v0.0.6

What's Changed

• Add optional JetStream domain config to the natsstore plugin (PER-13735) by @omer9564 in #5

Full Changelog: v0.0.5...v0.0.6

v0.0.5 — Single muxed KV bucket (BREAKING)

⚠️ Breaking change

This release replaces the bucket-per-tenant model with a single muxed K/V bucket holding every tenant. There is no backward compatibility — deployments must be reconfigured (#4).

• bucket is now required config. The plugin reads one configured K/V bucket; set bucket: "<name>" (e.g. POLICY_DATA) in the plugin config. A missing/empty bucket now fails validation at startup.
• Data layout changed. Entries are keyed <tenant>.<key> within the single bucket (was one bucket per tenant). Data still lands in OPA at data.nats.kv.<tenant>.<...>, so Rego policies are unchanged.
• Builtin argument is now the tenant id. nats.kv.watch_bucket(<id>) and nats.kv.get_data(<id>, key) take the tenant (the leading key token), not a bucket name.
• root_bucket config renamed to root_tenant (a tenant whose subtree mounts at the OPA data root with its token stripped).
• watch_bucket no longer fails open: a missing configured bucket now surfaces an error (previously returned false), consistent with get_data.

Migration

1. Set bucket: "<your-bucket>" in the plugin config (and root_tenant instead of root_bucket if you used it).
2. Provision the single bucket and have the producer write <tenant>.<key> entries to it (the data-generator dual-writes during migration).
3. Scope NATS account permissions to $KV.<bucket>.> — note $JS.API.> is account-wide JetStream access.

Notable internals

• Per-tenant reads are prefix-filtered (O(tenant), never enumerates the whole bucket); watches are context-bound and fail closed on early close.
• Tenant-id validation (rejects ./*/>/whitespace); failed reads skip the key instead of injecting null; non-JSON values fall back to a JSON string.
• Integration tests are behind a //go:build integration tag (excluded from the default go test ./...).

Full changelog: v0.0.4...v0.0.5

v0.0.4

What's Changed

• fix(BucketWatcherManager): release mu before watcher.Start to avoid self-deadlock by @omer9564 in #3

Full Changelog: v0.0.3...v0.0.4

v0.0.3

• Fix a race when stopping a bucket watcher
• improve launch configurations

Full Changelog: v0.0.2...v0.0.3

v0.0.2

What's Changed

• update license copyrights by @omer9564 in #2
• Enhance NATS plugin configuration by adding UserJwt and UserNkeySeed fields. Update connection logic to support JWT authentication. Improve logging during plugin validation and connection attempts.

Full Changelog: v0.0.1...v0.0.2

v0.0.1

What's Changed

• Implement Nats K/V Streamlining into OPA memory by @omer9564 in #1

New Contributors

• @omer9564 made their first contribution in #1

Full Changelog: https://github.com/permitio/opa-nats/commits/v0.0.1