0.1.0-alpha33

What's new in 0.1.0-alpha33

Release Notes for Camunda Security Library v0.1.0-alpha33

Executive Summary

Version 0.1.0-alpha33 of the Camunda Security Library introduces significant enhancements, including a comprehensive set of Architecture Decision Records (ADRs) addressing identity management, refined public API classes, and extensive new documentation for adoption and integration. Notable new features such as the addition of the /task workflow and interface definitions enhance the library's flexibility and usability.

Breaking Changes

None

New Features

• Enhanced functionality with the addition of the following features:
  • New Workflow: Added /task workflow for small, independently mergeable work (PR #4).
  • Module Skeleton: Introduced the camunda-security-library module skeleton (PR #23).
  • Outbound Adapter Interfaces: Defined outbound adapter interfaces in the core (PR #28).
  • Inbound Port Interfaces: Defined inbound port interfaces in the core (PR #27).
  • Deployment Strategy Wiring: Implemented hardware/device wiring and renamed adapters module (PR #29).
  • Skills: Added /tour orientation skill (PR #41).

Bug Fixes

None

Improvements

• Architecture Decision Records (ADRs):

  • Added/modified several ADRs, including:
    • ADR-0013: Multi-IdP OIDC configuration (added)
    • ADR-0020: Issuer-aware JwtDecoder for multi-provider OIDC token validation (added)
    • ADR-0021: BasicAuthUserDetailsPort for basic-auth user resolution (added)
    • Additional ADRs enhance the framework by detailing resource access, validation modules, and webapp security chains.

• Documentation Enhancements:

  • Updated documents including docs/adopters/ports.md and docs/adopters/security-filter-chains.md to reflect new integrations and usage patterns.
  • Added pull request template and detailed requirements for linking files in issues.

• Public API Class Enhancements:

  • New or modified public API classes:
    • io.camunda.security.api.context.CamundaSecurityScopeProvider
    • io.camunda.security.api.model.CamundaAuthentication
    • Authorization related classes (AuthorizationResourceType, PermissionType, ResourceType).

This version aligns the library with updated Java standards, enhances its structure, and prepares it for further expansion in future releases.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renov...

0.1.0-alpha32

What's new in 0.1.0-alpha32

Release Notes for Camunda Security Library Version 0.1.0-alpha32

Executive Summary

Version 0.1.0-alpha32 introduces significant architectural updates, including multiple Architecture Decision Records (ADRs) that enhance identity management and resource access control. New features such as the addition of task workflows and outbound/inbound adapter interfaces enrich the library's capabilities. Comprehensive documentation improvements have been made to aid integration and adoption.

Breaking Changes

• None

New Features

• Introduced new workflows with the addition of the /task workflow for small, independently mergeable work.
• Added core outbound adapter interfaces.
• Defined inbound port interfaces for enhanced adaptability and integration.
• Implemented deployment-strategy wiring and renamed the adapters module.
• Introduced the /tour orientation skill.
• Created a skeleton for the camunda-security-library module.

Bug Fixes

• None

Improvements

• Added multiple Architecture Decision Records (ADRs), including:
  • ADR-0013: Multi-IdP OIDC configuration
  • ADR-0020: Issuer-aware JwtDecoder for multi-provider OIDC
  • ADR-0021: BasicAuthUserDetailsPort for user resolution
  • ADR-0022: Resource access control framework enhancements
  • ADR-0024: Dedicated validation module for entity validators
  • Additional improvements related to Scoped webapp security chains and other framework extensions.
• Updated adoption/integration documentation, including:
  • docs/adopters/ports.md
  • docs/adopters/security-filter-chains.md
• Enhanced public API classes, notably:
  • io.camunda.security.api.context.CamundaSecurityScopeProvider
  • io.camunda.security.api.model.CamundaAuthentication
  • io.camunda.security.api.model.authz.AuthorizationResourceType
  • io.camunda.security.api.model.authz.PermissionType
  • io.camunda.security.api.model.authz.ResourceType
• Refactored workflow documentation to an agent-neutral location for easier navigation.
• Updated various documentation files, including a new pull request template and renaming conventions in the documentation.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renovate[bot] in #108
• fix(deps): update archunit.version to v1.4.2 by @renovate[bot] in #111
• chore(deps): update...

