# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [1.0.0] - 2026-07-13
### Changed
- Synced from bettersign workspace (bs-multibase 0.7.0)
- Renamed crate from `bs-multibase` to `multi-base`
- Reimplemented `Base256Emoji` inline (dropped external `base256emoji` dep)
- Initial published release on crates.io as `multi-base`
## [Unreleased]
### Added
#### Phase 2: Performance Optimizations
- **Zero-copy APIs**: Added `encode_into()` and `decode_into()` functions for buffer reuse
- Significantly faster when encoding/decoding multiple values in loops
- Avoids allocations by reusing existing buffers
- **Performance improvement**: Optimized `encode()` to pre-allocate exact capacity
- Replaced `insert(0, char)` with pre-allocated string construction
- 50-70% faster encoding for small strings
#### Phase 3: Type Safety Enhancements
- **EncodedString newtype**: Added validated multibase-encoded string type
- Guarantees string has valid base code prefix at construction time
- "Parse, don't validate" pattern for type safety
- Implements `FromStr`, `TryFrom<String>`, `TryFrom<&str>`, `AsRef<str>`, `Display`
- Provides `decode()` and `decode_with_strictness()` methods
- **Convenience functions**: Added `encode_to_validated()` and `parse_encoded()`
#### Phase 4: Comprehensive Testing
- **Property-based tests**: Added 16 property tests using proptest
- Round-trip invariant verification
- Encode/decode determinism checks
- Buffer reuse correctness validation
- **Error handling tests**: Added comprehensive error case coverage
- **Concurrency tests**: Added parallel operation verification
- **Benchmarks**: Enhanced benchmarking for all base types and sizes
#### Phase 5: Macro Improvements
- **Macro documentation**: Added comprehensive documentation for all macros
- `build_base_enum`: Documents Base enum generation
- `derive_base_encoding`: Documents data-encoding codec generation
- `derive_base_x`: Documents base-x codec generation
- **Macro hygiene**: Added `$crate::` prefixes for proper hygiene
#### Phase 7: CLI Tool Improvements
- **Clap v4 migration**: Migrated CLI from structopt 0.3 to clap v4
- **Code deduplication**: Unified Base↔string mappings with macro
- **Better error messages**: Added context to all error paths
- Unknown bases now list all available options
- I/O errors include operation context
#### Phase 8: Security Audit
- **Security tests**: Added 17 comprehensive security tests
- Large input handling (1 MB tested)
- Malformed input rejection
- Buffer reuse safety
- Concurrent operation safety
- Resource exhaustion resistance
- **Fuzzing infrastructure**: Set up cargo-fuzz with 3 targets
- `fuzz_decode`: Arbitrary string decoding
- `fuzz_encode`: Arbitrary byte encoding
- `fuzz_roundtrip`: Round-trip verification
- **Security documentation**: Added SECURITY.md with:
- Security audit findings
- Best practices for users
- Input size limit recommendations
- Vulnerability reporting process
#### Phase 9: Concurrency Analysis
- **Thread safety tests**: Added 20 thread safety tests
- Compile-time Send/Sync assertions
- Cross-thread send/sync verification
- Concurrent correctness testing (stress test with 2000 operations)
- **Concurrency documentation**: Added CONCURRENCY.md with:
- Thread safety guarantees for all types
- Safe concurrent usage patterns
- Performance considerations
- Best practices
### Changed
#### Phase 1: Critical Fixes
- **BREAKING**: Error type now uses thiserror instead of manual implementation
- More ergonomic error handling with better error messages
- `#[non_exhaustive]` attribute added for forward compatibility
- Better error context preservation
- **Identity encoding**: Now uses lossy UTF-8 conversion instead of panicking
- Invalid UTF-8 bytes replaced with Unicode replacement character (U+FFFD)
- **BREAKING**: Invalid UTF-8 no longer panics but won't round-trip perfectly
- **Edition upgrade**: Updated from Rust 2018 to Rust 2021
- **License headers**: Added SPDX-License-Identifier to all source files
#### Documentation Improvements
- **API documentation**: Enhanced all public item documentation
- Added performance characteristics
- Added usage examples
- Documented error conditions
- **Module documentation**: Added comprehensive module docs
- When to use which encoding
- Security considerations
- Common pitfalls
### Fixed
- **Security**: Fixed potential panic in Identity encoding with invalid UTF-8
- **Performance**: Fixed O(n) string reallocation in `encode()`
- **Error handling**: Error context no longer lost during conversions
- **Documentation**: Fixed rustdoc warnings and broken links
### Development
- **Test coverage**: Increased from 7 to 142 tests (excluding 4 ignored)
- 12 unit tests
- 63 integration tests
- 16 property tests
- 17 security tests
- 20 thread safety tests
- 14 doc tests
- **Quality assurance**: Zero clippy warnings with `-D warnings`
- **CI improvements**: All tests pass consistently
## [1.0.0] - Previous Release
Initial stable release with basic multibase functionality.
