Daily Builder— Research, Roadmap and Plan

[github-actions[bot]]

Repository Overview

KSail is a Kubernetes SDK that bundles common tooling into a single binary. It supports four distributions (Vanilla/Kind, K3s/K3d, Talos, VCluster) across three infrastructure providers (Docker, Hetzner, Omni), with embedded CLI, AI chat TUI, MCP server, and VSCode extension.

As of March 5, 2026, the repository state:

• 📊 Open Issues: 7 (1 critical CI bug, 2 feature requests with PRs, 2 chores, 2 roadmap items)
• 📋 Open PRs: 3 (2 feature PRs awaiting review, 1 old CI PR needing rebase)
• ✅ Recent wins: Chat TUI tests added (test: add unit test coverage for pkg/cli/ui/chat/ TUI components #2790), build metadata ldflags fixed ([docs] docs: update ldflags notes to reflect release build metadata injection #2805), VCluster transient error patterns extended (feat: extend VCluster transient error retry coverage and add base image pre-pull #2761), docs updated for Omni/CloudProviderKIND (docs: document Omni provider setup and Cloud Provider KIND LoadBalancer configuration #2791)
• 🚀 Velocity: ~20+ PRs merged in last 7 days; agentic workflows active and healthy

---

🔴 High-Priority Bugs

1. Docs npm Audit Vulnerabilities — 1 High, 7 Moderate (#2809)

Source: Issue #2809 (CI Doctor analysis, triggered by dependabot svgo bump)
Impact: ❌ The 🔍 Audit Docs Dependencies CI job fails on every push; 1 high-severity DOMPurify XSS vulnerability + 7 moderate lodash-es prototype pollution issues in docs/ transitive deps
Root cause:

• dompurify <=3.2.3 — fix via npm audit fix (non-breaking)
• lodash-es 4.0.0–4.17.22 via mermaid → @mermaid-js/parser → langium → chevrotain → lodash-es — fix via npm audit fix --force (updates mermaid to 11.12.3) or pin mermaid: "^11.12.3" in docs/package.json
  Action: Run npm audit fix && npm audit fix --force in docs/, or pin mermaid to >=11.12.3 in docs/package.json, then commit updated lockfile
  Effort: Small (30 min)
  Files: docs/package.json, docs/package-lock.json

---

🚀 High-Impact Roadmap Features

2. Review and Merge PR #2804 — ksail cluster switch Command

Source: Issue #2802 → PR #2804 (Copilot agent, awaiting review)
Impact: Closes a gap compared to competitors like ctlptl; weekly research identified this as top "Next" priority
Status: PR is ready (not draft), awaiting human review. Adds pkg/cli/cmd/cluster/switch.go with tab-completion, kubeconfig path resolution, and tests. 7 files changed, 379 additions.
Action: Review and merge #2804 after ensuring CI passes

3. Review and Merge PR #2803 — ksail workload watch Command

Source: Issue #2801 → PR #2803 (Copilot agent, awaiting review)
Impact: Closes the inner-loop dev gap vs. Tilt/Skaffold; weekly research identified this as the top missing feature
Status: PR is ready (not draft), awaiting human review. Adds pkg/cli/cmd/workload/watch.go with fsnotify-based watcher, coalescing channel, debounce, graceful Ctrl+C. 12 files changed, 650 additions.
Action: Review and merge #2803 after ensuring CI passes

4. Documentation Guide: Using KSail with Tilt, Skaffold, and mirrord (#2811)

Source: Issue #2811 (from Weekly Research Roadmap March 4, 2026)
Impact: Developer experience — explains how KSail complements (rather than replaces) existing inner-loop tools. High discoverability value for new users coming from Tilt/Skaffold ecosystems.
Action: Author docs/src/content/docs/companion-tools.mdx (or similar) with side-by-side usage examples
Effort: Medium (2-3 hours)

5. Talos × Omni CI System Test Coverage (#2810 / PR #2547)

Source: Issue #2810, PR #2547 (Copilot agent, open since Feb 25)
Impact: Validates Omni provider with real CI; PR #2547 exists but needs rebase onto current main (base is now >7 commits behind)
Status: PR #2547 adds Talos × Omni matrix entries to ci.yaml and configures ksail-system-test/action.yaml. Requires OMNI_SERVICE_ACCOUNT_KEY and OMNI_ENDPOINT secrets in the repo. Whether these secrets are configured is unknown.
Action: Rebase PR #2547, confirm secrets exist, then review and merge
Effort: Small (rebase + confirm secrets)

---

🔧 Backlog Improvements

6. Add Installer Package Tests — cloudproviderkind, cilium, calico

Rationale: MetalLB installer tests were added (PR #2673, 6.6% → 23.0% coverage). Same pattern applies to other installers. cloudproviderkind is particularly useful since it was recently implemented for Vanilla × Docker LoadBalancer support.
Effort: Medium (2-4 hours per package)
Pattern: Use export_test.go, fake.NewSimpleDynamicClientWithCustomListKinds(), helm.NewMockInterface(t), t.Parallel(), require.NoError/Error

7. VCluster vend: Update SDK to New Stable Release (#2245)

Status: Pinned to v0.32.1 stable in go.mod. Monitor for v0.33.x/v0.34.x releases.
Action: Check loft-sh/vcluster releases; upgrade when new stable available
Effort: Small when released

8. Evaluate and Close Stale Tracking Issues

• Issue [agentics] Failed runs #2560 [agentics] Failed runs — expires March 5, 2026. Close if no active sub-issues remain.
• Issue [agentics] Failed runs #2376 [agentics] Failed runs — expired Feb 26, 2026. Should be closed.

