openradtool | application source generator

This is a log of all openradtool (née kwebapp) releases. The Atom feed or GitHub may also be used to keep track of new versions programmatically.

2024-08-31: version 0.14.1

Modernise outputted ort-javascript(1). Stipulate that any calling environments should be compatible with ES2021, altough in reality, ES6 should be fine. Tested against the latest versions of Typescript and the dependent ecosystem.

No longer use basic crypt(3) for password encryption. Now require crypt_newhash(3) (or function with similar signature) and family, which use Blowfish encryption. This isn't available by default on Linux, but is available in oconfigure, which is now used for regression tests of said functionality.

No longer bundle a copy of b64_ntop. This is part of most systems, and oconfigure (or equivalent) may be used for compatible functions.

Various fixes for ort-nodejs(1), from pull/2257. This is still experimental and lacks validation.
2021-10-25: version 0.14.0

Add initial Rust output. This is still experimental and lacks validation.

Fix how ort-nodejs(1) was handling passwords. Searching on password fields would prior to this have failed unilaterally. Password operations (querying, updating, etc.) are now all enforced by regression tests.

Improve the ort-nodejs(1) exception handling for inserts and updates. It now passes through specific constraint errors instead of catching the entire exception. Moreover, the exception handler is now documented in the manual, as its documentation is very spotty in better-sqlite3. All of these are now checked in the regression suite.

Fix how ort-c-source(1) would produce invalid C code for nested null references.
2021-09-27: version 0.13.9

Add epoch types (date and epoch) to the safe typing regime. This does not change non-safe-typing applications except to add aliases.
2021-07-27: version 0.13.8

Tighten up code produced by ort-c-source(1) in having the correct type for some enumeration and casting to avoid spurrious warnings raised by -Weverything.

Fix output of ort-javascript(1) when using the -value-checked and -value-selected classes.
2021-07-18: version 0.13.7

SQL change: indexes are now output as unique_strct__field1_field2 instead of unique_field1_field2. This prevents multiple structures with the same unique field(s) from having the same index name. This only changes the name of the index, so existing indexes won't be affected. However, if removing a unique statement, the corresponding index won't be removed as the name won't be found. New indexes won't clobber any existing ones because of the prefix style.
2021-07-17: version 0.13.6

Change parser behaviour: no longer allow for queries of the same name within a structure. Prior to this, the rule was that query names must be unique within the query type (e.g., iterate).

The reason for this change is to reflect how the code actually operates a bit better.
2021-07-12: version 0.13.5

Export bitfields as enumerations in ort-nodejs(1). This makes the Node.js output similar to the C output. While here, perform various cleanups to the documentation.

Add more validation for integer types in ort-nodejs(1) validator routines, and also have the blob field return a Buffer. Make sure that high-value bit-fields (e.g., all bits set) aren't discarded by the SQLite3 module with range errors: properly fix them into their signed format before passing into the database.

Lastly, use bigint instead of BigInt in ort-nodejs(1) output. Fix that the export functions were trying to new a string when converting from a Buffer (harmless). Fix type warnings about lastInsertRowid by converting to a string before converting it into a BigInt.
2021-07-08: version 0.13.4

Considerably improve the documentation of the internal Long implementation, which is a utility for the output of ort-javascript(1) to convert and manipulate 64-bit integers without necessarily having BigNum support in the browser. Also make some small fixes to the code.
2021-06-27: version 0.13.3

Introduce safe typing to the output of ort-c-header(1). This affects the API for both data types and operations, and accounts for the common error of type mis-assignment.

For example, with a structure user with a row identifier id and originator foreign key ouserid, searching for the originator user erroneously using id. In prior versions, both id and ouserid were int64_t, which made it easy to use one instead of the other. With safe typing, two new types of user_id and user_ouserid exist, and may not be set to each other without using setter and getter functions.

By default, safe typing is not enabled and types may be mixed. To ease transitioning between safe and un-safe types, the setter and getter functions are emitted for both forms, and (for example) user_id is also emitted for un-safe typing as a simple alias for int64_t, so existing code need not be modified.

Safe types are still a work in progress, with the implementation not quite finalised until the next minor release.
2021-06-09: version 0.13.2

Minimal change to the ort(3) API in exporting the full chain of fields in each sub-field referencing component of searches (distinct, aggregate, etc.). This is informative, and currently only used in ort-json(1) and ort_lang_json(3).
2021-06-08: version 0.13.1

Minimal change to the ort(3) API in exporting the full chain of fields in each query component. This is informative, and currently only used in ort-json(1) and ort_lang_json(3).
2021-05-21: version 0.13.0

Change the way that ort-sqldiff(1) handles unique fields and unique tuples. Prior to this, these would be output directly into the tables as UNIQUE statements, which unfortunately can't be modified with SQLite after creation.

Now, ort-sqldiff(1) outputs UNIQUE INDEX statements for these components. These can be added and dropped at will, making migration between databases much easier.