0.1.0-alpha31

What's new in 0.1.0-alpha31

Release Notes for Camunda Security Library Version 0.1.0-alpha31

Executive Summary

Version 0.1.0-alpha31 introduces substantial architectural enhancements alongside several new features and modifications aimed at improving integration and usability. This release includes key updates to Architecture Decision Records (ADRs), integration documentation enhancements, and the addition of new public API classes.

Breaking Changes

None.

New Features

• Added /task workflow for small, independently mergeable work.
• Introduced /tour orientation skill in the skills module.
• Defined outbound adapter interfaces in the core module.
• Defined inbound port interfaces in the core module.
• Added deployment-strategy wiring and renamed adapters module.
• Added module skeleton for camunda-security-library.

Bug Fixes

None reported.

Improvements

• Significant updates to Architecture Decision Records (ADRs):
  • ADR-0013: Multi-IdP OIDC configuration via additive providers.oidc.<id>.* shape.
  • ADR-0018: Migration of CamundaUserPort contract to CSL.
  • ADR-0019: Migration of OC's Authorization<T> runtime check spec to CSL as RequiredAuthorization<T>.
  • ADR-0020: Issuer-aware JwtDecoder for multi-provider OIDC token validation.
  • Introduced BasicAuthUserDetailsPort for basic-auth user resolution in ADR-0021.
  • Lifted resource access control framework into CSL core (ADR-0022).
  • Improved OIDC bearer-token validation structures (ADR-0023).
  • Created a dedicated validation module for entity validators (ADR-0024).
  • Introduced CamundaSecurityScopeProvider SPI for path-scoped API chains (ADR-0025).
  • Implemented UserInfo claim augmentation (ADR-0026).
• Adoption/Integration Documentation updates:
  • New documentation added for persistent web sessions, ports, and security filter chains.
• Public API classes modified:
  • io.camunda.security.api.context.CamundaSecurityScopeProvider
  • io.camunda.security.api.model

For complete details and further documentation, please refer to the Camunda Security Library repository.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renovate[bot] in #108
• fix(deps): update archunit.version to v1.4.2 by @renovate[bot] in #111
• chore(d...

0.1.0-alpha30

What's new in 0.1.0-alpha30

Camunda Security Library Release Notes - Version 0.1.0-alpha30

Executive Summary

This release introduces significant enhancements to the Camunda Security Library, including a refined architecture framework through multiple Architecture Decision Records (ADRs), new features emphasizing workflow and portability, and improvements in documentation to facilitate adoption and integration. This version lays the groundwork for future development while ensuring better alignment with Java 21 standards.

Breaking Changes

• None

New Features

• Added multiple ADRs to enhance architecture, including:
  • ADR-0013: Multi-IdP OIDC configuration shape
  • ADR-0017: SessionStorePort contract for web-session lifecycle management
  • ADR-0018: Migration of CamundaUserPort contract to CSL
  • ADR-0019: Runtime check migration to RequiredAuthorization<T>
  • ADR-0020: Issuer-aware JwtDecoder for OIDC token validation
  • ADR-0021: Introduction of BasicAuthUserDetailsPort
  • ADR-0022: Lift resource access control framework to CSL core
  • ADR-0024: New validation module for entity validators
  • ADR-0025: New CamundaSecurityScopeProvider SPI for host-contributed API chains
• Introduced a /task workflow for small-scale, independent merges.
• Defined outbound and inbound adapter interfaces in core.
• Added a /tour orientation skill to enhance user experience.
• Created a skeletal structure for the camunda-security-library module.

Bug Fixes

• None

Improvements

• Updated adoption and integration documentation, including new entries for:
  • Persistent web sessions
  • Core ports
  • Security filter chains
• Renamed the Security Gateway Framework to Camunda Security Library for clarity.
• Adjusted hexagonal naming conventions to Port/Adapter for better understanding.
• Refactored workflow documentation to a more agent-neutral location.
• Adopted Spotless with Google Java Format for code consistency.

Public API Changes

• Added or modified public API classes:
  • io.camunda.security.api.context.CamundaSecurityScopeProvider
  • io.camunda.security.api.model.CamundaAuthentication

These changes aim to enhance the usability and functionality of the Camunda Security Library, paving the way for further developments and improved integration experiences for developers.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renovate[bot] in https://github.com/camunda...

0.1.0-alpha29

What's new in 0.1.0-alpha29

Release Notes for Camunda Security Library Version 0.1.0-alpha29

Executive Summary

Version 0.1.0-alpha29 of the Camunda Security Library introduces several architectural enhancements, including the addition of new Architecture Decision Records (ADRs) and essential public API classes. This release emphasizes improved structuring of documentation and introduces features related to workflow handling and security session management.

