release: v0.10.0 - Leader-Follower Replication, Event-Sourced Metadata & Control Plane v2

## Core: Leader-Follower Replication
- WAL-based replication with async/semi-sync/sync modes
- WAL shipper (leader) and WAL receiver (follower) over TCP
- allsource-sentinel binary for automated failover
- Read-only middleware for follower nodes (HTTP 409 on writes)
- Internal promote/repoint endpoints for sentinel-driven failover
- 11 new Prometheus metrics for replication monitoring
- Parquet snapshot catch-up for followers behind WAL range

## Core: Event-Sourced System Metadata
- SystemMetadataStore: separate WAL-backed store for _system.* events
- SystemBootstrap: 4-stage initialization with first-boot tenant creation
- Event-sourced repositories for tenants, audit, and config
- Core now dogfoods its own event store for operational metadata
- Eliminates PostgreSQL dependency for Core's internal state

## Control Plane: Full Clean Architecture
- 31 use cases (tenant CRUD, policy RBAC, operations, schemas, audit, config)
- PostgreSQL persistence layer with migrations
- Typed Core API client for snapshots, compaction, replay, schemas
- JWT auth, async audit logging, policy engine middleware
- Routes expanded from ~8 to 40+ with per-route RBAC

## Query Service: Replication-Aware Routing
- CoreHealthChecker GenServer polling node health via ETS
- Write-to-leader / read-from-followers routing with round-robin
- ConsistencyRouting plug (X-Consistency: strong header)
- Internal endpoint for sentinel failover notifications

## MCP Server: 36 New Tools
- Operational: compact_storage, backup_create/restore, health_deep, wal_status
- Multi-tenancy: tenant CRUD, quotas, suspend, export
- Schema: register, validate, migrate, infer, diff
- Analytics: cohort, correlation, forecast, churn, LTV
- Developer: generate_client, mock_events, debug/benchmark_query

## Web Dashboard
- Real metrics polling (replaced simulated data)
- Live billing API integration
- Privacy Policy and Terms of Service pages

## Infrastructure
- Rust edition 2024 with workspace dependencies
- Release automation (release-plz + git-cliff)
- All CI quality gates pass (clippy, fmt, tests, credo, dialyzer)
- Version consistency across all 6 services

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: decebal

.github/workflows/ci.yml

@@ -199,7 +199,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.13"
+          go-version: "1.25.6"
           cache-dependency-path: apps/control-plane/go.sum
 
       - name: Download dependencies

.github/workflows/release-plz.yml

@@ -0,0 +1,30 @@
+name: Release-plz
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  release-plz:
+    name: Release-plz
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@nightly
+
+      - name: Run release-plz
+        uses: release-plz/action@v0.5
+        with:
+          command: release-pr
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

.github/workflows/release.yml

@@ -244,7 +244,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.13"
+          go-version: "1.25.6"
           cache-dependency-path: apps/control-plane/go.sum
 
       - name: Build

.github/workflows/security.yml

@@ -59,7 +59,7 @@ jobs:
         if: matrix.name == 'go'
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.13"
+          go-version: "1.25.6"
           cache-dependency-path: apps/control-plane/go.sum
 
       - name: Go vulnerability check
@@ -110,7 +110,7 @@ jobs:
         if: matrix.language == 'go'
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.13"
+          go-version: "1.25.6"
           cache-dependency-path: apps/control-plane/go.sum
 
       - name: Build Go
@@ -192,7 +192,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.24.13"
+          go-version: "1.25.6"
           cache-dependency-path: apps/control-plane/go.sum
 
