v0.4.7

What's Changed

• chore(deps-dev): bump the dev group across 1 directory with 3 updates by @dependabot[bot] in #61
• ci(bench): move criterion suite to Depot single-tenant runner by @zvndev in #84
• Easy-wins sprint: unique constraints, $N parameter binding, indexed range scans, truthful EXPLAIN, multi-line REPL, agent-eval harness by @zvndev in #85
• release: v0.4.7 — easy-wins sprint by @zvndev in #86

Full Changelog: v0.4.6...v0.4.7

v0.4.6

What's Changed

• chore(deps): batch Cargo bumps (sha2 0.11, tokio, libc, serde_json) by @zvndev in #79
• chore(deps): bump the actions group across 1 directory with 13 updates by @dependabot[bot] in #67
• chore(ts-client): fix package metadata for public release by @zvndev in #80
• Ecosystem sweep: fix oversized-row server DoS, enforce readonly role, sync all docs/marketing to v0.4.5 by @zvndev in #81
• feat(ts-client): username auth for multi-user servers (0.4.0) by @zvndev in #82
• release: v0.4.6 — security hardening by @zvndev in #83

Full Changelog: v0.4.5...v0.4.6

v0.4.5

What's Changed

• v0.4.5: multi-row INSERT + full backup/restore (Phase 1) by @zvndev in #73
• Enterprise Epic A slice 1: powdb-auth (argon2 + user/role store) by @zvndev in #74
• ci(bench): pull the criterion suite out of the required pipeline (manual-only) by @zvndev in #76
• Enterprise Epic A slice 2: multi-user authentication (backward compatible) by @zvndev in #75
• release: prep v0.4.5 (publish auth+backup crates, CHANGELOG) by @zvndev in #77

Full Changelog: v0.4.4...v0.4.5

What's Changed

• v0.4.5: multi-row INSERT + full backup/restore (Phase 1) by @zvndev in #73
• Enterprise Epic A slice 1: powdb-auth (argon2 + user/role store) by @zvndev in #74
• ci(bench): pull the criterion suite out of the required pipeline (manual-only) by @zvndev in #76
• Enterprise Epic A slice 2: multi-user authentication (backward compatible) by @zvndev in #75
• release: prep v0.4.5 (publish auth+backup crates, CHANGELOG) by @zvndev in #77
• fix(release): push Docker image to ghcr.io/zvn-dev (post-transfer namespace) by @zvndev in #78

Full Changelog: v0.4.4...v0.4.5

v0.4.4

What's Changed

• fix: eliminate three data-loss bugs in crash recovery (v0.4.4) by @zvndev in #72

Full Changelog: v0.4.3...v0.4.4

v0.4.3

What's Changed

• fix: P0 data-loss on alter + crash recovery (v0.4.3) by @zvndev in #70

Full Changelog: v0.4.2...v0.4.3

v0.4.2

What's Changed

• release: v0.4.2 (doc + example pinning patch) by @zvndev in #69

Full Changelog: v0.4.1...v0.4.2

v0.4.1

What's Changed

• Phase 1: performance + security hardening by @zvndev in #64
• Phase 2: deployment + DX (and Phase 3 risky-research dossier) by @zvndev in #65
• release: v0.4.1 by @zvndev in #66

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

• Release 0.4.0: transactions, type safety, packaging, CI hardening by @zvndev in #59
• Smoke-audit fixes: docs, packaging, CI hardening, one-shot CLI by @zvndev in #56
• Add explicit transactions (BEGIN / COMMIT / ROLLBACK) by @zvndev in #58

Full Changelog: v0.3.1...v0.4.0

v0.3.1: Security Hardening, 191 New Tests, Landing Page

Highlights

This release focuses on security hardening, data integrity, and release infrastructure. Test count jumps from 365 to 556.

