Leo Blöcher

This commit introduces a **new feature** to the **`foundations::settings` module** by adding the `MaybeExternal` enum and associated helper functions. This new mechanism allows configuration values to be **deserialized from external sources**, such as environment variables or files, rather than being solely defined within the application's configuration. It provides utility functions like `load_from_env` and `deserialize_from_file` to facilitate this process, encapsulated within the new `foundations::settings::external` submodule. This enhancement significantly improves the flexibility and security of configuration management by enabling the **externalization of sensitive or dynamic settings**.

This commit introduces a **new security capability** by adding `Secret` and `RawSecret` wrappers within the **`foundations` crate's `settings` module**. These new types are designed to **protect sensitive string and byte array values** from accidental exposure by implementing `Zeroize` and `ZeroizeOnDrop`, ensuring their memory is securely zeroed out when no longer needed. This enhancement, which integrates the `zeroize` crate, significantly improves the application's **security posture** by providing a robust mechanism for handling confidential configuration data. It affects how sensitive data is stored, serialized, and deserialized, preventing data remnants in memory.

This commit **updates the `foundations` library's crate-level documentation** by adding comprehensive details for the newly introduced **`ratelimit` feature**. It provides essential information for developers on how to use and configure the rate limiting capabilities within the library. This is a **documentation update** that enhances the discoverability and usability of a core feature within the `foundations` module, ensuring users can effectively leverage the new functionality.

This commit performs a **refactoring** to standardize the clock source used by various rate limiters within the **telemetry** and **Sentry error reporting** subsystems. Specifically, it updates the rate limiters for **logging**, **tracing**, and the **Sentry hook** to utilize `DirectRateLimiter` in conjunction with `StaticQuantaClock`. This change ensures a consistent and potentially more reliable time source for rate limiting, improving the predictability of observability data flow. Additionally, the `foundations/Cargo.toml` dependencies are updated to reflect the new `ratelimit` crate usage, making this a **dependency update** alongside the refactor.

This commit performs a significant **refactoring** of the **rate limiting subsystem** within the `foundations` crate, primarily by replacing the `governor` crate's default clock with a new `StaticQuantaClock`. This change **optimizes memory usage and cache locality** by allowing a single clock instance to be shared across all rate limiters. Additionally, the `ratelimit!` macro and related logic are **reorganized** into a dedicated `ratelimit` module for improved code structure and maintainability. The update also introduces `crossbeam-utils` as a new dependency to support the optimized clock implementation, ultimately enhancing the **performance and organization** of rate limiting without altering its public API.

This commit **introduces a new capability** by adding **configurable rate limiting for Sentry events** within the `foundations` crate. It integrates `governor` and `ratelimit` dependencies to control the submission of Sentry events, primarily affecting the **Sentry integration module**. The core logic in `foundations/src/sentry/hook.rs` now extracts event fingerprints to apply rate limits, and a new `SentrySettings` struct allows for custom configuration via `install_hook_with_settings`. This enhancement prevents Sentry from being overwhelmed by a high volume of similar events, improving the stability and resource efficiency of error reporting.

This commit introduces a **new capability** by adding a special `ratelimit=` syntax to the existing **logging macros** within the `foundations` crate's `telemetry` subsystem. This enhancement allows developers to conveniently define rate-limited log messages directly within calls to macros like `__error`, `__warn`, and `__info`. The new syntax supports a simplified `rate / time unit` invocation, making it easier to control log output frequency. This **feature addition** streamlines the process of adding rate limiting to logs, improving clarity and reducing boilerplate.

This commit introduces a **new `ratelimit!` utility macro** within the **`foundations` crate**, enabling ad-hoc, in-place rate limiting of arbitrary expressions. This **new feature** is implemented in `foundations/src/utils.rs` and is conditionally available via a new **`ratelimit` feature flag** in `Cargo.toml`, which also pulls in the `governor` dependency. The macro is exported from `foundations/src/lib.rs` and is particularly useful for applying quick, unshared rate limits to operations like individual log statements. This enhances the `foundations` library by providing a flexible mechanism to control execution frequency for specific code paths, resolving issue #76.

This commit significantly **refactors** the **telemetry logging system's `slog::Drain` setup** and includes a crucial **bug fix** for rate limiting. It resolves an issue where multiple rate limiters were incorrectly instantiated, ensuring a **single global rate limiter** is now applied to the logging output. Additionally, **performance is improved** by optimizing log redaction to skip evaluation when no keys are configured, and the **`DrainExt` trait** is introduced to enhance the readability and modularity of **drain layering**. These changes, including general **refactoring** of drain wrappers and initialization functions like `wrap_root_drain`, lead to a more robust, performant, and maintainable **logging infrastructure**.

