Release v2.0.0#31
Open
dmichael-fastly wants to merge 2 commits into
Open
Conversation
dmichael-fastly
force-pushed
the
release/v2.0.0
branch
8 times, most recently
from
a2aed5b to
67cbb97
Compare
Architecture cleanup + feature release. The largest backend modules were carved into per-concern packages (with re-export shims), telemetry moved to OpenTelemetry + structlog, tenancy got a typed RequestContext boundary that can't be constructed without enforcing service access, and the frontend's hydration/navigation warm-up was replaced with policy. Composite analytics endpoints land as a hard cutover — frontend and backend ship together. Highlights (see CHANGELOG.md for the complete list): - Session scoring: in-UI redeploy + edge-drift warning, fail-open breakdown card, and explicit operator opt-in for edge Layer-2 enforcement (no clock-driven monitoring-to-blocking ramp; deployment age is advisory only). - Observability: every request mints a correlation id that threads through the access log (now with latency) and a persistent slow-query history; richer admin health snapshot and a deeper /api/health probe. - Human-readable PoP and ASN labels across the network, shielding, and origin views, sourced from one shared component seeded by /api/bootstrap. - Backend failures surface inline (no more silent spinners or fabricated zeros) and analytics reads are typed through the generated OpenAPI schema so a rename is a compile error. - Opt-in RUM Web Vitals; a timeout-guarded DuckDB instance-recycle job to bound the object-cache leak; self-healing reclaim of raw files stranded by an interrupted delete. - Consolidation: three SQLite pools collapse into one ThreadLocalPool, per-hour rollup writers share one path, and cron tails funnel through shared helpers. New CI gates: frontend ESLint ceiling, Rust scorer cargo-test, and import contracts. - Dependency freshness sweep across Python, frontend, and the scorer. Release prep: refreshed README, AGENTS, and CHANGELOG; corrected the ADR-12 version reference to 2.0.0; made `make dev` a real target; fixed a bare `./run.sh` so it honors the documented default ports (3000/8000) for fresh clones while still guarding explicitly-chosen tunnel ports; and removed the retired localhost.run mode from the share UI. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dmichael-fastly
force-pushed
the
release/v2.0.0
branch
2 times, most recently
from
1c91766 to
931fd2a
Compare
…tions - Provisioning wizard: allow the first-run flow (no active service yet) by exempting /api/provision from the API client's serviceless-request guard, which otherwise aborted step 1 with "No active service — request aborted". Pinned with a no-active-service regression test. - Caddy image build: give the custom (ratelimit) build its own image tag so it no longer overwrites its `FROM caddy:2-alpine` base. Reusing the base tag made later rebuilds resolve FROM to our own non-root image and every privileged build step failed. Also drop the redundant `apk add libcap` — setcap/addgroup/adduser are already in the base. - DuckDB memory: cap the connection pool at 4 (matches the 4-core host) and lower the recycle RSS threshold to 6000MB. Partial mitigation. - OOM stopgap: a process-level memory guard that triggers a clean self-restart (SIGTERM -> uvicorn drains -> docker restart:unless-stopped) when RSS crosses BACKEND_GRACEFUL_RESTART_RSS_MB, converting the destructive 12g cgroup OOM-SIGKILL into a graceful ~15s restart. The dominant allocation source is still under investigation; this is a stopgap, not a root-cause fix. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dmichael-fastly
force-pushed
the
release/v2.0.0
branch
from
d29e158 to
dba7d9e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release v2.0.0
A major architecture-cleanup release plus the feature work that landed
alongside it. The largest backend modules were carved into per-concern
packages (with re-export shims), telemetry moved to OpenTelemetry + structlog,
tenancy gained a typed
RequestContextboundary that can't be constructedwithout enforcing service access, and the frontend's hydration/navigation
warm-up was replaced with policy. Composite analytics endpoints land as a hard
cutover — frontend and backend ship together.
Full, categorized notes in CHANGELOG.md.
Highlights
metadata_db,share_db,rollups,admin,session_scoring,duckdb,iceberg, andschedulersplit intoper-concern packages with re-export shims so existing imports keep working.
RequestContextdependency that can'tbe built without enforcing service access (23 analytics endpoints across 8
routers).
through the structured root handler.
breakdown card, and explicit operator opt-in for edge Layer-2 enforcement
(no clock-driven monitoring→blocking ramp; deployment age is advisory only).
NGWAF skip-inspection on the internal scoring sub-fetch.
(
rid) that threads through the access log and a persistent slow-queryhistory; richer admin health snapshot and a deeper
/api/healthprobe.views, from one shared component seeded by
/api/bootstrap.zeros; analytics reads typed through the generated OpenAPI schema.
leak, now with backpressure so reads queue rather than fail during the brief
recycle drain; self-healing reclaim of raw files stranded by an interrupted
delete; orphaned-sync-row reaper.
ThreadLocalPool; a shared per-hour rollup writer; cron-tail helpers. New CIgates: frontend ESLint ceiling, Rust scorer
cargo test, import contracts,and an OTEL console-exporter guard.
Docs & release prep
comments removed and embedded changelog blocks (the CI coverage gates, the
ESLint ceiling) condensed to their conventions. Load-bearing rationale,
incident references, and functional directives left intact.
(3.13); dropped an orphaned
server-onlydependency and its stale knipwaivers; stopped tracking the regenerated
tests/perf/latest.json(thecommitted
baseline.jsonstays the gate input); removed a dead logginghelper and corrected a stale
metric_snapshotsdocstring.pyproject.toml,frontend/package.json,backend/main.py, and the committed OpenAPI snapshots; corrected a stale1.2.0reference indocs/adr/12-api-versioning.md.make devis now a real Makefile target../run.shhonors the documented default ports (3000/8000) for freshclones while still guarding an explicitly-chosen tunnel port.
localhost.runsharing mode from the share UI (thebackend dropped it in v2.0; it was still the default radio).
Validation
pytest: green. Frontendvitest: 971 passed;tsc --noEmitclean;ESLint at ceiling.
typecheck, security-regression count, and the Rust scorer
cargo test.