mb3r-stack v0.3.3 candidate integration bundle

mb3r-stack v0.3.3

Patch bundle release that refreshes the Bering pin after the Bering release metadata hygiene patch.

What changed

• upgrades the bundle Bering pin from v0.3.2 to v0.3.3
• keeps Sheaft pinned at v0.2.3
• keeps the stack-level adapter envelopes stable at v1alpha1
• keeps the formal stack maturity at candidate
• refreshes README badges, examples, docs, adapter digest checks, and compatibility metadata to the current patch line

Upstream pins in this bundle

• Bering v0.3.3 pinned to ghcr.io/mb3r-lab/bering@sha256:b38713a15194827f3410c3972071a5fd358f1fe55847952289f5edd7c0b82174
• Sheaft v0.2.3 pinned to ghcr.io/mb3r-lab/sheaft@sha256:07bca0e01ef0bfb09c9561c2883d7acf7b2ee6374be373ecd0168747da9f1e76

Release posture

• verified by repository validation, adapter e2e, release dry-run, and Helm template rendering on 2026-05-01
• the locally staged package set is mb3r-stack-0.3.3.tgz, mb3r-assets-0.3.3.tgz, release-manifest.json, SHA256SUMS.txt, and sbom.cdx.json
• Bering v0.3.3 keeps the 1.0.0 and 1.1.0 schema contract lines unchanged
• Sheaft v0.2.3 keeps the same accepted Bering contract lines and fixes serve / watch startup when the first Bering artifact appears after Sheaft starts
• Sheaft serve / watch remains preview-grade upstream behavior and is not promoted to a long-term stable contract by this bundle release

mb3r-stack v0.3.2 candidate integration bundle

mb3r-stack v0.3.2

Patch bundle release that refreshes the Sheaft pin after the live Bering-to-Sheaft handoff bug found during the v0.3.1 pinned-image smoke.

What changed

• upgrades the bundle Sheaft pin from v0.2.2 to v0.2.3
• keeps Bering pinned at v0.3.2
• keeps the stack-level adapter envelopes stable at v1alpha1
• keeps the formal stack maturity at candidate
• refreshes README badges, examples, docs, adapter digest checks, and compatibility metadata to the current patch line

Upstream pins in this bundle

• Bering v0.3.2 pinned to ghcr.io/mb3r-lab/bering@sha256:98e443461bf59d92cc19b20f425602de91b22a272ecd9a79df5cc20f96c735a8
• Sheaft v0.2.3 pinned to ghcr.io/mb3r-lab/sheaft@sha256:07bca0e01ef0bfb09c9561c2883d7acf7b2ee6374be373ecd0168747da9f1e76

Release posture

• verified by repository validation, adapter e2e, release dry-run, and Helm template rendering on 2026-05-01
• the locally staged package set is mb3r-stack-0.3.2.tgz, mb3r-assets-0.3.2.tgz, release-manifest.json, SHA256SUMS.txt, and sbom.cdx.json
• Bering v0.3.2 keeps the 1.0.0 and 1.1.0 schema contract lines and adds runtime/toolchain hardening
• Sheaft v0.2.3 keeps the same accepted Bering contract lines and fixes serve / watch startup when the first Bering artifact appears after Sheaft starts
• Sheaft serve / watch remains preview-grade upstream behavior and is not promoted to a long-term stable contract by this bundle release

mb3r-stack v0.3.1 candidate integration bundle

mb3r-stack v0.3.1

Patch bundle release that refreshes the integration layer onto the hardened upstream Bering and Sheaft patch lines.

What changed

• upgrades the bundle pins to Bering v0.3.2 and Sheaft v0.2.2
• keeps the stack-level adapter envelopes stable at v1alpha1
• keeps the formal stack maturity at candidate
• hardens the live Kubernetes smoke helper so authenticated GHCR pull secrets are applied through stdin instead of process argv
• validates GitHub, GitLab, and Jenkins adapter gate decisions against the supported decision set
• includes release-manifest.json in release checksum coverage
• hardens the Sheaft container security context in stack chart defaults

Upstream pins in this bundle

• Bering v0.3.2 pinned to ghcr.io/mb3r-lab/bering@sha256:98e443461bf59d92cc19b20f425602de91b22a272ecd9a79df5cc20f96c735a8
• Sheaft v0.2.2 pinned to ghcr.io/mb3r-lab/sheaft@sha256:df6a7bbf21e4f307d1d33425f4245eeb34f5d051f46b8ad36ad536b33bf2c331

