v3.0.0

Commit Summary

Features

• Feat: Add encryption secret decoder helper (5912eed)
• Feat: align gRPC authority listener (4dc98ab)
• Feat: remove hard-coded loopback bypasses (0321650)
• Feat: add policy scheduler guard compiler surface (2f9c22f)
• Feat: add typed request context attributes (0964032)
• Feat: bridge policy status into IdP UI (b81bd2b)
• Feat: localize policy backchannel responses (e394bcf)
• Feat: add nauthilus_i18n Lua module (a96ba69)
• Feat: add policy localization resolver (9043406)
• Feat: Add policy request attributes (78bfabc)
• Feat: add policy i18n response core (a4916cc)
• Feat: add policy diagnostic reporting (57cb45a)
• Feat: own runtime obligations in policy (8453fac)
• Feat: expand policy fact model (004d1f9)
• Feat: remove policy migration diagnostics (381c8e2)
• Feat: enforce custom non-password policies (50fc9d6)
• Feat: enforce custom final auth policies (d5a269e)
• Feat: enforce custom pre-auth policies (6c7d665)
• Feat: add custom policy observe mode (f0bef8f)
• Feat: make target FSM authoritative (64d7e6a)
• Feat: make standard_auth authoritative (ac718eb)
• Feat: add target FSM comparison diagnostics (bac5eb3)
• Feat: add policy config conversion cut (b1f055b)
• Feat: add standard_auth shadow evaluation (ffe13c4)
• Feat: collect policy check results (b9123c1)
• Feat: add policy snapshot compiler (379afe3)
• Feat: add decision layer foundation (03e493f)
• Feat: freeze policy decision parity corpus (9e73585)
• Feat: add gRPC authentication service (0ae5145)
• Feat: add tolerant CBOR content negotiation (525cf71)
• Feat: add configurable security.txt endpoint (bc097c4)
• Feat: add custom hook alias locations (8b344eb)
• Feat: add CBOR authentication support (c1ea63b)
• Feat: add external session correlation (c213db1)
• Feat: split server prefilters from capabilities (4923220)

Fixes

• Fix: Clarify OIDC client assertion docs (5864b3b)
• Fix: Support private_key_jwt introspection (c82e0f3)
• Fix: support Master-User MFA in IdP flows (4dc08de)
• Fix: Replace corrupt Lua VM leases (fc3061c)
• Fix: Ignore invalid duplicate secure cookies (aac7035)
• Fix: Decouple brute-force histories from positive cache (2cbbeea)
• Fix: cover SAML in identity proxy smoke (ce2e45a)
• Fix: Publish auth basic tagged OpenAPI contract (02919de)
• Fix: Mark management OpenAPI docs protected (b555f35)
• Fix: Flush edge cache state for remote backends (d1809e7)
• Fix: Normalize TOTP setup and validation (524455c)
• Fix: Trace Lua execution phases and LDAP attributes (89caebd)
• Fix: propagate gRPC trace context (ef8fc53)
• Fix: make global pattern monitoring Redis Cluster safe (0cc2fd9)
• Fix: preserve HTTP client transport defaults (8497ccb)
• Fix: align CBOR auth response parity (36d0cff)
• Fix: default Docker image timezone to UTC (e9093e0)
• Fix: add zoneinfo to debug image (a3aef84)
• Fix: reset IdP delayed response retry state (1846b09)
• Fix: preserve IdP delayed response failures (db46f2b)
• Fix: add i18n and OpenTelemetry Lua test fixtures (09d9c95)
• Fix: reset delayed-response flow retries (d7913d5)
• Fix: enhance policy refresh and consent flow handling (4ee28b8)
• Fix: emit Lua plugin facts as policy attributes (54919e0)
• Fix: implement Lua policy schedule and dependency system (640b10d)
• Fix: replace Lua filter execution flags with Modes field (2db1be2)
• Fix: expand gRPC auth request logging (659e5eb)
• Fix: validate TLS cipher suite configuration (6c54b0e)
• Fix: harden backend health checks and config materialization (3626838)
• Fix: Add configurable Redis deadlines for improved key and session handling (3d9de2f)
• Fix: use scratch for final Docker image (ecce30b)
• Fix: Correct expected busy connection counts in LDAP pool tests (45a824c)

Chores

• Chore: refresh vendored dependencies (f76b110)
• Chore: remove policy localization doc slices (73abdf4)
• Chore: ignore Python script cache (20bca44)