This requires a minor version bump and makes ort-sqldiff(1) incompatible between versions, as existing UNIQUE statements may not be shed. Existing databases will need to be dumped and re-inserted.
2021-05-17: version 0.12.12

Add ability to override the namespace name generated by ort_lang_javascript(3). Distribute a ort-version.h header with version information.
2021-05-13: version 0.12.11

Add ability to specify the namespace output by ort_lang_javascript(3) as exported. Distribute a ort-version.h header with version information.
2021-05-06: version 0.12.10

Add significant regression tests to the Node.js validators, normalising their behaviour in some cases. Add ability to break apart ort-nodejs(1) output into multiple files.
2021-05-04: version 0.12.9

Add validation routines to ort-nodejs(1) and ort_lang_nodejs(3). These use the validator.js system for validation.
2021-04-29: version 0.12.8

Re-write internals of auditing system. These now use the internal ort_audit(3) function. The output of ort-audit(1) has been formalised and is now documented (it differs from the prior output).

Formalise the output of ort-audit-json(1) and include the count operation in its output. For coherence with the program name, output straight-up JSON and have a flag -s for wrapping the object in JavaScript.

Rename ort_diff_free to ort_diffq_free(3) for consistency.

Remove ort-audit-gv, which isn't really useful.
2021-04-17: version 0.12.7

Add callback mechanism to ort-json.ts.
2021-04-10: version 0.12.6

Release >ort-c-manpage(1) and its libray bits, >ort_lang_c_manpage(3).
2021-04-02: version 0.12.5

Add some new methods to the generated ort.Long output with ort-javascript(1) to make it easier for front-ends to work with 64-bit integers. Add regression tests for these.

Start work on a ort-c-manpage (not yet released) that will allow a C API to be output as a mdoc(7) document. I personally use this because it makes scanning for functions faster than looking in the header files.
2021-03-28: version 0.12.4

Regression tests for internal JavaScript (ortJson.Long) functions. No change to code, but adding or and some documentation. Also relax some needless constraints in ort-json.ts.

Fix a bug in ort-sqldiff(1) where struct fields were considered SQL columns.
2021-03-24: version 0.12.1

A number of improvements to the ort-json.ts machinery. Probably not going to change any normal usage.
2021-03-20: version 0.12.0

Introduce a significant change where names in ort(5) configurations are internally converted to lowercase. This means that all output will use the lowercase versions of the read names, which affects APIs.

Why is this a good idea? Largely because it keeps APIs consistent with changing (for example) structure names, which is already accepted as not a change because structure names are case insensitive.

It also cleans up some inconsistency where some fields (e.g., roles) were lowercased already, while most (structure names, field names, explicit query naming, etc.) were not.
2021-03-18: version 0.11.18

Install the manual and package configuration for ort_lang_javascript(3), which creates TypeScript front-end code. Also tighten down role name case insensitivity and fix serialisation of empty role objects in ort-json.ts.
2021-03-15: version 0.11.16

Tiny changes to speed up TypeScript routines.
2021-03-08: version 0.11.15

Internal API change: pass a msgq directly to the ort_msg(3) family of functions.

Add ort_lang_sql(3) for outputting the SQL schema.

API change: add a msgq to ort_lang_xliff_extract(3), ort_lang_xliff_join(3), and ort_lang_xliff_update(3); and make the configuration const when possible.
2021-02-28: version 0.11.13

Minor fix in handling UTF-8 labels and converting to and from JSON. Have ort-xliff(1) properly handle XML special characters by on-the-fly encoding and decoding, lifting the restriction of not being able to use < in labels.
2021-02-21: version 0.11.12

Fix parsing and writing of limit/offset pairs. Allow parameter-less search statements.
2021-02-13: version 0.11.11

Enable the exported library for ort_lang_nodejs(3). This is still experimental, however.

Fix how null references (a struct to a foreign key that might be null) was handled both in the generated C source and in node.js output. Both failed for different reasons.

Continued work on ort-json.ts.
2021-01-18: version 0.11.10

Relax the constraint where overlapping roles applied to the same operation would error out. Now we merely warn about them.
2021-01-02: version 0.11.10

Include the ability to convert the JSON representation of a configuration as provided by ort-json(1) back into a ort(5). This is part of the ort-json.ts file.
2020-12-28: version 0.11.9

Include a formatter for the JSON representation produced by ort-json(1).
2020-12-24: version 0.11.8

Have ort-diff(1) return a value based upon whether the results are different. This makes it behave like diff(1).

Emit XLIFF content that validates against the strict variant of the specification. This is now used in internal regression testing. All of the XLIFF processing is now well-documented in ort_lang_xliff_extract(3), ort_lang_xliff_join(3), and ort_lang_xliff_update(3).
2020-12-19: version 0.11.7

Enforce that the default action for actup or actdel has either a null field or a default. This prevents the database from defaulting to a null value, which may conflict with the configuration and thus expectations of the code.

Do the same for the nullify action, requiring that the field be null.

Rename some parts of the ort-json(1) TypeScript definitions file. Add in some forgotten fields to the definitions.
2020-12-17: version 0.11.6

Make sure that distinct on a list or iterate correctly declare the required macros in ort-c-header(1). Found by the expanded regression suite.

