Skip to content

Release v2026.5.4

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 May 06:50
· 32 commits to main since this release
v2026.5.4
5a08827

Bug fixes and maintenance improvements have been made, including fixes for tenant isolation, settings defaults, and various other issues. Additionally, some features such as multi-tenancy, declarative schemas, and tenant-scoped impersonation have been improved or introduced.

What's Changed

Multi-Tenancy

Full tenant isolation with per-tenant databases and Row Level Security across all modules.

  • platform schema — tenants, service keys, tenant admin assignments, invitation tokens
  • Per-tenant databases via postgres_fdw — isolated public schema with shared services (auth, storage, jobs, etc.) accessed through foreign tables
  • Pool priority chain — branch > tenant > main, resolved per-request via X-FB-Tenant header
  • Tenant middleware wired across all route groups (REST, GraphQL, storage, auth, DDL, webhooks, RPC, jobs, functions)
  • Tenant-scoped branching — branches clone from the tenant's database (not main) with automatic FDW repair
  • Tenant admin roles with scoped impersonation and JWT claims
  • Tenant management API and admin UI for CRUD, members, service keys, and schema management

Declarative Database Schemas

Internal schemas managed declaratively instead of via imperative migrations.

  • internal/database/schema/schemas/ — one SQL file per schema (auth, storage, jobs, functions, branching, ai, logging, mcp, platform, rpc, realtime)
  • Bootstrap system — creates schemas, extensions, roles, and default privileges
  • pgschema integration — diff-based plan/apply/dump
  • Per-tenant declarative schemas — {schema_dir}/{tenant-slug}/public.sql with on-create, on-startup, or on-demand application
  • Tenant Schema API — upload, diff, and apply schema content per tenant

API Route Registry

Centralized route registration replacing scattered handler wiring.

  • internal/api/routes/ — 30+ route definition files organized by feature
  • Structured definitions with middleware stacking, path parameters, and validation
  • Tenant middleware enforced at the registry level

Playwright E2E Tests for Admin UI

Full browser-based test suite with dedicated infrastructure.

  • 30+ spec files — setup, login, tenant CRUD/isolation, service keys, impersonation, edge functions, jobs, chatbots, SSO
  • 3-phase pipeline — setup > provisioning > E2E against a dedicated fluxbase_playwright database
  • Rich test helpers — API, DB, mailhog, selectors, shared fixtures
  • make test-e2e-ui and variants (headed, debug, dev)

Security & Reliability

  • Adaptive Trust System — risk-based CAPTCHA verification
  • Service key revocation and rotation
  • OAuth state persistence for multi-instance deployments
  • Idempotency keys for mutations
  • Per-endpoint body size limits
  • Per-user TOTP rate limiting with encrypted secrets
  • Security hardening — OTP/invitation hashing, sensitive env var blocking in edge functions, pool mutex, advisory locks on migrations

AI & Knowledge Bases

  • Knowledge graph with document relationships and graph-based retrieval
  • Chatbot MCP tool integration — chatbots invoke custom MCP tools
  • Custom MCP tools with full SDK access and @fluxbase:namespace annotations
  • MCP tools management page in admin dashboard
  • ReAct reasoning for chatbots
  • Knowledge base namespaces

Multi-Backend Logging

  • PostgreSQL, TimescaleDB (with compression), S3/MinIO, Loki, Elasticsearch, Clickhouse
  • Configurable batching, flush intervals, and retention policies

Codebase

  • Fiber v2 → v3 migration
  • npm → bun migration for all TypeScript packages
  • Centralized packages — internal/errors/, internal/sync/, internal/scheduler/, internal/keys/, internal/loader/, internal/util/
  • Astro v6 migration for docs site
  • Go 1.25 → 1.26
  • Pre-commit hooks enforcing go fmt, golangci-lint, and TypeScript type-check

Pull Requests

  • feat: enforce chatbot settings, add KB/AI CLI commands, fix settings bug (#214) @bartcode
  • fix: propagate tenant context in AI chat and realtime WebSocket handlers (#211) @bartcode
  • Fix edge function network permissions and execution logs API bugs (#209) @bartcode
  • fix: SSO login: load user role from database in all DashboardUser queries (#208) @bartcode
  • fix: Enable dashboard by default and fix OAuth (#207) @bartcode
  • fix: Update settings defaults (#206) @bartcode
  • fix: add viper config fallback to settings cache so features default to enabled (#205) @bartcode
  • docs: fix middleware ordering, feature grid, CLI tenant flag, and cleanup (#204) @bartcode
  • fix(tenancy): harden FDW schema import against transient connection failures (#203) @bartcode
  • chore(deps): update module github.com/gofiber/fiber/v3 to v3.2.0 [security] (#202) @app/renovate
  • docs: comprehensive documentation overhaul (#201) @bartcode
  • fix: admin redirect, tenant repair, extension deps, schema graph, instance-level OAuth/SAML (#200) @bartcode
  • refactor: simplify Go codebase for security and maintainability (#199) @bartcode
  • refactor: centralize error handling, validation, scheduling, and storage patterns (#198) @bartcode
  • chore(deps): update module github.com/jackc/pgx/v5 to v5.9.2 [security] (#197) @app/renovate
  • chore(deps): update dependency astro to ^6.1.6 [security] (#196) @app/renovate
  • fix: Resolve tenant isolation bugs. (#195) @bartcode
  • fix: Enforce tenant isolation across all handlers and add repair endpoint (#194) @bartcode
  • fix: Wire settings cache to fix email provider switcher not persisting (#193) @bartcode
  • fix: Reorder jobs routes and fix RPC executions infinite loop (#192) @bartcode
  • Fix tenant_service role authorization across all modules (#191) @bartcode
  • Improve tenant-scoped impersonation for tenant admins (#190) @bartcode
  • Add more UI tests and fix encountered bugs (#189) @bartcode
  • fix: Wire tenant middleware into Jobs, Webhooks, RPC, and GraphQL routes (#188) @bartcode
  • chore(deps): update dependency axios to ^1.15.0 [security] (#187) @app/renovate
  • feat: Introduce Playwright testing and fix storage handler bug. (#186) @bartcode
  • chore(deps): update dependency go to v1.26.1 (#185) @app/renovate
  • Refactor API routes, use declarative schemas, add multi-tenancy, testing improvements, etc. (#183) @bartcode
  • chore(deps): update go dependencies (#182) @app/renovate
  • chore(deps): update module google.golang.org/grpc to v1.79.3 [security] (#181) @app/renovate

