Skip to content

Release 1.1.1

Choose a tag to compare

View all tags
@cdcavell cdcavell released this 19 Jun 10:44
· 57 commits to main since this release
v1.1.1
5d68869
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Summary

1.1.1 is a compatible patch release for the stable 1.1.x AsiBackbone package family.

This release focuses on post-1.1.0 hardening, release metadata cleanup, documentation clarity, endpoint-governance safety, telemetry bounds, allocation reduction, coverage enforcement, test expansion, and dependency/security hygiene.

No breaking public API changes are intended. Existing 1.1.0 consumers should be able to upgrade without required source-code changes.

Highlights

Release metadata

  • Updates package release metadata to 1.1.1.
  • Preserves AssemblyVersion as 1.0.0.0 for compatible stable 1.x binary identity.
  • Updates FileVersion to 1.1.1.0.
  • Updates citation/archive metadata for the 1.1.1 release.

Security and dependency hardening

  • Pins SQLitePCLRaw.bundle_e_sqlite3 to the maintained 3.x package line through central package management.

  • Adds explicit SQLitePCLRaw bundle references for SQLite-backed non-packable projects:

    • CDCavell.AsiBackbone.Samples.PlainAspNetCoreHost
    • CDCavell.AsiBackbone.EntityFrameworkCore.Tests

  • Removes the vulnerable/deprecated SQLite native transitive restore path from sample and test restore flows.

  • Preserves SQLite-backed EF Core sample behavior and SQLite test coverage.

  • Keeps SQLite dependency hardening limited to sample/test usage and does not add SQLite as a required dependency for the stable runtime package surface.

Endpoint governance hardening

  • Adds optional ASP.NET Core endpoint-governance strict mode through RequireGovernanceMetadata.
  • Preserves existing opt-in/default endpoint-governance behavior for backward compatibility.
  • Allows hosts to explicitly exclude known public endpoints when strict metadata enforcement is enabled.
  • Clarifies that endpoint governance does not replace ASP.NET Core authentication, authorization, routing, middleware enforcement, persistence, UI, or host-owned execution controls.

Telemetry and result hardening

  • Bounds normalized GovernanceDecision correlation and trace identifiers to deterministic 256-character maximums.
  • Preserves existing blank-to-null telemetry identifier behavior.
  • Trims and truncates overlong telemetry identifiers safely and predictably.

Performance

  • Reduces default ASP.NET Core middleware 403 allocation pressure by using a cached, bodyless forbidden result by default.
  • Adds an opt-in forbidden-result factory so hosts can return richer safe responses when desired.
  • Reduces avoidable Core allocation overhead in reason handling for GovernanceDecision, ConstraintEvaluationResult, and OperationResult.
  • Snapshots policy evaluator constraints into an exact-sized private array to avoid repeated caller-owned collection wrapping.

Quality and tests

  • Adds a Core-only branch coverage gate for CDCavell.AsiBackbone.Core.

  • Expands branch and behavior coverage across:

    • capability grants and capability-token validation;
    • canonical payload construction and hashing;
    • signing and verification policy handling;
    • governance emission;
    • governance outbox behavior;
    • DLP/classification policy branches;
    • audit integrity verification;
    • operation and decision result behavior;
    • endpoint governance route-builder behavior.

Documentation

  • Adds and refines documentation for:

    • progressive adoption and onboarding;
    • API-gating quickstart guidance;
    • host-owned execution enforcement;
    • DLP/classification scanner integration seams;
    • safe audit and telemetry data;
    • outbox drain reliability and alerting;
    • outbox multi-worker concurrency boundaries;
    • terminology mapping for .NET developers.

  • Reframes alpha-era documents as historical records rather than current release guidance.

  • Clarifies stable 1.x API compatibility and semantic versioning guidance.

  • Clarifies design-only provider boundaries for Event Hubs, Purview, Azure-specific adapters, robotics, immutable storage, and future provider packages.

  • Improves navigation across the README, documentation home page, article index, upgrade guide, and table of contents.

Compatibility notes

  • This is a compatible patch release in the stable 1.x line.
  • AssemblyVersion remains 1.0.0.0.
  • Existing 1.1.0 consumers should be able to upgrade to 1.1.1 without required source-code changes.
  • Endpoint-governance strict mode is opt-in.
  • SQLite dependency hardening is limited to non-packable sample/test projects.
  • Future provider directions documented in the repository do not imply those providers have shipped as stable NuGet packages unless separately released.
Assets 2
Loading