Release v0.30.0

What's Changed

🚀 New Features

• restore breadth-first traversal mode
• restore the LoggerConfigurable interface
• restore NewPrefixKeyBuilderWithSeparator constructor
• restore DB and Redis stores and init the active store at startup

🔧 Maintenance

• bump version to v0.30.0

Full Changelog: v0.29.1...v0.30.0

Release v0.29.1

What's Changed

🐛 Bug Fixes

• align UserMenu JSON tag with field name

♻️ Refactoring

• read signature time through an injectable clock

✅ Testing

• prove the nonce outlives the full replay window end-to-end

🔧 Maintenance

• bump version to v0.29.1

Full Changelog: v0.29.0...v0.29.1

Release v0.29.0

What's Changed

🚀 New Features

• add TLS connection support and dialect-aware pool sizing
• enforce a stricter deploy-time contract
• add closing transitions for paused instances
• normalize node config at deploy and rework condition evaluation
• validate CC kinds at flow deploy time

🐛 Bug Fixes

• fully revert deadline on auto-pass cascade contention
• canonicalize MinIO PutObject return metadata
• fail closed on empty-tenant list and write scoping
• serialize membership mutations and identity-guard expiry removal
• retain signature nonce for the full timestamp window
• register zero-order middleware in the before group
• match SPA entries on path-segment boundaries
• stop logger printf format corruption
• count unique disk partitions
• bound multipart file descriptors and canonicalize metadata keys
• prevent LRU phantom resurrection and expiry double-decrement
• restore signature replay protection and harden challenge stores
• compare hashes in constant time and parse salt safely
• randomize CBC IV per encryption with decrypter interop
• pin consecutive-approver auto-pass logs to their task
• finish timed-out handle tasks with handle semantics
• degrade unresolvable timeout admin transfers to timeout-only
• run the urge tenant guard before task state checks
• restore the latest form snapshot on rollback keep
• drive read-confirm CC waiting from unread records, not the read-confirm flag
• make CC recipient and name resolution best-effort
• make role/department CC resolution best-effort
• cap form-data growth, not standing size, on task actions
• preserve add-assignee links across task transfer
• enforce the form-data size cap on approve/reject/transfer/rollback
• reactivate before/after add-assignee tasks on parallel nodes
• resolve role/department CC recipients via AssigneeService
• implement RollbackDataClear to wipe form data on rollback
• share the deadlock guard between node completion and remove-assignee simulation

♻️ Refactoring

• route role-membership checks through a shared helper
• drop unused WithDB constructor and lift client timeout
• extract shared container setup helpers
• streamline read-model queries, timeout scanner, and resource wiring
• consolidate engine dispatch, pass-rule, and command handling
• streamline table inspector
• thread dialect into query guard and propagate schema errors
• tighten outbox claim, reaper fan-out, and transport timeouts
• alias primary name to config and expose primary kind
• extract shared helpers and guard find-option setup
• extract shared closest-match helper and consolidate auth errors
• delegate row import to the shared tabular helper
• delegate row import to the shared tabular helper
• extract shared row-import pipeline
• simplify cache and transformer construction
• dedup query construction and harden dialect-aware sqlguard
• add Effective*() accessors and canonical primary-source name
• extract shared calendar anchor helpers
• remove unused constants
• guard task action dispatch exhaustiveness
• promote the default urge cooldown to a contract constant

✅ Testing

• simplify engine test setup
• cover transfer, reactivation, size-cap, and rollback gaps

📝 Documentation

• document Provider.Connect non-nil success postcondition
• refresh SupplyURLKeyMapper example for the proxy default
• point facade comments at the internal contract
• document ValidationRule fields
• document init-time i18n message freeze on error sentinels
• document the Effective*() config defaulting convention
• document the hardened approval contract and lifecycle paths
• document the approval deploy-time normalization contract

🔧 Maintenance

• bump version to v0.29.0
• drop the dead apv_flow_form_field table
• warn when go-installed lefthook is not on PATH
• add lefthook, commitlint and go-task hook/lint tooling

Other Changes

• perf(approval): batch timeout and pre-warning scans

Full Changelog: v0.28.0...v0.29.0

Release v0.28.0

What's Changed

🚀 New Features

• expose vef.ApprovalModule so the workflow feature can be enabled
• compute avg-completion and pending-binding-failure metrics, scope my-pending counts by tenant, and dedupe detail loaders
• add deterministic middleware ordering, W3C trace context, and public trace accessors
• re-export Ordered and NewBus and order behaviors outside-in
• integrate the Zen expression engine behind a swappable contract
• expose the containing struct via FieldLevel.Struct

