We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
Secrets Wallet Phase 3b R3a — keychain resolver logic (server v2.25.0) Home server cell → v2.25.0 + Last refreshed; Releases v2.25.0 row; Sessions-Log entry. resolve_keychain_entry + build_secret_provider; unwired pending the R3b cache-miss hook. Refs noetl/ai-meta#61
Secrets Wallet Phase 3b R2 — keychain secret-source model (server v2.24.0) Home server cell → v2.24.0 + Last refreshed; Releases v2.24.0 row; Sessions-Log entry. Typed provider/auth/map on KeychainDef + find_keychain; unwired pending R3. Refs noetl/ai-meta#61
Secrets Wallet Phase 3b R1 — server-side GCP Secret Manager client (server v2.23.0) Home server cell → v2.23.0 + Last refreshed; Releases v2.23.0 row; Sessions-Log entry. Resolution engine moved off the worker onto the server, unwired pending R2/R3. Refs noetl/ai-meta#61
Phase 3 redesign — standalone secrets tool removed (tools v2.19.2), resolution moves server-side Home tools cell → v2.19.2 + Last refreshed; Releases v2.19.1 (secret_manager drop) + v2.19.2 (tool removal) rows; Sessions-Log entry for the Phase 3 pivot. Refs noetl/ai-meta#61
Home: worker adopts noetl-tools 2.19.0 (worker#53) + secret-kind standardization note worker#53 (chore(deps), non-releasing) adopts noetl-tools 2.19.0 — kind-validated. Worker ecosystem cell + Last refreshed updated; secret tool kind standardized to one name 'secrets' (tools#30 + e2e/ops/travel). Refs noetl/ai-meta#61
Secrets Wallet Phase 3a landed — noetl-tools v2.19.0 GCP Secret Manager provider Home tools cell → v2.19.0 + #61 row (3a shipped) + Last refreshed; Releases v2.19.0 tools row; Sessions-Log entry. Next: worker adopts tools 2.19.0. Refs noetl/ai-meta#61
Umbrella-Secrets-Wallet: mark Phases 1+2 shipped, Phase 3a in flight Status line + Phased-plan table updated with ship markers (server v2.19.8– v2.22.0 for Phases 1+2; noetl/tools#29 for Phase 3a GCP Secret Manager). Refs noetl/ai-meta#61
Secrets Wallet Phase 2 shipped — GCP Cloud KMS KeyManager (server v2.22.0) KEK can leave the process: GcpKms via Cloud KMS :encrypt/:decrypt + Workload Identity; runtime NOETL_KMS_PROVIDER (local/gcp-kms); stored format provider-agnostic; kind-validated on local. Releases row + Home server cell + #61 status (Phases 1+2) + Releases preview + Last refreshed. Refs noetl/ai-meta#61.
Secrets Wallet Phase 1 complete — envelope encryption live (server v2.21.0) 1a fail-closed key (v2.19.8) + 1b envelope core (v2.20.0) + 1c/1d live wiring (v2.21.0). Credentials + keychain store per-record-DEK-wrapped-by-KEK self-describing blobs, forward-only, kind-validated end-to-end. Releases rows (v2.20.0 + v2.21.0) + Home server cell + #61 status (Phase 1 complete) + Releases preview + Last refreshed + Sessions-Log entry. Refs noetl/ai-meta#61.
Ecosystem map: tools v2.18.5 + worker adopts (dollar-quote splitter). Refs noetl/ai-meta#54
Secrets Wallet Phase 1a shipped (server v2.19.8) + dollar-quote splitter (tools v2.18.5) Releases rows + Home server cell v2.19.8 + Releases preview + Last refreshed. Refs noetl/ai-meta#61, noetl/ai-meta#54.
Secrets Wallet design: keychain = execution-scoped cache + sub-playbook inheritance Clarify (per user) that noetl.keychain is the per-execution-instance cache of resolved secrets / minted tokens (not a second store), envelope-encrypted with scope (local/shared/global) + TTL. Add the sub-playbook inheritance model: a child execution walks the parent_execution_id lineage chain and inherits the nearest shared/global entry (single refresh authority across the execution tree; local stays private). Lineage + region-local (residency wins over cache reuse). New phasing row 3a. Refs noetl/ai-meta#61.