       - name: Install go-licenses

CLAUDE.md

@@ -0,0 +1,78 @@
+# CLAUDE.md — AllSource Chronos Monorepo
+
+## Critical: Architecture Facts
+
+**AllSource Core IS the database.** It is a purpose-built Rust event store with full durability:
+- **WAL** (Write-Ahead Log): CRC32 checksums, configurable fsync (default 100ms), crash recovery
+- **Parquet**: Columnar persistence with Snappy compression, periodic flush
+- **DashMap**: In-memory concurrent map for 11.9μs queries and 469K events/sec throughput
+
+**DO NOT** describe Core as "in-memory only", "dumb", "not production-ready", or claim "data is lost on restart." Event data is durable. Only Core's user/tenant metadata (a separate concern) is in-memory — and that responsibility belongs to the Query Service, not Core.
+
+**DO NOT** suggest storing events in PostgreSQL. PostgreSQL is for operational metadata only (users, tenants, API keys, billing). The correct way to improve Core's availability is through Core replication (leader-follower, WAL shipping) — not by adding another database.
+
+## Repository Structure
+
+```
+apps/
+  core/           — Rust event store (AllSource Core)
+  query-service/  — Elixir/Phoenix API gateway (auth, billing, routing to Core)
+  web/            — Next.js frontend dashboard
+  mcp-server-elixir/ — Elixir MCP server (separate from Rust MCP Docker binary)
+docs/
+  proposals/      — Design proposals (e.g., CORE_REPLICATION_DESIGN.md)
+  current/        — Current architecture docs
+```
+
+## Service Architecture
+
+```
+Clients → Query Service (Elixir, port 3902) → Core (Rust, port 3900)
+               |                                    |
+          PostgreSQL                          WAL + Parquet + DashMap
+          (users, tenants,                    (events, projections,
+           API keys, billing)                  snapshots, schemas)
+```
+
+- **Core** = the database. Source of truth for all event data.
+- **Query Service** = API gateway. Source of truth for users, tenants, billing.
+- **PostgreSQL** = operational metadata only. Never for events.
+
+## Core API
+
+All Core endpoints use the `/api/v1/` prefix. Key endpoints:
+- `POST /api/v1/events` — ingest event (returns 200, not 201)
+- `GET /api/v1/events/query` — query events (returns `{"events": [...], "count": N}`)
+- `GET /api/v1/projections` — list projections (returns `{"projections": [...], "total": N}`)
+- `GET /api/v1/snapshots` — list snapshots
+- `GET /api/v1/schemas` — list schemas
+- `GET /health` — health check (note: root path, not /api/v1/health)
+- `GET /metrics` — Prometheus metrics
+
+Core wraps responses in maps (`{"events": [...]}`, `{"projections": [...]}`). The Query Service's RustCoreClient unwraps these before passing to controllers.
+
+## Query Service Config
+
+- `CORE_URL` — Core connection URL (not RUST_CORE_URL — clean env var names, no implementation details)
+- `CORE_WS_URL` — Core WebSocket URL for real-time streaming
+- Config key in Elixir: `:core_url` (not `:rust_core_url`)
+
+## Docker Stack
+
+Defined in the wallet project: `/Users/decebaldobrica/Projects/alphaSigmaPro/wallet/docker/docker-compose.allsource.yml`
+
+Services on `supabase_network_alpha-sigma-pro`:
+- `allsource-core-leader` (port 3280 → 3900, replication on 3910)
+- `allsource-core-follower-1` (port 3281 → 3900)
+- `allsource-core-follower-2` (port 3282 → 3900)
+- `allsource-query-service` (port 3283 → 3902)
+- `allsource-mcp` (port 3904)
+
+Building Docker on Apple Silicon: native arm64 only — QEMU cross-compilation to linux/amd64 fails on Erlang NIF.
+
+## Scaling Strategy
+
+See `docs/proposals/CORE_REPLICATION_DESIGN.md`:
+- Leader-follower replication via WAL shipping
+- Query Service routes writes to leader, reads round-robin across followers
+- No Raft, no PostgreSQL in the event path, no multi-leader

