2bc8576efcbace08131ed85ae7fa157d7a7b57c9cc5c \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"Verify build provenance (GitHub attestation)
gh attestation verify oci://ghcr.io/kj187/jarvis:1.7.0 --repo kj187/jarvisHelm chart
helm install jarvis oci://ghcr.io/kj187/charts/jarvis --version 1.6.1Verify chart signature (cosign)
cosign verify ghcr.io/kj187/charts/jarvis:1.6.1 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"SBOM
The SPDX SBOM is attached to this release (sbom.spdx.json) and also
embedded in the image manifest (docker buildx imagetools inspect).
v1.7.0-rc.1
Pre-release build
Release candidate for the upcoming stable release. Not published as latest.
Commits since v1.6.0:
- feat(release): support pre-release (RC) tags in release workflow (#86) (1cca324)
- chore(deps): bump docker/metadata-action from 6.1.0 to 6.2.0 (#75) (db1ec9a)
- chore(deps): bump anchore/sbom-action/download-syft from 0.9.0 to 0.24.0 (#76) (90da0cd)
- chore(deps): bump docker/setup-buildx-action from 4.1.0 to 4.2.0 (#74) (9b2f0e4)
- chore(deps): bump docker/setup-qemu-action from 4.1.0 to 4.2.0 (#73) (94b4953)
- fix(backend): silence staticcheck SA5011 false positive in registry_test (#85) (cfeaa7f)
- chore(deps): bump docker/login-action from 4.2.0 to 4.4.0 (#72) (70eeac2)
- feat(alerts): firing-pattern heatmap for card + detail view (#84) (38881da)
- fix(silences): use shared fallback refetch interval for cluster health (#82) (c7568bd)
- docs: add Mermaid diagrams for lifecycle, OIDC login, and E2E stack (#81) (2369a7d)
- fix(alerts): redesign Fast-Silence menu, aligned submenu icon (#79) (80abb49)
- fix(silences): eliminate per-client Alertmanager load (#80) (359ab80)
- test(silences): add differential E2E specs against real Alertmanager (#71) (305b0b3)
- fix(silences): edit real regex matchers as raw text instead of corrupting them (#70) (09f8774)
- fix(silences): fix group Fast-Silence scope and reach 100% coverage (#69) (d1cf4d6)
- fix(silences): validate matchers server-side and relay AM rejections (#68) (eeec0f1)
- fix(silences): match Alertmanager's anchored-regex semantics exactly (#67) (bd58492)
- feat(alerts): add group Fast-Silence and persistent bell action rail (#61) (7991681)
- docs: make PR-only git workflow explicit with interactive gates for AI agents (#60) (51bd89c)
- feat(alerts): support Alertmanager HA gossip clusters with fingerprint dedup (#59) (ab8c372)
- docs: define project scope, add scope gate and issue-triage command (#58) (a221884)
- Merge pull request #57 from kj187/fix/ws-register-race (b4a9422)
- fix(ws): register clients synchronously to stop losing events after connect (85973ae)
Container image
docker pull ghcr.io/kj187/jarvis:1.7.0-rc.1Digest: sha256:c44c5e7c0126c1ca95daa9dad4884868e8c0c8d212b60303f4726ebea22b0989
Verify image signature (cosign)
cosign verify ghcr.io/kj187/jarvis@sha256:c44c5e7c0126c1ca95daa9dad4884868e8c0c8d212b60303f4726ebea22b0989 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"Verify build provenance (GitHub attestation)
gh attestation verify oci://ghcr.io/kj187/jarvis:1.7.0-rc.1 --repo kj187/jarvisHelm chart
helm install jarvis oci://ghcr.io/kj187/charts/jarvis --version 1.6.0Verify chart signature (cosign)
cosign verify ghcr.io/kj187/charts/jarvis:1.6.0 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"SBOM
The SPDX SBOM is attached to this release (sbom.spdx.json) and also
embedded in the image manifest (docker buildx imagetools inspect).
v1.6.0
What's changed
This release adds full Prometheus observability for Jarvis itself and hardens the project's supply chain — signed images and charts, SLSA provenance, DCO-enforced commits, and a PR-only main branch.
Added
- Prometheus metrics endpoint (
/metrics) — Jarvis now instruments itself: poll cycles, poll errors and duration (jarvis_poll_cycles_total,jarvis_poll_errors_total,jarvis_poll_duration_seconds), alert lifecycle events (jarvis_alert_events_total), per-cluster Alertmanager health (jarvis_cluster_up) and fetch latency (jarvis_cluster_fetch_duration_seconds), WebSocket broadcasts, and standard HTTP request metrics. See docs/metrics.md. - ServiceMonitor support in the Helm chart plus
prometheus.io/*scrape annotations, so Prometheus Operator and annotation-based setups can scrape Jarvis out of the box. - Go native fuzz targets for parser functions, run in CI.
