Tags

1.0.0-beta1

1.0.0-beta1: API freeze and endpoint hardening

Freezes the collector contract for the entire 1.x line and lands
the production-readiness hardening pass on /cwv/beacon. The
substrate has been exercised by three async decorators, seven
panel contributors, one probe collector, and two synchronous
collectors without contract changes since alpha7.

What freezes:
- Four collector interfaces (synchronous, async-decoration,
  probe, panel-contribution).
- Beacon payload envelope JSON shape.
- cwv_beacons and cwv_probes table schemas.
- AsyncContextStore service contract.
- CwvPanelWeight constants.

Contract-cleanup drops:
- Alpha6-envelope flat-field fallbacks in BeaconRequest.
- Legacy cache_state field parsing in DrupalCacheCollector.

Endpoint hardening:
- Per-IP flood protection via Drupal's flood service. Default
  60/60s/IP; configurable.
- Server-side sampling enforcement (ceiling at the controller).
- max_rows table-size ceiling (default 0 = unlimited) with FIFO
  prune; backstop for broken-cron failure mode.
- New SECURITY.md documenting attack surface, mitigations, and
  recommended CDN-side rate-limit configurations.

Performance defaults:
- Default sampling_rate lowered from 1.0 to 0.1 for new installs.
  Existing operators keep their explicit value.
- New PERFORMANCE.md quantifies DB write load and sizing.

Three new config keys land via cwv_update_10008.

From this commit forward the 1.x contract is stable for sibling-
module authors. RC1 cuts after a two-week soak; 1.0.0 stable cuts
after RC1 holds clean.

See ROADMAP.md, SECURITY.md, PERFORMANCE.md, and
docs/collector-contract.md for the full picture.

1.0.0-alpha10

1.0.0-alpha10: render-tree collector + CwvPanelWeight tightening

Second content release on the alpha7 collector contract. Same
shape as alpha9: implements async-decoration (Shape 2) plus
panel-contribution (Shape 4), opt-in via config, zero overhead
when disabled.

- RenderTreeInstrumentor captures response-level cache metadata:
  tag count, context count, hottest tag prefix.
- RenderTreeCollector ships per-request stats to AsyncContextStore
  at terminate and renders a Render-tree correlation panel
  showing CWV metrics bucketed by tag count.
- BeaconStorage::correlateByRenderTreeSize aggregation buckets
  beacons by tag count (0-25 / 26-100 / 101-300 / 301-1000 / 1001+).

Opt-in via render_tree_instrumentation_enabled (default FALSE).
Default installs pay zero overhead. cwv_update_10007 lands the
key on existing installs.

Also tightens CwvPanelWeight constants: adds CORRELATION = 200
midband, bumps TIME_SERIES from 200 to 300, repositions the
correlation panels (per-route, backend cache, render-tree) into
the new band. Fixes the layout discrepancy spotted in alpha9
field testing where AGGREGATION + 100 collided with TIME_SERIES.

CwvPanelWeight constants are due to freeze at beta1; alpha10 is
the last release where they can move.

1.0.0-alpha9

1.0.0-alpha9: backend cache instrumentation

The first content release built on the alpha7 collector contract.
Surfaces backend cache health (Memcache, Redis, APCu, database,
file backends) per request and correlates it with CWV metrics on
a new admin panel.

- CacheInstrumentor request-scoped service holds per-request
  counters with per-bin breakdown for hottest-miss tracking.
- InstrumentedCacheBackend wraps any CacheBackendInterface and
  records hit/miss/timing on get and getMultiple.
- InstrumentedCacheFactory decorates cache_factory so every bin
  (including those added by contrib) gets the wrapper.
- BackendCacheCollector implements Shape 2 (async-decoration)
  and Shape 4 (panel-contribution). Renders a Backend cache
  correlation panel showing CWV metrics bucketed by miss count.

Opt-in via backend_cache_instrumentation_enabled (default FALSE).
Default installs pay zero overhead; enabled installs pay roughly
5 microseconds per cache get.

