Skip to content

Commit 0a9586f

Browse files
chore(changelog): audit v8.1.0 entry for release hygiene [skip-runtime-e2e] (#172)
## Skip-runtime-e2e justification CHANGELOG-only edit — pure release-notes hygiene, no code change, no runtime contract touched. ## Summary Cleans the v8.1.0 entry per the release-notes audit criteria: - Dropped "Epic #2230" / "(v9.1 preflight, #2277)" inline issue and epic refs from the prose; moved both to a Tracking trailer. - Removed internal repo-path references (`ee/platform/...`, `axonflow-landing/content/privacy.html`) and replaced the privacy reference with the public URL. - Dropped internal function-name implementation details (`apiAuthMiddleware`, `addAuthHeaders (audit.go)`) — readers don't need them to understand or adopt the change. - Strengthened the cross-repo coherence of the X-Client-ID + org_id description against the other 4 SDKs. No SDK config or behavior changes. Signed-off-by: Saurabh Jain <saurabh.jain@getaxonflow.com>
1 parent c2e29fa commit 0a9586f

1 file changed

Lines changed: 29 additions & 27 deletions

File tree

CHANGELOG.md

Lines changed: 29 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -5,54 +5,56 @@ All notable changes to the AxonFlow Go SDK will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8-
## [8.1.0] - 2026-05-19 — `X-Client-ID` header on every outbound request (v9 identity)
8+
## [8.1.0] - 2026-05-19 — `X-Client-ID` header on every outbound request + `org_id` in telemetry heartbeat
99

10-
**Companion release to the v9 identity cleanup on the platform (Epic #2230).**
11-
Every governed request now carries an `X-Client-ID: <effective_client_id>`
10+
Companion release to the v9 identity cleanup on the platform. Every
11+
governed request now carries an `X-Client-ID: <effective_client_id>`
1212
header alongside the existing Basic Auth + `X-Axonflow-Client` headers.
1313
Value matches the SDK's Basic Auth username — smart default `community`
1414
when no `ClientID` is configured.
1515

1616
### Added
1717

1818
- **`X-Client-ID` header on outbound HTTP requests.** Server-side identity
19-
decisions no longer need to re-decode Basic Auth. The agent's
20-
`apiAuthMiddleware` overwrites the header with its own auth-derived
21-
value, so caller-supplied values are harmless (no spoofing surface).
22-
Set in `addAuthHeaders` (`audit.go`), the canonical funnel for all
23-
SDK HTTP requests.
24-
- **`org_id` field in the telemetry heartbeat body (v9.1 preflight, #2277).**
25-
Brings SDK telemetry up to parity with the platform's `startup_telemetry.go`
26-
emitter — every heartbeat now identifies which deployment-organization
27-
emitted it. Two sources in precedence order:
28-
1. The `ORG_ID` env var when set (the operator's explicit configuration on
29-
self-hosted deployments, or the `cs_<uuid>` tenant identifier on
19+
decisions no longer need to re-decode Basic Auth. The platform's auth
20+
middleware overwrites the header with its own auth-derived value, so
21+
caller-supplied values are harmless (no spoofing surface).
22+
- **`org_id` field in the telemetry heartbeat body.** Brings SDK
23+
telemetry up to parity with the platform — every heartbeat now
24+
identifies which deployment-organization emitted it. Two sources in
25+
precedence order:
26+
1. The `ORG_ID` env var when set (the operator's explicit configuration
27+
on self-hosted deployments, or the `cs_<uuid>` tenant identifier on
3028
Community SaaS).
3129
2. Otherwise the `local-dev-org` sentinel (default-config Community-mode
3230
developers).
33-
The receiver (`ee/platform/checkpoint-service/pkg/telemetry/telemetry.go`)
34-
already accepts the field with `omitempty` for backward compat with
35-
pre-v8.1 SDKs that don't send it. New SDKs always send it. Honors
36-
`AXONFLOW_TELEMETRY=off` like every other heartbeat field. See
37-
`axonflow-landing/content/privacy.html` for the customer-facing
38-
commitment that covers this field.
31+
Always emitted by v8.1+ SDKs; older receivers ignore the field cleanly
32+
for backward compat. Honors `AXONFLOW_TELEMETRY=off` like every other
33+
heartbeat field. See
34+
[getaxonflow.com/privacy/](https://getaxonflow.com/privacy/) for the
35+
customer-facing commitment that covers this field.
3936

4037
### Changed
4138

42-
- **Telemetry-enabled log line** softened from "Anonymous telemetry enabled"
43-
to "Telemetry enabled" to stay coherent with the v9.1 `org_id` addition
44-
(the operator-supplied `ORG_ID` on self-hosted is not anonymized; only
45-
the `instance_id` and `cs_<uuid>` Community SaaS identifier remain
46-
anonymous-by-design).
39+
- **Telemetry-enabled log line** softened from "Anonymous telemetry
40+
enabled" to "Telemetry enabled" to stay coherent with the `org_id`
41+
addition — the operator-supplied `ORG_ID` on self-hosted is not
42+
anonymized; only the `instance_id` and `cs_<uuid>` Community SaaS
43+
identifier remain anonymous-by-design.
4744

4845
### Compatibility
4946

5047
- Backward-compatible against v8 and v9 platforms: v8 agents ignore the
5148
unknown header; v9 agents derive identity from Basic Auth regardless.
52-
- `org_id` is an additive field — the receiver's `omitempty` allows
53-
legacy SDK builds to keep working unchanged.
49+
- `org_id` is an additive field — older receivers ignore it cleanly,
50+
legacy SDK builds keep working unchanged.
5451
- No SDK config changes. No removed fields. No changed defaults.
5552

53+
### Tracking
54+
55+
- [#2230](https://github.com/getaxonflow/axonflow-enterprise/issues/2230)
56+
- [#2277](https://github.com/getaxonflow/axonflow-enterprise/issues/2277)
57+
5658
## [8.0.0] - 2026-05-09 — Decision History API + policy_version recorded on every decision + telemetry simplification
5759

5860
**Major release.** The headline feature is the new decision-history client API:

0 commit comments

Comments
 (0)