Changelog

34 tagged releases across 8 eras

Source
34 releases
8 eras
CHANGELOG.md
Releases tell the story.
Each release is grouped into a thematic era so the timeline reads as a narrative arc — from the foundational streaming agent through enterprise primitives, identity + ABAC, compliance, cost + SLA, resilience, and the current focus on notification reliability.

Unreleased

Active hardening of the notification receiver contract — typed headers, deterministic dedupe, signature parsing.

1 release
Unreleased
Unreleased
Notification Receiver Contract v1.0 — typed headers, canonical signatures, deterministic dedupe.
  • Typed header parsing + timestamp skew support
  • Reusable sqlite dedupe primitives
  • notify_receiver service hardened with strict verification + /stats + /ops aggregates
  • Operator targets: make receiver-up, make receiver-stats

Notification reliability

End-to-end notification reliability — destinations, routing policies, ARQ delivery, DLQ persistence + replay, signature contracts.

7 releases
2.9.4
2026-02-18
Notification reliability
Receiver contract helpers + reference webhook receiver + E2E tests.
  • Signature parsing/verification + payload hashing primitives
  • Compose-ready notify_receiver with deterministic fail modes
  • E2E sender↔receiver tests covering happy path, retries, signature rejection, DLQ replay
  • make notify-e2e + receiver contract runbook
2.9.3
2026-02-18
Notification reliability
Notification delivery contract hardening with HMAC signatures + state machine.
  • Deterministic webhook headers + optional HMAC signatures
  • Attempt-level payload_sha256 persistence
  • Tightened state machine with CAS claims and DLQ on max-age expiry
  • Admin notification attempts endpoint + retry-now job control
2.9.2
2026-02-18
Notification reliability
Tenant-scoped notification routing policies + DLQ persistence + admin replay.
  • notification_routes table with deterministic matching
  • notification_dead_letters persistence + admin replay APIs
  • kill.notifications rollout kill switch for delivery storms
  • Updated operability docs with route matching + DLQ replay flows
2.9.1
2026-02-18
Notification reliability
Keyring required-only mode + inactive API key denial + compliance snapshot schema.
  • KEYRING_MASTER_KEY_REQUIRED with deterministic failure codes
  • AUTH_INACTIVE_KEY denial path + admin reactivation
  • Compliance snapshot canonical schema + persisted artifact paths
2.9.0
2026-02-18
Notification reliability
Admin API key lifecycle + keyring contract + governance retention proofs.
  • /v1/admin/api-keys lifecycle endpoints (expire/reactivate/revoke)
  • /v1/admin/keyring expanded purpose support + activation lifecycle
  • Compliance snapshot contract aliases + persisted evidence bundles under var/evidence
  • Governance retention-proof APIs + status endpoint
2.8.2
2026-02-18
Notification reliability
Tenant-scoped notification destinations + ARQ-backed delivery worker.
  • Notification destination routing with global fallback support
  • ARQ worker for delivery; jobs/attempts as durable source of truth
  • Forced control writes hardened with short-lived writer lease
2.8.1
2026-02-18
Notification reliability
Operability evaluator + durable notification jobs + forced flags.
  • Background operability evaluator with distributed locking + heartbeats
  • Durable notification jobs/attempts with retry backoff + dedupe windows
  • Versioned forced-control flags with TTL and region-role enforcement
  • /v1/ops/operability summary endpoint

Compliance + cost + SLA

SOC 2 control catalog snapshots, evidence bundles, perf harness, SLA engine, cost metering, alert + incident automation.

