release: v1.5.0 — architecture state + migration preview + policy-gated schema drops

- Add scoped Architecture Diff (+_hist scope expansion) with stable state fingerprinting
- Add Migration Plan Preview and Shadow Compare (intent vs. materialization DDL)
- Add policy-gated DROP COLUMN support (base + optional _hist via env flags)
- Improve drift/type normalization across dialects and clarify CLI notices for destructive DDL
- Update documentation (architecture overview, schema evolution, historization policy) and README blurb

Author: ilona0925

.elevata/state/architecture_state.json

@@ -28,6 +28,7 @@ ELEVATA_SQL_DIALECT=duckdb
 ELEVATA_TARGET_SYSTEM=dwh
 
 ELEVATA_ALLOW_AUTO_DROP_COLUMNS=false
+ELEVATA_ALLOW_AUTO_DROP_HIST_COLUMNS=false
 ELEVATA_ALLOW_TYPE_ALTER=false
 
 # --- Pepper value for hash keys ---

.env.example

@@ -10,6 +10,7 @@
 
 # elevata
 core/.artifacts/
+core/.elevata/
 
 # Python
 __pycache__/

.gitignore

@@ -19,6 +19,48 @@ TBD
 
 ---
 
+## [1.5.0] - 2026-04-24
+
+This release strengthens elevata’s Architecture Runtime by making architecture drift visible,  
+scoping changes to the executed dataset set, and introducing policy-gated destructive schema operations.
+
+The focus is deterministic, explainable schema evolution across supported warehouses.
+
+---
+
+### ✨ Added
+
+#### Architecture State & Diff (scoped)
+
+- Architecture state persistence with stable fingerprinting  
+- Scoped architecture diff for the current execution order (includes related `_hist` targets)  
+- Migration plan preview for renames, adds, drops and type evolution signals  
+- Shadow compare that cross-checks migration intent vs. planned materialization DDL
+
+#### Policy-gated destructive schema operations
+
+- Base-table `DROP COLUMN` support gated by `ELEVATA_ALLOW_AUTO_DROP_COLUMNS`  
+- Optional `_hist` physical drops gated by `ELEVATA_ALLOW_AUTO_DROP_HIST_COLUMNS`  
+- Minimal CLI notice when destructive DDL is planned/executed (prevents “silent cleanup” surprises)
+
+---
+
+### 🔄 Improved
+
+- Clearer CLI output for architecture drift and migration intent  
+- More robust cross-dialect type normalization and equivalence handling  
+- Improved determinism for drift detection across warehouse-specific type representations
+
+---
+
+### 🛠️ Fixed
+
+- Multiple edge cases in schema drift planning around rename/add/drop interactions  
+- Improved correctness for historization-related schema sync scenarios  
+- Miscellaneous stability improvements in execution + materialization tooling
+
+---
+
 ## [1.4.3] - 2026-04-04
 
 This patch release restores the correct logo asset reference in elevata's UI.

CHANGELOG.md

@@ -52,7 +52,7 @@ validated before execution.
 
 
 <p align="center">
-  <img src="https://raw.githubusercontent.com/elevata-labs/elevata/main/docs/elevata_v1_4_0.png" alt="elevata UI preview" width="700"/>
+  <img src="https://raw.githubusercontent.com/elevata-labs/elevata/main/docs/elevata_v1_5_0.png" alt="elevata UI preview" width="700"/>
   <br/>
   <em>Dataset detail view with lineage, metadata, and dialect-aware SQL previews</em>
 </p>
@@ -114,6 +114,8 @@ schema evolution, and structured load logging.
 
 Behavior is deterministic and observable.
 
+Schema drift is reconciled via metadata-driven materialization planning (renames, adds; destructive changes are policy-gated).
+
 ---
 
 ## 📐 Query Builder

README.md

@@ -43,7 +43,7 @@
 BASE_DIR = Path(__file__).resolve().parent.parent
 load_dotenv(find_dotenv(filename=".env", raise_error_if_not_found=False))
 
-ELEVATA_VERSION = "1.4.3"
+ELEVATA_VERSION = "1.5.0"
 
