bump: version 0.57.60 → 0.57.61

Merge pull request #523 from cbcoutinho/feature/adr-022-deployment-mode-consolidation
docs: ADR-022 Deployment Mode Consolidation via Login Flow v2
2026-02-18 10:27:23 +00:00 · 2026-02-18 11:27:05 +01:00 · 2026-02-18 10:19:13 +01:00 · 2026-02-18 09:10:51 +00:00 · 2026-02-18 10:10:33 +01:00 · 2026-02-18 09:50:12 +01:00
15 changed files with 1442 additions and 25 deletions
@@ -15,13 +15,13 @@ jobs:
      packages: write
    steps:
      - name: Check out
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}"

      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: '3.11'

@@ -27,13 +27,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 1

      - name: Run Claude Code Review
        id: claude-review
-        uses: anthropics/claude-code-action@ea36d6abdedc17fc2a671b36060770b208a6f8f1 # v1.0.51
+        uses: anthropics/claude-code-action@2f8ba26a219c06cfb0f468eef8d97055fa814f97 # v1.0.53
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
          allowed_bots: "renovate-bot-cbcoutinho"
@@ -26,13 +26,13 @@ jobs:
      actions: read # Required for Claude to read CI results on PRs
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 1

      - name: Run Claude Code
        id: claude
-        uses: anthropics/claude-code-action@ea36d6abdedc17fc2a671b36060770b208a6f8f1 # v1.0.51
+        uses: anthropics/claude-code-action@2f8ba26a219c06cfb0f468eef8d97055fa814f97 # v1.0.53
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

@@ -13,11 +13,11 @@ jobs:
      packages: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Docker meta
        id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          # list of Docker images to use as base name for tags
          images: |
@@ -34,18 +34,18 @@ jobs:
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to GitHub Container Registry
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
@@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

@@ -24,7 +24,7 @@ jobs:
      models: read

    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Run docker compose with vector sync
        uses: hoverkraft-tech/compose-action@4894d2492015c1774ee5a13a95b1072093087ec3 # v2.5.0
@@ -97,7 +97,7 @@ jobs:

      - name: Upload test results
        if: always()
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: rag-evaluation-results
          path: |
@@ -18,7 +18,7 @@ jobs:
      contents: read
    steps:
      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install uv
        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
      - name: Install Python 3.11
@@ -9,7 +9,7 @@ jobs:
  linting:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install the latest version of uv
        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
      - name: Check format
@@ -27,7 +27,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          submodules: 'true'

@@ -35,7 +35,7 @@ jobs:
      ###### Required to build OIDC App ######

      - name: Set up php 8.4
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
        with:
          php-version: 8.4
          coverage: none
@@ -1,6 +1,6 @@
 FROM docker.io/library/python:3.12-slim-trixie@sha256:9e01bf1ae5db7649a236da7be1e94ffbbbdd7a93f867dd0d8d5720d9e1f89fab

-COPY --from=ghcr.io/astral-sh/uv:0.10.0@sha256:78a7ff97cd27b7124a5f3c2aefe146170793c56a1e03321dd31a289f6d82a04f /uv /uvx /bin/
+COPY --from=ghcr.io/astral-sh/uv:0.10.4@sha256:4cac394b6b72846f8a85a7a0e577c6d61d4e17fe2ccee65d9451a8b3c9efb4ac /uv /uvx /bin/

 # Install dependencies
 # 1. git (required for caldav dependency from git)
@@ -17,7 +17,7 @@ FROM docker.io/library/python:3.12-slim-trixie@sha256:9e01bf1ae5db7649a236da7be1
 WORKDIR /app

 # Install uv for fast dependency management
-COPY --from=ghcr.io/astral-sh/uv:0.10.0@sha256:78a7ff97cd27b7124a5f3c2aefe146170793c56a1e03321dd31a289f6d82a04f /uv /uvx /bin/
+COPY --from=ghcr.io/astral-sh/uv:0.10.4@sha256:4cac394b6b72846f8a85a7a0e577c6d61d4e17fe2ccee65d9451a8b3c9efb4ac /uv /uvx /bin/

 # Install dependencies
 # 1. git (required for caldav dependency from git)
@@ -1,6 +1,6 @@
 [tool.commitizen]
 name = "cz_conventional_commits"
-version = "0.57.50"
+version = "0.57.61"
 tag_format = "nextcloud-mcp-server-$version"
 version_scheme = "semver"
 update_changelog_on_bump = true
@@ -14,6 +14,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Configurable resource limits
 - Grafana dashboard annotations

+## nextcloud-mcp-server-0.57.61 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.60 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.59 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.58 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.57 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.56 (2026-02-18)
+
+## nextcloud-mcp-server-0.57.55 (2026-02-17)
+
+## nextcloud-mcp-server-0.57.54 (2026-02-17)
+
+## nextcloud-mcp-server-0.57.53 (2026-02-17)
+
+## nextcloud-mcp-server-0.57.52 (2026-02-17)
+
+## nextcloud-mcp-server-0.57.51 (2026-02-16)
+
+### Feat
+
+- add self-signed SSL certificate support for Nextcloud connections
+
+### Fix
+
+- add type: ignore for caldav ssl_verify_cert parameter
+- convert CA bundle path to ssl.SSLContext to avoid httpx deprecation warning
+
 ## nextcloud-mcp-server-0.57.50 (2026-02-16)

