Skip to content
Updates
Melange v0.8.1

Melange v0.8.1

April 12, 2026·pthm
pthm

Melange v0.8.1 is a patch release fixing contextual tuples being silently ignored with custom database schemas, along with several other custom schema bug fixes, SQL injection hardening, and expanded test coverage.

No breaking changes from v0.8.0. Upgrade and run melange migrate to pick up the fixed SQL functions. The --db-schema flag now defaults to public instead of an empty string — behavior is unchanged unless you were relying on the empty default.

Bug Fixes

Fix Contextual Tuples Silently Ignored with Custom Schemas

Fixed a bug where contextual tuples (temporary tuples passed with a check request) were silently ignored when using a custom database schema (e.g., --db-schema authz).

The root cause: generated SQL functions referenced melange_tuples with full schema qualification (e.g., "authz"."melange_tuples"), which bypasses PostgreSQL’s search path. The contextual tuples mechanism works by creating a temporary view pg_temp.melange_tuples that shadows the real one — but schema-qualified references skip pg_temp entirely, so the temp view was never consulted.

The fix has three parts:

  1. SET search_path on generated functions — each generated function now includes SET search_path = '<schema>' in its definition. This ensures unqualified melange_tuples resolves to the correct schema, while pg_temp always takes precedence per PostgreSQL semantics.

  2. Remove schema qualification from melange_tuples references — all ~44 locations in generated function bodies now use unqualified melange_tuples, relying on the search path instead. Function-to-function calls remain schema-qualified since pg_temp does not apply to function name resolution.

  3. Default databaseSchema to "public" everywhere — the migrator, checker, and CLI flags now all default to "public" instead of an empty string, eliminating a code path that was never exercised by the test suite.

Fix check_permission_bulk with Custom Schemas

Fixed a bug (#47) where check_permission_bulk’s inline check path referenced melange_tuples without the configured database schema, causing lookups to fail when using a custom PostgreSQL schema.

Fix melange doctor View Lookup with Custom Schemas

The checkViewDefinition function used a hardcoded 'melange_tuples'::regclass cast that only resolved in the default schema. Now uses the configured schema for proper qualification.

Fix melange doctor Performance Checks with Custom Schemas

The getTableIndexDefs and getTableRowCount functions in the doctor’s performance checker used current_schema() instead of the configured database schema, causing expression index checks and row count lookups to target the wrong schema when melange objects live in a custom schema.

Fix Codegen Bugs Found by Schema-Variant Tests

Running the full OpenFGA compatibility suite against a custom schema uncovered three additional code generation bugs:

  • Raw check_permission_internal calls were missing schema qualification
  • FunctionCallExpr for intersection closure was missing the Schema field
  • CTE name member_expansion was incorrectly schema-qualified (CTEs are local to the query and should never be schema-prefixed)

Security

Harden SQL Quoting for Schema Names

Schema names containing single quotes could produce malformed SQL in SET search_path values and ::regclass casts. Now uses QuoteLiteral for proper escaping. Added godoc warnings to InnerJoin/LeftJoin directing callers to use JoinTuples for melange_tuples references, preventing future regressions.

Testing

  • Custom schema test suite — the full OpenFGA compatibility suite now runs against both the default and a custom PostgreSQL schema, catching schema-qualification regressions automatically
  • Contextual tuple YAML tests — 660 lines of new test cases covering contextual tuples across direct assignment, computed userset, union, exclusion, intersection, wildcard, and userset reference patterns with check, list_objects, and list_users assertions
  • Doctor custom schema test — new integration test running the full doctor against a database with melange objects in a custom schema, verifying schema file validation, function discovery, tuples source detection, and view definition parsing
  • buildInlineCheckExpr unit tests — verifying schema qualification in both default and custom schema modes

Migration Notes

From v0.8.0

No breaking changes. Upgrade and run migrations to pick up the fixed SQL functions:

melange migrate

If you use contextual tuples with a custom database schema, this release fixes them. No application code changes needed — the generated SQL functions are updated automatically by melange migrate.

If you use melange generate migration, regenerate your migration files to pick up the fixed functions:

melange generate migration \
  --schema melange/schema.fga \
  --output db/migrations \
  --git-ref main

Try It Out 

# Install / upgrade CLI
brew install pthm/melange/melange

# Apply migrations
melange migrate

# Go runtime
go get github.com/pthm/melange/melange@v0.8.1

# TypeScript runtime
npm install @pthm/melange

Feedback

We welcome feedback and bug reports. Please open an issue with questions or feature requests.

Melange v0.8.0