 ELEVATA_PROFILES_PATH = os.getenv("ELEVATA_PROFILES_PATH", str((BASE_DIR.parent / "config" / "elevata_profiles.yaml")))
 

core/elevata_site/settings.py

@@ -1415,12 +1415,135 @@ def row_delete(self, request, pk):
       return htmx_oob_warning(
         "Cannot delete: downstream datasets depend on this (see Lineage). Remove downstream dependencies first."
       )
+    
+    def _maybe_allow_rawcore_column_delete_via_hist_orphaning(*, col, protected_objects, actor) -> bool:
+      """
+      Allow deleting a non-system-managed rawcore base TargetColumn even if it is PROTECTed
+      by system-generated TargetColumnInput links to its *_hist mirror column.
+
+      Behavior:
+        - deactivate the linked *_hist column(s) (do NOT delete)
+        - delete only the specific TargetColumnInput rows that caused the PROTECT
+        - then the caller can retry col.delete()
+
+      Safety:
+        - only applies if ALL protected_objects are TargetColumnInput rows
+          pointing from *_hist -> this base column.
+      """
+      try:
+        if col is None or col.__class__.__name__ != "TargetColumn":
+          return False
+
+        # Only user/business columns should be deletable.
+        if getattr(col, "is_system_managed", False) or getattr(col, "system_role", None):
+          return False
+
+        td = getattr(col, "target_dataset", None)
+        if td is None:
+          return False
+        schema = getattr(td, "target_schema", None)
+        if getattr(schema, "short_name", None) != "rawcore":
+          return False
+
+        ds_name = getattr(td, "target_dataset_name", "") or ""
+        if not isinstance(ds_name, str) or ds_name.endswith("_hist"):
+          return False
+
+        # If the dataset does not historize, there should be no hist-mirror dependencies.
+        if not getattr(td, "historize", False):
+          return False
+
+        protected = list(protected_objects or [])
+        if not protected:
+          return False
+
+        # Must be ONLY TargetColumnInput references (otherwise: real dependency, keep blocking).
+        if any(getattr(o, "__class__", None).__name__ != "TargetColumnInput" for o in protected):
+          return False
+
+        ids = [getattr(o, "pk", None) for o in protected if getattr(o, "pk", None)]
+        if not ids:
+          return False
+
+        TargetDataset = apps.get_model("metadata", "TargetDataset")
+        TargetColumn = apps.get_model("metadata", "TargetColumn")
+        TargetColumnInput = apps.get_model("metadata", "TargetColumnInput")
+
+        # Resolve hist dataset (prefer lineage_key, fallback to naming convention).
+        hist_td = None
+        lk = getattr(td, "lineage_key", None)
+        if lk:
+          hist_td = (
+            TargetDataset.objects
+            .filter(
+              target_schema=td.target_schema,
+              lineage_key=lk,
+              target_dataset_name__endswith="_hist",
+            )
+            .first()
+          )
+        if hist_td is None:
+          hist_td = (
+            TargetDataset.objects
+            .filter(
+              target_schema=td.target_schema,
+              target_dataset_name=f"{ds_name}_hist",
+            )
+            .first()
+          )
+        if hist_td is None:
+          return False
+
+        # Ensure the ProtectedError is ONLY about those hist-mirror inputs.
+        tci_qs = TargetColumnInput.objects.filter(pk__in=ids, upstream_target_column=col)
+        if tci_qs.count() != len(ids):
+          return False
+        tci_qs = tci_qs.filter(target_column__target_dataset=hist_td)
+        if tci_qs.count() != len(ids):
+          return False
+
+        hist_col_ids = list(tci_qs.values_list("target_column_id", flat=True))
+        if not hist_col_ids:
+          return False
+
+        # Deactivate hist columns (do not delete).
+        update_payload = {"active": False}
+        if hasattr(TargetColumn, "is_system_managed"):
+          update_payload["is_system_managed"] = True
+        if actor is not None and hasattr(TargetColumn, "updated_by_id"):
+          update_payload["updated_by"] = actor
+        TargetColumn.objects.filter(pk__in=hist_col_ids).update(**update_payload)
+
+        # Remove only the exact inputs that blocked deletion.
+        tci_qs.delete()
+        return True
+      except Exception:
+        return False
 
     try:
       obj.delete()
       html = f'<tr id="row-{obj_id}" hx-swap-oob="delete"></tr>'
       return HttpResponse(html, status=200)
     except ProtectedError as e:
+      # Special case: allow deleting a user-managed rawcore base column even if
+      # it is PROTECTed by system-generated *_hist mirror inputs.
+      try:
+        if obj.__class__.__name__ == "TargetColumn":
+          actor = get_current_user() or getattr(request, "user", None)
+          if not getattr(actor, "is_authenticated", False):
+            actor = None
+          if _maybe_allow_rawcore_column_delete_via_hist_orphaning(
+            col=obj,
+            protected_objects=getattr(e, "protected_objects", None),
+            actor=actor,
+          ):
+            # Retry after detaching the hist-mirror dependencies.
+            obj.delete()
+            html = f'<tr id="row-{obj_id}" hx-swap-oob="delete"></tr>'
+            return HttpResponse(html, status=200)
+      except Exception:
+        pass
+
       # HTMX: show a helpful feedback instead of silently failing
       msg = "Cannot delete: this record is still referenced."
       try: