The headline change since v122 is Via: an early-alpha application server system for Vary apps. Via gives operators a host-side via command and developers a vary app deploy path where committed source is built, checked, packaged, signed, launched, routed, and recorded by the platform. It is still alpha software, so commands, config, host requirements, and operational flows may change between releases.
The language and runtime gained the pieces needed to make that server path useful: declarative api contracts, table metadata on data types, query declarations for typed read models, generated route manifests, OpenAPI output, Javalin-backed HTTP service jars, and managed SQLite bindings that let Via own database files while apps use binding names.
| Change | Description |
|---|---|
| Via application server | Early-alpha server system for Vary apps, with host-side install/init/doctor operations and developer-side target, login, preflight, deploy, status, logs, and smoke commands. |
| Server-side deploy flow | Committed source is received by Via, built in a clean environment, checked, packaged, signed, launched, routed, and recorded as a release. |
| Via packaging | The Via binary, runtime image content, install helpers, same-host install path, and uninstall cleanup are now part of the platform shape. |
| Deploy diagnostics | App status, deploy detail, route readiness, runtime capability blockers, failed-deploy next actions, smoke diagnostics, and target doctor recovery produce more actionable output. |
| Routes and domains | App-bound route domains, domain proof tokens, configurable app-domain proof policy, route readiness evidence, custom certificate bindings, and Caddy proxy integration. |
| Via add-ons | Managed add-on lifecycle for create, bind, unbind, snapshot, restore, rotation, readiness, retained evidence, stale binding reconciliation, and delete/name reuse flows. |
| Managed SQLite bindings | Apps can use a binding name such as DATABASE while Via owns the SQLite file, lifecycle, snapshot and restore path, and runtime authorization. |
| Runtime trust | Runtime identity, config delivery, trust store reconciliation, backup preservation, and signed workload material checks are covered by platform gates. |
| Declarative API contracts | api declarations define routes, methods, request and response types, auth, cache, capabilities, idempotency, and compatibility metadata in one compiler-owned shape. |
| Declarative persistence | data table metadata and query declarations define schemas, migrations, indexes, constraints, typed read models, SQL lowering, and row decoders. |
| HTTP service jars | The HTTP DSL now uses a smaller Javalin-backed generated resource path for typed service contracts and SQLite-backed handlers. |
| OpenAPI serving | Generated HTTP service jars can serve their OpenAPI spec, keeping runtime inspection aligned with compiler projections and release snapshots. |
| Issue tracker example | The shipped issue tracker moved onto declarative API and persistence patterns. |
| Public API shape | Route manifests, OpenAPI snapshots, generated TypeScript clients, route catalogs, docs metadata, and compatibility metadata now come from compiler-owned declarations. |
| Check-rule additions | New rules steer code away from manual route catalogs, hand-built JSON, handler adapters, row getter mapping, setter-sequence projections, and structured markup strings. |
| Stdlib boundary helpers | New and expanded modules cover API context, API response, auth, config, content, mapping, metrics, paging, projection, URL policy, and XML. |
| Via operations APIs | Via gained identity, operations, app add-on, runtime, routing, observability, settings, system health, and deployment workspace APIs. |
| Security and dependency updates | Patch updates for vulnerable dev dependencies, deploy-token handling, URL policy validators, and typed content sanitization. |
| Docs and courses | New Via docs, deploy guides, CLI reference, managed SQLite docs, application server articles, and website courses cover the expanded platform surface. |