Fixed
jarvis_alert_events_totalno longer drifts from the database: the recorder now counts exactly the events the store actually inserts, fixing missed re-fires after silence expiry and over-counting after restarts.- Alert event metrics carry a
clusterlabel, so you can tell which Alertmanager is flapping.
Security
- Container images and Helm charts are signed keylessly with cosign; releases publish SLSA build provenance (verifiable via
gh attestation verify) and an SPDX SBOM. - All commits require a DCO sign-off, enforced in CI;
mainis protected and PR-only with no bypass actors. - OpenSSF Scorecard runs continuously; GitHub Actions are SHA-pinned; a coordinated vulnerability disclosure policy with private reporting is in place (SECURITY.md).
Changed
- Helm chart versioning is decoupled from the app version; charts are published and signed by a dedicated workflow with an immutability guard.
- Frontend linting (ESLint flat config) is now a hard CI gate.
Full diff: v1.5.3...v1.6.0
Container image
docker pull ghcr.io/kj187/jarvis:1.6.0Digest: sha256:b83243e7dac532057e573900b5baa5434459aee7461957fe00ce791766ee56ba
Verify image signature (cosign)
cosign verify ghcr.io/kj187/jarvis@sha256:b83243e7dac532057e573900b5baa5434459aee7461957fe00ce791766ee56ba \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"Verify build provenance (GitHub attestation)
gh attestation verify oci://ghcr.io/kj187/jarvis:1.6.0 --repo kj187/jarvisHelm chart
helm install jarvis oci://ghcr.io/kj187/charts/jarvis --version 1.6.0Verify chart signature (cosign)
cosign verify ghcr.io/kj187/charts/jarvis:1.6.0 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"SBOM
The SPDX SBOM is attached to this release (sbom.spdx.json) and also
embedded in the image manifest (docker buildx imagetools inspect).
v1.5.3
Changelog
Fixed
- silences: strip backslashes from regex matchers on silence recreate
- api: log underlying alertmanager error on silence create/delete
- alerts: persist only unlocked label matchers to URL to prevent duplicates
- fix: update Alertmanager, Grafana, and Prometheus URLs to use localhost for local testing
Container Image
docker pull ghcr.io/kj187/jarvis:1.5.3Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:07fe1e0f46af2888fc23755302574f4444ab6a39b0690e59a586bc955b2143a0 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"v1.5.2
Changelog
Bug Fixes
- claims: increase claimReleaseDelay from 65 s to 20 min
Features
- frontend: collapse/expand AlertCard body and show claimed count badge
- frontend: replace pagination with expand/collapse in grouped alert cards
Container Image
docker pull ghcr.io/kj187/jarvis:1.5.2Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:9bdce11893f98edf44642a3a557eb95b83e4604ab76fe5fd7cd19d00091b006b \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"v1.5.1
Changelog
Bug Fixes
- silences: skip @receiver pseudo-label when filtering silences
Container Image
docker pull ghcr.io/kj187/jarvis:1.5.1Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:3a1817559c7b30ce964ed495617e703e9a685a51410f25829161a43f46dd8e90 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"v1.5.0
Highlights
Silences — rebuilt from scratch
The Silences page has been completely rewritten: card and list view, grouping, fullscreen mode, search, re-create expired silences, label color chips, and human-readable duration display.
Fullscreen mode
Alerts and Silences can now be switched to fullscreen — ideal for dashboards and monitoring displays.
Grouping toggle
New grouping toggle in card and list view for both Alerts and Silences: group by label or display completely flat — one click, persisted across sessions. The grouping label is configurable in settings — defaults to severity.
Reworked header
Filter and search controls have been moved out of the global header into their respective pages. Each page now owns its own controls.
Suppressed alerts toggle
New toggle to show or hide suppressed alerts — directly in the toolbar, persisted per session.
Claims & history
Claim owners can now edit their note after the fact — the full history remains immutable.
Performance
Server-side pagination for the detail timeline, connection reuse in the poll cycle, and deduplicated WebSocket broadcasts.
