Changelog

Copy Markdown View Source

All notable changes to this project will be documented in this file.

The format follows Keep a Changelog and the project targets Semantic Versioning.

1.1.0 (2026-05-08)

Features

  • 01-02: add pure-beam XML adapter baseline (68f1041)
  • 01-02: add stable Relyra.Error contract (5077f9d)
  • 01-02: freeze hardened XML seam behaviour (ed7257e)
  • 01-03: add compile-time parser path guard (74bac6e)
  • 02-01: add protocol and relay state contract tests (9225186)
  • 02-01: enforce opaque relay state contract (d21697f)
  • 02-01: implement login request and binding primitives (b0d49b6)
  • 02-02: bind signature verification to exact signed node (2aeba97)
  • 02-02: enforce strict signature algorithm policy (88d43db)
  • 02-03: add ordered consume response pipeline (d7db968)
  • 02-03: add response and assertion validators (47981a2)
  • 03-01: add fail-closed default adapter scaffolding (f4acf93)
  • 03-01: freeze phase 3 behaviour contracts (9841e09)
  • 03-02: add atomic ETS request and replay adapters (223cb72)
  • 03-02: add optional Ecto-backed request and replay stores (4a801f9)
  • 03-03: persist request intent and gate consume success (a6cf9aa)
  • 05-01: add telemetry catalog and event spans (07b503f)
  • 06-01: add provider presets, TestSupport, installer, and docs (670ee92)
  • 06-01: close release-discipline gap and add provider audience hint (bdb7c9a)
  • 11-02: add mapping persistence migration coverage (06856c6)
  • 11-03: harden audited trust mutations (c546b6b)
  • 11-04: persist and hydrate mapping config (dd9da43)
  • 12-12-01: canonicalize metadata certificate candidates (6d5d652)
  • 14-01: author 11-VERIFICATION.md with serial CFG-05 packet (4339dca)
  • 15-01: create connection list, detail components and normalize risk flag names (0bdf7b1)
  • 15-02: extract connection form and preset picker components (e133380)
  • 15-02: wire URL-driven presets to the form (50640b8)
  • 15-03: embed risk panel across relevant views (4916649)
  • 15-03: wire lifecycle events to Ecto boundaries and add status badges (0a16b0a)
  • 16-01: establish metadata liveview skeleton and route (and missing 15-01 files) (c52a008)
  • 16-02: add active highlighting to metadata history stream (8ee6076)
  • 16-03: finalize Phase 16 execution and verification (43ce682)
  • 16-03: implement async manual metadata refresh (50a0ebd)
  • 17-01: handle optimistic locking conflicts on certificate updates (8400944)
  • 17-01: implement semantic slot-based timeline UI for certificates (cf7f016)
  • 17-02: implement 3-step staged rollover with typed verification (0399604)
  • 18-01: implement typed mapping forms in live admin (15bb5f4)
  • 18-02: implement audit timeline filtering and expandable details (7ced8fc)
  • 19-01: implement allow_idp_initiated flag for connections (26e822c)
  • 19-02: implement safe local redirect utility (4fab9cf)
  • 19: implement IdP-initiated SSO support and result normalization (101e2a6)
  • 20-01: implement BulkActions coordinator (69be2d9)
  • 20-02: add multi-select UI to ConnectionList (4c3bf15)
  • 20: implement bulk operations for connections and UI multi-selection (6e75525)
  • 21-01: add migration extending relyra_metadata_sources with auto-refresh (7dcf2ea)
  • 21-01: extend MetadataSource schema with auto-refresh fields and changesets (d8eb04b)
  • 21-02: pure cadence + backoff helpers with property-style jitter envelopes (7cfbf02)
  • 21-02: pure failure classifier with one clause per Phase-21 error code (f8620bf)
  • 21-03: add TrustAnchor + DriftDetector pure helpers (1c02e38)
  • 21-03: relocate security corpus + add CorpusGate runtime gate (9400a0d)
  • 21-04: add MetadataApply.resume_auto_refresh/3 single-tx Resume seam (b94ce16)
  • 21-04: add Signature.verify_metadata_root/4 metadata-root shim (35a3da4)
  • 21-04: wrap record_attempt in transact and co-commit health state (2de8899)
  • 21-05: add OptionalDeps.Oban gateway and Workers.MetadataRefresh (ff88242)
  • 21-05: add Scheduler.run_due/2 and AutoRefresh.refresh/2 wrapper (3b60a04)
  • 21-06: add Auto-refresh health card + Resume now to ConnectionMetadataLive (35a4cc7)
  • 21-06: surface auto_refresh_health on the connection list (D-29) (67da767)
  • 21-07: add Metadata.pin_trust_fingerprint/3 + two operator Mix tasks (aa25260)
  • 21-07: add optional Oban dep, ci.oban_smoke alias, README operations (f4bf983)
  • 21-07: document auto_refresh telemetry catalog + LogAlerts handler (06ca068)
  • 21.1-01: forward audit context from Refresh.refresh/2 into apply_revision and record_attempt (closes CFG-07) (80d9001)
  • 22-01: implement certificate expiry traversal engine (13bf7f8)
  • 22-01: implement telemetry for expiring certificates (eef99d4)
  • 23-01: build diagnostic bundle orchestration service (9b4250c)
  • 23-01: implement explicit redaction AllowList for diagnostic exports (74a6efb)
  • 23-02: add download diagnostic bundle UI button to admin UI (fe394bf)
  • 23-02: create mix task for CLI diagnostic bundle export (1f074ba)
  • 23-02: implement HTTP download endpoint for diagnostic bundle (7ce0184)
  • 24-01: implement request store type injection (aff2a30)
  • 24-01: implement session revocation adapter support (f425c18)
  • 24-02: implement LogoutRequest builder (9bfd22c)
  • 24-03: implement logout bindings parser for redirect (d4654ee)
  • 25-01: add shared conformance fixture loader (1f98ee5)
  • 25-01: harden PureBeam seam behavior (e8cfab9)
  • 25-02: expand pinned security regression corpus (c80b6ab)
  • 25-02: implement SP conformance lane (9c3e79a)
  • 25-03: generate conformance report from manifest state (a9a7d58)
  • 27-03: add batteries included proof artifact (0b1ffc9)

