release: v7.0.0 (2026-04-29)#174
Merged
saurabhjain1592 merged 8 commits intomainfrom Apr 29, 2026
Merged
Conversation
Major release. Headline breaking change: removal of DO_NOT_TRACK as an AxonFlow telemetry opt-out — AXONFLOW_TELEMETRY=off is the canonical and only opt-out signal. Bundles StaticPolicy/PolicyVersion snake_case alignment with the OpenAPI spec and the new ClientRequest.skip_llm request flag (both already merged on main). CHANGELOG cuts the Unreleased section over to a versioned 7.0.0 release dated 2026-04-29 UTC, drops the internal \`### CI / Testing\` block per the user-facing-only changelog policy, and tightens a few descriptions. Bumps pyproject.toml + axonflow/_version.py to 7.0.0. Companion releases ship the same day: TypeScript v7.0.0, Go v7.0.0 (with /v7 module path migration), Java v7.0.0.
The merge of #173 (7-day delivered-heartbeat) into the release branch was auto-resolved cleanly by git, but the section title on the [7.0.0] CHANGELOG header still listed only DO_NOT_TRACK + StaticPolicy + skip_llm. The heartbeat is a behavioural change real users will notice, so promote it to the section title alongside the other headlines.
…se notes Surfaces the family-wide hardening message at the top of the 2026-04-29 release section so it lands in the GitHub Release body when the tag is cut. Users browsing the CHANGELOG at any future point also see it as the first line of the release notes. The line is identical across all 4 plugins + 4 SDKs in this same-day release train.
Header reduces from "## [7.0.0] - 2026-04-29 — DO_NOT_TRACK removal + 7-day delivered heartbeat" to just "## [7.0.0] - 2026-04-29". The descriptor paragraph that followed and re-listed those two headlines shrinks to a one-line coordinated-release note pointing to the same-day companion SDK releases. The substantive bullets in BREAKING / Changed / Fixed are unchanged — users who care about the specifics will read those. The "Upgrade strongly recommended" banner above already conveys the release's intent for everyone else.
…o BREAKING-first Aligns the common DNT removal + 7-day heartbeat + deprecation-warning removal entries to identical compact wording across all 4 plugins + 4 SDKs. Plugins now use the same `### BREAKING` section header as the SDKs (was: `**BREAKING:**` inline under `### Removed`), so the four sections — BREAKING / Added / Changed / Fixed / Security — read in the same order whether you're looking at a plugin or an SDK CHANGELOG. Telemetry change descriptions trimmed: kept the substantive contract (7-day cadence, stamp-on-delivery, transient-failure resilience, in-flight de-dup, restricted-runtime fallback), dropped the implementation detail (specific syscall names, cache dir paths, 1-hour in-memory cache) — the bullets in BREAKING / Changed / Fixed all carry the headline behaviour without restating it three times. The "Upgrade strongly recommended" banner above and the bullets below cover the message; this commit just removes redundancy. No semantic content removed. Anyone who wants the implementation details can read the source. Anyone who wants to know what changed sees it in three or four lines.
Mirrors the format of axonflow-enterprise#1772: - Restore CHANGELOG H2 suffix to "— Production, quality, and security hardening — upgrade encouraged". - Add "Security highlights" block under the upgrade-recommended banner citing the three vulnerability fixes shipped in this cycle (webhook signing-key exposure, DO_NOT_TRACK removal, nightly strict-mode integration) plus a link to the per-SDK advisory GHSA-7f4h-6264-89fr and the consolidated platform advisory GHSA-9h64-2846-7x7f. - Add "Reliability and bug-fix highlights" block citing the three operator-facing fixes (retry_context + idempotency_key, atexit telemetry flush, wire-shape contract CI + baseline burndown). - Add upgrade-recommended banner near the top of README.md. Diff is CHANGELOG.md + README.md only; no code or test changes.
Mirrors axonflow-enterprise#1774. The banner no longer hard-codes the current version or specific GHSA IDs — instead it links to the canonical /releases/latest and /security/advisories surfaces of this repository so the README doesn't need a re-edit on every release. Same one-paragraph blockquote near the top of the README, just with evergreen links.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrade strongly recommended. Over the past month we've shipped substantial production, quality, and security hardening across the AxonFlow SDKs and platform — see the v7.0.0 release notes, the per-SDK advisory
GHSA-7f4h-6264-89fr, and the consolidated platform advisoryGHSA-9h64-2846-7x7f. Upgrade to the latest major for a more secure, reliable, and bug-free experience.Summary
Cuts the
[Unreleased]section over to[7.0.0] - 2026-04-29 — Production, quality, and security hardening — upgrade encouraged. Major bump driven by the BREAKINGDO_NOT_TRACKremoval. CHANGELOG and README mirror the format of axonflow-enterprise#1772.Headline changes shipped under 7.0.0:
DO_NOT_TRACK=1no longer honoured as an opt-out — useAXONFLOW_TELEMETRY=off.RegisterRequest— was missing from the SDK type, leaving signature verification un-implementable.try.getaxonflow.com(canary issue auto-filed on regression).Test plan
## [7.0.0] - 2026-04-29 — ....pyproject.tomlandaxonflow/_version.pypin7.0.0.v7.0.0, publish GitHub Release with body sourced from this CHANGELOG section, PyPI publish via release workflow.