dimgigov
4e7e568525
release: v1.1.0 — bug fixes, Docker, clients, SCRAM auth
...
- Bump version to 1.1.0 across all components
- Remove debug CI artifacts (debug.yml, test_all.nim.bak, test_lock)
- Update CHANGELOG with v1.1.0 release notes
- Bug fixes: irNeg, distributed txn, sharding, Raft majority, MVCC,
LSM-Tree, auth (JWT + SCRAM-SHA-256), wire protocol, SQL injection,
ReDoS, graph, vector, FTS, build warnings
- Client SDKs: JS/TS, Python, Nim, Rust with tests and examples
- Docker: production + source + test compose configs
- TLA+: crossmodal, backup, recovery specs with symmetry reduction
2026-05-13 15:05:59 +03:00
dimgigov
ac55237b72
feat: real SCRAM-SHA-256 authentication (Option C)
...
Security:
- New scram.nim module with full SCRAM-SHA-256 per RFC 7677
* PBKDF2-HMAC-SHA-256 key derivation
* HMAC-SHA-256 with multiple overloads for bytes/strings
* Secure nonce/salt generation via /dev/urandom
* Client/server message parsing and proof verification
AuthManager updates:
- registerScramUser(): stores salted credentials (salt + iterations + storedKey + serverKey)
- startScram(): initiates challenge-response handshake
- finishScram(): verifies client proof and returns server signature
- Legacy amSCRAMSHA256 path kept for backward compatibility
HTTP endpoints:
- POST /auth/scram/start — accepts client-first-message, returns server-first
- POST /auth/scram/finish — accepts client-final-message, returns server-final
Tests:
- SCRAM-SHA-256 full handshake test (register → start → compute proof → finish)
- SCRAM-SHA-256 invalid proof rejection test
Build: 0 warnings, all tests pass
2026-05-13 09:50:07 +03:00
dimgigov
8d39d633cf
chore: update version strings to v1.0.0 in Docker and Nim code
...
- Dockerfile, Dockerfile.source: LABEL version=1.0.0
- Dockerfile.source: update Nim base image 2.2.2 -> 2.2.10
- src/baradadb.nim, src/barabadb/core/httpserver.nim: v0.1.0 -> v1.0.0
- Rebuild baradadb binary with v1.0.0
2026-05-07 22:06:04 +03:00
dimgigov
c8633b9589
fix: non-blocking replication/disttxn timeouts, OTLP epoch time, test paths, compiler warnings
2026-05-07 15:41:33 +03:00
dimgigov
d3b38251c3
update core modules and project config
2026-05-07 15:16:40 +03:00
dimgigov
651375a156
feat: production hardening — JWT security, WAL reader, tracing, 2PC real RPC, stress test fix
...
- JWT: getEffectiveJwtSecret() helper + warning log when not configured
- WAL: readEntries() with timestamp filter for PITR
- Tracing: core/tracing.nim with span recording + executeQuery integration
- 2PC: real TCP RPC via sendDistTxnRpc (host='' = local fallback)
- Stress test: updated comment, 10K ops confirmed with internal locks
- SSTable metadata comments clarified (offsets patched correctly)
- addParticipant has default params (host='', port=0)
2026-05-07 13:31:29 +03:00
dimgigov
29425c45f8
Add WebSocket auth — JWT token validation on WS upgrade handshake
...
- websocket.nim: check Authorization Bearer token before WebSocket upgrade
- httpserver.nim: pass config + jwtSecret to WsServer
2026-05-07 00:38:38 +03:00
dimgigov
b65b066c36
Fix auth wiring: HTTP + TCP wire protocol authentication
...
- httpserver.nim:
- Use config.jwtSecret instead of hardcoded default
- Enforce auth on /query, /tables, /metrics when authEnabled=true
- /auth endpoint now validates password against jwtSecret
- server.nim:
- Add TCP wire protocol auth (mkAuth message)
- Reject queries with 401 until client authenticates with valid JWT
- wire.nim: Add makeAuthOkMessage, makeAuthChallengeMessage, parseAuthMessage helpers
2026-05-07 00:21:00 +03:00
dimgigov
b6cdf8c88e
Add Docker deployment support with compose, entrypoint and docs
...