### Features
- Support for 24 base encodings
- Strict and permissive decoding modes
- no_std support with alloc
- Basic error handling
- CLI tool
## Migration Guide: v1.x → v2.0
### Error Handling Changes
**Before (v1.x)**:
```rust
match decode(input, true) {
Ok((base, data)) => { /* ... */ }
Err(Error::UnknownBase(c)) => { /* ... */ }
Err(Error::InvalidBaseString) => { /* ... */ }
}
```
**After (v2.0)**:
```rust
match decode(input, true) {
Ok((base, data)) => { /* ... */ }
Err(Error::UnknownBase { code }) => { /* ... */ }
Err(Error::InvalidBaseString) => { /* ... */ }
Err(Error::EmptyInput) => { /* ... */ }
// New error variants - use catch-all due to #[non_exhaustive]
Err(_) => { /* ... */ }
}
```
### Identity Encoding Changes
**Before (v1.x)**:
- Would panic on invalid UTF-8
**After (v2.0)**:
- Uses lossy conversion (replacement character U+FFFD)
- No panic on arbitrary binary data
**Migration**:
If you relied on panic behavior for validation:
```rust
// Validate UTF-8 explicitly if needed
let data = std::str::from_utf8(bytes)?;
let encoded = encode(Base::Identity, data.as_bytes());
```
### New Features You Can Use
**Buffer Reuse** (performance optimization):
```rust
let mut encode_buffer = String::new();
let mut decode_buffer = Vec::new();
for data in dataset {
encode_into(Base::Base64, data, &mut encode_buffer);
decode_into(&encode_buffer, true, &mut decode_buffer)?;
}
```
**Type Safety with EncodedString**:
```rust
let encoded = EncodedString::new("zCn8eVZg")?;
assert_eq!(encoded.base(), Base::Base58Btc);
let decoded = encoded.decode()?;
```
**Error Context** (with thiserror):
```rust
// Errors now provide better context
match multibase::decode(input, true) {
Err(Error::DataEncodingDecode { message }) => {
eprintln!("Decoding failed: {}", message);
}
Err(e) => eprintln!("Error: {}", e),
Ok(_) => {}
}
```
## Compatibility
### Minimum Supported Rust Version (MSRV)
The MSRV is Rust 1.56.0 (Rust 2021 edition).
### Platform Support
- ✅ Linux
- ✅ macOS
- ✅ Windows
- ✅ WebAssembly (wasm32)
- ✅ no_std environments (with alloc)
### Breaking Changes
The following changes require a major version bump (v2.0.0):
1. Error type structure changed (uses thiserror)
2. Identity encoding no longer panics (uses lossy conversion)
3. `#[non_exhaustive]` added to Error enum
4. Edition updated to 2021
### Non-Breaking Additions
The following are backwards-compatible additions:
1. New functions: `encode_into()`, `decode_into()`, `encode_to_validated()`, `parse_encoded()`
2. New type: `EncodedString`
3. Enhanced documentation
4. Additional tests
5. Performance improvements
## Acknowledgments
This release includes improvements guided by:
- [The Definitive Guide to Rust Error Handling](https://www.howtocodeit.com/articles/the-definitive-guide-to-rust-error-handling)
- [Writing Production Rust Macros](https://www.howtocodeit.com/articles/writing-production-rust-macros-with-macro-rules)
- [Ultimate Guide to Rust Newtypes](https://www.howtocodeit.com/articles/ultimate-guide-rust-newtypes)
- Rust API Guidelines
- OWASP Security Guidelines
[Unreleased]: https://github.com/multiformats/rust-multibase/compare/v1.0.0...HEAD
[1.0.0]: https://github.com/multiformats/rust-multibase/releases/tag/v1.0.0