Releases: NCNU-OpenSource/AADS
Releases · NCNU-OpenSource/AADS
Release list
v0.2.0
v0.2.0 — execution hardening + docs overhaul + org migration ExecutionProfile/PolicyCard, plan_sha256 drift detection, log-injection defence; full doc correction pass; repo+GHCR migration to NCNU-OpenSource; dashboard hardening; orphaned-code removal.
v0.1.6
fix(installer): fail fast with journal output when service won't start Previously the installer ran systemctl status (informational), then silently polled the HTTP API for 30 s before dying with a vague message. On status=226/NAMESPACE or similar failures the user had no actionable output and had to investigate manually. Now: after install.sh exits, wait up to 15 s for aads-agent.service to enter 'active'; if it doesn't, print the last 30 journal lines and die immediately with a clear message. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
v0.1.5
fix(agent): make all ReadWritePaths optional with '-' prefix /etc/nginx and /var/log/nginx lacked the '-' prefix, causing systemd to fail with status=226/NAMESPACE when nginx is not installed on the target. All service paths are now suppressed-if-missing so the agent starts regardless of which services are present on the host. Also remove 'After=nginx.service' — the agent doesn't depend on nginx being active, only on the network being online. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
v0.1.4
fix: harden image pulls for unstable networks
Repeated CloudFront EOFs on multi-GB image blobs were exhausting the
default retry budget. Root cause: re-running 'docker compose pull'
discards a partially-downloaded blob, so retrying the whole pull never
makes progress on a single large blob that drops mid-transfer.
Three lower-level fixes:
1. /etc/docker/daemon.json max-download-attempts=10 (merged via jq,
preserves existing settings like DNS) — Docker's own per-blob retry
inside a single pull, which DOES resume blob attempts
2. COMPOSE_PARALLEL_LIMIT=1 — serialize pulls so all bandwidth goes to
one blob, finishing it inside the connection's stable window
3. Bump script-level pull retries 5 -> 8
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
v0.1.3
fix: retry docker pull up to 5 times on network errors layer1-filter image is ~2.8 GB (includes PyTorch) and can hit transient EOF/network interrupts on slow or unstable connections. The pull step now retries up to 5 times with a 5s delay between attempts, showing the last error line on each failure. Auth errors (unauthorized/denied) still break immediately and fall through to the local-build fallback. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
v0.1.2
fix: fallback to local build when GHCR pull is unauthorized
GHCR packages default to private even for public repos, causing
'unauthorized' errors on fresh servers. bootstrap-server.sh now:
1. Tries docker compose pull from GHCR (fast, uses prebuilt images)
2. On unauthorized error: shallow-clones the public repo, copies the
already-generated .env, and runs docker compose up --build locally
3. All other pull errors still die with the original message
The fallback builds take ~5 min on first run but require no GHCR auth.
Users can permanently fix this by making the 6 GHCR packages public at
https://github.com/bs10081?tab=packages
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
v0.1.1
feat: add server curl|bash installer and bundle builder dist/install-server.sh — curl|bash entry point for the server: Downloads aads-server.tgz from GitHub Releases, extracts to ~/aads (or /opt/aads for root), then runs bootstrap-server.sh. Supports AADS_INSTALL_DIR and AADS_RELEASE_BASE_URL overrides. dist/build-server-bundle.sh — packages all server-side files into aads-server.tgz: docker-compose.prod.yaml, .env.example, config dirs (litellm, prometheus, grafana, layer0-collector, migrations), dist/ scripts, pi-agent/, and the prebuilt aads-agent.tgz so the dashboard can serve self-hosted agent installs out of the box. CI: release-assets job now also builds and attaches aads-server.tgz and install-server.sh alongside the existing agent assets. DEPLOYMENT.md: server section now leads with the HTTPS one-liner. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
v0.1.0
feat: add one-click installer and server Docker bundle On-Device Agent (curl|bash): - dist/install-agent.sh: interactive full installer — apt deps, downloads agent payload from server, runs pi-agent/install/install.sh, registers node via /api/agents/register, installs Alloy log forwarder - dist/build-agent-payload.sh: packages pi-agent/ into aads-agent.tgz - pi-agent/alloy/config.alloy.tmpl: Alloy config template with __NODE_ID__/__LOKI_URL__ placeholders filled at install time Server Docker bundle (prebuilt registry images): - docker-compose.prod.yaml: mirrors dev compose but pulls ghcr.io/bs10081/aads-* images; mounts ./dist into dashboard for self-serve agent installer downloads - dist/bootstrap-server.sh: interactive server bootstrap — generates secrets, writes .env, builds agent payload, compose pull+up, verifies DB, prints ready-to-paste agent install command - .github/workflows/build-images.yml: builds and pushes 6 service images to GHCR on tag push; attaches agent payload to releases Supporting changes: - dashboard/app.py: add /install-agent.sh and /aads-agent.tgz static routes so targets download payload from the server without external net - .env.example: add AADS_IMAGE_REGISTRY/TAG keys for prod compose - .gitignore: stop ignoring dist/ scripts; only ignore dist/aads-agent.tgz - DEPLOYMENT.md: rewrite for one-click server-first → agent flow - docs/lab-deploy-plan.md: track lab deploy plan (untracked file) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>