Secrets Wallet (Rust) umbrella design — noetl/ai-meta#61 New security umbrella: a true wallet for the Rust stack. Today secrets are AES-GCM encrypted under a single static NOETL_ENCRYPTION_KEY (all-zeros default), no KMS/rotation/envelope, plaintext to workers over HTTP, env-only secret provider — fails security validation. Design doc (Umbrella-Secrets-Wallet): DEK-per-record + KEK-in-KMS envelope encryption; pluggable KMS (GCP/AWS/Azure/Vault) + secret providers (GCP SM / AWS SM / Azure KV / Vault / K8s / env); secret:// reference model; sealed (per-worker ephemeral key) + mTLS delivery; region-local brokers + residency policy + short-lived dynamic secrets; rotation + key versioning + audit. 8-phase plan, Rust-only. Phase 0 awaiting decisions. Home (umbrella row + count→Four + Last refreshed), Sessions-Log entry, _Sidebar link. Tracks noetl/ai-meta#61.
Rust-only regression rig: canonical v10 SQL + http config shapes (tools v2.18.4) - Sessions-Log: new entry for the regression sweep + the 3 config-shape fix classes (tools#24/#25/#26, worker#50/#51). - Releases: tools v2.18.3 + v2.18.4 rows; Last refreshed bumped. - Home: Last refreshed, Sessions + Releases previews, Ecosystem map tools→v2.18.4 / worker→2.18.4-lock, #54 umbrella status. - Umbrella-Rust-Server-Port: Recent-activity row + Next-steps R5 rig item + open loop_with_pagination server-side finding + artifact porting gap. Tracks noetl/ai-meta#54.
dashboard: postgres-tool observability — real SQLSTATE errors (tools v2.18.2 + worker#49) Closed the last credential/iterator follow-up — postgres tool surfaces real SQLSTATE + message instead of opaque "db error". Validated e2e on the Rust-only kind stack. - Home.md: Last refreshed; #54 row; ecosystem map tools v2.18.2 + worker noetl-tools-2.18.2 note; Sessions + Releases previews. - Sessions-Log.md: new 2026-06-05 postgres-observability entry. - Releases.md: tools v2.18.2 row. - Umbrella-Rust-Server-Port.md: R5 Tier 4 observability row.
dashboard: iterator_save_test GREEN — full v10 + credential + iterator-pipeline surface (server v2.19.7) server#73 (v2.19.7) defers task_sequence _prev/_results refs at command-build — iterator_save_test reaches playbook.completed and writes 3 rows to the real demo_noetl DB. Closes the credential + iterator + pipeline chain (server#71, worker#46, worker#48, server#73). - Home.md: Last refreshed; #54 row; ecosystem map + diagram server cell v2.19.7; Sessions + Releases previews. - Sessions-Log.md: new 2026-06-05 iterator_save_test-GREEN entry. - Releases.md: server v2.19.7 row. - Umbrella-Rust-Server-Port.md: R5 Tier 4 iterator_save_test-GREEN row.
dashboard: nested-pipeline credentials resolved (worker v5.11.3) + server#72 finding worker#48 (v5.11.3) closes the credential-path chain — nested task_sequence sub-task aliases now resolve; iterator_save_test's save_item connects to demo_noetl. Last blocker filed: server#72 (server pre-renders task_sequence _prev/_results refs to empty → malformed SQL). - Home.md: Last refreshed; #54 row; ecosystem map + diagram worker cell v5.11.3; Sessions + Releases previews. - Sessions-Log.md: new 2026-06-05 nested-credentials entry. - Releases.md: worker v5.11.3 row. - Umbrella-Rust-Server-Port.md: R5 Tier 4 nested-credentials row.
dashboard: keychain-credential path validated (server v2.19.6 + worker v5.11.2) R5 Tier 4 credential-path widening — 3-bug chain in the keychain subsystem; plain-step credential path proven end-to-end against the real demo_noetl DB. - Home.md: Last refreshed; #54 row credential-path note; ecosystem map + diagram version cells (server v2.19.6, worker v5.11.2); Sessions + Releases previews prepended. - Sessions-Log.md: new 2026-06-05 keychain-credential entry. - Releases.md: server v2.19.6 + worker v5.11.2 rows. - Umbrella-Rust-Server-Port.md: R5 Tier 4 credential-path row.
