Main Branch Into Develop

[Geoffrey-Keygraph]

• Support disabling wait-for

• Init handling workshop service

• Dependency handling community service

• Lint

• Handle health

• Bump k8s-wait-for to v2.0 for arm64 (Bump k8s-wait-for to v2.0 for arm64 OWASP/crAPI#256)

• Bump k8s-wait-for to v2.0 for arm64

• Update certs

• Update README.md (Update README.md OWASP/crAPI#257)

• Correct training

• Timeout handling for gateway (Timeout handling for gateway OWASP/crAPI#259)

Timeout handling for gateway

• Update pr-build.yml

• Make vin numbers to be VIN regex complaint (Make vin numbers to be VIN regex complaint  OWASP/crAPI#261)

• Fix VIN

• add permissions pull request write

---

• Make storage provisions configurable. (Make storage provisions configurable.  OWASP/crAPI#263)

Persistent volume helm configuration

• Escaped validation for unsigned JWTs (Escaped validation for unsigned JWTs OWASP/crAPI#265)

• added check for unsigned jwt

• Change to typescript from js and show service request history (Change to typescript from js and show service request history OWASP/crAPI#269)

• Use typescript

• Fix bugs

• lint

• Convert more to typescript

• More typescript

• User service req view

• Update dockerfile

• Implement service history

• Update docker-compose.yml

• Implement report view (Implement report view OWASP/crAPI#270)

• Update pr-build.yml

• Change phone number feature (Change phone number feature OWASP/crAPI#268)

• Added functionality to send otp for phone number change request

---

• Phone number change web service (Phone number change web service OWASP/crAPI#271)

• web service verify OTP impl

• minor identity service changes

---

• Mechanic ux (Mechanic ux OWASP/crAPI#281)

• E2E-UI

• Mechanic UX fixes

• Fix profile pages

• Update web and identity images (Update web and identity images OWASP/crAPI#282)

• Fix convention

• Enhanced README to Pull and Modify Variables in the .env file (Enhanced README to Pull and Modify Variables in the .env file OWASP/crAPI#288)

• enhanced readme

• enhanced setup.md

• enhanced setup.md

• Update LICENSE.md

• Update README.md

• Update setup.md

• Fix health of gateway image (Fix health of gateway image OWASP/crAPI#289)

• Fix health of gateway image

• Update docker compose

• Fix filename typos in README.md (Fix filename typos in README.md OWASP/crAPI#290)

The current name of the docker compose file is docker-compose.yml. The readme command examples indicated that the name was docker compose.yml. This commit updates all README cases of this error to reflect the actual name of the file, making the command functional again.

• Update values-pv.yaml

• Chatbot impl (Chatbot impl OWASP/crAPI#295)

• Implement chatbot UI

• added llm chatbot service (added llm chatbot service OWASP/crAPI#242)

• added llm chatbot service

• Llm chatbot (Llm chatbot OWASP/crAPI#243)

• removed unused imports

• Integration

• Lint

• Minor fixes

• Fix ssl issue

• Fix docker

• Fix entrypoint

• increase timeout

• Implement helm

• Fix entrypoint

• Store user state for chatbot

• resolved segmentation fault error in chatbot (resolved segmentation fault error in chatbot OWASP/crAPI#245)

• Add release workflow

• Instructions

• Fix tag publish

• Strip tag prefix

• String tag prefix for docker tags

• Fix entrypoint.sh

• Session based chat

• Fix UI

• Lint

• Fix configmap

• Update requirements

• Fix dockerfile

• Fix UX

• Seperate prompts

• Change to ChatOpenAI

• Change to ChatOpenAI

• Return messages

• Save chat history

• Cleanup

• Cleanup

• Preserve X-Forwarded-For

• Add mongo dependency for chatbot

• Use old turbo model

• FSession logs not clearer debug

• Add ssn

• Fix gateway service health

• Chatbot typescript

• Upgrade packages

• Dummy commit

• Lint

• lint

• Reduce max mem

• Update chatbot

• Update chatbot

• Potential fix for code scanning alert no. 21: Flask app is run in debug mode

• Chatbot mcp impl

• spotless

• Fix chatbot

• Spotless

• Fix usage

• MCP server fix (MCP functionality enabled OWASP/crAPI#303)

