Reference
Release 1.0.7
Nidus 1.0.7 performance, trace correctness, and runtime hardening notes.
Release 1.0.7
Nidus 1.0.7 is a measured performance, trace-correctness, and runtime-hardening patch release. Public APIs remain compatible with 1.0.6; the changes are internal data-structure improvements, stricter standards validation, and fixes that preserve existing recovery semantics.
Bounded Event Queues
- Bounded subscribers now use a ring buffer, so evicting the oldest event is
- Unbounded subscribers retain their existing
Vecstorage and O(1) drain - Zero-capacity, FIFO eviction, second-batch, unbounded, poisoned-lock recovery,
constant-time instead of shifting the retained queue on every publication.
path, and declaring a bounded subscription still allocates lazily.
and multi-subscriber behavior remain covered by tests.
At a full 10,000-event bound, the saved-baseline Criterion row moved from 1.0719-1.1939 us to 67.098-78.214 ns. Criterion reported a 93.9%-94.7% improvement for this local 100-sample run.
Trace Context And Structured Logging
- Request context, structured logging, and OpenTelemetry helpers now share one
- Version
ff, uppercase or malformed identifiers, all-zero trace/span IDs, - Request context now populates the existing parent span ID field instead of
- Structured HTTP spans borrow request ID, trace ID, and route fields rather
allocation-free W3C traceparent parser.
and extensions on version 00 are rejected. Future-version extensions are accepted and ignored as required for forward compatibility.
leaving it empty.
than allocating owned strings before recording them.
The structured-span Criterion row moved from 158.54-159.89 ns to 83.327-86.991 ns. Criterion reported a 37.9%-42.0% improvement for this local 100-sample run.
Runtime Hardening
- Security-header, declared body-limit, and timeout-response middleware no
- Request-scoped provider resolution clears in-progress cache state and wakes
crossbeam-epochwas updated to 0.9.20 to address RUSTSEC-2026-0204 in the- Standalone-example release verification now rejects occupied smoke-test
longer allocate boxed futures on their straightforward request paths.
waiters after a factory panic, matching singleton recovery behavior.
cache adapter and benchmark dependency graph.
ports, starts built binaries directly so cleanup owns the actual server process, and prints captured logs when a runtime check fails.
Rejected Experiment
A borrowed-key rate-limit lookup removed an owned key allocation but regressed the measured 10,000-identity row. The experiment was reverted; the rate-limit implementation is unchanged in 1.0.7.
Release Evidence
The release candidate was validated with:
cargo fmt --all --check
cargo clippy --workspace --all-targets --all-features -- -D warnings
cargo test --workspace --all-features
RUSTDOCFLAGS='-D warnings' cargo doc --workspace --all-features --no-deps
cargo deny check
cargo audit --deny warnings
bash scripts/semver-check-publishable-crates.sh
bash scripts/package-publishable-crates.sh --list-only
npm --prefix website run verify
After publishing, verify every crate, docs.rs page, and standalone example:
bash scripts/verify-published-release.sh 1.0.7