Release posture

• verified by repository validation, adapter e2e, release dry-run, and Helm template rendering on 2026-05-01
• the locally staged package set is mb3r-stack-0.3.1.tgz, mb3r-assets-0.3.1.tgz, release-manifest.json, SHA256SUMS.txt, and sbom.cdx.json
• Bering v0.3.2 keeps the 1.0.0 and 1.1.0 schema contract lines and adds runtime/toolchain hardening
• Sheaft v0.2.2 keeps the same accepted Bering contract lines and hardens serve/watch/toolchain/chart behavior
• Sheaft serve / watch remains preview-grade upstream behavior and is not promoted to a long-term stable contract by this bundle release

Backlog on 2026-05-01

• verified-bundle acceptance criteria, first-user path documentation, adapter maturity notes, and release evidence attachment remain tracked in GitHub issues
• Node.js 20 action deprecation annotations still appear in upstream release workflows and should remain visible in the technical backlog

mb3r-stack v0.3.0 candidate integration bundle

mb3r-stack v0.3.0

Minor bundle release that realigns the integration layer with the current upstream Bering and Sheaft lines.

What changed

• upgrades the bundle pins to Bering v0.3.1 and Sheaft v0.2.1
• records strict stack compatibility for the published Bering io.mb3r.bering.model and io.mb3r.bering.snapshot schema lines at both 1.0.0 and 1.1.0
• keeps the stack-level adapter envelopes stable at v1alpha1 while refreshing chart defaults, examples, and CI adapters to the new upstream images
• updates GitHub Actions workflows to actions/checkout@v6, actions/setup-python@v6, and azure/setup-helm@v4.3.1 as a partial step on the Node.js 20 deprecation backlog item
• hardens local acceptance and live-smoke helpers to use dynamic localhost ports so verification is resilient on busy developer machines
• does not change formal maturity: the bundle remains candidate

Upstream pins in this bundle

• Bering v0.3.1 pinned to ghcr.io/mb3r-lab/bering@sha256:ac960e908df7fb7defb4ce950d2e54ff8d8f65f7cd5e5f723d424cb425248bad
• Sheaft v0.2.1 pinned to ghcr.io/mb3r-lab/sheaft@sha256:543771ca12722147578bf7a99dd07c5477c7fe15e7404cf6659a2a02f203a93b

Release posture

• verified by repository validate, local generic e2e, OTel Demo profile e2e, adapter e2e, and live kind-based generic smoke with anonymous pulls of the pinned GHCR images on 2026-03-22
• the locally staged package set is mb3r-stack-0.3.0.tgz, mb3r-assets-0.3.0.tgz, release-manifest.json, SHA256SUMS.txt, and sbom.cdx.json
• Bering v0.3.1 publishes the additional 1.1.0 schema line without a declared CLI, API, or install-surface break
• Sheaft v0.2.1 continues to treat serve / watch as preview-grade upstream behavior rather than a long-term stable contract

Backlog on 2026-03-22

• GitHub issue #20 is the only open repository issue
• actions/checkout@v6 and actions/setup-python@v6 are in place, but GitHub ci run 23407592947 still reports the Node.js 20 deprecation annotation for azure/setup-helm@v4.3.1
• the issue therefore remains open until Helm setup in the GitHub workflows is replaced with a Node 24-safe path

mb3r-stack v0.2.2 candidate integration bundle

mb3r-stack v0.2.2

Patch release that brings the published bundle back in sync with the latest generic verification posture on main.

What changed

• captures the post-v0.2.1 CI improvements that run pinned-image generic smoke on every push
• records successful anonymous GHCR pull verification for the pinned Bering and Sheaft images
• keeps the local-image live smoke, generic e2e path, OTel Demo profile checks, and adapter contract verification intact
• does not change formal maturity: the bundle remains candidate

Upstream pins in this bundle

• Bering v0.1.0 pinned to ghcr.io/mb3r-lab/bering@sha256:8e8ce6599b43477b0653617e829d41c62a3189d16b60ecb424cca718fc0e2674
• Sheaft v0.1.1 pinned to ghcr.io/mb3r-lab/sheaft@sha256:eb1ebf9d96c55c5bb29e226e07496d152eb3a66b52dd9d34ba799fa4aef70624

Release posture

• generic pinned-image smoke is now proven both locally and in repository CI without credential overrides
• formal bundle maturity remains candidate
• Sheaft serve/watch should still be treated as preview-grade upstream behavior rather than a long-term stable contract
• GitHub Actions still needs a follow-up maintenance pass for Node.js 24-compatible action versions

mb3r-stack v0.2.1 candidate integration bundle

mb3r-stack v0.2.1

Patch release for the generic reusable MB3R integration bundle.