Breaking Changes

None

New Features

• Added a new /task workflow for managing small, independently mergeable work.
• Introduced the /tour orientation skill in the skills module.
• Defined outbound adapter interfaces in the core module.
• Defined inbound port interfaces in the core module.
• Added deployment-strategy wiring and renamed the adapters module.
• Added the camunda-security-library module skeleton.

Bug Fixes

None

Improvements

• Added several Architecture Decision Records (ADRs):
  • ADR-0013: Multi-IdP OIDC configuration.
  • ADR-0017: SessionStorePort contract for web-session lifecycle.
  • ADR-0018: Migration of CamundaUserPort contract to CSL.
  • ADR-0019: Migration of runtime check spec for Authorization<T> to RequiredAuthorization<T>.
  • ADR-0020: Issuer-aware JwtDecoder for multi-provider OIDC token validation.
  • ADR-0021: BasicAuthUserDetailsPort for basic-auth user resolution.
  • ADR-0022: Lift of resource access control framework to CSL core.
  • ADR-0023: OIDC bearer-token validation on the API chain.
• Adoption/integration documentation has been updated:
  • docs/adopters/persistent-web-sessions.md
  • docs/adopters/ports.md
  • docs/adopters/security-filter-chains.md
• Documentation improvements include the addition of an AI agent harness and project context, revision of the naming conventions to "Port/Adapter," and a pull request template introduction.
• New public API classes introduced:
  • io.camunda.security.api.model.config.SessionConfiguration
  • io.camunda.security.api.model.session.PersistentSession
  • io.camunda.security.api.model.user.CamundaUserDTO

This release enhances the library's capability and prepares it for more robust security integrations.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renovate[bot] in #108
• fix(deps): update archunit.version to v1.4.2 by @renovate[bot] in https://github.co...

0.1.0-alpha28

What's new in 0.1.0-alpha28

Camunda Security Library Release Notes - Version 0.1.0-alpha28

Executive Summary

Version 0.1.0-alpha28 introduces significant enhancements to the Camunda Security Library, including multiple new features that establish core interfaces and capabilities for handling security within the library framework. This release also adds several Architecture Decision Records (ADRs) that guide the evolving architecture, along with improved documentation to assist in the integration and adoption of the library.

Breaking Changes

• None

New Features

• Added /task workflow for small, independently mergeable work.
• Introduced new core outbound adapter interfaces.
• Defined inbound port interfaces in the core module.
• Implemented deployment-strategy wiring and renamed the adapters module.
• Added a /tour orientation skill.
• Created the skeleton for the camunda-security-library module.

Bug Fixes

• None

Improvements

• Architecture Decision Records (ADRs) added/modified:
  • ADR-0013: Multi-IdP OIDC configuration via additive providers.oidc.<id>.* shape
  • ADR-0017: SessionStorePort contract and CSL ownership of the web-session lifecycle
  • ADR-0018: CamundaUserPort contract migration to CSL
  • ADR-0019: Migrate OC's Authorization<T> runtime check spec to CSL as RequiredAuthorization<T>; keep the CSL domain Jackson-free
  • ADR-0020: Issuer-aware JwtDecoder for multi-provider OIDC token validation
  • ADR-0021: BasicAuthUserDetailsPort for basic-auth user resolution
  • ADR-0022: Lift resource access control framework into CSL core
• Updated adoption/integration documentation, including:
  • docs/adopters/persistent-web-sessions.md
  • docs/adopters/ports.md
  • docs/adopters/security-filter-chains.md
• Renamed "Security Gateway Framework" to "Camunda Security Library" in documentation.
• Renamed hexagonal naming conventions to Port/Adapter in documentation.

Modified Public API Classes

• io.camunda.security.api.model.config.SessionConfiguration
• io.camunda.security.api.model.session.PersistentSession
• io.camunda.security.api.model.user.CamundaUserDTO

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renovate[bot] in #108
• fix(deps): update archunit.version to v1.4.2 by @renovate[bot] in #111
• chore(deps): update ghcr.io...

0.1.0-alpha27

What's new in 0.1.0-alpha27

Release Notes for Camunda Security Library v0.1.0-alpha27

Executive Summary

Version 0.1.0-alpha27 introduces significant architectural updates, including new Architecture Decision Records (ADRs) that enhance the identity management features and integration capabilities of the library. Additionally, various public API classes have been added, along with improvements to documentation aimed at facilitating smoother adoption and integration.