Fix how grouprow queries, which use LEFT OUTER JOIN, don't prematurely terminate quoted strings. Found by the expanded regression suite.

Fix how empty iterators would cause bad ort-nodejs(1) to be emitted.

Internally, convert front-end utilities to properly emit output to a passed-in file stream instead of assuming stdout. This way, these may be converted into libraries for use within other systems.

Introduce ort-json(1), via ort_lang_json(3), which converts a configuration into JSON. These are still very new, but heavily tested.
2020-12-08: version 0.11.4

Export changes to the roles statement in ort_diff(3) field results. Also add full support for the insert; update and delete; and list, search, and iterate. This completes full difference coverage. All (or near enough) of these differences are encoded in the regression suite.

While doing all this, push plenty of documentation from the header file into ort(3).
2020-12-03: version 0.11.2

Reconsider white-space handling in comments. Prior to this, consecutive white-space collapsed into the first white-space. This was a problem for two reasons: first, Markdown and other common comment formats recognise multiple newlines to separate blocks. More significantly, a CRLF end of line would convert into a blank CR (instead of a LF). Modify the system, thus, to accept comments as-is except for CRLF, which is reduced to LF. This makes diffing much more consistent as well.
2020-11-22: version 0.11.1

Continue adding functionality to ort-diff(1) via ort_diff(3). No functional changes. Enumerations, bit-fields, structure uniques, and structure fields are now fully covered by the interface.
2020-11-13: version 0.11.0

Introduce ort-diff(1), which works off the back of ort_diff(3) in producing the semantic differences between two configurations. This is now being used within ort-sqldiff(1), which has been considerably simplified. The function is still incomplete: it doesn't record all differences. So far, it returns enough to be fully used by ort-sqldiff(1).

While here, fully document all of the transformations possible in ort-sqldiff(1) and also tighten down on some destructive changes (e.g., allowing type changes) in prior versions.

The new difference engine has introduced a significant number of regression tests. The documented transformations of the SQL engine are also now exhaustively tested in the regression suite.
2020-11-04: version 0.10.3

Start installing the ort library. This includes header, library code, manpages, and a pkgconfig.
2020-08-28: version 0.10.2

Bug-fix: make sure that ort-javascript(1) correctly handles numbers and strings when formatting. This was not caught by the regression framework because ts.transpile accepts the type-mangling code while tsc does not. Fixed and added regression tests that force the issue.
2020-08-27: version 0.10.1

Bug-fix: ort-c-source(1) was not generating the internal db_xxxx_fill_r functions in some cases, even though required by query functions.

Document the db_open_logging function in ort-c-header(1).
2020-08-17: version 0.10.0

Major change: integer values are now JSON-serialised as strings intead of numbers. This affects ort-c-header(1)'s JSON export interface, ort-c-header(1)'s JSON import interface, and most importantly, ort-javascript(1)'s typing of integers as string as well as of number.

This change completely necessary because of JavaScript's inability to parse integers with more than 53 bits and the necessity to handle full 64-bit numbers. While JSON can accept arbitrary-precision numbers if used purely as a transport protocol, it's more portable to just use a string encoding.

The only user-facing code this might affect is custom callbacks that perform numeric operations. These functions will now also need to handle string values. This is reflected in the TypeScript type annotations, so any current numeric operations on values passed to these functions should raise errors or at least warnings. There is now a ortns.Long class modelled after Long.js that's also used internally which can perform 64-bit operations.

The code generated by ort-c-header(1) and ort-javascript(1) for working with deserialised data can handle either string or numeric (old-style) values, so new front-ends can work with old back-ends. The reverse is not true.

While the proper (and simpler) way to store integers in ort-javascript(1) would be BigInt, this isn't yet standard across browsers, and would require alternative encoding during transit anyway (JSON doesn't recognise it). The current implementation is portable across all browsers.

Also, and without much of an introduction: ort-nodejs(1). This experimental back-end generator builds a Node.js back-end. This generates an API very similar to that of ort-c-header(1), making it easy to transition between languages. For now, it does not provide comparable security to the C implementation.
2020-08-08: version 0.9.1

Output change: do not have delete statements return a value.

Output change: the output of ort-javascript(1) is now sensitive to fields that are not exported. This applies to fully unexported (i.e., those marked with noexport or passwords) and having optional fields (those not exported per role) to be checked and behaviour if not found documented and regression-tested.

Output change: full support for binary blobs in ort-javascript(1) by using base64 encoding throughout. Those wishing to use the binary data will need to use custom callbacks with (for example) Buffer.from() to convert from base64 to binary.

Considerable improvements to the output of ort-javascript(1) and the documentation itself. This has no functional change, but introduces more TypeScript idioms such as const and readonly.
2020-07-11: version 0.9.0

Output and configuration change: ort-javascript(1) no longer emits the un-documented and hard-coded not given (with the hard-coded notgiven class) for labelling null enumeration values. These are now represented by the isnull label documented in ort(5). This is similar to bit-fields.