6 releases
2.8.0
2026-02-18
Compliance + cost + SLA
Alert rules registry + incident automation lifecycle + operator action APIs.
  • Alert rules registry + deterministic evaluation APIs (/v1/admin/alerts/*)
  • Incident automation lifecycle with timeline (/v1/admin/incidents/*)
  • Operator action endpoints with idempotency + persisted records
  • make preflight + make ga-checklist deploy automation
2.7.0
2026-02-18
Compliance + cost + SLA
Compliance control catalog snapshots + API key lifecycle + platform keyring.
  • Compliance control catalog snapshots + in-memory evidence bundle exports
  • API key lifecycle hardening with optional expiration + rotation helper
  • /v1/admin/keys keyring lifecycle APIs with encrypted-at-rest material
  • make security-audit / security-lint / security-secrets-scan gates
2.6.0
2026-02-17
Compliance + cost + SLA
Reproducible perf harness + capacity model + perf gates.
  • Reproducible load/soak harness with deterministic perf scenarios
  • Capacity model + sizing guidance for standard/pro/enterprise tiers
  • Noisy-neighbor fairness checks + perf report artifacts
  • Tuned DB pooling controls + detailed timing instrumentation
2.5.0
2026-02-17
Compliance + cost + SLA
SLA policy engine + adaptive autoscaling.
  • SLA policy engine with tenant assignments + incident tracking
  • Runtime SLA enforcement on /v1/run + ingestion (warn/degrade/shed)
  • Adaptive autoscaling profiles/actions + admin SLA APIs
2.4.0
2026-02-17
Compliance + cost + SLA
Cost metering + tenant budgets + chargeback reports.
  • Cost metering + pricing catalog
  • Tenant budgets with warn/block/degrade guardrails
  • Admin/self-serve spend analytics + chargeback reports
2.3.0
2026-02-16
Compliance + cost + SLA
Quality datasets + runtime guardrails + release gates.
  • Quality datasets/runs/results + metrics trends
  • Runtime quality guardrails + SSE quality events
  • Release gate enforcement + override workflow

Identity + ABAC

Enterprise SSO (OIDC) + SCIM 2.0, ABAC policy engine with simulation, document ACLs with creator-owner default.

3 releases
2.2.0
2026-02-15
Identity + ABAC
ABAC policy engine + document-level ACLs.
  • Priority-aware deny-first / allow ABAC engine
  • Document-level ACLs with creator-owner default
  • Admin policy/permission APIs with simulation
  • Tenant guard / RLS posture checks
2.1.0
2026-02-15
Identity + ABAC
Enterprise SSO (OIDC) + SCIM 2.0 + identity admin APIs.
  • OIDC SSO with PKCE + state/nonce replay protection + JIT provisioning
  • SCIM 2.0 endpoints with token auth + audit events
  • Identity admin APIs (provider, token, tenant user)
  • Entitlements + identity runbooks
2.0.0
2026-02-15
Identity + ABAC
SOC 2 control catalog + continuous evaluation + signed evidence bundles.
  • SOC 2 control catalog with continuous evaluation engine
  • Evidence bundle generation/signing/verification
  • Compliance ops posture endpoint + scheduling + retention pruning
  • SOC 2 runbooks + compliance tests

Resilience + crypto

Envelope encryption with KMS rotation, governance + DSAR + retention pipeline, multi-region failover control plane.

3 releases
1.9.0
2026-02-15
Resilience + crypto
Envelope encryption + pluggable KMS + key rotation.
  • Tenant key registry + encrypted blob store for sensitive artifacts
  • Envelope encryption with pluggable KMS providers
  • Key rotation APIs with resumable re-encryption jobs
  • Crypto runbooks + governance posture integration
1.8.0
2026-02-14
Resilience + crypto
Governance data model + DSAR + retention pipeline.
  • Retention policies, legal holds, DSAR requests, policy rules
  • Policy-as-code engine with deterministic rule evaluation
  • Retention execution/reporting with legal hold supersession
  • DSAR APIs (export/delete/anonymize) with auditable lifecycle
1.7.0
2026-02-14
Resilience + crypto
Region status + failover control plane + write-freeze.
  • Region status + failover control plane tables/endpoints
  • Readiness arbitration with split-brain detection
  • Token-gated promotion/rollback flows + cooldown guards
  • Write-freeze enforcement during failover

Reliability + DR

Reliability primitives (retries, breakers, bulkheads), kill switches, DR backups with signed manifests, BFF SSE protocol.