Breaking Changes

No breaking changes were introduced in this release.

New Features

• Added new public API classes:
  • io.camunda.security.api.model.CamundaAuthentication
  • io.camunda.security.api.model.LazyList
  • io.camunda.security.api.model.config.SessionConfiguration
  • io.camunda.security.api.model.session.PersistentSession
  • io.camunda.security.api.model.user.CamundaUserDTO
• Introduced /task workflow for handling small, independently mergeable work.
• Defined outbound adapter interfaces in the core module.
• Defined inbound port interfaces in the core module.
• Implemented deployment-strategy wiring and renamed adapters module.
• Added /tour orientation skill.

Bug Fixes

No specific bug fixes were listed for this release.

Improvements

• Added several new Architecture Decision Records (ADRs):
  • ADR-0013: Multi-IdP OIDC configuration via additive providers.oidc.<id>.* shape.
  • ADR-0017: SessionStorePort contract and CSL ownership of the web-session lifecycle.
  • ADR-0018: CamundaUserPort contract migration to CSL.
  • ADR-0019: Migration of OC's Authorization<T> runtime check to CSL as RequiredAuthorization<T>.
  • ADR-0020: Issuer-aware JwtDecoder for multi-provider OIDC token validation.
  • ADR-0021: BasicAuthUserDetailsPort for basic-auth user resolution.
• Updated adoption/integration documentation:
  • Enhanced documentation for persistent web sessions, ports, and security filter chains.
• Refactored workflow documentation to an agent-neutral location.
• Added a pull request template to streamline contribution processes.
• Adopted Spotless with Google Java Format and added a license-header check.
• Aligned Java baseline to version 21 and extended .gitignore for Java, Maven, and IDE files.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins:maven-enforcer-plugin to v3.6.2 by @renovate[bot] in #108
• fix(deps): update archunit....

0.1.0-alpha26

What's new in 0.1.0-alpha26

Release Notes for Camunda Security Library v0.1.0-alpha26

Executive Summary

Version 0.1.0-alpha26 introduces significant enhancements to the Camunda Security Library, including several new features, architecture decision records, and improvements in documentation aimed at better integration. This release emphasizes structural changes to the API and the foundational workflow architecture, continuing to align with Java 21 and enabling clearer user session management.

Breaking Changes

None

New Features

• Workflow Addition: Added /task workflow for small, independently mergeable work. #4
• Skill Development: Introduced /tour orientation skill. #41
• Module Skeleton: Established the camunda-security-library module skeleton. #23
• Core Interfaces: Defined outbound adapter interfaces and inbound port interfaces in the core. #28 and #27
• Deployment Strategy: Added deployment-strategy wiring and renamed the adapters module. #29

Bug Fixes

None

Improvements

• Architecture Decision Records (ADRs) Added/Modified:

  • ADR-0016: Canonical source for Service, Search, Exporter, and Persistence layers.
  • ADR-0017: SessionStorePort contract and web-session lifecycle ownership.
  • ADR-0018: CamundaUserPort contract migration.
  • ADR-0019: Authorization checks migration and domain specifications.
  • ADR-0020: Migration of SecurityContext types to CSL.

• Documentation Enhancements:

  • Included detailed guides on conditional annotations, persistent web sessions, ports, and security filter chains for better adoption and integration.
  • Updates to the naming conventions and pull request templates for improved clarity.

• API Development: Multiple public API classes updated or added, including:

  • io.camunda.security.api.context.OidcClaimsProvider
  • io.camunda.security.api.model.CamundaAuthentication
  • io.camunda.security.api.model.LazyList
  • io.camunda.security.api.model.authz.DefaultRole
  • io.camunda.security.api.model.config.SessionConfiguration
  • io.camunda.security.api.model.config.initialization.ConfiguredMappingRule
  • io.camunda.security.api.model.config.initialization.ConfiguredUser
  • io.camunda.security.api.model.session.PersistentSession
  • io.camunda.security.api.model.user.CamundaUserDTO

This release marks a step forward in the evolution and integration of the Camunda Security Library, providing valuable updates and structural improvements for developers. For comprehensive details, visit the full changelog.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
  ...

