Merge branch 'master' into master

Author: jmrenouard

.agent/README.md

@@ -55,4 +55,4 @@ This directory contains the project's technical constitution, specialized skills
 
 
 ---
-*Generated automatically by `/doc-sync` on Sat Feb 14 11:35:52 CET 2026*
+*Generated automatically by `/doc-sync` on Sun Feb 15 22:45:08 CET 2026*

.agent/rules/03_execution_rules.md

@@ -33,6 +33,7 @@ To ensure quality and clarity in every development cycle, all non-trivial featur
 3. **Tasks (`/tasks`)**: Break down the plan into granular, ID-tracked tasks in `task.md`.
 4. **Implement**: Proceed with the code changes based on the approved plan and tasks.
 5. **Verify**: Validate the implementation through TDD and regression suites.
+6. **Roadmap Sync**: Update `ROADMAP.md` status (`[x]` or `[/]`) for the implemented features.
 
 ### **4.3. Coding Guidelines**
 
@@ -78,6 +79,7 @@ To ensure quality and clarity in every development cycle, all non-trivial featur
     - _Requirement_: Adding a new test MUST have a `test:` entry in the `@Changelog`.
     - _Requirement_: Changing test scripts or updating infrastructure MUST have a `ci:` entry in the `@Changelog`.
     - _Requirement_: Changing `Makefile` or files under `build/` MUST be traced in the `@Changelog` (usually via `ci:` or `chore:`).
+    - _Requirement_: All feature completions MUST be synchronized with `ROADMAP.md` before final PR/Commit.
     - _Ordering_: Changelog entries MUST be ordered by category: `chore`, `feat`, `fix`, `test`, `ci`, then others.
     - _Release Notes_: All release notes generated in `releases/` MUST follow the same category ordering in their "Executive Summary" section.
     - _Requirement_: The `/git-flow` workflow MUST always be preceded by a successful `/release-preflight` execution.

.agent/skills/cli-execution-mastery/SKILL.md

@@ -49,6 +49,35 @@ If connection fails, use these flags to diagnose:
 - `--dbgpattern='.*'`: Filters debug information with regex.
 - Verify `mysqlcmd` path if custom binaries are used: `--mysqlcmd=/usr/local/bin/mysql`.
 
+### 5. MariaDB InnoDB Variable Compatibility
+
+As MariaDB evolves, several InnoDB system variables have been removed or deprecated. `mysqltuner.pl` detects these to avoid legacy configuration overhead.
+
+| Parameter | Removed/Deprecated In | Note/Replacement |
+| :--- | :--- | :--- |
+| `have_innodb` | Removed 10.0 | Use `SHOW ENGINES` or `I_S.PLUGINS`. |
+| `innodb_adaptive_flushing_method` | Removed 10.0 | Replaced by MySQL 5.6 flushing logic. |
+| `innodb_checksums` | Removed 10.0 | Use `innodb_checksum_algorithm`. |
+| `innodb_stats_sample_pages` | Removed 10.5.0 | Use `innodb_stats_transient_sample_pages`. |
+| `innodb_file_format` / `_check` / `_max` | Removed 10.6.0 | Antelope and Barracuda are legacy concepts. |
+| `innodb_large_prefix` | Removed 10.6.0 | Always enabled in newer versions. |
+| `innodb_locks_unsafe_for_binlog` | Removed 10.6.0 | No longer supported. |
+| `innodb_prefix_index_cluster_optimization` | Deprecated 10.10 | Always enabled now. |
+
+### 6. MySQL InnoDB Variable Compatibility
+
+| Parameter | Removed/Deprecated In | Note/Replacement |
+| :--- | :--- | :--- |
+| `innodb_locks_unsafe_for_binlog` | Removed 8.0 | Use `READ COMMITTED` isolation level instead. |
+| `innodb_support_xa` | Removed 8.0 | XA support is now always enabled. |
+| `innodb_file_format` family | Removed 8.0 | `Barracuda` is the only supported format. |
+| `innodb_large_prefix` | Removed 8.0 | Always enabled for `Barracuda`. |
+| `tx_isolation` / `tx_read_only` | Removed 8.0 | Use `transaction_isolation` / `transaction_read_only`. |
+| `innodb_undo_logs` | Removed 8.0 | Replaced by `innodb_rollback_segments`. |
+| `innodb_undo_tablespaces` | Removed 9.0 | Managed automatically now. |
+| `innodb_log_file_size` | Removed 9.0 | Replaced by `innodb_redo_log_capacity`. |
+| `innodb_api_...` variables | Removed 8.4 | Memcached-related variables removed. |
+
 ## ✅ Verification
 
 - Run `perl mysqltuner.pl --help` to confirm availability of these options.