Output change: ort-javascript(1) no longer emits JavaScript—only TypeScript as if -t were passed. This is because straight-up JavaScript is just too unsafe. Any consumers of the JavaScript output will now need to use the TypeScript transpiler. This necessitates a minor version bump. Any future JavaScript features will all be TypeScript.

In doing so, use TypeDoc instead of jsdoc.

Split out lots of boilerplate code for ort-javascript(1) into a file pulled in during parse. The location of this boilerplate may be set with -S, just like for ort-c-source(1). This does not affect the behaviour of generated code.

Output change: Use checked="checked" instead of checked="true" (same with selected) for the -value-checked, -bits-checked, and -enum-select class fills generated by ort-javascript(1). This is more standards compliant.

Output change: the undocumented string unset was emitted for bit-fields that don't have corresponding labels when formatted. It is a documented empty string. Also handle missing individual labels and so on.

Add a large regression suite to tests for the behaviour documented in both ort-javascript(1) and the generated documentation.

Be more explicit as to why the > character is not allowed and further disallow empty labels. Clarify the maximum and minimum values for bit-fields and enumerations. (Lift earlier restriction of 32 bits after testing on a variety of machines.)
2020-06-22: version 0.8.16

In the documentation, clarify native, meta, and user-defined types. Clarify that sub-structure references may not be recursive. While there, also add some query examples and clarify the docs for distinct and grouping queries.

Only accept logical operators on integer and bit types.

Allow string and unary operators (and document as such) for grouping queries.

Limit enumerations to 32-bit values and prevent overflow.

When generating validation functions for the C API, don't emit a wrapper function if not emitting limiting code—instead, simply use the kcgi(3) function itself as the validator. This saves on superfluous generated code.

Don't allow count query type to have password equality checks. This never worked, but now we explicitly check for it.

Don't emit db_xxx_fill_r functions if there are no queries that require it. This saves on superfluous generated code that would otherwise raise warnings during compilation.
2020-06-09: version 0.8.15

Bug-fix: if errors occur when parsing files with ort-sqldiff(1), properly return with an error code. Earlier, this was not returning an error code.

Clarify the ort-sqldiff(1) documentation with regard to exactly the cases that cause errors. Create a regression suite to test for this.

Allow for enum fields to have a default type. Allow for password fields to accept isnull or notnull operations.

Remove several fields in ort.h used only by the C front-end, such as the capitalised name of structures. These add moving parts with few discernable benefits.

Complete removal of resolution fields from ort.h. These fields were the superfluous names attached to (for example) upgrade references. Earlier, these were required because the names were resolved after parsing, during the linking phase. A new, safer internal API is used instead. This effort has resulted in a much cleaner API and a significant number of regression tests.
2020-05-18: version 0.8.14

Bug-fix: the grouprow and associated row operation were not being written by ort(1).

Bug-fix: the order type was not being written by ort(1).

Bug-fix: the distinct keyword on the local structure was not being printed properly by ort(1).

When running ort-sqldiff(1), be more selective on which field attribute changes will trigger an error.

Significant upgrade to the internals: instead of haphazardly resolving names to object components (e.g., the field names in foreign references), do so in a dedicated pass by way of resolver objects.

This simplifies the final parsed tree: where before both the name and resolved field were part of (for example) an update reference, now only the resolved field object exists.

In doing so, this has made several structures unnecessary, such as struct bref. This and others like it existed solely to carry both the name of the field to resolve and the results of that resolution.

Many many new regression tests have been added to reflect the checks that occur during linking.

Other internal APIs and files were moved around for clarity: the C-generating files are now prefixed with c, the library no longer contains front-end objects, etc.
2020-05-04: version 0.8.13

When querying with a password entry, having a non-terminal password field in the list of search fields would generate an incorrect ordering when assigning to SQL parameters. This has been fixed and the code (and documentation) cleaned up and simplified.

Allow unary password constraint operations in update queries.

Fix how password null fields are checked for. While there, consider how NULL values passed as the password are processed. Before they were not at all.
2020-03-30: version 0.8.10

Fix where auto-valued enumerations weren't auto-value-ing.
2020-03-28: version 0.8.8

Enable and verify portability in the generated source code for a large number of systems. This made possible by the latest version of oconfigure.
2020-03-15: version 0.8.7

Significant internal restructuring for clarity. Enable grouprow, which groups rows by column then reduces them to a single row with a minrow or maxrow. At this time, this is limited to a single grouping column and maximum/minimum column.
2020-03-05: version 0.8.6

Use pkg-config in all examples, for simplicity. Update oconfigure.
2020-02-16: version 0.8.5

Possibly API-breaking changes: update functions declared without constraints no longer emit a superfluous by in the generated function names. That is, update [xxx]; will no longer append a hanging _by to the function name.

Anonymous update functions (i.e., without a name) now have their modification type emitted in the function name. This is to prevent name collisions from, e.g., update foo inc and update foo dec.

Have the strset keyword for update modifiers set the raw password value instead of hashing.

