Release Explorer
- Current release
- Release - 10/10/2025
- Release - 11/10/2025
- Release - 12/10/2025
- Release - 13/10/2025
- Release - 14/10/2025
- Release - 15/10/2025
- Release - 16/10/2025
- Release - 17/10/2025
- Release - 18/10/2025
- Release - 19/10/2025
- Release - 20/10/2025
- Release - 21/10/2025
- Release - 22/10/2025
- Release - 23/10/2025
- Release - 24/10/2025
- Release - 25/10/2025
- Release - 26/10/2025
- Release - 27/10/2025
- Release - 28/10/2025
- Release - 29/10/2025
- Release - 30/10/2025
- Release - 31/10/2025
- Release - 01/11/2025
- Release - 02/11/2025
- Release - 03/11/2025
- Release - 04/11/2025
- Release - 05/11/2025
- Release - 07/11/2025
- Release - 07/11/2025
- Release - 08/11/2025
- Release - 09/11/2025
- Release - 10/11/2025
- Release - 11/11/2025
- Release - 12/11/2025
Release Notes
Overview
This release includes comprehensive backend improvements and features across multiple Node.js microservices within the "FirstMate" platform. Key highlights include enhanced fine-grained access control middleware integrating JWT and JWKS validation, robust organizational onboarding and subscription management with Stripe, repository enable/disable and refresh APIs tightly coupled with external systems, asynchronous command dispatch via Redis Streams, and advanced AI agent API endpoints leveraging language models for branch naming and question answering. The design emphasizes security, multi-tenancy, contextual identity propagation, and operational observability.
New Features
- Added AI-driven change request branch naming API integrating GPT-based LLM with retry and token-counting.
- Introduced internal command execution API for provider-related commands with permission enforcement.
- Implemented AI question-answering endpoint providing categorized dialog management over organizational code data and Langchain embeddings.
- Added asynchronous repository analysis command endpoint, dispatching tasks into Redis Streams with enriched IAM context.
- Created repository enable/disable and refresh endpoints that coordinate with external Git Manager services and send async processing messages.
- Developed onboarding status endpoint reporting scan initiation status based on action logs.
- Introduced organization onboarding endpoint that validates org names, provisions Stripe subscriptions, creates API keys, and sets default roles.
- Added API endpoints and workflows for managing integration providers and organizational access rights, including async initialization of document providers via service bus.
Improvements / Changes
- Enhanced the central
grantAccessByPermissionMiddlewarewith:- Support for public, organizational, and provider-level permission models.
- Dynamic JWT validation using JWKS with caching.
- Continuation Local Storage (CLS) based IAM context propagation across async boundaries.
- Detailed application error codes and enriched structured logging with request, user, and org details.
- Special handling for permissions prefixed with
FIRSTMATEenabling platform-specific logic.
- Refactored error handling to uniformly throw
ApplicationErrorwith codes, supporting consistent client responses. - Applied continuation-local storage for contextual logging and permission enforcement across all request flows.
- Modularized repository and service layers abstracting MongoDB access and external API clients.
- Improved security by parsing JWT
subclaims for multi-part provider identifiers (e.g.,auth0|userid). - Added wildcard pattern matching with regex transformations for repository enablement filtering.
- Configured Axios HTTP clients with centralized base URLs and headers for external API interactions.
- Enhanced logging to capture detailed Axios error responses and propagate contextual identity info.
- Adopted asynchronous operations with concurrency control in repository state updates and external API calls.
- Introduced retry logic with exponential backoff for external LLM invocations.
- Implemented standardized permission enums for clear enforcement and readability.
- Improved request ID extraction with defaults to track request-scoped actions reliably.
Bug Fixes
- Fixed potential race conditions in access rights update by using atomic MongoDB update operators.
- Resolved error propagation issues in async middleware by consistent use of try/catch forwarding to
next. - Addressed edge cases in token validation by handling missing or malformed tokens gracefully.
- Fixed document provider initialization sequencing to reliably enqueue async messaging on addition.
Technical / Developer Notes
- The middleware
grantAccessByPermissionMiddlewareis a key security layer that must be applied on all protected API routes to maintain consistent access control. - CLS namespaces provide a transparent way to access IAM context (user ID, org ID, provider info) in downstream services and logging without parameter passing.
- JWT token verification uses a combination of the
jsonwebtokenlibrary and JWKS key retrieval via thejwks-rsaclient dynamically. - Redis Streams (
xAdd) are used as a reliable service bus mechanism for dispatching asynchronous commands across organizational channels. - The backend integrates with Stripe APIs for subscription creation and validation, critical for enforcing SaaS feature gating.
- External integrations include Git Manager API and Integration Manager API accessed via Axios clients.
- Logging employs
pinowith custom serializers that incorporate Action IDs, organization names, and user IDs for observability. - AI agent services use Langchain prompt templates loaded dynamically from markdown files, with facilities for structured output parsing and retry.
- MongoDB collections leveraged extensively include
users,providers,organisations,repos, andactions, with ObjectId references encapsulated in repository patterns. - Permission checks support wildcard "ALL" for administrative overrides and granular array-based role permissions.
- Endpoint protection differentiates between public endpoints, internal endpoints (marked with
INTERNAL_ENDPOINTpermission), and standard secured endpoints. - Developers extending or maintaining this platform should familiarize themselves with the layered architecture: middleware → controller → services → repositories → external APIs.
Breaking Changes
- None identified in this release.
Acknowledgements / Contributors
- Thanks to all contributors enhancing security, observability, and AI integration capabilities across the "FirstMate" platform backends!
These release notes reflect a significant evolution in backend services focused on secure, scalable, and user-context-aware multi-tenant SaaS infrastructure combined with AI-powered developer productivity enhancements.