# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## 0.89.0 - 2025-01-09
### Added
- Introduce env variables to adjust transport performance
- Simplify `node create` execution
- Improve logs for relay creation
- Improve logs for tcp portals creation
- Add a custom log format to change the fields order
- Session replacer sends notifications on session lost/replaced
- Improvements to portals commands arguments
- Updated dependencies
### Changed
- Extract `OCKAM_SQLITE_IN_MEMORY` env var usage up to the cli state initialization
- Rename telemetry env vars
## 0.88.0 - 2024-12-12
### Added
- Add `UDP` support to nodes and multiaddr. refactor multiaddr
- Enable auto-retry on all repositories
- Updated dependencies
### Changed
- Make the auto-retry an implementation detail of repositories
### Fixed
- Update tests using the `ENROLLMENT_TICKET` env var
## 0.87.0 - 2024-12-04
### Added
- Avoiding memory fragmentation by reducing allocations
- Increased portal throughput by increasing payload size
- Updated dependencies
## 0.86.0 - 2024-11-30
### Added
- Reduce the api versions to the supported range
- Updated dependencies
## 0.85.0 - 2024-11-27
### Added
- Return new ticket format in `project ticket`
- Node's http server is enabled by default
- Remove last usages of `OCKAM_LOG` env var
- Simplify command node shutdown
- Add env. variables for auth0
- Adjust `enroll` logic and output for the new subscription plans
- Updated dependencies
### Fixed
- `project enroll` support for json encoded tickets
### Removed
- Remove the dev. authenticator endpoint
## 0.84.0 - 2024-11-12
### Added
- Support json output in `project ticket`
- `project ticket` show warning when using high values for ticket duration/usage
- Tie each tcp connection inside portal to an `Identifier`
- Improve delete behavior on different commands
- Rename ebpf portals -> privileged portals
- Updated dependencies
### Changed
- Bump sysinfo from 0.31.4 to 0.32.0
### Fixed
- Influxdb and tcp inlets delay the alias random value initialization to prevent collisions
- Make sure that traces are exported when a command is executed
- Force flush the traces later
- Error chain is kept in ockam_command crate
## 0.83.0 - 2024-10-25
### Added
- Updated dependencies
### Fixed
- Use the proper tls configuration to export logs and traces
## 0.82.0 - 2024-10-24
### Added
- Pretty json output by default, and colored if possible
- Add more granular scopes for command logs
- Allow relay connection failure without failing relay creation
- Updated dependencies
## 0.81.0 - 2024-10-23
### Added
- Switching to sqlite wal mode for better concurrency
- Updated dependencies
### Fixed
- Auto retry `SQLite` queries and transactions when the failure is a deadlock
- Avoid panicking when the non-persistent node cannot be deleted
## 0.80.0 - 2024-10-21
### Added
- Change behavior of how nodes' processes are stopped
- Improvements to commands outputs
- Return enrollment ticket hex-encoded
- Updated dependencies
## 0.79.0 - 2024-10-16
### Added
- `eBPF` portal updates:
- Updated dependencies
### Fixed
- `project enroll` should not try to fetch project data from orchestrator
## 0.78.0 - 2024-10-15
### Added
- Update influxdb token lease manager response api
- More options on token management for influxdb_outlet
- Simplify influxdb outlet deployment options
- Compact enrollment ticket encoded format
- Implement a more efficient function to delete all project members at once
- Updated dependencies
### Fixed
- Generate the enrollment ticket using the project route, and not its id
## 0.77.0 - 2024-09-23
### Added
- Add a value parser for change histories
- Added `TLS` inlet support
- Implement influxdb token lessor service
- Update default rendezvous server address
- Influxdb inlet/outlet that attach authorization token
- Improve output for lease commands
- Refactor influxdb api client to better handle error responses
- Implementation of reliable `TCP` portals
- Add reliable `TCP` portals to `ockam_api`&`ockam_command`
- Improve ux of influxdb portal commands
- Updated dependencies
### Changed
- Bump opentelemetry-appender-tracing from 0.4.0 to 0.5.0
- Bump sysinfo from 0.30.13 to 0.31.4
### Fixed
- Graceful stop of a node in the command
## 0.76.0 - 2024-08-14
### Added
- Heavy kafka refactoring, moved portal interceptor from `api` to `tcp` crate
- Kafka cleanups
- Added the possibility to encrypt specific fields in a kafka `JSON` record
- Updated dependencies
## 0.75.0 - 2024-08-12
### Added
- Updated dependencies
### Changed
- Do not enforce the existence of project and authority identities