Bring up to date with latest oconfigure.
2019-11-24: version 0.8.2

Have passwords accept both eq and neq search operators.

Following the database library switch in release 0.8.0, update functions no longer return <0 on error, as error conditions in the database trigger program exit. The precise return value is now zero on failure, non-zero on success; however, for backwards compatibility, <0 shall not be returned so these code-paths are not followed.

Add streq and strneq search operators and update constraints for passwords. (For non-passwords, these are equivalent to eq and neq.) These operate on the raw hash instead of the password.

For C source, don't generate INSERT SQL if it's not going to be used. This has no impact on running code, but reduces generated code size ever so slightly.
2019-11-06: version 0.8.0

Possibly API-breaking changes: now using sqlbox instead of ksql for the database access library. This is due to the performance benefits and simpler API. The library also mandates safe operation instead of making it optional, so (for example) all database operations must be specified in advance. Specifically, it will no longer accept SQL not passed at start.

Second, make -s the default for ort-c-source(1) and ort-c-header(1). The underlying database access library only supports split-process mode, versus ksql which also had an unsafe mode.

Third, and most significantly, require using struct ort instead of having direct access to struct sqlbox (was struct ksql). This mirrors the situation of roles being enabled. If you have code that did not use roles and directly used the struct ksql to interface with the database via custom strings, the code will not to be re-written to use safer conventions.
2019-07-17: version 0.7.8

Allow the format function of ort-javascript(1) accept a null class name parameter, which switches into element-replacement mode. While here, improve the style(9) of the generated code and add some extra documentation. Also continue to add more content to the ort-javascript(1) manpage regarding namespacing and class construction.
2019-07-16: version 0.7.7

Significantly improve manpage documentation. Have generated code adhere more closely to style(9) when appropriate.

This release features lots of internal improvements to code readability, both in terms of documentation and style.

Most importantly, it's now possible to use --strict when compiling the output of ort-javascript(1)'s TypeScript output.
2019-07-05: version 0.7.6

Add the count query type and its associated C API functions. This is essentiallythe COUNT SQL command. It has its own role entry like the other query types. Clean up whitespace and line breaking in the C API output, while here.
2019-07-01: version 0.7.5

Add boundary values for enumerations. In the C interface, this is BITI_xxx__MAX, where xxx is the name of the enumeration. For Java or TypeScript, this is BITI__MAX on the enumeration's object. Also fix a line termination bug.
2019-05-07: version 0.7.4

When using concatenation (the concat operator) for a field with possibly-null values, wrap the field with a COALESCE statement. This prevents the foo = empty || yourval expression, which evaluates into another empty instead of the desired yourval.

Make code and documentation consistent for update generated function.
2019-04-25: version 0.7.3

Clarify the functionality of -d mode in ort-sqldiff(1). Also make it work with bitfields and expand its operation for enumerations so as not to raise false positives during an upgrade.
2019-03-22: version 0.7.2

Rename kwebapp to openradtool! This means that all binaries prefixed with kwebapp- are now prefixed with the simpler ort-. Also, the JavaScript/TypeScript namespace is ort instead of kwebapp and code produced by the C API with roles uses struct ort and enum ort_role instead of the earlier kwbp.

While here, clean up a lot of documentation, especially in ort(5), and also simplify several data structures.
2018-12-29: version 0.6.13

Several versions in a row where I screwed up small things found only after release. And then again. (Then one more time.) Sorry!

Add the string concatenation operator (concat) for updating fields. Now produces code usable on musl Linux thanks to Duncaen (alongside the earlier support for glibc). Also produces code running properly on FreeBSD. Stop using a deprecated function in ksql and use the safe version instead.
2018-12-09: version 0.6.9

TypeScript now errors out if NodeListOf is used instead of HTMLCollectionOf, so use the proper invocation.
2018-12-06: version 0.6.8

Forgot to zero some allocated memory in unique statements. Found with valgrind.
2018-12-03: version 0.6.7

Allow kwebapp-sqldiff(1) to optionally produce drop table commands.

Fix that custom handlers are invoked for null values if null values are allowed by the configuration.

Add fillArrayByClass, which is like fillArray but invoked over matching classes.

Begin migration (internally) to new name, openradtool.
2018-11-23: version 0.6.6

Add the fillArrayOrHide, fillArrayOrShow, fillByClass, and fillInnerByClass methods to the TypeScript and JavaScript output. The former two captures common uses of fillArray: hiding or showing an element if there are non-zero elements in the given array. The latter are convenience methods of wrapping a fill invocation with a getElementsByClassName.

Make custom callbacks in the JavaScript/TypeScript output override the defaults, instead of coming beforehand. Document this behaviour. (Before, the order was unspecified.)

Re-organise internals for better library support. The library isn't exported, but may be (and is) used. No functional change.

Make default keyword be handled when emitted configurations.
2018-11-02: version 0.6.5

Add default support for text, emails, and dates.
2018-10-23: version 0.6.4

Make sure that ksql(3) is configured for foreign keys.
2018-10-09: version 0.6.3

Take unique statements into account when warning whether a search statement might return multiple results. Also add some examples for using unique.

