Bug fixes
failoverclient type now requiresmaster_name. Previously, configuringclient_type failoverwithout amaster_namesilently fell back to a simple standalone client. An error is now returned at startup.- Unknown Caddyfile configuration keys are now rejected. Unrecognised keys (e.g. typos such as
tls_enableinstead oftls_enabled) previously passed silently, leaving security-relevant options at their defaults without warning. An error is now returned at parse time. Repair()no longer panics when called without a logger. Logger calls inRepair()andstoreDirectoryRecord()are now nil-guarded, consistent with the rest of the codebase.- Lock refresh goroutine improved. The refresh no longer fires immediately on lock acquisition (the lock is already fresh). Transient Redis errors during refresh are now logged as warnings and retried on the next interval, rather than silently stopping the refresh and allowing the lock to expire.
- Decrypt minimum-length guard tightened. The short-ciphertext check now uses
gcm.NonceSize() + gcm.Overhead()(28 bytes) derived from the cipher instance, replacing the weakeraes.BlockSize(16 byte) check.