## 0.74.0 - 2024-08-06
### Added
- Rework `Session`s
- Crud for space and project admins
- The config of `node create` accepts an `identity`
- Updated dependencies
### Changed
- Move shared projects modifications logic into repository
### Fixed
- Make sure that there is only one space max marked as default
- When refreshing projects, store first the admin projects
- Use lowercase email in query filters
- Email list binding in project query
- Set default project/space/user
## 0.73.0 - 2024-07-29
### Added
- Add the possibility to configure the default client timeout
- Display the error when enrolling with a ticket fails
- Wait for the project to be ready before creating an authority client
- Set the default timeout on the background node client
- Don't interpret a bad request status as already enrolled
- Move rendezvous_server to `ockam rendezvous-server start`
- Implicitly resolve outlet addresses during connection
- Converted socket addresses to hostnames in command
- Remove sync operations
- Log commands by default to a file
- Hide actual values for `Token` and `OneTimeCode` in `Debug`
- Increase opentelemetry queue sizes
- Adjust timeouts
- Report more detailed errors
- Stop a previous medic before starting a new one
- Integrate space's subscription data in command
- Handle duplicates in project's egress_allow_list field
- Updated dependencies
### Changed
- Always log messages from the terminal if logging is true
### Fixed
- Make sure that only one project is the default one
## 0.72.0 - 2024-07-03
### Added
- Updated dependencies
### Changed
- Use a published dependency for the patched sqlx library
- Improve output of `project enroll` and `credential` commands
## 0.71.0 - 2024-07-01
### Added
- Improve transport imports
- Integrate `UDP` puncture into `ockam_api`
- Add delete and list commands for kafka-outlet
- Use the any driver for sqlx to add support for postgres
- Change tcp protocol serialization
- Optimize cbor encoding by preallocating memory
- Updated dependencies
### Changed
- `project-member` commands, and adds the `show` command
- `kafka-*` commands
## 0.70.0 - 2024-06-25
### Added
- Add `identity` arg to `tcp-inlet create` to customize secure channel identifier
- Add `disable-content-encryption` flag to the kafka-inlet create command
- Exposed and added `ockam-rely` attribute validation for relay service
- Unified relay creation logic for project and rust
- Adapt the width of separator lines depending on the terminal width
- Updated dependencies
### Fixed
- Do not create instance of `HighlightLines` struct to prevent unexpected behaviors
- Ping directly the other node in relay rather than self-ping
- Terminal width detection, which was returning invalid values on ci
## 0.69.0 - 2024-06-11
### Added
- Kafka debugging of initial `ApiVersions`, useful when connection is closed right away
- Improve output for `project show` command
- Add jq filtering to commands json output
- Updated dependencies
### Changed
- Bump opentelemetry-appender-tracing from 0.3.0 to 0.4.0
### Fixed
- Do not add a newline on command output when stdout is not a tty
## 0.68.0 - 2024-05-30
### Added
- Create a portal for exporting traces when a project exists
- Show the unauthorized identifier in the logs
- Print the exact error when a persisted secure channel cannot be retrieved
- Make `default` vault reuse `SqlxDatabase` instance
- Fixed tls tcp outlets and kafka outlets
- Updated dependencies
## 0.67.0 - 2024-05-28
### Added
- Improve output of `project enroll` command
- Improve output of `node show` and `status` commands
- Create a project member for exporting traces when the authority node starts
- Create and store a default project when starting an authority node
- Add more log messages
- Add the possibility to use boolean expressions for policy expressions
- Address review comments
- Implement updating route to the outlet in the existing inlet
- Add an http server to the node manager to return the node resources
- Improvements for commands' output to standardize their formatting
- Removed consumer/producer/direct services and added inlet service
- Introduced consumer resolution and publishing concepts and implementation
- Added abac rules to kafka inlet and oulet
- Introduce granular ac for kafka portal worker
- Added policy access control usage
- Introducing a variant of the secure channel which only exchange keys
- Using key exchanger in kafka secure channel map
- Allow kafka portals to anchor trust on identities
- Switch to standard relay creation for kafka usage
