Skip to main content

AUSUS v1.1.0 — relations, data-dependent authorization & PostgreSQL

Minor, backward-compatible release on the 1.x line. It adds three capabilities — typed relations with referential integrity, data-dependent authorization, and an official PostgreSQL production driver — and ships all packages in lock-step at v1.1.0. Existing ^1.0 consumers float forward on composer update with no code change required.


Relations & referential integrity (RFC-015)

Entities can now declare typed foreign references to other entities, with integrity enforced both at build time and at write time.

$dsl->entity('claim')
->fields([
'policy_id' => Field::reference('claims.policy'),
// …
]);
  • Compile-time check. A reference to a non-existent target entity is rejected when the metadata graph is compiled — there are no ghost references in a graph that compiles.
  • Write-time enforcement. Creating or updating a row whose reference points at a missing parent raises ReferentialIntegrityViolation.
  • Projection expansion. A projection can fold a referenced row's display field into its output via expand, so list and detail views show the parent's label without a second query.

The identity value object Subject is unified into Reference (kept as a backward-compatible alias).


Data-dependent authorization (RFC-018)

Authorization can now read the record being acted on and structured actor attributes — not just roles. The rule that a claims, KYC, vendor-risk, or finance domain actually needs ("approve only up to your authority limit") is expressed as a guard, evaluated before any effect runs and fail-closed.

$dsl->actorAttributes(['authority_limit' => Field::integer()]);

'approve' => Action::transition('status', from: 'ASSESSING', to: 'APPROVED')
->requireRole('claims.adjuster')
->requireThat(Cond::lte(Fact::subject('claim_amount'), Fact::actor('authority_limit'))),
  • Facts. Fact::subject(field) reads a field of the loaded subject entity; Fact::actor(attribute) reads a structured actor attribute; Fact::input(key) reads an action input.
  • Conditions. Cond::eq / ne / lt / lte / gt / gte / in, composed with and / or / not (and arithmetic via mul).
  • Compile-time closure. A guard referencing an unknown subject field, actor attribute, or input is rejected at compile time (DanglingFactReference).
  • Runtime. The subject is loaded before authorization; the guard runs inside the action's transaction; a denial surfaces as PolicyDenied (HTTP 403) and rolls the transaction back. Actor attributes are seeded through ApplicationConfig::actorAttributes(...) and, over HTTP, an X-Actor-Attributes header parsed fail-safe.

Role-only policies are unaffected — requireRole continues to work exactly as before.


PostgreSQL production driver (ausus/persistence-postgres)

A new official L3 PersistenceDriver brings AUSUS onto the database real enterprise systems run on, behind the same contract as the SQLite reference.

composer require ausus/persistence-postgres:^1.1
  • Per-tenant transactions and row-level WHERE tenant_id = ? isolation.
  • Optimistic locking → ConcurrencyConflict, message-identical to SQLite.
  • Filtering (eq / contains / in), deterministic sorting with an id tie-breaker, and pagination with total counts.
  • RFC-015 referential-integrity enforcement.
  • In-transaction audit sink writing the 17-column kernel_audit_log.

Moving an application from the SQLite development driver to PostgreSQL in production requires no change to the domain — only the configured driver. Tested against PostgreSQL 16.


Cross-driver compatibility gate

A dedicated cross-driver parity harness asserts that the SQLite and PostgreSQL drivers behave identically across the full kernel persistence contract — defaults, types, references, tenant isolation, update/concurrency, filtering/sorting/pagination, and the audit shape — with message-identical exceptions.

It runs on every change as a CI workflow against a real postgres:16 service, with an anti-false-positive guard (AUSUS_PG_REQUIRED) that fails the build unless the PostgreSQL driver actually participated. This makes the SQLite ↔ PostgreSQL contract a continuously verified property, not a one-time claim.


Lock-step release state

All AUSUS packages are tagged at v1.1.0 in lock-step and distributed on Packagist from their dedicated subtree-split repositories, with ausus/persistence-postgres joining as the new official package. Inter-package constraints are on the ^1.1 line.

Packagev1.1
ausus/kernelrelations + guard kernel surface
ausus/runtime-defaultdata-dependent guard runtime
ausus/persistence-sqlSQLite reference driver
ausus/persistence-postgresPostgreSQL production driver (new)
ausus/api-httpactor-attribute intake, unchanged wire
ausus/standard-stackbundle pinning the core set
ausus/starterquickstart template

Compatibility & upgrade

  • SemVer minor, additive. No breaking change to the public API, the HTTP wire, or the ViewSchema. The default substrate remains SQLite; PostgreSQL is opt-in.
  • Upgrading from 1.0.x. Float forward with composer update, or pin ^1.1. No application change is required to keep working; relations, data-dependent guards, and PostgreSQL are available when you choose to adopt them.
composer create-project ausus/starter myapp
cd myapp && composer boot

See the Packages overview for the full package set and Core Concepts for the model, both in the documentation sidebar.