3 releases
1.6.0
2026-02-10
Reliability + DR
DR backup/restore tooling with signed manifests.
  • DR backup/restore with signed manifests
  • DR readiness/backups/restore-drill ops endpoints
  • Backup retention pruning + drill reporting
  • DR runbooks + tests
1.5.0
2026-02-09
Reliability + DR
Reliability primitives — retries, circuit breakers, bulkheads.
  • Retries + circuit breakers + bulkheads
  • /v1/ops/slo with availability + latency + error budget
  • Rollout kill switches + canary controls
  • Maintenance tasks + incident response runbooks
1.4.0
2026-02-09
Reliability + DR
BFF endpoints + SSE protocol + frontend SDK.
  • /v1/ui BFF endpoints (bootstrap, dashboard, documents, activity, actions)
  • Standardized cursor/filter/sort query contracts for UI lists
  • Optimistic UI action contract with persisted records
  • SSE sequence + heartbeat protocol + reconnect semantics
  • Frontend TypeScript integration SDK

Enterprise primitives

/v1 versioned API + envelopes + idempotency keys, plan entitlements, tenant self-serve, quotas + 402 contract.

4 releases
1.3.0
2026-02-09
Enterprise primitives
/v1 versioned routes + envelopes + idempotency keys.
  • /v1 versioned API with legacy deprecation headers
  • Standardized success/error envelopes
  • Idempotency-key support on write endpoints
  • Improved OpenAPI schemas + generated SDK scaffolding
1.2.0
2026-02-09
Enterprise primitives
Tenant self-serve APIs + usage analytics + billing webhook.
  • Tenant self-serve API key lifecycle endpoints
  • Usage summary + timeseries endpoints
  • Plan visibility + upgrade request workflow
  • Billing webhook test endpoint
1.1.0
2026-02-09
Enterprise primitives
Plan assignments + entitlements + feature gating.
  • Tenant plan assignments + feature entitlements
  • Server-side feature gating for retrieval/TTS/ops/audit/corpora
  • Admin APIs for plan assignment + overrides
1.0.0
2026-02-07
Enterprise primitives
Tenant quotas + 402 QUOTA_EXCEEDED contract + admin management.
  • Daily/monthly tenant quotas with soft/hard cap modes
  • Quota response headers + 402 QUOTA_EXCEEDED contract
  • Admin quota management + usage summary endpoints

Foundation

Streaming agent + SSE framing, multi-cloud retrieval routing, async ingestion, audit log, RBAC, rate limiting.

8 releases
0.9.0
2026-02-07
Foundation
Redis-backed token-bucket rate limiting.
  • Per-key + per-tenant dual enforcement
  • Stable 429 schema with retry hints
  • Audit events for throttling + degraded mode
0.8.0
2026-02-07
Foundation
Audit log + central audit service.
  • audit_events table + central audit service
  • Auth/security/data mutation event logging across the API
  • Admin-only audit query endpoints with tenant scoping
  • Metadata redaction policy for sensitive fields
0.7.0
2026-02-07
Foundation
API key auth + RBAC + tenant binding.
  • API key auth with hashed key storage
  • RBAC roles + tenant binding
  • Protected run/documents/corpora/ops endpoints by role
  • Auth/RBAC integration tests + tenant isolation coverage
0.6.x
2026-02-06
Foundation
Async ARQ ingestion + ops health + worker visibility.
  • Redis-backed ARQ ingestion worker
  • Enqueue-based 202 Accepted ingest semantics
  • Document status tracking with failure reasons
  • Worker heartbeats + queue depth status
0.5.0
2026-02-06
Foundation
Document lifecycle (delete, reindex, raw text ingest).
  • Lifecycle endpoints with metadata (source, reindex ts, storage path)
  • Idempotent text ingest + delete + reindex flows
0.4.0
2026-02-02
Foundation
Document ingestion API with deterministic chunking + pgvector storage.
  • Upload/status/list APIs with tenant scoping
  • Deterministic chunking + embedding + pgvector storage
  • Integration tests covering upload → ingest → retrieval
0.2.0
2026-02-02
Foundation
Multi-cloud retrieval routing per corpus.
  • Bedrock KB + Vertex retrieval adapters (mock-tested)
  • Retrieval routing per corpus.provider_config_json
  • Seed demo corpus configured for router defaults
0.1.0
2026-02-01
Foundation
Streaming agent + SSE framing + DB session lifecycle.
  • Streaming /v1/run with progressive token streaming
  • SSE framing + request_id tracing + reconnect semantics
  • DB session lifecycle hardening + race-safe upserts
  • pgvector cosine retrieval with similarity scoring