- Use a different logger to log tracing/logging errors
- Add secure channel persistence
- Add secure channel persistence to kafka
- Updated dependencies
### Changed
- Upgrade the rust version to 1.77
### Fixed
- Printing multi-line logs generated by commands stdout output
- Allow initial credential exchange for key exchange only
- Fix outgoing policy in kafka outlet
## 0.66.0 - 2024-04-30
### Added
- Improve output of `node show` command
- If logging is enabled, command output will be redirected to the logs
- Improve output of `node create` command
- Updated dependencies
## 0.65.0 - 2024-04-23
### Added
- Support https for outlets
- Export opentelemetry traces by default
- Make the api for creating outlets more flexible
- Support progress_bar in command notifications
- Improve output of `node create` command
- Scope some repositories to a given node name
- When deleting a node, wait for node's process to finish
- Updated dependencies
### Fixed
- Set the global error handler even if logging is off
### Removed
- Removed an empty file
## 0.64.0 - 2024-04-12
### Added
- Add a attribute with the content of a node configuration file
- Add a user journey event when an identity has been created or imported
- Use outgoing access control
- Added kafka-inlet command and relative config side
- Updated dependencies
### Changed
- Organize bats tests in different suites
- Move terminal code from command to api
### Fixed
- Kms identity can be used in regular api nodes
## 0.63.0 - 2024-04-01
### Added
- Authority project admin credentials
- Admins are implicit members, enrollers as admins
- `identity create` can import an identity
- Backcompatible encoding/decoding optimizations
- Improve output for `enroll` command
- Add one second cache for incoming and outgoing access control
- Flag to enable/disable enrollers-as-admins on authority
- Use https for the default opentelemetry collector endpoint
- Add bats coverage for `node create ./config.yaml` command
- Reply to v1 transport messages with v1 transport messages
- Enable the tracing context on the rust side
- Store enrollment email to local db
- Create 3 separate credential retriever types
- Introduce `disable_trust_context_id` argument for authority
- Updated dependencies
### Changed
- Simplify `ProgressDisplay` to remove the mutex used to stop the message recv end
### Fixed
- Fix routing and flow control for local kafka outlets
## 0.62.0 - 2024-03-25
### Added
- Authority project admin credentials
- Admins are implicit members, enrollers as admins
- `identity create` can import an identity
- Backcompatible encoding/decoding optimizations
- Improve output for `enroll` command
- Add one second cache for incoming and outgoing access control
- Flag to enable/disable enrollers-as-admins on authority
- Use https for the default opentelemetry collector endpoint
- Add bats coverage for `node create ./config.yaml` command
- Updated dependencies
### Changed
- Simplify `ProgressDisplay` to remove the mutex used to stop the message recv end
### Fixed
- Fix routing and flow control for local kafka outlets
## 0.61.0 - 2024-03-18
### Added
- Tune the timeouts for checking if a node is ready
- Added manual tests to measure latency
- Upgraded kafka library, with kafka 3.7.0 support
- Propagating the errors from api clients to the command
- Add the node name to spans
- Instrument the tcp portal
- Instrument more functions for secure channels
- Start a new trace before sending a transport message
- Update display, log output in frequently used commands
- Introduced several cpu consumption optimizations
- Add an environment variable to specify if a user is an ockam developer
- Updated dependencies
### Changed
- Don't initialize logging at all if log is not enabled
- Rename methods and variables to insist on the exporting
- Refactor the code thanks to pr review comments
- Do small renaming of some local variables
### Fixed
- Fix the blocking processing of spans and log records
- Fix the creation of a trace id from a project id in tests
### Removed
- Remove resources when deleting a node
## 0.60.0 - 2024-02-28
### Added
- Add support for additional kafka addons
- Improve ockam enroll command ux output, help, logs, errors
- Add opentelemetry tracing and logging support
- Allow running `reset` command even if the database is in an invalid state
- Restart a project journey if project is deleted
- Delete `TrustContext`
- Add `skip_is_running_check` to the authority node
- Add application errors
- Improve ockam tcp-outlet commands ux output, help, logs, errors
- Improve credentials management