.agent/workflows/doc-sync.md

@@ -1,16 +1,29 @@
 ---
-trigger: explicit_call
+trigger: /doc-sync
 description: Synchronize .agent/README.md with current Rules, Skills, and Workflows
-category: tool
+category: Documentation
 ---
 
 # Documentation Synchronization Workflow
 
-1. Execute the documentation synchronization script:
+1. Execute the documentation synchronization script to update `.agent/README.md`:
 // turbo
 
 ```bash
 python3 build/doc_sync.py
 ```
 
-1. Review the updated summary in [.agent/README.md](file://.agent/README.md).
+1. **Full Documentation Review Checklist**:
+    - [ ] **READMEs**: Verify `README.md` and translations are up-to-date with new features.
+    - [ ] **Usage**: Ensure `mysqltuner.pl --help` output matches `CLI_METADATA` in script.
+    - [ ] **ROADMAP.md**: Move completed items from Phase 2/3 to COMPLETED.
+    - [ ] **POTENTIAL_ISSUES**: Audit found anomalies and update it if needed.
+    - [ ] **Script Comments**: Verify internal documentation matches logic changes.
+
+2. **Version Consistency Audit**:
+    - [ ] `CURRENT_VERSION.txt` matches `$tunerversion` in `mysqltuner.pl`.
+    - [ ] Script header and POD documentation reflect the current version.
+    - [ ] `Changelog` contains a section for the current version with correct date.
+    - [ ] `releases/v[VERSION].md` exists and is synchronized with `Changelog`.
+
+3. Review the updated summary in [.agent/README.md](file://.agent/README.md).

.agent/workflows/git-flow.md

@@ -22,8 +22,11 @@ This workflow MUST be orchestrated by the **Release Manager**.
    - Commit all pending changes including `Changelog` updates for the current version.
 
    ```bash
+   # Extract content between the first version header and the next one
+   RELEASE_NOTES=$(awk "/^$CURRENT_VER/,/^([0-9]+\.[0-9]+\.[0-9]+)/ {if (\$0 !~ /^([0-9]+\.[0-9]+\.[0-9]+)/) print}" Changelog | sed '/^$/d')
+   COMMIT_MSG="feat: release $CURRENT_VER\n\n$RELEASE_NOTES"
    git add .
-   npm run commit  # Select 'feat' and enter "release $CURRENT_VER"
+   echo -e "$COMMIT_MSG" | git commit -F -
    ```
 
    // turbo

.agent/workflows/hey-agent.md

@@ -42,7 +42,7 @@ category: [governance | tool | skill]
 6. **Execution**: Apply changes using `replace_file_content` or `multi_replace`.
 7. **Synchronization**: Immediately update `03_execution_rules.md` (constraints) and `04_best_practices.md` if necessary.
 8. **Autolearning**: Update `remembers.md` as the session-level memory buffer.
-9. **Documentation Sync**: Execute `/doc-sync` to refresh the project's technical summary.
+9. **Documentation Sync**: Execute `/doc-sync` to refresh the project's technical summary. Ensure that any release publication (via `/git-flow`) uses all current release notes as the commit message.
 
 ## ✅ Verification
 

.github/workflows/codeql.yml

@@ -0,0 +1,103 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '43 18 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: actions
+          build-mode: none
+        - language: javascript-typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Add any setup steps before running the `github/codeql-action/init` action.
+    # This includes steps like installing compilers or runtimes (`actions/setup-node`
+    # or others). This is typically only required for manual builds.
+    # - name: Setup runtime (example)
+    #   uses: actions/setup-example@v1
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - name: Run manual build steps
+      if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4
+      with:
+        category: "/language:${{matrix.language}}"

.gitignore

@@ -50,3 +50,12 @@ mysqltuner.pl.bak
 0/**
 experimental_run.log
 experimental_run_v2.log
+test_dump_84/**
+test_dump/**
+test_output.log
+tested_subs.txt
+untested_subs.txt
+execution_test.log
+all_subs.txt
+execution_84.log
+test_dump_84/ifs_COLLATION_CHARACTER_SET_APPLICABILITY.csv

CURRENT_VERSION.txt

@@ -1 +1 @@
-2.8.38
+2.8.40

Changelog

@@ -1,15 +1,43 @@
-2.8.38 2026-02-14
+# MySQLTuner Changelog
+
+2.8.40 2026-02-15
 
