ambient-code · jwm4 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
diff --git a/workflows/cve-fixer/component-repository-mappings.json b/workflows/cve-fixer/component-repository-mappings.json
@@ -23,11 +23,11 @@
             "v2.28.0-fixes",
             "v2.27.0-fixes"
           ],
-          "branch_strategy": "Fix in main \u2192 auto-propagates to stable \u2192 rhoai (every 2 hours). Manual cherry-pick to release branches during code freeze.",
+          "branch_strategy": "Fix in main → auto-propagates to stable → rhoai (every 2 hours). Manual cherry-pick to release branches during code freeze.",
           "cve_fix_workflow": {
             "primary_target": "main",
             "backport_targets": "Active vX.X.X-fixes branches for released versions",
-            "automation": "Auto-sync every 2 hours (main \u2192 stable \u2192 rhoai)",
+            "automation": "Auto-sync every 2 hours (main → stable → rhoai)",
             "manual_intervention": "Cherry-pick during code freeze or for patch releases"
           },
           "repository_type": "monorepo",
@@ -49,38 +49,37 @@
         "opendatahub-io/models-as-a-service": {
           "github_url": "https://github.com/opendatahub-io/models-as-a-service",
           "default_branch": "main",
-          "protected_branches": [],
-          "active_release_branches": [],
-          "branch_strategy": "TBD - needs investigation",
+          "active_release_branches": [
+            "stable",
+            "rhoai",
+            "v0.1.x"
+          ],
+          "branch_strategy": "Fix in main. stable and rhoai are release snapshots — backport manually as needed. v0.1.x is a separate release branch with independent commits.",
+          "repo_type": "upstream",
+          "subcomponent": "maas-api",
           "cve_fix_workflow": {
             "primary_target": "main",
-            "backport_targets": "TBD",
-            "automation": "Unknown",
-            "manual_intervention": "Unknown"
+            "backport_targets": "stable, rhoai, v0.1.x (manual cherry-pick)"
           },
-          "build_location": "maas-api/",
-          "notes": "Upstream repository. Contains maas-api Go application. Builds using Dockerfile.konflux for Red Hat builds.",
-          "repo_type": "upstream",
-          "subcomponent": "maas-api"
+          "build_location": "maas-api/"
         },
         "red-hat-data-services/models-as-a-service": {
           "github_url": "https://github.com/red-hat-data-services/models-as-a-service",
-          "default_branch": "rhoai-3.0",
-          "protected_branches": [],
+          "default_branch": "main",
           "active_release_branches": [
-            "rhoai-3.0"
+            "rhoai-3.3",
+            "rhoai-3.4",
+            "rhoai-3.4-ea.1",
+            "rhoai-3.4-ea.2"
           ],
-          "branch_strategy": "TBD - needs investigation",
+          "branch_strategy": "Fork of upstream. RHOAI release branches follow pattern rhoai-X.Y.",
+          "repo_type": "downstream",
+          "subcomponent": "maas-api",
           "cve_fix_workflow": {
-            "primary_target": "rhoai-3.0",
-            "backport_targets": "rhoai-3.0",
-            "automation": "Manual backport from upstream",
-            "manual_intervention": "Cherry-pick or re-apply fixes from upstream repo"
+            "primary_target": "main",
+            "backport_targets": "rhoai-3.3, rhoai-3.4, rhoai-3.4-ea.1, rhoai-3.4-ea.2"
           },
-          "build_location": "maas-api/",
-          "notes": "Downstream Red Hat release repository for maas-api. Fixes from upstream should be backported to rhoai-3.0 branch.",
-          "repo_type": "downstream",
-          "subcomponent": "maas-api"
+          "build_location": "maas-api/"
         }
       }
     },
@@ -441,7 +440,7 @@
             "rhoai-3.0",
             "rhoai-3.2"
           ],
-          "branch_strategy": "Fork of upstream (now archived). Downstream only \u2014 upstream code migrated into llm-d-inference-scheduler. No branches beyond rhoai-3.2.",
+          "branch_strategy": "Fork of upstream (now archived). Downstream only — upstream code migrated into llm-d-inference-scheduler. No branches beyond rhoai-3.2.",
           "repo_type": "downstream",
           "notes": "Upstream llm-d/llm-d-routing-sidecar is archived; code moved to llm-d-inference-scheduler (cmd/pd_sidecar). This downstream repo may be phased out in future releases.",
           "cve_fix_workflow": {
@@ -878,9 +877,9 @@
           "github_url": "https://github.com/IBM/ai4rag",
           "default_branch": "main",
           "active_release_branches": [],
-          "branch_strategy": "Python package upstream. CVEs in ai4rag manifest as container CVEs in pipelines-components \u2014 fix by updating ai4rag version there.",
+          "branch_strategy": "Python package upstream. CVEs in ai4rag manifest as container CVEs in pipelines-components — fix by updating ai4rag version there.",
           "repo_type": "upstream",
-          "notes": "No containerization \u2014 distributed as a Python package. No ODH/RHDS forks exist. Excluded from automation; track upstream releases and update dependency version in pipelines-components.",
+          "notes": "No containerization — distributed as a Python package. No ODH/RHDS forks exist. Excluded from automation; track upstream releases and update dependency version in pipelines-components.",
           "cve_fix_workflow": {
             "primary_target": "main",
             "backport_targets": "N/A",