chore(release): v0.3.2

grrowl · claude · grrowl · commit 7f573ed633dd · 2026-06-13T14:23:52.000+10:00
Bug-fix batch from the deep-audit follow-up (audit-excluded SSR topic aside): client reconnect-wedge fix (#12), wire-input hardening + error sanitization (#15, ADR-0012), catch-up N+1 batching (#14), plus expanded error/wire test coverage (#11) and dead-code/identifier-quoting cleanup (#13). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,42 @@ While pre-1.0, the public API may change between 0.x releases.
 
 _Nothing yet._
 
+## [0.3.2] — 2026-06-13
+
+### Added
+
+- **Wire-input hardening at the server boundary (ADR-0012).** Frame-shape
+  guards drop malformed frames — the socket survives and answers the next
+  valid frame — and inbound limits bound frame size and per-connection
+  subscription count. (#15)
+
+### Fixed
+
+- **A failed initial connect no longer wedges the client transport.** A
+  WebSocket that never `open()`s fires no `close` event, so the auto-reconnect
+  couldn't run and the cached rejected `connectPromise` wedged the transport
+  permanently — every later `connect()` returned the same rejection. On a
+  failed open the transport now clears the promise and re-arms the reconnect
+  while subscriptions are live. (#12)
+
+### Changed
+
+- **Reconnect catch-up no longer issues an N+1.** Delta hydration batches
+  keyed reads in chunks (≤64) and the per-table changelog read uses the
+  `(tbl, seq)` composite index, so a 500-key catch-up issues ~8 queries
+  instead of 500. Behavior is unchanged. (#14)
+
+### Security
+
+- **Mutation `execute` errors are sanitized.** A failed `execute` now returns a
+  generic "mutation failed" rather than leaking SQLite/internal detail to the
+  client; authorize errors still pass through. (#15)
+
+### Internal
+
+- Server error-path and wire-level test coverage expanded (#11); dead
+  `snapshotAll` removed and CDC trigger DDL identifiers quoted (#13).
+
 ## [0.3.1] — 2026-06-11
 
 ### Fixed
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tanstack-do-db-collection",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Sync a TanStack DB collection to a Cloudflare Durable Object over WebSockets — optimistic mutations, live queries, and single-ordered-stream write confirmation.",
   "type": "module",
   "license": "MIT",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "tanstack-do-db-collection",`
`3`		`- "version": "0.3.1",`
	`3`	`+ "version": "0.3.2",`
`4`	`4`	`"description": "Sync a TanStack DB collection to a Cloudflare Durable Object over WebSockets — optimistic mutations, live queries, and single-ordered-stream write confirmation.",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"license": "MIT",`