0.6.5 (2026-04-24)
- Update policyengine-us to 1.666.1. (policyengine-us-1.666.1)
0.6.4 (2026-04-17)
- Agent callback endpoints (
/agent/log/{call_id},/agent/complete/{call_id}) now require HMAC-signed call IDs and store state in bounded TTLCaches to prevent log injection and unbounded memory growth. All reads and writes to the TTLCaches are serialised behind athreading.Lockso the asyncio event-loop thread and the background executor thread (_run_local_agent) cannot corrupt the cache under concurrent access. Server startup now emits a warning whenAGENT_CALLBACK_SECRETfalls back to a per-process random value (a multi-worker hazard). Country variable-type catalogs used by household validation are cached perTaxBenefitModelVersionto avoid re-querying an immutable catalog on every request. (#265) - Unified the agent turn limit under a single
DEFAULT_AGENT_MAX_TURNSconstant so local and Modal entry points no longer diverge (previously 100 vs 30). (#266) /analysis/rerun/{report_id}now requires anX-API-Keyheader; the endpoint is destructive (deletes result records) and was previously reachable anonymously. (#267)- Household payload models now cap entity groups at 1000 entries and 500 keys per entity to prevent OOM from oversized requests. (#268)
- Aggregate and change-aggregate batch endpoints now cap batches at 100 entries to prevent worker-pool exhaustion. (#269)
- Household impact jobs now persist the
baseline_job_idon the reform job's JSONrequest_datacolumn by replacing the dict rather than mutating it in place (SQLAlchemy doesn't track in-place JSON mutations). (#270) - Household endpoints now validate entity values against variable dtypes (rejecting mixed-dtype inputs with 422) and pick dtype-compatible column defaults to prevent the simulation kernel from building object-dtype DataFrames. (#271)
- List endpoints (
/parameters,/parameter-values,/outputs/aggregates,/outputs/change-aggregates) now enforcelimit <= 500and reject non-positive values to prevent full-table scans. (#272) - Agent sandbox now URL-encodes path parameters so values containing
/,#, or?cannot escape the intended path segment. (#273) download_datasetnow rejects path-traversal filepaths (../../etc/passwd, absolute paths) that would write outside the Modal dataset cache root. (#274)- Replaced the deprecated
asyncio.get_event_loop()call inside/agent/runwithasyncio.get_running_loop(). (#275) - Replaced deprecated
datetime.utcnow()with timezone-awaredatetime.now(timezone.utc)in the agent router. (#276) settings.database_urlnow raisesValueErrorfor non-local Supabase URLs that lacksupabase_db_urlinstead of silently synthesising apostgres:postgres@...string. (#277)
0.6.3 (2026-04-16)
- Stored
/householdsdefinitions now use the same plural entity-list contract as household calculation, including validation for multi-group person/entity linkage and compatibility coercion for legacy singular payloads. (#256)
0.6.2 (2026-04-12)
- Reject shared runtime bundle reuse when the compared database rows point at different model identities, even if their runtime version strings match. (runtime-version-resolution)
0.6.1 (2026-04-09)
- Moved api-v2 version routing to dedicated Modal registries so api-v2-alpha deployments no longer overwrite the legacy simulation API registry. (#215)
0.6.0 (2026-04-09)
- User-household associations can now be reassigned to a different
household_idwhile preserving the existing association record. (household-association-reassignment)
0.5.3 (2026-04-09)
- Update policyengine-us to 1.633.2. (policyengine-us-1.633.2)
0.5.2 (2026-04-09)
- Update policyengine-us to 1.633.1. (policyengine-us-1.633.1)
0.5.1 (2026-04-08)
- Skip the deploy and integration-test pipeline for automated package version update commits. (#208)
0.5.0 (2026-04-06)
- Versioned Modal deployments: each deploy creates a named app (