🐛 Bug Fixes

• wait for MySQL readiness via its startup log instead of a SQL probe
• keep timing equalization when the dummy hash cannot be derived
• pin the delegator on update to block ownership reassignment
• match dangerous SQL functions on AST nodes to remove false positives and bypasses
• stop merging independent disk devices during dedup
• match SPA ExcludePaths on path-segment boundaries
• thread TenantID through GetPendingCounts for tenant scoping
• escape LIKE wildcards in CriteriaBuilder fuzzy methods
• derive password timing-equalization hash from the configured encoder
• enforce delegator ownership on delegation update and delete
• require authentication by default for the MCP endpoint
• reject data-modifying CTEs and side-effect functions in read-only guard
• bind the request method and path into the HMAC signature
• read the legacy ETag sidecar via a positive JSON-decode check
• report the token's real JWT expiration instead of a fixed 24h
• add context to ChallengeTokenStore, store principal name in a claim, drop dead challenge codes, and add scope tests
• equalize password-auth timing, fail closed on undeterminable IP, correct access/refresh TTLs, and plumb context
• start the HTTP server via an OnStart hook, drop dead CustomCtx members, and dedupe the shutdown timeout
• lock the instance before reassign, authorize publish before mutating, and test handler registration
• enforce tenant/owner isolation on category and delegation resources and bound free-text inputs
• propagate DB errors from node-operation authorization instead of masking them as denial
• return real status codes, propagate tree errors directly, harden processors, and add find-option coverage
• decouple audit from the response envelope, dedupe RPC dispatch, surface NotFound hints, and guard middleware nils
• route via CanHandle, return 401 on invalid bearer tokens, isolate the anonymous principal, and reuse the timeout sentinel
• write filesystem objects atomically, persist ContentType, and harden minio delete/copy
• prefix outward i18n keys and validation labels with crud_
• retire dead-lettered deletes terminally instead of re-parking and re-publishing
• warn on the in-memory default provider and correct the default URLKeyMapper docs
• prefix outward i18n keys with storage_ and guard InitUpload against a nil principal
• make redis_stream consumer names unique per process and report real retry attempts
• continue memory fan-out on enqueue error and close Subscribe-after-Stop race
• keep outbox records claimable when the DLQ forward fails
• re-export StatisticalDefault with its typed value
• error on Connection() within a tx, carry bunDB explicitly, unexport audit internals
• escape LIKE wildcards via a portable ESCAPE bind param and dedup criteria *Any builders
• emit ON CONFLICT ON CONSTRAINT, translate merge write errors, use HashSet in merge_when
• fix aliased-import model detection, dedup version formatting, add coverage
• make language switching concurrency-safe and follow it in validator messages
• emit WithAttrs fields, enable caller reporting, add atomic level control
• emit HSTS via request scheme and canonicalize SPA static prefix
• correct env-binding semantics and guard event backoff overflow
• recurse byte-slice conversion into arrays and clarify bearer token expiry
• correct disk device dedup, propagate collection failures, dedup default config
• support *[]string translation targets
• visit same-type sibling fields via path-scoped cycle detection
• make JSON/text datetime parsing consistent and centralize test helpers
• avoid panic on nil embedded pointers during dive and write native excel cell types
• correct LFU minFreq tracking, log redis backend errors, remove dead Store interface and unexport internals
• reject zero PKCS7 padding, decouple SM4 block size, drop dead cipher options, fix initialism naming
• honor SPAConfig.ExcludePaths in the SPA catch-all
• restrict the database_query tool to read-only statements
• resolve client IP via trusted proxies and enforce the signature IP whitelist
• guard RBAC checker against a nil permissions loader
• derive JWT signing key from config with a secure default and default the refresh TTL
• iterate struct fields in declaration order

♻️ Refactoring

• extract a shared event-invalidated cache decorator
• extract resource handler errors into coded api_errors sentinels
• extract outward errors into coded api_errors sentinels
• remove the unused breadth-first traversal mode
• make bootmodules.Core the single source of the module list shared by Run and the test harness
• dedupe participant lookups, map rollback not-found, guard the condition type assertion, and relocate validation sentinels
• surface FormData.Clone errors, split the events file by topic, and cover node-data, flow-definition, and identifier validation
• split shared error files, inline single-use message keys, test the tenant resolver, and dedupe the event-type list
• cache condition programs, simplify the state machine, and route no-assignee through the shared sentinel
• remove the unimplemented StorageTable mode and the dead FlowFormField model
• unify malformed-request handling to HTTP 400, drop dead param-resolution code, and remove the duplicate AuditEventParams
• split inbox sentinels, dedupe async error sink, drop dead ErrDuplicate, add cleanup tests
• route select table-source methods through the shared helpers
• share order/null-handling helpers between aggregate and window builders
• unify CreateTable rendering, add Stringer to DDL queries, quote tablespace once
• use stdlib cmp.Ordered in monad, fix Range.Intersection, delete dead sqlx
• remove dead exports and dead branches in mapx/search/tree/sortx/page
• collapse speculative DatabaseError and drop dead ValidateConfig extension point
• type-safe auto-increment detection incl. Postgres identity, drop single-impl Inspector interface
• remove unwired DB/Redis stores, fix overflow-on-reset, expose memory store for seeding
• make the engine a built-in boot module, drop the zen opt-in package
• wire the Zen backend via the internal module per framework convention
• move the Zen backend implementation into internal
• collapse zen result handling into a single wrap helper

