Skip to content

Releases: kj187/jarvis

v1.7.0

Choose a tag to compare

@kj187 kj187 released this 09 Jul 14:15
e7464f5

What's changed

Focus on multi-cluster support and faster incident triage: Alertmanager HA gossip clusters, a firing-pattern heatmap, one-click group silencing, and a new alerts overview for spotting what's on fire at a glance.

Added

  • Alerts Overview — a Karma-style modal (pie-chart icon next to the view toggle) that breaks the current alert list down by label value, independent of any active filters. Click a value to instantly apply it as a filter.
  • Firing-pattern heatmap on alert cards and the detail panel (24h / 7d / 30d ranges), so recurring alerts are visible at a glance.
  • Alertmanager HA gossip cluster support — Jarvis now dedups alerts by fingerprint across cluster members instead of double-counting the same alert reported by multiple Alertmanager instances.
  • Group Fast-Silence and a persistent bell action rail for one-click silencing of multiple alerts at once.
  • Release workflow supports release-candidate (-rc.N) tags for validating a batch of changes before a real release.

Fixed

  • Silence matching now mirrors Alertmanager's anchored-regex semantics exactly, eliminating cases where the affected-alerts preview showed "0 affected" while Alertmanager silenced alerts anyway.
  • Silence matchers are validated server-side, with Alertmanager rejections relayed to the user instead of failing silently.
  • Group Fast-Silence scope corrected and covered with 100% test coverage.
  • Editing a real regex silence matcher as tags no longer corrupts it — falls back to raw-text editing for patterns that can't round-trip.
  • Removed per-client Alertmanager load: reads are served from poll snapshots instead of proxying every open browser tab, roughly halving Alertmanager CPU in a real deployment.
  • WebSocket clients register synchronously, fixing events dropped immediately after connect.
  • Fast-Silence menu redesigned with aligned submenu icons.

Changed

  • Cluster health checks use the shared fallback refetch interval.

Full diff: v1.6.0...v1.7.0


Container image

docker pull ghcr.io/kj187/jarvis:1.7.0

Digest: sha256:9eb5054a3741d44f7a1f2bc8576efcbace08131ed85ae7fa157d7a7b57c9cc5c

Verify image signature (cosign)

cosign verify ghcr.io/kj187/jarvis@sha256:9eb5054a3741d44f7a1f2bc8576efcbace08131ed85ae7fa157d7a7b57c9cc5c \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

Verify build provenance (GitHub attestation)

gh attestation verify oci://ghcr.io/kj187/jarvis:1.7.0 --repo kj187/jarvis

Helm chart

helm install jarvis oci://ghcr.io/kj187/charts/jarvis --version 1.6.1

Verify chart signature (cosign)

cosign verify ghcr.io/kj187/charts/jarvis:1.6.1 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SBOM

The SPDX SBOM is attached to this release (sbom.spdx.json) and also
embedded in the image manifest (docker buildx imagetools inspect).

v1.7.0-rc.1

v1.7.0-rc.1 Pre-release
Pre-release

Choose a tag to compare

@kj187 kj187 released this 08 Jul 20:44
1cca324

Pre-release build

Release candidate for the upcoming stable release. Not published as latest.

Commits since v1.6.0:

  • feat(release): support pre-release (RC) tags in release workflow (#86) (1cca324)
  • chore(deps): bump docker/metadata-action from 6.1.0 to 6.2.0 (#75) (db1ec9a)
  • chore(deps): bump anchore/sbom-action/download-syft from 0.9.0 to 0.24.0 (#76) (90da0cd)
  • chore(deps): bump docker/setup-buildx-action from 4.1.0 to 4.2.0 (#74) (9b2f0e4)
  • chore(deps): bump docker/setup-qemu-action from 4.1.0 to 4.2.0 (#73) (94b4953)
  • fix(backend): silence staticcheck SA5011 false positive in registry_test (#85) (cfeaa7f)
  • chore(deps): bump docker/login-action from 4.2.0 to 4.4.0 (#72) (70eeac2)
  • feat(alerts): firing-pattern heatmap for card + detail view (#84) (38881da)
  • fix(silences): use shared fallback refetch interval for cluster health (#82) (c7568bd)
  • docs: add Mermaid diagrams for lifecycle, OIDC login, and E2E stack (#81) (2369a7d)
  • fix(alerts): redesign Fast-Silence menu, aligned submenu icon (#79) (80abb49)
  • fix(silences): eliminate per-client Alertmanager load (#80) (359ab80)
  • test(silences): add differential E2E specs against real Alertmanager (#71) (305b0b3)
  • fix(silences): edit real regex matchers as raw text instead of corrupting them (#70) (09f8774)
  • fix(silences): fix group Fast-Silence scope and reach 100% coverage (#69) (d1cf4d6)
  • fix(silences): validate matchers server-side and relay AM rejections (#68) (eeec0f1)
  • fix(silences): match Alertmanager's anchored-regex semantics exactly (#67) (bd58492)
  • feat(alerts): add group Fast-Silence and persistent bell action rail (#61) (7991681)
  • docs: make PR-only git workflow explicit with interactive gates for AI agents (#60) (51bd89c)
  • feat(alerts): support Alertmanager HA gossip clusters with fingerprint dedup (#59) (ab8c372)
  • docs: define project scope, add scope gate and issue-triage command (#58) (a221884)
  • Merge pull request #57 from kj187/fix/ws-register-race (b4a9422)
  • fix(ws): register clients synchronously to stop losing events after connect (85973ae)

