Skip to Content
Changelog

Changelog

All notable changes to the Gatelithix Gateway API are documented here.

v2.3.0 — 2026-04-28

Breaking Changes

  • Platform-default connector credentials removed. Every merchant must have at least one connector_account for each connector + mode they process through. Merchants without one will receive 400 connector_account_required on charge attempts. No deprecation period — hard cut at the v2.3 deploy. See the Migration Guide for the env-var → connector-account mapping.
  • New connector_account field on POST /v1/payments/authorize, POST /v1/payments/capture, POST /v1/payments/sale, POST /v1/payments/refund, and POST /v1/payments/void. Optional header X-Connector-Account is equivalent. Body wins when both are set.
  • New error codes under error.code: connector_account_required, connector_account_not_found, connector_account_inactive, connector_account_ambiguous, connector_account_override_forbidden, connector_account_mismatch (override account belongs to a different connector), connector_account_mode_mismatch (override account belongs to a different mode), invalid_connector_account (override value is neither a valid short_id nor UUID). See Error Codes. (connector_account_default_conflict, connector_account_label_conflict, and originating_account_unavailable are tracked for v2.4 — the underlying store-level enforcement landed in v2.3 but the dedicated error.code values have not yet shipped; today these conditions surface as generic 409 errors.)
  • PaymentIntentResponse gains connector_account_id + connector_account_short_id (read-only).

Non-breaking additions

  • Admin endpoints /admin/merchants/{id}/connector-accounts/* are now in the public OpenAPI spec.
  • Multi-account support: one merchant can own multiple accounts for the same connector + mode (for example, a US-USD and an EU-EUR Stripe account under the same merchant).
  • Merchant Identifier (MID) admin endpoints added (preview — see Connector Accounts for the model).

Migration

See the Migration Guide — v2.3 in the docs site for the step-by-step upgrade. The root repository ships MIGRATION-v2.3-CONNECTOR-MODEL.md as the canonical operator-side reference; the docs-site MDX is the caller-facing mirror.

v1.1.0 — 2026-03-24

Production deployment: real infrastructure, persistent storage, and CI/CD.

Infrastructure & Deployment

  • Cloud Run deployment for gateway, vault, and 3 connector services with health probes and secret injection
  • Terraform modules for VPC, Cloud SQL, Redis, KMS, Secret Manager, Pub/Sub, IAM, and load balancer
  • Secret Manager resolver with CRC32C integrity verification for HMAC and Auth0 secrets
  • Redis auth and TLS wiring for Memorystore with docker-compose support for local dev
  • Pub/Sub subscriber with exponential backoff retry, ordered graceful shutdown, and DLQ subscriptions
  • PSP egress firewall rules and gateway-to-vault cross-project IAM invoker binding
  • ko config for 5 Go services with distroless base and multi-stage Dockerfiles for admin and docs
  • Cobra-based debugging CLI with tx/webhook/connector/pubsub/db subcommands and Cloud SQL Auth Proxy support
  • Operations runbooks for deployment, incidents, secrets rotation, and onboarding

Database

  • Shared pgxpool foundation with Cloud SQL Go Connector, NULL pointer helpers, and generic scan/tx utilities
  • PostgresPaymentStore with 14 methods, transactional status transitions via SELECT FOR UPDATE, and dynamic search
  • PostgresWebhookStore with ON CONFLICT dedup across 4 tables including DLQ tracking
  • PostgresCommercialStore with 20 methods covering merchants, ISOs, versioned pricing, metering, and ledger
  • PostgresVaultStore with 11 methods for PCI-zone persistence and atomic decrypt token exchange
  • PostgreSQL card metadata store with upsert semantics and batch lookup
  • PostgresStore for API keys, idempotency (ON CONFLICT DO NOTHING), and routing config with upsert
  • Full store wiring for gateway (7 stores) and vault (PCI store) with DEV_MODE production safety guard

Testing & Quality

  • Integration tests for all 7 PostgreSQL stores (54+ tests) using pgxpool-based testcontainers against real PostgreSQL
  • Migration rollback, pgxpool reconnect, and Pub/Sub emulator integration tests via testcontainers-go
  • E2E payment lifecycle test (authorize, capture, refund) with seeded test auth
  • 73% merged test coverage (unit + integration) with 70% Go / 60% admin vitest CI gates
  • Auto-generated database schema documentation from 24 migration files (20 core + 4 vault)

Security & Compliance

  • govulncheck and Trivy filesystem scanning on every PR with HIGH/CRITICAL blocking merge
  • PCI DSS 4.0.1 compliance evidence docs with control-by-control tables and QSA-ready self-assessment
  • 5 secret rotation scripts covering all 10 Secret Manager entries
  • Vault /health/ready checks PCI database connectivity with 503 on failure
  • NMI and FluidPay webhook signing secrets injected into gateway Cloud Run via Terraform

CI/CD Pipeline

  • build-push.yml workflow building 8 container images (5 ko + 2 Docker + 1 migration) with PCI-isolated registries
  • Deploy workflow with Go 1.26.1, setup-ko, and workflow_run triggers
  • Dual coverage gates (70% Go + 60% admin vitest) enforced in CI
  • CI migration pipeline with core and PCI service containers

v1.0.0 — 2026-03-18

Initial release of Gatelithix Gateway API.

  • Payment operations: authorize, capture, sale, refund, void
  • Token vaulting with merchant-scoped gateway tokens
  • Multi-connector routing (Stripe, NMI, FluidPay)
  • Webhook delivery with HMAC-SHA256 signature verification
  • API key management (create, list, rotate, revoke)
  • Idempotency on all write endpoints
  • Hosted fields SDK for client-side tokenization
  • Go and TypeScript server SDKs
Migration Guide — v2.3Infrastructure Overview