Skip to content

v2.10.0

Choose a tag to compare

View all tags
@anton62k anton62k released this 02 May 15:51
· 29 commits to master since this release
v2.10.0
722d441
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

@revisium/core 2.10.0 is a major backend release focused on auth, API keys, billing/limits, engine integration, file storage, cache correctness, and release automation. It adds cookie-based JWT sessions, internal/service API keys, billing GraphQL APIs, endpoint/resource limit enforcement, pluggable file storage, engine-backed core APIs, and a verified release-train workflow.

Auth And API Keys

  • Added the API key module with create, rotate, revoke, validation, branch-aware scoping, expiration, read-only mode, and last-used tracking. #455
  • Added GraphQL APIs for personal API key management and service key management. #471 #476
  • Added internal API key bootstrap for endpoint-to-core authentication, including configurable multi-service keys and deterministic derivation. #472 #473
  • Added X-Api-Key support to Swagger and API key count limits. #482
  • Added manage-api-key CASL permission and enforced read-only/revoked key behavior. #481 #484
  • Implemented the UniversalAuthGuard and hardened internal-key/auth permission handling. #467 #474 #475
  • Added cookie-based JWT sessions, refresh-token support, issueAccessToken, optional JWT hardening, and cookie-session edge-case fixes. #487 #489 #519 #520
  • Added Basic OAuth client authentication support. #492

Billing And Limits

  • Added enterprise feature gating, billing/limits architecture, and early-adopter billing foundations. #436 #437 #438
  • Reworked billing into an ultra-thin payment-service client with signed callbacks, cached limit reads, and hourly usage reporting. #444
  • Added billing GraphQL types and resolvers for plans, providers, checkout, subscription, organization usage, and billing configuration. #448
  • Added resource-level and endpoint billing limit enforcement. #464 #495
  • Changed limit violations to return 402 Payment Required. #494
  • Fixed billing setup, optional secrets, plan-limit usage calculation, and billing docs. #440 #441 #447 #451 #454

Engine, Storage, And Files

  • Integrated @revisium/engine into core and routed GraphQL, REST, MCP, cache events, endpoint notifications, and limits through the engine-backed API layer. #457
  • Removed legacy core handlers and duplicate draft/revision code after engine integration. #458 #459 #460 #502 #503
  • Split engine/core services into domain-aligned modules and moved domain modules under features/. #462 #463
  • Added pluggable file storage with STORAGE_PROVIDER, local filesystem storage, S3 storage, null storage, and local file serving. #418
  • Added file storage technical docs and file usage tracking integration. #421 #515
  • Invalidated row cache and notified generated endpoints after file upload. #516

MCP And API Ergonomics

  • Improved MCP tool reliability by coercing stringified JSON args and clarifying update/patch behavior. #419 #420 #422
  • Added uri parameters to MCP tools and improved endpoint URL fallback/tool descriptions. #431 #461
  • Compact mutation/read/delete responses and enriched table reads for cleaner tool output. #432 #433 #435
  • Auto-filled formula defaults in compact reads and table creation flows. #433 #434

Organization, Cache, And API Behavior

  • Added top-level organization GraphQL query and fixed organization membership role selection. #453 #456
  • Added admin cache management APIs with stats and reset. #485
  • Improved cache invalidation for row rename, table rename, create table, auth visibility changes, and usage metrics. #425 #426 #430 #483 #490
  • Added Cache-Control: no-store to API responses and CORS preflight caching. #469 #427
  • Added e2e cache invalidation coverage across handlers. #428

Testing And Internal Refactors

  • Consolidated shared test support, command kits, factories, scenarios, and API-layer specs. #496 #497 #498 #499 #500 #501
  • Added broad cross-transport auth/permission e2e coverage and raised REST/GraphQL API coverage. #507 #508 #509 #510
  • Shared one NestJS app across Jest workers and cleaned up duplicate utilities/dead exports. #504 #505 #511 #512

Build, Security, And Release

  • Fixed npm audit issues and refreshed core dependencies, including Prisma, schema-toolkit, engine, and nodemailer security updates. #423 #443 #468 #470 #477 #488
  • Fixed build issues caused by dependency overrides and improved transaction retry behavior in tests. #424 #445
  • Added release-train workflows with verified bot commits, tag-driven npm/Docker publishing, stable-version sync, and release-branch CI. #517
  • Simplified and fixed release workflow behavior, credentials, validation, and publishing diagnostics. #518 #522
  • Pinned GitHub Actions to SHAs and refreshed CI dependencies. #521
  • Improved CI speed and SonarCloud cleanup. #513 #514

Compatibility Notes

  • File storage now supports explicit STORAGE_PROVIDER=s3|local; local storage uses STORAGE_LOCAL_PATH and can serve files through /files/:key.
  • Endpoint-to-core service auth should use internal API keys instead of legacy username/password credentials.
  • Cookie JWT sessions require correct deployment configuration for proxy, CORS, secure cookies, and SameSite behavior.
  • Billing is now backed by the payment-service client path; deployments enabling billing must configure the payment service URL/secret and callback path correctly.
  • Limit violations now return HTTP 402 Payment Required.
  • Release publication is tag-driven; GitHub Releases are manual release documentation over an existing tag.

New Contributors

Full Changelog: v2.9.2...v2.10.0

Contributors

revisium-io
Assets 2
Loading