- Backup logs when app restarts inlet node
- Address review comments
- Instrument more functions for enrollement
- Simplifies `projects` section from the `run` config file
- Introduce `subject.has_credential`
- Unify creation and retry connection for portal and relay
- Improve authority debug-ability
- Tcp inlet creation will always optional validate unless `--no-connection-wait` is used
- Add `--force` flag to `enroll` command and switch default behavior
- Pass the tracing context at the ockam message level
- Add policies for resource types
- Improve portals reliability and integration tests
- Add an environment variable to configure a crates filter for log messages
- Create time-limited journeys
- Hash the host name used in the trace id
- Refactor `Project`-related code
- Update enroll ux with new help text, display, and log progress status messages
- Start a new trace for a background node
- Rework migrations
- Updated dependencies
### Changed
- Move the handling of attributes expiration date to a layer above the repository
- Separate transport messages from local messages
- Enable tracing by default
- Incorporate review comments
- Extract the progress display as a separate struct
- Get the default project only once
### Fixed
- Fix clippy warnings on nightly
- Close the context automatically on each test macro execution
- Execute logging / tracing tests as integration tests
- Command's verbose argument now has preference over env vars
- Store policies isolated by node and resource
- Make the journeys test more robust
- Fix okta authenticator, add identities to members table
- Set the proper span id on the propagated tracing context
- Use a stable span name for the root span of the host journey
- Avoid leaking resources when one step of the cleanup fails
- Use the correct policies in inlets/outlets created by kafka services
- Policy bats tests
- Fixed flaky kafka integration test
- Fixed kafka-related flaky tests
- Put the tracing context field under a compilation flag
- Avoid triggering tokio invalid reference drop in test
- Disable portal packet counter field
- Do not enforce enrollment limit
- Do not log messages by default on command parsing errors
- Don't set a logging appender when logging is disabled
- Fix a sql query
- Get project identifier from model, without building the whole identity
- Use project auth identifier in the journey instead of identity
- Fix the flushing of traces
- Make the journeys test more robust
### Removed
- Remove the tracing of sensitive parameters
- Remove `--resource` and `--resource-type` args from `policy show|list|delete`
- Remove some unnecessary context stops
## 0.59.0 - 2024-01-09
### Added
- Use `From` for converting errors
- Make authority issued credentials ttl configurable
- Updated dependencies
## 0.58.0 - 2024-01-04
### Added
- Updated dependencies
## 0.57.0 - 2023-12-26
### Changed
- Close unneeded tcp connections in various clients
- Updated dependencies
## 0.56.0 - 2023-12-19
### Changed
- Updated dependencies
## 0.55.0 - 2023-12-18
### Changed
- Updated dependencies
## 0.54.0 - 2023-12-16
### Added
- Add `VersionedData::data_type`. remove hash truncation
### Changed
- Persist application data in a database
- Slim down the node manager worker(s_ch)
- Updated dependencies
### Fixed
- Don't create default node when retrieving it and doesn't exist
### Removed
- Remove recursive calls in repository implementations
## 0.53.0 - 2023-12-15
### Changed
- Updated dependencies
## 0.52.0 - 2023-12-12
### Changed
- Updated dependencies
## 0.51.0 - 2023-12-11
### Changed
- Slim down the node manager worker(s_ch)
- Updated dependencies
## 0.50.0 - 2023-12-06
### Added
- Add `VersionedData::data_type`. remove hash truncation
### Changed
- Persist application data in a database
- Updated dependencies
### Fixed
- Don't create default node when retrieving it and doesn't exist
### Removed
- Remove recursive calls in repository implementations
## 0.49.0 - 2023-12-05
### Added
- Add `VersionedData::data_type`. remove hash truncation
### Changed
- Persist application data in a database
- Updated dependencies
### Removed
- Remove recursive calls in repository implementations
## 0.48.0 - 2023-11-23
### Changed
- Use `Identifier` as a return type in public api
- Updated dependencies
## 0.47.0 - 2023-11-17
### Changed
- Use `Identifier` as a return type in public api
- Updated dependencies
## 0.46.0 - 2023-11-08
### Changed
- Always using enum when representing the inlet connection status
- Updated dependencies
## 0.45.0 - 2023-11-08
### Changed
- Always using enum when representing the inlet connection status
