bump: version 0.57.60 → 0.57.61

Merge pull request #523 from cbcoutinho/feature/adr-022-deployment-mode-consolidation
docs: ADR-022 Deployment Mode Consolidation via Login Flow v2
2026-02-18 10:27:23 +00:00 · 2026-02-18 11:27:05 +01:00 · 2026-02-18 10:19:13 +01:00 · 2026-02-18 09:10:51 +00:00 · 2026-02-18 10:10:33 +01:00 · 2026-02-18 09:50:12 +01:00
12 changed files with 1405 additions and 15 deletions
@@ -15,13 +15,13 @@ jobs:
      packages: write
    steps:
      - name: Check out
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}"

      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: '3.11'

@@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 1

@@ -26,7 +26,7 @@ jobs:
      actions: read # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 1

@@ -13,11 +13,11 @@ jobs:
      packages: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          # list of Docker images to use as base name for tags
          images: |
@@ -34,18 +34,18 @@ jobs:
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to GitHub Container Registry
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
@@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

@@ -97,7 +97,7 @@ jobs:

      - name: Upload test results
        if: always()
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: rag-evaluation-results
          path: |
@@ -18,7 +18,7 @@ jobs:
      contents: read
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install uv
        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
      - name: Install Python 3.11
@@ -35,7 +35,7 @@ jobs:
      ###### Required to build OIDC App ######

      - name: Set up php 8.4
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
        with:
          php-version: 8.4
          coverage: none
@@ -1,6 +1,6 @@
 [tool.commitizen]
 name = "cz_conventional_commits"
-version = "0.57.59"
+version = "0.57.61"
 tag_format = "nextcloud-mcp-server-$version"
 version_scheme = "semver"
 update_changelog_on_bump = true
@@ -14,6 +14,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Configurable resource limits
 - Grafana dashboard annotations

+## nextcloud-mcp-server-0.57.61 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.60 (2026-02-18)
+
 ## nextcloud-mcp-server-0.57.59 (2026-02-18)

 ## nextcloud-mcp-server-0.57.58 (2026-02-18)
@@ -2,7 +2,7 @@ apiVersion: v2
 name: nextcloud-mcp-server
 description: A Helm chart for Nextcloud MCP Server - enables AI assistants to interact with Nextcloud
 type: application
-version: 0.57.59
+version: 0.57.61
 appVersion: "0.64.0"
 keywords:
  - nextcloud
Author	SHA1	Message	Date
github-actions[bot]	8cab588f21	bump: version 0.57.60 → 0.57.61	2026-02-18 10:27:23 +00:00
Chris Coutinho	8233cc9dcf	Merge pull request #523 from cbcoutinho/feature/adr-022-deployment-mode-consolidation docs: ADR-022 Deployment Mode Consolidation via Login Flow v2	2026-02-18 11:27:05 +01:00
Chris Coutinho	0d259d2dfd	docs(ADR-022): concrete Smithery rationale + app password lifecycle Address reviewer feedback on two fronts: - Replace vague privacy-only Smithery deprecation rationale with concrete justification: free tier sunsetting March 2026 (primary), privacy as secondary. Updated in context, migration table, and Alternative 5. - Add App Password Lifecycle Management section covering stale/revoked password detection (401 handling), login flow session cleanup (background task), and optional password rotation (APP_PASSWORD_MAX_AGE_DAYS). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 10:19:13 +01:00
github-actions[bot]	dfc676a847	bump: version 0.57.59 → 0.57.60	2026-02-18 09:10:51 +00:00
Chris Coutinho	cf627a9c48	Merge pull request #565 from cbcoutinho/ci/pin-gha-semver-comments ci: pin GitHub Actions version comments to full semver	2026-02-18 10:10:33 +01:00
Chris Coutinho	037e88e416	ci: pin GitHub Actions version comments to full semver Renovate's helpers:pinGitHubActionDigestsToSemver preset reads version comments to track updates. Major-only comments (e.g. # v6) produce unhelpful changelog diffs like "v6 → v6". Full semver comments (e.g. # v6.0.2) let Renovate show meaningful version changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 09:50:12 +01:00
Chris Coutinho	dae2f276ae	docs(ADR-022): address reviewer feedback Changes based on review: 1. Add Nextcloud platform limitation section documenting OAuth/scope support by endpoint type (WebDAV supports OAuth, others don't) 2. Update MCP elicitation to show capability negotiation and graceful fallback - URL in error message when elicitation not supported 3. Simplify Smithery section - recommend self-hosted for privacy, don't detail platform changes 4. Expand re-auth section with scope merging behavior, scenarios table, and explicit design choice for tool-based re-auth over auto-elicitation 5. Make rate limiting configurable with environment variables and admin guidance by deployment size 6. Clarify OAuth alternative - keep simple now, revisit if Nextcloud adds scoped OAuth support 7. Expand verification steps with required tests, add recommended Nextcloud configuration, add required README security notice Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-18 09:23:32 +01:00
Chris Coutinho	d94610d0ec	docs: add ADR-022 for deployment mode consolidation via Login Flow v2 Proposes consolidating five deployment modes into two: - Single-User: App password in env vars (trusted environment) - Multi-User: Login Flow v2 for per-user app password acquisition Key changes: - Use Nextcloud Login Flow v2 (NC 16+) for delegated authentication - Application-level scope enforcement (app passwords have no native scopes) - MCP elicitation for seamless authorization prompting - Astrolabe front-end integration for scope management UI - Clear security posture documentation for administrators This removes the need for upstream Nextcloud OAuth patches and simplifies deployment while maintaining security through defense-in-depth. Related: #521 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-18 09:23:32 +01:00