From 075300e61237b78e0d8a2fca863e48e8f6400fd4 Mon Sep 17 00:00:00 2001 From: VirusAlex Date: Fri, 1 May 2026 16:18:50 +0300 Subject: [PATCH] =?UTF-8?q?chore(release):=20prep=20for=20v1.0.0=20?= =?UTF-8?q?=E2=80=94=20pom=20bump,=20manifest=20version,=20README=20pin,?= =?UTF-8?q?=20CHANGELOG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three things, all paving the way for the v1.0.0 tag: 1. pom.xml version 0.4.0-SNAPSHOT → 1.0.0-SNAPSHOT. From v1.0 onward, wire formats and CLI flags are part of the contract; breaking either takes a major bump. 2. maven-shade-plugin's ManifestResourceTransformer now emits Implementation-Title + Implementation-Version. The App.versionString() helper reads Class.getPackage().getImplementationVersion() from the bundled manifest and was falling back to the hard-coded "0.1.0-SNAPSHOT" for the entire project's life because the shade transformer didn't write the entry. Tagged releases shipped correctly only because release.yml rewrites pom-version-per-tag before this stage; local jars and the new UI version chips therefore reported "0.1.0-SNAPSHOT" regardless of pom. Fixed in-place — every build (local or CI) now reflects the actual pom version. 3. README + CHANGELOG: docker-pin example bumped from "0.3.2" to "1.0.0"; the `:latest` tag table reworded to clarify it tracks stable 1.x+ (matches release.yml's `!startsWith(version, '0.')` gate added in PR-D). CHANGELOG gets the v1.0.0 entry summarising the audit-driven journey from 0.x and explicitly calling out the stability commitments (wire formats, CLI flags, security model). Local mvn package now reports `netcopy 1.0.0-SNAPSHOT` from the bundled manifest. ArchitectureTest 8/8. Co-Authored-By: Claude Opus 4.7 (1M context) --- CHANGELOG.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-- README.md | 4 ++-- pom.xml | 16 +++++++++++++++- 3 files changed, 67 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9723566..9b2137c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,56 @@ All notable changes to NetCopy go here. Each release section follows [Keep a Changelog](https://keepachangelog.com) and the project uses -[Semantic Versioning](https://semver.org/) — though `0.x` is treated as -pre-1.0, so any release in this line may break compatibility. +[Semantic Versioning](https://semver.org/). From v1.0.0 onward the wire +formats and CLI flags are stable: removing or breaking either requires +a major bump (and we have `schemaVersion` on every persisted file as the +forward-compat backstop). Pre-1.0 (`0.x`) was free to break. + +## [1.0.0] — 2026-05-01 + +First production release. The 0.x line was a long ramp-up: protocol +work in 0.2, performance + UX iteration in 0.3, a comprehensive +release-readiness audit in 0.4 that closed every blocker, every high, +and every medium finding (security, licensing, ArchUnit invariant +enforcement, schemaVersion, multi-arch image, Docker hardening, doc +alignment). v0.4.x followed up with live-test fixes (TCP pool sizing, +sort + filter UI, symmetric Connect button + classified errors, version +chips in the topbar, two startup hotfixes for shipping bugs). + +### Stability commitments (v1.0+) + +- **Wire formats** (REST JSON, TCP framing, WebSocket events, + `.netcopy/*` and `/jobs/*.json`) are now stable; + breaking changes will bump the major version. The `schemaVersion` + field on persisted files lets future readers refuse a newer-format + file rather than misinterpret it. +- **CLI flags** documented in `README.md` are stable. New flags can be + added; existing ones won't be removed or renamed without a major + bump. +- **Security model**: no-delete invariant (ArchUnit-enforced), the + whitelist of four classes that may touch destructive APIs, the + `acknowledgeOverwrite` gate on `POST /api/transfers`, NOFOLLOW_LINKS + on every data-plane open, the small TokenGate constant-time + comparison — all part of the contract. + +### Changes since v0.4.0 + +- v0.4.0 itself shipped the full audit-fix bundle (see below). +- v0.4.1: TCP connection pool now sized to `chunksPerFile × + fileParallelism` instead of just `chunksPerFile` — eliminated the + ~280 ms pool-acquire-wait that 32 chunk workers contended on against + 8 sockets. Clickable sort columns + per-panel substring filter in + both file panels. Symmetric Connect button on the local-token side + with classified error messages. +- v0.4.2 hotfix: the post-audit cleanup PR added a `kubectl --previous` + reference to a comment in `logback.xml`. XML forbids `--` inside + comments; Logback aborted the parse on every JVM startup with + `SAXParseException`. The runtime kept going on a default appender so + the bug shipped as ~3 hours of degraded log formatting in v0.4.0 + through v0.4.1. Removed the offending text. +- v0.4.3: NetCopy version chips in the topbar (local + peer), populated + from `/api/peer/info`. Lets you spot mid-rollout version mismatch at + a glance. ## [0.4.0] — 2026-04-30 diff --git a/README.md b/README.md index a85ca92..7ae0d27 100644 --- a/README.md +++ b/README.md @@ -303,8 +303,8 @@ Two distribution channels, both populated by the same release workflow: | Tag | When updated | |---|---| -| `latest` | Highest tagged stable release (`vX.Y.Z`), once 1.x ships. | -| `` (e.g. `0.3.2`) | Pinned to that tag, never overwritten. | +| `latest` | Highest tagged stable release (`vX.Y.Z`); excludes `0.x` pre-1.0 line. | +| `` (e.g. `1.0.0`) | Pinned to that tag, never overwritten. | | `main` | Rolling — overwritten by every push to `main`. Pre-release. | **Plain jars** on diff --git a/pom.xml b/pom.xml index 46fb5d7..8aecc69 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ dev.netcopy netcopy - 0.4.0-SNAPSHOT + 1.0.0-SNAPSHOT jar NetCopy @@ -163,6 +163,20 @@ dev.netcopy.App + + + NetCopy + ${project.version} +