0.9.0¶
Released 2026-07-01.
Strict OpenTelemetry entity-events alignment and read-surface security. 0.9.0
promotes the 0.9.0-beta line to stable: it aligns Toise with the entity-events spec
(1.58.0) — full AnyValue descriptions, a delete reason, explicit "no cadence"
semantics — and decouples ingest authentication from read authentication. It then adds
an out-of-order relation fix and a Go toolchain security bump.
Not a wire-contract break, no data migration. Every change is additive and opt-in; the zero-config single binary is unchanged. See the 0.8 → 0.9 migration guide.
Strict spec alignment (entity-events 1.58.0)¶
- Full
AnyValueinentity.description. Descriptions carrying arrays and nested maps are now ingested faithfully end to end (ingest → store → projection → GraphQL/MCP) instead of dropping the non-scalar parts; a composite renders on read as compact JSON taggedarray/kvlist. Identity stays scalar by contract (ADR 0018). ADR 0004 amended. entity.delete.reason. A producer's motive on a delete — an open enum (terminated,expired,evicted, …, never validated against a closed set) — is captured, persisted, and exposed on MCPrecent_changes/graph_diffand GraphQLChangeEvent.deleteReason.entity.report.interval == 0(or absent) = no cadence. Such an entity is only ever removed by an explicitentity.delete, never expired by the liveness sweep — locked by a conformance test.
Read-surface security¶
- Ingest auth and read auth are decoupled. New opt-in
ingest_mtls_only(TOISE_INGEST_MTLS_ONLY, requirestls_client_ca_file): OTLP ingest is authenticated by mutual TLS alone — no bearer — while GraphQL / MCP keep requiring their per-client scoped tokens (role read / full, individually revocable) or OIDC. Default off; the bearer-on-ingest posture is unchanged. ADR 0028 amended.
Producer SDK — pkg/emit v0.3.0¶
Entity.RichAttributes(map[string]any) emits the full AnyValue (arrays, nested maps), symmetric with what Toise now ingests;Entity.DeleteReasonemitsentity.delete.reason. Additive: scalar-only producers are byte-for-byte unchanged and the published conformance fixture still holds.
Also¶
- Fixed: the relation reconciliation buffer no longer drops a parked out-of-order
edge whose endpoint reappears on a slower cadence than the buffer TTL (e.g. a
runs_on -> hostwhere the host heartbeats every few minutes). The hold now auto-scales from the source'sentity.report.interval. - Security: the Go toolchain is pinned to 1.26.4, resolving three reachable
standard-library advisories flagged by
govulncheck(mime,crypto/x509). No application code changed.
The full changelog is in
CHANGELOG.md.