Features

Authorization and Roles System

• Implementation of declared roles propagation as use-case with appropriate rules to prevent system-roles overwriting (issue #114, branch: task/114)
• Simplification of guesting process for sharing accounts with child roles (tag: 8.1.1-beta.5)
• New dedicated endpoints for account-managers to list guest-users (tag: 8.1.1-beta.2)
• Removal of system permission requirement for guesting to children accounts (tag: 8.1.1-beta.1)
• Roles propagation during API initialization (#127, branch: feat/127)

Observability and Tracing

• More verbose API and HTTP tools for collecting traces, metrics and logs (#126, branch: feat/126)
• Tracing of allow-deny decisions when using FBAC (Function-Based Access Control) (#126, branch: feat/126)
• Implementation of profile compression when sending via HTTP header (tag: 8.1.1-beta.11)
• Reintroduction of OTel collector functionality for metrics collection (tag: 8.2.0)
• Proper configuration of metrics exporter (tag: 8.2.0)

Notification System

• Persistence of webhook method to database instead of inferring from trigger (tag: 8.2.1-rc.2)
• Configuration of tenant ID from notification user information (tag: 8.2.1-rc.1)
• Use of tenant information during notification communications (tag: 8.2.1-rc.1)
• Implementation of notification dispatching tests (tag: 8.2.1-rc.2)
• Creation of standard keys for metadata (tag: 8.2.1-rc.1)

Configuration and Infrastructure

• Replacement of deprecated serde_yaml package with TOML for configuration loading (#118, tag: 8.1.1-rc.5, branch: task/118)
• Implementation of custom deserialization method to improve routes definition ergonomics (tag: 8.1.1-rc.5)
• Implementation of connection string list (#22, branch: gh/feat/22, tag: 8.2.1-rc.3)
• Inclusion of metadata in profile (#24, branch: gh/feat/24)
• Fix in Redis connection configuration including port (tag: 8.1.1-beta.11)

Internationalization

• Implementation of Spanish locale (#24, branch: gh/feat/24)
• Implementation of Portuguese email templates (#24, branch: gh/feat/24)
• Fix in pt-br file imports from Portuguese versions (#24, branch: gh/feat/24)

Security

Vulnerability Fixes

• Resolution of shared vulnerabilities in lettre and jsonwebtoken packages, updated to recommended versions (#126, branch: feat/126)
• Fix for audience validation after jsonwebtoken upgrade (silent bug that caused token validation error) (#126, branch: feat/126)
• Fix for deprecated slab package version (tag: 8.1.1-rc.6)
• Upgrade of deprecated or unmaintained dependencies (#126, branch: feat/126)

Security Policies and Workflows

• Explicit definition of GitHub token permissions instead of relying on repository defaults (#126, branch: feat/126)
• Implementation of security checker scheduled to run weekly (#121, branch: task/121)
• Extension of security workflow to run on push and pull request in addition to weekly schedule (#121, branch: task/121)
• Application of Clippy suggestions for core and base lib packages (#118, branch: task/118)

Improvements

Documentation

• Implementation of documentation page on GitHub Pages (https://lepistabioinformatics.github.io/mycelium/) (#119, branch: task/119)
• Creation of conceptual model describing Mycelium's authorization model (tag: 8.2.1-rc.3)
• Update of core documentation to describe crate structure and goals (#126, branch: feat/126)
• Update of key features to reflect current project state
• Addition of comprehensive badge collection to README
• Creation of contribution guide (CONTRIBUTING.md)
• Creation of code of conduct (CODE_OF_CONDUCT.md)
• Removal of "enabled" references when defining optional configurations (tag: 8.2.0)

CI/CD and Automation

• Implementation of Claude Code Review and PR Assistant workflows
• Implementation of initial CI workflow with formatting and code checking steps (#118, branch: task/118)
• Dependency updates using automated strategy
• Update of deprecated actions (upload-pages-artifact, actions-deploy-pages) (#119, branch: task/119)

Refactoring and Code Cleanup

• Refactoring of API main function to isolate module initialization into external function (#126, branch: feat/126)
• Removal of unused code (rmcp, queue structs, rust-mcp-sdk) (#126, branch: feat/126, tag: 8.1.1-beta.13)
• Removal of header-based role filtering in account-manager endpoints (tag: 8.1.1-beta.8)
• Replacement of subscriptions manager with account-manager scoped use-cases in guest-roles listing (tag: 8.1.1-beta.3)
• Application of Rust formatting (rustfmt) (#118, branch: task/118)

Bug Fixes

• Fix for profile return in gateway fetch profile (tag: 8.1.1-rc.7)
• Fix for parent to children role selection direction (tag: 8.1.1-beta.9)
• Replacement of parent ID filtering with child ID filtering in get-parent-by-child-id method (tag: 8.1.1-beta.10)
• Removal of system account filtering during account-manager guest-roles checks (tag: 8.1.1-beta.4)
• Inclusion of services in routes (tag: 8.2.0)
• Update of configuration tests to load from TOML file instead of YAML (#118, branch: task/118)

Improve the downstream services protection to include sources filtration.

This release includes improvements in tenant-manager endpoints to allow users to better manage tenants. Security issues were already solved.

Implements a basic cache system on validate access token and during the recovery of the user profile from the datastore.

What's Changed

• build: include diesel and cli and api ports to the publishable packages

feature/gh29 by @sgelias in #35

• feat: review the webhook trigger names to improve the user understand… by @sgelias in #36
• Feature/gh33 + gh34 by @sgelias in #37

Full Changelog: v7.0.0...v7.1.0

Replace the prisma crate by diesel orm and turn the full application as a crates native

Mycelium has evolved to gain new features. It now has support for Multi-tenant, enhanced security and more granular RBAC, to ensure better control over application elements and downstream routes.