This release focuses on making ayaFlow easier to build, easier to validate, and more useful in real deployments. The biggest changes are a host-safe development workflow for non-Linux contributors, richer history querying, clearer runtime observability, and a fix for deep-inspection domain enrichment.
Highlights
Added a host-safe userspace workflow for macOS/Linux development without requiring eBPF runtime support.
Split Linux-only runtime loading from the rest of the userspace crate for cleaner cross-platform builds.
Expanded /api/history with filtering, pagination metadata, and explicit row_type support for raw vs aggregated records.
Added runtime configuration details to /api/health and /api/stats.
Fixed deep-inspection domain enrichment so DNS-derived domains are now persisted into history rows correctly.
Improved SQLite schema handling with migration support for new history fields.
Added CI for formatting, clippy, host-safe tests, and Linux build validation.
Refreshed docs for local, Docker, and Kubernetes workflows.
Added dedicated ARCHITECTURE.md and PERFORMANCE.md documentation.
API improvements
/api/history now supports:limit, offset
start_time, end_time
protocol
ip, src_ip, dst_ip
port, src_port, dst_port
direction
domain
row_type=raw|aggregated
History responses now include pagination metadata such as total, returned, and has_more.
API allowlist failures now return structured JSON errors.
Storage and enrichment
Added row_type and packet_count to stored history records.
Aggregated history rows are now clearly distinguishable from raw packet rows.
Domain enrichment from deep inspection is now correctly correlated back into stored history events.
Aggregated buckets now retain discovered domain values.
Developer experience
Added cargo xtask check-host
Added cargo xtask build-user
Linux-only commands now fail early with clearer guidance on unsupported hosts.
Host-safe testing now works cleanly on non-Linux machines.