What changed

• adds a second live generic smoke that deploys the synthetic profile on a clean cluster without rebuilding local images
• surfaces GHCR pull and auth failures explicitly instead of collapsing them into generic pod-readiness timeouts
• documents the external credential precondition for proving cross-repo pullability of the pinned upstream Bering and Sheaft images
• keeps the existing local-image live smoke, generic e2e path, OTel Demo profile checks, and adapter contract verification intact

Upstream pins in this bundle

• Bering v0.1.0 pinned to ghcr.io/mb3r-lab/bering@sha256:8e8ce6599b43477b0653617e829d41c62a3189d16b60ecb424cca718fc0e2674
• Sheaft v0.1.1 pinned to ghcr.io/mb3r-lab/sheaft@sha256:eb1ebf9d96c55c5bb29e226e07496d152eb3a66b52dd9d34ba799fa4aef70624

Release posture

• formal bundle maturity remains candidate
• generic runtime plumbing is still proven independently from the OTel Demo profile
• pinned-image live smoke is now part of the bundle tooling, but upstream GHCR pullability still requires explicit external credentials or public package access

mb3r-stack v0.2.0 candidate integration bundle

mb3r-stack v0.2.0

Generic reusable stack release for the MB3R integration layer above released Bering and Sheaft artifacts.

What changed

• chart identity moved to the generic mb3r-stack install surface
• core assumptions are now separated from profile-specific OpenTelemetry Demo wiring
• the repository now ships a smallest generic synthetic profile, a minimal production-style profile, and an OTel Demo profile
• verification is split across generic smoke, generic end-to-end, live generic Kubernetes smoke, OTel Demo profile smoke/end-to-end, and CI adapter end-to-end contract checks

Upstream pins in this bundle

• Bering v0.1.0 pinned to ghcr.io/mb3r-lab/bering@sha256:8e8ce6599b43477b0653617e829d41c62a3189d16b60ecb424cca718fc0e2674
• Sheaft v0.1.1 pinned to ghcr.io/mb3r-lab/sheaft@sha256:eb1ebf9d96c55c5bb29e226e07496d152eb3a66b52dd9d34ba799fa4aef70624

Release posture

• formal bundle maturity remains candidate
• generic stack readiness is validated separately from the OpenTelemetry Demo profile
• OpenTelemetry Demo remains an example profile and acceptance scenario, not the design center of the bundle
• CI adapter contracts are now exercised end to end against representative payloads

mb3r-stack v0.1.0 candidate integration bundle

mb3r-stack v0.1.0

First public MB3R integration bundle release for the stack-level packaging layer above released Bering and Sheaft artifacts.

Upstream pins in this bundle

• Bering v0.1.0 pinned to ghcr.io/mb3r-lab/bering@sha256:8e8ce6599b43477b0653617e829d41c62a3189d16b60ecb424cca718fc0e2674
• Sheaft v0.1.1 pinned to ghcr.io/mb3r-lab/sheaft@sha256:eb1ebf9d96c55c5bb29e226e07496d152eb3a66b52dd9d34ba799fa4aef70624

What this release publishes

• the mb3r-otel-addon OCI-publishable Helm chart
• the packaged mb3r-assets archive with collector snippets, dashboards, and examples
• stack-manifest.json, compatibility-matrix.json, and release-manifest.json
• SHA256SUMS.txt, sbom.cdx.json, and release-notes.md

Compatibility statement

• bundle status is candidate, not verified
• compatibility evidence is pinned to the published Bering v0.1.0 release manifest plus the published Sheaft v0.1.1 release and compatibility manifests
• stack-level contracts remain collectorExport, discoveryReport, gateDecision, and reportPayload at v1alpha1
• dashboards stay versioned at 1.0.0 for both Bering and Sheaft views

CI and install surface

• GitHub, GitLab, and Jenkins adapters now default to immutable upstream image references instead of TODO-* placeholders
• example values files ship concrete upstream image tags and digests for local and production-style installs
• chart metadata and OCI publication now target the canonical ghcr.io/mb3r-lab/charts namespace

Known limits

• this repository owns only the integration bundle, not upstream Bering or Sheaft binaries or source releases
• compatibility claims are limited to published upstream artifacts and checked-in integration assets
• broader operational support should remain conservative until this bundle graduates from candidate to verified