This commit finalizes the **release of version 5.5.2**, encompassing essential **maintenance** and **documentation updates**. It primarily involves a **chore** to increment the workspace and internal dependency versions within `Cargo.toml` to `5.5.2`. Concurrently, the `RELEASE_NOTES.md` file is updated to document the changes included in this version, notably highlighting improved **`serde` deserialization support** by allowing `serde(default)` attributes without an explicit path. This release provides users with the latest features and bug fixes, streamlining development workflows, especially for those leveraging `serde` for data handling.

This commit **enhances the `foundations-macros` crate** by restoring support for `#[serde(default)]` attributes on struct fields without requiring an explicit path, a capability that was lost in a previous implementation. It modifies the `settings` macro in `foundations-macros/src/settings.rs` to correctly parse and apply default values during deserialization by utilizing `darling::util::Override`. This **bug fix** ensures that `serde`'s default mechanism works as expected for fields lacking an explicit default function. A **regression test** has been added in `foundations/tests/settings.rs` to validate this functionality and prevent future regressions.

This commit **prepares for the 5.5.1 release** by performing essential **maintenance** and **documentation** updates. It bumps the workspace package and internal dependency versions to `5.5.1` within `Cargo.toml`, ensuring all components reflect the new release. Concurrently, **release notes** are added to `RELEASE_NOTES.md`, specifically detailing a **fix related to `serde` argument parsing**, providing users with crucial information about this new stable version.

This commit **fixes a regression** in the `foundations-macros` crate where `#[settings]` attribute processing silently ignored unknown `darling` attributes, leading to incorrect `Default` implementations. To resolve this, the `SerdeArgs` parsing logic in `settings.rs` is updated to **allow unknown fields** and **propagate parsing errors**, making future debugging easier. This **bug fix** ensures that `#[settings]`-derived `Default` implementations behave as expected, with updated tests in `foundations/tests/settings.rs` verifying the corrected behavior.

This commit officially **releases version 5.5.0** of the project, marking a new stable milestone. It performs a **version bump** across the entire workspace by updating the package version and all corresponding internal dependency versions within `Cargo.toml`. Concurrently, comprehensive **release notes** are added to `RELEASE_NOTES.md`, detailing the various updates, features, and improvements included in this new version. This **maintenance** task ensures proper project versioning and provides essential documentation for users and contributors.

This commit **updates the project's dependency license policy** by **expanding the list of explicitly allowed open-source licenses**. Specifically, it adds Zlib, 0BSD, BSD-2-Clause, and Apache-2.0 WITH LLVM-exception to the `deny.toml` configuration file. This **maintenance chore** ensures that a broader range of common and uncontroversial licenses are recognized as permissible, **streamlining future dependency integration** and reducing potential compliance blockers.

This commit performs a **dependency upgrade** for several internal crates, including `darling`, `governor`, `rand`, and `socket2`, primarily to **avoid duplicate or conflicting versions** across the project. As part of this **maintenance chore**, the **`foundations` module**'s **telemetry tracing subsystem** required a minor **refactoring**. Specifically, the `rand` crate import in `foundations/src/telemetry/tracing/internal.rs` was updated from `rand::Rng` to `rand::RngExt as _` to align with the new API. This ensures overall dependency consistency and compatibility within the codebase.

This commit **updates the documentation** for the **`security` feature** within the `foundations` crate, specifically in `foundations/src/lib.rs`. It now explicitly mentions the **`libclang-dev` system dependency** that is required when `bindgen` is used as part of this feature's build process. This **documentation update** serves as a **maintenance** task, improving the developer experience by providing crucial setup information and preventing potential build failures or confusion for users enabling the `security` feature.

This commit introduces a **regression test** to verify the correct handling of **doc comments** on **flattened members** within structs. It adds a new `FlattenedStruct` definition and a `flattened_doc_comments` test case in `foundations/tests/settings.rs` to specifically check this behavior. A corresponding YAML test data file, `foundations/tests/data/settings_flattened_struct.yaml`, is also included to provide the necessary test configuration. This **test enhancement** ensures the robustness of the **`foundations` library's settings parsing** and metadata extraction for complex struct configurations, preventing future regressions in this area.

This commit **fixes a bug** in the **`foundations-macros` crate** by **correctly forwarding doc comments for flattened struct members**. Previously, the path used to look up doc comments for `serde(flatten)` fields incorrectly included the member's name, causing a mismatch with the YAML output. The change in `settings.rs` now treats flattened members as a special case, ensuring their documentation is accurately associated. This **improves the reliability and accuracy of generated documentation** for configurations that utilize flattened `serde` structs.

This commit **optimizes the Continuous Integration (CI) pipeline** by updating the **`cargo-deny` workflow** defined in `.github/workflows/ci.yml`. It ensures that dependency security checks are performed using the **latest stable Rust toolchain** and **streamlines the CI process** by removing redundant Rust installation steps. This **maintenance improvement** enhances the efficiency and reliability of the build system, as the `cargo-deny-action` utilizes its own dedicated Docker image, making separate Rust installations unnecessary.