✅ Testing

• assert get_pending_counts threads tenantId into the query
• assert CriteriaBuilder fuzzy methods escape LIKE wildcards
• cover the default-secure and explicit-anonymous auth branches
• wait for MySQL via a real SQL probe instead of a bare open port
• assert exact error status codes instead of a set
• harden test infra — port-based mysql wait, enabled-DB gating doc, dedupe request helpers, drop package docs
• cover proxy-middleware helpers, public-upload rejection, and idempotent completion
• cover delete-worker backoff, abort-failure, fan-out, and cron job wiring
• cover cancellation and predicate paths, fix stale doc, dedup fakes
• align tests with TESTING.md conventions

📝 Documentation

• document the CGO_ENABLED=1 requirement in the Chinese README
• document the CGO_ENABLED=1 build requirement
• document the bootmodules.Core single source and the opt-in vef.ApprovalModule
• correct CLI command list, command-package naming, and the public orm re-export note

🔧 Maintenance

• bump version to v0.28.0
• remove the dead GetMigrationSQL helper
• remove the dead, unwired taskpool package

Full Changelog: v0.27.0...v0.28.0

Release v0.27.0

What's Changed

🚀 New Features

• add Registry.TestConnection connectivity probe
• added multi-data source functionality

🐛 Bug Fixes

• bound TestConnection with a default probe timeout
• ping primary in OnStart so it honors the start timeout
• drain primary on partial start failure via a separate shutdown hook
• provide registry concrete binding
• bind default operator under the correct named-arg key
• restore multi-data-source compatibility

♻️ Refactoring

• clarify provider params variable
• clarify raw database naming
• merge registry module
• rename Spec.Cfg field to Config
• extract data source registry into its own package
• rename PrimarySQLDB to PrimaryRawDB
• simplify sql db local variable
• return *sql.DB and move bun ownership to orm
• rename DatabaseProvider to Provider and registry lookup
• remove redundant collections import alias
• pluralize data source config filename
• relocate data source registry from database to restore layering
• drop legacy vef.data_source fallback
• rework data source registry with atomic remove and async drain

✅ Testing

• align utility test assertions
• align API ORM and schema tests
• align approval test conventions
• align auth test conventions
• align storage test assertions
• align event transport tests
• align cache test assertions
• align CLI config and CQRS tests
• cover stream writer failures
• align CRUD find and import tests
• cover provider and probe tests
• cover event routing startup check
• cover module startup checks
• improve sqlguard assertion messages

📝 Documentation

• update datasource and test guidance
• update README and agent guides for the datasource package
• fix boot sequence guide

🔧 Maintenance

• bump version to v0.27.0
• upgrade go dependencies

Other Changes

• Merge remote-tracking branch 'origin/main'

Full Changelog: v0.26.0...v0.27.0

Release v0.26.0

What's Changed

♻️ Refactoring

• rename schema_resource files to drop redundant package prefix
• rename monitor_resource files to drop redundant package prefix
• rename storage_resource files to drop redundant package prefix
• rename Consume/Enqueue surface, prune dead code, harden lifecycle

🔧 Maintenance

• bump version to v0.26.0

Full Changelog: v0.25.1...v0.26.0

Release v0.25.1

What's Changed

♻️ Refactoring

• drop unused token-missing sentinels and compact error codes
• move module-specific errors out of result package
• i18n-ify user-facing error messages

🔧 Maintenance

• bump version to v0.25.1
• translate sql migration comments to english

Full Changelog: v0.25.0...v0.25.1

Release v0.25.0

What's Changed

🚀 New Features

• fail fast when binding listener route lacks a sink
• add RouteInspector.HasSubscribableTransport
• emit TaskCreatedEvent on all task-creation paths

🐛 Bug Fixes

• enforce EventTypePattern at bus Subscribe entry
• reject outbox routes whose sink is not a subscribable member
• propagate transport context to memory consumers
• harden event routing
• set stable consumer group on binding listener
• assert transactional route at boot for business events
• pre-pull testcontainers ryuk image