Fix a crash in kwebapp-xliff(1).
2018-09-28: version 0.6.2

Same as 0.6.1 except a small fix for packaging. Below is the message from 0.6.1.

Add ability to convert from JSON back into objects. This uses jsmn, as it's simple, fast, and easy to bundle directly into the sources. See the -J flag in kwebapp-c-header(1) and kwebapp-c-source(1) for details.
2018-09-26: version 0.6.1

Add ability to convert from JSON back into objects. This uses jsmn, as it's simple, fast, and easy to bundle directly into the sources. See the -J flag in kwebapp-c-header(1) and kwebapp-c-source(1) for details.
2018-09-06: version 0.6.0

Allow configuration files to be broken apart for several applications. Now, all kwebapp utilities may be invoked with multiple files per configuration. This has made kwebapp-sqldiff(1) and kwebapp-xliff(1) have slightly awkward syntax for many-many invocations, but the usual UNIX conventions of standard input and option parsing are respected. The existing calling convention is also still usable.

For kwebapp-sqldiff(1), introduce the concept of a default value that's used in ALTER TABLE statements for new columns. This currently is only defined for number types. The default is documented in kwebapp(5).

Rename xxx-yyy-date to xxx-yyy-date-value for consistency (oops!), then add xxx-yyy-date-text.
2018-08-25: version 0.5.7

Have several new class recognised in fill methods as generated by kwebapp-javascript(1). The xxx-yyy-bits-checked is now recognised for bit and bits types and it will check input boxes whose value is covered by the field's value. The xxx-yyy-date, for ISO 8601 formatting of epoch and date types. Lastly, xxx-yyy-value-checked for checking general input boxes matching input values.

All of these is documented in the manpage and in the output jsdoc.
2018-08-04: version 0.5.6

Fix TypeScript generation for enumerations. Invert logic for language selection so that language not found gets default.
2018-08-04: version 0.5.5

Significantly update the TypeScript functionality of kwebapp-javascript(1): stipulate callback function types for the custom format handler.
2018-08-02: version 0.5.4

Allow for updating translation files with -u. See kwebapp-xliff(1) for details.
2018-07-27: version 0.5.3

Allow a copy mode -c in kwebapp-xliff(1). Also don't allow tags (the < character) in jslabel phrases. Fix specifying language jslabel for special phrases in bits.
2018-07-23: version 0.5.2

Full translation capabilities! Now all jslabel strings may be translated out-of-band into the appropriate jslabel.xxx labels using the industry-standard XLIFF 1.2 format. Just use kwebapp-xliff(1) to extract translatable strings, edit the content, then merge with the original configuration. The output can then be piped into kwebapp-javascript(1) for dynamic per-language formatting!
2018-06-26: version 0.5.1

Clean up make output by putting version information into its own header file.

Continue adding in TypeScript type information.

Multi-language support: re-tool the jslabel feature to allow for multiple languages that detect the HTML (or XML) document's root language and only produce output for that language. This uses the jslabel.lang syntax. Also warn more about missing labels and be clearer on what to do when label information isn't found. Furthermore, the unset keyword has been changed to isunset and the isnull keyword has also been added. There is no longer a hard-coded not given value, and the class set on null values is now kwbp-null instead of notgiven.
2018-06-21: version 0.5.0

Hello, Linux! The system now supports compiling on Linux and other non-OpenBSD systems. This has been enabled by bringing up to date with oconfigure and adding portability shims for password hashing and other tools.

I'm also pleased to announce TypeScript integration in kwebapp-javascript(1). This is still under development, but now exports proper TypeScript classes, interfaces, and so on.
2018-05-24: version 0.4.10

Several fixes to having split-apart header files. Fix (and harmonise) the behaviour of -N in both kwebapp-c-header(1) and kwebapp-c-source(1), and -I in the latter.
2018-05-09: version 0.4.9

Bring up to date with oconfigure and also use newest safety mechanisms (the result interface) from ksql.
2018-04-27: version 0.4.8

Repair header inclusion (kcgijson.h requires kcgi.h) for kwebapp-c-source(1). Bring up to date with newest ksql, which requires the default role have permission to open the database.
2018-03-13: version 0.4.7

Set the configuration script's modes properly and fix the auditing HTML sample and fix the installation archive to include all files. Make the audit markup (and CSS) be easily embedded into other files.

Split kwebapp-audit(1) into kwebapp-audit-json(1) and add the new kwebapp-audit-gv(1) for brief GraphViz output.
2018-03-10: version 0.4.6

Fully switch over to ksql(3)'s roles for database management. Also add KWBP_VERSION and KWBP_VSTAMP to the header file.
2018-02-15: version 0.4.5

Significantly expand the auditing capability to show both the export and access to data. Before, the concepts were too closely linked. Now, both the JSON and non-JSON output are careful to note which data is simply accessable, and which may be exported as well (and via which paths through the code).