- Updated dependencies
## 0.44.0 - 2023-11-02
### Changed
- Setup app's logs with the same features we use in the cli
- Updated dependencies
## 0.43.0 - 2023-10-26
### Changed
- Updated dependencies
## 0.42.0 - 2023-10-25
### Changed
- Updated dependencies
## 0.41.0 - 2023-10-18
### Changed
- Updated dependencies
## 0.40.0 - 2023-10-07
### Changed
- Make `Timestamp` arithmetic operations usage safer
- Cli's `random_name` function now returns human-readable two-word strings like 'fit-lark'
- Move the controller address to the node manager
- Use better names for request / response headers
- Introduce a secure client for the controller
- Use controller, authority and project nodes
- Simplify connections
- Introduce a supervised node manager to support connection replacements
- Adjust the code after rebase
- Move the in memory node to the ockam api crate
- Package all reply / response methods into a client
- Use the client in the background node
- Put back the is_rust check to create forwarders
- Rename forwarder to relay
- Updated dependencies
### Fixed
- Fix the sending of messages
- Fix the code after rebasing
- Drop the in memory node and delete its node manager
### Removed
- Remove an unused method
- Remove the need to keep a flag to skip defaults
- Remove two parameters from requests to the controller
- Remove the unused tag feature
- Remove the unused rpc proxy service
- Remove the supervised node manager
- Remove the secure clients struct
## 0.39.0 - 2023-10-05
### Changed
- Make `Timestamp` arithmetic operations usage safer
- Cli's `random_name` function now returns human-readable two-word strings like 'fit-lark'
- Move the controller address to the node manager
- Use better names for request / response headers
- Introduce a secure client for the controller
- Use controller, authority and project nodes
- Simplify connections
- Introduce a supervised node manager to support connection replacements
- Adjust the code after rebase
- Move the in memory node to the ockam api crate
- Package all reply / response methods into a client
- Use the client in the background node
- Put back the is_rust check to create forwarders
- Rename forwarder to relay
- Updated dependencies
### Fixed
- Fix the sending of messages
- Fix the code after rebasing
### Removed
- Remove an unused method
- Remove the need to keep a flag to skip defaults
- Remove two parameters from requests to the controller
- Remove the unused tag feature
- Remove the unused rpc proxy service
- Remove the supervised node manager
- Remove the secure clients struct
## 0.38.0 - 2023-09-28
### Added
- Add authority tests
### Changed
- Move authority node code level above in `ockam_api`
- Break up authenticator
- Updated dependencies
### Fixed
- Reset cli state if it can't be parsed
### Removed
- Remove scopes for authority members
## 0.37.0 - 2023-09-23
### Changed
- Switch to new `Identity` design
- Adapt to new identity design
- Updated dependencies
## 0.36.0 - 2023-09-22
### Changed
- Switch to new `Identity` design
- Adapt to new identity design
- Updated dependencies
## 0.35.0 - 2023-09-13
### Changed
- Updated dependencies
## 0.34.0 - 2023-09-06
### Added
- Added a direct local kafka for simple deployments and fixed service registry
### Changed
- Improve tcp disconnect api
- Use proper url data type
- Create a relay to the default project after enrolling and when starting the app
- Move common code to `api` so we can remove `command` from `app`
- Updated dependencies
### Fixed
- Fix the cbor annotations for non-borrowed data
### Removed
- Removed api lifetimes to access node manager operations directly
- Remove the `projects` field from `NodeManager` to load them from the `CliState`
## 0.33.0 - 2023-06-26
### Added
- Add more meaningful error messages for `CLiState` errors
### Changed
- Improve type safety for `FlowControls`
- Hide `Spawner` vs `Producer` logic under the hood
- Replace `crate::Result` with `miette::Result` as the main result type on command
- Update ockam api services error responses to using a struct
- Updated dependencies
## 0.32.0 - 2023-06-09
### Added
- Add more information about which processes use which files
- Add delete and list subcommands for kafka consumer/producer commands
### Changed
- Document the layout of files for a node
- Extend direct authenticator service to list and delete members
- Make `AccessControl` optional while starting a `Worker`
- Full local kafka implementation which credential validation and flow control
- Updated dependencies
