v1.51.0

Changed

• Updated DevContext and LSP to support composable schemas (#2965)

Fixed

• Fix increase in memory usage brought in v1.50.0 due to replacing protoc-gen-validate with protovalidate (#2984)
• Fix duplicate diagnostics in LSP server when VS Code pulls diagnostics (#2977)
• In DevContext's schema position mapper, only the first occurrence of a caveat parameter could be found (#2972)

What's Changed

• chore: release 1.50.0 by @miparnisari in #2974
• chore: bump grpc for CVE by @miparnisari in #2976
• Fix duplicate diagnostics in LSP server by @ivanauth in #2977
• test(*): remove all t.Parallel() calls in the tests by @barakmich in #2955
• fix(devContext): only the first occurrence of a caveat parameter coul… by @miparnisari in #2972
• chore: better tracing (generator.GenerateSchema, WriteSchema) by @miparnisari in #2981
• fix: pin trivy while they figure things out by @barakmich in #2983
• fix(memory): use global protovalidate instance and bump version by @miparnisari in #2984
• feat: update DevContext and LSP to support composable schemas by @tstirrat15 in #2965

Full Changelog: v1.50.0...v1.51.0

Docker Images

This release is available at authzed/spicedb:v1.51.0, quay.io/authzed/spicedb:v1.51.0, ghcr.io/authzed/spicedb:v1.51.0

v1.50.0

⚠️ This release comes with an increase in memory usage that we will mitigate in v1.51.0.

Added

• Query Planner: New pkg/query/queryopt package for building optimizations (#2970)
• Added tracing to request validation (#2950)

Changed

• Updated CI so that Postgres tests run against v18 which is GA and not against v13 which is EOL (#2926)
• Use protovalidate instead of protoc-gen-validate for request validation (#2863, #2596, #2959)
• Query Planner optimization: in Check requests, prune branches that cannot lead to the subject type specified (#2968)
• Added lr and ls to --experimental-query-plan for those endpoints, as well as in-memory statistics for optimizing the plans (#2929)

Fixed

• Regression introduced in 1.49.2: missing spans in ReadSchema calls (#2947)
• Long standing bug in the way postgres revisions were being compared. Sometimes revisions that were actually overlapping were erroneously being ordered. (#2958)
• Prevent panics in schema compiler, which can reproduce if using the VSCode extension or zed (#2971)

What's Changed

• chore: release 1.49.2 by @miparnisari in #2935
• chore: use correct logger in import logic by @tstirrat15 in #2937
• chore: walk postgres versions by @tstirrat15 in #2926
• chore: update versions in datastore support tags by @tstirrat15 in #2938
• chore: update grafana dashboards by @miparnisari in #2940
• refactor: remove metrics that are not useful or not written to by @miparnisari in #2941
• test(query): Add a new benchmark for wide arrows by @barakmich in #2927
• fix(query): fix arrow reversal tagging the subrelation incorrectly by @barakmich in #2943
• chore: use protovalidate interceptor instead of protoc-gen-validate interceptor by @tstirrat15 in #2863
• ci: add concurrency settings to workflows by @tstirrat15 in #2945
• chore: fix regression from #2912 - tracing in ReadSchema calls by @miparnisari in #2947
• chore: use dockerhub instead of gcr by @tstirrat15 in #2949
• chore: bump memory available to integration tests by @tstirrat15 in #2951
• feat(query): add a PlanAdvisor framework in place of StatisticsSource by @barakmich in #2928
• chore: add ctx to RevisionedReader.ReadSchema() by @miparnisari in #2952
• test: prevent duplicate metrics collector registration attempted by @miparnisari in #2957
• chore(datastore): expose GC interfaces, errors, and context proxy by @ecordell in #2942
• Update buf and use protovalidate by @tstirrat15 in #2596
• test: update test ObservableProxy so it runs faster by @miparnisari in #2960
• test: add tests for migrate command by @ivanauth in #2822
• test: add unit tests for consistency/forcefull.go by @ivanauth in #2916
• chore(deps): bump the github-actions group across 1 directory with 5 updates by @dependabot[bot] in #2939
• feat: add tracing to proto validation by @miparnisari in #2950
• chore: clean up all unused parameters by @mishto in #2931
• chore: pre-warm validator caches by @tstirrat15 in #2959
• fix: postgres revision compare for semi-disjoint overlapping transactions by @jakedt in #2958
• chore: add singleflightcheck analyzer to enforce context-aware singleflight by @josephschorr in #2954
• fix: bump to golang v1.25.8 by @barakmich in #2969
• refactor(query): add QueryDatastoreReader to act as an implementation shim for datastores by @barakmich in #2956
• chore: remove unused counting proxy by @miparnisari in #2967
• refactor: create new queryopt package to target query plan optimizations by @barakmich in #2970
• feat(qp): prune branches that cannot lead to the subject type of the … by @miparnisari in #2968
• chore(services): store observed counts in permissionsServer, add LR/LS flags by @barakmich in #2929
• fix: prevent panics in case of nils by @miparnisari in #2971