What's Changed

Other Changes

• Features by @croessner in https://github.com/croessner/nauthilus/pull/364
• Features by @croessner in https://github.com/croessner/nauthilus/pull/365
• Deprecate Neural Network functionality in documentation. by @croessner in https://github.com/croessner/nauthilus/pull/366
• Refactor: Remove experimental ML feature references by @croessner in https://github.com/croessner/nauthilus/pull/367
• Features by @croessner in https://github.com/croessner/nauthilus/pull/368
• Features by @croessner in https://github.com/croessner/nauthilus/pull/369
• Features by @croessner in https://github.com/croessner/nauthilus/pull/370
• Features by @croessner in https://github.com/croessner/nauthilus/pull/371
• Features by @croessner in https://github.com/croessner/nauthilus/pull/372
• Features by @croessner in https://github.com/croessner/nauthilus/pull/373
• Feat: Add per-user security metrics sampling with cardinality controls by @croessner in https://github.com/croessner/nauthilus/pull/374
• Feat: Enhance username identifier logic for global pattern monitoring by @croessner in https://github.com/croessner/nauthilus/pull/375
• Feat: Add Redis Lua scripts for enhanced key operations with expiration by @croessner in https://github.com/croessner/nauthilus/pull/376
• Features by @croessner in https://github.com/croessner/nauthilus/pull/377
• Features by @croessner in https://github.com/croessner/nauthilus/pull/378
• Features by @croessner in https://github.com/croessner/nauthilus/pull/379
• Features by @croessner in https://github.com/croessner/nauthilus/pull/380
• Feat: Add hello-world-request-dump Lua hook for rendering HTTP requ… by @croessner in https://github.com/croessner/nauthilus/pull/381
• Docs: Add documentation for hello-world-request-dump Lua hook by @croessner in https://github.com/croessner/nauthilus/pull/382
• Fix: Return nil to indicate HTTP response is already handled in `he… by @croessner in https://github.com/croessner/nauthilus/pull/383
• Features by @croessner in https://github.com/croessner/nauthilus/pull/384
• Features by @croessner in https://github.com/croessner/nauthilus/pull/385
• Feat: Add warm-up diagnostics and system startup settings to brute-fo… by @croessner in https://github.com/croessner/nauthilus/pull/386
• Features by @croessner in https://github.com/croessner/nauthilus/pull/387
• Features by @croessner in https://github.com/croessner/nauthilus/pull/388
• Features by @croessner in https://github.com/croessner/nauthilus/pull/389
• Features by @croessner in https://github.com/croessner/nauthilus/pull/390
• Features by @croessner in https://github.com/croessner/nauthilus/pull/391
• Features by @croessner in https://github.com/croessner/nauthilus/pull/392
• Features by @croessner in https://github.com/croessner/nauthilus/pull/393
• Refactor: Enhance query filter logic and support additional parameters by @croessner in https://github.com/croessner/nauthilus/pull/394
• Features by @croessner in https://github.com/croessner/nauthilus/pull/395
• Features by @croessner in https://github.com/croessner/nauthilus/pull/396
• Features by @croessner in https://github.com/croessner/nauthilus/pull/397
• Features by @croessner in https://github.com/croessner/nauthilus/pull/398
• Features by @croessner in https://github.com/croessner/nauthilus/pull/399
• Fix: Add LuaModHTTPResponse preloader for filter and feature mo… by @croessner in https://github.com/croessner/nauthilus/pull/400
• Features by @croessner in https://github.com/croessner/nauthilus/pull/401
• Fix: Merge attributes in applyBackendResult to maintain accumulator… by @croessner in https://github.com/croessner/nauthilus/pull/402
• Features by @croessner in https://github.com/croessner/nauthilus/pull/403
• Feat: Add config to reduce PW_HIST writes for cached blocks by @croessner in https://github.com/croessner/nauthilus/pull/404
• Features by @croessner in https://github.com/croessner/nauthilus/pull/405
• Features by @croessner in https://github.com/croessner/nauthilus/pull/406
• Features by @croessner in https://github.com/croessner/nauthilus/pull/407
• Fix: Customize Prometheus handler to disable compression for HTTP met… by @croessner in https://github.com/croessner/nauthilus/pull/408
• Features by @croessner in https://github.com/croessner/nauthilus/pull/409
• Features by @croessner in https://github.com/croessner/nauthilus/pull/410
• Feat: Add minimal brute-force protection for authentication by IP by @croessner in https://github.com/croessner/nauthilus/pull/411
• Features by @croessner in https://github.com/croessner/nauthilus/pull/412
• Fix: Re-added GET methods for certain endpoints by @croessner in https://github.com/croessner/nauthilus/pull/413
• Features by @croessner in https://github.com/croessner/nauthilus/pull/414
• Feat: Add semaphore-based concurrency control to LDAP pool by @croessner in https://github.com/croessner/nauthilus/pull/415
