Skip to content

v2.6.0

Choose a tag to compare

View all tags
@anton62k anton62k released this 02 May 15:55
· 12 commits to master since this release
v2.6.0
d3a9521
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

@revisium/endpoint 2.6.0 adds draft-write support to generated GraphQL endpoints, improves API-key authentication across generated REST/GraphQL APIs, removes deprecated GraphQL aliases, and hardens response caching, e2e coverage, dependency security, and release automation.

Generated GraphQL API

  • Removed deprecated lowercase/camelCase query aliases. Generated schemas now expose only canonical query names such as myTable, myTables, myTableFlat, and myTablesFlat. #164
  • Added draft-only GraphQL mutations for generated endpoints: create, update, and delete. Head endpoints remain read-only. #166
  • Added singular patch mutations, bulk create/update/patch/delete mutations, shared mutation result types, and dot-notation patch paths. #167
  • Added GRAPHQL_HIDE_MUTATIONS as a kill-switch for generated GraphQL mutations. #166 #167

Auth And Core Communication

  • Added internal API key authentication for endpoint-to-core communication, avoiding username/password login when an internal key is configured. #171
  • Renamed INTERNAL_API_KEY to INTERNAL_API_KEY_ENDPOINT and documented the INTERNAL_API_KEY_{SERVICE} pattern. #172
  • Deprecated CORE_API_URL_USERNAME and CORE_API_URL_PASSWORD for endpoint-to-core auth. #172
  • Forwarded X-Api-Key and ?api_key= credentials from generated REST and GraphQL endpoints to core. #173
  • Added X-Api-Key as an auth scheme in generated OpenAPI specs, alongside bearer auth. #174

HTTP Behavior And Cache Safety

  • Added Cache-Control: no-store to all endpoint HTTP responses to avoid stale generated API responses and reduce sensitive-data caching risk. #169

Testing

  • Added real e2e tests for generated GraphQL endpoints using core, endpoint, PostgreSQL, Prisma migrate/seed, and registered generated endpoints. #165
  • Covered generated GraphQL queries, pagination, filtering, ordering, system fields, introspection, errors, draft mutations, and head read-only behavior. #165 #166 #167
  • Added e2e/unit coverage for internal API key auth and generated endpoint API-key forwarding. #172 #173

Build, Security, And Release

  • Fixed npm audit findings and refreshed dependency lockfile updates, including effect, AWS/XML parser dependencies, flatted, and related transitive packages. #168
  • Pinned GitHub Actions to exact SHAs and upgraded CI/CD actions for reproducible workflows. #170
  • Applied additional npm audit fixes, refreshed Actions pins, and documented remaining upstream uuid audit context. #175
  • Added release-train workflows with verified GitHub App commits, tag-driven npm publishing, Docker semver tags, stable-version sync, prerelease dependency guards, and release-branch CI. #176

Compatibility Notes

  • Deprecated generated GraphQL aliases were removed; clients must use canonical generated field and input names.
  • Generated GraphQL writes are available only on draft revisions; head revisions remain read-only.
  • Microservice deployments should configure INTERNAL_API_KEY_ENDPOINT for endpoint-to-core communication.
  • Generated endpoints can now authenticate API clients with X-Api-Key or ?api_key=, forwarded to core.
  • GitHub Releases should be created manually from an existing release-train tag; publishing is tag-driven.

New Contributors

Full Changelog: v2.5.1...v2.6.0

Contributors

revisium-io
Assets 2
Loading