You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+30Lines changed: 30 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
5
5
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
8
+
## [0.2.1] - 2026-05-10
9
+
10
+
### Changed
11
+
-**Service Layer**: Refactored `connection_part2.go` into `credential.go`, separating credential capture, token refresh, and credential validation by responsibility.
12
+
-**HTTP Client**: `validateCredentials`, `refreshTokens`, and `executeExchange` now use the centrally injected `httpClient` instead of creating inline clients, ensuring the configured transport is respected across all outbound calls.
13
+
-**Audit Interface**: `ConnectionService` now accepts the `audit.Logger` interface instead of a concrete `*audit.Service` pointer, enabling proper mocking in unit tests.
14
+
-**Method Promotion**: `validateCredentials` and `refreshTokens` promoted from standalone functions to methods on `connectionService` to allow struct field access.
15
+
16
+
### Added
17
+
-**Service Layer Tests**: 7 new unit tests covering the previously untested `SaveCredential`, `Refresh`, and `ExchangeCodeForTokens` methods, including OAuth2 flows validated against `httptest` mock servers.
18
+
-**SOC 2 Integration Tests**: Enterprise-grade compliance test suite (`soc_test.go`, `soc_livedb_test.go`) verifying encryption at rest (SOC-CTRL-01), immutable audit trail (SOC-CTRL-02), API key enforcement (SOC-CTRL-03), IP allowlisting (SOC-CTRL-04), and defense-in-depth middleware (SOC-CTRL-05).
19
+
-**Architecture Enforcement**: `TestSeparationOfConcerns` statically analyzes import paths via `go/parser` to enforce layer boundaries at CI time.
20
+
-**Docker Compose**: Local PostgreSQL and Redis containers for running live integration tests against a real database schema.
21
+
22
+
---
23
+
24
+
## [0.2.0] - 2026-05-05
25
+
26
+
### Added
27
+
-**Security-as-Code CLI**: Declarative provider manifest management via YAML (`nexus apply`, `nexus plan`, `nexus diff`), with field-level diff output and concurrent provider fetching.
28
+
-**Audit Subsystem**: Structured audit event logging to `audit_events` table with caller IP, User-Agent, and JSON event data.
29
+
-**Secret Masking**: CLI masks sensitive fields in plan output to prevent credential exposure in logs.
30
+
31
+
### Changed
32
+
-**CI/CD**: Removed CI workflow from the open repository; internal Azure deployment pipeline secured behind manual trigger.
33
+
-**Documentation**: All registry examples standardized to `localhost:8090` to support OSS adoption without exposing internal infrastructure.
34
+
-**Providers Endpoint**: Fixed path references (`/v1/providers` → `/providers`, `/v1/audit` → `/audit`) throughout documentation and code.
0 commit comments