• Features by @croessner in https://github.com/croessner/nauthilus/pull/417
• Fix: Validate and normalize ISO-3166 codes in geoIP logic by @croessner in https://github.com/croessner/nauthilus/pull/418
• Features by @croessner in https://github.com/croessner/nauthilus/pull/419
• Features by @croessner in https://github.com/croessner/nauthilus/pull/420
• Feat: Implement optional Hydra integration gated via build tags by @croessner in https://github.com/croessner/nauthilus/pull/421
• Features by @croessner in https://github.com/croessner/nauthilus/pull/422
• Features by @croessner in https://github.com/croessner/nauthilus/pull/423
• Features by @croessner in https://github.com/croessner/nauthilus/pull/424
• Feat: Add leader session ID propagation in distributed auth flow by @croessner in https://github.com/croessner/nauthilus/pull/425
• Features by @croessner in https://github.com/croessner/nauthilus/pull/426
• Feat: Add warnings for deprecated configuration fields by @croessner in https://github.com/croessner/nauthilus/pull/427
• Features by @croessner in https://github.com/croessner/nauthilus/pull/428
• Features by @croessner in https://github.com/croessner/nauthilus/pull/429
• Feat: Add in-process singleflight deduplication toggle and password h… by @croessner in https://github.com/croessner/nauthilus/pull/430
• Features by @croessner in https://github.com/croessner/nauthilus/pull/431
• Feat: Add early and detailed logging for authentication request proce… by @croessner in https://github.com/croessner/nauthilus/pull/432
• Feat: Add explicit flags for request authorization and authentication… by @croessner in https://github.com/croessner/nauthilus/pull/433
• Fix: Reflect in-memory cache hits in AuthState for accurate logging by @croessner in https://github.com/croessner/nauthilus/pull/434
• Feat: Log rejected filters and per-filter results in filter processing by @croessner in https://github.com/croessner/nauthilus/pull/435
• Feat: Add execution flags to Lua filters and refactor filter processing by @croessner in https://github.com/croessner/nauthilus/pull/436
• Features by @croessner in https://github.com/croessner/nauthilus/pull/437
• Docs: Translate and enhance README.md for client usage by @croessner in https://github.com/croessner/nauthilus/pull/438
• Features by @croessner in https://github.com/croessner/nauthilus/pull/439
• Features by @croessner in https://github.com/croessner/nauthilus/pull/440
• Features by @croessner in https://github.com/croessner/nauthilus/pull/441
• Features by @croessner in https://github.com/croessner/nauthilus/pull/442
• Features by @croessner in https://github.com/croessner/nauthilus/pull/443
• Fix: Improve Redis context handling in refreshUserAccount by @croessner in https://github.com/croessner/nauthilus/pull/444
• Refactor: Unify context handling across LDAP, Lua, and Redis operations by @croessner in https://github.com/croessner/nauthilus/pull/445
• Features by @croessner in https://github.com/croessner/nauthilus/pull/446
• Fix: Simplify priority handling and enhance logging for empty account… by @croessner in https://github.com/croessner/nauthilus/pull/447
• Features by @croessner in https://github.com/croessner/nauthilus/pull/448
• Features by @croessner in https://github.com/croessner/nauthilus/pull/449
• Features by @croessner in https://github.com/croessner/nauthilus/pull/450
• Features by @croessner in https://github.com/croessner/nauthilus/pull/451
• Features by @croessner in https://github.com/croessner/nauthilus/pull/452
• Feat: Modularize core authentication logic with new service interfaces by @croessner in https://github.com/croessner/nauthilus/pull/453
• Features by @croessner in https://github.com/croessner/nauthilus/pull/454
• Refactor: Change default return value in GetPoolFIFO to true for … by @croessner in https://github.com/croessner/nauthilus/pull/455
• Features by @croessner in https://github.com/croessner/nauthilus/pull/456
• Features by @croessner in https://github.com/croessner/nauthilus/pull/457
• Features by @croessner in https://github.com/croessner/nauthilus/pull/458
• Feat: Add centralized LoginAttemptManager for authentication tracking by @croessner in https://github.com/croessner/nauthilus/pull/459
• Feat: Add account resolution and middleware integration by @croessner in https://github.com/croessner/nauthilus/pull/460
• Features by @croessner in https://github.com/croessner/nauthilus/pull/461
• Features by @croessner in https://github.com/croessner/nauthilus/pull/462
• Features by @croessner in https://github.com/croessner/nauthilus/pull/463
• Features by @croessner in https://github.com/croessner/nauthilus/pull/464
• Features by @croessner in https://github.com/croessner/nauthilus/pull/465
• Features by @croessner in https://github.com/croessner/nauthilus/pull/466
