# Changelog

What changed in Socigy.OpenSource.DB v0.3.0 — field encryption, rotating DB credentials, batched bulk insert, the HashiCorp Vault package, schema placeholders, and build-time generator diagnostics.

## v0.3.0 — 5 June 2026

### Added

- **Field-level encryption.** Mark a property `[Encrypted]` to encrypt it on write and decrypt it on read, stored as `bytea`. Any common value type plus `string`/`byte[]` is supported. A built-in authenticated `AesFieldEncryptor` (AES-256-CBC + HMAC-SHA256) ships in the package; the encryptor is pluggable via `IFieldEncryptor` + `SocigyFieldEncryption.Configure`. Encrypted columns are non-queryable (a clear `NotSupportedException` is thrown). `[Encrypted(AutoDecrypt = false)]` defers decryption — exposing a read-only `{Field}RawEncrypted` and a lazy, caching `{Field}Decrypted` accessor. See [Encrypted columns](/database/0.3.0/defining-models/encrypted-columns).
- **Background diagnostics.** The Vault encryptor/credentials provider, the connection factory's credential refresh, and `SocigyFieldEncryption.Configure` emit `ILogger` messages and OpenTelemetry spans under the `Socigy.OpenSource.DB` source, so admins can track key loads, credential leases, and renewals.
- **Rotating DB credentials.** The generated connection factory can source its connection string from an optional `IDbCredentialsProvider` (sync cached value + async refresh), enabling externally-managed/rotating credentials. See [Connections & DI](/database/0.3.0/core-concepts/connections-and-di).
- **Batched bulk insert.** `Table.InsertMultipleAsync(rows, conn[, tx])` inserts a whole collection as chunked multi-row `INSERT ... VALUES (…),(…)` commands (auto-chunked under PostgreSQL's 65,535-parameter limit) instead of a command per row. See [INSERT → Bulk insert](/database/0.3.0/querying/insert).
- **New optional package `Socigy.OpenSource.DB.HashiCorp`** — HashiCorp Vault implementations: field encryption keyed from Vault (KV-v2) and rotating credentials from Vault's Database secrets engine, each wired with one DI call. See [HashiCorp Vault](/database/0.3.0/integrations/hashicorp-vault).
- **Schema placeholders in procedure files.** Reference a table or column from a `.sql` procedure with optional `{{Type}}` (→ table name) and `{{Type.Property}}` (→ column name) placeholders; the generator expands them at build time to the real, quoted names, keeping raw SQL in sync with C# renames and `[Table]`/`[Column]` overrides. Files that use no placeholder are flagged (`SCGDB003`) and can opt out per-file with `-- @ignore warning`. See [Procedure mapping → Schema placeholders](/database/0.3.0/advanced/procedure-mapping#schema-placeholders).
- **Build-time generator diagnostics.** The source generator now validates tables and procedure files and reports issues as `SCGDB###` diagnostics — unsupported attribute combinations, missing primary keys, malformed or unresolvable procedure headers and placeholders, unused/undeclared parameters, and more. Each is configurable from `.editorconfig`. See [Generator diagnostics](/database/0.3.0/advanced/generator-diagnostics).

### Fixed

- The OpenTelemetry instrumentation-scope version now reports the package version instead of `1.0.0.0`.
- Migration-version lookup no longer throws (and breaks in the debugger) on first run when the migrations table doesn't exist yet — it probes with `to_regclass` first.
- A still-active query/stream when a unit-of-work delegate completes (a forgotten `await`) now throws a clear, actionable error instead of an opaque "command already in progress".