Cargo.lock

@@ -1,6 +1,88 @@
 [workspace]
-resolver = "2"
-members = [
-    "apps/core",
-    "tooling/performance",
-]
+resolver = "3"
+members = ["apps/core", "tooling/performance"]
+
+[workspace.dependencies]
+
+# Security & Crypto
+aes-gcm = "0.10"
+# Internal crates
+allsource-core = { path = "apps/core" }
+
+# Error handling
+anyhow = "1.0"
+argon2 = "0.5"
+
+# Data / Arrow / Parquet
+arrow = { version = "53.4", features = ["ipc", "json"] }
+arrow-flight = "53.4"
+async-trait = "0.1"
+
+# Web framework
+axum = { version = "0.8", features = ["json", "ws"] }
+axum-extra = { version = "0.10", features = ["typed-header"] }
+base64 = "0.22"
+bumpalo = { version = "3.16", features = ["collections"] }
+bytes = "1.11.1"
+
+# Common utilities
+chrono = { version = "0.4", features = ["serde"] }
+crc32fast = "1.4"
+
+# Dev / Test
+criterion = "0.5"
+crossbeam = "0.8"
+crossbeam-queue = "0.3"
+ctrlc = "3.4"
+
+# Storage & Concurrency
+dashmap = "6.1"
+datafusion = "44.0"
+
+# Optional features
+fastembed = { version = "4" }
+
+# Compression
+flate2 = "1.0"
+futures = "0.3"
+http = "1.0"
+instant-distance = { version = "0.6" }
+jsonschema = "0.40"
+jsonwebtoken = "9.3"
+lz4 = "1.28"
+parking_lot = "0.12"
+parquet = { version = "53.4", features = ["arrow", "async"] }
+prometheus = "0.14"
+rand = "0.9"
+rocksdb = { version = "0.24" }
+
+# Serialization
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+sha2 = "0.10"
+simd-json = "0.17"
+sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "postgres", "json", "chrono", "uuid"] }
+tantivy = { version = "0.22" }
+tempfile = "3.23"
+testcontainers = "0.23"
+testcontainers-modules = { version = "0.11", features = ["postgres"] }
+thiserror = "2.0"
+time = "0.3.47"
+
+# Async runtime
+tokio = { version = "1.48", features = ["full"] }
+tokio-stream = "0.1"
+toml = "0.8"
+tower = "0.5"
+tower-http = { version = "0.6", features = ["cors", "trace"] }
+
+# Observability
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+uuid = { version = "1.19", features = ["v4", "serde"] }
+
+[profile.release]
+codegen-units = 1
+lto = true
+opt-level = 3
+strip = true

Cargo.toml

@@ -14,7 +14,8 @@ version: "0.9.1"
 [![Rust Core](https://img.shields.io/badge/Rust%20Core-v0.9.0-green.svg)](apps/core/)
 [![Go Control Plane](https://img.shields.io/badge/Go%20Control%20Plane-v0.9.0-blue.svg)](apps/control-plane/)
 [![Elixir Query Service](https://img.shields.io/badge/Elixir%20Query-v0.9.0-purple.svg)](apps/query-service/)
-[![MCP Server](https://img.shields.io/badge/MCP%20Server-27%20Tools-orange.svg)](apps/mcp-server-elixir/)
+[![MCP Server](https://img.shields.io/badge/MCP%20Server-43%20Tools-orange.svg)](apps/mcp-server-elixir/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 
 High-performance event sourcing platform with distributed architecture and AI-native tooling.
 
@@ -59,7 +60,7 @@ docker pull ghcr.io/all-source-os/allsource-web:0.9.0
 
 ## Project Status
 
-### Current Release: v0.9.0 (February 2026)
+### Current Release: v0.9.1 (February 2026)
 
 **Rust Core**
 - Event store with 469K events/sec throughput
@@ -83,13 +84,14 @@ docker pull ghcr.io/all-source-os/allsource-web:0.9.0
 - WebSocket channels for real-time updates
 - Prometheus metrics and APM integration
 
