Skip to main content
CoreSDK
Quickstart
Reference

Changelog

CoreSDK version history

Changelog

All notable changes to CoreSDK are documented here. CoreSDK follows Semantic Versioning.

v0.1.0 — 2026-03-19

Initial public release of CoreSDK.

Features

Authentication

  • JWT verification via JWKS with automatic key rotation and caching
  • Configurable aud, iss, and exp validation with clock-skew leeway
  • Support for RS256, RS384, RS512, ES256, ES384, and EdDSA algorithms
  • Per-request JWT introspection middleware for Axum, Actix-web, Express, FastAPI, and net/http

Authorization & Policy

  • Embedded OPA engine for zero-network-hop policy evaluation
  • Rego policy hot-reload from local directory (CORESDK_POLICY_DIR)
  • Remote OPA bundle support with configurable polling interval
  • Deny-by-default mode (policy_default_allow = false)
  • core policy test CLI command for local policy unit tests
  • core policy push for deploying policy bundles to CoreSDK Cloud

Multi-Tenancy

  • Tenant ID extraction from configurable JWT claim (CORESDK_TENANT_CLAIM)
  • Per-tenant rate limiting (requests per minute, configurable burst)
  • Tenant provisioning via core tenant create CLI and REST API
  • Tenant-scoped audit log and trace filtering

Observability

  • OpenTelemetry traces, metrics, and logs via OTLP gRPC
  • trace_id propagation in all RFC 9457 error responses
  • core trace tail CLI for live trace streaming
  • Configurable sampling rate (CORESDK_OTEL_SAMPLE_RATE)

Audit Log

  • Structured audit events for every auth and policy decision
  • Export to stdout, S3, GCS, or a local file
  • core audit export CLI with time-range and event-type filtering

Configuration

  • coresdk.toml file-based config with CoreSDK::from_file()
  • Full environment variable coverage for all options (see Environment Variables)
  • Fluent builder API for Rust; keyword-argument constructors for Python, Node, and Go

CLI (core)

  • core init — project scaffolding for Rust, Python, Node, Go
  • core policy test — Rego unit test runner
  • core policy push — policy bundle deployment
  • core trace tail — live OTEL trace streaming
  • core tenant create — tenant provisioning
  • core audit export — audit log export

Error Handling

  • RFC 9457 application/problem+json error responses
  • Typed error codes: jwt-missing, jwt-invalid, jwt-expired, jwt-unknown-key, policy-denied, tenant-not-found, rate-limit-exceeded, internal-error
  • Custom ErrorMapper trait for overriding default error shapes

SDK language support

  • Rust (native, first-class)
  • Python (coresdk-py)
  • Node / TypeScript (@coresdk/sdk)
  • Go (github.com/coresdk/sdk-go)

Roadmap

v0.2.0 — planned

  • mTLS support — client certificate authentication alongside JWT
  • Policy dry-run mode — evaluate a request against policies without enforcing the decision
  • Audit log streaming — push audit events to Kafka or Kinesis in real time
  • Per-tenant policy overrides — allow tenants to supply their own supplementary Rego rules
  • core tenant list and core tenant delete CLI commands
  • WASM policy runtime — run Rego policies compiled to WASM for edge deployments
  • Dashboard UI — web interface for trace exploration, tenant management, and audit log search

v1.0.0 — planned

  • Stable API with long-term support guarantee
  • Distributed rate limiting — Redis-backed counter for multi-instance deployments
  • Policy versioning — atomic bundle versioning with rollback support
  • SOC 2 Type II audit controls baked in
  • FIPS 140-2 compliant cryptography option
  • gRPC middleware support (in addition to HTTP)
  • Helm chart for Kubernetes deployment of the CoreSDK sidecar
  • Terraform provider for tenant and policy management as code

Environment Variables

All CoreSDK environment variables

Roadmap

CoreSDK's phased delivery plan — what ships in each phase, success metrics, and what's coming next.

On this page

Changelogv0.1.0 — 2026-03-19FeaturesRoadmapv0.2.0 — plannedv1.0.0 — planned