Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.2.5] - 2026-05-29

Client pool data race in multi-worker mode: pool_get/pool_put accessed client_pool and client_pool_count without synchronization. In multi-worker mode, on_new_connection runs on any event loop thread, causing two threads to acquire the same client object. This triggered a libuv assertion crash: uv_accept: Assertion 'server->loop == client->loop' failed. Added pool_mutex to protect all pool operations.

Redis Database Driver: New src/drivers/redis.c driver using hiredis. Supports connection pooling with password auth and DB index selection. Maps Redis reply types to tabular results: GET→1-row, HGETALL→field/value pairs, KEYS/LRANGE→N-row flat arrays. Transactions via MULTI/EXEC/DISCARD.

Unified Admin Dashboard: Web-based real-time monitoring dashboard at /admin with HTTP metrics, workflow execution graphs, MQ queue status, DB pool telemetry, AI model call tracking, and process metrics. Serves admin_ui.html SPA with WebSocket live events.
MongoDB Database Driver: New src/drivers/mongodb.c driver using libmongoc. Supports connection pooling and unified DB query interface.
MQ Message Status Monitoring: Real-time MQ events, depth tracking, and JSON stats endpoint for admin dashboard integration.
Global AI Telemetry: src/ai/ai.c now tracks model calls, token counts, and latency for admin dashboard consumption.
Global DB Telemetry: src/data/db.c tracks pool size, active connections, and query latency across all database drivers.

test_workflow_monitor SEGFAULT: Fixed heap-buffer-overflow caused by calloc(1, 1024) — csilk_ctx_t is 2944 bytes, allocated buffer was too small. Under ASan this triggered a SEGFAULT on every CI run.
scaffold csilk_perm_auto_middleware_passthrough: Replaced with existing csilk_perm_auto_middleware — the former never existed, causing compile failure in core API + perm mode.
MQ recovery regression: Fixed message queue recovery after connection drop.
Admin struct privacy: Resolved incomplete type for csilk_ctx_t in admin module.
Mermaid syntax: Fixed workflow Mermaid visualization for version 10+ quoting.
test_timeout flakiness: Fixed port conflict by adding server readiness sync.

Header relocation: workflow_wal.h moved from src/app/ to include/csilk/app/ to keep all headers under include/.
Admin scaffold: csilkskel now includes admin dashboard setup by default.
Version bumped: 0.2.1 → 0.2.3

Symmetric/Asymmetric Cipher Driver: New csilk_cipher_driver_t interface with AES-256-GCM encrypt/decrypt, RSA-2048 key generation, RSA-OAEP encrypt/decrypt, and RSA-PSS sign/verify. Includes a default OpenSSL EVP implementation (src/crypto/cipher.c). Pluggable via csilk_server_set_cipher_driver() — pass NULL to restore defaults.
Cipher Tests: 8 test cases covering symmetric roundtrip, wrong tag rejection, bad key rejection, asymmetric roundtrip, sign/verify, custom driver plugin, custom keygen, and NULL context fallback.

csilk_ctx_t: Added cipher_driver field for per-request cipher access.
Project structure: Added src/crypto/ and include/csilk/drivers/cipher.h.

Form URL-encoded Parser: Added csilk_parse_form_urlencoded() and csilk_get_form_field() for application/x-www-form-urlencoded body parsing (P5-1).
Session Support: Cookie-based in-memory session management with csilk_session_init/start/set/get/destroy API (P5-2).
HTTP Range Requests: Static file middleware now supports Range header with 206 Partial Content responses (P5-3).
Request Validation Middleware: csilk_validate() with REQUIRED/INT/STRING/EMAIL flags and min/max range validation (P5-4).
Connection Object Pool: Reuses csilk_client_t objects via free list to reduce allocation overhead (P3-5).
URL Decoding: Implemented csilk_url_decode() for percent-decoding query parameters.
SHA1/Base64 Known-Answer Tests: 14 test cases covering RFC 3174 and RFC 4648 vectors.
WebSocket Integration Test: Verified 101 Switching Protocols + Sec-WebSocket-Accept header.
Streaming Response Integration Test: Verified chunked encoding with csilk_response_write/end.
Redirect Tests: Enhanced with csilk_redirect_simple, 301/302/307 status codes, null-safety edge cases.

Connection Pool: Pool size of 32 clients; pool drained in csilk_server_free.
Streaming Response: csilk_response_write/end now sets is_async flag to prevent double-write; chunked headers respect client Connection: close header.
Static Middleware: Added Accept-Ranges: bytes header on all static responses.
Streaming Cleanup: Terminal chunk write callback closes connection instead of leaving cleanup to timer (fixes use-after-free).
Header Location: context_internal.h moved from src/core/ to include/; src/core include path removed from CMakeLists.txt.
Doxygen Documentation: Completed full Doxygen comments across all 37 source/header files with @brief, @param, @return, @note annotations.

Fixed csilk_parse_form_urlencoded Content-Type check logic (strict application/x-www-form-urlencoded check).
Fixed memory leak in static middleware: body_is_managed = 1 for full file buffer ensures cleanup.
Fixed csilk_ctx_cleanup + timer interaction in streaming response lifecycle.
Fixed 3 csilK_ typos in server.c (pool_get/pool_put parameter types) and session.c (typedef).

Initial release with core routing, middleware, and server implementation.
Support for JSON (cJSON), WebSocket, and YAML configuration.
Built-in middleware: Logger, Recovery, Auth, CORS, CSRF, Rate Limiting, Static Files.
Comprehensive Doxygen documentation.