+- feat: overhaul InnoDB Redo Log Capacity logic to consider RAM size and workload writes.
+- feat: add support for `innodb_dedicated_server` detection in Redo Log diagnostics.
+- feat: implement multi-cloud autodiscovery for AWS RDS/Aurora, GCP Cloud SQL, Azure (Flexible/Managed), and DigitalOcean.
+- feat: add granular SSL/TLS security checks (certificate expiration, remote user SSL enforcement).
+- feat: add infrastructure-aware tuning (SSD/NVMe vs HDD detection and architecture reporting).
+- test: add comprehensive unit test suite for core logic coverage (InnoDB, MyISAM, Query Cache, Stats).
+- test: add dedicated unit test for cloud discovery logic (tests/cloud_discovery.t).
+- refactor: replace massive system calls (awk, grep, uname, getconf, sysctl) with native Core Perl functions for Linux.
+- fix: resolve MySQL 9.x compatibility issues and SQL execution regressions (RC 256).
+- chore: add Daniel Lewart(@lewart3) to contributors list.
+- chore: remediate Arbitrary File Write vulnerability in tmp (GHSA-52f5-9888-hmc6) by forcing update to 0.2.4+ via npm overrides.
+- chore: bump version to 2.8.40.
+
+2.8.39 2026-02-15
+
+- feat: implement authentication plugin security checks to detect insecure or deprecated plugins like mysql_native_password and sha256_password.
+- feat: add MySQL 9.x readiness diagnostics for eliminated authentication methods.
+- feat: update MariaDB recommendations to suggest ed25519 and unix_socket for enhanced security.
+- test: add integrated test suite for authentication plugin auditing (tests/auth_plugin_checks.t).
+- feat: detect removed InnoDB variables in MariaDB and MySQL and provide actionable recommendations.
+- test: add regression test for MariaDB and MySQL removed InnoDB variables (tests/removed_innodb_vars.t).
 - fix: prevent creation of unauthorized directory "0" when --dumpdir is not explicitly set or set to 0 (Issue #20).
 - fix: robust, version-agnostic detection of password column in mysql.user via schema inspection (Issue #22).
+- fix: refactor mysql_setup to correctly handle --defaults-file and --defaults-extra-file with credentials (Issue #605).
+- fix: resolve MariaDB socket authentication regression and restore automatic credential discovery (Issue #875).
+- fix: remediate Prototype Pollution vulnerability in lodash (CVE-2021-23341) by forcing update to 4.17.23.
 - refactor: replace massive system calls (awk, grep, uname, getconf, sysctl) with native Core Perl functions for Linux.
 - feat: implement native parsing for /proc/cpuinfo, /proc/meminfo, /proc/sys/vm/swappiness and /etc/resolv.conf.
+- feat: add support for --login-path in CLI metadata and mysql_setup for enhanced authentication flexibility.
 - refactor: optimize CPU core count, logical CPU detection, and OS memory setup for local environments.
 - refactor: use POSIX::uname and POSIX::sysconf for standardized system and architecture reporting.
-- fix: resolve MariaDB socket authentication regression and restore automatic credential discovery (Issue #875).
-- fix: remediate Prototype Pollution vulnerability in lodash (CVE-2021-23341) by forcing update to 4.17.23.
 - test: add reproduction test for authentication discovery chain (tests/issue_875_regression.t).
 - test: add comprehensive test suite for password column detection (tests/repro_issue_22.t).
+- test: add reproduction test for credentials and defaults files handling (tests/repro_issue_605.t).
+- feat: add automatic detection of systemd journal and syslog fallbacks for MariaDB/MySQL logs (Issue #440).
+- test: add verification suite for syslog and systemd journal detection (tests/syslog_journal_detection.t).
 - chore: bump version to 2.8.38.
 
 2.8.36 2026-02-13
@@ -22,9 +50,12 @@
 - test: add comprehensive test suite for password column detection (tests/repro_issue_22.t).
 - test: add reproduction test for Performance Schema disabled diagnostic (tests/repro_pfs_disabled.t).
 - fix: prevent creation of directory "0" when --dumpdir is not specified or set to 0 (Issue #20).
-- docs: fix broken endoflife.date links in README files (Issue #877).
+- docs: fix broken endoflife.date links in README files (Issue #877, credit @FabioPedretti).
+- docs: fix broken endoflife.date links in README files (Issue #877, credit @FabioPedretti).
 - test: add reproduction test for Performance Schema disabled scenario (repro_pfs_disabled.t).
 - ci: fix Docker API mismatch in GitHub Actions by migrating to native services.
+- feat: make Storage Engine Statistics output deterministic by @lewart3 (Issue #26).
+- feat: make Storage Engine Statistics output deterministic by @lewart3 (Issue #26).
 
 2.8.35 2026-02-02
 
@@ -38,8 +69,6 @@
 - test: add regression test `tests/issue_770.t` to verify `innodb_log_file_size` recommendation precision.
 - test: add regression test `tests/issue_783.t` to verify `innodb_log_buffer_size` recommendation on idle servers.
 
-# MySQLTuner Changelog
-
 2.8.33 2026-01-31
 
 - fix: improved cPanel/Flex detection and refined `skip-name-resolve` recommendation (issue #863).