New Contributors

• @mishto made their first contribution in #2931

Full Changelog: v1.49.2...v1.50.0

Docker Images

This release is available at authzed/spicedb:v1.50.0, quay.io/authzed/spicedb:v1.50.0, ghcr.io/authzed/spicedb:v1.50.0

v1.49.2

Added

• feat(query planner): add recursive direction strategies, and fix IS BFS (#2891)
• feat(query planner): introduce query plan outlines and canonicalization (#2901)
• Schema v2: introduces support for PostOrder traversal in walk.go (#2761) and improve PostOrder walker cycle detection (#2902)

Changed

• Begin deprecation of library "github.com/dlmiddlecote/sqlstats" (#2904).
  NOTE: in a future release, MySQL metrics will change.
• Add support for imports and partials to the schemadsl package that drives the LSP and development server (#2919).
• Added support for CRDB 26.1 by fixing how version information is read from the cluster

Fixed

• enforce graceful shutdown on serve and serve-testing (#2888)
• Spanner metrics regression (#2329)
• improve streaming dispatch logging and observability (#2915)

What's Changed

• fix: enforce graceful shutdown on serve and serve-testing by @miparnisari in #2888
• feat: add recursive direction strategies, and fix IS BFS by @barakmich in #2891
• chore: rename all iterators to a consistent pattern by @barakmich in #2896
• chore: fix flake in parser tests by @tstirrat15 in #2897
• chore: remove addSubIterator and make iterators less mutable by @barakmich in #2898
• test: use synctest in some CRDB pool retry tests by @ivanauth in #2754
• test: fix race condition in TestRecursiveCheckStrategies by @vroldanbet in #2893
• feat: introduce support for schema PostOrder traversal by @vroldanbet in #2761
• fix(schemav2): improve PostOrder walker cycle detection by @vroldanbet in #2902
• chore: update grafana dashboard and docker-compose setup by @miparnisari in #2899
• test: add tests for health check service by @ecordell in #2468
• chore: add postgres docker-compose setup by @miparnisari in #2903
• chore: add partial support to schemadsl by @tstirrat15 in #2895
• style: run new go fix with modernizers by @jzelinskie in #2906
• chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in #2908
• chore(breaking): refactor typesystem by @miparnisari in #2876
• chore: add docker-compose for mysql and begin deprecating go_sql_* by @miparnisari in #2904
• chore: more lint fixes by @tstirrat15 in #2909
• chore: lint PR titles by @tstirrat15 in #2911
• chore: bump otel for CVE fix by @barakmich in #2913
• fix: spanner metrics regression by @vroldanbet in #2329
• test: fixup synctest usage in crdbpool by @tstirrat15 in #2910
• refactor: introduce datalayer abstraction, remove intermediate interfaces by @josephschorr in #2912
• fix(cluster): improve streaming dispatch logging and observability by @vroldanbet in #2915
• feat: introduce query plan outlines and canonicalization by @barakmich in #2901
• ci: enforce changelog by @miparnisari in #2764
• ci: unpin github actions related to go by @miparnisari in #2448
• refactor: remove dead code by @miparnisari in #2922
• chore: followup for canonical outlines by @barakmich in #2920
• test: reduce flakiness of RegisterRelationshipCountersInParallelTest by @tstirrat15 in #2820
• chore(query): replace UUIDs with canonical keys and add observers by @barakmich in #2923
• feat: Implement use import by @tstirrat15 in #2919
• chore(datastore): Change the DatastoreTester interface to take a testing.TB by @jakedt in #2925
• chore: add cockroachdb 26.1 to the matrix and modify version parsing by @tstirrat15 in #2907