dashboard: v10 control-flow end-to-end on Rust-only (server v2.19.5 + worker v5.11.1 + tools v2.18.1) Phase F R5 Tier 4 — four v10 fixtures reach playbook.completed on the Rust-only kind stack after 7 fixes across server/worker/tools. - Home.md: Last refreshed 2026-06-05; #54 row updated; ecosystem map + architecture diagram version cells bumped; Sessions + Releases previews prepended. - Sessions-Log.md: new 2026-06-05 entry (7-fix inventory + 5-fixture validation table + pointer bumps). - Releases.md: server v2.19.5, worker v5.11.1, tools v2.18.1 rows. - Umbrella-Rust-Server-Port.md: R5 Tier 4 recent-activity row.
docs(wiki): correct forward-dated entries (2026-06-07 → 2026-06-04) Sweep across three wiki files; 38 occurrences corrected. Sessions-Log.md (14 entries), Releases.md (14 rows), Umbrella-Rust-Server-Port.md (10 rows) all had Phase F R3 + R4 work stamped with 2026-06-07. The introducing commits' author date was 2026-06-04 in every case — a previous agent session had a wrong "today's date" mental model and forward-dated by three days. User reported the visible mismatch on the wiki: https://github.com/noetl/ai-meta/wiki/Sessions-Log#2026-06-07-phase-f-r4-5--kind-validation-n2-shards-r4-complete Verified via `git log -S "<date string>" --date=short -- <file>`: - Phase F R3b-1 entry first appeared in 2170690 (author 2026-06-04). - Phase F R3b-2 entry first appeared in d66224b (author 2026-06-04). - Phase F R4-1 through R4-5 entries all in commits authored 2026-06-04. Future drift prevented by agents/rules/wiki-maintenance.md Rule 0a's new "Date discipline" section (committed in the same change set as the parent ai-meta repo).
docs(home): bring dashboard current — Active umbrellas + Recently closed + Ecosystem versions + Architecture for 2026-06-04 Home had drifted by ~2 weeks (last refreshed 2026-06-02 afternoon). Six Rust-only e2e fixes + cluster legacy cleanup landed since then with no Home update — exactly the failure mode the user flagged. Sections refreshed: - Last refreshed date (2026-06-02 → 2026-06-04). - Standing direction callout (Rust-only focus, per memory entry). - Active umbrellas: 5 → 3 (closed: 47, 48, 46; promoted: 54 R5). - Recently closed: list the 10 issues closed 2026-06-03 → 04 (#50, #51, #52, #53, #55, #56, #57, #58, #59, #60). - Ecosystem map versions: server 2.0.1 → 2.19.4; worker 5.9.0 → 5.11.0; tools 2.16.0 → 2.18.0; cli 4.8.0 → 4.9.0; gateway 2.14.1 → 3.2.0; noetl 4.8.0 → 4.12.1 (back-compat only). - Architecture diagram: kind cluster fully Rust (Python deploys retired this session); added v10 playbook compatibility closed-loop diagram showing the six interlocking fixes. - Sessions log preview: replaced 2026-06-01/02 entries with 2026-06-03/04 milestones. - Releases preview: server v2.19.0 → v2.19.4 + tools v2.17.1/ v2.18.0 + gateway v3.2.0. Triggered by user feedback that only Sessions-Log was being maintained — fixed in parallel by rule 0a tightening.
docs: Rust-only e2e complete + legacy cleanup — noetl/server v2.19.4 + noetl/tools chain control_flow_workbook runs FULLY end-to-end on the Rust-only stack — first NoETL playbook exercising the complete control-flow surface (workbook → python with result capture → conditional next.arcs → parallel branches → terminal) without touching Python. Five fixes shipped across three repos in one iteration: - noetl/tools#17 (v2.17.1) — PythonTool result-global capture - noetl/tools#18 (v2.18.0) — TaskSequenceTool runtime - noetl/worker#42 — Cargo.toml bump 2.16 → 2.18 - noetl/server#67 (v2.19.4) — orchestrator template context (expose step data at top level + capture call.done) - Kind cluster legacy cleanup (delete Python deployments + services + configmaps + SA) Closes noetl/ai-meta#60 (the umbrella; auto-closed via PR), noetl/tools#15, noetl/tools#16, noetl/server#66. - Releases.md: add v2.19.4 + v2.18.0 + v2.17.1 + worker bump rows (in chronological top-of-timeline order). - Sessions-Log.md: prepend 2026-06-04 entry covering the full iteration including kind cluster cleanup. - Umbrella-Rust-Server-Port.md: add the consolidated row above the prior v2.19.3 row.