policyengine-v2-us{X}-uk{Y}) with exact country package version pins, allowing multiple versions to coexist. Cloud Run routes to the correct version via Modal Dict registries. (#201)
- Refactored monolithic
modal_app.pyintomodal/package with separate modules for app definition, images, shared utilities, and functions. (#201)
- Deleted monolithic
modal_app.py(3,450 lines), replaced bymodal/package. (#201)
0.4.4 (2026-03-18)
- Versioning workflow now creates GitHub Releases by using App token to trigger Phase 2. (#149)
0.4.3 (2026-03-18)
- Auto-updater PRs now include a changelog fragment. (#147)
0.4.2 (2026-03-18)
- Use GitHub App token in country package auto-updater so PRs trigger CI tests. (#144)
0.4.1 (2026-03-17)
- Serialize lists and dicts as JSON in bulk_insert for Postgres COPY compatibility (fix-seed-json)
0.4.0 (2026-03-17)
- Automated GitHub Actions workflow to check for country package updates and open PRs. (#135)
0.3.4 (2026-03-16)
- Support staging and production targets in db-reset workflow with environment-scoped secrets (#137)
0.3.3 (2026-03-16)
- Merge Alembic heads to resolve multiple head revisions blocking CI/CD migrations (#134)
0.3.2 (2026-03-16)
- Split CI/CD database migrations into separate staging and production jobs with environment-scoped Supabase secrets (#133)
0.4.0 (2026-03-13)
- Standardize all endpoints on
country_idinstead oftax_benefit_model_name(#109) - Default metadata endpoints (variables, parameters, datasets) to latest model version with optional version pinning (#109)
- Dual policy IDs (
baseline_policy_id/reform_policy_id) on reports andEXECUTION_DEFERREDreport status (#109) - Auto-start
EXECUTION_DEFERREDreports on GET endpoint access (#109) - Convert VARCHAR enum columns to native PostgreSQL enums with
values_callable(#109)
0.3.1 (2026-03-11)
- Add Alembic merge migration to resolve multiple head revisions from parallel feature branches (#129)
0.3.0 (2026-03-11)
- Add parameter_nodes table to store folder/category labels for parameter tree navigation (#124)
0.2.9 (2026-03-11)
- Enable follow_redirects in staging integration tests to handle FastAPI's trailing-slash 307 redirects. (fix-staging-tests-redirect)
0.2.8 (2026-03-11)
- Fix staging and canary URL extraction in deploy workflow — gcloud format filter returned empty, replaced with JSON + jq parsing. (fix-tagged-url-extraction)
0.2.7 (2026-03-11)
- Increase Cloud Run startup probe timeout to 40 seconds (was 15s) to prevent deployment failures with heavier policyengine imports. (increase-startup-probe)
0.2.6 (2026-03-11)
- Sync ANTHROPIC_API_KEY to Modal environments via deploy pipeline, fixing agent sandbox deploy failure. (sync-anthropic-key-modal)
0.2.5 (2026-03-10)
- Fix region seeding crash caused by unpacking 2 values from 3-tuple return of seed_us_regions and seed_uk_regions. (fix-seed-tuple-unpack)
0.2.4 (2026-03-10)
- Bump policyengine from 3.2.0 to 3.2.1, fixing missing
policyengine.countriesmodule needed for region seeding. (bump-policyengine-3.2.1)
0.2.3 (2026-03-10)
- Rename SUPABASE_SERVICE_KEY to SUPABASE_SECRET_KEY across codebase, aligning with Supabase's new key naming. Add secret key to Terraform, deploy.yml, and Modal secrets sync. (rename-secret-key)
0.2.2 (2026-03-10)
- Update policyengine-uk from 2.45.4 to 2.75.1, fixing dataset seeding crash (sim.dataset[year] API change). (bump-uk-version)
0.2.1 (2026-03-10)
- Add missing --reset flag to db-reset workflow so init.py actually drops existing tables before recreating them. (db-reset-flag)
0.2.0 (2026-03-10)
- Add staging deployment pipeline with integration tests, canary deploys, and release automation. (staging-pipeline)
- Fix MODAL_ENVIRONMENT not being set in Terraform, causing production to use testing Modal environment. (modal-env-fix)
- Switch policyengine dependency from git branch to PyPI release (>=3.2.0). (policyengine-dep)