v1.0.0-beta.3
Pre-release
Pre-release
Immutable
release. Only release title and notes can be modified.
1.0.0-beta.3 (2026-06-30)
Bug Fixes
- payments: Deduplicate callback replays (a874fc4)
- payments: Ignore invalid callback fingerprints (9987ec9)
- payments: Reject invalid money amounts (b09c273)
- payments: Unify money quantization (d32ecea)
- http: Sign callback result links (f898a54)
- payments: Randomize merchant identifiers (4330903)
- payments: Guard idempotent retry replays (9dc4757)
- refunds: Lock transaction before refunding (37bb093)
- transactions: Lock updates before diffing (aa32ad2)
- status: Scope portal credentials per merchant (508976f)
- database: Guard automatic migrations (b6f49db)
- driver: Validate production gateway URL (353d7be)
- security: Harden payload encryption at rest (9ab8b21)
- database: Derive transaction amounts from cents (790b013)
- security: Require callback identity fields (7461608)
- gitignore: Ignore local secret files (3d3af33)
- status: Surface transport failures (2364fc1)
- database: Bound transaction history queries (a882042)
- http: Harden payment input validation (3389d0c)
- database: Import knex via default export so ESM bundle loads (4865563)
- payments: Cap merchantRef/merchantSession at SISP 15-char limit (a4207b3)
- payments: Use unbiased randomInt for identifier entropy (80d4ecf)
- payments: Fail transaction and emit payment:failed on invalid callback fingerprint (9a617f7)
Code Refactoring
- architecture: Restructure into hexagonal layers (790b94d)