Container image

docker pull ghcr.io/kj187/jarvis:1.7.0-rc.1

Digest: sha256:c44c5e7c0126c1ca95daa9dad4884868e8c0c8d212b60303f4726ebea22b0989

Verify image signature (cosign)

cosign verify ghcr.io/kj187/jarvis@sha256:c44c5e7c0126c1ca95daa9dad4884868e8c0c8d212b60303f4726ebea22b0989 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

Verify build provenance (GitHub attestation)

gh attestation verify oci://ghcr.io/kj187/jarvis:1.7.0-rc.1 --repo kj187/jarvis

Helm chart

helm install jarvis oci://ghcr.io/kj187/charts/jarvis --version 1.6.0

Verify chart signature (cosign)

cosign verify ghcr.io/kj187/charts/jarvis:1.6.0 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SBOM

The SPDX SBOM is attached to this release (sbom.spdx.json) and also
embedded in the image manifest (docker buildx imagetools inspect).

v1.6.0

Choose a tag to compare

@kj187 kj187 released this 04 Jul 14:21
3560128

What's changed

This release adds full Prometheus observability for Jarvis itself and hardens the project's supply chain — signed images and charts, SLSA provenance, DCO-enforced commits, and a PR-only main branch.

Added

  • Prometheus metrics endpoint (/metrics) — Jarvis now instruments itself: poll cycles, poll errors and duration (jarvis_poll_cycles_total, jarvis_poll_errors_total, jarvis_poll_duration_seconds), alert lifecycle events (jarvis_alert_events_total), per-cluster Alertmanager health (jarvis_cluster_up) and fetch latency (jarvis_cluster_fetch_duration_seconds), WebSocket broadcasts, and standard HTTP request metrics. See docs/metrics.md.
  • ServiceMonitor support in the Helm chart plus prometheus.io/* scrape annotations, so Prometheus Operator and annotation-based setups can scrape Jarvis out of the box.
  • Go native fuzz targets for parser functions, run in CI.

Fixed

  • jarvis_alert_events_total no longer drifts from the database: the recorder now counts exactly the events the store actually inserts, fixing missed re-fires after silence expiry and over-counting after restarts.
  • Alert event metrics carry a cluster label, so you can tell which Alertmanager is flapping.

Security

  • Container images and Helm charts are signed keylessly with cosign; releases publish SLSA build provenance (verifiable via gh attestation verify) and an SPDX SBOM.
  • All commits require a DCO sign-off, enforced in CI; main is protected and PR-only with no bypass actors.
  • OpenSSF Scorecard runs continuously; GitHub Actions are SHA-pinned; a coordinated vulnerability disclosure policy with private reporting is in place (SECURITY.md).

Changed

  • Helm chart versioning is decoupled from the app version; charts are published and signed by a dedicated workflow with an immutability guard.
  • Frontend linting (ESLint flat config) is now a hard CI gate.