Also fix code output by non-role-based systems.
2018-01-30: version 0.4.4

Fix the noexport empty statement, which was causing assertions when invoked in certain situations. Also start using ksql(3)'s stored statement functionality, which improves security. Add partial support for roles within ksql(3) as well, but leave them unimplemented for the time being.
2018-01-17: version 0.4.3

Fix issues/2, allowing limits, offsets, and orderings to come after an empty WHERE statement.

Allow noexport in a structure's roles to accept an empty name, which indicates that no fields should be exported.

Significantly chop the size of the output JavaScript file from kwebapp-javascript(1). Reduction of nearly 40% from the file size of the last version! This is a savings in code size along—the bulk of the files are often comments.
2017-12-27: version 0.4.2

Support auto-numbering of enumerations. The scheme is to start at the maximum assigned number plus one or zero, whichever is greater, and assign incrementally in order of appearance.

Add the date pseudo-type that aliases epoch but uses the date validation input.
2017-12-26: version 0.4.1

Fix: LIMIT set goes after ORDER BY.
2017-12-20: version 0.4.0

Split kwebapp(1) into kwebapp-c-header(1), kwebapp-c-source(1), kwebapp-javascript(1), kwebapp-sql(1), and kwebapp-sqldiff(1). The historical calling conventions of using kwebapp(1) with output flags is no longer accepted.

Add kwebapp-audit(1). This tool allows configurations to be audited for role permissions. It effectively takes a configuration and determines all possible access (data access, modify, etc.) available to a given role and produces a report. Reports can be on the command-line or JSON. A sample implementation of the JSON file is installed.

Allow for comment strings to be associated with roles.

The audit functionality is part of a project generously funded by CAPEM Solutions, Inc. Thank you!
2017-12-06: version 0.3.9

Allow for update and delete to operate without constraints. See kwebapp(5) for syntax. Also add transaction call-through functions to the generated C API. This is necessary in role-based mode since the underlying ksql API is shielded. These are documented in kwebapp(1).

Fix a crash when having limit statements with enum types.
2017-11-24: version 0.3.8

Lift the restriction on alias counts (total number of inner joins) from 26 to 17576. This can easily be expanded further: the limitation is purely for simplicity's sake.

Add the distinct field to queries. This field, in its basic form, enforced the SQL DISTINCT keyword. However, it can also be used for nested fields in a structure, effectively only returning distinct rows of nested structures. The canonical example is returning only distinct album fields that are struct foreign key references of a track table. All of this is documented in kwebapp(5).
2017-11-23: version 0.3.7

Bug-fixes in created C code to account for line-breaking long SQL statements. (This is an in-progress effort.) Also add the unset jslabel statement for bit-fields. This allows the generated JavaScript format() function to provide a value if the field exists but has not been set with any bits. (This is yet to be documented for kwebapp(1) as the feature is still experimental.)
2017-11-18: version 0.3.6

Lots of new features! Add the order statement for ordering list and iterate results. It can also act as a way to define single results over non-unique fields by combining the search statement with limit. Allow for limit offsets by extending the limit syntax. Lastly, introduce the bit bit index type and the bits top-level type for working with bit-fields. All of these are documented in kwebapp(5).
2017-11-13: version 0.3.4

Disallow duplicate enum and struct names. (These will otherwise collide in the C namespace.) Improve the documentation (function arguments) in the produced C header file. Output JavaScript enum values—this is described in kwebapp(1).

Add the and and or logical (bit-wise) operations for search constraints.

Finally allow comments! These begin at any time with the hash mark and continue to the end of line. (My motivation was modelines for vim.)

Lastly, and the biggest, allow for having struct fields on null foreign keys. This requires the system to perform extra SELECT statements when the keys aren't null (which is noted in the generated API comments on a per-function basis), but overall it's very useful.
2017-11-01: version 0.3.3

Add the like operator type. This allows for primitive text searching. (This will become more advanced in time.) Allow the custom callback for JavaScript functions to optionally accept an array of functions for structure-field or structure in general.
2017-10-30: version 0.3.2

Add the bit type to work with kcgi's new bit validator. Fix the JavaScript output to propogate custom callbacks (see kwebapp(1)) in the fillArray function. Lastly, add feature that allows an update update statement translate into updating all fields.
2017-10-27: version 0.3.1

Repair the jsdoc by actually checking it. Also add custom callback handling for individual structure/fields.
2017-10-25: version 0.3.0

Require the insert statement within a structure to generate insertion functions.

Disambiguate the configuration grammar with respect to structure linking. Earlier, struct types could specify the linkage from another field to a foreign key. Now, the linkage must be specified within the other field itself. This clears up the situation where a structure and the referring field had different types. It also allows all foreign key information (e.g., on delete modifiers) to exist unambiguously on the referring field itself.

Add the actup and actdel modifiers on a foreign key reference. For example, actdel cascade specifies ON DELETE CASCADE.

Properly wrap comments (at word boundaries) at 70 columns.

