Skip to content

Releases: graybuton/goframe

GoFrame v0.2.0-preview.3

Pre-release

Choose a tag to compare

@graybuton graybuton released this 04 Jul 15:27
v0.2.0-preview.3
b270f82

Release Notes: v0.2.0-preview.3

Summary

v0.2.0-preview.3 is a hotfix preview after v0.2.0-preview.2.

It fixes stale toolchain self-reporting. v0.2.0-preview.2 installed from the
correct Go module tag, but the CLI self-reported:

goxc version 0.1.0

and goxc package wrote generated package metadata with:

"toolchainVersion": "0.1.0"

goxc version and generated goframe-package.json metadata now use the module
version recorded in Go build information for tagged module installs. Local
checkout builds report and write:

devel

What Changed

  • goxc version no longer uses the hardcoded release constant for CLI
    self-reporting.
  • goxc package writes toolchainVersion from the same build-info-derived
    value in generated goframe-package.json metadata.
  • Tagged module installs such as @v0.2.0-preview.3 report and write
    v0.2.0-preview.3.
  • Local checkout builds such as go run ./cmd/goxc version and
    go install ./cmd/goxc report devel, and local package metadata writes
    "toolchainVersion": "devel".

Compatibility

  • No GoFrame runtime behavior changed.
  • No GOX parser, codegen, or language behavior changed.
  • No package workflow, layout, build, export, serve, clean, doctor, workspace,
    or manifest behavior changed.
  • Package metadata now reports the build-info-derived toolchain version.
  • No examples changed.
  • No migration is required.

Validation

Release-gate validation for this hotfix should include:

  • go test ./cmd/goxc;
  • go test ./...;
  • go vet ./...;
  • node scripts/docs-check.mjs;
  • scripts/artifact-check.sh;
  • scripts/module-path-check.sh;
  • scripts/size-budget.sh;
  • scripts/browser-smoke.sh.

The release readiness check should also verify local checkout behavior:

go run ./cmd/goxc version
tmpbin="$(mktemp -d)"
GOBIN="$tmpbin" go install ./cmd/goxc
"$tmpbin/goxc" version

Both local commands should print goxc version devel on the first line.

It should also verify local package metadata:

go run ./cmd/goxc package ./examples/counter --compiler=go

The generated examples/counter/.goframe/package/standalone/goframe-package.json
should contain:

"toolchainVersion": "devel"

Install

After the tag is published, install the exact hotfix preview with:

go install github.com/graybuton/goframe/cmd/goxc@v0.2.0-preview.3

Verification

Run:

goxc version

Expected first line:

goxc version v0.2.0-preview.3

Generated goframe-package.json metadata should include:

"toolchainVersion": "v0.2.0-preview.3"

Non-Goals

This hotfix does not include:

  • runtime changes;
  • GOX parser, codegen, or language changes;
  • package workflow or layout changes beyond the reported metadata value;
  • goxc build/export/serve behavior changes;
  • server/fullstack API changes;
  • production readiness claims;
  • route loader, JSON/data framework, or global cache changes;
  • release tag creation in the release-notes PR.

GoFrame v0.2.0-preview.2

Pre-release

Choose a tag to compare

@graybuton graybuton released this 03 Jul 19:34
v0.2.0-preview.2
53b2a15

Release Notes: v0.2.0-preview.2

Summary

v0.2.0-preview.2 is an experimental preview for GoFrame's web-first browser/WASM direction.

This release focuses on server-backed evidence and the smallest browser-side text loader now present in the runtime: experimental gf.FetchText.

The validated target remains interactive browser/WASM applications built with the GoFrame runtime, GOX, and goxc. This release does not claim production readiness, fullstack/server APIs, server functions, SSR/hydration, route loaders, JSON/data framework behavior, global caching, or production server behavior.

Highlights

  • examples/server-backed is now a persistent reference fixture for a packaged GoFrame browser/WASM app served by a plain Go net/http backend.
  • The fixture exposes a same-origin /api/greeting endpoint and exercises a resource/form flow from the browser app.
  • Browser smoke covers:
    • initial backend data;
    • form-driven updates;
    • controlled backend HTTP 500 failure UI;
    • recovery after a valid submission;
    • delayed stale-response no-overwrite behavior.
  • Experimental gf.FetchText provides a browser/WASM text-only helper that fits the gf.UseResource / ResourceLoader[string] shape.
  • examples/server-backed uses gf.FetchText.
  • examples/resource is now the second adoption point for gf.FetchText while keeping parsing and lifecycle demonstration local to the example.
  • The cmd/goxc workspace dependency characterization test now keeps the inner go list baseline robust under GOFLAGS=-buildvcs=false.

