Release v0.4.0

Author: jumpbetweenrows

.claude/commands/release.md

@@ -12,14 +12,24 @@ description: Prepare and tag a new release for this project. Both apps (proxy an
 
 ### 2. Draft changelog entries
 
-Analyse the commits from step 1 and draft changelog entries grouped by:
+Draft entries **solely from the commit messages** gathered in step 1. Do not use the existing `## [Unreleased]` section in `CHANGELOG.md` as a source — it may contain entries for features that were planned but never implemented. The commits are the ground truth.
+
+Group entries by:
 
 - **Added** — new features
 - **Changed** — changes to existing behaviour
 - **Fixed** — bug fixes
 - **Infrastructure** — CI, build, tooling changes (omit if trivial)
 
-Do not include merge commits, formatting-only commits, or version bump commits.
+Format each entry as a bolded feature name with a short summary, followed by detail sub-bullets where useful:
+```
+- **Feature name** — one-line summary
+  - detail point
+  - detail point
+```
+Do not mix flat one-liners with wall-of-text entries. Keep the top-level line scannable; put specifics in sub-bullets.
+
+Do not include merge commits, formatting-only commits, or version bump commits. Do not classify a commit as **Fixed** if it fixes a bug in code that was not yet released — those are part of the new feature and belong under **Added** or **Changed**. **Fixed** is only for regressions or bugs in previously released behavior.
 
 Show the draft to the user and ask them to confirm or edit it before proceeding. Also ask for the new version number (suggest one based on the changes: patch for fixes only, minor for new features, major for breaking changes).
 

CHANGELOG.md

@@ -7,27 +7,45 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] - 2026-03-08
+
 ### Added
 - **Policy system** — configurable row filtering, column masking, and column access control via named policies assigned to datasources and users
   - `policy`, `policy_version`, `policy_obligation`, `policy_assignment`, `query_audit_log` database tables (migration 007)
-  - `PolicyHook` replaces hardcoded `RLSHook`; supports `row_filter`, `column_mask`, and `column_access` obligation types
+  - `PolicyHook` replaces `RLSHook`; supports `row_filter`, `column_mask`, and `column_access` obligation types
   - Template variables (`{user.tenant}`, `{user.username}`, `{user.id}`) with parse-then-substitute injection safety
   - Wildcard matching (`schema: "*"`, `table: "*"`) in obligation definitions
-  - `access_mode` field on datasources: `"policy_required"` (default) or `"open"` (no policy = full access)
-  - Optimistic concurrency on policy updates via `version` field (409 Conflict on mismatch)
-  - Immutable `policy_version` snapshots on every policy mutation for audit traceability
+  - `access_mode` on datasources: `"policy_required"` (default) or `"open"`
+  - Optimistic concurrency via `version` field (409 Conflict on mismatch)
+  - Immutable `policy_version` snapshots on every mutation for audit traceability
   - Deny policies short-circuit with error before plan execution
-  - 60-second per-session policy cache with `invalidate_datasource` / `invalidate_user` hooks
-- **Policy CRUD API** — `GET/POST /policies`, `GET/PUT/DELETE /policies/{id}` (admin-only)
-- **Policy assignment API** — `GET/POST /datasources/{id}/policies`, `DELETE /datasources/{id}/policies/{assignment_id}`
-- **YAML import/export** — `GET /policies/export`, `POST /policies/import` (with `?dry_run=true`)
-- **Query audit log** — async logging of every proxied query; `GET /audit/queries` with pagination and filtering by user, datasource, date range
-- **Admin UI — Policies** — list, create, and edit policies with an obligation builder (row_filter, column_mask, column_access); inline enable/disable toggle
-- **Admin UI — Policy Assignments** — `PolicyAssignmentPanel` on datasource edit page; assign/remove policies with optional user scope and priority
-- **Admin UI — Query Audit** — paginated log with expandable rows showing original query, rewritten query, and applied policy snapshots
-- **Demo e-commerce schema** — `scripts/demo_ecommerce/` with schema, seed script, and example `policies.yaml` covering all P0 stories
+  - 60-second per-session cache with `invalidate_datasource` / `invalidate_user` hooks
+- **Policy API** — admin-only CRUD and assignment endpoints
+  - `GET/POST /policies`, `GET/PUT/DELETE /policies/{id}`
+  - `GET/POST /datasources/{id}/policies`, `DELETE /datasources/{id}/policies/{assignment_id}`
+- **Query audit log** — async logging of every proxied query
+  - `GET /audit/queries` with pagination and filtering by user, datasource, date range
+- **Visibility-follows-access** — per-connection, per-user filtered `SessionContext`
+  - Users only see tables and columns their policies permit
+  - Policy changes take effect immediately without reconnect
+- **JSON/JSONB support** — `json` and `jsonb` columns via DataFusion v52 and `datafusion-functions-json`
+  - `->` / `->>` operators and JSON UDFs available in queries
+  - Filter pushdown to upstream PostgreSQL for supported operators
+- **EXPLAIN support** — `EXPLAIN <query>` returns a PostgreSQL-compatible single-column `QUERY PLAN` response
+- **Admin UI — Policies** — list, create, and edit policies with an obligation builder; inline enable/disable toggle
+- **Admin UI — Policy Assignments** — assign/remove policies per datasource with optional user scope and priority
+- **Admin UI — Query Audit** — paginated audit log with original query, rewritten query, and applied policy snapshots
+- **Demo e-commerce schema** — `scripts/demo_ecommerce/` with schema, seed script, and example policies
 - **Docs** — `docs/permission-system.md` (user guide) and `docs/permission-security-tests.md` (security test plan)
 
+### Changed
+- **Arrow encoding** — migrated to `arrow-pg`; handler simplified; removed `arrow_conversion` and `sql_rewrite` modules
+
+### Infrastructure
+- **CI/CD** — split into CI (tests on every push to `main`) and CD (publish + deploy on `v*` tag only)
+  - Docker images tagged `X.Y.Z` and `X.Y`; deploy uses explicit version tag for prod traceability
+  - `workflow_dispatch` added for manual redeployment of an existing version
+
 ## [0.3.0] - 2026-03-04
 
 ### Added

Cargo.lock

@@ -1,7 +1,7 @@
 {
   "name": "admin-ui",
   "private": true,
-  "version": "0.3.0",
+  "version": "0.4.0",
   "type": "module",
   "scripts": {
     "dev": "vite",

admin-ui/package.json

@@ -1,7 +1,7 @@
 [package]
 name = "migration"
-version = "0.3.0"
-edition = "2021"
+version = "0.4.0"
+edition = "2024"
 
 [dependencies]
 sea-orm-migration = { version = "1", features = ["sqlx-sqlite", "sqlx-postgres", "runtime-tokio-rustls"] }

migration/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "proxy"
-version = "0.3.0"
+version = "0.4.0"
 edition = "2024"
 
 [dependencies]