Changelog

What's new.

Stable releases. Follow along on GitHub.

v1.2.1Bug fixes2026-06-17
  • Fixed a crash on the trace detail page that prevented it from loading.
  • Approval cards now show the agent that triggered the call instead of "unknown agent".
  • Fixed dashboard search placeholders that rendered a literal escape sequence instead of an ellipsis.
  • Dependency refresh in the dashboard (lucide-react 1.20).
v1.2.0Human approvals, broader detection, account recovery2026-06-16
  • Human-in-the-loop approvals now work end to end: a require_approval policy opens a pending approval the held tool call waits on, resumed or denied on the human decision, with optional Slack, Discord, webhook, or GitHub routing.
  • Notification channels: route approvals, incidents, policy interventions, and budget alerts to Slack, Discord, a generic webhook, or GitHub issues, with per-channel event selection from the dashboard.
  • Broader PII detection (crypto wallets, IBAN, IPv6, US ITIN, India Aadhaar, all checksum-validated) and credential detection across modern AI providers and SaaS platforms.
  • Break-glass account recovery: strathon-admin reset-password resets a locked-out owner's password and optionally clears MFA directly against the database, with no running receiver required.
  • The seeded development API key is now opt-in (STRATHON_SEED_DEV_KEY) and never seeded in cloud mode; local docker compose opts in so the quickstart still works out of the box.
  • Consent-based ownership transfer: the owner sends a request an existing admin accepts or declines before any role changes. Sensitive member actions now require the caller to outrank the target, enforced server-side.
  • Users can change their own password and display name from the dashboard; changing a password requires a current MFA code when MFA is enabled.
  • Dashboard: an enforcement-mix overview, per-agent budget spend, a usage section, and a span-derived activity log on the trace detail view.
  • CLI key management (strathon keys list/create/rotate/revoke), an `allow` action selectable from the CLI and dashboard, a PEP 561 py.typed marker for the SDK, and official Python 3.13 support.
  • Relicensed the receiver and CLI to Apache-2.0, so the whole project is now uniformly Apache-2.0. The dashboard moves to Node 24 (current LTS), with dependencies refreshed across the SDK and dashboard.
v1.1.0First stable release2026-06-06
  • CEL policy engine: seven actions (block, steer, throttle, log, alert, require_approval, allow), allow-list mode, time-based rules, policy versioning, shadow mode, and OWASP-mapped templates.
  • Human oversight: multi-party (N-of-M) approval workflows, kill-switch halts, SDK poll-based approval.
  • Data plane: OTLP protobuf ingest, RANGE-partitioned spans, span search and full-text search, aggregation, trace tree, PII redaction, sampling, retention.
  • 10 framework integrations, fail-closed mode, per-key scoped auth; RBAC, Argon2id auth, TOTP MFA, API key rotation; tamper-evident HMAC-SHA256 audit log with Merkle anchors.
  • CLI: create policies from OWASP templates (--template), from plain English (--from-english), or by bulk import; dry-run a policy against recent traces (policies test).
  • Compliance: EU AI Act evidence export (Articles 9-15, 19), agent inventory with risk scoring, agent topology map, OWASP Agentic Applications 2026 mapping (ASI01-ASI10).
  • Self-host with Docker Compose, including PgBouncer connection pooling; per-framework integration guides for all 10 frameworks; enterprise scaling guide.
  • Published to PyPI: pip install strathon.