History
Changelog
All notable changes to Azoth OS, in reverse chronological order. View on GitHub ↗
0.12.0
2 July 2026
Runtime Decision Trace, GreenOps abatement & SSRF hardeningAdded
- ·Runtime Decision Trace ("Prove it") — a sealed, per-workspace hash-chained compliance journal of every inference and agent tool-call decision, queryable and exportable as a tamper-evident evidence pack. Only non-personal data is hashed; the personal-content envelope is separately erasable for GDPR without breaking the chain. Available behind a feature flag for regulated deployments.
- ·GreenOps auditable avoided-CO₂ — every emissions-avoiding decision (cache hit, greener routing, avoided inference) can emit a hash-sealed, conservatively-baselined avoided-CO₂ record. Available behind a feature flag; absolute gram figures are marked advisory-only pending a coefficient revision, while the avoided fraction is the reportable figure.
Security
- ·Closed the last DNS-rebinding windows on outbound fetches to customer-supplied URLs (Ollama endpoints, S3 export) — the socket is now pinned to a validated public IP, including for credentialed requests.
- ·Tighter rate limits on security-critical setting changes (MFA enforcement, IP allowlist), and a regression guard on the workspace cookie's HttpOnly / SameSite / Secure flags.
Changed
- ·Kubernetes self-host manifests hardened (image digest pinning, default-deny network policy, read-only root filesystem, seccomp, dropped capabilities). Static analysis (semgrep) now runs on every pull request.
- ·Type-safety pass across the API surface — eliminated implicit any on 53 route files and enabled stricter index-access checks project-wide.
0.11.0
15 June 2026
Scale hardening, RGPD self-service & accessibilityAdded
- ·GDPR self-service at /dashboard/account — export all of your workspace data (Article 15, JSON or NDJSON), request account erasure behind a typed confirmation (Article 17), read a plain-language "data we hold" summary, and review your consent history.
- ·Per-purpose, version-stamped cookie consent — the banner records exactly which purposes you granted (strictly-necessary vs analytics) tied to a policy version, and re-prompts when that policy materially changes (GDPR Article 7).
- ·Accessibility Statement at /legal/accessibility — an honest EN 301 549 / WCAG 2.2 self-assessment ("partially conformant", with the known gaps listed), linked from the footer.
- ·Per-workspace decision-trace toggle in Settings — opt a single workspace into runtime explainability traces without flipping the global flag (EU AI-Act readiness).
- ·Breadcrumbs across the dashboard plus consistent empty / loading / error states via shared EmptyState, Spinner and ErrorState components.
- ·Read-replica-aware analytics reads — heavy reporting queries route to a read replica when SUPABASE_REPLICA_URL is set, keeping them off the primary. No-op until configured.
- ·Per-tenant in-flight concurrency cap, bounded provider retry on transient errors, and a fail-closed budget reserve — all behind feature flags, default off, to validate under load before enabling.
- ·k6 gateway load-test harness (cache-hit mode spends nothing on providers) for capacity planning.
Changed
- ·Retention now bounds the trace tables that previously grew without limit (runtime decision traces, inference-necessity scores, shadow executions, compression states), and the per-workspace retention window applies to every PII trace table. A duplicate index on the highest-write table was dropped to halve its per-insert write cost.
- ·Provider-key lookups are cached for 60s on the inference hot path — removing the last uncached per-request database read.
- ·Accessibility: automated axe checks extended to WCAG 2.2 AA, and tertiary text raised to AAA contrast.
- ·The experimental sovereignty advisory engines (provider-risk scoring, tenant dependency / exit insights) are now gated behind FEATURE_SOVEREIGN_ADVISORY (default off) instead of running unconditionally.
Fixed
- ·Production build no longer fails on the OpenTelemetry Node SDK — the SDK is now externalised from the bundle, so the Vercel build stops choking on the optional @opentelemetry/shim-opencensus module.
- ·Retention purge correctness — restored the io_scan_traces purge and the per-workspace retention loop for all four PII trace tables, and fixed a wrong column reference (routing_decisions uses decided_at, not created_at) that would otherwise have aborted the entire nightly purge.
0.10.0
3 June 2026
Operator tools & plan cleanupAdded
- ·/api/me/debug — auth-gated diagnostic endpoint returning the full server-side view for the current session: user ID, all workspace memberships with roles + acceptance state, env-var presence (booleans only), CSRF trust set, and what /api/me/workspace would resolve to. One endpoint replaces five rounds of "why does this fail in prod?" guessing.
- ·/api/me/debug/api-key-dry-run — step-by-step diagnostic of the API-key creation flow with the first ok:false step pinpointing the exact cause (session, role, rate-limit, admin client, hash subsystem, INSERT canary into api_keys, INSERT canary into audit_logs).
- ·/api/me/workspaces + POST /api/me/workspace — list workspaces and pin the active one via an HttpOnly cookie. Membership re-validated server-side every read.