Changelog
Bug Fixes
- alerts: keep silence result visible after creating from a card
- alerts: scope history, claims, and comments by cluster
- claims: scope claims by cluster to prevent cross-cluster claim bleed
- docker: relabel gitleaks config mount for SELinux
- e2e: fix two screenshot spec selectors
- e2e: use e2e cluster for all silences in screenshot spec
- e2e: fix auth-login-page and auth-admin-panel screenshot specs
- e2e: remove ensureInternalAdmin from auth-login-page to avoid /setup rate limit
- e2e: fix auth-login-page firstRunRedirect and add 429 retry to ensureInternalAdmin
- e2e: stabilize CI image build for pnpm
- e2e: correct SSO button label in auth-login-oidc screenshot spec
- e2e: use alert-group-row testid to expand list view groups in screenshot spec
- frontend: remove creator name setting
- frontend: polish alert detail panel display
- frontend: improve claim badge in alert detail header
- frontend: restore Server icon on cluster chip in alert detail
- frontend: restore animated snake border on Claim button in alert detail
- frontend: simplify resolved list severity display
- frontend: use explicit Tailwind classes for link color in linkUtils
- frontend: widen empty matcher filter inputs
- frontend: stabilize detail prompt caching
- frontend: align nav tab labels and lower their vertical position
- frontend: restore active tab view mode after switching tabs
- silences: align card sections and compact list view
- silences: show add-filter control on Silences page
Chores
- deps: bump github.com/coreos/go-oidc/v3 in /backend
- deps: bump modernc.org/sqlite from 1.52.0 to 1.53.0 in /backend
- deps: bump github.com/labstack/echo/v4 in /backend
- deps: bump actions/setup-node from 4.4.0 to 6.4.0
- deps: bump docker/login-action from 3.7.0 to 4.2.0
- deps: bump docker/metadata-action from 5.10.0 to 6.1.0
- deps: bump actions/upload-artifact from 4.6.2 to 7.0.1
- deps: bump actions/checkout from 4.3.1 to 6.0.3
- deps-dev: bump @vitejs/plugin-react in /frontend
- docker: move Containerfile.dev to repo root, rename dev-dependencies compose
Code Refactoring
- frontend: split alert detail history sections
- frontend: extract filter controls into chip-based MatcherChipsBar
- frontend: move filter and search controls out of Header into pages
Documentation
- refresh README, CONTRIBUTING, testing docs, and screenshots
- extract feature documentation to docs/features.md
- assets: refresh screenshots after spec and selector fixes
- assets: fix screenshots that previously showed empty/broken state
- assets: add screenshots for fullscreen and dark/light theme
- commands: align command docs with current test, release and config setup
- helm: clarify PostgreSQL recommendation for Kubernetes
Features
- alerts: simplify affected-alerts display and open detail on click
- alerts: replace No alerts text with large empty-state icon
- alerts: show last-fired time in detail header
- claims: let claim owner edit note with immutable history
- docker: add healthcheck for backend service and ensure frontend waits for backend readiness
- docs: add Dark/Light Theme comparison and Fullscreen section
- e2e: add backend test fixtures for silences, comments, claims, templates
- frontend: add grouped toggle for card and list alerts
- frontend: add configurable alert grouping controls
- frontend: add UI store nav state and shared silence-count logic
- frontend: add suppressed alerts mode toggle
- frontend: make sheet dialogs accessible
- frontend: improve login and authenticated user icons
- frontend: add Silences page grouping, list view and fullscreen
- frontend: show login modal on all write actions when unauthenticated
- silences: add search functionality and fullscreen toggle to SilencesPage
- silences: show expired silence info box in card view
- silences: improve silence cards with re-create, label colors and duration formatting
- silences: make matcher and label chips truncatable
- testing: add E2E testing with Playwright and isolated Podman stack
Performance Improvements
- alerts: paginate detail timeline on server
- poll: reuse connections, batch claim lookups, dedup broadcasts
Tests
- api: broadcast claim over WS in e2e test endpoint
- api: relax poll rate limit in e2e builds
- e2e: align screenshot specs with docs image references
- e2e: fix alerts-views specs B4/B5/B9
- e2e: extend silences and search functional coverage
- e2e: cover silence actions and stabilize C11 filters
- e2e: add silences functional specs for page and templates
- e2e: add E2E specs for alerts views, detail panel, and filters
- e2e: fix screenshot specs and update docs for current UI
- e2e: add rich README hero screenshot spec in oidc mode
- e2e: add new spec files for extended functional coverage
- e2e: add Group 3 auth screenshot specs (login page, user menu, admin panel)
- e2e: fix detail-panel specs D2/D5/D9/D10
- e2e: cover silence expiry and recreate flows
- e2e: fix filters specs C10/C11
- e2e: harden silences page and complete F1 close flows
- e2e: fix flaky timing and extend write_protect coverage in existing specs
- frontend: add data-testid attributes for E2E selectors
- frontend: remove unit-test stack in favor of functional e2e
- silences: align SilenceCard and App tests with current behavior
Container Image
docker pull ghcr.io/kj187/jarvis:1.5.0Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:84daad955824bfed99ac4671c84aaa18ccaf7b85b5a45b8bc96f70a6156de271 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"v1.4.0
What's changed
v1.4.0 ships two major features: reusable Silence Templates and per-cluster upstream authentication against protected Alertmanager instances.