Full diff: v1.5.3...v1.6.0


Container image

docker pull ghcr.io/kj187/jarvis:1.6.0

Digest: sha256:b83243e7dac532057e573900b5baa5434459aee7461957fe00ce791766ee56ba

Verify image signature (cosign)

cosign verify ghcr.io/kj187/jarvis@sha256:b83243e7dac532057e573900b5baa5434459aee7461957fe00ce791766ee56ba \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

Verify build provenance (GitHub attestation)

gh attestation verify oci://ghcr.io/kj187/jarvis:1.6.0 --repo kj187/jarvis

Helm chart

helm install jarvis oci://ghcr.io/kj187/charts/jarvis --version 1.6.0

Verify chart signature (cosign)

cosign verify ghcr.io/kj187/charts/jarvis:1.6.0 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SBOM

The SPDX SBOM is attached to this release (sbom.spdx.json) and also
embedded in the image manifest (docker buildx imagetools inspect).

v1.5.3

Choose a tag to compare

@kj187 kj187 released this 30 Jun 11:51

Changelog

Fixed

  • silences: strip backslashes from regex matchers on silence recreate
  • api: log underlying alertmanager error on silence create/delete
  • alerts: persist only unlocked label matchers to URL to prevent duplicates
  • fix: update Alertmanager, Grafana, and Prometheus URLs to use localhost for local testing

Container Image

docker pull ghcr.io/kj187/jarvis:1.5.3

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:07fe1e0f46af2888fc23755302574f4444ab6a39b0690e59a586bc955b2143a0 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

v1.5.2

Choose a tag to compare

@kj187 kj187 released this 29 Jun 15:16

Changelog

Bug Fixes

  • claims: increase claimReleaseDelay from 65 s to 20 min

Features

  • frontend: collapse/expand AlertCard body and show claimed count badge
  • frontend: replace pagination with expand/collapse in grouped alert cards


Container Image

docker pull ghcr.io/kj187/jarvis:1.5.2

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:9bdce11893f98edf44642a3a557eb95b83e4604ab76fe5fd7cd19d00091b006b \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

v1.5.1

Choose a tag to compare

@kj187 kj187 released this 29 Jun 05:41

Changelog

Bug Fixes

  • silences: skip @receiver pseudo-label when filtering silences


Container Image

docker pull ghcr.io/kj187/jarvis:1.5.1

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:3a1817559c7b30ce964ed495617e703e9a685a51410f25829161a43f46dd8e90 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

v1.5.0

Choose a tag to compare

@kj187 kj187 released this 26 Jun 11:31

Highlights

Silences — rebuilt from scratch

The Silences page has been completely rewritten: card and list view, grouping, fullscreen mode, search, re-create expired silences, label color chips, and human-readable duration display.

Fullscreen mode

Alerts and Silences can now be switched to fullscreen — ideal for dashboards and monitoring displays.

Grouping toggle

New grouping toggle in card and list view for both Alerts and Silences: group by label or display completely flat — one click, persisted across sessions. The grouping label is configurable in settings — defaults to severity.

Reworked header

Filter and search controls have been moved out of the global header into their respective pages. Each page now owns its own controls.

Suppressed alerts toggle

New toggle to show or hide suppressed alerts — directly in the toolbar, persisted per session.

Claims & history

Claim owners can now edit their note after the fact — the full history remains immutable.

Performance

Server-side pagination for the detail timeline, connection reuse in the poll cycle, and deduplicated WebSocket broadcasts.

Changelog

Bug Fixes

  • alerts: keep silence result visible after creating from a card
  • alerts: scope history, claims, and comments by cluster
  • claims: scope claims by cluster to prevent cross-cluster claim bleed
  • docker: relabel gitleaks config mount for SELinux
  • e2e: fix two screenshot spec selectors
  • e2e: use e2e cluster for all silences in screenshot spec
  • e2e: fix auth-login-page and auth-admin-panel screenshot specs
  • e2e: remove ensureInternalAdmin from auth-login-page to avoid /setup rate limit
  • e2e: fix auth-login-page firstRunRedirect and add 429 retry to ensureInternalAdmin
  • e2e: stabilize CI image build for pnpm
  • e2e: correct SSO button label in auth-login-oidc screenshot spec
  • e2e: use alert-group-row testid to expand list view groups in screenshot spec
  • frontend: remove creator name setting
  • frontend: polish alert detail panel display
  • frontend: improve claim badge in alert detail header
  • frontend: restore Server icon on cluster chip in alert detail
  • frontend: restore animated snake border on Claim button in alert detail
  • frontend: simplify resolved list severity display
  • frontend: use explicit Tailwind classes for link color in linkUtils
  • frontend: widen empty matcher filter inputs
  • frontend: stabilize detail prompt caching
  • frontend: align nav tab labels and lower their vertical position
  • frontend: restore active tab view mode after switching tabs
  • silences: align card sections and compact list view
  • silences: show add-filter control on Silences page