Bug Fixes

  • 01-03: stabilize security aliases and verification lanes (e850c7f)
  • 02-01: align request primitives with verification gate checks (1938caf)
  • 02-02: format signature policy and binding files (ff0b471)
  • 02-03: format consume pipeline sources (a07ed0d)
  • 03-01: format contract defaults for strict verification (7066eda)
  • 12-12-02: preserve staged metadata apply semantics (c5c937e)
  • 12-12-02: repair refresh candidate seam (206bdd5)
  • 21.2: revise plans based on checker feedback (5030090)
  • test: ensure MetadataRefresh is loaded before function_exported? check (abc24fa)

1.0.0 (2026-05-08)

Features

  • 01-02: add pure-beam XML adapter baseline (68f1041)
  • 01-02: add stable Relyra.Error contract (5077f9d)
  • 01-02: freeze hardened XML seam behaviour (ed7257e)
  • 01-03: add compile-time parser path guard (74bac6e)
  • 02-01: add protocol and relay state contract tests (9225186)
  • 02-01: enforce opaque relay state contract (d21697f)
  • 02-01: implement login request and binding primitives (b0d49b6)
  • 02-02: bind signature verification to exact signed node (2aeba97)
  • 02-02: enforce strict signature algorithm policy (88d43db)
  • 02-03: add ordered consume response pipeline (d7db968)
  • 02-03: add response and assertion validators (47981a2)
  • 03-01: add fail-closed default adapter scaffolding (f4acf93)
  • 03-01: freeze phase 3 behaviour contracts (9841e09)
  • 03-02: add atomic ETS request and replay adapters (223cb72)
  • 03-02: add optional Ecto-backed request and replay stores (4a801f9)
  • 03-03: persist request intent and gate consume success (a6cf9aa)
  • 05-01: add telemetry catalog and event spans (07b503f)
  • 06-01: add provider presets, TestSupport, installer, and docs (670ee92)
  • 06-01: close release-discipline gap and add provider audience hint (bdb7c9a)
  • 11-02: add mapping persistence migration coverage (06856c6)
  • 11-03: harden audited trust mutations (c546b6b)
  • 11-04: persist and hydrate mapping config (dd9da43)
  • 12-12-01: canonicalize metadata certificate candidates (6d5d652)
  • 14-01: author 11-VERIFICATION.md with serial CFG-05 packet (4339dca)
  • 15-01: create connection list, detail components and normalize risk flag names (0bdf7b1)
  • 15-02: extract connection form and preset picker components (e133380)
  • 15-02: wire URL-driven presets to the form (50640b8)
  • 15-03: embed risk panel across relevant views (4916649)
  • 15-03: wire lifecycle events to Ecto boundaries and add status badges (0a16b0a)
  • 16-01: establish metadata liveview skeleton and route (and missing 15-01 files) (c52a008)
  • 16-02: add active highlighting to metadata history stream (8ee6076)
  • 16-03: finalize Phase 16 execution and verification (43ce682)
  • 16-03: implement async manual metadata refresh (50a0ebd)
  • 17-01: handle optimistic locking conflicts on certificate updates (8400944)
  • 17-01: implement semantic slot-based timeline UI for certificates (cf7f016)
  • 17-02: implement 3-step staged rollover with typed verification (0399604)
  • 18-01: implement typed mapping forms in live admin (15bb5f4)
  • 18-02: implement audit timeline filtering and expandable details (7ced8fc)
  • 19-01: implement allow_idp_initiated flag for connections (26e822c)
  • 19-02: implement safe local redirect utility (4fab9cf)
  • 19: implement IdP-initiated SSO support and result normalization (101e2a6)
  • 20-01: implement BulkActions coordinator (69be2d9)
  • 20-02: add multi-select UI to ConnectionList (4c3bf15)