0.1.0-alpha25

What's new in 0.1.0-alpha25

Camunda Security Library Release Notes - Version 0.1.0-alpha25

Executive Summary

Version 0.1.0-alpha25 introduces significant architectural enhancements, including the addition of multiple Architecture Decision Records (ADRs) and new public API classes. This release also refines documentation for adoption and integration, improving clarity for users looking to implement the library in their projects.

Breaking Changes

• None.

New Features

• Added the /task workflow for handling small, independently mergeable work.
• Introduced a module skeleton for the camunda-security-library.
• Defined outbound adapter interfaces in the core module.
• Defined inbound port interfaces in the core module.
• Added deployment-strategy wiring and renamed the adapters module.
• Implemented a /tour orientation skill.

Bug Fixes

• None.

Improvements

• Added multiple Architecture Decision Records (ADRs):
  • ADR-0016: CSL authz enums as the canonical source for Service, Search, Exporter, and Persistence layers.
  • ADR-0017: SessionStorePort contract and CSL ownership of the web-session lifecycle.
  • ADR-0018: CamundaUserPort contract migration to CSL.
  • ADR-0019: Migration of OC's Authorization<T> runtime check spec to CSL as RequiredAuthorization<T>, maintaining a Jackson-free CSL domain.
• Updated adoption/integration documentation:
  • docs/adopters/conditional-annotations.md
  • docs/adopters/persistent-web-sessions.md
  • docs/adopters/ports.md
  • docs/adopters/security-filter-chains.md
• Refactored documentation to enhance clarity regarding the AI agent harness and project context.
• Refactored workflow documentation to an agent-neutral location.
• Renamed the Security Gateway Framework to Camunda Security Library.
• Renamed hexagonal naming conventions to Port/Adapter.
• Updated public API classes, adding/altering the following:
  • io.camunda.security.api.context.OidcClaimsProvider
  • io.camunda.security.api.model.CamundaAuthentication
  • io.camunda.security.api.model.LazyList
  • io.camunda.security.api.model.authz.DefaultRole
  • io.camunda.security.api.model.config.SessionConfiguration
  • io.camunda.security.api.model.config.initialization.ConfiguredMappingRule
  • io.camunda.security.api.model.config.initialization.ConfiguredUser
  • io.camunda.security.api.model.session.PersistentSession
  • io.camunda.security.api.model.user.CamundaUserDTO
• Aligned Java baseline to version 21 and extended .gitignore for Java and Maven.

These enhancements aim to reinforce the functionality and usability of the Camunda Security Library, fostering a more seamless integration into existing projects.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in https...

0.1.0-alpha24

What's new in 0.1.0-alpha24

Release Notes for Camunda Security Library Version 0.1.0-alpha24

Executive Summary

This release introduces significant enhancements to the Camunda Security Library, focusing on architectural decisions, new features, and improved documentation. Key advancements include the addition of various Architecture Decision Records (ADRs), new outbound and inbound port interfaces, and extensive updates to integration documentation. Developers will find several new public API classes that enhance customization and usage.

Breaking Changes

None

New Features

• Added /task workflow for independently mergeable work (#4).
• Introduced skeleton for the camunda-security-library module (#23).
• Defined outbound adapter interfaces in core (#28).
• Defined inbound port interfaces in core (#27).
• Added /tour orientation skill for enhanced user experience (#41).

Bug Fixes

None

Improvements

• Added ADRs related to unified identity architecture:
  • ADR-0016: CSL authz enums as the canonical source for various layers.
  • ADR-0017: SessionStorePort contract and CSL web-session lifecycle ownership.
  • ADR-0018: Migration of CamundaUserPort contract to CSL.
• Improved adoption/integration documentation:
  • Added: docs/adopters/conditional-annotations.md, docs/adopters/persistent-web-sessions.md, docs/adopters/ports.md, and docs/adopters/security-filter-chains.md.
• Refactored workflow documentation to a more agent-neutral location (#3).
• Renamed Security Gateway Framework to Camunda Security Library (#15).
• Extended .gitignore for Java, Maven, and IDE files (#42).
• Enforced runtime dependency checks in the core module (#44).

Public API Changes

• New/modified classes:
  • io.camunda.security.api.context.OidcClaimsProvider
  • io.camunda.security.api.model.CamundaAuthentication
  • io.camunda.security.api.model.LazyList
  • io.camunda.security.api.model.authz.DefaultRole
  • io.camunda.security.api.model.config.SessionConfiguration
  • io.camunda.security.api.model.config.initialization.ConfiguredMappingRule
  • io.camunda.security.api.model.config.initialization.ConfiguredUser
  • io.camunda.security.api.model.session.PersistentSession
  • io.camunda.security.api.model.user.CamundaUserDTO

These enhancements set a strong foundation for future development and integration of security solutions within the Camunda ecosystem.