Full Changelog: v1.49.1...v1.49.2

Docker Images

This release is available at authzed/spicedb:v1.49.2, quay.io/authzed/spicedb:v1.49.2, ghcr.io/authzed/spicedb:v1.49.2

v1.49.1

Highlights

• A fix for a low-severity GHSA in #2878

What's Changed

• fix: update IterSubjects for wildcards and Alias iterators for confomance by @barakmich in #2864
• ci: use arm runners in integration tests by @tstirrat15 in #2877
• fix: prevent panic on malformed cursor by @tstirrat15 in #2878
• fix: improve LR consistency and support multiple resourcetypes by @barakmich in #2875
• chore: add metrics and tests to all cache implementations by @miparnisari in #2874
• fix: query both subrelation and ellipses on arrows for IterResources by @barakmich in #2879
• chore(deps): bump the github-actions group with 5 updates by @dependabot[bot] in #2870
• feat: finish LR consistency tests with the fix to the recursive iterator by @barakmich in #2881
• fix: handle self keyword in warnings checks, and check these warnings are error-free in consistency by @barakmich in #2884
• fix: make sure that use self comes out of formatter when self is used by @tstirrat15 in #2885
• build: add new mustcallcheck analyzer and fix instances by @tstirrat15 in #2886
• chore: implement self in schemav2 by @tstirrat15 in #2887

Full Changelog: v1.49.0...v1.49.1

Docker Images

This release is available at authzed/spicedb:v1.49.1, quay.io/authzed/spicedb:v1.49.1, ghcr.io/authzed/spicedb:v1.49.1

v1.49.0

Highlights

Support for self keyword added to permissions

Previously, if you wanted to represent something like "a user should be able to view themselves," this required adding a relation to the schema and then writing a relation from the user to itself. We've added support for a self keyword in permissions that represents this directly, which reduces storage requirements, removes the need for a trip to the database, and removes a relationship that needs to be synced.
For more information, see the Docs and the PR: #2785

Experimental

Postgres Foreign Data Wrapper

In #2806, we added a new experimental command to SpiceDB that serves a Postgres Foreign Data Wrapper: spicedb postgres-fdw [flags].
If you configure your Postgres instance accordingly, it can speak to SpiceDB through the FDW as a proxy, allowing you to write queries like:

-- Check if user:alice has permission to view document:readme
SELECT has_permission
FROM permissions
WHERE resource_type = 'document'
  AND resource_id = 'readme'
  AND permission = 'view'
  AND subject_type = 'user'
  AND subject_id = 'alice';

You can now express checks and lookups as SELECTs and JOINs in your main application code, and you can read, write, and delete relationships using Postgres as the client.
For more information, see the documentation in the repo.

Warnings

• This feature is experimental. We'd welcome you trying it out and providing feedback, but it will likely change before its final GA'd form.
• This feature DOES NOT solve the Dual-Write Problem. You can make updates in the context of a Postgres transaction, but Postgres's FDW protocol doesn't support a two-phase commit semantic, which means there are still failure modes where a transactional write will land in SpiceDB but not Postgres or vice-versa.

Query Planner

This release includes the first experimental handle on our new Query Planner. If you run SpiceDB with the new --experimental-query-plan flag, SpiceDB will use the query planner to resolve queries.
This is mostly provided for the curious; there's still work to do on statistics sources and optimizations before we expect that it will provide performance benefits across most workloads.
We don't yet recommend turning on this flag in your system outside of experiments in your local or development environments. We'll continue work and let you know when it's ready for production.

Smaller Things

• A fix for cockroach's connection pooler where the pooler won't report itself as ready until all connections are ready to be used: #2766
• A fix for a segfault when providing datastore bootstrap files with caveats in them: #2784
• Touching an existing relationship and providing an empty expiration field will now clear an existing expiration value in CRDB and MySQL: #2796
• A fix for lexing Unicode characters in string literals in schemas: #2836
• We've deprecated datastore hedging, as it didn't provide performance gains and led to a less stable system: #2819
• There's a new --datastore-watch-change-buffer-maximum-size flag for the Watch API that determines how many changes SpiceDB will buffer in memory before it emits an error. This protects against OOMkills when the backing datastore fails to produce a checkpoint: #2859