Security Fixes

• Idempotent WAL replay via LSN-tagged pages — pages carry monotonic Log Sequence Numbers; replay skips already-applied records, eliminating data duplication on crash recovery
• Plaintext password warning — server logs a loud warning when password auth is enabled without TLS
• Pre-auth payload limit — CONNECT messages capped at 4KB (was 64MB), blocking memory exhaustion DoS before authentication
• CRC32 checksums on catalog.bin — the last persistence file without integrity checking now has checksums
• Bounds validation on page slots — corrupt pages return None instead of panicking

Code Quality

• StorageError enum with typed variants (replaces raw io::Result in storage crate)
• Bounds checks on unsafe executor macros — guards agg_int_loop!/agg_float_loop! against corrupt row data
• // SAFETY: comments on all unsafe blocks in storage and query crates
• Crate-level //! docs on query and server crates
• MSRV declared — rust-version = "1.75"

191 New Tests (365 → 556)

Category	Tests	Covers
B+ tree edge cases	27	splits, merges, range scans, duplicates, extreme values
Buffer pool	12	eviction, pin/unpin, dirty page persistence
Catalog corruption	10	truncation, garbage bytes, bad magic, inflated counts
WAL CRC rejection	14	bit-flips, truncation, partial writes
TLS connections	4	full lifecycle, plaintext-to-TLS rejection
Flaky test fix	—	connection_management race condition eliminated

Infrastructure

• Landing page — static docs site in site/ (deploy to GitHub Pages)
• Docker image CI — release workflow pushes to ghcr.io/zvndev/powdb on tag
• Crates.io publish workflow — workflow_dispatch for automated cargo publish
• Dependabot — weekly checks for cargo, npm, and GitHub Actions dependencies
• Updated SECURITY.md — TLS docs, supported versions, auth mechanisms
• GitHub repo topics for discoverability

Benchmark: PowDB vs SQLite (100K rows, M1)

Workload	PowDB	SQLite	Speedup
Aggregate MIN	236μs	2.34ms	9.9x
Aggregate MAX	236μs	2.10ms	8.9x
Aggregate SUM	231μs	1.87ms	8.1x
Update by PK	55ns	412ns	7.5x
Aggregate AVG	401μs	2.30ms	5.7x
Scan+filter+count	381μs	1.95ms	5.1x
Scan+sort+limit	2.66ms	9.77ms	3.7x
Update by filter	2.16ms	6.77ms	3.1x
Indexed lookup	93ns	282ns	3.0x

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's New

DDL WAL Replay

• Schema mutations (CREATE TABLE, DROP TABLE, ADD COLUMN, DROP COLUMN) are now logged to the WAL with record types 6-9
• Crash recovery replays DDL operations idempotently — if the table/column already exists or was already dropped, replay skips gracefully
• WAL records are flushed immediately before filesystem mutations for durability

CRC32 Checksums on B+ Tree Nodes

• Every serialized B+ tree node now includes a CRC32 checksum (last 4 bytes)
• Checksum is verified on load — returns io::Error(InvalidData) on mismatch
• Protects against silent corruption of index data on disk

Hardened Hot Paths

• Bounds-checked compiled predicates in CompiledLeaf::eval() — no panics on corrupt row data
• Bounds checks in sort+limit fast path and mmap heap scan slot directory reads
• Fixed UTF-8 slicing bug found by fuzzer: &s[..20] → &s[..s.floor_char_boundary(20)] in token display

CI Improvements

• Added Miri job (scoped to non-mmap modules: btree, page, row, types, tx, view)
• Added AddressSanitizer job (hard gate, leak detection disabled for mmap regions)
• Fixed fuzz workflow cargo-fuzz install (removed --locked to avoid stale transitive deps)
• Updated required status check names in branch protection

Other

• TypeId::from_u8() convenience method on storage types
• Doc-tests added across lexer, parser, executor, and storage modules
• Fixed clippy collapsible_if lint in connection management tests

What's Changed

• Release v0.3.0: DDL WAL replay, CRC32 checksums, hardened hot paths by @zvndev in #29

Full Changelog: v0.2.1...v0.3.0