Skip to content

3.1.0

Release Date: January 28, 2026

✨ New Features

Webhooks

Filevine Webhook Integration 🔗

Comprehensive webhook integration for the Forge platform, enabling secure receipt of webhook events from external systems like Filevine, with full local development support and production-ready APIM policies.

Key Features:

  • Generic Webhook Receiver - Flexible webhook endpoints with customization support
  • DevTunnel Integration - Exposes local endpoints for webhook testing during development
  • Client Credentials Flow - Service-to-service authentication with app role assignments
  • Filevine APIM Policies - JWT validation and header override for downstream API calls
  • Error Handling - Structured Problem+JSON responses with proper TypeSpec error types

Benefits:

  • 🚀 Enables real-time integrations with external systems
  • 🔄 Simplifies webhook testing with DevTunnel support
  • 🎯 Production-ready security with client credentials authentication
  • 🔒 Secure service-to-service communication with app role assignments

Usage:

saif new saif-feature-webhook

This adds webhook endpoints with DevTunnel support for local development. The tunnel URL appears in the Aspire Dashboard, enabling testing with external providers like Filevine without deploying to Azure.

Templates:

  • saif-api-exp - Updated with webhook support
  • saif-feature-webhook - New feature template for adding webhooks to existing projects

Terraform Enhancements:

  • Enhanced application_permissions module with app role assignments for pre-authorized applications
  • New api_policies_filevine module for Filevine-specific APIM policies
  • Template updates across all API types (Experience, Process, System)

Documentation:

PR: #365

Templates

Standalone Frontend Service Template 🎨

Template: saif-feature-web-standalone

New feature template for adding standalone frontend applications with custom subdomain support, enabling frontend deployments independent of backend APIs.

Key Features:

  • Custom Subdomain Support - Configure custom subdomains for frontend applications
  • Independent Deployment - Deploy frontends separately from backend services
  • Azure Static Web Apps - Leverages Azure Static Web Apps for hosting
  • Terraform Integration - Infrastructure-as-code for custom subdomain configuration

Benefits:

  • 🚀 Faster frontend deployments without backend dependencies
  • 🔄 Better separation of concerns between frontend and backend
  • 🎯 Simplified frontend-only updates
  • 🌐 Custom domain support for branded user experiences

Usage:

saif new saif-feature-web-standalone

Documentation:

PR: #311

Security

Security Configuration Resources 🔒

Package: SAIF.Platform.Aspire.Hosting

Experimental Feature (SAIFENV001, SAIFSECURITY001)

These APIs are experimental and subject to change. Suppress the compiler warning with <NoWarn>$(NoWarn);SAIFENV001;SAIFSECURITY001</NoWarn> in your project file.

Added comprehensive security configuration resources and Aspire hosting extensions for declarative security setup, including business roles, API scopes, and authentication configuration.

Key Features:

  • Business Role Configuration - Define business roles with app role assignments
  • API Scope Configuration - Configure API scopes and permissions declaratively
  • Aspire Annotations - Use Aspire resource annotations for security settings
  • Automated Configuration - Generate security configuration from AppHost

Benefits:

  • 🚀 Simplified security configuration with declarative syntax
  • 🔄 Consistent security setup across environments
  • 🎯 Reduced manual configuration errors
  • 🔒 Enforced security best practices by default

Example:

AppHost/Program.cs
// Define permissions
public static class Permissions
{
    public static readonly AppRole ClaimsRead = new("Claims.Read", "Read claims data");
    public static readonly AppRole ClaimsWrite = new("Claims.Write", "Write claims data");
}

// Configure security in AppHost
builder.AddSecurity()
    .WithCorporateAssignment(new AppRoleAssignment(
        new BusinessRole("Claims Adjuster"),
        [Permissions.ClaimsRead, Permissions.ClaimsWrite]));

Documentation:

PR: #306

Observability

OpenTelemetry Diagnostics 📊

Packages: SAIF.Platform.Authentication.AspNetCore, SAIF.Platform.Azure, SAIF.Platform.EntityFramework

Added OpenTelemetry instrumentation for authentication, Azure services, and Entity Framework components with enhanced tracing and metrics.

Key Features:

  • Authentication Tracing - Track authentication flows and token validation
  • Azure Service Instrumentation - Monitor Azure service calls and latency
  • EF Core Instrumentation - Database query tracing and performance metrics

Benefits:

  • 🚀 Faster troubleshooting with distributed tracing
  • 🔄 Better visibility into application health and performance
  • 🎯 Proactive issue detection before production impact
  • 📈 Improved observability for distributed applications

PR: #352

Terraform

Enhanced JWT Validation for Client Credentials Flow 🔑

Module: saif-api-service

Enhanced JWT validation in Terraform modules to properly support client credentials flow for service-to-service authentication, enabling secure webhook integrations and machine-to-machine API communication.

Key Features:

  • Client Credentials Support - Full support for service-to-service authentication
  • Enhanced JWT Validation - Improved token validation for client credentials
  • APIM Policy Updates - Updated API Management policies for client credentials

Benefits:

  • 🚀 Secure service-to-service authentication
  • 🔄 Consistent authentication across all API types
  • 🎯 Simplified configuration for machine-to-machine scenarios

PR: Related to Filevine webhook integration

🔧 Enhancements

Documentation

  • Copilot Instructions - Updated GitHub Copilot usage guidelines and skill loading process
  • Skill Descriptions - Updated skill descriptions to match Agent Skills specification

GitHub Workflows

  • Dependabot Auto-Approval - Enabled auto-approval and auto-merge for Dependabot PRs
  • Merge Gatekeeper - Updated ignored jobs list and improved check waiting logic
  • Pull Request Target - Fixed Dependabot secret access using pull_request_target trigger

Dependencies

  • Glob Package - Updated glob and related dependencies for improved file matching
  • Lerna - Updated to version 9.0.3 with tar override for security
  • React Types - Bumped @types/react from 19.2.9 to 19.2.10
  • TypeScript Dependencies - Updated multiple TypeScript dependencies in the dependencies group

📚 Documentation

New Documentation

Updated Documentation

🔄 Breaking Changes

None in this release

📋 Additional Notes

  • Total commits: 18
  • Files changed: 530
  • Contributors: 3 (Copilot, dependabot[bot], Emmitt Johnson)

Impact Summary

This release introduces major new capabilities for webhook integrations, standalone frontend deployments, and security configuration. The Filevine webhook integration provides a complete solution for receiving and processing webhook events from external systems, with full local development support using DevTunnel. The new standalone frontend template enables independent frontend deployments with custom subdomain support, improving separation of concerns and deployment flexibility.

Security configuration has been significantly enhanced with Aspire annotations, enabling declarative security setup directly in the AppHost. This reduces manual configuration and enforces security best practices by default. The new OpenTelemetry diagnostics provide structured diagnostic codes with troubleshooting guides, making it easier to identify and resolve issues in production.

For Developers

  • Webhook Support - Use the new webhook templates and guides to integrate with external systems like Filevine
  • Frontend Deployments - Create standalone frontends with custom subdomains using the new template
  • Security Configuration - Leverage Aspire extensions for declarative security setup (experimental)
  • DevTunnel - Test webhooks locally without deploying to Azure

Support

  • 📧 Teams Support Channel: Support