- ·WorkspacePicker dropdown in the topbar — appears when the user belongs to 2+ workspaces, shows a role chip per entry, switching reloads the page so every workspace-scoped view re-fetches cleanly.
- ·APP_ORIGINS env var — comma-separated list of additional CSRF-trusted origins for multi-domain deploys. www/apex sibling of NEXT_PUBLIC_APP_URL is added automatically.
- ·validateEnv() warning when NEXT_PUBLIC_APP_URL still points at the *.vercel.app default — emits a clear warning in the deploy log so the operator catches it before a real user hits a broken email link.
Changed
- ·Plan lineup simplified to four (forge / developer / team / enterprise). PLANS.pro (149€) and PLANS.scale (1499€) entries removed from lib/billing/pricing.ts; legacy plan keys (starter, growth, crucible, pro, scale) collapse onto current plans at runtime via PLAN_KEY_MAP so grandfathered Stripe subscriptions keep working. STRIPE_PRO_PRICE_ID, STRIPE_SCALE_PRICE_ID, STRIPE_GROWTH_PRICE_ID env vars are no longer read.
- ·CSRF middleware accepts www and apex variants of NEXT_PUBLIC_APP_URL automatically. 403 body now carries code:"csrf_origin_mismatch", the rejected origin, the trusted set, and an operator hint — visible in Vercel function logs.
- ·/api/me/workspace resolves deterministically — was returning an arbitrary workspace_members row when the user belonged to multiple workspaces. Now sorts by role priority (owner > admin > member > analyst > read) then created_at, honours the azoth-active-ws cookie.
- ·Cache-Control: no-store on /api/me/debug* — diagnostic snapshots are always fresh.
- ·Dashboard upgrade button defaults to the developer plan (was "pro" which the cleanup removed from SELF_SERVE_PLANS).
Fixed
- ·CSRF www/apex mismatch — root cause of every "API-key creation silently fails with 403" report. Strict equality between Origin and NEXT_PUBLIC_APP_URL rejected requests from www.<domain> when the env was <domain> apex (or vice-versa).
- ·Invite accept stuck "pending" — app/api/invites/accept/route.ts wrote joined_at to workspace_members.upsert but that column does not exist on this table. PostgREST silently dropped the unknown field, so accepted_at stayed NULL forever and every accepted invite kept showing as "pending". Fixed to write accepted_at + the required email column.
- ·lib/db/members.ts api-keys wrappers — GET / POST / DELETE silently dropped the workspaceId param, so the create-key form looked operational but the row never persisted. Now resolve workspaceId via /api/me/workspace and thread it through every call.
- ·Stripe portal fallback — settings page now detects "paid plan but no stripe_customer_id" (manual DB plan migration) and shows the Upgrade CTA instead of Manage Billing, which would have 400d.
- ·i18n CTA references — settings.workspace.upgradeCta was "Passer à Crucible" in fr (and locale equivalents in en/es/ar/zh). Crucible is a legacy-only plan after the cleanup; CTA now reads "Passer à Pro" (or the locale equivalent).
0.9.0
12 May 2026
Auth & UIAdded
- ·Signup page plan selector — reads ?plan= URL param, shows PlanBadge and 3-option picker (Free / Developer / Pro)
- ·auth.errors.tooManyAttempts locale key — all 5 locales (en/fr/es/zh/ar), displayed instead of raw key on rate-limit
- ·Footer links — all footer hrefs updated from # to real page paths
- ·Landing page eyebrow updated; Connector Ecosystem feature card (07) added
- ·Provider strip updated: 9 connectors (Anthropic, OpenAI, Google Gemini, Mistral, Azure OpenAI, OpenRouter, DeepSeek, HuggingFace, Ollama)
0.8.0
12 May 2026
Docs & Company pagesAdded
- ·Docs section with layout, index, Quick start, SDK reference, Webhooks & Integrations pages
- ·Company pages: Blog (6 posts), Careers (4 open roles), Contact (6 mailboxes), Status (live service grid + incidents)
- ·Terms of Service updated — all 6 current plan names and prices replacing legacy Crucible $799 entry
- ·About page updated — 40+ models across 9 providers (was 15 / 4)
0.7.0
11 May 2026
IO Inventory + WorkersAdded
- ·IO Inventory connector — Jaccard catalog matching, vision extraction pipeline, data policy enforcement
- ·io_catalog table with SKU/name/category/embedding(vector 1536), upsert by workspace_id+sku
- ·io_enrichment_queue — async vision and catalog_match jobs, exponential back-off retries
- ·/api/workers/io — sequential processing worker with INTERNAL_CRON_SECRET auth
- ·Ingest control plane / data plane separation — fast path enqueues to ingest_queue, worker processes PII + policy
- ·/api/workers/ingest — cron-driven retry safety net for missed or failed ingest rows