---

Full Changelog

What's Changed

• Add ADRs from unified identity architecture by @Ben-Sheppard in #1
• docs: add AI agent harness and project context by @Ben-Sheppard in #2
• refactor: extract workflow docs to agent-neutral location by @Ben-Sheppard in #3
• feat: add /task workflow for small, independently mergeable work by @Ben-Sheppard in #4
• refactor: use native GitHub issue types and sub-issue relationships by @Ben-Sheppard in #10
• docs: require clickable URLs when linking files in issues by @Ben-Sheppard in #12
• chore: align java baseline to 21 and ignore local worktrees by @megglos in #14
• docs: rename Security Gateway Framework to Camunda Security Library by @megglos in #15
• feat: add camunda-security-library module skeleton by @megglos in #23
• docs: rename hexagonal naming conventions to Port/Adapter by @megglos in #26
• feat: define outbound adapter interfaces in core by @megglos in #28
• Architecture vision of the identity unified architecture by @p-wunderlich in #13
• feat: define inbound port interfaces in core by @megglos in #27
• feat: add deployment-strategy wiring and rename adapters module by @megglos in #29
• feat(skills): add /tour orientation skill by @Ben-Sheppard in #41
• ci: add renovate config and validation workflow by @megglos in #46
• docs: add pull request template by @megglos in #47
• build: adopt Spotless with Google Java Format and license-header check by @megglos in #45
• test(arch): forbid framework runtime deps in core by @megglos in #44
• chore: extend .gitignore for Java, Maven, and IDE files by @megglos in #42
• ci(build): add checkstyle with shared ruleset by @megglos in #43
• ci: deploy SNAPSHOTs to Camunda Artifactory on push to main by @megglos in #51
• build: add managed git hooks via core.hooksPath by @megglos in #48
• feat: extract central security filter chains from spike by @Ben-Sheppard in #49
• ci(deps): enforce declaration of used dependencies via dependency:analyze by @megglos in #31
• ci: add maven release workflow by @megglos in #59
• ci(release): clone target/checkout from local working copy by @megglos in #67
• build: stop POM formatting churn on every release by @megglos in #68
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to 29118bc by @renovate[bot] in #85
• chore(deps): update dependency maven to v3.9.15 by @renovate[bot] in #86
• docs: adjust ADR for frontend integration after discussion by @mrm1st3r in #52
• ci(release): create canary branch and open mergeback PR by @megglos in #87
• Update architecture vision after kickoff by @p-wunderlich in #81
• docs(contributing): document the release workflow by @megglos in #89
• docs(contributing): apply review wording — "cut" → "create" by @megglos in #91
• refactor: align port and adapter naming with port/in and port/out by @megglos in #92
• Move camunda authentication model + holder to CSL by @p-wunderlich in #79
• chore(release): merge back 0.1.0-alpha2 into main by @github-actions[bot] in #97
• chore(renovate): raise throughput for nightly + weekend updates by @megglos in #98
• ci(renovate): auto-approve labelled renovate PRs to enable automerge by @megglos in #99
• chore(deps): update ghcr.io/renovatebot/renovate docker digest to b3297dc by @renovate[bot] in #100
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 by @renovate[bot] in #101
• fix(deps): update dependency org.springframework.boot:spring-boot-dependencies to v4.0.6 by @renovate[bot] in #102
• fix(deps): update dependency org.testcontainers:testcontainers-bom to v2 by @renovate[bot] in #117
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13 by @renovate[bot] in #116
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3 by @renovate[bot] in #115
• chore(deps): update actions/setup-java action to v5 by @renovate[bot] in #114
• chore(deps): update actions/checkout action to v6 by @renovate[bot] in #113
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 by @renovate[bot] in #110
• chore(deps): update dependency org.apache.maven.plugins:maven-jar-plugin to v3.5.0 by @renovate[bot] in #109
• chore(deps): update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 by @renovate[bot] in #107
• chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 by @renovate[bot] in #106
• chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.6.0 by @renovate[bot] in #105
• chore(deps): update dependency org.apache.maven.plugins...