v0.26.0 is a contract release for tenant semantics. Runtime scoping now uses tenant_id only, and operator-scoped aliases are removed from execution paths.
Breaking: Tenant-Only Runtime Semantics
- Removed RlsContext::operator(...) and operator_and_agent(...) runtime aliases; use tenant(...) and tenant_and_agent(...).
- Removed operator_id and has_operator() from runtime context models.
- Gateway JWT tenant scope now resolves from tenant_id only in runtime auth paths.
let ctx = RlsContext::tenant("tenant-123");
let cmd = Qail::get("bookings").with_rls(&ctx);
let rows = driver.fetch_all(&cmd).await?;
Gateway and Analyzer Correctness
- Policy evaluation now avoids premature deny when later matching allow policies exist.
- optimize_qail_for_execution coverage was expanded across handlers for consistent execution planning.
- Analyzer diagnostics reduce comment/string-literal false positives and continue the shift toward semantic detection.
SDK and Docs Surface
- Direct SDK support is documented for TypeScript (@qail/client), Swift, and Kotlin.
- Node.js native binding remains deferred while direct SDK tracks are prioritized.
- Web/docs copy is aligned to tenant-first terminology and current runtime behavior.
Upgrade Notes
- Update auth token issuance to include tenant_id claim for tenant-scoped access.
- Replace any RlsContext::operator(...) call sites with RlsContext::tenant(...).
- Replace legacy operator_id references in runtime paths with tenant_id; keep legacy names only in historical release notes.
The safe path is now explicit: tenant_id at auth boundary, tenant context in runtime, and semantic checks over string scanning.← Back to Blog