Server-backed Evidence

The server-backed fixture demonstrates a narrow integration boundary:

  • goxc package ./examples/server-backed --compiler=go produces the browser/WASM app bundle;
  • examples/server-backed/cmd/server is a plain Go net/http server;
  • the backend serves the packaged standalone directory as static files;
  • the backend exposes /api/greeting on the same origin as the app;
  • the browser app renders backend data through gf.UseResource and a small form flow.

This is evidence for a server-backed browser/WASM pattern, not a GoFrame server framework.

Experimental gf.FetchText

gf.FetchText is an experimental browser/WASM text loader for the ResourceLoader[string] contract.

In browser/WASM builds, it:

  • calls browser fetch with the provided key as the URL;
  • uses AbortController for cleanup;
  • reads successful responses with response.text();
  • rejects non-OK HTTP responses with an ordinary error whose text includes the status code;
  • rejects fetch/network failures with an ordinary error;
  • prevents resolve/reject callbacks after cleanup.

Host builds compile with a stub that rejects with a clear ordinary error and returns a safe no-op cleanup.

gf.FetchText is text-only. It does not provide JSON parsing, UseFetch, public HTTPError, a browser subpackage, caching, retry/backoff, deduplication, route loaders, server APIs, auth/session behavior, SSR, hydration, or production server behavior.

Compatibility

  • Existing gf.UseResource semantics did not change.
  • Existing custom ResourceLoader implementations remain valid.
  • gf.FetchText is Experimental Frontier, not Public-Candidate.
  • examples/server-backed is an example/integration fixture, not a server framework.
  • Existing browser/WASM app workflows remain experimental preview workflows.

Not Supported / Not Claimed

This release does not claim:

  • production readiness;
  • stable 1.0 API compatibility;
  • fullstack/server APIs;
  • server functions;
  • SSR or hydration;
  • route loaders;
  • JSON/data framework behavior;
  • global resource cache;
  • auth/session helpers;
  • production server behavior;
  • history-mode router or server fallback automation;
  • broad reusable package ecosystem stability;
  • Player/Engine;
  • .gfapp.

Install

go install github.com/graybuton/goframe/cmd/goxc@v0.2.0-preview.2

Full Notes

See docs/release-notes-v0.2.0-preview.2.md for the complete release notes, validation scope, compatibility notes, upgrade notes, and known limitations.

Known issue

goxc version and generated goframe-package.json metadata self-report 0.1.0 in this preview.

The Go module tag itself is correct: v0.2.0-preview.2.

This is fixed in v0.2.0-preview.3.

GoFrame v0.2.0-preview.1

Pre-release

Choose a tag to compare

@graybuton graybuton released this 03 Jul 19:31
v0.2.0-preview.1
0cfc08e

Release Notes: v0.2.0-preview.1

Summary

v0.2.0-preview.1 is a narrow evaluator preview for GoFrame's web-first direction.

This release records the post-v0.1.0-preview.2 work around external Go component package evidence and closes the public strategy wording around GoFrame's active direction: browser/WASM runtime, GOX, goxc, package/export workflows, examples, and CI evidence.

GoFrame remains experimental. This release does not claim production readiness, stable 1.0 APIs, fullstack/server APIs, SSR/hydration, Player/Engine, .gfapp, or a broad reusable package ecosystem.

Highlights

  • Web-first positioning closeout: GoFrame is described as an experimental Go-first web application framework and toolchain.
  • Player/Engine, .gfapp, portable host/runtime packaging, desktop/mobile shells, and custom app engine work are inactive and outside the preview promise.
  • External component package identity evidence now covers:
    • package-qualified GOX tags for external imports;
    • import aliases as debug labels rather than runtime identity;
    • same-symbol package separation;
    • versioned import path separation.
  • goxc build workspaces now preserve app module require / replace directives needed for ordinary Go package resolution.
  • Local relative replace targets are rewritten to original module locations when materialized under .goframe/work/<profile>.
  • Go/WASM build-flow evidence covers a local-replace external Go component package imported by an app module.
  • Release-facing docs keep preview promises tied to current evidence.

Supported In This Preview

This preview supports evaluating:

  • browser/WASM interactive apps;
  • the current pkg/goframe runtime surfaces documented as public-candidate or experimental;
  • GOX generation, package-qualified component tags, and diagnostics covered by current tests;
  • goxc generate, build, package, export, serve, size, clean, doctor, and version;
  • static package/export workflow for browser deployment artifacts;
  • hash-router/static-host deployment model;
  • app module local require / replace external Go component package path for ordinary Go packages.

