Harmony 0.6: Policy-based request control, enhanced content type support, and critical fixes

We're pleased to announce Harmony 0.6, a focused release that builds on the production-ready foundation established in version 0.5. This release introduces policy-based middleware for fine-grained request control, enhanced content type handling across the pipeline, and critical reliability fixes that improve operational stability.

For healthcare organisations deploying healthcare interoperability platforms, Harmony 0.6 delivers the flexibility to implement sophisticated access controls, handle diverse healthcare data formats more reliably, and maintain stable production operations with improved configuration management. Whether you're managing access policies for clinical systems, orchestrating complex data transformations, or operating multi-site integration infrastructure, this release enhances your ability to build secure, reliable healthcare data connectivity.

Policy-Based Middleware for Fine-Grained Control

Harmony 0.6 introduces a policy-based middleware system that enables healthcare organisations to implement sophisticated request handling and authorisation logic without custom code. This architectural enhancement provides the flexibility to define granular control policies that match your organisation's specific security requirements and compliance obligations.

The policy system provides 13 different rule types that can be combined to create sophisticated access control logic:

• IP-based access control: Allow or block requests based on IP addresses and CIDR ranges
• Rate limiting: Throttle requests per client IP with configurable windows
• Path matching: Control access to specific URL patterns and API endpoints
• Geographic filtering: Allow or deny based on country codes
• Header inspection: Match on HTTP headers with exact, contains, or regex patterns
• Time-based restrictions: Control access by time of day, days of week, or date ranges
• HTTP method filtering: Allow or deny specific HTTP verbs (GET, POST, PUT, DELETE, etc.)
• User-Agent filtering: Match or block based on browser/client patterns
• Content-Type validation: Accept or reject requests based on MIME types
• Query parameter inspection: Validate query string parameters with flexible matching
• Universal rules: Blanket allow or deny for base policies

For healthcare environments, these capabilities translate into practical operational benefits. A hospital network can restrict access to internal networks using IP allowlists, apply rate limiting to prevent API abuse, and use time-based rules to enforce business hours access. Regional health information exchanges can implement geographic restrictions for compliance with data sovereignty requirements, filter requests by path to protect administrative endpoints, and validate Content-Type headers to ensure only appropriate data formats reach backend systems.

The policy middleware integrates seamlessly with Harmony's existing transformation and routing capabilities. Policies execute before requests reach transformation pipelines, enabling early rejection of unauthorised or malformed requests. This approach reduces unnecessary processing overhead and provides clearer security boundaries within your secure data integration platform.

Healthcare organisations implementing interoperability gateway architectures benefit from policies that can be composed and reused across multiple routes and services. Define authentication policies once, apply them consistently across FHIR endpoints, DICOMweb services, and custom integration routes. This consistency reduces configuration complexity while ensuring uniform security postures across diverse integration scenarios.

The policy architecture supports both simple declarative configurations for common scenarios and extensible custom policies for organisation-specific requirements. Healthcare IT teams gain the flexibility to implement sophisticated security logic without deep Rust development expertise, while maintaining the option to extend the policy system as requirements evolve.

Enhanced Content Type Support

Harmony 0.6 introduces comprehensive multi-content-type support, enabling the HTTP adapter to automatically parse and normalise diverse data formats beyond JSON. The gateway now handles six distinct content types, converting them all to a consistent JSON structure for pipeline processing.

Newly supported content types:

• XML (application/xml, text/xml, application/soap+xml): Automatic conversion to JSON with attribute preservation, nested element support, and XXE attack prevention
• CSV (text/csv): Row-based parsing with header detection, formula injection prevention, and configurable row limits
• Form URL-encoded (application/x-www-form-urlencoded): Standard web form parsing with array support
• Multipart form data (multipart/form-data): File upload handling with metadata capture, SHA256 checksums, and configurable file limits
• Binary content (images, PDFs, zip files): Binary preservation with integrity verification and size tracking
• JSON (enhanced): Expanded JSON variant support including application/fhir+json and application/dicom+json

This multi-format capability directly addresses real-world healthcare integration challenges. A laboratory information system can now send results as CSV files, pathology reports as XML documents, or microscopy images as binary data—Harmony normalises all formats into consistent JSON structures that transformation middleware can process uniformly. Clinical systems posting form-encoded data, FHIR servers sending SOAP XML payloads, and document management systems uploading multipart files all work seamlessly through the same pipeline.

For organisations building comprehensive healthcare interoperability platforms that bridge clinical systems, imaging networks, and laboratory environments, automatic content type handling eliminates the need for custom parsing logic in every integration. Configure size and complexity limits (max_body_size, max_csv_rows, max_xml_depth) to prevent resource exhaustion while supporting diverse data sources with different format requirements.

Critical Reliability Fixes

Beyond new features, Harmony 0.6 delivers important reliability improvements that enhance operational stability in production healthcare environments. These fixes address issues identified through community deployment experiences and ensure that capabilities introduced in version 0.5 work reliably under production workloads.

Hot reload improvements: The configuration hot reload mechanism now correctly watches and applies pipeline configuration updates in real-time. This fix ensures that the zero-downtime configuration updates introduced in version 0.5 work reliably across all configuration scenarios. Healthcare organisations can confidently update routing rules, transformation logic, and backend connections during business hours without service interruptions.

Query and path parameter handling: Previous versions incorrectly stripped query strings and path parameters from proxied requests in certain scenarios. Harmony 0.6 fixes this behaviour, ensuring that URL parameters pass through correctly to backend services. For FHIR endpoints that rely on search parameters or DICOMweb services using query-based filtering, this fix prevents data loss and ensures correct backend behaviour.

Hop-by-hop header filtering: Harmony now properly filters connection-specific HTTP headers that should not be forwarded to backend services. This fix prevents protocol-level headers from interfering with backend connection handling and ensures compliance with HTTP proxy specifications. Healthcare integration scenarios involving multiple proxy layers or load balancers benefit from cleaner, more predictable header handling.

Configuration watching stability: Fixed failures that prevented pipeline configuration updates from being properly detected and applied. This improvement ensures that configuration changes trigger appropriate reload sequences and that the validation and rollback mechanisms work reliably across different filesystem types and deployment environments.

Together, these fixes eliminate common operational issues that affected some production deployments. Healthcare organisations gain improved configuration management, more reliable request handling, and better production stability—critical qualities for systems processing protected health information.

Get Started with Harmony 0.6

Harmony 0.6 is available now on GitHub. Pre-built binaries are available for macOS (Apple Silicon and Intel), Linux (x86_64 and ARM64), and Windows platforms. The comprehensive documentation includes configuration guides for policy-based middleware, deployment examples, and migration notes for the binary name change.

This release enhances the production-ready foundation established in version 0.5, adding flexibility, reliability, and operational capabilities that healthcare organisations need for sophisticated integration scenarios. The combination of policy-based control, improved content type handling, and critical stability fixes makes Harmony 0.6 a solid upgrade for organisations operating healthcare interoperability infrastructure.

Ready to enhance your healthcare integration capabilities? Download Harmony 0.6, explore the policy middleware documentation, and discover how flexible request control can simplify your integration architecture.

Building flexible, reliable healthcare interoperability with Harmony 0.6.