0.9.0 - 2026-04-23

Added

• Web Vitals ingestion endpoint (POST /_api/signal/vital) for LCP, CLS, INP, FCP, TTFB, navigation timing, long tasks, and resource events (up to 50 entries per batch). New SignalEventType::WebVital and SignalEventType::ServerExecution variants.
• Client SDKs (@forge-rs/svelte and forge-dioxus) auto-capture Web Vitals, network.online/network.offline transitions, and persist the pending event queue to localStorage so events survive reloads. New config flags: autoWebVitals, autoNetworkEvents, respectDnt, persistQueue. Manual signals.vital(name, value, extra?) API on both SDKs.
• Auto-emitted server_execution signals for every job, cron, workflow step, webhook, and daemon tick, plus auth.failed and rate_limit.exceeded diagnostic signals from gateway middleware. New forge_runtime::signals::{emit_server_execution, emit_web_vital, emit_diagnostic, emit_raw} helpers for handlers that want to emit outside the RPC path.
• GeoIP enrichment on every signal event. Embedded DB-IP Country Lite database ships by default (zero config, ISO country code in new country column). Optional [signals] geoip_db_path = "..." points at a MaxMind MMDB for city-level resolution (populates new city column).
• Webhook signature support for Stripe (#[webhook(stripe_webhooks("SECRET_ENV"))] with 5-minute replay window), Shopify (shopify_webhooks, HMAC-SHA256 base64), Standard Webhooks (standard_webhooks, Polar/Svix/Clerk compatible with whsec_ and polar_whs_ prefix handling), and Ed25519 asymmetric signatures (ed25519("header", "PUBKEY_ENV")).
• Reactive mutation helpers in generated Svelte bindings: mutations now return a ReactiveMutation<Args, Result> with mutate, pending, and error runes state.
• gateway.max_file_size config option (default "10mb") separate from gateway.max_body_size (default "20mb") so per-file upload caps and full-body RPC caps can be tuned independently.
• Dioxus ForgeClientConfig gains a refresh_token async provider for handling 401s, matching the Svelte client.
• forge check now scans src/ for direct INSERT/UPDATE/DELETE against forge_* system tables and fails with guidance to use ctx.dispatch_job(), ctx.start_workflow(), or ctx.issue_token_pair() instead.
• New SRE Grafana dashboard (forge-sre.json) covering service health, jobs, workflows, reactor, crons, security, infra, errors, logs, and traces. Business dashboard expanded with geography, retention, funnel, and feature-adoption panels.

Changed

• BREAKING: Custom routes registered via custom_routes now run through the gateway middleware stack (auth, CORS, tracing, concurrency limit, timeouts) and are merged under /_api. Handlers that assumed a bare axum router without Forge middleware need updating.
• BREAKING: forge_new scaffolded projects now pin [package] version to 1.0.0 instead of inheriting the forge workspace version, so user projects start their own version history.
• /_api/signal/{event,view,user,vital} short-circuit requests carrying DNT: 1 or Sec-GPC: 1. /_api/signal/report still accepts reports (crash visibility from opted-out browsers) but drops persistent identifiers. Client SDKs disable themselves automatically when the browser sets DNT/GPC.
• Client SDKs now flush on both visibilitychange and pagehide (Safari sometimes only fires one) and drain the offline queue on reconnect.
• Generated reactive.svelte.ts wires subscription lifecycle to Svelte $effect so queries unsubscribe on component destruction without manual cleanup.
• Dioxus bumped to 0.7.5; CI workflows install dioxus-cli@0.7.5.
• CI split into a reusable template-smoke.yml workflow: PRs run a smoke subset (with-svelte/demo + with-dioxus/demo) plus a workspace integration job, main-branch pushes run the full 6-template matrix. New /test-template and /squash-merge chatops commands.

Fixed

• Mutation transactions could panic on commit because a lingering Arc<Transaction> clone in the context prevented try_unwrap from succeeding. The context is now dropped before commit/rollback on both success and error paths.
• RPC calls from tokens whose user was deleted now return 401 instead of executing against a phantom identity; non-public functions verify the user still exists before dispatching.
• start_workflow() inside a transactional mutation now resolves the active version and signature at call time, so "no active version" errors surface immediately instead of after commit. PendingWorkflow carries workflow_version and workflow_signature; forge_workflow_runs inserts include both.
• Startup now rejects configurations where gateway.max_file_size > gateway.max_body_size with a clear error instead of silently accepting an impossible combination.
• OTLP endpoint configuration is reliable: otlp_endpoint = "${FORGE_OTEL_ENDPOINT-http://localhost:4318}" in forge.toml uses the generic env-var substitution instead of the previous bespoke override path.

