v2.3.4

Full Changelog: v2.3.3...v2.3.4

v2.3.0

EventLens v2.3

EventLens v2.3 is a major security and operations upgrade focused on making the platform safer to share across teams, easier to deploy, and more production-ready without losing the lightweight debugging workflow.

Highlights

First-run setup wizard

Fresh instances now guide operators through initial security setup instead of assuming a preconfigured environment.

You can choose between:

• OIDC / SSO
• Basic Auth
• Local development / no auth

Setup is written to config and applied on restart, which keeps authentication mode an operator decision rather than a per-user runtime choice.

OIDC and browser sessions

EventLens now supports OIDC-based login with server-side opaque sessions for browser users.

This includes:

• secure session cookies
• CSRF protection
• OIDC state validation
• redirect safety checks
• session rotation and timeout handling

RBAC and scoped authorization

EventLens now has a real authorization model rather than simple “in or out” access.

This release adds:

• role-based access control
• permission checks with explicit deny reasons
• source-scoped access
• aggregate-type-aware authorization where applicable

Masking and PII reveal flow

Sensitive payload data is now protected by default.

This release adds:

• masked reads across core event inspection paths
• masked exports by default
• explicit reveal-with-reason flow for sensitive data
• reveal auditing for accountability

API keys

Machine access is now first-class.

This release adds:

• API key creation and revocation
• one-time raw key display
• stored hashed keys only
• RBAC-aligned key scopes
• audit coverage for key administration

Metadata-backed audit and admin visibility

Audit is no longer just a file output path.

This release adds:

• metadata-backed audit storage
• recent audit API access
• admin UI visibility for security operations
• permissioned audit access

Security admin workspace

The UI now includes a minimal admin/security workspace for:

• recent audit visibility
• API key management
• clearer access-denied and unavailable states

Hardening and production guardrails

This release tightens deployment safety and observability.

It includes:

• production config validation
• metadata-aware readiness checks
• security metrics
• startup guardrails for unsafe configurations
• updated example config and security docs

Infrastructure and build improvements

This release also includes build and CI improvements:

• faster Gradle builds with caching, configuration cache, and parallel execution
• improved CI Gradle caching via setup-gradle
• corrected UI build dependency wiring
• container runtime moved off Alpine to a Jammy-based Temurin image for better compatibility with native-dependent libraries

Upgrade notes

• Review your config against the updated examples before upgrading.
• If you use containerized deployments, prefer rebuilding from the updated Dockerfile/runtime image rather than reusing older Alpine-based images.
• If you want to re-run first-time setup on an instance, use the provided setup reset workflow/script.

Known notes

• TypeScript 6 frontend dependency upgrades are intentionally not part of this release due to current typescript-eslint compatibility constraints.
• Existing manually configured instances remain supported; the setup wizard is intended for fresh or explicitly reset instances.

Thanks

Thanks to everyone who tested the security flows, container runtime changes, and setup experience during this cycle.

v2.2.0

EventLens v2.2.0

This release delivers the v4 milestone. The focus is better investigation workflow, stronger multi-datasource behavior, improved replay and comparison tooling, and a real browser/test gate for release confidence.

Highlights

• Added source-aware statistics across the backend API and UI
• Added replay debugger improvements, including auto replay and compare-aware stepping
• Restored the horizontal grouped timeline model while keeping the newer performance work
• Added worker-backed JSON diffing for state comparison
• Added command palette navigation and keyboard workflow improvements
• Improved live stream resilience with buffered WebSocket delivery
• Added aggregate drill-in from live stream and anomaly panels
• Restored key workspace/header signals such as API, Events, and Uptime
• Added Playwright E2E coverage and accessibility/browser-gate scaffolding
• Fixed packaging so Postgres and MySQL plugins are both discoverable in the app jar

Backend

• Added source-aware statistics SPI, routes, and provider implementations
• Added stronger integration coverage for exports and source-aware panels
• Stabilized WebSocket integration tests around burst/backpressure behavior
• Fixed service descriptor packaging for multi-datasource plugin loading

Frontend

• Timeline remains horizontal and grouped, with compare selection and direct navigation
• Replay debugger now supports auto replay intervals: 2s, 3s, 5s, 10s
• Replay controls handle compare mode explicitly instead of silently fighting diff state
• Statistics panel now includes return navigation to the main workspace
• Command palette now includes main-page navigation
• Aggregate selection from live stream and anomaly views now opens the main investigation flow
• Accessibility fixes landed for search, workspace controls, timeline semantics, and state viewer/test coverage

Verification

Release-style verification was run with:

• ./gradlew.bat check

Browser/E2E coverage is included through:

• ./gradlew :eventlens-ui:npmTestE2e

What's Changed

• V4 by @AlphaSudo in #37

Full Changelog: v2.1.0...v2.2.0

v2.1.1

What's Changed

• chore(deps): bump the java-dependencies group with 7 updates by @dependabot[bot] in #34
• chore(deps): bump the frontend-dependencies group in /eventlens-ui with 4 updates by @dependabot[bot] in #35

Full Changelog: v2.0.0...v3.0.0

v2.1.0 - Prism

EventLens v2.1 is a major architecture and UX release focused on multi-source debugging, plugin extensibility, and safer operational workflows.