Commits

Features:

  • 5a08827 feat: add user_count and admin_count to tenant detail, assign initial admin to default tenant
  • a61fefe feat: enforce chatbot settings, add KB/AI CLI commands, fix settings bug (#214)
  • 5db3de0 fix: add viper config fallback to settings cache so features default to enabled (#205)
  • ecaded6 feat: Introduce Playwright testing and fix storage handler bug. (#186)

Bug Fixes:

  • 21b7b91 fix: set owner_id to nil for admin table exports to avoid FK violation
  • e863b35 fix: read KB ID from request body in table export handler, add Export All button
  • 1808380 fix: wire admin KB routes for documents, search, graph and switch admin UI to admin endpoints
  • 6fe8c3a fix: propagate tenant context in AI chat and realtime WebSocket handlers (#211)
  • e734d40 fix: Enable dashboard by default and fix OAuth (#207)
  • b4304d1 fix: Update settings defaults (#206)
  • 5db3de0 fix: add viper config fallback to settings cache so features default to enabled (#205)
  • 1726ee4 fix(tenancy): harden FDW schema import against transient connection failures (#203)
  • 9776aa7 fix: admin redirect, tenant repair, extension deps, schema graph, instance-level OAuth/SAML (#200)
  • f781812 fix: Resolve tenant isolation bugs. (#195)
  • 32073a6 fix: Enforce tenant isolation across all handlers and add repair endpoint (#194)
  • 93f9869 fix: Wire settings cache to fix email provider switcher not persisting (#193)
  • c290c38 fix: Reorder jobs routes and fix RPC executions infinite loop (#192)
  • b58e964 fix: Ensure routes for secrest are the same as before.
  • 87d830a fix: Wire tenant middleware into Jobs, Webhooks, RPC, and GraphQL routes (#188)
  • fb37092 fix: Add e2e tests and tenant_id column.
  • 55f6cb1 fix: Resolve edge cases for multi-tenancy.
  • e0c32e6 fix: Update service key middleware.
  • 4d7cb1c fix: Resolve issues with declarative schemas.
  • cdfc976 fix: Update renovate.json to use a minimum release age.

Other Changes:

  • 8803229 Fix edge function network permissions and execution logs API bugs (#209)
  • c8297bc Fix SSO login: load user role from database in all DashboardUser queries (#208)
  • 131aa1a Fix set_tenant_id_from_user_or_context trigger function for service_role
  • 3bef7da Fix app OAuth callback: use WrapWithServiceRole for RLS bypass
  • f949482 docs: fix voice, middleware ordering, feature grid, CLI tenant flag, and cleanup (#204)
  • 4b44e72 docs: comprehensive documentation overhaul (#201)
  • 8bd23fc refactor: simplify Go codebase for security and maintainability (#199)
  • cee3f70 refactor: centralize error handling, validation, scheduling, and storage patterns (#198)
  • f183d81 Fix tenant_service role authorization across all modules (#191)
  • d7f64ce Improve tenant-scoped impersonation for tenant admins (#190)

Stats

  • 80 commits
  • 3 contributors

Installation

Docker:

docker pull ghcr.io/nimbleflux/fluxbase:2026.5.4

NPM SDK:

npm install @nimbleflux/fluxbase-sdk@2026.5.4

Helm:

helm install fluxbase oci://ghcr.io/nimbleflux/charts/fluxbase --version 2026.5.4

CLI:

curl -fsSL https://raw.githubusercontent.com/nimbleflux/fluxbase/main/install-cli.sh | bash -s -- v2026.5.4

Release automatically generated by GitHub Actions

Smoke Test Results

Component Status
Docker Image ✅ Verified
NPM SDK ✅ Verified
NPM React SDK ✅ Verified

Smoke tests completed at 2026-05-08 06:59:39 UTC

Contributors

bartcode and fluxbase
Assets 30
Loading