• Remove errors

• Remove variables not needed

• Add management scripts

• Make executable

• Fix config

• Fix config

• Add init for chatbot

• Add retry for apikey

• Add retry for apikey

• Chatbot UX fix

• update tool versions

• Lint fix

• Upgrade golangci-lint

• Npm lint fix

---

• Update Chart.yaml

• Update VERSION - Correct value (Update VERSION - Correct value OWASP/crAPI#305)

Align VERSION file with release info.

• Chatbot markdown (Chatbot markdown OWASP/crAPI#308)

• Bot support markdown in chat

• Model selection implemented (Model selection implemented OWASP/crAPI#309)

• Model selection implemented

• Refactor: moved default model env variable to correct files

• User context provided (User context provided OWASP/crAPI#310)

• Model selection implemented

• Refactor: moved default model env variable to correct files

• User context provided

• Create challenges.md

• Update challenges

• Update challenges

• lint

• Implemented vector index and MCP tool for semantic search (Implemented vector index and MCP tool for semantic search OWASP/crAPI#311)

• Implemented vector index for chat history context and MCP tool for semantic search & summarization

• Persisted storage of vectors using Chroma

• JWT auth added for MCP server's api calls (JWT auth added for MCP server's api calls OWASP/crAPI#314)

• JWT auth added for MCP server's api calls

• Uxrevamp (Uxrevamp OWASP/crAPI#316)

• Chroma fixes (Chroma fixes OWASP/crAPI#317)

• Fix mcpserver

• fix chatbot

• Fix async calls

• black

• Http client fix

• Fix async

• Fix async

• Upgrade chromadb

• Fixes

• Fix css of remaining components

• Interaction fix

• chat fix (chat fix OWASP/crAPI#318)

• chat fix

• prettier formatting

• LFI vuln (v1) (LFI vuln (v1) OWASP/crAPI#319)

• LFI vuln (v1)

• Change log level for API key retrieval success

• helm fixes (helm fixes OWASP/crAPI#320)

• helm fixes

• resolved comments

---

Description

Please include a summary of the change, motivation and context.

Testing

Please describe the tests that you ran to verify your changes. Please summarize what did you test and what needs to be tested e.g. deployed and tested the service locally.

Documentation

Make sure that you have documented corresponding changes in this repository.

Checklist:

• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Any dependent changes have been merged
• I have documented any changes if required in the docs.

[keygraph-production]

Keygraph Security Scan Results

Overall Status: pass

AI Security Analysis

Risk Level: HIGH
• Critical: Command Injection Vulnerability in the tj-actions/branch-names (CVE-2025-54416) demands urgent patching by the DevOps Team.
• Dependencies: Critical issues in golang.org/x/crypto indicating potential authorization bypasses require immediate dependency updates by the Software Engineers.
• Priority Actions:

• Patch Critical CVEs in 1 week: DevOps for CVE-2025-54416, and Security Team for CVE-2024-45337.
• Implement Secure Context for Kubernetes Pods (DevSecOps).
• Review and Fix Sensitive Data Exposure logged by the development team.
  • Trend: Stable yet concerning due to persistent medium vulnerabilities, emphasizing consistent monitoring and rapid action.
  • Timeline: Immediate action required for critical issues; medium vulnerabilities need addressing within the quarter.

Scan Results Overview

Scan Type	Status	Total Findings	Critical	High	Medium	Low
Static Analysis (SAST)	⚠️	60	0	0	60	0
Secret Detection	✅	0	0	0	0	0
Dependency Analysis (SCA)	❌	41	3	14	17	7
Dependency Changes	✅	0	-	-	-	-

Security Findings Summary

Total Issues: 101

By Severity

Severity	Count	Description
Critical	3	Immediate action required
High	14	Should be addressed before merge
Medium	77	Recommended to address
Low	7	Optional improvements

---

Security scan powered by Keygraph