web-profiler v1.2.0

web-profiler continues to expand its lightweight request profiling capabilities while keeping the middleware boundary stable and predictable for net/http applications.

Highlights

• Restructured the package layout for better long-term maintainability while preserving the public API
• Expanded safe profiling coverage for charset, fingerprint, complexity, and encoded-body handling
• Added benchmark baselines and documentation to make future performance changes easier to evaluate

Added

• XML complexity analysis alongside existing JSON and form complexity profiling
• Support for multi-layer content-encoding analysis
• Support for zlib-wrapped and raw deflate request bodies
• Support for the Forwarded header in proxy-aware fingerprinting
• Benchmark coverage for large JSON, XML, form, multipart, compressed-body, fingerprint, and end-to-end request analysis
• A benchmark baseline document under docs/ for future regression tracking

Improved

• Reduced false positives in confusable/homoglyph detection for normal non-Latin text
• Normalized and validated proxy-derived client IP values before using them in fingerprint fields and hashes
• Normalized and filtered invalid TrustedProxyCIDRs during config processing
• Moved internal implementation into clearer internal/core, internal/model, and internal/policy directories
• Kept examples and README navigation aligned with the updated repository layout

Fixed

• Prevented normal Content-Encoding: identity requests from being treated as still encoded
• Rejected trailing JSON data consistently in format-aware analysis paths
• Improved behavior for encoded bodies that cannot or should not be decoded
• Added safer handling around structured analysis boundaries and warning generation

Performance

• Added reproducible benchmark baselines for the main analysis paths
• Established a clearer reference point for future optimization and regression checks
• Confirmed the bounded decompression path behaves consistently in end-to-end request analysis

Documentation

• Updated English and Chinese README links and structure
• Added a dedicated benchmark baseline document in docs/benchmark_baseline.md

Compatibility

• No known breaking API changes from v1.1.0
• Existing integrations should continue to work without code changes

v1.1.0

web-profiler now offers more complete request profiling capabilities while preserving its lightweight net/http middleware design.

Highlights

• Expanded request profiling with richer metadata, analyzer timings, and bounded sampling strategies
• Added stronger fingerprinting controls, including weak/strong hashes, alternate hash algorithms, and trusted proxy CIDR handling
• Improved body analysis for compressed payloads, multipart metadata, JSON structure metrics, and charset heuristics
• Added more defensive degradation behavior and warning coverage for truncated, partial, encoded, or malformed inputs
• Expanded example output and documentation in both English and Chinese

Added

• Entropy metrics such as normalized entropy, repetition ratio, compression ratio, and approximate compressibility
• Fingerprint metadata including source flags, weak/strong hashes, hash versioning, hash-only mode, proxy-aware client IP extraction, and configurable hash algorithms
• Complexity metrics for JSON, forms, and optional multipart metadata
• Charset metrics for Unicode scripts, suspicious flags, confusable detection, and format-aware JSON/XML/form token analysis
• More detailed per-request metadata and analyzer duration fields
• Broader automated coverage across middleware behavior, analyzers, config normalization, and edge cases

Fixed

• Prevented structured and charset analysis from misinterpreting encoded request bodies when decompression is unavailable or disabled
• Treated Content-Encoding: identity correctly so normal analysis is not skipped
• Rejected trailing JSON data consistently in both complexity and format-metric analysis
• Fixed globally unique JSON key counting in complexity analysis
• Restored safe defaults when normalized config lists become empty
• Enabled multipart metadata analysis through documented configuration paths
• Reduced charset false positives caused by UTF-8 boundary truncation
• Added warnings for partial format metrics instead of silently returning ambiguous results
• Guarded body reading against no-progress readers to avoid potential hangs

Docs

• Refreshed README and README_zh with updated capabilities, configuration, and response field descriptions
• Updated the example application to reflect the richer profiling output

Upgrade Notes

• No known breaking API changes from v1.0.0
• Existing integrations should continue to work without code changes
• If you use multipart metadata, compressed-body analysis, or proxy-aware fingerprinting, behavior is now more consistent with the documented configuration

v1.0.0

Release Notes

web-profiler v1.0.0 is the first stable release of a lightweight net/http request profiling middleware for Go.

This release includes:

• bounded request body capture with downstream body replay
• request entropy, fingerprint, complexity, and charset analysis
• structured profile access through request context
• configurable limits and safe degradation via warnings
• native net/http usage, Gin integration examples, and bilingual documentation
• test coverage for middleware flow, config normalization, analyzers, and warning paths

This version is intended as a stable foundation for request analysis and observability, with a focus on simple integration, predictable behavior, and controlled overhead.