 ## nextcloud-mcp-server-0.57.49 (2026-02-16)
@@ -2,7 +2,7 @@ apiVersion: v2
 name: nextcloud-mcp-server
 description: A Helm chart for Nextcloud MCP Server - enables AI assistants to interact with Nextcloud
 type: application
-version: 0.57.50
+version: 0.57.61
 appVersion: "0.64.0"
 keywords:
  - nextcloud
@@ -3,7 +3,7 @@ services:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
-    image: docker.io/library/mariadb:lts@sha256:345fa26d595e8c7fe298e0c4098ed400356f502458769c8902229b3437d6da2b
+    image: docker.io/library/mariadb:lts@sha256:8164f184d16c30e2f159e30518113667b796306dff0fe558876ab1ff521a682f
    restart: always
    command: --transaction-isolation=READ-COMMITTED
    volumes:
@@ -19,7 +19,7 @@ services:
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
-    image: docker.io/library/redis:alpine@sha256:0804c395e634e624243387d3c3a9c45fcaca876d313c2c8b52c3fdf9a912dded
+    image: docker.io/library/redis:alpine@sha256:fd83658b0e40e2164617d262f13c02ca9ee9e1e6b276fd2fa06617e09bd5c780
    restart: always

  app:
@@ -207,7 +207,7 @@ services:
      - oauth-tokens:/app/data

  keycloak:
-    image: quay.io/keycloak/keycloak:26.5.1@sha256:b80a48090594367bd8cf6fe2019466ac4ea49de4d0830fb2a43256eda37b18f5
+    image: quay.io/keycloak/keycloak:26.5.3@sha256:5a236ae4dd8ece77490115bace15a11a4d15e9cbcf58a490b95a7da2cd71d32a
    command:
      - "start-dev"
      - "--import-realm"
Author	SHA1	Message	Date
github-actions[bot]	8cab588f21	bump: version 0.57.60 → 0.57.61	2026-02-18 10:27:23 +00:00
Chris Coutinho	8233cc9dcf	Merge pull request #523 from cbcoutinho/feature/adr-022-deployment-mode-consolidation docs: ADR-022 Deployment Mode Consolidation via Login Flow v2	2026-02-18 11:27:05 +01:00
Chris Coutinho	0d259d2dfd	docs(ADR-022): concrete Smithery rationale + app password lifecycle Address reviewer feedback on two fronts: - Replace vague privacy-only Smithery deprecation rationale with concrete justification: free tier sunsetting March 2026 (primary), privacy as secondary. Updated in context, migration table, and Alternative 5. - Add App Password Lifecycle Management section covering stale/revoked password detection (401 handling), login flow session cleanup (background task), and optional password rotation (APP_PASSWORD_MAX_AGE_DAYS). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 10:19:13 +01:00
github-actions[bot]	dfc676a847	bump: version 0.57.59 → 0.57.60	2026-02-18 09:10:51 +00:00
Chris Coutinho	cf627a9c48	Merge pull request #565 from cbcoutinho/ci/pin-gha-semver-comments ci: pin GitHub Actions version comments to full semver	2026-02-18 10:10:33 +01:00
Chris Coutinho	037e88e416	ci: pin GitHub Actions version comments to full semver Renovate's helpers:pinGitHubActionDigestsToSemver preset reads version comments to track updates. Major-only comments (e.g. # v6) produce unhelpful changelog diffs like "v6 → v6". Full semver comments (e.g. # v6.0.2) let Renovate show meaningful version changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-18 09:50:12 +01:00
Chris Coutinho	dae2f276ae	docs(ADR-022): address reviewer feedback Changes based on review: 1. Add Nextcloud platform limitation section documenting OAuth/scope support by endpoint type (WebDAV supports OAuth, others don't) 2. Update MCP elicitation to show capability negotiation and graceful fallback - URL in error message when elicitation not supported 3. Simplify Smithery section - recommend self-hosted for privacy, don't detail platform changes 4. Expand re-auth section with scope merging behavior, scenarios table, and explicit design choice for tool-based re-auth over auto-elicitation 5. Make rate limiting configurable with environment variables and admin guidance by deployment size 6. Clarify OAuth alternative - keep simple now, revisit if Nextcloud adds scoped OAuth support 7. Expand verification steps with required tests, add recommended Nextcloud configuration, add required README security notice Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-18 09:23:32 +01:00