---

🗑️ Stale/Closeable Items

9. Upstream Chores (Long-Running)

• chore: evaluate filing upstream issue for VCluster D-Bus race condition #2261 chore: evaluate filing upstream issue for VCluster D-Bus race — Low urgency; workaround via tryDBusRecovery is in place. No code change needed.
• chore: remove loft-sh/log fork when upstream updates tablewriter to v1.x #2246 chore: remove loft-sh/log fork when upstream updates tablewriter to v1.x — Blocked on external upstream PR to loft-sh/log. Monitor only.

---

Priority Order for Implementation

Priority	Item	Effort	Impact
1	Fix docs npm audit vulnerabilities (#2809)	Small	High (unblocks CI)
2	Review/merge ksail cluster switch PR #2804	Trivial	High (feature completeness)
3	Review/merge ksail workload watch PR #2803	Trivial	High (inner-loop dev gap)
4	Write companion tool guide docs (#2811)	Medium	Medium (discoverability)
5	Rebase + merge Talos × Omni CI PR #2547	Small	Medium (CI coverage)
6	Add installer package tests (cloudproviderkind, etc.)	Medium	Medium (code quality)
7	Monitor VCluster SDK updates (#2245)	Trivial	Low (future)
8	Close stale tracking issues (#2560, #2376)	Trivial	Low

---

How to Control this Workflow

You can add comments to this discussion to provide feedback or adjust the plan. Available commands:

gh aw disable daily-builder --repo devantler-tech/ksail
gh aw enable daily-builder --repo devantler-tech/ksail
gh aw run daily-builder --repo devantler-tech/ksail --repeat (number-of-repeats)
gh aw logs daily-builder --repo devantler-tech/ksail

---

What Happens Next

The next time this workflow runs, it will begin implementing items from this plan based on priority:

1. High-priority bug → Fix npm audit vulnerabilities in docs/ (CI DoctorCI Failure: Docs npm audit vulnerabilities (dompurify/lodash-es/mermaid) #2809)
2. High-impact features → Write companion tool guide ([chore]: add "Using KSail with Tilt, Skaffold, and mirrord" companion tool guide #2811), rebase/assist with Talos × Omni CI (ci: add Talos × Omni cases to system tests #2547)
3. Backlog → Add installer package tests for cloudproviderkind and others
4. Stale cleanup → Close expired tracking issues

If running in "repeat" mode, the workflow will automatically run again to continue working on items. Humans can review this research and add comments to adjust priorities before the workflow continues.

AI generated by Daily Builder · history

• expires on Mar 12, 2026, 10:36 AM UTC

[github-actions[bot]]

Worked on #2832 — enhanced ksail cluster update diff display. PR created with before/after old → new values, 🟢/🟡/🔴 emoji icons, and a new --yes / -y flag as alias for --force.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

Session unit tests PR created. Added 40 unit tests for pkg/cli/ui/chat/session.go (0% → ~85%+ coverage), covering GetDisplayName, validateSessionID, isValidSessionIDChar, GenerateSessionName, FormatRelativeTime, SaveSession/LoadSession round-trips, deleteLocalSession, and deleteOrphanedLocalSessions — all with zero production code changes.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

Added 14 unit tests covering the three previously untested methods in pkg/svc/provisioner/cluster/kind/update.go — Update(), DiffConfig(), and GetCurrentConfig(). PR created for branch daily-builder/kind-update-tests. Tests verify nil-spec handling, mirrorsDir change detection (RecreateRequired), no-change scenarios, and the factory function's graceful handling of Docker availability.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

Worked on issue #2899 (VCluster + ArgoCD CI timeout). Root cause: GetInstallTimeout returned the 5 min default for VCluster, giving ArgoCD a 10 min Helm timeout and a 15 min context deadline — exactly matching the observed CI failure. Fix: added VClusterInstallTimeout = 8 min base constant, raised ArgoCDInstallTimeout from 10 → 20 min, and wired the new VCluster case into GetInstallTimeout. Draft PR created with 4 new tests covering the changed behaviour.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

Worked on issue #2958 — Ephemeral cluster TTL. Implemented the --ttl flag for ksail cluster create, TTL persistence in ~/.ksail/clusters/(name)/ttl.json, TTL display in ksail cluster list, and state cleanup on ksail cluster delete. PR created: daily-builder/cluster-ttl.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

Goal worked on: Added unit tests for the untested debounce/coalescing logic in pkg/cli/cmd/workload/watch.go (cancelPendingDebounce, scheduleApply, enqueueIfCurrent, tryAddDirectory — 14 new tests covering generation counters, nil-timer safety, stale-entry coalescing, and directory watching). Draft PR created with these changes.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

Run 7: Added unit tests for componentReconciler in pkg/cli/cmd/cluster/reconcile.go — a file with 0% coverage. 14 tests cover handlerForField registration, per-component nil-factory and disabled no-op paths, and reconcileComponents empty/unknown/failure scenarios. Also added SetPolicyEngineInstallerFactoryForTests DI helper and reconcile exports in export_test.go. Draft PR created: daily-builder/reconcile-tests.

Generated by Daily Builder · ◷

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• proxy.golang.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "proxy.golang.org"

See Network Configuration for more information.

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-12T10:36:49.668Z.

Closed by Workflow