What's Changed

• quic CVE fix in magefiles by @tstirrat15 in #2762
• ci: fix when benchmarks run by @miparnisari in #2759
• test: refactor GC and GC tests to be more reliable using synctest by @tstirrat15 in #2645
• chore: fix some testifylint issues by @tstirrat15 in #2768
• fix: Translate and preserve metadata in schema/v2 by @barakmich in #2767
• Reenable testifylint by @tstirrat15 in #2770
• fix: change crdb ready check to measure idle conns by @tstirrat15 in #2766
• chore: add context to test failure by @tstirrat15 in #2773
• fix(metrics): inverted values for pgxpool_max_conns{read} and pgxpool… by @miparnisari in #2772
• test: fix flaky TestExecuteRepair by @miparnisari in #2750
• Fixes for schema v2 conversion by @josephschorr in #2777
• Fix composable schema interactions with expiration feature by @tstirrat15 in #2780
• chore: improve error message when WriteRelationships has too many upd… by @miparnisari in #2781
• fix: segfault with datastore bootstrap files by @tstirrat15 in #2784
• fix: incorrect validation on WriteRelationships when using wildcard, … by @miparnisari in #2792
• chore: update datastore link in README by @cduruk in #2795
• fix(mysql,crdb): touch without expiration should remove the expiration by @miparnisari in #2796
• test: assert delete caveat by @miparnisari in #2797
• ci: fix docs update workflow by @miparnisari in #2798
• fix (migrate): Improve UX of error msg by @Meyazhagan in #2756
• chore(deps): bump the github-actions group across 1 directory with 10 updates by @dependabot[bot] in #2800
• ci: add more entries to codecov ignores by @miparnisari in #2799
• chore(deps): bump golang from 2611181 to ac09a5f in the docker group by @dependabot[bot] in #2789
• fix: issue with multiple imports leading to empty output by @tstirrat15 in #2804
• test: Set up integration testing to finish implementation of the iterator tree functionality by @barakmich in #2787
• feat: introduce evaluation analysis for query plans by @barakmich in #2774
• Support reading Composable Schemas from fs.FS by @drew-richardson in #2808
• feat: finish initial implementation of IterSubjects by @barakmich in #2809
• chore: use EmptyPathSeq() everywhere and NewLocalContext() for tests by @barakmich in #2811
• chore: improve metrics middleware test by @tstirrat15 in #2812
• chore: fix prealloc lints by @tstirrat15 in #2813
• chore: give more resources to wasm tests by @tstirrat15 in #2818
• chore: intersection lr implementation by @tstirrat15 in #2816
• chore: add exclusion lr operation by @tstirrat15 in #2815
• chore: add datastore LR implementation by @tstirrat15 in #2814
• chore: query arrow LR implementation by @tstirrat15 in #2817
• feat: add arrow reversal optimization by @barakmich in #2821
• chore: intersection arrow LR implementation by @tstirrat15 in #2823
• chore: add LR implementation for Relation iterator by @tstirrat15 in #2824
• chore: fix the combine operation for Expiration and Integrity paths by @barakmich in #2825
• chore: fix query plan alias iterator LR behavior by @tstirrat15 in #2826
• chore: fix query plan intersection arrow LR behavior by @tstirrat15 in #2827
• chore: fix wildcard subject agreement in datastore LR by @tstirrat15 in #2831
• feat: Initial implementation of the PostgresFDW by @josephschorr in #2806
• chore: fix datastore query behavior for LR by @tstirrat15 in #2830
• chore: remove datastore hedging by @tstirrat15 in #2819
• makes clearer pg timestamps should not be used for ordering txs by @vroldanbet in #2832
• fix: lexing utf-8 characters by @tstirrat15 in #2836
• Prepare for single stored schema by @josephschorr in #2805
• chore: update glibc by @tstirrat15 in #2839
• chore: fix gosec issues by @tstirrat15 in #2840
• chore: bump optgen to v0.2.3 by @ecordell in #2837
• feat: implement a proper BFS when doing IterSubjects/IterResources for recursive nodes by @barakmich in #2838
• chore: unhide the --experimental-query-plan flag by @barakmich in #2842
• feat: Add support for self keyword in schema for referencing a resource as a subject by @tstirrat15 in #2785
• feat(schema): add support for parent namespace in arrow information by @mazdakb in https://github....

v1.48.0

Added

• feat: add Memory Protection Middleware (enabled by default, use --enable-memory-protection-middleware=false to disable) by @miparnisari in #2691.
  ⚠️ Now, if your server's memory usage is too high, incoming requests may be rejected with code "ResourceExhausted" (HTTP 429).

