AUSUS v1.1.0 — relations, data-dependent authorization & PostgreSQL
Minor, backward-compatible release on the 1.x line. It adds three
capabilities — typed relations with referential integrity, data-dependent
authorization, and an official PostgreSQL production driver — and ships all
packages in lock-step at v1.1.0. Existing ^1.0 consumers float forward on
composer update with no code change required.
Relations & referential integrity (RFC-015)
Entities can now declare typed foreign references to other entities, with integrity enforced both at build time and at write time.
$dsl->entity('claim')
->fields([
'policy_id' => Field::reference('claims.policy'),
// …
]);
- Compile-time check. A reference to a non-existent target entity is rejected when the metadata graph is compiled — there are no ghost references in a graph that compiles.
- Write-time enforcement. Creating or updating a row whose reference points at
a missing parent raises
ReferentialIntegrityViolation. - Projection expansion. A projection can fold a referenced row's display field
into its output via
expand, so list and detail views show the parent's label without a second query.
The identity value object Subject is unified into Reference (kept as a
backward-compatible alias).
Data-dependent authorization (RFC-018)
Authorization can now read the record being acted on and structured actor attributes — not just roles. The rule that a claims, KYC, vendor-risk, or finance domain actually needs ("approve only up to your authority limit") is expressed as a guard, evaluated before any effect runs and fail-closed.
$dsl->actorAttributes(['authority_limit' => Field::integer()]);
'approve' => Action::transition('status', from: 'ASSESSING', to: 'APPROVED')
->requireRole('claims.adjuster')
->requireThat(Cond::lte(Fact::subject('claim_amount'), Fact::actor('authority_limit'))),
- Facts.
Fact::subject(field)reads a field of the loaded subject entity;Fact::actor(attribute)reads a structured actor attribute;Fact::input(key)reads an action input. - Conditions.
Cond::eq / ne / lt / lte / gt / gte / in, composed withand / or / not(and arithmetic viamul). - Compile-time closure. A guard referencing an unknown subject field, actor
attribute, or input is rejected at compile time (
DanglingFactReference). - Runtime. The subject is loaded before authorization; the guard runs inside
the action's transaction; a denial surfaces as
PolicyDenied(HTTP403) and rolls the transaction back. Actor attributes are seeded throughApplicationConfig::actorAttributes(...)and, over HTTP, anX-Actor-Attributesheader parsed fail-safe.
Role-only policies are unaffected — requireRole continues to work exactly as
before.
PostgreSQL production driver (ausus/persistence-postgres)
A new official L3 PersistenceDriver brings AUSUS onto the database real
enterprise systems run on, behind the same contract as the SQLite reference.
composer require ausus/persistence-postgres:^1.1
- Per-tenant transactions and row-level
WHERE tenant_id = ?isolation. - Optimistic locking →
ConcurrencyConflict, message-identical to SQLite. - Filtering (
eq/contains/in), deterministic sorting with anidtie-breaker, and pagination with total counts. - RFC-015 referential-integrity enforcement.
- In-transaction audit sink writing the 17-column
kernel_audit_log.
Moving an application from the SQLite development driver to PostgreSQL in production requires no change to the domain — only the configured driver. Tested against PostgreSQL 16.
Cross-driver compatibility gate
A dedicated cross-driver parity harness asserts that the SQLite and PostgreSQL drivers behave identically across the full kernel persistence contract — defaults, types, references, tenant isolation, update/concurrency, filtering/sorting/pagination, and the audit shape — with message-identical exceptions.
It runs on every change as a CI workflow against a real postgres:16 service,
with an anti-false-positive guard (AUSUS_PG_REQUIRED) that fails the build
unless the PostgreSQL driver actually participated. This makes the SQLite ↔
PostgreSQL contract a continuously verified property, not a one-time claim.
Lock-step release state
All AUSUS packages are tagged at v1.1.0 in lock-step and distributed on
Packagist from their dedicated subtree-split repositories, with
ausus/persistence-postgres joining as the new official package. Inter-package
constraints are on the ^1.1 line.
| Package | v1.1 |
|---|---|
ausus/kernel | relations + guard kernel surface |
ausus/runtime-default | data-dependent guard runtime |
ausus/persistence-sql | SQLite reference driver |
ausus/persistence-postgres | PostgreSQL production driver (new) |
ausus/api-http | actor-attribute intake, unchanged wire |
ausus/standard-stack | bundle pinning the core set |
ausus/starter | quickstart template |
Compatibility & upgrade
- SemVer minor, additive. No breaking change to the public API, the HTTP wire, or the ViewSchema. The default substrate remains SQLite; PostgreSQL is opt-in.
- Upgrading from
1.0.x. Float forward withcomposer update, or pin^1.1. No application change is required to keep working; relations, data-dependent guards, and PostgreSQL are available when you choose to adopt them.
composer create-project ausus/starter myapp
cd myapp && composer boot
See the Packages overview for the full package set and Core Concepts for the model, both in the documentation sidebar.