Chores

  • deps: bump github.com/coreos/go-oidc/v3 in /backend
  • deps: bump modernc.org/sqlite from 1.52.0 to 1.53.0 in /backend
  • deps: bump github.com/labstack/echo/v4 in /backend
  • deps: bump actions/setup-node from 4.4.0 to 6.4.0
  • deps: bump docker/login-action from 3.7.0 to 4.2.0
  • deps: bump docker/metadata-action from 5.10.0 to 6.1.0
  • deps: bump actions/upload-artifact from 4.6.2 to 7.0.1
  • deps: bump actions/checkout from 4.3.1 to 6.0.3
  • deps-dev: bump @vitejs/plugin-react in /frontend
  • docker: move Containerfile.dev to repo root, rename dev-dependencies compose

Code Refactoring

  • frontend: split alert detail history sections
  • frontend: extract filter controls into chip-based MatcherChipsBar
  • frontend: move filter and search controls out of Header into pages

Documentation

  • refresh README, CONTRIBUTING, testing docs, and screenshots
  • extract feature documentation to docs/features.md
  • assets: refresh screenshots after spec and selector fixes
  • assets: fix screenshots that previously showed empty/broken state
  • assets: add screenshots for fullscreen and dark/light theme
  • commands: align command docs with current test, release and config setup
  • helm: clarify PostgreSQL recommendation for Kubernetes

Features

  • alerts: simplify affected-alerts display and open detail on click
  • alerts: replace No alerts text with large empty-state icon
  • alerts: show last-fired time in detail header
  • claims: let claim owner edit note with immutable history
  • docker: add healthcheck for backend service and ensure frontend waits for backend readiness
  • docs: add Dark/Light Theme comparison and Fullscreen section
  • e2e: add backend test fixtures for silences, comments, claims, templates
  • frontend: add grouped toggle for card and list alerts
  • frontend: add configurable alert grouping controls
  • frontend: add UI store nav state and shared silence-count logic
  • frontend: add suppressed alerts mode toggle
  • frontend: make sheet dialogs accessible
  • frontend: improve login and authenticated user icons
  • frontend: add Silences page grouping, list view and fullscreen
  • frontend: show login modal on all write actions when unauthenticated
  • silences: add search functionality and fullscreen toggle to SilencesPage
  • silences: show expired silence info box in card view
  • silences: improve silence cards with re-create, label colors and duration formatting
  • silences: make matcher and label chips truncatable
  • testing: add E2E testing with Playwright and isolated Podman stack

Performance Improvements

  • alerts: paginate detail timeline on server
  • poll: reuse connections, batch claim lookups, dedup broadcasts

Tests

  • api: broadcast claim over WS in e2e test endpoint
  • api: relax poll rate limit in e2e builds
  • e2e: align screenshot specs with docs image references
  • e2e: fix alerts-views specs B4/B5/B9
  • e2e: extend silences and search functional coverage
  • e2e: cover silence actions and stabilize C11 filters
  • e2e: add silences functional specs for page and templates
  • e2e: add E2E specs for alerts views, detail panel, and filters
  • e2e: fix screenshot specs and update docs for current UI
  • e2e: add rich README hero screenshot spec in oidc mode
  • e2e: add new spec files for extended functional coverage
  • e2e: add Group 3 auth screenshot specs (login page, user menu, admin panel)
  • e2e: fix detail-panel specs D2/D5/D9/D10
  • e2e: cover silence expiry and recreate flows
  • e2e: fix filters specs C10/C11
  • e2e: harden silences page and complete F1 close flows
  • e2e: fix flaky timing and extend write_protect coverage in existing specs
  • frontend: add data-testid attributes for E2E selectors
  • frontend: remove unit-test stack in favor of functional e2e
  • silences: align SilenceCard and App tests with current behavior


Container Image

docker pull ghcr.io/kj187/jarvis:1.5.0

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:84daad955824bfed99ac4671c84aaa18ccaf7b85b5a45b8bc96f70a6156de271 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

v1.4.0

Choose a tag to compare

@kj187 kj187 released this 22 Jun 18:54

What's changed

v1.4.0 ships two major features: reusable Silence Templates and per-cluster upstream authentication against protected Alertmanager instances.

Highlights

Per-cluster Alertmanager upstream authentication

Jarvis can now authenticate against protected Alertmanager instances — configurable per cluster, token refresh handled automatically.

Supported methods: OAuth2 Client Credentials (with auto-refresh), Bearer Token, Basic Auth, Custom Headers.