Changed

• use FAILED_PRECONDITION for recursion depth errors by @tstirrat15 in #2729
• docs: improve description of some flags by @miparnisari in #2692
• Updated Go to 1.25.5 by @tstirrat15 in #2740

Fixed

• expose x-request-id header in HTTP Gateway responses by @Verolop in #2712
• error message when cannot run 'datastore gc' or 'datastore repair' by @miparnisari in #2609
• Postgres:
  • wire up missing revision timestamp on PG ReadWriteTx by @vroldanbet in #2725
• Spanner:
  • Watch API by @miparnisari in #2560
  • statistics by @miparnisari in #2745

Full Changelog: v1.47.1...v1.48.0

Docker Images

This release is available at authzed/spicedb:v1.48.0, quay.io/authzed/spicedb:v1.48.0, ghcr.io/authzed/spicedb:v1.48.0

v1.47.1

Highlights

• CVE Fix: Fixed a bug that would result in missing resources in LookupResources when certain permission structures are present (Checks were unaffected)
• Upgrade Go to latest version to fix CVE by @tstirrat15 in ttps://github.com//pull/2671

Fixed

• do not warn if requestid middleware errors due to ErrIllegalHeaderWrite by @miparnisari in #2654
• Spanner: "concurrent write to map error" in Watch API by @miparnisari in #2694
• Postgres: set missing fields in postgresRevision.MarshalBinary by @ostafen in #2708
• Postgres & MySQL: duplicate metrics error with read replicas (#2518) by @miparnisari in #2707

Updated

• Performance improvements for WriteSchema in #2697 and for ReadRelationships in #2632
• add docker compose setup with grafana dashboard by @miparnisari in #2616
• disable tracing of health check requests by @ivanauth in #2614

New Contributors

• @ostafen made their first contribution in #2708
• @ccoVeille made their first contribution in #2685

Full Changelog: v1.47.0...v1.47.1

Docker Images

This release is available at authzed/spicedb:v1.47.1, quay.io/authzed/spicedb:v1.47.1, ghcr.io/authzed/spicedb:v1.47.1

v1.46.2

Added

• relationship expiration is now on by default by @miparnisari in #2605
• add man page generation support by @ivanauth in #2595
• add fgprof wall-clock profiler by @vroldanbet in #2618
• CRDB: add write backpressure when write pool is overloaded by @ecordell in #2642
  • ⚠️ With this change, Write APIs now return ResourceExhausted errors if there are no available connections in the pool

Updated

• perf: significant improvements around LR3 dispatching by @josephschorr in #2587
• CRDB: move off experimental changefeed query by @miparnisari in #2617

Fixed

• properly rewrite errors for watch api by @miparnisari in #2640

New Contributors

• @luyi404 made their first contribution in #2593
• @rodneyosodo made their first contribution in #2601

Full Changelog: v1.46.0...v1.46.2

Docker Images

This release is available at authzed/spicedb:v1.46.2, quay.io/authzed/spicedb:v1.46.2, ghcr.io/authzed/spicedb:v1.46.2

v1.46.0

Fixed

• LR3 Fixes and Improvements by @josephschorr in #2570 and #2574
• propagate cancellation errors in consistency middleware by @tstirrat15 in #2581
• breakage of gRPC retries by @vroldanbet in #2577
  • ⚠️ With this change, if you use the zed CLI, you must update to the latest version (v0.33.0)
• Update README.md by @sohanmaheshwar in #2586
• fix: add flags to configure how to handle zedtokens meant for a different datastore by @josephschorr in #1723

Updated

• update telemetry guide by @emmanuel-ferdman in #2567
• perf: add trait filtering support to read relationships by @josephschorr in #2572
• metrics: register logical checks metric by default by @jzelinskie in #2575

New Contributors

• @emmanuel-ferdman made their first contribution in #2567
• @xlgmokha made their first contribution in #2528
• @sohanmaheshwar made their first contribution in #2586

Full Changelog: v1.45.4...v1.46.0

Docker Images

This release is available at authzed/spicedb:v1.46.0, quay.io/authzed/spicedb:v1.46.0, ghcr.io/authzed/spicedb:v1.46.0

v1.45.4

Added

• LookupResources v3, based on a new cursored iterator library by @josephschorr in #2451 and #2540

Changed

• update Go from 1.24.0 to latest 1.25.0 by @kartikaysaxena in #2539
• docs: revamp readme by @miparnisari in #2474
• remove deprecated OTEL interceptors by @vroldanbet in #2561
• perf: Add support in LookupSubjects for skipping caveats/expiration by @josephschorr in #2564

Fixed

• fix: improve the cluster error message when errors from all dispatchers by @josephschorr in #2543
• fix: handling of multiple metadata for a single revision in Watch by @josephschorr in #2563

Full Changelog: v1.45.3...v1.45.4

Docker Images

This release is available at authzed/spicedb:v1.45.4, quay.io/authzed/spicedb:v1.45.4, ghcr.io/authzed/spicedb:v1.45.4