- Add Dockerfile (pre-built binary) and Dockerfile.source
- Add docker-compose.yml, docker-compose.prod.yml, docker-compose.override.yml
- Add docker-entrypoint.sh with non-root user support
- Add .dockerignore and helper scripts (scripts/docker-build.sh, scripts/docker-run.sh)
- Add docs/en/docker.md with full Docker guide
- Update docs/en/deployment.md and README.md
- Fix src/barabadb/core/config.nim to read BARADB_ADDRESS, BARADB_PORT, BARADB_DATA_DIR from env
- Fix src/barabadb/core/httpserver.nim missing wire import
2026-05-06 23:58:43 +03:00
dimgigov
9b7ed1fca8
chore: change default ports to non-standard ones (9472, 9470, 9471)
2026-05-06 23:23:29 +03:00
dimgigov
f9f77b3a18
feat: production blockers — JOINs, deadlock detection, TLS, parameterized queries
...
- JOIN execution: INNER/LEFT/RIGHT/FULL/CROSS with column disambiguation
- Deadlock detection: wait-for graph wired into TxnManager.write()
- TLS/SSL: OpenSSL via std/net for TCP wire protocol, auto self-signed certs
- Parameterized queries: ? placeholders with WireValue binding
- Wire protocol: mkQueryParams message support
- HTTP /query endpoint accepts JSON params array
- Nim client: query(sql, params) overload
- Tests: 262 passing (15 new)
All PLAN.md production blockers resolved.
2026-05-06 16:42:53 +03:00
dimgigov
856a07c030
feat: HTTP server in main entry point + background compaction scheduling
...
- baradadb.nim now starts both TCP wire protocol and HTTP REST servers
- HTTP server runs in background thread via hunos on port TCP+440
- WebSocket server auto-starts on HTTP port + 1
- CompactionManager with background async loop (default 60s interval)
- CompactionStrategy wired to LSMTree SSTables
- Fixed forward declaration for lowerExpr in executor.nim
- 216 tests passing
2026-05-06 14:23:13 +03:00
dimgigov
f135d8c61d
feat: wire WebSocket broadcast, CHECK constraints, VIEW persistence, migration tracking
...
- WebSocket: WsServer wired to HttpServer via ExecutionContext.onChange
- INSERT/UPDATE/DELETE now broadcast to subscribed WebSocket clients
- CHECK constraints: evaluate AST expressions via evalExpr(lowerExpr())
- Works on both INSERT and UPDATE paths
- VIEW persistence: CREATE VIEW stores to LSM-Tree, restoreSchema loads views
- Migration tracking: APPLY MIGRATION marks applied with _schema:migrations:applied:<name>
- Update PLAN.md honesty for WebSocket, CHECK, Views, Migrations
- 216 tests passing
2026-05-06 14:12:52 +03:00
dimgigov
675ab26a6e
feat: Phase 5-6 — CREATE VIEW, migrations, deadlock detection, JSON logging, admin UI
...
Phase 5 — ERP Features:
- CREATE VIEW name AS SELECT ... — parser + executor with view expansion
- DROP VIEW — parser + executor
- CREATE MIGRATION name AS 'sql' — parser + executor, stored in LSM-Tree
- APPLY MIGRATION name — parser + executor, replays stored migration SQL
- Views table in ExecutionContext, expanded on SELECT FROM view
Phase 6 — Production Readiness:
- Deadlock detection: timeout-based auto-abort for stale transactions (30s default)
- TxnManager.txnTimeoutMs configurable
- Structured JSON logging module (logging.nim) with levels: debug/info/warn/error
- Admin dashboard Web UI at GET /admin — SQL playground, schema browser, metrics
- Dark theme HTML/CSS with tabs
Lexer: added tkView, tkMigration, tkApply tokens
Parser: parseCreateView, parseDropView, parseCreateMigration, parseApplyMigration
AST: nkCreateView, nkDropView, nkCreateMigration, nkApplyMigration nodes
All 216 tests pass
2026-05-06 13:54:16 +03:00
dimgigov
1fb715a1d4
feat: integrate hunos web server + jwt-nim-baraba + real WAL recovery + compaction
...
