You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: comprehensive README/CHANGELOG audit and corrections for v1.9.0
- Fix ENABLE_WORKERS env var references to CYBERCHEF_ENABLE_WORKERS across
README.md, docs/releases/v1.9.0.md, and example configurations
- Update upstream-monitor cron schedule references from "every 6 hours" to
"weekly (Sundays at noon UTC)" in README.md CI/CD section and features list
- Update Dockerfile base image references from node:18-alpine to Chainguard
distroless in docs/architecture/architecture.md and CLAUDE.md
- Expand architecture diagram to include transport layer and worker pool
- Update CLAUDE.md: coverage thresholds (75%/90%/70%), full MCP tools list,
complete CI/CD workflow table (10 workflows), Chainguard base image
- Add [Unreleased] section to CHANGELOG.md documenting upstream-monitor
schedule change and all documentation corrections
- Mark all v1.2.0-v1.9.0 releases as "Released" in ROADMAP.md with status
column, update v1.9.0 description to reflect actual features delivered
- Stage upstream-monitor.yml cron schedule change (6h -> weekly Sunday noon)
- Update ref-proj/CyberChef submodule to latest upstream
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: CHANGELOG.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
8
8
## [Unreleased]
9
9
10
+
### Changed
11
+
-**Upstream Monitor Schedule**: Changed cron from every 6 hours to weekly (Sundays at noon UTC) to reduce unnecessary CI runs
12
+
13
+
### Fixed
14
+
-**Documentation**: Corrected `ENABLE_WORKERS` env var references to `CYBERCHEF_ENABLE_WORKERS` across README.md, CLAUDE.md, and release notes
15
+
-**Documentation**: Updated upstream monitor schedule references from "every 6 hours" to "weekly" in README.md
16
+
-**Documentation**: Updated Dockerfile base image references from `node:18-alpine`/`node:22-alpine` to Chainguard distroless in architecture docs and CLAUDE.md
17
+
-**Documentation**: Updated coverage threshold references in CLAUDE.md to match current thresholds (75% lines/stmts, 90% functions, 70% branches)
18
+
-**Documentation**: Expanded MCP tools listing and CI/CD workflow table in CLAUDE.md
Copy file name to clipboardExpand all lines: README.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,7 +66,7 @@ The server exposes CyberChef operations as MCP tools:
66
66
- Lists all 8 deprecation codes (DEP001-DEP008) with details
67
67
***Worker Thread Pool** (v1.9.0): CPU-intensive operations offloaded to worker threads
68
68
*`cyberchef_worker_stats` - Monitor worker pool utilization, active/completed tasks, and pool configuration
69
-
* Enable with `ENABLE_WORKERS=true` environment variable
69
+
* Enable with `CYBERCHEF_ENABLE_WORKERS=true` environment variable
70
70
* Configurable pool size, idle timeout, and minimum input size for worker routing
71
71
72
72
### Technical Highlights
@@ -82,7 +82,7 @@ The server exposes CyberChef operations as MCP tools:
82
82
***Advanced Features** (v1.7.0): Enterprise-grade capabilities with batch processing (parallel/sequential execution of up to 100 operations), privacy-first telemetry collection (disabled by default, no input/output data captured), sliding window rate limiting for resource protection, enhanced caching with inspection tools, and resource quota tracking (concurrent operations, data sizes). All features are configurable via environment variables with secure defaults. See [Release Notes](docs/releases/v1.7.0.md) for details.
83
83
***Enhanced Observability** (v1.5.0): Structured JSON logging with Pino for production monitoring, comprehensive error handling with actionable recovery suggestions, automatic retry logic with exponential backoff, request correlation with UUID tracking, circuit breaker pattern for cascading failure prevention, and streaming infrastructure for progressive results on large operations. See [Release Notes](docs/releases/v1.5.0.md) for details.
84
84
***Performance Optimized** (v1.4.0): LRU cache for operation results (100MB default), automatic streaming for large inputs (10MB+ threshold), configurable resource limits (100MB max input, 30s timeout), memory monitoring, and comprehensive benchmark suite. See [Performance Tuning Guide](docs/architecture/performance-tuning.md) for configuration options.