Introduce RBAC functionality: the roles top-level object defining the roles themselves such that each structure statement (e.g., insert) can be wrapped in a roles statement limiting access. When the top-level roles is defined (even if empty), the ksql database handle is hidden from the API, and instead an opaque kwbp is used. This allows for full role-based access to the database. Read the kwebapp(5) for more information.
2017-09-18: version 0.2.12

Bug-fix generated JavaScript. Also clarified some warnings and errors generated during the link phase. Lastly, inherit CFLAGS during configuration and use -Wextra during compilation.
2017-07-06: version 0.2.11

Add more power to the JavaScript output and clarify its operation. First, clarify how the root DOM element is handled as to whether it can have classes to be filled in. (Yes.) Second, add a fillInner() function to handle cases where the root shouldn't be filled in. Finally, add a fillArray that fills from an array of objects. This removes the first element, clears the root element, then clones, fills in, and appends the first element for all objects. The fillInner() functionality comes in handy to protect nested objects from clobbering each other.
2017-07-05: version 0.2.10

Fix a bug that crept into the last release where iterate/list terms with an empty constraint set resulted in a dangling WHERE in the generated SQL.
2017-07-04: version 0.2.9

Allow iteration and listing to accept no terms; i.e., they produce all rows for that structure.
2017-06-29: version 0.2.8

Allow ksql(3)'s split process model to be used when -Fsplitproc is specified.
2017-06-16: version 0.2.7

Add sqldiff mode support for enumerations. This makes sure that enumeration objects are consistent (non-destructive) across configurations.
2017-06-15: version 0.2.6

Add enumerations (enum) as top-level objects. This allows the C API to represent integers as sets of constants and makes validation more precise.
2017-06-12: version 0.2.5

Add eq operator for validation. (Probably not used for numeric, but useful for strings in some circumstances.) Also add email type. This is just a string type with special validation.
2017-06-11: version 0.2.4

Add the ability for update fields to accept a modifier. This translates into the SQL equivalent to update foo set x = x + ?. Right now, only the inc and dec modifiers are supported, but it's easy to add in new ones.
2017-05-30: version 0.2.3

One-liner so that unique fields can be foreign keys (but not structs). Also add the epoch native type that uses the time_t type for the C API. For OpenBSD with 64-bit signed integral time, this is just an alias for int except for the type in the API.
2017-05-25: version 0.2.2

Fix bug in recursive reference checker. This now works properly and allows [properly] for self-referencing structures for native type references. Add special function to JSON print iterate entries. These work together with the iterate functions and accept their callback syntax.
2017-05-22: version 0.2.1

Finally fix naming of anonymous query (search, list, iterate), update, and delete functions. This now uses the basic syntax of db_xx_get_by_yy_op, where xx is the structure, yy is the field, and op is the operation. Adding the op field disambiguates fields. (The operation also makes the earlier double-underscore unneeded.)

Also add functions to print JSON arrays if and only if a structure has list iterators specified.
2017-05-20: version 0.2.0

Flag day: use the -O flag to specify output type (hence minor bump). Also move -v and -j into -Fvalids and -Fjson as part of the new -F flag. This cleans up a lot of options and leaves the door open for new output formats and configuration options.

Generate jsdoc along with the JavaScript -Ojavascript output. Also handle the foo-xxxx-value class, where foo is the structure and xxxx is the field, for auto-population of form elements.
2017-05-19: version 0.1.9

Introduce -J, which generates JavaScript output. This completes the chain from HTML form input to filling in HTML DOM trees with CGI script output.
2017-05-18: version 0.1.8

Handle empty insertions by using DEFAULT VALUES on the insertion. Accept inequality operators for search, update, and delete constraints.
2017-05-15: version 0.1.7

Add limit clauses to make validation more meaningful. (See the limit field clause in kwebapp(5).) Now input values can be limited.
2017-05-13: version 0.1.6

Add full validation sequence required by kcgi(3), specifically khttp_parse(3). With this in place, applications can push the given structure directly into the HTTP parser without needing to create the array themselves.
2017-05-12: version 0.1.5

Add field validation routines. See the -v flag in kwebapp(1). This uses the field type (and modifiers) to create kcgi(3) validation routines.
2017-05-05: version 0.1.4

Require a semicolon after struct statements. This is future-proofing for options following the struct data. Also added a noexport field option that disallows fields from being JSON-exported.
2017-05-04: version 0.1.3

Handle empty (null) values as specified in the configuration when exporting to JSON. Also, properly handle blob values as base64-encoded strings.
2017-05-02: version 0.1.2

Introduce -j, which also emits JSON output functions using kcgi(3)'s interface. These complete the chain of exporting data from a database directly to client applications.
2017-04-29: version 0.1.1

Have the singleton search function (e.g., search foo: name bar) use the operator get in generated function names. Before, these would be (following the example) db_foo_by_foo. Now they're db_foo_get_by_foo. This is more consistent with the other search functions.

Renamed the -h flag to -C. (Source in lowercase, header in uppercase.)
2017-04-27: version 0.1.0

Initial stable internals. I'm still going to change the generated API function names before adding features, but the system is already in use.