Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.6.0] - 2026-03-21

Added

  • External Schema References: Schema definitions can now reference external TypeScript/JavaScript files via the src attribute
    • Enables single-source-of-truth patterns where TypeScript schemas drive both frontend types and Rhales validation
    • Path resolution relative to template file with security checks to prevent path traversal
    • Rake task output now shows inline vs external schema sources
    • Example: <schema src="schemas/user.schema.ts" lang="js-zod" window="__USER__">
  • Multi-directory Schema Search: New schema_search_paths configuration option
    • Allows searching multiple directories for external schema files
    • Resolution order: template-relative first, then search paths in order
    • Security checks apply to all configured paths
  • tsx Import Mode: New bundling mode for external schemas with imports
    • schema_use_tsx_import = true enables esbuild bundling
    • schema_tsconfig_path allows custom TypeScript configuration
    • Externalizes zod to prevent dual-instance issues
    • Cross-platform file:// URL support for Windows ESM compatibility
  • Production Logging: Structured logging via Rhales.logger= for security auditing and debugging
    • View rendering events with template details, timing, and hydration size
    • Schema validation warnings for production debugging (missing/extra keys)
    • Error logging with line numbers and section context
    • Security events: unescaped variable warnings, CSP nonce generation
    • Performance logging: template compilation, cache behavior, partial resolution
  • Window collision detection prevents silent data overwrites when multiple templates use the same window attribute
  • Explicit merge strategies (shallow, deep, strict) for controlled data sharing between templates
  • HydrationCollisionError with detailed error messages showing file paths and line numbers
  • HydrationRegistry for thread-safe tracking of window attributes per request
  • merge_strategy method on RueDocument to extract merge attribute from data elements
  • JavaScript merge functions for client-side data composition
  • Comprehensive test coverage for collision detection and merge strategies

Changed

  • Ruby 3.4+ required (was 3.3.4) - aligns with current LTS ecosystem; no Ruby 3.3 features relied upon, but 3.4 is recommended for YJIT improvements and json_schemer performance
  • Updated zod to 4.3.6
  • Relaxed json_schemer dependency from ~> 2.3 to ~> 2
  • Replaced json-schema gem with json_schemer for better JSON Schema Draft 2020-12 support
  • Improved validation error messages with more structured output from json_schemer
  • Validation performance improved to <0.05ms average (was ~2ms with json-schema)

Removed

  • Unused HydrationRegistry.clear! method

Security

  • Window collision detection prevents accidental data exposure by making overwrites explicit
  • All merge operations happen client-side after server-side interpolation and JSON serialization
  • Request-scoped registry prevents cross-request data leakage

[0.1.0] - 2025-07-21

Added

  • Initial release of Rhales
  • Ruby Single File Components (.rue files) with server-side rendering
  • Client-side data hydration with secure JSON injection
  • Handlebars-style template syntax
  • Pluggable authentication adapters
  • Framework-agnostic design with Rails and Roda examples
  • Comprehensive test suite