85
-
***Upstream Sync Automation** (v1.3.0): Automated monitoring of upstream CyberChef releases every 6 hours, one-click synchronization workflow, comprehensive validation test suite with 689 tests, and emergency rollback mechanism.
85
+
***Upstream Sync Automation** (v1.3.0): Automated monitoring of upstream CyberChef releases weekly (Sundays at noon UTC), one-click synchronization workflow, comprehensive validation test suite with 689 tests, and emergency rollback mechanism.
86
86
***Security Hardened** (v1.4.5+): Chainguard distroless base image with zero-CVE baseline, non-root execution (UID 65532), automated Trivy vulnerability scanning with build-fail thresholds, dual SBOM strategy (Docker Scout attestations + CycloneDX), read-only filesystem support, SLSA Build Level 3 provenance, and 7-day SLA for critical CVE patches. Fixed 11 of 12 code scanning vulnerabilities including critical cryptographic randomness weakness and 7 ReDoS vulnerabilities. See [Security Policy](SECURITY.md) and [Security Fixes Report](docs/security/SECURITY_FIX_REPORT.md) for details.
87
87
***Production Ready**: Comprehensive CI/CD with CodeQL v4, automated testing, and dual-registry container publishing (Docker Hub + GHCR) with complete supply chain attestations.
88
88
@@ -286,7 +286,7 @@ CYBERCHEF_MAX_INPUT_SIZE=104857600 # Maximum input size (100MB)
286
286
CYBERCHEF_OPERATION_TIMEOUT=30000 # Operation timeout in milliseconds (30s)
CYBERCHEF_ENABLE_STREAMING=true # Enable streaming for large operations
289
-
CYBERCHEF_ENABLE_WORKERS=false # Enable worker threads (disabled by default)
289
+
CYBERCHEF_ENABLE_WORKERS=false # Enable worker thread pool (disabled by default)
290
290
CYBERCHEF_CACHE_MAX_SIZE=104857600 # Cache maximum size (100MB)
291
291
CYBERCHEF_CACHE_MAX_ITEMS=1000 # Cache maximum items
292
292
```
@@ -341,7 +341,7 @@ docker run -i --rm \
341
341
**Worker Thread Pool for CPU-Intensive Operations (v1.9.0+)**
342
342
```bash
343
343
docker run -i --rm \
344
-
-e ENABLE_WORKERS=true \
344
+
-e CYBERCHEF_ENABLE_WORKERS=true \
345
345
-e CYBERCHEF_WORKER_MAX_THREADS=8 \
346
346
-e CYBERCHEF_WORKER_IDLE_TIMEOUT=60000 \
347
347
ghcr.io/doublegate/cyberchef-mcp_v1:latest
@@ -656,7 +656,7 @@ This project uses GitHub Actions to ensure stability and security:
656
656
***Release** ([`mcp-release.yml`](.github/workflows/mcp-release.yml)): Publishes Docker image to GHCR with SBOM attachment on version tags (`v*`), automatically creates GitHub releases
657
657
658
658
**Upstream Sync Automation (v1.3.0+):**
659
-
***Upstream Monitor** ([`upstream-monitor.yml`](.github/workflows/upstream-monitor.yml)): Monitors GCHQ/CyberChef for new releases every 6 hours, creates GitHub issues for review
659
+
***Upstream Monitor** ([`upstream-monitor.yml`](.github/workflows/upstream-monitor.yml)): Monitors GCHQ/CyberChef for new releases weekly (Sundays at noon UTC), creates GitHub issues for review
660
660
***Upstream Sync** ([`upstream-sync.yml`](.github/workflows/upstream-sync.yml)): Selective file synchronization workflow - copies only `src/core/operations/*.mjs` files, prevents restoration of deleted web UI components, creates PR for review
661
661
***Rollback** ([`rollback.yml`](.github/workflows/rollback.yml)): Emergency rollback mechanism with state comparison and ref-proj guidance
0 commit comments