What's Changed

• Feature/custom routes middleware and max_size fix by @GoatedChopin in #19
• Bump dioxus to 0.7.5 and regenerate lockfile by @wheregmis in #20
• Split CI into PR smoke + workspace integration via reusable workflow by @isala404 in #22

New Contributors

• @wheregmis made their first contribution in #20

Full Changelog: v0.8.4...v0.9.0

0.8.4 - 2026-04-11

Added

• Fire-and-forget mutation helpers (mutate, mutateWith) with global error routing via onMutationError callback in both Svelte and Dioxus clients.
• anonymize_ip option in [signals] config for GDPR-compliant IP anonymization before visitor ID hashing.
• Per-mutation upload size limits via max_upload_size attribute.
• DbConn type exposed for direct database access in test contexts.
• TestMcpToolContext builder for unit testing MCP tool handlers.
• Performance benchmarking guide in documentation.

Changed

• Template dependency versions derived from CARGO_PKG_VERSION at build time, keeping scaffolded projects in sync automatically.
• Benchmark loadgen rewritten with sharded per-thread metrics, configurable warmup phase, and structured JSON output.
• Test suite trimmed: low-value tests replaced with targeted coverage for security-sensitive paths and edge cases.

Fixed

• SSE automatically reconnects after token refresh in both Svelte and Dioxus clients, fixing stale subscriptions after silent token rotation.
• Auth errors from subscription registration now propagate to onAuthError callback instead of silently retrying with an expired token.
• TOCTOU race conditions in OAuth token exchange and job claim paths where concurrent requests could bypass validation.
• Token binding bypass where a rotated refresh token could be replayed from a different session.
• Input validation gaps in webhook signature verification and signals endpoints.

Full Changelog: v0.8.3...v0.8.4

0.8.3 - 2026-04-01

Added

• Configurable global and per-mutation request body size limits (max_body_size in forge.toml and per-function attribute).
• .env.example files for all example projects so fresh clones have visible environment setup.

Changed

• Query scope enforcement (user_id/owner_id filtering for private queries) moved from runtime checks to compile-time SQL analysis via sql_extractor. Invalid scoping now fails at cargo build instead of at request time.
• Dioxus frontend dependencies updated to published forge-dioxus crate versions, removing path dependency overrides.
• Redundant auth checks removed from benchmark suite.

Fixed

• max_body_size config no longer leaks into JSON RPC endpoints. Multipart size limits are now correctly scoped to upload routes only, restoring HTTP-layer safety for standard RPC calls.

What's Changed

• Allowing configuration of global and per-mutation max size by @GoatedChopin in #18

New Contributors

• @GoatedChopin made their first contribution in #18

Full Changelog: v0.8.2...v0.8.3

0.8.2 - 2026-03-29

Added

• Product analytics and diagnostics system ([signals] in forge.toml): auto-captures all RPC calls, page views, custom events, error reports, and breadcrumb trails with zero configuration. GDPR-compliant visitor tracking via daily-rotating SHA256(IP+UA+salt), bot detection, session management, and Grafana dashboards over PostgreSQL datasource.
• ForgeSignals client API for Svelte and Dioxus with event batching, flushing, and page view auto-tracking.
• Correlation IDs (x-correlation-id) linking frontend events to backend RPC calls.
• Versioned workflows with signature guards: cryptographic contract signing via FNV-1a hash of persisted shape (name, version, step/wait keys, timeout, types). Mismatched runs block at resume with BlockedSignatureMismatch/BlockedMissingVersion status instead of silently corrupting.
• Operator controls for blocked workflows: cancel_by_operator and retire_unresumable terminal actions.
• /_api/ready reports unhealthy when blocked workflow runs exist.
• FORGE_HOST and FORGE_PORT environment variables override config at runtime.
• FORGE_OTEL_TRACES, FORGE_OTEL_METRICS, FORGE_OTEL_LOGS for per-signal observability toggle without config file changes.
• Cluster node discovery and improved multi-node coordination.
• MCP SSE streaming for Model Context Protocol tool calls.
• Startup banner on server init.

Fixed

• SvelteKit example build.rs files now track frontend/.env for rebuild, fixing forge test failures where stale PUBLIC_API_URL was embedded after env patching.
• Normalized Playwright ACTION_TIMEOUT across all examples to 5s local / 15s CI; job/workflow tests use dedicated 15s timeout.

Changed

• All internal sqlx queries migrated to compile-time checked sqlx::query!/sqlx::query_as! macros with inline parameters. Runtime dynamic queries removed.
• Security hardened: JWT claims sanitized before trust, state machine transitions validated, RPC input size/rate DoS limits enforced.
• Test infrastructure refactored for improved flexibility across Dioxus and Svelte Playwright configurations.

Removed

• All legacy compatibility code: deprecated context decorators, old client generation path, obsolete config fields, and unused example functions removed as part of zero tech debt policy.

