Changelog¶

All notable changes to relay are documented in this file.

[0.4.0] - 2026-04-27¶

Automatic Session Management (config.go) - All relay clients now initialize with a default http.CookieJar via cookiejar.New(nil) in defaultConfig(). This enables transparent cookie persistence across requests, fixing a critical issue where CSRF token + cookie pairs required by SAP and other enterprise backends were being silently discarded.

CSRF Token Reliability - The automatic CookieJar support fixes the root cause of 403 CSRF token validation failed errors in enterprise integrations. SAP OData services require CSRF tokens to be paired atomically with session cookies—separating them breaks token validation. With BUG-001 fixed, http.Client now automatically:
Captures Set-Cookie headers from token fetch responses
Includes captured cookies in subsequent POST/PUT/PATCH requests
Manages cookie storage and expiration transparently
Eliminates the need for manual cookie management in application code

100% backward compatible - Existing code requires no changes
Custom CookieJar - Users can still provide custom CookieJar implementations via the WithCookieJar() option
No new dependencies - Uses Go's standard library net/http/cookiejar

WebSocket support (websocket.go) - full-duplex connections with typed message handlers, ping/pong keepalive, and automatic reconnection
Dynamic TLS watcher (tls_watcher.go) - hot-reload TLS certificates from disk without restarting the client; watches for file changes and rotates credentials transparently
Transport adapters (transport_adapters.go) - plug in custom http.RoundTripper implementations; includes built-in adapters for Unix socket, in-memory, and custom dial functions
HTTP/3 QUIC extension (ext/http3/) - QUIC transport via quic-go; automatic fallback to HTTP/2 when QUIC is unavailable

Bulkhead isolation - per-endpoint concurrency limits using semaphores to prevent one slow upstream from consuming all goroutines
Request hedging (hedging.go) - send a duplicate request after a configurable delay; the fastest response wins, improving tail latency
Content negotiation - automatic Accept and Content-Type header management with codec registration (JSON, CBOR, MessagePack, XML)
Timeout tiers (config.go) - separate dial, TLS handshake, response header, and total request timeouts
Typed pagination (pagination.go) - generic Paginator[T] that follows Link, cursor, offset, or custom next-page strategies
Circuit breaker - token-bucket state machine that opens after N failures and probes recovery after a configurable timeout
DNS cache - in-process DNS resolution cache with configurable TTL to reduce DNS lookup latency

Semantic hooks - typed lifecycle hooks: OnRequest, OnResponse, OnError, OnRetry
Idempotency keys (idempotency.go) - automatic Idempotency-Key header injection with configurable generators
Response classification (classification.go) - categorise responses into success, client error, server error, redirect with structured error types
Generic decode helpers (generics.go) - relay.Decode[T]() and relay.DecodeSlice[T]() for zero-boilerplate typed response parsing
Redirect chain (response.go) - Response.RedirectChain() exposes the full list of intermediate URLs followed during a redirect

Declarative request builder with method chaining
Automatic JSON marshal/unmarshal for request bodies and responses
Configurable retry with exponential backoff, jitter, and per-status-code policies
BaseURL + path composition
Context propagation and cancellation support
Structured error types with status code and body access
Default headers and query parameters
Basic authentication and Bearer token helpers
http.RoundTripper transport slot for full customisation