Skip to main content

Changelog

Customer-facing rollup of recent shipped work. The most recent items are first. For finer-grained engineering history, see the in-repo CHANGELOG.md.

2026-05-24, launch-prep sprint

  • Credential leak detection in the SDKs. Every tool output the SDK observes is scanned locally against 136 vendor patterns (cloud, databases, source platforms, LLM vendors, SaaS, CI tooling, registries, payments, identity, secrets managers). Matches are one-way redacted before re-entering the agent transcript, and an audit row is written for every detection. Three operator modes (warn, redact, block) with environment-aware defaults. Detection runs on the built-in pattern library. Available in the current published Python line (1.9.6 on PyPI) and the current published Node line (@controlzero/sdk 1.12.x, served from the Control Zero registry at https://npm.controlzero.ai). (PR #684, PR #685, PR #686, PR #691, PR #692)
  • Credential leaks dashboard page. /credential-leaks renders the rotation queue with severity, age, SLA status, and per-row Mark rotated action. The header bell polls every minute and turns red when any high-severity detection passes its rotation SLA. (PR #696)
  • Python SDK 1.7.0. Adds client.get_secret_poll_fn() as a built-in poller helper for the secret-read approval path so callers no longer need to wire their own HTTP poller for that flow.
  • MCP server 1.4.1. Streamable HTTP transport per the 2025-06-18 spec (POST /mcp for JSON-RPC and GET /mcp for SSE) is implemented in the MCP server. The hosted (cloud) MCP endpoint is still rolling out and is marked Coming Soon on the pricing page (tracking: #1287); the local-mode MCP server is available on all tiers. (CHANGELOG)
  • Gateway cross-tenant cache-key collision. A pre-launch UAT lane caught an api-key-prefix collision in the gateway cache where two tenants sharing the first 12 bytes of an api key could route to each other's project. Fixed before any production exposure. (#741)
  • HITL Grants list endpoint. GET /api/orgs/{orgID}/hitl-grants now backs the /grants dashboard page with real grant data. Approvals are served on every deployment, including hosted (SaaS). (PR #729, PR #732)
  • Operational disk recovery. Database WAL archive script and analytical-store system-log retention are now committed correctly so disk usage no longer creeps up on long-running deployments. (PR #744, PR #745)

2026-05-18, dashboard

  • Approvals rename. "HITL" is now called "Approvals" everywhere in the dashboard. Functionality unchanged. (PR #597)
  • PostHog identifier scrub. Dashboard analytics no longer transmits email addresses. Identifiers are now restricted to the non-reversible identity provider UID. (PR #595, PR #596)
  • Approvals RBAC narrowing. Only org admins and owners can edit approval policy settings or revoke active grants. Non-admins see a disabled action with explanatory tooltip. (PR #588, PR #591, PR #592)
  • Approvals dashboard. Bell badge for pending requests, /approvals page with filters, per-approval drawer, grants table, settings UI. (PR #581, PR #585)

2026-05-17, SDKs

  • Python SDK 1.6.0. Full Approvals support: request_approval, PendingApproval.wait, get_secret wrap with leak guard, eleven new exception classes (E1701 through E1711), and controlzero test --hitl approve|deny|timeout for local mocking. (PR #578)
  • Node SDK Approvals parity. requestApproval, wait, and getSecret shipped on @controlzero/sdk 1.9.x. (PR #582)

2026-05-15, releases and trust

  • Phase 1A args fingerprinting across the SDKs. Every SDK now produces an RFC 8785 canonical hash of guarded-call arguments. Same arguments produce the same hash on every SDK and every machine, without ever transmitting the raw values. (PR #463)
  • Python SDK 1.5.7. Clean release that scrubs customer-context strings and inline notes from the published artifact. See the May 2026 security advisory for the full disclosure. (PR #530, PR #529)
  • IP scrub gate. A pre-push detector now blocks any commit that would publish customer names, realistic-looking key fixtures, or internal hostnames to PyPI, npm, the Go proxy, or the docs site. (PR #528)

2026-05-12 to 2026-05-13, customer fix sprint

  • Policy republish bug. Republishing a library policy now reliably propagates the new version to every project that has it attached. The dashboard and the SDK no longer drift. (PR #207)
  • resources: ["*"] wildcard. Rules using the universal resource wildcard now match every call, with or without a caller-supplied resource. Narrow resource patterns still require an explicit match, so narrow rules stay narrow. (See Policy enforcement fixes, 2026-05-11.)
  • Provider recovery for empty orgs. A customer dashboard hang triggered by an org with zero projects is fixed; the dashboard now renders an empty-state instead of looping. (PR #422)

2026-05-11, dashboard

  • Split-zone Governance Home. Lifetime counts on top ("at a glance"), period-scoped activity below, with clickable drill-down tiles for projects, policies, API keys, and tools. Returning users with stale data get a [View 7d] / [View 30d] jump rather than a full re-onboarding takeover. (PR #203)
  • /get-started route. Four-step server-persisted onboarding checklist, deep-linkable via ?lang=python&mode=cloud. Auto-advances on key copy, snippet copy, and first audit row. (PR #203)

Earlier

For changes before May 2026, see the in-repo CHANGELOG.md or filter by milestone on the GitHub issue tracker.