-**MCP Server (27 Tools)**
+**MCP Server (43 Tools)**
 - AI-native interface via Claude Desktop
-- **Event Management Tools**: delete, archive, restore, export, import, clone, merge, split
-- **Query Tools**: advanced queries, time series, funnel analysis, anomaly detection
-- **Projection Tools**: create, query, list materialized views
+- **Core Tools** (19): queries, time series, funnel analysis, anomaly detection, projections, schemas, snapshots
+- **Event Management** (8): delete, archive, restore, export, import, clone, merge, split
+- **Operational** (10): storage compaction, WAL status, backups, deep health checks, performance reports, audit logs
+- **Tenant Management** (6): create, update, usage, quotas, suspend, export
 - Dry-run preview mode and audit trails on all operations
-- 309 tests passing
+- 429 tests passing
 
 **Web Dashboard**
 - Modern login/signup with OAuth (Google, GitHub)
@@ -192,22 +194,25 @@ cd apps/mcp-server-elixir && mix test
 
 ## Roadmap
 
-### Completed (v0.9.0)
-- Event Management Tools (8 new tools)
-- Web dashboard UX improvements
+### Completed (v0.9.1)
+- 43 MCP tools (19 core + 8 event management + 10 operational + 6 tenant)
+- Event Management Tools (delete, archive, restore, export, import, clone, merge, split)
+- Operational Tools (storage, WAL, backups, health, performance, audit)
+- Tenant Management Tools (CRUD, usage, quotas, suspend, export)
+- Web dashboard with OAuth, onboarding, billing UI
 - Consistent versioning across all services
 - OpenAPI specification for Query Service
 - WebSocket channels and real-time updates
 
 ### In Progress
-- SaaS launch preparation
-- Multi-region deployment
-- Enhanced analytics and reporting
+- SaaS launch (self-service signup, billing integration)
+- Core WAL-based replication (leader-follower)
+- Go Control Plane PostgreSQL migration
 
 ### Planned
-- GraphQL API layer
 - Event sourcing SDK for popular languages
-- Self-service onboarding flow
+- Multi-region deployment
+- GraphQL API layer
 
 **Detailed Roadmaps**:
 - [SaaS Launch Roadmap](docs/roadmaps/SAAS_LAUNCH_ROADMAP.md)
@@ -254,5 +259,5 @@ make bump-version      # Interactive bump
 
 ---
 
-**Last Updated**: February 11, 2026
-**Version**: v0.9.0
+**Last Updated**: February 12, 2026
+**Version**: v0.9.1

README.md

@@ -6,7 +6,7 @@
 # No shell, no package manager, no unnecessary utilities
 # =============================================================================
 
-ARG GO_VERSION=1.24.13
+ARG GO_VERSION=1.25.6
 
 # =============================================================================
 # Stage 1: Build
@@ -73,6 +73,9 @@ WORKDIR /app
 # distroless:nonroot runs as UID 65534 by default
 COPY --from=builder /app/control-plane /app/control-plane
 
+# Copy migration files for database setup on startup
+COPY --from=builder /app/internal/infrastructure/database/migrations /app/migrations
+
 # Expose metrics and API port
 EXPOSE 8080
 

apps/control-plane/Dockerfile

@@ -103,8 +103,8 @@ func RoleHasPermission(role entities.Role, perm entities.Permission) bool {
 // AuthMiddleware validates JWT tokens and adds auth context to requests
 func AuthMiddleware(authClient *AuthClient) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// Skip auth for health endpoints
-		if c.Request.URL.Path == pathHealth || c.Request.URL.Path == pathMetrics {
+		// Skip auth for health endpoints and public cluster health
+		if c.Request.URL.Path == pathHealth || c.Request.URL.Path == pathMetrics || c.Request.URL.Path == "/api/v1/cluster/health" {
 			c.Next()
 			return
 		}
@@ -134,6 +134,8 @@ func AuthMiddleware(authClient *AuthClient) gin.HandlerFunc {
 
 		// Store in context
 		c.Set("auth", authCtx)
+		c.Set("auth_role", authCtx.Role)      // Separate key for cross-package access
+		c.Set("auth_user_id", authCtx.UserID) // Separate key for cross-package access
 		c.Next()
 	}
 }