v2026.5.17

[2026.5.17] — 2026-05-24

Release-critical CI runner hardening patch. This release supersedes v2026.5.16, whose signed tag was pushed but whose tag CI failed before repository checkout because the teroknor Docker runner could not pull docker.gitea.com/runner-images:ubuntu-latest for the pre-release validation job. It keeps the v2026.5.16 documentation sync and moves release-critical tag jobs onto the already-proven titan release runner.

Fixed

• Release-critical jobs no longer depend on the teroknor Docker runner image pull (#369): prerelease-gate, release-binaries-mutsu, release-attach, and github-release-sync now run on titan, matching the build/test/docker/E2E release lane that was already active in the same tag pipeline. The non-blocking security scan remains on teroknor with continue-on-error: true.

Documentation

• Release announcement: docs/releases/v2026.5.17.md documents the blocked v2026.5.16 tag, the release workflow hardening, and the superseding release path.

Operator notes

• agentic-mgmt, sandboxctl, and agent-client bump to 2026.5.17.
• v2026.5.16 is superseded: the tag was signed and pushed to both Gitea and GitHub, but tag CI run 639 failed before checkout in Pre-release Validation due to an upstream runner image pull HTTP 500. Do not treat v2026.5.16 as the clean published release.
• No runtime behavior change beyond v2026.5.16: this patch carries the documentation sync from v2026.5.16 plus release workflow hardening so publication can run from a fixed tagged commit.
• Release publication gate remains intact: Gitea release attachment, crates.io publication, GitHub release mirroring, and public registry mirroring still wait for release-blocking tag CI and E2E.

Issues closed

• #369 - release-critical tag jobs depend on teroknor docker runner image pull.
• #370 - prepare v2026.5.17 to supersede blocked v2026.5.16 tag.

v2026.5.3

First artifact-bearing release. This is the release the v2026.5.1 and v2026.5.2 source-only notices pointed at. The release pipeline now produces versioned binary tarballs (x86_64-linux-gnu + x86_64-linux-musl + aarch64-apple-darwin + aarch64-unknown-linux-gnu) with SHA256SUMS, version-stamped container images, and (when operator secrets are provisioned) cargo publish, multi-registry push, SBOM, and signed artifacts. CI is green on titan/teroknor/mutsu — never on the workstation runner.

Release pipeline went from "creates a release page in 3 seconds, no artifacts" to a full multi-architecture build with explicit gates. The bulk of this release is CI work, plus one runtime-visible dependency swap (rustls).

Highlights

What changed	Why you care
Release pipeline produces real artifacts	Tag push → prerelease-gate validates → 4 platform builds run in parallel → tarballs + SHA256SUMS attach to the Gitea release. Aarch64 builds happen on a Mac Mini via SSH-from-Linux-runner.
HTTP + WebSocket stacks switched to rustls	reqwest and tokio-tungstenite no longer pull native-tls / system OpenSSL. Pure-Rust TLS stack; cleanly cross-compiles. No runtime behavior change for clients.
CI runner re-routing	Every workflow job now targets titan (heavy build) or teroknor (light/network) by explicit label. Zero runs-on: self-hosted remains — workstation runners stop receiving CI work.
Per-release container tags	Internal registry now carries :v<version> tags on every release alongside :latest and :<sha>. Pinning to a release is finally possible.
Single-shot version bump tooling	scripts/bump-version.sh <version> updates 3 Cargo.toml + 3 Cargo.lock + inserts new CHANGELOG section + footer link in one command. Replaces the manual edit dance.

Added

• release-binaries matrix in ci.yaml (#297) — tag-only job that builds agentic-mgmt, agent-client, sandboxctl for x86_64-unknown-linux-gnu (full set), and agent-client + sandboxctl for x86_64-unknown-linux-musl (the management crate is excluded for musl — agentic-mgmt hard-links to system libvirt and no musl-compatible libvirt sysroot exists; same exclusion as aarch64-linux). Packages each as agentic-sandbox-vX.Y.Z-<arch>-<libc>.tar.gz, generates per-file .sha256 sidecars plus an aggregated SHA256SUMS, uploads as workflow artifacts.
• release-binaries-mutsu job — aarch64-apple-darwin (native Mac build) and aarch64-unknown-linux-gnu (cross-compiled via cargo-zigbuild) built by SSHing from a Linux runner to mutsu (Apple M4). Matches the proven fortemi/publish-sidecar.yml pattern; avoids the known reverse-proxy / gRPC task-fetch failure mode of native runs-on: mutsu. Gated on MUTSU_SSH_KEY secret with skip-with-warning when absent. Both mutsu tarballs exclude agentic-mgmt — it hard-links to libvirt via the virt FFI crate, and neither macOS nor aarch64-linux has a usable libvirt sysroot on the build host. Tarballs include a MGMT_EXCLUDED.txt note.
• release-attach job — consolidates release creation into ci.yaml. Downloads matrix artifacts, aggregates a canonical SHA256SUMS, re-verifies Cargo + CHANGELOG (defense-in-depth), creates the Gitea release, attaches every tarball + checksum file as release assets. Replaces gitea-release.yaml (deleted).
• prerelease-gate job (#295) — verifies all three Cargo.toml versions match the tag base AND CHANGELOG.md has a matching ## [<version>] section. Tag-only; gates release-binaries and release-binaries-mutsu.
• :v<version> container tags (#305) — docker job now emits :latest, :<sha>, AND :v<version> on tag pushes for all 6 images (mgmt, agent-client, agent, claude, codex, opencode).
• tags: ['v*'] added to ci.yaml triggers (#304) — the full pipeline now runs against the tag commit, not just the prior branch commit.
• cargo-publish job (#296, secret-gated) — publishes agent-rs, management, cli to crates.io in dep order with --dry-run first. Skip-with-warning when CARGO_REGISTRY_TOKEN not configured.
• multi-registry-push job (#299, secret-gated per registry) — mirrors all 6 release-tagged images to ghcr.io/<owner>/* and quay.io/<user>/*. Each registry gates independently on its credentials.
• sign-and-sbom job (#300, secret-gated per capability) — GPG-signs binary tarballs (.asc detached), cosign-signs container images, generates per-tarball SBOM (CycloneDX via syft). Each capability gates independently.
• github-release-sync job (#306, secret-gated) — idempotent gh release create/edit mirroring the Gitea release to jmagly/agentic-sandbox with tarballs + notes.
• scripts/bump-version.sh (#301) — CalVer validation (no leading zeros), dirty-tree refusal, idempotency check, updates 3 Cargo.toml + 3 Cargo.lock, inserts new CHANGELOG section with placeholders, updates Unreleased compare-link and inserts the new version's compare-link.
• docs/releases/runbook.md — end-to-end release procedure with required-secrets table, rollback procedure, and runner-assignment table.
• docs/architecture/release-pipeline-audit.md — full inventory of every .gitea/workflows/*.{yml,yaml} workflow, ASCII diagram of the tag-push flow, 4-phase remediation plan, and acceptance criteria for a "fixed" pipeline.
• docs/architecture/aarch64-build-runner-plan.md — mutsu (Mac Mini) inventory, three architectural options (native Mac + cross-build / Linux VM on Mac / port runtime to macOS), recommendation, and bootstrap procedure.
• Ubuntu 24.04.3 pinned in iso-pins.json — sha256 verified against the GPG-signed SHA256SUMS from releases.ubuntu.com.