Validates the one-collector-per-minor-release cadence the alpha7
contract was designed around. Subsequent 1.x minor releases add
render-tree (1.1), database (1.2), runtime health (1.3), external
services (1.4) on the same contract.

See ROADMAP.md and docs/collector-contract.md for the trajectory.

1.0.0-alpha8

1.0.0-alpha8: alpha7 field-test fixes

Two showstopper bugs surfaced by alpha7 field testing on a real
LSCache-fronted Drupal 11 site. Neither required architectural
rework; both are one-line fixes against the alpha7 substrate. No
contract changes, no new features.

Operators on alpha6 should upgrade past alpha7 directly to alpha8;
alpha7 should not be deployed.

- cwv_update_10003 split into addField + addIndex so the MySQL
  schema driver can normalise the index without looking up a
  column type that doesn't exist yet. Existing alpha6 sites can
  now upgrade.
- BeaconController async-context foreach iterator renamed from
  $value to $async_value to break the variable shadow with the
  float metric value declared earlier in receive(). Every alpha7
  beacon with at least one async observation was being silently
  dropped.

README documents the synthetic-probe accuracy caveat on
edge-cached and proxied stacks.

1.0.0-alpha7

1.0.0-alpha7: collector contract substrate

The most architecturally significant release in the 1.x line.
Reframes cwv from "real-user CWV with cache visibility" to a
correlation substrate where cache state is one of many backend
signal axes. The contract defines four collector shapes
(synchronous, async-decoration, probe, panel-contribution) frozen
at beta1 and lived with for the entire 1.x line.

What ships in alpha7:

- Four interfaces and default base classes for the collector
  shapes.
- Single-tag service discovery (cwv_collector with interface
  introspection).
- New beacon payload envelope: forwards the entire serverTiming
  array, condensed navigation timing, viewport object. Backward
  compatibility for the alpha6 envelope rides out cached HTML;
  drops at beta1.
- Request ID mechanism: kernel.response stamps Server-Timing:
  cwv-rid;desc=<id> on every page response. Beacon JS forwards
  it. AsyncContextStore reconciles page-request observations
  with the later-arriving beacon.
- Four migrated/new collectors exercising every shape:
  UserStateCollector and DrupalCacheCollector (synchronous),
  KernelTimingDecorator (async-decoration), EdgeCacheProbeCollector
  (probe), five panel contributors (cache comparison,
  distribution, per-route, daily counts, recent measurements).
- cwv_probes table for synthetic observations. Cache-vendor-
  agnostic header parsing covers LSCache, Cloudflare, Varnish,
  Fastly, AWS CloudFront, X-Drupal-Cache, X-Drupal-Dynamic-Cache.

No new end-user features land in alpha7; this is the substrate
phase. Backend cache instrumentation, render-tree, database, and
external-services collectors all build on this contract in the
1.1+ minor releases.

See docs/collector-contract.md for the full design and ROADMAP.md
for the multi-year trajectory.

1.0.0-alpha6

1.0.0-alpha6: operator-UX polish from alpha5 field testing

Three operator-UX nits surfaced by alpha5 field testing on an
LSCache-fronted Drupal 11 site. None changed alpha5 correctness,
but together they made the lead diagnostic look broken on edge-
cached stacks. No API changes.

- Cache state comparison falls back from drupal_cache.page to
  drupal_cache.dynamic when page is empty.
- Empty-state copy mentions both cwv-pc and cwv-dc.
- README documents cwv-pc non-availability on edge-cached stacks.
- README's developer-API column list corrected.

See ROADMAP.md for full details.

1.0.0-alpha5

1.0.0-alpha5: Server-Timing replaces cookie cache-state stamping

Field testing alpha4 on an LSCache-fronted site exposed that
the Set-Cookie + absolute-expires pattern is fundamentally
incompatible with response caching. Alpha5 swaps to a
Server-Timing header, which has no expiry mechanism and so
survives edge caching cleanly.

See ROADMAP.md for full details.

1.0.0-alpha4

1.0.0-alpha3

1.0.0-alpha2

1.0.0-alpha1