### Removed
- Remove old config.json file and add migration
## 0.31.0 - 2023-05-26
### Added
- Add unit tests for the node and identity initialization
### Changed
- Rename import identity to decode identity since it is not importing anything
- Introduce a retrieve identity function returning an option
- Use identity identifiers for the creation of secure channels
- Use identity identifier for credentials
- Use an identity identifier for the node manager worker in kafka
- Use an identity identifier for the authority service
- Use a key value file storage for the vault
- Extract the vault_aws crate
- Simplify the identity state config
- Migrate the identities configuration
- Migrate only item paths
- Initialize the default node outside of the command run impl
- Move `FlowControls` to `Context` and make it mandatory
- Make `FlowControl` more mistake-resistant
- Improve `RpcProxyService`
- Improve `TCP` `::connect()` and `::listen()` outputs
- Improve `::create_secure_channel()` and `::create_secure_channel_listener()` output
- Improve tcp command ux
- Updated dependencies
### Removed
- Remove the need for a state item to know about the global state
- Remove unneeded `FlowControls` instance from `Auth API`
## 0.30.0 - 2023-05-12
### Changed
- Updated dependencies
### Removed
- Remove the vault service which is not used
## 0.29.0 - 2023-05-04
### Added
- Added a readme template and updated some readmes
### Changed
- Apply cli_state abstraction to identities and projects
- Apply cli_state abstraction to credentials and trust_contexts
- Apply cli_state abstraction to nodes
- Authority node creation
- Updated dependencies
### Fixed
- Move to the smaller, cargo-team maintained `home` crate
- Fix docs build for api and multiaddr crates
## 0.28.0 - 2023-04-27
### Changed
- Create a default project policy for a tcp inlet/outlet
- Extract identity as an entity
- Moved the builder functions to their respective structs
- Formatting
- Move the lmdb storage
- Ockam enroll outputs a ticket containing code and project
- Create abstraction for the cli state directories and applies it to the vaults state
- Allow kafka reconnection when project connection goes down
- Use the tcp constant for the transport type
- Updated dependencies
### Fixed
- Do not recreate an identity state if it already exists
- Resolve transport addresses as a separate step
### Removed
- Remove the vault service endpoint for getting secret data
- Removed the put_identity function on identities writer
## 0.27.0 - 2023-04-14
### Added
- Add trust context struct and traits
- Add trust context config and insantiate node manager with trust options
- Add trust context option to node create, use trust context with credential option
- Add more bats tests for trust context
- Add `RpcProxyService`
- Add a limited version of the `ockam run` command
- Add config directly to trust context state
### Changed
- Implement custom get_env
- Use trust context within the creation of ockam_api secure channels
- Trust context fully dictates cred check on node man
- Introduce `TrustOptions::insecure()` and `::insecure_test()`
- Start using `session_id` for outgoing secure channels in `ockam_api` and `ockam_command`
- Make message flow `Sessions` work with replacement `Sessions`
- Reduce usage of `::insecure()`
- Rename `create_tcp_session` -> `multiaddr_to_route`
- Rename `insecure_test` -> `new`
- Rename `Sessions` -> `FlowControls`
- Rename `TrustOptions` -> `Options`
- Use cli state for trust context and default trust context
- Disable `FlowControl` for loopback tcp connections and listeners
- Updated dependencies
### Fixed
- Fix project deletion from state
- Fix `authenticated` command & `Sessions`
- Fixes after tough rebase
- Include trust-context path in ockam reset
### Removed
- Remove few unwraps
## 0.26.0 - 2023-03-28
### Added
- Add `create_tcp_session` to `ockam_command`
- Add missing serialize / deserialize instances
### Changed
- Create tcp_connection along with secure channels in the same function call
- Use sessions in ockam_api
- Make trust arguments mandatory
- `Sessions` update
- Create an authority node
- Start the authority node with the node create command
- Retrieve the identity authority before creating the authority node
- Show the authority node as up
- Retry the creation of the lmdb database in case of a failure
- Refactor tuple to api-transport struct
- Move `multiaddr_to_socket_addr` method into `MultiAddr`
- Don't try to delete files or directories which are already deleted
- Updated dependencies
### Fixed
- Fixed the compilation errors with the tag feature