Not Supported / Not Claimed

This release does not claim:

  • production readiness;
  • stable 1.0 API compatibility;
  • fullstack/server APIs;
  • SSR or hydration;
  • history-mode router, file routing, route loaders, or production server fallback automation;
  • production static server behavior in goxc serve;
  • raw .gox generation inside external dependencies;
  • broad reusable component package ecosystem stability;
  • full multi-module monorepo support;
  • remote or non-local external module evidence for the new external component package path;
  • equivalent Firefox or Safari support;
  • Player/Engine, .gfapp, portable host/runtime packaging, desktop/mobile shells, or custom app engine;
  • stable LSP/formatter behavior.

Install

go install github.com/graybuton/goframe/cmd/goxc@v0.2.0-preview.1

Full Notes

See docs/release-notes-v0.2.0-preview.1.md for the complete release notes, validation scope, platform evidence, upgrade notes, and known limitations.

GoFrame v0.1.0-preview.2

Pre-release

Choose a tag to compare

@graybuton graybuton released this 30 Jun 15:51
v0.1.0-preview.2
e9f6217

Release Notes: v0.1.0-preview.2

Summary

v0.1.0-preview.2 is a maintenance preview after
v0.1.0-preview.1. It focuses on public repository hygiene and security/test
harness hardening that landed on main after the first evaluator preview.

GoFrame remains an experimental Go-first application platform. This maintenance
preview does not expand the runtime/API stability promise, does not make
goxc serve a production server, and keeps the preview scope centered on
browser/WASM evaluator use.

Scope preview != scope project. The first preview remains narrower than the
project vision without removing or hiding working experimental surfaces.

What Changed Since v0.1.0-preview.1

Community Health

The repository now includes minimal public-preview community files:

  • issue templates for bug reports and feature requests;
  • a pull request template;
  • updated contribution guidance;
  • a short Code of Conduct.

These files describe contribution expectations for an experimental public
preview repository. They do not change runtime, toolchain, package, or example
behavior.

goxc serve Path Hardening

goxc serve now hardens static request path handling:

  • request paths are sanitized before filesystem resolution and before handing
    the request to http.FileServer;
  • traversal and backslash paths return 404;
  • symlinked served entries remain fail-closed;
  • existing static asset headers for WASM, JavaScript, CSS, gzip, and brotli
    sidecars are preserved.

goxc serve remains development-only. Production static hosting, cache
headers, TLS, access control, and broader server hardening remain outside the
current preview contract.

Browser Smoke Harness Hardening

Browser smoke scripts no longer construct dynamic executable JavaScript from
test-controlled selectors, labels, or expected values in the targeted CodeQL
alert patterns. The harness passes those values as Chrome DevTools Protocol
function arguments instead.

This is test-harness hardening only. Browser runtime behavior and smoke
assertions are unchanged.

Compatibility

This maintenance preview has no intended:

  • runtime API changes;
  • GOX language changes;
  • manifest, package, or export semantics changes;
  • workflow support expansion;
  • preview promise expansion.

The v0.1.0-preview.1 compatibility boundaries still apply: public-candidate
API shapes remain pre-1.0, experimental semantics remain explicitly scoped, and
production readiness is not claimed.

Validation

Expected release-branch validation includes:

git diff --check
node scripts/docs-check.mjs
go test ./...

Additional checks may be run by CI or release maintainers, but this maintenance
release note only records commands that are part of the documented local
release-prep validation set.

Notes For Evaluators

After release publication, install the exact CLI tag when exact preview
selection matters:

go install github.com/graybuton/goframe/cmd/goxc@v0.1.0-preview.2

@latest may depend on Go module proxy and cache timing. Use the exact tag
when immediate reproducibility matters after publication.

Non-Goals

v0.1.0-preview.2 does not include:

  • production readiness;
  • stable 1.0 API compatibility;
  • runtime feature changes;
  • GOX language changes;
  • manifest/package/export contract changes;
  • browser/platform support expansion;
  • turning goxc serve into a production static server;
  • SSR, hydration, history routing, Player/Engine, or .gfapp packaging.

GoFrame v0.1.0-preview.1

Pre-release

Choose a tag to compare

@graybuton graybuton released this 29 Jun 15:34
v0.1.0-preview.1
9b10c13

Release Notes: v0.1.0-preview.1

Summary

GoFrame is an experimental Go-first application platform. This preview
validates the current browser/WASM interactive application layer: the
pkg/goframe runtime, GOX generation, the goxc toolchain, static packaging,
examples, docs, and CI evidence.

The preview scope is narrower than the project vision. Router, resources, Error
Boundaries, package/export workflow, and the reference app are real working
surfaces. Player/Engine, broader host/runtime targets, richer editor tooling,
and a package ecosystem remain outside this preview promise.