- ·Data policy resolution — most-specific-wins (connector+env > connector > global), 60s TTL cache
Fixed
- ·Supabase builder has no .catch() — all fire-and-forget chains switched to .then(null, fn)
- ·z.record() requires 2 arguments — fixed in catalog and enrichment route schemas
- ·Map.get() TypeScript narrowing — get() ?? new Set() pattern replaces has() + get() two-step
0.6.0
10 May 2026
GitHub MarketplaceAdded
- ·GitHub App integration — RS256 JWT signing, installation token exchange, App manifest flow
- ·github_installations, github_repositories, github_check_runs, github_marketplace_subscriptions tables (migration 049)
- ·PR regression trigger — check run created on pull_request event, linked to regression suite via repository
- ·GitHub Check Runs with markdown table output (pass/fail, Δ latency, Δ cost per test case)
- ·PR comment upsert — single "Azoth Regression" comment, updated in place on each run
- ·Marketplace purchase webhook handler — upserts subscription with status mapping
- ·/api/github/webhook extended with handlePullRequest, handleInstallation, handleMarketplacePurchase
- ·GitHub Actions YAML template served via /api/github/actions-template
- ·connector_registry seeded with github + io-inventory entries
0.5.0
8 May 2026
Platform & AnalyticsAdded
- ·Per-agent ROI breakdown — cost vs baseline, cache hit rate, avg latency per agent
- ·14-day cost forecast via linear regression trend analysis
- ·Industry benchmark comparison — cache hit rate, savings %, latency, ROI
- ·Multi-workspace organizations with owner/admin/member/analyst roles
- ·RBAC fine-grained permissions — Analyst read-only role, has_workspace_role() SQL function
- ·API v1 — Bearer token auth, /api/v1/usage, /api/v1/report, /api/v1/agents
- ·GDPR Article 20 data export — full workspace data as JSON or NDJSON
- ·Savings dashboard: forecast chart, benchmark grid, per-agent ROI table
0.4.0
8 May 2026
AI Runtime EnginesAdded
- ·Intelligent Model Arbiter — weighted routing across 15 models (cost/quality/latency/balanced), confidence scoring
- ·Semantic Cache Layer — SHA-256 exact match + Jaccard fuzzy scan (≥0.82), 7-day TTL, atomic hit tracking
- ·Prompt Intelligence Engine — 6 rule-based transforms, quality scored via Jaccard similarity, no LLM needed
- ·Loop Termination Engine — 4 patterns: repetition, cost runaway ($5/5min), high frequency, A→B→A→B circular
- ·AI FinOps Command Center — real spend vs baseline per trace, routing/cache/prompt attribution, ROI multiplier
- ·API routes for all 5 engines: /api/arbiter, /api/cache, /api/loops, /api/prompt, /api/finops
- ·Cache + loop detection wired into OpenAI and Anthropic connectors
- ·36 new unit tests across all engine modules
Changed
- ·Dashboard overview, savings, costs pages now pull real data from usage_traces via FinOps API
0.3.0
8 May 2026
SDK v1 & IntegrationsAdded
- ·@azoth/sdk npm package — OpenTelemetry-compatible middleware with transparent Proxy wrappers
- ·wrapOpenAI(), wrapAnthropic(), wrapBedrock() — intercept LLM calls, emit OTel gen_ai.* spans
- ·Slack Incoming Webhooks — Block Kit alerts with severity-coded colors
- ·PagerDuty Events API v2 — trigger/resolve, dedup key, auto-resolve test incident
- ·Webhook delivery with retry logic (3 attempts: 1s/2s/4s exponential backoff)
- ·HMAC-SHA256 webhook signing — Stripe-compatible format, timing-safe verify
- ·OpenAI, Anthropic, AWS Bedrock native connectors with cost + latency tracking
0.2.0
8 May 2026
Security & DXAdded
- ·TOTP 2FA via Supabase MFA — QR code enroll, challenge/verify flow
- ·Email confirmation guard on dashboard — redirects if email not confirmed
- ·Password strength meter on signup — animated 0–4 score bar
- ·Immutable audit log table — all workspace actions tracked via service role
- ·TypeScript foundation — tsconfig.json + types/index.ts with full interfaces
- ·14 billing service tests using jest.unstable_mockModule
0.1.0
8 May 2026
Brand RewriteChanged
- ·Landing page: "The operating system for profitable AI" — AI Runtime Economics positioning
- ·ProofBar: $4.2M avg savings, 61% cost reduction, 5.3× ROI, 99.98% SLA
- ·Dashboard navigation: premium labels (Command Center, Agent Fleet, Arbitration, Execution Stream…)
- ·Plan names: Starter → Forge, Growth → Crucible
- ·All 5 locales updated (en/fr/es/zh/ar)
0.0.1
8 May 2026
Initial MVPAdded
- ·Next.js 14 App Router with Supabase auth + Row Level Security
- ·12 dashboard pages, real-time trace viewer, multi-tenant architecture
- ·5-language i18n (en/fr/es/zh/ar), dark/light theme
- ·Stripe billing, Google OAuth, OWASP ASVS L1/L2 security headers
- ·GitHub Actions CI pipeline