Skip to content

3.0.11

Release Date: January 16, 2026

✨ New Features

NuGet Packages

OAuth Scope Control

Package: SAIF.Platform.Authentication

Added DisableDefaultScopes configuration flag to prevent automatic injection of tenant-specific OAuth scopes (user-groups, user_impersonation, .default, access).

Key Features:

  • Explicit Scope Control - Opt-out of automatic scope injection across all authentication components
  • Backward Compatible - Defaults to false to maintain existing behavior
  • Multi-Component Support - Available in ScopeBuilder, OpenIdConnectServiceOptions, and HttpClientConfigurationOptions

Example Usage:

// OpenIdConnect - Full control over scopes
builder.AddOpenIdConnectServices(options =>
{
    options.DisableDefaultScopes = true;
    options.AdditionalScopes = ["my-custom-scope"];
    // Only requests: openid, profile, offline_access, {projectId}.my-custom-scope
    // Does NOT auto-add: access, user-groups, or .default
});

// Kiota HTTP Client - Explicit scopes only
builder.ConfigureHttpClient<MyClient, MyProvider>(projectId, options =>
{
    options.DisableDefaultScopes = true;
    options.Scopes = ["read", "write"];
    // Does NOT auto-add: user_impersonation or user-groups
});

Benefits:

  • 🎯 Enables precise control over requested OAuth scopes
  • 🔒 Prevents unnecessary scope requests in service-to-service authentication
  • 📚 Supports advanced authentication scenarios requiring custom scope configuration

Documentation:

  • See code comments and unit tests for implementation details

GitHub

Issue and Pull Request Templates

Location: .github/ISSUE_TEMPLATE/, .github/PULL_REQUEST_TEMPLATE/

Added comprehensive issue and pull request templates to provide structured guidance for contributions and streamline the development workflow.

Templates:

  • Bug Report - Structured format for reporting bugs with reproduction steps
  • Feature Request - Template for proposing new features with clear requirements
  • Pull Request - Standardized PR description format with release notes section

Benefits:

  • 📋 Consistent issue and PR formatting across the repository
  • 🚀 Faster triage and response times
  • 📚 Better documentation of changes for release notes
  • ✨ Improved collaboration and communication

🔧 Enhancements

Documentation

  • Scope Naming Conventions - Added comprehensive scope naming guidance across security documentation (Authorization reference, App Permissions, Calling APIs)
  • Service-to-Service Authentication - Updated API-Only Service example to use Client.* scopes instead of misleading User.* scopes
  • Tabbed Interface - Added tabbed interface in App Permissions to separate User-Delegated vs Service-to-Service patterns
  • Platform Principles - Consolidated pillars into decision-making principles for platform engineers with new "Platform as a Product" principle
  • Local-First Orchestration - Renamed and refined "Development-Production Parity" to emphasize architectural mirroring

Agent Skills

  • Composable Skills - Refactored legacy agents into consolidated, composable skills following Agent Skills standard
  • Skill Organization - Created 9 domain-specific skills (forge-standards, git-workflows, release-management, etc.)
  • Progressive Disclosure - Implemented references/ pattern for detailed documentation loaded on demand

GitHub Workflows

  • Merge Gatekeeper Optimization - Added concurrency control to auto-cancel obsolete runs, reducing GitHub Action minutes by 50%+
  • Polling Interval - Increased polling interval from 30 to 60 seconds to reduce API calls

🐛 Bug Fixes

Terraform Templates

  • 🐛 Application Permissions Dependency - Added depends_on = [module.saif-appservices] to fix deployment failures where application lookup occurred before creation

📚 Documentation

New Documentation

  • 📖 Scope Naming Conventions - Comprehensive guidance for OAuth scope naming patterns (User-Delegated vs Service-to-Service)
  • 📖 Platform Principles - Decision-making frameworks for platform engineering with 7 core principles
  • 📖 Agent Skills - Documentation for composable skill system following Agent Skills standard

Updated Documentation

  • 📝 App Permissions - Updated examples with tabbed interface and correct scope naming
  • 📝 Authorization Reference - Added scope naming conventions section
  • 📝 Calling APIs - Added scope naming best practices with code examples
  • 📝 Roadmap - Updated objectives to reference all 7 platform principles
  • 📝 GitHub Copilot Instructions - Updated to reference consolidated skills

🔄 Breaking Changes

None in this release

📋 Additional Notes

  • Total commits: 13
  • Files changed: 115
  • Contributors: 2 (Copilot, Emmitt Johnson)

Dependency Updates

This release includes 5 dependency update PRs managed by Dependabot:

  • @types/node updated from 24.10.4 to 24.10.9
  • @types/react updated from 19.2.7 to 19.2.8
  • Multiple TypeScript and .NET dependency group updates

Support

  • 📧 Teams Support Channel: Support