- Fix clippy warnings on test code
- Node duplication error
- Node duplication error
- Use the same criteria for checking if a node exists
- Make the authority_node field optional
- Make `ockam reset` delete specific state files
- When deleting the default vault/identity/project the data and the link are deleted
### Removed
- Remove warnings
- Removed type parameters exposing implementation details
- Remove the need for _arc functions
- Remove the legacy storage migration code
## 0.25.0 - 2023-03-03
### Added
- Add print encodable output
### Changed
- Refactor `CliState` so it can be built using an explicit directory
- Update `ockam_api` and `ockam_command` according to `TCP` updates
- Parse `/node/n1` to `/worker/addr` after connecting to the node via tcp
- Extend `ockam_api` transport info
- Use abac in authority services implementation
- Expand credential commands
- Update secure-channel create to allow for a provided credential
- Updated dependencies
### Fixed
- Fixes broken tests for macos, let the os choose available ports
- Reorganize bats tests to run them in parallel
- 'ockam enroll' overwrites current configuration instead of returning error
- Update cli_state test with credentials entry
## 0.24.0 - 2023-02-24
### Added
- Add default subcommand to node
### Changed
- Pre-trusted identity identifiers attributes
- Use credential instead of credentials
- Usable kafka sidecar implementation
- Standardize where authority stores membership information
- Implemented kafka message encryption and orchestrator integration
- Bump aws-sdk-kms to 0.24.0 and aws-config to 0.54.1
- Split cddl schema files & merge when cbor api validation is needed
- Updated dependencies
### Fixed
- Deleting a vault won't affect the default
### Removed
- Remove the lifetime annotation on `Credential` and `Attributes`
## 0.23.0 - 2023-02-09
### Added
- Add command to set the default vault
- Add command to set the default identity
### Changed
- Recipient returns an error instead of panicking
- Nodestate implement check whether a node is running
- Updated dependencies
### Fixed
- Apply `clippy --fix`
- Deleting an identity won't affect the default
## 0.22.0 - 2023-01-31
### Added
- Add kafka commands to request starting the producer/consumer services
- Add flag to reload enrollers from a file
- Add influxdb lease commands, orchestrator client, and default project
### Changed
- Create `SecureChannelRegistry`
- Move `storage` and `registry` to `Identity`
- Refactor `CliState` so the `authenticated_storage` is stored in the identities dir
- Implement vaults delete command
- Updated dependencies
### Fixed
- Vault deletion logic from `CliState`
## 0.20.0 - 2022-11-08
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
- Add `MultiAddr::matches`
- Add policy command
- Add command to list policies of a resource
- Add support to `project enroll` to set attributes
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Use `DefaultAddress` consts for default services addresses
- Change echo worker to accept any message
- Recover remote forwarder
- Resolve forwarder project name in manager
- `ockam node show` to use dynamic data from node
- Recover tcp inlet
- Use `Arc<RwLock<NodeManager>>` in recovery
- Implement `PolicyStorage` trait for lmdb
- Okta identity provider
- Complete policy delete functionality
- Wrap stored policy expressions
- Rename inlet and outlet policy resources
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
- Authority config keys must be strings
- Cleanup
- Changes due to review comments
- Review feedback
### Removed
- Remove ability to set arbitrary attributes
## 0.19.0 - 2022-09-21
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Use `DefaultAddress` consts for default services addresses
- Change echo worker to accept any message
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
- Authority config keys must be strings
### Removed
- Remove ability to set arbitrary attributes
## 0.18.0 - 2022-09-09
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Use `DefaultAddress` consts for default services addresses
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
- Authority config keys must be strings
### Removed
- Remove ability to set arbitrary attributes
## 0.17.0 - 2022-09-07
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
- Authority config keys must be strings
### Removed
- Remove ability to set arbitrary attributes
## 0.16.0 - 2022-09-05
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
- Authority config keys must be strings
### Removed
- Remove ability to set arbitrary attributes