Chris Coutinho	d94610d0ec	docs: add ADR-022 for deployment mode consolidation via Login Flow v2 Proposes consolidating five deployment modes into two: - Single-User: App password in env vars (trusted environment) - Multi-User: Login Flow v2 for per-user app password acquisition Key changes: - Use Nextcloud Login Flow v2 (NC 16+) for delegated authentication - Application-level scope enforcement (app passwords have no native scopes) - MCP elicitation for seamless authorization prompting - Astrolabe front-end integration for scope management UI - Clear security posture documentation for administrators This removes the need for upstream Nextcloud OAuth patches and simplifies deployment while maintaining security through defense-in-depth. Related: #521 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-18 09:23:32 +01:00
github-actions[bot]	af0b9c1f93	bump: version 0.57.58 → 0.57.59	2026-02-18 08:09:39 +00:00
Chris Coutinho	2d7360ebd7	Merge pull request #527 from cbcoutinho/renovate/actions-checkout-digest chore(deps): update actions/checkout digest to de0fac2	2026-02-18 09:09:19 +01:00
github-actions[bot]	56542802bc	bump: version 0.57.57 → 0.57.58	2026-02-18 07:55:29 +00:00
Chris Coutinho	c03dbd1b55	Merge pull request #518 from cbcoutinho/renovate/docker.io-library-redis-alpine chore(deps): update docker.io/library/redis:alpine docker digest to fd83658	2026-02-18 08:55:14 +01:00
github-actions[bot]	99925d9f22	bump: version 0.57.56 → 0.57.57	2026-02-18 07:49:54 +00:00
Chris Coutinho	0dfaf954d7	Merge pull request #546 from cbcoutinho/renovate/docker.io-library-mariadb-lts chore(deps): update docker.io/library/mariadb:lts docker digest to 8164f18	2026-02-18 08:49:36 +01:00
github-actions[bot]	b3fe7099cb	bump: version 0.57.55 → 0.57.56	2026-02-18 06:27:44 +00:00
Chris Coutinho	7152537fd4	Merge pull request #564 from cbcoutinho/renovate/ghcr.io-astral-sh-uv-0.x chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.10.4	2026-02-18 07:27:28 +01:00
renovate-bot-cbcoutinho[bot]	9d31925f27	chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.10.4	2026-02-17 23:15:29 +00:00
renovate-bot-cbcoutinho[bot]	3a322c34bc	chore(deps): update docker.io/library/mariadb:lts docker digest to 8164f18	2026-02-17 23:15:17 +00:00
github-actions[bot]	b1bd025aac	bump: version 0.57.54 → 0.57.55	2026-02-17 13:45:28 +00:00
Chris Coutinho	8a1c604d78	Merge pull request #499 from cbcoutinho/renovate/quay.io-keycloak-keycloak-26.x chore(deps): update quay.io/keycloak/keycloak docker tag to v26.5.3	2026-02-17 14:45:10 +01:00
github-actions[bot]	3616dee54c	bump: version 0.57.53 → 0.57.54	2026-02-17 04:38:16 +00:00
Chris Coutinho	dbb36a7b63	Merge pull request #550 from cbcoutinho/renovate/ghcr.io-astral-sh-uv-0.x chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.10.3	2026-02-17 05:38:01 +01:00
github-actions[bot]	f1797b2f8e	bump: version 0.57.52 → 0.57.53	2026-02-17 04:37:51 +00:00
Chris Coutinho	1d5d4f86d7	Merge pull request #429 from cbcoutinho/renovate/actions-checkout-6.x chore(deps): update actions/checkout action to v6.0.2	2026-02-17 05:37:36 +01:00
github-actions[bot]	44030805f1	bump: version 0.57.51 → 0.57.52	2026-02-17 04:37:17 +00:00
Chris Coutinho	afd7e69f76	Merge pull request #561 from cbcoutinho/renovate/anthropics-claude-code-action-1.x chore(deps): update anthropics/claude-code-action action to v1.0.53	2026-02-17 05:37:01 +01:00
renovate-bot-cbcoutinho[bot]	31be72ae24	chore(deps): update anthropics/claude-code-action action to v1.0.53	2026-02-16 23:10:46 +00:00
github-actions[bot]	6bd05a81bf	bump: version 0.57.50 → 0.57.51	2026-02-16 14:49:23 +00:00
renovate-bot-cbcoutinho[bot]	8963e65f1b	chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.10.3	2026-02-16 11:16:20 +00:00
renovate-bot-cbcoutinho[bot]	75c3868e74	chore(deps): update actions/checkout action to v6.0.2	2026-02-16 11:16:12 +00:00
renovate-bot-cbcoutinho[bot]	bce6686494	chore(deps): update docker.io/library/redis:alpine docker digest to fd83658	2026-02-11 11:12:10 +00:00
renovate-bot-cbcoutinho[bot]	291a13c064	chore(deps): update quay.io/keycloak/keycloak docker tag to v26.5.3	2026-02-10 11:09:44 +00:00
renovate-bot-cbcoutinho[bot]	119a422a35	chore(deps): update actions/checkout digest to de0fac2	2026-02-04 11:08:12 +00:00