Edge

Rolling prerelease from e6921157cc6832d51a6caadb8edeac4288be1d0f.

v0.6.2

Maintenance-safety release. Full notes: docs/releases/v0.6.2.md.

Highlights

• New omnigraph repair — previews uncovered manifest/head drift (per-table classification, versions, Lance ops); --confirm publishes verified maintenance-only drift, --force --confirm for suspicious drift after review.
• optimize refuses to compact over drift — tables with Lance HEAD ahead of __manifest without a recovery sidecar report skipped: DriftNeedsRepair until repair classifies them.
• optimize publishes compaction through the manifest — covered by a recovery sidecar, so a crash between compaction and manifest publish converges instead of leaving hidden drift.
• Recovery roll-back converges the manifest — manifest-visible version realigns after a table restore.
• Legacy __run__ branch sweep — one-time v2→v3 manifest migration on first read-write open deletes stale __run__* staging branches (pre-v0.4.0 graphs); they no longer pollute branch list or block schema apply.
• Pretty-printed JSON load input — load accepts multi-line JSON objects, not just one-per-line JSONL.

Notes

• No manual migration; existing graphs open directly. The v2→v3 sweep is automatic, idempotent, and write-path-only (read-only deployments migrate on their next read-write open).
• repair requires a clean recovery state — reopen the graph first, then repair if drift remains.

Install

brew install ModernRelay/tap/omnigraph     # Homebrew (macOS arm64 / Linux x86_64)
cargo install --locked omnigraph-cli       # Cargo

Pre-built binaries (Linux / macOS / Windows) in the assets below.

v0.6.1

Operational polish after v0.6.0. Full notes: docs/releases/v0.6.1.md.

Highlights

• Stored-query registries — declare curated queries: per graph in omnigraph.yaml; type-checked at startup, listed via omnigraph queries list / GET /queries, invoked via POST /queries/{name} without accepting ad-hoc .gq from clients.
• Stored-query policy gate — new Cedar action invoke_query; stored mutations are double-gated (invoke_query + change).
• Safer branch deletion — manifest is the single authority, visibility flips atomically; interrupted reclaims are reconciled by cleanup, and reusing the name early reports an actionable error.
• Blob-safe optimize — tables with Blob properties are skipped (visible as skipped in output/JSON/logs) instead of failing the sweep on Lance's blob-v2 compaction bug; other tables compact normally.
• Windows support — releases now ship Windows x86_64 archives (omnigraph.exe, omnigraph-server.exe) with a PowerShell installer.
• Container entrypoint — OMNIGRAPH_TARGET_URI composes with OMNIGRAPH_CONFIG, so the graph URI can live in env while policy/query config is mounted.

Notes

• Named graphs (--target / server.graph) read graphs.<name>.policy / .queries; top-level policy: / queries: blocks are for bare-URI single-graph mode only and now fail loudly with a named graph.
• Blob tables aren't compacted until the upstream Lance fix lands; reads/writes/queries are unaffected.
• The original notes listed the legacy __run__ cleanup (MR-770) here — it actually shipped in v0.6.2.

Install

brew install ModernRelay/tap/omnigraph     # Homebrew (macOS arm64 / Linux x86_64)
cargo install --locked omnigraph-cli       # Cargo

Pre-built binaries (Linux / macOS / Windows) in the assets below.

v0.6.0

Graph terminology, multi-graph server mode, and canonical query/mutate endpoints. This release renames the Repo concept to Graph across the Cedar resource model, policy API, and query-lint schema source; lets one omnigraph-server process serve up to 10 graphs behind cluster routes with per-graph and server-level policy; and promotes POST /query / POST /mutate (and the CLI's -e/--query-string) as the canonical inline surfaces, with /read and /change kept as deprecated aliases.

Full notes: docs/releases/v0.6.0.md.

Install

• Homebrew (macOS arm64 / Linux x86_64):

  brew install ModernRelay/tap/omnigraph
  

• Cargo (all five workspace crates on crates.io):

  cargo install --locked omnigraph-cli
  

• Pre-built binaries: see assets below (omnigraph-linux-x86_64.tar.gz, omnigraph-macos-arm64.tar.gz).

