9 releases 9 tags

RSS feed

• v1.19.1 793897ad73

  Compare

  v1.19.1 — Observability Foundation Stable

  Gravity Bot released this 2026-02-23 04:03:20 +00:00 | 36 commits to main since this release

  Features

  • Prometheus metrics: Added prometheus/client_golang to event-engine with counters/histograms for events, jobs, and webhooks (OP#1492)
  • Structured logging: Standardized slog across both services with contextual error logging on all 5xx responses (OP#1493, OP#1528)
  • Health endpoints: Aggregated per-component health checks (database, NATS, Valkey) returning structured JSON (OP#1494)
  • Grafana dashboard: Operational dashboard provisioning config with pre-built panels (OP#1495)
  • Job queue & dispatch: Full async job submission, pull-based consumer, retry with dead-letter, timeout enforcement, stale job reaper, concurrency limiter (OP#1491 epic)
  • CSRF protection: Origin/Referer validation middleware for session-authenticated state-changing requests (OP#1615)
  • Graceful shutdown: Signal handling (SIGINT/SIGTERM) with 15s drain timeout for event-engine (OP#1613)

  Bug Fixes

  • TOCTOU race in UpdateJobStatus: Rewrote to atomic WHERE status IN (...) guard (OP#1611)
  • Missing n++ in buildJobWhere: Fixed parameter counter skip causing query failures (OP#1629)
  • Unconditional msg.Ack: Changed to conditional Ack/Nack based on SubmitJob success (OP#1626)
  • Orphaned DB records: Mark job as "dead" when NATS publish fails after DB insert (OP#1612)
  • Silently swallowed errors: Fixed across both services (OP#1528)
  • crypto/rand.Read error: Now checked in event ID generation (OP#1527)
  • NATS ack/term errors: Logged in job queue consumer (OP#1530)

  Security

  • Removed InsecureSkipVerify from OIDC HTTP client (OP#1524)
  • Mandatory webhook secret: Validation now required, server refuses to start without it (OP#1525)
  • Removed hardcoded credentials from source (OP#1526)
  • DEV_AUTH production guard: Refuses to start with DEV_AUTH in non-development environments (OP#1614)
  • Configurable session cookie Secure flag via SESSION_SECURE env var (OP#1610)
  • SQL column whitelist in buildUpdateSets prevents injection (OP#1624)
  • Webhook secret moved from package var to struct field (OP#1628)
  • Transactional writes in webhook handlers with outbox events (OP#1617)

  Refactoring

  • Expanded WP abbreviations to WorkPackage in model types/constants (OP#1514)
  • Renamed WPFilter → WorkPackageFilter (OP#1515)
  • Renamed PRURL → PullRequestURL (OP#1516)
  • Renamed CSSVars → CSSVariables (OP#1517)
  • Removed unused Zitadel auth library (OP#1518)
  • Removed dead code: unused store methods, no-op var (OP#1627)
  • Bumped Go dependencies across both apps (OP#1519)

  CI/CD

  • Added golangci-lint with all violations fixed (OP#1531)
  • Added test coverage reporting with minimum threshold (OP#1532)
  • Split CI into parallel lint, test, and build jobs (OP#1599)
  • Added -race flag to CI test runs (OP#1623)

  Testing

  • Auth middleware and CSRF protection unit tests (OP#1533)
  • Work package CRUD handler tests with mock store (OP#1534)
  • Comment and event handler tests (OP#1535)
  • Auth flow integration tests (OP#1536)
  • Comprehensive handler unit tests for coverage gate (OP#1598)
  • Publisher error path tests (OP#1618)
  • Transaction commit failure tests (OP#1619)
  • Status-change event logic tests (OP#1620)
  • UserSettings and ResetUserTheme tests (OP#1621)
  • Mock call-count verification (OP#1622)
  • Request context in eventlog writer (OP#1625)
  • Compose depends_on for service ordering (OP#1616)

  Tasks

  • OP#1492, OP#1493, OP#1494, OP#1495, OP#1496, OP#1497
  • OP#1514, OP#1515, OP#1516, OP#1517, OP#1518, OP#1519
  • OP#1524, OP#1525, OP#1526, OP#1527, OP#1528, OP#1529, OP#1530
  • OP#1531, OP#1532, OP#1533, OP#1534, OP#1535, OP#1536
  • OP#1598, OP#1599
  • OP#1610, OP#1611, OP#1612, OP#1613, OP#1614, OP#1615, OP#1616
  • OP#1617, OP#1618, OP#1619, OP#1620, OP#1621, OP#1622, OP#1623
  • OP#1624, OP#1625, OP#1626, OP#1627, OP#1628, OP#1629

  Downloads

  • Source code (ZIP)
    0 downloads
  • Source code (TAR.GZ)
    0 downloads