Releases: szTheory/sigra
Releases · szTheory/sigra
v0.2.5
Summary
- Several audit-backed MFA, JWT, account, and API-token flows now succeed or fail as one unit instead of risking a data change without the matching audit row.
- Malformed refresh tokens fail earlier with
{:error, :invalid_token}instead of going through the normal hash-and-lookup path first. - Most apps do not need new upgrade steps for this release; it is mainly a safety, correctness, and observability improvement.
What's Changed
Full Changelog: v0.2.4...v0.2.5
Contributors
szTheory
Assets 2
v0.2.4
Summary
- MFA backup-code regeneration and trust-browser audit writes are now more durable when audit logging is enabled.
- A database-level audit insert failure now falls back to the same telemetry-first behavior as other safe audit helpers instead of surfacing a rougher failure mode.
- This release is mostly operational hardening and docs polish; most host apps do not need a new install or migration step.
What's Changed
- docs: public surface polish (badges, README, guides, ExDoc) by @szTheory in #26
- fix(ci): retry mix deps.get in install-smoke (heroicons git HTTP 5xx) by @szTheory in #27
- chore: sync main — v1.14 milestone archive and planning backlog by @szTheory in #29
- chore(release): prepare Hex 0.2.4 by @szTheory in #30
Full Changelog: v0.2.3...v0.2.4
Contributors
szTheory
Assets 2
v0.2.3
v0.2.2
v0.2.1
0.2.1 (2026-04-23)
Features
- 053-01: add Hex docs link and ExDoc publish reminder (3362bf0)
- 053-01: refresh Hex description for PUB-01 (acd275e)
- 06-01: add MFA deps, config, error types, and Credential struct (52a25f4)
- 06-01: implement MFA orchestrator, BackupCodes, Trust, and Lockout modules (e913806)
- 06-02: add MFA-aware authenticate flow and complete_mfa_verification (db192a1)
- 06-02: add RequireMFA and RequireMFAEnrolled plugs with mfa_pending session type (d3bb45b)
- 06-03: add MFA telemetry event catalog and integration (826945c)
- 06-03: add MFA testing helpers and TokenCleanup mfa_pending extension (bf17b7c)
- 06-04: add MFA email templates, Auth context delegation, and test fixtures (8a93edb)
- 06-04: add MFA migration tables and generated Ecto schemas (e66b8f4)
- 06-05: add MFA challenge page templates (controller + HTML + LiveView) (8efd59d)
- 06-05: add MFA settings templates, require_mfa plug, and generator wiring (89cc608)
- 07-01: APIToken module and RequireScopes plug with full test coverage (953adbe)
- 07-01: config extensions, StringList type, ScopeRegistry, error types, telemetry events (e1e0e39)
- 07-02: add Joken dependency, ClaimsBuilder behaviour, and Signer module (8c79f0c)
- 07-02: add JWT module and RefreshToken with family-based reuse detection (2d00c6e)
- 07-03: add Auth delegation, TokenCleanup extension, Testing helpers, Email notification (611e5f6)
- 07-03: rewrite FetchBearer with auto-detection and scope assignment (425527a)
- 07-04: add API controllers, email template, injector, and install task (86f9be4)
- 07-04: add API token migration and schema templates (9b13525)
- 08-01: add config extensions, email templates, and data export behaviour (cd3ef15)
- 08-01: implement hooks engine with Ecto.Multi integration and tests (b635995)
- 08-02: add Account orchestrator with unified delegation API (44ea30a)
- 08-02: implement Account Deletion module with 3 strategies (cd31c37)
- 08-02: implement EmailChange and PasswordChange modules (601d35f)
- 08-03: add telemetry events and Auth module lifecycle delegation (34e6f2b)
- 08-03: implement RequirePasswordChange plug and AccountDeletion Oban worker (6c26dce)
- 08-04: add 7 account lifecycle email templates (36363df)
- 08-04: auth context lifecycle delegation and hooks stub module (ada92fb)
- 08-04: migration template, user schema, and token TTL for account lifecycle (21332d3)
- 08-05: add generator injector for lifecycle routes, plugs, and tests (ba5d3c5)
- 08-05: add settings LiveView, reactivation page, and lifecycle testing helpers (61112c9)
- 09-01: add audit_events migration template (02ae340)
- 09-01: add AuditEvent schema template and wire install task (bd3f69f)
- 09-02: add Sigra.Audit changeset, cursor, query submodules (01f75de)
- 09-02: add Sigra.Audit public API (ce6dc7c)
- 09-03: integrate audit logging into auth + session + security subsystems (0724d96)
- 09-03: integrate audit logging into mfa + oauth + api_token + account (68e222c)
- 09-04: add Sigra.Workers.AuditCleanup Oban worker and startup warning (a01a25c)
- 10-01: add audit test helpers and section headers to Sigra.Testing (d891e2b)
- 10-02: add scenario fixtures to AuthFixtures template (24ecd7c)
- 10-03: add :cookie_domain config + Sigra.MFA.Trust.cookie_opts/1 (080fd4f)
- 10-03: runtime remember_me_options in UserAuth + MFA trust cookie + boot warning (4aa7030)
- 10-05: add pure helpers + doctests to Config/Auth/Testing (fa57f1e)
- 10-06: scaffold test/example Phoenix app with Sigra installed (2f1790e)
- 10.1.1-03: unify example app on Sigra canonical user_sessions store (B6, D-06/D-07) (ddf7b94)
- 10.1.1-05: flip installer default to binary_id (uuid) PKs (D-10) (d1d2c40)
- 10.1.1-06: add --yes non-interactive flag to sigra.install (2b15e81)
- 10.1.1-06: add install_smoke + example_http_smoke CI jobs (ae37e78)
- 10.1.1-06: add install-smoke.sh and http-smoke.sh CI drivers (c082ab3)
- 10.1.1-07: add data-testid hook to MFA TOTP secret (7dd8e25)
- 10.1.1-07: scaffold Playwright golden-path browser smoke harness (24e8c7c)
- 41: TOTP-gated backup code rotation and GA-01 regression (e5f399e)
- 43-02: atomic auth.register.success audit via register_user_multi (d2e6efb)
- 43-03: atomic magic-link and password-reset request audits via Multi (149ab89)
- 43-04: atomic auth.login.success audit with lockout Multi (3bc7811)
- 49-01: add mix ci.audit_45 alias for AUD-08 merge gate (3adb5fe)
- 50-01: add mix ci.install_golden alias for install golden tests (ba8ca30)
- audit: add audit_multi_step for multi-row Multi audits (a642496)
- mfa: atomic audit Multis for AUD-06 (MFA) ([3d5abf1](3d5abf112403cd...