Highlights

• Multi-graph server mode — one process serves 1–10 graphs concurrently under /graphs/{graph_id}/..., each with its own Cedar policy. Start it with a non-empty graphs: map in omnigraph.yaml and no single-mode selector. Read-only GET /graphs enumerates the registry; omnigraph graphs list mirrors it on the CLI.
• Graph terminology rename — Omnigraph::Repo → Omnigraph::Graph in the Cedar resource model, repo_id → graph_id in the policy API, and "repo" → "graph" in the query-lint schema_source.kind. Operator group/action YAML is unaffected (entities are generated); only hand-rolled raw Cedar files need updating.
• Canonical POST /query + POST /mutate — inline query/mutation endpoints with a clean { query, name, params, branch, snapshot } body. /query rejects mutations with a typed 400. /read and /change continue indefinitely as deprecated aliases carrying RFC 9745 Deprecation: true and RFC 8288 successor Link headers.
• Inline source on the CLI — omnigraph query / omnigraph mutate with -e/--query-string run ad-hoc .gq without a temp file; top-level omnigraph lint (alias check) replaces the nested omnigraph query lint. Legacy spellings warn once to stderr.
• Per-graph + server-level Cedar policy — graphs.<id>.policy.file governs each graph; server.policy.file governs the server-scoped graph_list action. Loaders reject a mismatched action-in-wrong-file at startup.
• Strict init — omnigraph init against an already-initialized URI now errors with AlreadyInitialized instead of silently overwriting; omnigraph init --force opts back in (it does not purge existing Lance datasets).

Behavior changes worth knowing

• No on-disk migration — existing v0.5.0 (and earlier) .omni graphs open directly. All formats unchanged.
• Multi-graph deployments lose flat routes — bare /query, /snapshot, … return 404 in multi mode; everything moves under /graphs/{graph_id}/.... SDK clients generated against a single-mode spec must regenerate. Single-graph invocation is unchanged.
• Open servers require an explicit opt-in — a server with no bearer tokens and no policy refuses to start unless passed --unauthenticated / OMNIGRAPH_UNAUTHENTICATED=1. Tokens-without-policy default-deny every non-read action, and GET /graphs requires server.policy.file in every runtime state.
• Programmatic embedders — ServerConfig gains a mode, AppState exposes routing(), AuthenticatedActor becomes ResolvedActor, PolicyEngine::load splits into load_graph / load_server, and PolicyRequest::actor_id moves to a separate authorize(actor_id, &request) parameter. The HTTP/bearer contract is unchanged.
• ChangeRequest field rename — query_source → query, query_name → name; the legacy keys keep deserializing via serde aliases, so existing clients are unaffected.

Upgrade notes, the single → multi migration, and the full breaking-change detail are in docs/releases/v0.6.0.md.

v0.5.0

Lance 6 substrate, Cedar policy engine, schema-lint v1. This release jumps the storage substrate from Lance 4 to Lance 6.0.1 (DataFusion 53, Arrow 58), wires engine-wide Cedar policy enforcement into every authoring path, and ships a structured schema-lint v1 chassis with code-tagged diagnostics and explicit destructive-drop opt-in.

Full notes: docs/releases/v0.5.0.md.

Install

• Homebrew (macOS arm64 / Linux x86_64):

  brew install ModernRelay/tap/omnigraph
  

• Cargo (all five workspace crates on crates.io):

  cargo install --locked omnigraph-cli
  

• Pre-built binaries: see assets below (omnigraph-linux-x86_64.tar.gz, omnigraph-macos-arm64.tar.gz).

Highlights

• Lance 6.0.1 substrate — DataFusion 52 → 53 and Arrow 57 → 58 come along for the ride. DF 53 optimizer rules (vectorized IN-list, PhysicalExprSimplifier, push-limit-into-hash-join, CASE-NULL shortcut) now reach predicates via the new structured Expr pushdown.
• Cedar policy engine — every _as writer (mutate, load, schema-apply, branch create/merge/delete) flows through Omnigraph::enforce(action, scope, actor). Server defaults to deny-all without a Cedar YAML policy; actor identity comes only from signed token claims.
• Schema-lint v1 — diagnostics now carry stable OG-XXX-NNN codes. Property and type drops support soft semantics; destructive drops require the new --allow-data-loss flag (CLI) or {"allow_data_loss": true} (HTTP).
• Structured filter pushdown — query-language predicates push down via Lance's Scanner::filter_expr instead of stringified SQL. CompOp::Contains against list-typed columns now pushes down via array_has (previously fell through to in-memory filtering).
• Inline .gq sources — CLI and HTTP read/mutate endpoints accept query source inline, not just file paths.
• CORS layer — optional CORS middleware on omnigraph-server for browser-based UIs (OMNIGRAPH_CORS_ORIGINS).
• Bug fixes — merge-insert dup-rowid (SourceDedupeBehavior::FirstSeen + check_batch_unique_by_keys precondition), branch-merge coordinator recovery on error paths, blob-column materialization during branch merge.

