Introduce managed secrets owned by GitOps that can be defined once and
pushed to any combination of projects/groups across connections. Values
are stored in OS keychain, secrets appear on targets as GITOPS_{key}.
- Set sync concurrency to 10 for faster parallel repo syncing
- Three-phase push: push refs, sync default_branch via API, then push with --prune
- Unprotect stale protected branches on target before pruning
- Handle group visibility 400 errors gracefully (skip visibility, sync description only)
- Add useGroupAvatarsForProjects option: projects without avatars inherit group avatar
- Upgrade @apiclient.xyz/gitlab to v2.3.0 (getProtectedBranches, unprotectBranch)
- Add Edit and Pause/Resume actions to connections table
- Add delete confirmation modal to secrets table
- Add 'paused' status to connections with full backend support
- Skip paused connections in health checks and secrets scanning
- Add global ActionLog service with filesystem persistence
- Instrument all mutation handlers (connections, secrets, pipelines) with action logging
- Add Action Log view with entity type filtering to dashboard