HTTP Server:
- Replaced asynchttpserver with hunos (multi-threaded, trie router, CORS middleware)
- JWT authentication via jwt-nim-baraba (HS256 with BearSSL crypto)
- POST /query, GET /health, GET /metrics, POST /auth, GET /api (OpenAPI spec)
- Proper CORS headers via hunos corsMiddleware
WAL Recovery:
- recover() now actually applies committed entries (REDO)
- Skips uncommitted entries (UNDO)
- Takes optional LSMTree parameter to apply recovery
SSTable Compaction:
- Real compaction: reads SSTable entries, merges by key (newest wins), writes merged file
- Deduplication: keeps only newest version per key
- Tombstone cleanup: removes deleted entries
- Old SSTable files deleted after merge
Dependencies:
- Added hunos >= 1.2.0 and jwt >= 2.1.0 to nimble
SSTable fields exported for compaction access.
All 216 tests pass
2026-05-06 13:42:37 +03:00
dimgigov
a7e274d846
feat: major improvements — FK, CHECK, CREATE INDEX, rate limiter, CORS, GROUP BY
...
Executor:
- FOREIGN KEY enforcement: checks referenced row exists on INSERT
- Type enforcement: INTEGER, FLOAT, BOOLEAN, TIMESTAMP validated
- GROUP BY execution: actual row grouping with count(*) aggregation
- WebSocket broadcast: onChange callback wired into INSERT/UPDATE/DELETE
- CREATE INDEX handler: creates B-Tree index + populates from existing data
- ALTER TABLE ADD COLUMN: actually adds column to table definition
- LIKE evaluation with regex pattern matching
- FK metadata stored in ColumnDef (fkTable, fkColumn)
Parser:
- CREATE INDEX / CREATE UNIQUE INDEX parser added
- ALTER TABLE now parses ADD COLUMN with type
HTTP Server:
- Rate limiter wired (token bucket per client IP)
- CORS headers on all responses (Allow-Origin: *, OPTIONS preflight)
- 429 Too Many Requests when rate limit exceeded
All 216 tests pass
2026-05-06 12:23:11 +03:00
dimgigov
5cb26ca74d
fix: major bug audit + fixes — honest PLAN.md
...
Critical bugs fixed:
- SELECT now returns actual row data (was returning empty arrays)
- WHERE filter evaluation now works (was pass-through stub)
- ORDER BY sorting now works (was no-op)
- UPDATE execution implemented (was no-op stub)
- DELETE uses WHERE filter (was key-match only)
- B-Tree point reads return actual row data (was returning count only)
- EXPLAIN returns plan string (was computed then discarded)
- UNIQUE constraint uses B-Tree index (was memtable scan only)
- DEFAULT values work for int/bool/float (was string-only)
- HTTP /query returns real JSON rows with columns
- Docker healthcheck uses wget (Alpine has no curl)
Updated PLAN.md with honest status:
- Marked what's truly done vs stub vs not implemented
- Honest score: 8/10 (not 9.5/10)
- Clear list of what actually works in production
All 216 tests pass
2026-05-06 11:55:43 +03:00
dimgigov
775703e008
feat: Phase 3 — HTTP REST API + JWT auth + Prometheus metrics
...
- New HTTP server (core/httpserver.nim) with async HTTP/1.1
- POST /query — execute SQL, return JSON
- GET /health — readiness/liveness probe
- GET /metrics — Prometheus-format counters
- JWT bearer token auth via Authorization header
- Per-request MVCC transaction context isolation
- Fixed B-Tree index mutable access in executor
- All 216 tests pass
2026-05-06 11:28:09 +03:00