Behavior changes worth knowing

• On-disk format unchanged — existing v0.4.2 datasets open directly. No data migration.
• Server with policy enabled rejects writes by default — supply a Cedar YAML to authorize.
• Schema-lint diagnostics now have stable codes — CI parsers keying off prior free-form text need to switch to OG-XXX-NNN matching.
• Destructive schema drops require explicit allow_data_loss — soft-drop-or-reject is the new default.
• NOT IN on nullable anti-join columns is now SQL-correct — side effect of the DF 53 bump.

Upgrade notes, the full migration/client/operator detail, and the test-coverage delta are in docs/releases/v0.5.0.md.

v0.4.2

v0.4.2

v0.4.1

release: bump version to 0.4.1

v0.3.1

Highlights

New CLI maintenance commands

• omnigraph optimize — compacts small Lance fragments across every node and edge table in the repo. Run after large ingests to keep read paths fast.
• omnigraph cleanup — removes old Lance versions to reclaim storage. Requires --confirm to actually delete, and at least one of --keep N (recent versions to retain per table) or --older-than DURATION (e.g., 7d, 24h, 90m).

Performance

• Parallel per-type load writes: omnigraph load and omnigraph ingest now write node and edge tables concurrently. Default concurrency 8, tunable via OMNIGRAPH_LOAD_CONCURRENCY. (#46)
• Dense u32 IDs through expand: graph traversal (execute_expand) now passes dense IDs internally instead of round-tripping through String, reducing allocations on large traversals. (#47)

Bug fixes

• Deduplicate destination IDs before hydrating nodes in execute_expand — previously could over-hydrate when the same destination appeared in multiple expand contexts. (#45)

Other

• OpenAPI spec polish for downstream SDK generation.
• README updates.

v0.3.0

Highlights

Authentication & security

• Bearer-token hardening: tokens are SHA-256 hashed at ingest and compared in constant time across the full token list, eliminating timing-based actor disclosure. Authoritative actor_id is resolved server-side. (#28)
• AWS Secrets Manager backend for bearer tokens — new aws feature on omnigraph-server adds SecretsManagerTokenSource (#30), built on a new TokenSource trait (#29) so additional backends can plug in cleanly.

OpenAPI & SDK groundwork

• openapi.json is now a committed, drift-tested artifact — CI auto-syncs the spec on same-repo PRs and fails on drift for fork PRs.
• omnigraph schema get available via CLI and HTTP.
• Schema endpoint polish: rename to get, field alignment, additional tests. (#27)

Operations & data integrity

• Internal __run__ branches no longer leak: filtered from schema_apply (#38), and deleted on every terminal state (#43).
• Lance memory-pool size raised to 1 GB by default for more headroom on large operations. (#37)

Build & release infrastructure

• Homebrew tap updates automated on release tags. (#20)
• Manual-dispatch package workflow for CodeBuild image builds. (#33, #34, #35)
• Dockerfile base switched to ECR Public to avoid Docker Hub rate limits. (#39)

Test layout

• Compiler and engine integration tests split into focused sibling modules for faster targeted runs. (#40, #41, #42)

v0.2.2

Omnigraph v0.2.2

Omnigraph v0.2.2 is a packaging follow-up to v0.2.1. It keeps the CLI and server surface the same, but renames the published runtime crate from omnigraph to omnigraph-engine so the full crate set can be published cleanly to crates.io.

Highlights

Published runtime crate rename

The runtime package is now published as:

• omnigraph-engine

The in-code Rust library name remains omnigraph, so internal imports and code paths stay stable. CLI users are unaffected.

Crates.io metadata cleanup

All published crates now ship repository, homepage, and documentation metadata so the crates.io pages are complete and the release pipeline no longer emits missing-package-metadata warnings.

Included Changes

• rename runtime package from omnigraph to omnigraph-engine
• bump omnigraph-engine, omnigraph-compiler, omnigraph-server, and omnigraph-cli to 0.2.2
• update dependent manifests and CI package references to the new runtime package name

Upgrade Notes

• Rust consumers should depend on omnigraph-engine on crates.io
• Code that imports the library can continue using omnigraph as the crate name
• The omnigraph CLI binary name is unchanged