Skip to content

0.9.0

Released 2026-07-01.

Strict OpenTelemetry entity-events alignment and read-surface security. 0.9.0 promotes the 0.9.0-beta line to stable: it aligns Toise with the entity-events spec (1.58.0) — full AnyValue descriptions, a delete reason, explicit "no cadence" semantics — and decouples ingest authentication from read authentication. It then adds an out-of-order relation fix and a Go toolchain security bump.

Not a wire-contract break, no data migration. Every change is additive and opt-in; the zero-config single binary is unchanged. See the 0.8 → 0.9 migration guide.

Strict spec alignment (entity-events 1.58.0)

  • Full AnyValue in entity.description. Descriptions carrying arrays and nested maps are now ingested faithfully end to end (ingest → store → projection → GraphQL/MCP) instead of dropping the non-scalar parts; a composite renders on read as compact JSON tagged array / kvlist. Identity stays scalar by contract (ADR 0018). ADR 0004 amended.
  • entity.delete.reason. A producer's motive on a delete — an open enum (terminated, expired, evicted, …, never validated against a closed set) — is captured, persisted, and exposed on MCP recent_changes / graph_diff and GraphQL ChangeEvent.deleteReason.
  • entity.report.interval == 0 (or absent) = no cadence. Such an entity is only ever removed by an explicit entity.delete, never expired by the liveness sweep — locked by a conformance test.

Read-surface security

  • Ingest auth and read auth are decoupled. New opt-in ingest_mtls_only (TOISE_INGEST_MTLS_ONLY, requires tls_client_ca_file): OTLP ingest is authenticated by mutual TLS alone — no bearer — while GraphQL / MCP keep requiring their per-client scoped tokens (role read / full, individually revocable) or OIDC. Default off; the bearer-on-ingest posture is unchanged. ADR 0028 amended.

Producer SDK — pkg/emit v0.3.0

  • Entity.RichAttributes (map[string]any) emits the full AnyValue (arrays, nested maps), symmetric with what Toise now ingests; Entity.DeleteReason emits entity.delete.reason. Additive: scalar-only producers are byte-for-byte unchanged and the published conformance fixture still holds.

Also

  • Fixed: the relation reconciliation buffer no longer drops a parked out-of-order edge whose endpoint reappears on a slower cadence than the buffer TTL (e.g. a runs_on -> host where the host heartbeats every few minutes). The hold now auto-scales from the source's entity.report.interval.
  • Security: the Go toolchain is pinned to 1.26.4, resolving three reachable standard-library advisories flagged by govulncheck (mime, crypto/x509). No application code changed.

The full changelog is in CHANGELOG.md.