v0.2.6 — Kata Containers, Pipes, Audit, Marketplace

What's New in v0.2.6

🔒 Kata Containers Runtime Support

• runtime field on deploy_app / deploy_with_configs commands — values: runc (default), kata
• Server-side validation rejects unknown runtime values (HTTP 422)
• Capability gating: agents without kata feature are rejected before command dispatch
• --runtime kata|runc flag on stacker deploy and stacker agent deploy-app
• DB migration: runtime column persisted per deployment
• Vault: per-deployment runtime preference + org-level "must use Kata" policy
• Compose templates conditionally emit runtime: kata per service
• Hetzner CCX (dedicated-CPU/KVM) provisioning via Terraform + Ansible
• Full docs: docs/kata/ — setup guide, Hetzner KVM guide, network constraints, monitoring

🔗 Pipe (Container Linking) Foundation

• stacker pipe scan|create|list — connect containerized apps
• ProbeEndpoints agent command: auto-discovers OpenAPI, HTML forms, REST endpoints
• Two-level storage: pipe_templates (reusable) + pipe_instances (per-deployment)
• REST API: POST/GET/DELETE /api/v1/pipes/templates and /instances

📊 Agent Audit Ingest & Query

• POST /api/v1/agent/audit — receive audit event batches from Status Panel
• GET /api/v1/agent/audit — query audit log with filters
• Migration: agent_audit_log table

🛒 Marketplace Developer & Buyer Flows

• stacker submit — package and submit stack to marketplace
• stacker marketplace status|logs — track submissions
• Buyer install/download endpoints + agent self-registration

🔥 Firewall (iptables) Management

• MCP tools: configure_firewall, list_firewall_rules, configure_firewall_from_role
• Status Panel and SSH execution methods
• Public/private port rules with persistence

🐛 Fixes

• Casbin ACL: group_admin GET access to /admin/project/:id/compose

Full changelog: https://github.com/trydirect/stacker/blob/v0.2.6/CHANGELOG.md