  • 20: implement bulk operations for connections and UI multi-selection (6e75525)
  • 21-01: add migration extending relyra_metadata_sources with auto-refresh (7dcf2ea)
  • 21-01: extend MetadataSource schema with auto-refresh fields and changesets (d8eb04b)
  • 21-02: pure cadence + backoff helpers with property-style jitter envelopes (7cfbf02)
  • 21-02: pure failure classifier with one clause per Phase-21 error code (f8620bf)
  • 21-03: add TrustAnchor + DriftDetector pure helpers (1c02e38)
  • 21-03: relocate security corpus + add CorpusGate runtime gate (9400a0d)
  • 21-04: add MetadataApply.resume_auto_refresh/3 single-tx Resume seam (b94ce16)
  • 21-04: add Signature.verify_metadata_root/4 metadata-root shim (35a3da4)
  • 21-04: wrap record_attempt in transact and co-commit health state (2de8899)
  • 21-05: add OptionalDeps.Oban gateway and Workers.MetadataRefresh (ff88242)
  • 21-05: add Scheduler.run_due/2 and AutoRefresh.refresh/2 wrapper (3b60a04)
  • 21-06: add Auto-refresh health card + Resume now to ConnectionMetadataLive (35a4cc7)
  • 21-06: surface auto_refresh_health on the connection list (D-29) (67da767)
  • 21-07: add Metadata.pin_trust_fingerprint/3 + two operator Mix tasks (aa25260)
  • 21-07: add optional Oban dep, ci.oban_smoke alias, README operations (f4bf983)
  • 21-07: document auto_refresh telemetry catalog + LogAlerts handler (06ca068)
  • 21.1-01: forward audit context from Refresh.refresh/2 into apply_revision and record_attempt (closes CFG-07) (80d9001)
  • 22-01: implement certificate expiry traversal engine (13bf7f8)
  • 22-01: implement telemetry for expiring certificates (eef99d4)
  • 23-01: build diagnostic bundle orchestration service (9b4250c)
  • 23-01: implement explicit redaction AllowList for diagnostic exports (74a6efb)
  • 23-02: add download diagnostic bundle UI button to admin UI (fe394bf)
  • 23-02: create mix task for CLI diagnostic bundle export (1f074ba)
  • 23-02: implement HTTP download endpoint for diagnostic bundle (7ce0184)
  • 24-01: implement request store type injection (aff2a30)
  • 24-01: implement session revocation adapter support (f425c18)
  • 24-02: implement LogoutRequest builder (9bfd22c)
  • 24-03: implement logout bindings parser for redirect (d4654ee)
  • 25-01: add shared conformance fixture loader (1f98ee5)
  • 25-01: harden PureBeam seam behavior (e8cfab9)
  • 25-02: expand pinned security regression corpus (c80b6ab)
  • 25-02: implement SP conformance lane (9c3e79a)
  • 25-03: generate conformance report from manifest state (a9a7d58)
  • 27-03: add batteries included proof artifact (0b1ffc9)

Bug Fixes

  • 01-03: stabilize security aliases and verification lanes (e850c7f)
  • 02-01: align request primitives with verification gate checks (1938caf)
  • 02-02: format signature policy and binding files (ff0b471)
  • 02-03: format consume pipeline sources (a07ed0d)
  • 03-01: format contract defaults for strict verification (7066eda)
  • 12-12-02: preserve staged metadata apply semantics (c5c937e)
  • 12-12-02: repair refresh candidate seam (206bdd5)
  • 21.2: revise plans based on checker feedback (5030090)
  • test: ensure MetadataRefresh is loaded before function_exported? check (abc24fa)

[Unreleased]

[0.1.0] - 2026-05-08

Added

  • Initial public release of the strict-by-default SAML 2.0 SP surface.
  • Provider presets for Okta, Entra, and Google Workspace.
  • Relyra.TestSupport, Relyra.TestSupport.FakeIdP, and installer scaffolding.
  • Release hardening metadata, parity checks, and release-time prerequisite guidance.