# OAuth2 Client Credentials (e.g. Keycloak)
JARVIS_CLUSTER_1_AUTH_TYPE=oauth2_client_credentials
JARVIS_CLUSTER_1_AUTH_TOKEN_URL=https://keycloak.example.com/realms/ops/protocol/openid-connect/token
JARVIS_CLUSTER_1_AUTH_CLIENT_ID=jarvis
JARVIS_CLUSTER_1_AUTH_CLIENT_SECRET=secret

# Bearer Token
JARVIS_CLUSTER_1_AUTH_TYPE=bearer
JARVIS_CLUSTER_1_AUTH_TOKEN=eyJhbGci...

# Basic Auth
JARVIS_CLUSTER_1_AUTH_TYPE=basic
JARVIS_CLUSTER_1_AUTH_USERNAME=admin
JARVIS_CLUSTER_1_AUTH_PASSWORD=secret

→ Full docs: docs/authentication-alertmanager.md


Silence Templates

Reusable matcher sets for recurring maintenance windows. Instead of re-entering the same matchers every time, save them once as a template and apply them with one click — useful whenever maintenance work requires multiple silences across different services or clusters on a regular basis.

Changelog

Bug Fixes

  • api: log 4xx as WARN, 5xx as ERROR in request middleware
  • auth: improve hydrate resilience on slow backend startup
  • frontend: ensure CI environment variable is set in docker-compose
  • frontend: make silence calendar month arrows clickable

Chores

  • dev: improve docker-compose for file watching with polling support
  • git: ignore build artifacts and npm lock file

Documentation

  • frontend: add silence templates docs, screenshots, and fix test suite

Features

  • alerts: store and filter all receivers in alert history
  • api: add REST endpoints for silence template management (CRUD)
  • auth: map OIDC claim value to admin role
  • config: add per-cluster Alertmanager upstream authentication (#39 )
  • frontend: add silence template management UI with tab interface
  • frontend: add React Query hooks for silence templates
  • frontend: add silence template types and API client
  • frontend: show local timezone below silence time inputs
  • silences: implement silence template CRUD store operations
  • silences: add silence template data model and database schema

Full diff: v1.3.1...v1.4.0


Container Image

docker pull ghcr.io/kj187/jarvis:1.4.0

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:1453b4717b9fbee5c64f95eeb21bce9af93154155e3273eb913756235baf5352 \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

v1.3.1

Choose a tag to compare

@kj187 kj187 released this 19 Jun 08:22

Changelog

Bug Fixes

  • helm: use Recreate update strategy when SQLite PVC enabled

Features

  • helm: reject SQLite PVC with multiple replicas at deploy time


Container Image

docker pull ghcr.io/kj187/jarvis:1.3.1

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:a3bd2780eb4bde2d03bb2dd9d61663a2e8731fb19912093b813bd73557cb41bb \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

v1.3.0

Choose a tag to compare

@kj187 kj187 released this 19 Jun 07:46

Changelog

Silences overhaul: smarter UX, safer expire flow, and better debug control.

Added

  • Expire confirmation modal — replacing the inline confirm buttons, every
    expire action now opens a dialog showing full silence details (matchers,
    affected alerts, Alertmanager ID link) before committing
  • Bulk expire — expiring multiple group silences at once goes through the
    same modal with all affected silences listed
  • JARVIS_LOG_REQUESTS — opt-in HTTP request logging (default off); useful
    for debugging without polluting production logs
  • Silence extend buttons — shown for all active silences, not just expiring
    ones
  • Inline affected alert preview in the silence form matcher section — see
    which alerts match while building the silence

Fixed

  • Silence form now receives all available clusters when opened from the detail
    panel, not just the alert's own cluster
  • getFilterableLabels used correctly in the header filter dropdown
  • Cluster badge styling in AlertDetailPanel corrected
  • "Last fired" timestamp no longer wrong when Alertmanager sends a corrupted
    startsAt
  • NULL annotations column no longer crashes resolved alert scans in the DB
  • Cluster chips in the silence form always toggleable; zero-match warning
    shown when no alerts match the selected cluster

Full diff: v1.2.0...v1.3.0
Container image: ghcr.io/kj187/jarvis:1.3.0


Container Image

docker pull ghcr.io/kj187/jarvis:1.3.0

Verify with Cosign

cosign verify ghcr.io/kj187/jarvis@sha256:c38f80386b83f20502ccdda8310d5701a7b17b3a0e9d28c7ba6c1d8788e77dbb \
  --certificate-identity-regexp="https://github.com/kj187/jarvis/.*" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"