docs: noetl/server v2.19.3 — pipeline + failure + workbook fixes shipped together Three orchestrator + parser fixes from the same e2e probe sequence on the Rust-only stack: - noetl/server#61 (Gap C — pipeline flat shape decode) - noetl/server#63 (Gap B — playbook.failed on command.failed) - noetl/server#65 (Gap A — tool.kind:workbook resolution) Closes noetl/ai-meta#57, #58, #59 (and their server sub-issues #60, #62, #64). - Releases.md: add v2.19.3 row consolidating the three fixes. - Sessions-Log.md: prepend session entry covering the probe sequence + fixes + follow-up gaps filed. - Umbrella-Rust-Server-Port.md: add the v2.19.3 row above the v2.19.2 row in chronological recent-activity order. Two noetl-tools follow-ups now tracked separately at noetl/cli#53 (task_sequence runtime) and noetl/cli#54 (PythonTool result capture) — independent rounds for noetl-tools work, not server.
docs: noetl/server v2.19.2 (v10 workload + input alias) + Rust-only direction - Releases.md: add v2.19.2 row for noetl/server#59. - Sessions-Log.md: prepend 2026-06-04 entry covering both the Rust-only standing direction and the v10 playbook compat fixes (input alias + workload merge). - Umbrella-Rust-Server-Port.md: add the v10 compat row above the EE-5 row in chronological recent-activity order. Closes noetl/ai-meta#56 (the umbrella; auto-closed via PR).
docs: noetl/server v2.19.1 (EE-5 lax decode) + Phase F R5 unblocker - Releases.md: add v2.19.1 row for noetl/server#57. - Sessions-Log.md: prepend 2026-06-04 session entry describing the Rust worker → Rust server execution_id wire-shape drift, root cause, fix, validation, and tracking trail. - Umbrella-Rust-Server-Port.md: add EE-5 follow-up row before the R4-5 row (chronological top-of-recent-activity). Closes noetl/ai-meta#55 (the umbrella; auto-closed via PR).
log: Phase F R4-5 shipped — R4 complete R4-5 kind validation landed via noetl/ops#160. Phase F R4 is end-to-end complete across noetl/server v2.13.0 -> v2.19.0 + noetl/ops validation script. noetl/server#48 closes. Only remaining Phase F round: R5 (production cutover; separate ops decision). Phase G (keychain-backed shards) deferred. Sessions-Log + Releases timeline + Umbrella-Rust-Server-Port all updated; Next-concrete-steps reframed around R5 + Phase G.
log: Phase F R4-4b shipped (server v2.19.0) R4-4b ExecutionService refactor + list fan-out landed via noetl/server#55 -> v2.19.0. In-server migration to DbPoolMap complete (R4-3 + R4-4 + R4-4b). R4-5 (kind validation N=2 shards) is the final R4 round. Sessions-Log + Releases timeline + Umbrella-Rust-Server-Port all updated in lockstep.
log: Phase F R4-4 shipped (server v2.18.0) R4-4 cross-shard fan-out + event_id resolver landed via noetl/server#54 -> v2.18.0. state.db now absent from entire src/ tree; R4-3 + R4-4 complete the handler-side migration. R4-4b (ExecutionService refactor + list fan-out) is the next slice; R4-5 is kind validation N=2. Sessions-Log + Releases timeline + Umbrella-Rust-Server-Port all updated in lockstep.
log: Phase F R4-3c shipped — R4-3 complete (server v2.17.0) R4-3c health.rs cutover landed via noetl/server#53 -> v2.17.0. R4-3 (per-execution handler cutover) complete across events.rs + execute.rs + health.rs. Only 2 state.db sites remain in the whole codebase, both event_id-keyed in events.rs, both TODO(R4-4). Sessions-Log + Releases timeline + Umbrella-Rust-Server-Port all updated in lockstep.
log: Phase F R4-3b shipped (server v2.16.0) R4-3b execute.rs cutover landed via noetl/server#52 -> v2.16.0. Clean 3+3 split: 3 catalog reads -> cluster(), 3 per-execution writes -> pool_for(execution_id). state.db absent from execute.rs. Sessions-Log + Releases timeline + Umbrella-Rust-Server-Port all updated in lockstep.