v1.6.0

v1.6.0: module path migrated to go.klarlabs.de/fortify

v1.5.1

chore(deps)(deps): bump google.golang.org/grpc (#27)

Bumps the grpc group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `google.golang.org/grpc` from 1.80.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: grpc
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v1.5.0

v1.5.0 — SSE / chunked-response support in fortify/http

v1.4.0

v1.4.0 - AI/agent wedge: budget, streamtimeout, LLMCall, LLMHedge

v1.3.1

Patch release: CI hardening, docs site live, flaky-test fix. No API changes.

- hedge test deflaked (Linux race)
- nox CLI install + scan flow corrected for v0.8.1 source-built binary
- .nox.yaml + .nox/baseline.json suppress regex false positives
- docs site builds and deploys to https://felixgeelhaar.github.io/fortify/
- changelog workflow switched to weekly cron (loop fix)
- 9 dependabot PRs merged (action major bumps + Node 20 deprecation fix)

v1.3.0

Resilience hardening release. See CHANGELOG.md for full notes.

v1.2.1

Bug Fixes

• Module Path: Reverted module path from /v2 to /v1. The v2 suffix was added without a corresponding v2.x.x tag, breaking Go module resolution. The OnAllow callback feature is backwards compatible and doesn't warrant a major version bump.

Maintenance

• Added gitignore entries for profiling and relicta runtime
• Added relicta release configuration
• Replaced codecov badge with local coverctl badge (84.9% coverage)

v1.2.0

What's New

Features

• Go v2 Module Path - Updated module path to github.com/felixgeelhaar/fortify/v2 for proper Go semantic import versioning (#5)
• OnAllow Callback - Added OnAllow callback to rate limiter config for tracking allowed requests (#3)

Documentation

• Added comprehensive per-key rate limiting examples:
  • Global, per-method, per-client, and combined limiting patterns
  • Dynamic key extraction with KeyFunc
• Documented event callbacks (OnAllow, OnLimit) for observability
• Documented Metrics interface implementation

Other Changes

• Updated GitHub Actions to latest versions
• Updated Go version to 1.24
• Fixed CI benchmark workflow

Migration

Update your imports to use the /v2 suffix:

```go
// Before
import "github.com/felixgeelhaar/fortify/ratelimit"

// After
import "github.com/felixgeelhaar/fortify/v2/ratelimit"
```

Coverage

• 84.8% test coverage (passes 80% threshold)

Full Changelog: v1.1.2...v1.2.0

v2.0.0 - Pluggable Store Interface

Fortify v2.0.0 - Pluggable Store Interface

This release introduces a major architectural refactor of the rate limiter to use a pluggable Store interface, enabling distributed rate limiting across multiple application instances.

⚠️ Breaking Changes

• Removed backends/redis module - Users now implement the Store interface for custom backends
• Removed examples/backends/redis - See migration guide for implementation patterns

✨ New Features

Pluggable Store Interface

type Store interface {
    AtomicUpdate(ctx context.Context, key string, updateFn func(*BucketState) *BucketState) (*BucketState, error)
    Get(ctx context.Context, key string) (*BucketState, error)
    Delete(ctx context.Context, key string) error
    Close() error
}

New Rate Limiter Methods

• Execute(ctx, key, operation) - Combines rate limiting check with operation execution
• ExecuteN(ctx, key, tokens, operation) - Multi-token variant for batch operations
• Reset(ctx) - Clear all rate limiting state (requires Resetter interface)
• BucketCount() - Monitor active buckets (requires BucketCounter interface)

Optional Interfaces for Extensibility

• HealthChecker - Health check support for distributed stores
• Resetter - Reset/clear all buckets
• BucketCounter - Report active bucket count

Configuration Enhancements

• FailOpen - Allow requests when storage fails (availability over consistency)
• MaxTokensPerRequest - Prevent DoS via excessive token requests

📊 Performance (Apple M1, Go 1.23)

Operation	Latency	Memory	Allocations
Allow()	~200ns	74B	3
Take()	~197ns	65B	3
BucketCount()	~3ns	0B	0
Concurrent	~395ns	82B	3

📈 Quality Metrics

• Test Coverage: 92.3%
• Race Detection: Clean
• Security Grade: A+
• Examples: 16 runnable examples

🔄 Migration Guide

See docs/MIGRATION_REDIS.md for:

• Custom Redis Store implementation patterns
• DynamoDB and PostgreSQL examples
• Migration steps from v1.x

📦 Installation

go get github.com/felixgeelhaar/fortify@v2.0.0

💡 Quick Start

// In-memory (default) - no changes required
rl := ratelimit.New(ratelimit.Config{
    Rate:     100,
    Burst:    200,
    Interval: time.Second,
})

// Custom store for distributed rate limiting
rl := ratelimit.New(ratelimit.Config{
    Rate:     100,
    Burst:    200,
    Interval: time.Second,
    Store:    myRedisStore,  // Implement Store interface
    FailOpen: true,          // Allow on storage failure
})

// New Execute method
err := rl.Execute(ctx, "user-123", func() error {
    return processRequest()
})

🙏 Contributors

Thank you to everyone who contributed to this release!

v1.1.1 - Security Hardening

Security Fixes

This release adds comprehensive security hardening for rate limiting with fixes for several bypass vulnerabilities.

Fixed Vulnerabilities

Severity	Issue	Description
HIGH	IPv6 Zone Bypass	KeyFromIP now strips zone identifiers to prevent bypass via fe80::1%eth0 vs fe80::1%eth1
MEDIUM	Unicode Bypass	SanitizeKey now uses NFC normalization to prevent equivalent-string bypass
MEDIUM	UTF-8 Truncation	Fixed rune-based truncation to avoid splitting multi-byte characters
LOW	Log Injection	Added sanitizeLogKey to remove control characters from log output

New Features

• SanitizeKey() helper function with Unicode NFC normalization
• KeyFromHeaderWithMaxLen() for custom max key lengths
• RFC 7230 header name validation in KeyFromHeader() (fail-fast panics)
• SECURITY.md with vulnerability reporting process

Test Coverage

• 30+ new security test cases covering:
  • IPv6 zone identifier stripping (8 cases)
  • Unicode normalization (3 cases)
  • Header validation (7 cases)
  • Log injection prevention (12 cases)

Dependencies

• Upgraded golang.org/x/text v0.28.0 → v0.32.0 for Unicode normalization

Security Score

Multi-agent review scores:

• Security Audit: 88/100 (up from 82)
• Code Review: 8.5/10
• Architecture: A-
• Test Coverage: 89.7%

Upgrade

go get github.com/felixgeelhaar/fortify@v1.1.1

See SECURITY.md for vulnerability reporting.