Release v0.8.0

jumpbetweenrows · jumpbetweenrows · commit 90cd42cbdb9a · 2026-03-28T16:24:56.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.8.0] - 2026-03-28
+
+### Added
+- **User Attributes (ABAC)** — schema-first attribute system for attribute-based access control
+  - `attribute_definition` table defines allowed keys with types (`string`/`integer`/`boolean`), entity type scoping, optional enum constraints, and reserved key protection
+  - User attribute values stored as JSON column on `proxy_user` with full-replace semantics and write-time validation
+  - Typed `{user.KEY}` template variables in filter/mask expressions (Utf8/Int64/Boolean literals)
+  - User attributes available in decision function context as `ctx.session.user.attributes` with typed JSON values
+  - `time.now` (RFC 3339 evaluation timestamp) added to decision function context for time-windowed access
+  - Admin UI: attribute definition list/create/edit pages, user attribute editor with type-aware inputs
+  - CRUD API with `?force=true` cascade delete (SQLite `json_remove()` / PostgreSQL `jsonb -`)
+  - 3 new migrations (052–054)
+- **Save-time expression validation** — filter and mask expressions are validated at policy create/update time; unsupported SQL syntax returns 422 immediately instead of failing silently at query time
+  - CASE WHEN expression support added to the expression parser
+
+### Changed
+- **Shared WASM runtime** — consolidated `WasmDecisionRuntime` into a single `Arc` singleton created at startup, shared by `PolicyHook`, `EngineCache`, and `AdminState` (replaces per-use instantiation)
+- **Security vectors doc renamed** — `docs/permission-security-tests.md` → `docs/security-vectors.md`; added vectors 59–68 covering predicate probing, aggregate inference, EXPLAIN leakage, HAVING bypass, CASE expression bypass, window function ordering, timing side channels, and ABAC-specific vectors
+
 ## [0.7.0] - 2026-03-26
 
 ### Added
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/admin-ui/package.json b/admin-ui/package.json
@@ -1,7 +1,7 @@
 {
   "name": "admin-ui",
   "private": true,
-  "version": "0.7.0",
+  "version": "0.8.0",
   "type": "module",
   "scripts": {
     "dev": "vite",
diff --git a/migration/Cargo.toml b/migration/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "migration"
-version = "0.7.0"
+version = "0.8.0"
 edition = "2024"
 
 [dependencies]
diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "proxy"
-version = "0.7.0"
+version = "0.8.0"
 edition = "2024"
 
 [dependencies]

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "admin-ui",`
`3`	`3`	`"private": true,`
`4`		`- "version": "0.7.0",`
	`4`	`+ "version": "0.8.0",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"scripts": {`
`7`	`7`	`"dev": "vite",`