v0.2.0-alpha

Mon, 01 Jan 0001 00:00:00 +0000

v0.2.0-alpha

Release date: 2026-04-04 Status: Pre-release (Alpha)

Summary

Security hardening, 14 bug fixes, and Settlement Service completion. This release resolves all known limitations from v0.1.0-alpha edge-case testing and hardens the API gateway against injection and abuse.

Security Hardening

Account ID validation – rejects Unicode homoglyphs, zero-width characters, SQL/CQL injection attempts. IDs must be ASCII-only, max 128 characters, allowed characters: a-zA-Z0-9_.-:
Amount precision limits – amounts are validated to a maximum of 18 integer digits and 18 decimal digits
Content-Type enforcement – POST endpoints reject non-application/json bodies
Body size limit – reduced from 10 MB to 1 MB to match NATS max payload
Error sanitization – internal error details (NATS, gocql, infrastructure) are never leaked in API responses. Downstream failures return 503 with a safe message.
Error code matching – switched from substring (Contains) to prefix (HasPrefix) matching to prevent partial-match information leaks
Query parameter validation – account_id, amount_min, amount_max, date_from, date_to, and page_token are validated on the transaction query endpoint. Dates must be RFC 3339; amounts must be valid decimals; page tokens are capped at 512 characters.
Pagination cap – page_size is capped at 1000 across all list endpoints

Bug Fixes

KMS DEK cache pointer aliasing – callers could mutate the shared cached DEK entry; now returns a copy
NATS health check was a no-op – readiness endpoint always reported NATS as healthy; now wired to actual connection status via IsConnected()
Unnecessary ALLOW FILTERING – removed from partition-key-only ScyllaDB queries (GetTokenBySymbol, ListBalancesForAccount); added secondary indexes for txn_id, symbol, and account_id
GetTransaction full-table scan – created a secondary index on transactions(txn_id) to replace ALLOW FILTERING
NFT InsertInstance not idempotent – now uses IF NOT EXISTS (LWT); duplicate mints return an error instead of silently succeeding
NFT class duplicate name – returns 409 Conflict instead of 500 Internal Server Error
Shard consumer unbounded goroutines – per-account processing goroutines are now capped with a CPU-bound semaphore
Status batch update not retried – added 3-attempt retry with 100ms backoff for status persistence
Shard retry returned 404 – changed to 503 shard_unavailable during ownership flux (404 is reserved for genuinely non-existent accounts)
Shard pool size – increased from 4 to 16 connections per shard session
Debit from zero balance – no longer loops indefinitely; the transaction is acked and marked as failed
Missing RPC handlers – added handlers for RPC.account.query.transactions, attestation RPCs, and storage metrics

Settlement Service

The Settlement Service is no longer a skeleton. It now provides:

v0.1.0-alpha

Mon, 01 Jan 0001 00:00:00 +0000

v0.1.0-alpha

Release date: 2026-04-03 Status: Pre-release (Alpha)

Summary

Initial alpha release of the Sankofa Engine — a sharded, privacy-preserving financial ledger engine for digital assets.

Features

Core Ledger

Sharded transaction processing with FNV-1a hash-based routing
Block-based transaction batching with in-memory balance cache
SHA-256 audit hash chain per account
ECDSA P-256 signed transaction receipts
Exactly-once processing via NATS JetStream deduplication and idempotency keys

Multi-Asset Support

Fungible token registration, minting, burning, and transfer
NFT class registration, instance minting, transfer, burn, and provenance tracking

Privacy & Compliance

AES-GCM-256 envelope encryption with KMS-derived keys
Zero-knowledge proof generation: proof-of-liabilities, proof-of-provenance, proof-of-compliance
Proof verification endpoint
Asset attestation support

API

REST API via Fiber v3 with JWT authentication
ECDSA P-256 transaction signing for self-custody model
RFC 7807 Problem Details error format
Casbin v2 RBAC authorization

Infrastructure

8 microservices: API Gateway, Shard Worker, Shard Orchestrator, Projection, Compliance, Settlement, Archival, DevCtl
Kubernetes-native deployment with HPA, health probes, network policies
ScyllaDB (ledger), PostgreSQL (projections), NATS JetStream (messaging), OpenBao (key management)
Hot/cold tier archival with configurable retention policies

Known Issues

OpenBao KMS service integration is in progress
ZKP backend is placeholder — proof generation logic is stubbed
Durable Local Queue (NATS failover buffer) is not implemented — messages published while NATS is disconnected will be lost until reconnection

Dependencies

Go 1.25+
ScyllaDB 6.2
PostgreSQL 16
NATS 2.11+ with JetStream
OpenBao (Vault fork)

Breaking Changes

None — initial release.

Changelog on Sankofa Engine Documentation

v0.2.0-alpha

v0.2.0-alpha

Summary

Security Hardening

Bug Fixes

Settlement Service

v0.1.0-alpha

v0.1.0-alpha

Summary

Features

Core Ledger

Multi-Asset Support

Privacy & Compliance

API

Infrastructure

Known Issues

Dependencies

Breaking Changes