Full Changelog: v0.7.4...v0.8.2

0.7.4 - 2026-03-26

Added

• OAuth 2.1 authorization server with PKCE support
• Router and layout systems for all frontend templates
• cargo install forgex documented as alternative installation method

Changed

• OAuth implementation refactored with improved type generation and built-in types
• Examples switched to workspace/path dependencies with version rewriting deferred to archive time
• forge dev command removed in favor of docker compose directly
• Frontend API URLs updated to use port 9081 across all examples and test configurations

Fixed

• sqlx cache correctly copied into crate directories for publish
• Publish step fails on real errors instead of silently continuing

0.7.3 - 2026-03-25

Added

• HTTP transport for MCP tool access alongside existing SSE/streamable transport
• JWT authentication with refresh token rotation, auto-registration, and embedded frontend auth provider
• Demo components for auth, stats, MCP tools, and live data across both Dioxus and Svelte frontends
• Comprehensive e2e test suite for demo project covering all feature sections with isolated test data

Changed

• Default backend port changed from 8080 to 9081 to avoid conflicts with common dev servers
• Default frontend port standardized to 9080 across all templates and configurations
• CORS origins now include both localhost and 127.0.0.1 variants by default
• Removed kanban-board and support-desk-with-mcp example projects (functionality consolidated into demo templates)

Fixed

• Template scaffolding hardened for standalone project builds with correct dependency versions
• CI auto-format step now runs before forge check to prevent generated code lint failures
• Dioxus frontend dependency resolution and webhook test timeouts

0.7.2 - 2026-03-20

Added

• ForgeDb executor wrapper providing automatic db.query tracing spans on all database operations
• Benchmark suite with RPC latency, realtime propagation, and subscription scaling measurements
• Load generator (loadgen) for simulating concurrent users with SSE connections and RPC workloads
• Dioxus codegen: query-first API with Mutation struct and builder DTOs for cleaner frontend bindings
• Environment configuration files (.env) committed for all examples to simplify local development

Changed

• Codegen internals refactored into unified binding and emit modules shared across Svelte and Dioxus generators
• Dioxus and Svelte runtime packages updated with improved realtime messaging and client libraries
• CI test isolation improved for Dioxus WASM targets with timer fixes
• Documentation refined across build guides, configuration, and skill references

Fixed

• Runtime wiring for cluster heartbeat, gateway request handling, and realtime subsystem initialization
• Clippy indexing_slicing warnings in ForgeDb SQL operation detection
• Loadgen while_let_loop and argument count lint issues

0.7.1 - 2026-03-14

Added

• Template catalog system (.forge-template.toml) with bundled project templates replacing dynamic scaffolding
• Non-interactive skill install support for CI environments
• Dioxus frontend lockfile generation for reproducible builds

Changed

• forge new uses bundled template catalogs instead of dynamic file-by-file scaffolding
• Examples reorganized by frontend framework (with-svelte/, with-dioxus/) with minimal, demo, and feature-specific variants
• Dioxus frontend development moved to native builds outside Docker
• Release workflow refactored into reusable CI scripts (scripts/ci/)
• Crate publish made idempotent with dirty check fixes for forge-dioxus

Fixed

• Clippy warnings (collapsible_if, needless_borrows, explicit_auto_deref) across crates
• CI template builds using unchecked sqlx macros to avoid requiring database at compile time
• Dioxus test suite gracefully skipped when dx CLI is unavailable

0.7.0 - 2026-03-12

Added

• Dioxus frontend support with scaffolding, codegen, and runtime client (forge new --target dioxus)
• forge test command wrapping Playwright with prerequisite checks, --ui and --headed flags
• forge prepare command for sqlx compile-time query checking with offline cache support
• Published @forge-rs/svelte npm package and forge-dioxus crate as standalone runtime packages

Changed

• Frontend runtimes extracted from embedded CLI templates into published packages (@forge-rs/svelte, forge-dioxus)
• forge generate no longer writes runtime files to .forge/; projects depend on published packages instead
• Runtime config and docker-compose template defaults simplified
• Playwright test suites run sequentially by default for reliability
• Example docker-compose switched from named volumes to bind mounts for host LSP visibility
• RPC error handling improved in test fixtures

Removed

• Embedded frontend runtime templates (.forge/svelte/, .forge/dioxus/); replaced by published packages

0.6.0 - 2026-03-09

Added

• ctx.issue_token() on all context types for generating HMAC-signed JWTs without external auth providers
• Generated file checksums (.forge/checksums.json) to detect manual modifications to forge-managed frontend files
• Per-layer trace filtering for fine-grained observability control per tracing target
• PostgreSQL application_name connection parameter for identifying forge connections in database monitoring tools
• has_input_args flag on FunctionInfo to distinguish functions that accept user input from context-only functions

Changed

• Identity scope enforcement skipped for functions with no input parameters (only ctx), removing the need for dummy input structs
• forge check recognizes standard #[derive(Serialize, FromRow)] patterns alongside #[forge::model]
• Observability log levels upgraded: RPC request logs demoted to debug, function args demoted to debug, removed redundant success field
• Forge-idiomatic-engineer skill reference docs consolidated from 12 files into 8 topic-focused references
• Fluent builder registration methods (register_query(), etc.) now used in scaffolded main.rs templates

Fixed

• 53 documentation discrepancies found via comprehensive code-to-docs audit across all doc pages