## 0.15.0 - 2022-08-31
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
- Authority config keys must be strings
### Removed
- Remove ability to set arbitrary attributes
## 0.14.0 - 2022-08-29
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
- Add `Inlet/Outlet` to `Registry`
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Check controller's identity id when creating secure channel
- Always start signer service
- Replace signer with verifier
- Allow project metadata lookups and route substitution
- Change `VerifyRequest::credential` to binary
- Make `IdentityChangeHistory` crate public, cleanup usage
- Move credentials to `ockam_identity`
- Improve credential verification
- Get rid of old `ockam_api` module
- Return project names from multiaddr clean function
- Move project readiness logic into ockam_api
- Updated dependencies
### Fixed
- Clippy lints
- Fix schema validation
- Mutliaddr support for projects
- Creation of static forwarder at local nodes
### Removed
- Remove ability to set arbitrary attributes
## 0.13.0 - 2022-08-17
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
- Add `credential` module to `ockam` crate
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Make `IdentityIdentifier` encodable
- Move `CowStr` and `CowBytes` to `ockam_core`
- Move api structs to `ockam_core`
- Updated dependencies
### Fixed
- Clippy lints
### Removed
- Remove ability to set arbitrary attributes
## 0.12.0 - 2022-08-12
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
- Add project node identity to project cbor schema
- Add util::response module
- Add signer and direct enroller support
- Support different enroller/member store
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Rename ockam to service in multiaddr
- Integrate uppercase and echoer workers to nodemanager
- Implement stop command
- Use generic attributes in credential
- Allow export/import of identity
- Always require secure channel to authenticator
- Abstract over remote addresses with an alias system
- Cleaning up the alias configuration
- Genericise the node alias lookup system
- Simplify node configuration again
- Updated dependencies
### Fixed
- Clippy lints
### Removed
- Remove ability to set arbitrary attributes
## 0.11.0 - 2022-08-04
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
- Use temporary secure channel on cloud and enroll api endpoints
- Command config updates
- Updated dependencies
## 0.9.0 - 2022-07-18
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
## 0.8.0 - 2022-07-15
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
## 0.7.0 - 2022-07-15
### Added
- Add `Identity` basic functionality to `ockam_api`
- Add schema validation tests for cloud api types
- Add tests for api cloud endpoints + fixes error handling
### Changed
- Use identity secure channels to communicate with orchestrator
- Extract common utils to process api services req/res/err
- Extract common utils to process api services req/res/err
- Move cloud api endpoints to run through the nodes service
## 0.6.0 - 2022-06-30
### Changed
- `Storage` -> `AuthenticatedTable`
- Identity updates
- `AuthenticatedTable` -> `AuthenticatedStorage`
- Move `multiaddr_to_route` to `ockam_api`
- Allow conversion from route to multiaddr
- Partially convert ockam_command to use multiaddr
## 0.4.0 - 2022-06-14
### Added
- Add `to_vec()` for `RequestBuilder` and `ResponseBuilder`
### Changed
- Move ockam_vault service to ockam_api
- Move ockam_identity service to ockam_api
- Update nodemanager service to ockam_api structures
- Move node manager service to ockam_api crate
- Minicbor typetags, cli-cloud advances
### Fixed
- Apply style feedback
## 0.3.0 - 2022-06-06
### Added
- Add builders to ockam_api
- Add ockam_api_nodes
- Add command-line interface for nodes api
- Add cloud enroll, space and project subcommands
- Add cowbytes and cowstr
- Add `into_owned` for `CowStr` and `CowBytes`
- Add pid query to nodeman worker
- Add auth api
- Add clould invitation subcommands
- Add enrollment token + fixes to other commands
### Changed
- Ensure command-line args are not empty
- Rename new_context to new_detached
- Improve schema validation
- Avoid `ockam_identity` dependency in `ockam_api`
- Change `Defer` type for `CowStr` and `CowBytes`
- Make `Method` enum exhaustive
- Move `TypeTag` to `ockam_core`
- Extend `Request` and `Response` encode api
- Updated dependencies
### Fixed
- Rename subject to authenticated
### Removed
- Remove reqwest dependency in ockam_api
## 0.2.0 - 2022-05-23
### Added
- Add ockam_api
### Changed
- Updated dependencies