Skip to main content

2025-09-06

  • Added local Ehcache 3 (JCache) configuration and Spring Cache wiring for high‑value hot paths.
  • Introduced sidByUsername cache for AclSid lookups via AclSidLookupService.
  • Added micro‑TTL permissionDecisions cache for AclService.hasPermission(...) decisions.
  • Reduced KMSSecureFieldAspect logging to WARN by default in production settings.
  • Included unit test for AclSidLookupService caching behavior.

2025-09-07

  • Fix: LLM Chat SYSTEM principal crash
    • Updated thorapi ACL to handle non-UUID principals safely.
    • ValkyrACL.resolveAuthenticatedUserId now treats SYSTEM/anonymousUser case-insensitively and only parses UUID-looking strings.
    • Prevents Invalid UUID string: SYSTEM during LLM chat secure-field reads when running as SYSTEM.
  • Hardening: SystemSidInitializer idempotency
    • Both thorapi and valkyrai SystemSidInitializer set deterministic UUIDs and check by ID and name before saving.
    • Prevents duplicate SYSTEM/ADMIN/EVERYONE/AUTHENTICATED SIDs if both initializers are active.

2025-09-08

  • Fix: Replace javax.servlet with jakarta.servlet in OpenAPI templates

    • Updated apiDelegate.mustache to use jakarta.servlet.http.HttpServletRequest.
    • Updated modelTest.mustache imports to jakarta.servlet.http.HttpServletRequest.
    • Regenerated API code for valkyrai; compile errors referencing javax.servlet.http resolved.
    • Added defensive null checks in ApiUtil.setExampleResponse and now pass HttpServletResponse via ServletRequestAttributes to avoid NPE during example response rendering.

  • Feature: Lightweight per-entity stats endpoint and secured repository convenience queries

    • Added derived Spring Data methods to every *PageableRepository:
      • count(), countByOwnerId(UUID ownerId), countByCreatedDateAfter(OffsetDateTime), countByLastModifiedDateAfter(OffsetDateTime), findTopByOrderByCreatedDateDesc()
    • Added GET /v1/<Entity>/stats endpoint per API interface returning JSON stats:
      • count, ownedCount, createdLast24h, modifiedLast24h, latestCreatedAt
    • Implemented in delegates with @PreAuthorize("hasRole('EVERYONE') or hasRole('ADMIN')") and user-scoped cache keys.

  • Change: Relationship fetch based on requiredness

    • In generated JPA models, associations now use:
      • fetch = EAGER when the property is required
      • fetch = LAZY when the property is optional
    • For @ManyToOne, optional and @JoinColumn(nullable=...) mirror required.
    • Keeps payloads lean while eagerly resolving mandatory links.

  • Fix: Stable JSON for Hibernate lazy proxies

    • Added jackson-datatype-hibernate5 and configured Hibernate5Module.
    • Disabled forced lazy loading; serialize identifiers for uninitialized proxies.
    • Added Jackson mixins to ignore hibernateLazyInitializer/handler on proxies.
    • Resolves ByteBuddy proxy serialization failures on Application.openAPISpec.

  • Feature: Pimped ExecModules (Email + Stripe)

    • Added comprehensive Javadoc for MailtrapSendModule, EmailModule, and StripeCheckoutModule (inputs, outputs, env, error codes).
    • New docs page: Execution-Modules/stripe-module.mdx covering setup and usage.
    • UI: Palette icons now include Stripe via react-icons/si (SiStripe).
    • UI: Palette fetch hardened to accept API responses as either ["Class"] or [{ className: "Class" }].
    • UI: Module picker shows friendly names for Stripe and Email modules when name is unset.
    • Tests: Added StripeCheckoutModuleTest covering input validation and error branches.