v0.3.0 Release Notes¶

Release Date: 2026-03-14

CoreForge v0.3.0 introduces vendor-agnostic observability through OmniObserve integration, a SaaS marketplace with Stripe billing, and Redis-backed rate limiting. This release also adds OAuth client management and CoreAuth provider abstraction.

Highlights¶

Vendor-agnostic observability with OmniObserve supporting Datadog, New Relic, Dynatrace, and OTLP backends
SaaS marketplace infrastructure with Stripe subscription management and seat-based licensing
Redis-backed rate limiting with sliding window and token bucket algorithms
OAuth client management and provider abstraction for CoreAuth

What's New¶

Observability Integration¶

A complete observability package wrapping OmniObserve for vendor-agnostic telemetry:

Provider-agnostic API supporting OTLP, Datadog, New Relic, and Dynatrace
HTTP middleware for automatic request tracing and metrics
slog integration with trace context injection
Pre-defined metrics for CoreAuth and rate limiting
Zero-config defaults with environment variable configuration

Marketplace¶

A SaaS marketplace implementation with Stripe integration:

Listing entity for marketplace products with tiers and pricing
Subscription management with Stripe webhook handling
License model supporting per-seat and usage-based billing
SeatAssignment for managing user access to subscriptions
Stripe SDK v82 integration for payment processing

Rate Limiting¶

Production-ready rate limiting infrastructure:

CoreAPI package with policy-based rate limit controls
Redis backend for distributed rate limiting
Sliding window algorithm for accurate request counting
Token bucket algorithm for burst handling
Middleware integration with session context

OAuth Client Management¶

Enhanced OAuth client capabilities:

OAuth client service in identity/oauthclient package
Provider abstraction for pluggable CoreAuth backends
Federation handlers with improved context handling
JWT enhancements with audience and issuer validation

Session Improvements¶

Session and middleware enhancements:

Context utilities for session data access
Improved middleware composition patterns
Enhanced JWT claims with standard claim validation

Installation¶

go get github.com/grokify/coreforge@v0.3.0

Quick Start: Observability¶

package main

import (
    "github.com/grokify/coreforge/observability"
    _ "github.com/plexusone/omniobserve/observops/otlp"
)

func main() {
    obs, err := observability.New(observability.Config{
        Provider:    "otlp",
        ServiceName: "my-service",
        Version:     "1.0.0",
        Endpoint:    "localhost:4317",
    })
    if err != nil {
        panic(err)
    }
    defer obs.Shutdown(context.Background())

    // HTTP middleware for automatic tracing
    handler := obs.Middleware()(mux)

    // slog with trace context
    slog.SetDefault(slog.New(obs.NewSlogHandler()))
}

Quick Start: Marketplace¶

package main

import (
    "github.com/grokify/coreforge/marketplace"
)

func main() {
    svc := marketplace.NewService(entClient, marketplace.Config{
        StripeKey:       os.Getenv("STRIPE_SECRET_KEY"),
        WebhookSecret:   os.Getenv("STRIPE_WEBHOOK_SECRET"),
    })

    // Create a listing
    listing, err := svc.CreateListing(ctx, marketplace.CreateListingInput{
        Name:        "Pro Plan",
        Description: "Full access to all features",
        PriceMonthly: 4999, // $49.99
        SeatLimit:   10,
    })
}

Quick Start: Rate Limiting¶

package main

import (
    "github.com/grokify/coreforge/session/ratelimit"
    "github.com/redis/go-redis/v9"
)

func main() {
    redisClient := redis.NewClient(&redis.Options{
        Addr: "localhost:6379",
    })

    limiter := ratelimit.NewRedisLimiter(redisClient, ratelimit.Config{
        Limit:  100,
        Window: time.Minute,
    })

    // Use as middleware
    handler := ratelimit.Middleware(limiter)(nextHandler)
}

New Packages¶

Package	Description
`observability`	OmniObserve wrapper with HTTP middleware and slog integration
`marketplace`	SaaS marketplace with Stripe billing and seat licensing
`coreapi`	CoreAPI rate limiting with policy-based controls
`session/ratelimit`	Redis-backed rate limiter with multiple algorithms
`identity/oauthclient`	OAuth client management service

New Ent Entities¶

Entity	Description
`License`	Software license with expiry and seat limits
`Listing`	Marketplace product listing with tiers
`Subscription`	User subscription with Stripe integration
`SeatAssignment`	Seat allocation for subscriptions

Dependencies¶

OmniObserve v0.8.0 - Unified observability with HTTP middleware
Stripe Go SDK v82 - Payment processing
Redis Go Client v9 - Rate limiting backend

Environment Variables¶

# Observability
OBSERVABILITY_PROVIDER=otlp     # otlp, datadog, newrelic, dynatrace
OBSERVABILITY_ENDPOINT=localhost:4317
OBSERVABILITY_API_KEY=          # Required for datadog/newrelic

# Marketplace
STRIPE_SECRET_KEY=sk_...
STRIPE_WEBHOOK_SECRET=whsec_...

# Rate Limiting
REDIS_ADDR=localhost:6379
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60s

Documentation¶

What's Next¶

Future releases will include:

Prometheus metrics-only provider
llmops + observops correlation for LLM applications
Cedar authorization provider
WebAuthn hardware security key binding
Audit logging for observability