• Features by @croessner in https://github.com/croessner/nauthilus/pull/467
• Features by @croessner in https://github.com/croessner/nauthilus/pull/468
• Features by @croessner in https://github.com/croessner/nauthilus/pull/469
• Refactor: Simplify LuaLDAPEndpoint function by removing active pool… by @croessner in https://github.com/croessner/nauthilus/pull/470
• Fix: Correct pool name validation in ldap_endpoint Lua function by @croessner in https://github.com/croessner/nauthilus/pull/471
• Refactor: Use semantic conventions for server attributes in OpenTelem… by @croessner in https://github.com/croessner/nauthilus/pull/472
• Features by @croessner in https://github.com/croessner/nauthilus/pull/473
• Features by @croessner in https://github.com/croessner/nauthilus/pull/474
• Refactor: Replace struct with Token in ldappool for improved ty… by @croessner in https://github.com/croessner/nauthilus/pull/475
• Feat: Add ErrLDAPPoolExhausted and improve pool exhaustion handling by @croessner in https://github.com/croessner/nauthilus/pull/476
• Feat: Add LDAP operation timeout handling for better error classifica… by @croessner in https://github.com/croessner/nauthilus/pull/477
• Fix: Enhance LDAP filter handling and improve negative cache logic by @croessner in https://github.com/croessner/nauthilus/pull/478
• Features by @croessner in https://github.com/croessner/nauthilus/pull/479
• Features by @croessner in https://github.com/croessner/nauthilus/pull/480
• Features by @croessner in https://github.com/croessner/nauthilus/pull/481
• Features by @croessner in https://github.com/croessner/nauthilus/pull/482
• Fix: Add protocol and OIDC client ID to user account mapping by @croessner in https://github.com/croessner/nauthilus/pull/483
• Fix: Enforce safe object reuse with pool integration and cleanup by @croessner in https://github.com/croessner/nauthilus/pull/484
• Features by @croessner in https://github.com/croessner/nauthilus/pull/485
• Features by @croessner in https://github.com/croessner/nauthilus/pull/486
• Feat: Add WhenNoAuth support for feature execution by @croessner in https://github.com/croessner/nauthilus/pull/487
• Feat: Add request abortion handling for improved error context by @croessner in https://github.com/croessner/nauthilus/pull/488
• Features by @croessner in https://github.com/croessner/nauthilus/pull/489
• Features by @croessner in https://github.com/croessner/nauthilus/pull/490
• Features by @croessner in https://github.com/croessner/nauthilus/pull/491
• Chore: Update GitHub workflows to set read-only permissions by @croessner in https://github.com/croessner/nauthilus/pull/492
• Fix: Prevent open redirects in IDP logout and WebAuthn verification t… by @croessner in https://github.com/croessner/nauthilus/pull/493
• Feat: Add IdP client and service provider name resolution for OIDC/SA… by @croessner in https://github.com/croessner/nauthilus/pull/494
• Features by @croessner in https://github.com/croessner/nauthilus/pull/495
• Features by @croessner in https://github.com/croessner/nauthilus/pull/496
• Features by @croessner in https://github.com/croessner/nauthilus/pull/497
• Features by @croessner in https://github.com/croessner/nauthilus/pull/498
• Refactor: Remove user_info scope and related authorization logic by @croessner in https://github.com/croessner/nauthilus/pull/499
• Features by @croessner in https://github.com/croessner/nauthilus/pull/500
• Fix: Skip account-scoped password history processing when accountName… by @croessner in https://github.com/croessner/nauthilus/pull/501
• Features by @croessner in https://github.com/croessner/nauthilus/pull/502
• Features by @croessner in https://github.com/croessner/nauthilus/pull/503
• Features by @croessner in https://github.com/croessner/nauthilus/pull/504
• Refactor: Handle nil OIDCClient in String() method and update receive… by @croessner in https://github.com/croessner/nauthilus/pull/505
• Chore: Update vendor packages by @croessner in https://github.com/croessner/nauthilus/pull/506
• Features by @croessner in https://github.com/croessner/nauthilus/pull/507
• Features by @croessner in https://github.com/croessner/nauthilus/pull/508
• Features by @croessner in https://github.com/croessner/nauthilus/pull/509
• Features by @croessner in https://github.com/croessner/nauthilus/pull/510
• Feat: Add custom 404 handling for API and non-API routes by @croessner in https://github.com/croessner/nauthilus/pull/511
• Refactor: rewrite pam_nauthilus as pure C PAM module by @croessner in https://github.com/croessner/nauthilus/pull/512
• Feat: Add support for OpenSSL 1.1.x fallback in RSA key construction by @croessner in https://github.com/croessner/nauthilus/pull/513
• Features by @croessner in https://github.com/croessner/nauthilus/pull/514
• Features by @croessner in https://github.com/croessner/nauthilus/pull/515

Full Changelog: v2.1.2...v3.0.0