This release introduces a real plugin system for event sources and stream adapters, allowing EventLens to support multiple datasource instances at once instead of being tied to a single PostgreSQL connection. Built-in support now includes PostgreSQL, MySQL, and Kafka, with external plugin loading available through the SPI and plugin directory.

The API and UI were updated to become source-aware. Users can switch between configured datasources directly in the UI or via ?source=, and the app now handles degraded connectors more gracefully. Timeline queries also gained a metadata-only mode, which reduces payload size and supports lazy loading for heavier event views.

v2.1 also adds stronger release readiness around the core platform:

plugin contract tests for sources and streams
config migration and backward-compatibility support
query caching and performance tuning
docs for plugin authors and release readiness
verification scripts and smoke checks for the v2.1 rollout
In short, v2.1 turns EventLens from a single-source debugger into a plugin-driven, multi-source debugging platform that is ready for future expansion.

v2.0.0 - Bedrock

EventLens v2.0.0 focuses on production hardening with no net-new product features.
This release is about reducing security risk, preventing downtime, and improving operational stability.

Highlights

• Security hardening across configuration, request handling, and data protection:

  • Environment variable interpolation in config
  • Startup config validation
  • Security headers, CORS hardening, and rate limiting
  • Input validation and SQL injection safeguards
  • Optional OIDC support
  • Audit logging and basic PII masking

• Performance and scalability upgrades:

  • Cursor (keyset) pagination for deep result sets
  • HikariCP connection pool tuning
  • Query timeout enforcement
  • Response compression
  • ETag/conditional GET support
  • Async export flow

• Reliability and resilience improvements:

  • Circuit breaker integration (Resilience4j)
  • Graceful shutdown behavior under load
  • Liveness/readiness health endpoints

• Observability and API maturity:

  • Prometheus metrics endpoint
  • Structured JSON logging with request correlation IDs
  • API versioning (/api/v1/*)
  • OpenAPI 3.1 specification support

• Frontend and deployment readiness:

  • Bookmarkable URLs with persisted state
  • JSON syntax highlighting and folding
  • Better loading/error handling
  • Multi-arch Docker image (amd64 + arm64)
  • Basic Helm chart
  • Expanded test infrastructure (OpenAPI contract tests, k6 load tests, dependency vulnerability scanning)

Outcome

• Overall quality baseline improved significantly across major dimensions:
  • Average score moved from 1.9 (v1) to 4.3 (v2)
• Backward compatibility preserved:
  • v1 routes redirect to v2 where applicable
• Scope discipline maintained:
  • No feature expansion beyond hardening and production safety goals

Notes

• Version: 2.0.0
• Codename: Bedrock
• Theme: production safety and operational resilience

v1.0.0 - Initial Release

production-ready: apply all code review improvements

Security:
- Add API request limit caps (MAX_LIMIT=1000) on all list endpoints
- Add HTTPS warning for Basic Auth in README and Security section
- Add CORS warning comment to K8s ConfigMap wildcard origin

Performance:
- Replace long[] polling position with AtomicLong in LiveTailWebSocket
- Use shared JsonUtil.mapper() in ExportEngine instead of per-instance ObjectMapper

Architecture:
- PgEventStoreReader now implements AutoCloseable for try-with-resources support
- Replace System.out emoji in ServeCommand with SLF4J log statements

Docker / Kubernetes:
- Remove obsolete 'version: 3.8' from docker-compose.yml
- Add app container health check (curl /api/health) to docker-compose.yml
- App now waits for postgres+kafka health before starting (condition: service_healthy)
- Add K8s resource limits/requests (cpu: 100m-500m, memory: 256Mi-512Mi)
- Add K8s readiness + liveness HTTP probes targeting /api/health
- Change imagePullPolicy from Always to IfNotPresent

Project files:
- Add LICENSE (MIT)
- Add CHANGELOG.md (v1.0.0 release notes)
- Add CONTRIBUTING.md (build, test, code-style, PR guide)
- Remove unused Dockerfile.runtime

Documentation (README):
- Update docker-compose commands to modern 'docker compose' (no hyphen)
- Document health-check startup delay for first run (~15-30s)
- Add HTTPS requirement note for Basic Auth
- Document 1,000 record API limit with pagination guidance
- Add Project Info table linking LICENSE, CHANGELOG, CONTRIBUTING, example config