All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
The library major aligns with the Spring Boot major: 4.x.y targets Spring Boot 4.x.
한국어: CHANGELOG.ko.md
First public release.
v* tag). release.yml publishes the artifacts and opens a GitHub Release.devslab.kit.cache.type = in-memory /
redis / none. The Redis backend owns JSON serialization (no Serializable,
no serializer wiring), and the per-user menu cache now rides this shared cache
manager instead of its own map.devslab.kit.bootstrap.* (OFF by default) idempotently creates a tenant, a
PLATFORM_ADMIN role with the full admin.* permission set, and one admin
user on first boot. A blank password generates a strong random one logged
once; a prod safety pin refuses a weak password under a prod/production
profile.must_change_password flag (V11) on the user
account, surfaced through CurrentUser, the JWT claim, and the login
response. Self-service POST /admin/api/v1/auth/change-password verifies the
old password, sets the new one, clears the flag, and re-issues a token.GET /admin/api/v1/bootstrap/status
returning { initialized: boolean }, the branch point for a future guided
first-run / setup wizard (ADR 0001 §6).Clock — JjwtAuthTokenService.parse()
validated token expiry against the real system clock instead of the injected one,
making validation untestable with a fixed clock and asymmetric with issue().
Production behaviour is unchanged (the runtime uses Clock.systemUTC() on both
paths).sample-app switched off its SampleSeedRunner onto the starter’s
devslab.kit.bootstrap.* runner (local-dev shape: admin/admin,
must-change-password=false).kr.devslab.kit.devslab-kit-core, -{identity,access,tenant,menu,audit}-{api,core},
-autoconfigure, -spring-boot-starter, -sample-app.UserId, TenantId, RoleId, PermissionId, MenuId, PublicId,
DevslabKitException.TenantContext, TenantContextHolder, TenantResolver, TenantMode (api) +
DefaultTenantContextHolder, FixedTenantResolver (core). The one fully wired vertical
used to prove the AutoConfig override pattern.CurrentUser, CurrentUserProvider, UserStatus, LoginCommand,
LoginResult, UserAccountView, PasswordHasher, LoginFailureReason,
AccountLoginException, LoginSucceededEvent, LoginFailedEvent,
UserAccountCreatedEvent.
Identity (core, first-pass): PlatformUserAccountEntity + JpaPlatformUserAccountRepository,
BCryptPasswordHasher, LocalLoginService, PlatformUserAccountService,
DefaultCurrentUserProvider, V1__platform_user_account.sql.Permission, Role, PermissionChecker, PermissionDeniedException.
Access (core, first-pass): Platform{Role,Permission,UserRole,RolePermission}Entity
UserRoleService, RolePermissionService, DefaultPermissionChecker,
V2__platform_access.sql.MenuItem, MenuTree, MenuProvider.
Menu (core, first-pass): PlatformMenuEntity + JpaPlatformMenuRepository,
MenuTreeBuilder, PermissionBasedMenuFilter, DefaultMenuProvider,
V3__platform_menu.sql.AuditEvent, AuditActor, AuditAction, AuditTarget,
AuditEventPublisher.
Audit (core, first-pass): PlatformAuditLogEntity + JpaPlatformAuditLogRepository,
AuditLogService (Jackson-serialized metadata), DefaultAuditEventPublisher,
V4__platform_audit_log.sql.DevslabKitProperties (devslab.kit.* prefix) + 5 AutoConfigurations with
@ConditionalOnMissingBean overrides: Tenant, Identity, Access, Menu, Audit.devslab-kit-sample-app smoke-tests all 8 starter beans (TenantResolver,
TenantContextHolder, CurrentUserProvider, PasswordHasher, LocalLoginService,
PermissionChecker, MenuProvider, AuditEventPublisher) plus a BCrypt round-trip.