Automated release from CI pipeline

Changes:
feat(homecore-ui iter 6): Settings probe-before-persist token validation

CRUD increment 6/6 — closes the sprint. Bearer-token editor now
probes /api/config with the new value BEFORE writing it to
localStorage, so a typo'd or revoked token can't lock the UI out
of the backend.

Three actions:

• Test token probe /api/config, no localStorage write
• Probe & Save probe; write only on 2xx
• Clear remove from localStorage

Inline probe result with sigils:
✓ token accepted (40 ms) — server v0.1.0-alpha.0
✗ HTTP 401: unauthorized
⋯ probing /api/config...

currently stored: line shows masked + length: dev-...ken (9 chars)
so the operator can see what's persisted without exposing the secret.

Empty input → red border + disabled Test/Save buttons. Bad probes
do NOT persist (this is the whole point — never write a token that
the backend rejects).

frontend/src/pages/Settings.ts — full rewrite (~190 LOC, +110 vs
previous version). No new dependencies.

Browser-verified end-to-end:

• Backend section: Home / 0.1.0-alpha.0 / RUNNING / components OK
• Test token: probe ✓, 40 ms, version reported
• Empty input: buttons disabled + red border
• Probe & Save: persists to localStorage, toast shown,
  currently stored: updates to masked new token
• Clear: localStorage null, currently stored: (empty)
• 0 unexpected console errors

Note: a clean reload lands on Dashboard (the SPA router has no
URL-encoded view yet). The token persistence itself survives reload
correctly; route persistence is a small follow-up if you want
direct URLs like /?view=settings.

CRUD sprint summary (6/6 runtime-validated):
iter 1 Add Entity e7215a1
iter 2 Edit Entity 89190b6
iter 3 Delete + DELETE route c0bb6f4
iter 4 Live validation polish 3f5a741
iter 5 Call Service 99c78f5
iter 6 Settings probe-before-persist (this)

Co-Authored-By: claude-flow ruv@ruv.net

Docker Image:
ghcr.io/Spencerx/RuView:224689a5bcce61b87ce9f670649569bc2e023f00

Automated release from CI pipeline

Changes:
cog-ha-matter (ADR-116): P4 ✅ — mDNS wired into main, broker deferred

Two landings that flip P4 to shipped:

1. main.rs now actually registers the mDNS responder. New CLI:
   --mdns-hostname (default: cog-ha-matter.local.)
   --mdns-ipv4 (default: 127.0.0.1)
   --no-mdns (skip for restrictive CI / multi-instance)

   Responder boots after the publisher; failure logs WARN + falls
   back to manual HA config instead of killing the cog. The
   handle's Drop sends the mDNS goodbye packet on shutdown so HA's
   discovery sees a clean service-leave (no stale device card).

2. Embedded rumqttd broker DEFERRED to v0.7 per dossier §8 ranking.

   The dossier's prioritised v1 scope is:

   1. --privacy-mode audit-only
   2. cog manifest + Ed25519 signing + store listing
   3. local SONA fine-tuning loop
   4. HACS gold-tier integration
   5. Matter Bridge (v0.8)

   Embedded broker is not in that list. Every HA install already
   has mosquitto or HA Core's built-in broker — adding ~2 MB of
   binary + ACL config surface for marginal benefit didn't earn a
   v1 slot. Documented as row 6 of §4 v1 scope table with explicit
   v0.7 target.

P4 row updated to ✅: mDNS half complete (record-builder +
ServiceInfo + live responder + main.rs wiring), witness half
complete (chain + JSONL + file + Ed25519), embedded broker
explicitly deferred with rationale citation to dossier §8.

Stop-condition check:

• dossier has "Recommended scope" section ✅ (§8, folded into
  ADR §4)
• P2 (cog scaffold) ✅
• P3 (MQTT publisher wrap) ✅
• P4 (Seed-native enhancements) ✅

Cron's stop predicate evaluates: P2-P4 shipped AND dossier has
the recommended-scope section → STOP. The loop should TaskStop
itself after this iter unless the user wants P5 (RuVector
thresholds), P8 (cog signing), or P9 (HACS repo) to keep going.

64/64 tests green.

Co-Authored-By: claude-flow ruv@ruv.net

Docker Image:
ghcr.io/Spencerx/RuView:d4f0e120738703bf58ba666fc56447feea85425a

Automated release from CI pipeline

Changes:
docs(readme): add 'What's new (2026年05月23日)' callout for ADR-110 + ADR-115

Iter 50 — both ADRs merged today (PR ruvnet#764 + PR ruvnet#778). README's
beta-software warning block was the natural location for a release
callout above the main pitch; users hitting the README see today's
shipped work first.

Two-bullet block:

• ADR-110 ESP32-C6 firmware substrate at v0.7.0-esp32 with the
  headline measured numbers (99.56 % match / 104 μs stdev / 3.95x
  EMA suppression) and the host-side surface (decoders + REST +
  Prometheus + WebSocket).
• ADR-115 HA+Matter integration with the entity-count / blueprint
  / Lovelace count and the privacy-mode architectural win.

Both link to their ADRs + PRs so reviewers can follow back.

Co-Authored-By: claude-flow ruv@ruv.net

Docker Image:
ghcr.io/Spencerx/RuView:62af91beb1d9601ad9193ff20f68a25b12298e97

Automated release from CI pipeline

Changes:
fix(security): audit — fix RUSTSEC vulns, clippy warnings, dead code (ruvnet#769)

• Upgrade openssl to 0.10.78 (CVE-2026-41676), jsonwebtoken to 9.4
• Suppress unmaintained-only/no-CVE advisories in .cargo/audit.toml
  with per-entry rationale
• Fix all cargo clippy --all-targets -- -D warnings errors across
  35 crates: derivable_impls, needless_range_loop, map_or→is_some_and/
  is_none_or, await_holding_lock (drop MutexGuard before .await),
  ptr_arg (&mut Vec→&mut [T]), useless_conversion, approximate_constant
  (2.718→E, 3.14→PI), field_reassign_with_default, manual_inspect,
  useless_vec, lines_filter_map_ok, print_literal, dead_code
• Apply cargo fmt --all
• Pre-existing test failure in wifi-densepose-signal
  (test_estimate_occupancy_noise_only) is not introduced by this PR

Docker Image:
ghcr.io/Spencerx/RuView:004a63e82dea170ad303939d7cf6e7fc3fb3a146

Automated release from CI pipeline

Changes:
Merge pull request ruvnet#554 from ruvnet/feat/midstream-introspection

feat(introspection): ADR-099 midstream tap + /ws/introspection + /api/v1/introspection/snapshot

Docker Image:
ghcr.io/Spencerx/RuView:457f71370211e2b95e8a02ca06b065eedbbb21d6