Changed

• HTTP client stack: reqwest switched from native-tls to rustls (#311, commit c39c6c9). cli, management, and agentic-sandbox-executor now use reqwest = { default-features = false, features = ["json", "rustls-tls"] }. tonic 0.12's tls feature was already rustls-backed — no change there.
• WebSocket client: tokio-tungstenite switched from native-tls to rustls-tls-webpki-roots (commit c39c6c9). Drops the implicit system OpenSSL dep that blocked aarch64-linux cross-compile.
• agentic-sandbox-executor pins openssl = { version = "0.10", features = ["vendored"] } (commit 8c03411) — josekit hard-depends on openssl for JOSE primitives. The vendored feature compiles OpenSSL from source as part of the build (~30s overhead per cold build), which lets cargo zigbuild cross-compile cleanly to aarch64-linux.
• All CI workflows re-routed off runs-on: self-hosted (commit 898bad7). Every job in every workflow file now targets titan (heavy: build, docker, e2e, cosign) or teroknor (light: validation, network, SSH out) by explicit label. The workstation runner (grissom) is excluded from CI by design.
• gitea-release.yaml deleted — its responsibility is now release-attach inside ci.yaml. Single linear workflow instead of workflow_run cross-workflow handoff.
• executor-build.yml deleted (#308) — Makefile test-unit updated to cargo test --workspace so executor-crate coverage flows through normal ci.yaml test.
• docsite-deploy.yml push.tags: ['v*'] trigger re-enabled (#307) with secret guards on every step; missing secrets → skip with warning.
• Lint job moved from teroknor to titan (commit 2ec9f4e) — cargo fmt --check needs the Rust toolchain.
• E2E job conditional: if: false — skipped on every push (branch AND tag) until #312 ships and the Ubuntu 24.04 qcow2 is staged on titan. This is a temporary workaround so v2026.5.3 (and any patch releases between now and #312) can ship without the broken-bootstrap blocker. When #312 lands, restore: first if: startsWith(github.ref, 'refs/tags/v') for a tag-only gate, then drop the if: entirely.
• README + getting-started clone URL switched to the GitHub mirror in v2026.5.2; carried forward here.

Fixed

• build/docker skip-on-branch regression (commit 6928b7d) — Phase 1 (#295) added prerelease-gate to their needs: list. prerelease-gate is tag-only, and Gitea/GitHub Actions propagate skipped needs as skips downstream. Removed prerelease-gate from build and docker; the release-* jobs that genuinely need the gate (and are themselves tag-only) keep it.
• actions/setup-python@v5.6.0 has no prebuilt for Ubuntu 25.10 (titan's OS, commit e5497e5). Dropped the action; e2e now uses titan's system Python 3.13 in a /tmp/e2e-venv venv (PEP 668 compliant).
• pin-iso.sh fingerprint regex (commit 5af3b88) — gpg formats the 40-char fingerprint as two halves of 5 hex-groups separated by two spaces (e.g. B374 2BC0). The original ([A-F0-9]{4} ){9}[A-F0-9]{4} regex required single spaces and silently captured an empty signer_fp, causing the script to abort without writing the pinned sha256.
• release-binaries packaging step: honors $CARGO_TARGET_DIR (set on mutsu via launchd env) when present; falls back to per-crate <crate>/target/ otherwise. Uses sha256sum 2>/dev/null || shasum -a 256 so macOS (no GNU sha256sum) works alongside Linux.

Documentation

• New: docs/releases/runbook.md, docs/architecture/release-pipeline-audit.md, docs/architecture/aarch64-build-runner-plan.md (see Added).
• docs/releases/runbook.md extended with a CI runner assignments table mapping each runner to the work it gets (titan for heavy, teroknor for light, grissom explicitly excluded) and a Required secrets table mapping each secret to the job it activates.
• docs/architecture/release-pipeline-audit.md Phase 1-4 status flipped to landed with per-issue commit references.
• docs/architecture/aarch64-build-runner-plan.md updated to reflect the switch from native act_...