Highlights
Per-cluster Alertmanager upstream authentication
Jarvis can now authenticate against protected Alertmanager instances — configurable per cluster, token refresh handled automatically.
Supported methods: OAuth2 Client Credentials (with auto-refresh), Bearer Token, Basic Auth, Custom Headers.
# OAuth2 Client Credentials (e.g. Keycloak)
JARVIS_CLUSTER_1_AUTH_TYPE=oauth2_client_credentials
JARVIS_CLUSTER_1_AUTH_TOKEN_URL=https://keycloak.example.com/realms/ops/protocol/openid-connect/token
JARVIS_CLUSTER_1_AUTH_CLIENT_ID=jarvis
JARVIS_CLUSTER_1_AUTH_CLIENT_SECRET=secret
# Bearer Token
JARVIS_CLUSTER_1_AUTH_TYPE=bearer
JARVIS_CLUSTER_1_AUTH_TOKEN=eyJhbGci...
# Basic Auth
JARVIS_CLUSTER_1_AUTH_TYPE=basic
JARVIS_CLUSTER_1_AUTH_USERNAME=admin
JARVIS_CLUSTER_1_AUTH_PASSWORD=secret→ Full docs: docs/authentication-alertmanager.md
Silence Templates
Reusable matcher sets for recurring maintenance windows. Instead of re-entering the same matchers every time, save them once as a template and apply them with one click — useful whenever maintenance work requires multiple silences across different services or clusters on a regular basis.
Changelog
Bug Fixes
- api: log 4xx as WARN, 5xx as ERROR in request middleware
- auth: improve hydrate resilience on slow backend startup
- frontend: ensure CI environment variable is set in docker-compose
- frontend: make silence calendar month arrows clickable
Chores
- dev: improve docker-compose for file watching with polling support
- git: ignore build artifacts and npm lock file
Documentation
- frontend: add silence templates docs, screenshots, and fix test suite
Features
- alerts: store and filter all receivers in alert history
- api: add REST endpoints for silence template management (CRUD)
- auth: map OIDC claim value to admin role
- config: add per-cluster Alertmanager upstream authentication (#39 )
- frontend: add silence template management UI with tab interface
- frontend: add React Query hooks for silence templates
- frontend: add silence template types and API client
- frontend: show local timezone below silence time inputs
- silences: implement silence template CRUD store operations
- silences: add silence template data model and database schema
Full diff: v1.3.1...v1.4.0
Container Image
docker pull ghcr.io/kj187/jarvis:1.4.0Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:1453b4717b9fbee5c64f95eeb21bce9af93154155e3273eb913756235baf5352 \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"v1.3.1
Changelog
Bug Fixes
- helm: use Recreate update strategy when SQLite PVC enabled
Features
- helm: reject SQLite PVC with multiple replicas at deploy time
Container Image
docker pull ghcr.io/kj187/jarvis:1.3.1Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:a3bd2780eb4bde2d03bb2dd9d61663a2e8731fb19912093b813bd73557cb41bb \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"v1.3.0
Changelog
Silences overhaul: smarter UX, safer expire flow, and better debug control.
Added
- Expire confirmation modal — replacing the inline confirm buttons, every
expire action now opens a dialog showing full silence details (matchers,
affected alerts, Alertmanager ID link) before committing - Bulk expire — expiring multiple group silences at once goes through the
same modal with all affected silences listed JARVIS_LOG_REQUESTS— opt-in HTTP request logging (default off); useful
for debugging without polluting production logs- Silence extend buttons — shown for all active silences, not just expiring
ones - Inline affected alert preview in the silence form matcher section — see
which alerts match while building the silence
Fixed
- Silence form now receives all available clusters when opened from the detail
panel, not just the alert's own cluster getFilterableLabelsused correctly in the header filter dropdown- Cluster badge styling in
AlertDetailPanelcorrected - "Last fired" timestamp no longer wrong when Alertmanager sends a corrupted
startsAt NULLannotations column no longer crashes resolved alert scans in the DB- Cluster chips in the silence form always toggleable; zero-match warning
shown when no alerts match the selected cluster
Full diff: v1.2.0...v1.3.0
Container image: ghcr.io/kj187/jarvis:1.3.0
Container Image
docker pull ghcr.io/kj187/jarvis:1.3.0Verify with Cosign
cosign verify ghcr.io/kj187/jarvis@sha256:c38f80386b83f20502ccdda8310d5701a7b17b3a0e9d28c7ba6c1d8788e77dbb \
--certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com"