Preview Scope

This preview is for evaluators who want to inspect and try the current
browser/WASM layer:

  • Go-authored interactive browser apps;
  • GOX components and package-qualified component tags;
  • component-scoped state, effects, context, memoization, fixed-height
    virtualization, resources, and hash routing;
  • static goxc package output with generated package metadata;
  • focused examples plus the router-dashboard reference app;
  • Linux/Chrome browser smoke evidence and minimal macOS/Windows Go/toolchain
    evidence.

It is not a production-ready release and does not create a stable 1.0 API
promise.

What Is Included

  • pkg/goframe: nodes, typed component identity, hooks, context, events,
    virtualized collections, hash router, component-scoped resources, runtime
    error reporting, and scoped render Error Boundaries.
  • pkg/gox: GOX parsing/code generation, source-oriented diagnostics,
    package-qualified component tags, golden/error golden tests, and bounded fuzz
    seeds.
  • cmd/goxc: generate, build, package, export, serve, size, clean, doctor, and
    version commands.
  • Package workflow: versionless goframe.json, recommended
    "assets": "./assets", legacy explicit asset lists, generated or custom root
    index.html, versioned asset-manifest.json, and authoritative
    goframe-package.json completion metadata.
  • Examples: quickstart, focused primitives, toolchain/layout examples,
    examples/router-dashboard as the reference app, and examples/dashboard as
    the pressure/performance example.

How To Try It

Install the current toolchain:

go install github.com/graybuton/goframe/cmd/goxc@latest
goxc doctor

From a local checkout, install the local goxc instead:

go install ./cmd/goxc
goxc doctor

Run the quickstart:

goxc package ./examples/counter --compiler=tinygo
goxc serve ./examples/counter --port=8080

Run the reference app:

goxc package ./examples/router-dashboard --compiler=tinygo
goxc serve ./examples/router-dashboard --port=8080

For the intentional ErrorBoundary panic demo in the reference app, use the
recover-capable Go/WASM package path:

goxc package ./examples/router-dashboard --compiler=go
goxc serve ./examples/router-dashboard --port=8080

See the evaluator guide for a shorter evaluation path and
the tutorial for the guided reference-app walkthrough.

Compatibility Notes

  • Public-Candidate API shapes are documented in
    API stability. They remain pre-1.0 and can change with
    migration notes.
  • Some exported API shapes are public-candidate while deeper lifecycle,
    routing, fallback, and edge-case semantics remain Experimental Frontier.
  • Generated typed component identity is stable enough for one app/module tree.
    Broad reusable multi-module package identity is not promised by this preview.
  • goframe.json remains versionless for v0.1.0-preview.1.
  • assets: "./assets" is the recommended static asset form. Legacy explicit
    asset lists remain supported.
  • Package root index.html is always produced: selected custom templates are
    rewritten, and goxc package generates a default entrypoint when no custom
    template exists.
  • Generated asset-manifest.json and goframe-package.json are versioned
    tooling metadata. goframe-package.json is the authoritative current package
    completion marker.

Known Limitations

  • Browser/WASM DOM target only.
  • Linux/Chrome is the strongest browser evidence. Firefox and Safari are
    unverified in current CI evidence.
  • macOS and Windows have minimal Go/toolchain CI evidence, not full browser or
    TinyGo smoke coverage.
  • TinyGo size-oriented builds use trap-style panic behavior by default.
    Recover-based ErrorBoundary demos use Go/WASM.
  • Resources are component-scoped. There is no global cache, deduplication,
    automatic retry, Suspense behavior, route loader, or runtime fetch API.
  • The router is hash-based. History-mode routing, file-based routing,
    middleware, route guards, and production fallback automation are outside this
    preview.
  • Package publication is metadata-last and fail-closed, but not a transactional
    rollback installer.
  • goxc serve is development-only and not a production static server.

Validation Evidence

Current repository evidence includes:

  • go test ./...;
  • race tests for ./pkg/... ./cmd/...;
  • go vet ./...;
  • debug-tag tests;
  • GOX golden/error golden tests;
  • bounded GOX fuzz seed targets through normal tests;
  • TinyGo size budgets;
  • browser smoke on Linux/Chrome;
  • dashboard DOM pressure checks;
  • artifact/module path gates;
  • docs consistency checks;
  • VS Code extension compile checks.

See CI and regression gates, platform support,
and public preview readiness for the current
evidence matrix.

Non-Goals

v0.1.0-preview.1 does not include:

  • production readiness;
  • stable 1.0 compatibility;
  • SSR or hydration;
  • history-mode router or server fallback automation;
  • route loaders, middleware, auth guards, or route-level data APIs;
  • Suspense, server resources, or a global resource cache;
  • schema validation framework or mutation framework;
  • production deployment server;
  • LSP/formatter;
  • Player/Engine or .gfapp packaging.