♻️ Refactoring

• extract Bus.Start rollback helpers
• share EventTypePattern between bus and redis_stream
• extract event type constants
• rename redis stream config file
• align comments and import aliases
• align comments and import aliases

🔄 CI/CD

• update codecov badge and config
• fetch release tags before changelog
• enforce cross-package coverage threshold

✅ Testing

• use english assertion messages

📝 Documentation

• document event route requirements and TaskCreatedEvent semantics
• record package comment convention

🔧 Maintenance

• bump version to v0.25.0

Full Changelog: v0.24.0...v0.25.0

Release v0.24.0

What's Changed

🚀 New Features

• make client construction opt-in via vef.redis.enabled
• expose RouteInspector for transactional-route assertions
• require WithGroup on at-least-once subscriptions and export ErrGroupRequired/ErrTxAsyncMutex
• mark outbox publish-only via Capabilities and ErrSubscribeUnsupported
• expose SupplyBusinessBindingHook and ProvideApprovalLifecycleHook
• ordered behavior, FlowCache invalidation, OccurredAt projection
• inherit ctx RequestID as envelope CorrelationID when publishing
• rewrite event system as pluggable multi-transport platform
• add list_parts action and resumable-upload guard helper

🐛 Bug Fixes

• keep sweeper object checks outside tx
• replace deprecated last run call
• harden upload lifecycle
• adapt atlas v1.2 inspection
• make inbox processing lease configurable
• adapt mapped port conversion
• harden event delivery state handling
• SubscribeTyped checks declared type before EventType call
• subscription stop sync.Once and consumer ctx-cancel exit
• close Enqueue/shutdown race with mutex coverage
• thread Caller into StartInstance + every task command
• fail-closed CallerContext + reflect-based tenant resolver
• close cross-tenant IDOR, SQL injection, audit and permission gaps
• close CompleteUpload race, sweeper TOCTOU, content-type XSS, and resume size bypass
• make pending_delete enqueue idempotent on (object_key, reason)

♻️ Refactoring

• rename PermToken to RequiredPermission
• rename UserInfo.PermTokens to PermissionTokens
• use Tx casing for transaction helpers
• split inbox processing-lease assertion for easier diagnosis
• standardize redis_stream identifier across config, logs, and docs
• publish domain events through transactional outbox
• pluggable MetricsRecorder and tracing strict/trusted modes
• atomic lifecycle, fresh-slice routing, sync.Once unsubs, errors.Join Stop, single chain build
• remove data_dict prompt
• rename data_dict to dictionary across mold packages
• boot self-check matches collector type, not Order value
• collapse resolveOperator+resolveCaller into resolveActor
• boot-time collector self-check + unify EffectiveTenantID filter
• collapse event + action_log collectors into generic Collector[T]
• sink Caller.Authorize into InstanceService.LoadForUpdate
• drop requireTenantScope, derive tenant filter from CallerContext
• expose ValidateBusinessIdentifier in approval package
• trim resource wrappers and public helper indirection
• collapse engine transition + publish helpers
• consolidate state machine writes and lifecycle hook coverage
• centralize instance ForUpdate loading via InstanceService (B2)
• persist action logs via ctx-bound ActionLogCollector (B3)
• publish domain events via ctx-bound EventCollector (B4)
• comprehensive engine, binding, lifecycle, tenancy and metrics overhaul
• migrate remaining publish sites to framework event Bus
• migrate to framework event Bus and remove self-built dispatcher
• thread principal through Files lifecycle and reclassify anonymous ConsumeMany as access-denied
• tighten module surface and enforce ConsumeMany ownership

✅ Testing

• unit tests for public API and bus internals
• adapt fixtures to fail-closed Caller and new helpers
• cover tenancy, business identifier validation, lifecycle hooks, occurred-at
• make deadline assertions timezone-agnostic

📝 Documentation

• remove trailing whitespace from agent guides
• document Tx transaction helper casing
• shorten SQL comments
• document publish-only outbox, WithGroup requirement, tracing strict, sqlmigration in CLAUDE.md

🔧 Maintenance

• bump version to v0.24.0
• update dependencies
• address pending modernize and lint findings repo-wide
• extract sqlmigration helper and logx.Discard, adopt across migrations and event subcomponents

Other Changes

• style: apply golangci-lint whitespace fixes
• style(approval): align bus field across handlers and gofmt nits

Full Changelog: v0.23.2...v0.24.0

Release v0.23.2

What's Changed

🐛 Bug Fixes

• derive assembled object size from parts table so complete_upload happy path no longer reports false size mismatch
• widen migration varchar(32) columns to varchar(128) to fit uuid ids

♻️ Refactoring

• tune migration indexes and rewrite comments in english

🔧 Maintenance

• bump version to v0.23.2

Full Changelog: v0.23.1...v0.23.2