Changelog
Everything we ship, in order.
Releases across the engine, the console, and the SDKs. Dates are real ship dates.
13 releasesLatest v0.13.0 · Jul 15, 2026
v0.13.0Latest
5 new4 improved1 fixed
Self-serve launch — ballastos.com is live
- NEWBallast is live in production at ballastos.com: sign up, verify your email, pick a plan, and build — the console and the API (api.ballastos.com) are now publicly served with TLS.
- NEWIn-console support chat: message the Ballast team from the chat bubble in the bottom corner of the console and replies appear right in the thread — behind the scenes the conversation bridges into our support inbox, so you get answers from a human, fast.
- NEWEmail verification at signup: a 6-digit code from noreply@ballastos.com (verified sending domain) gates account creation. Codes are hashed at rest, expire after 10 minutes, and are single-use.
- NEWThe free tier now runs through a $0 checkout, and every pricing CTA goes create-account → embedded checkout in one motion — no detour through the dashboard to find an upgrade button.
- NEWBring-your-own-key, enforced everywhere: real model calls always run on the provider keys you connect in Settings → Models; only the keyless mock model works without a connection, so there is never a surprise platform-side model bill.
- IMPROVEDBilling wiring is production-complete: signed membership webhooks keep each workspace's plan in sync with its subscription, and the buyer's real name and email ride along as checkout metadata.
- IMPROVEDCustomer records (name, email, plan, workspace, source) stream into a dedicated customer store as people sign up — ready for CRM and exports without touching the application database.
- IMPROVEDThe platform now runs entirely on Postgres in every environment — local dev and production share the same schema and migration chain, and nothing is persisted to local disk.
- IMPROVEDThe send_email tool can deliver through any SMTP server as an alternative to the built-in provider — self-hosters can point it at their own relay.
- FIXEDHome-page CTAs (“Open Console”, “Start building”) now land visitors on pricing instead of bouncing them off an authenticated dashboard.
v0.12.0
6 new5 improved
Governance, budgets & reliability hardening
- NEWBilling now runs on Whop: paid plans go through Whop checkout, and a signed membership webhook (Standard Webhooks) keeps each workspace's plan in sync. Self-host stays unmetered.
- NEWFirst-class governance events: an inspectable, auditable stream (GET /api/governance/events) of every execution-time policy decision — tool denials, DLP redactions, blocked models and fallbacks, budget blocks, and approval overrides — each with workflow/version/run/step context and redacted evidence (never the scrubbed plaintext).
- NEWHardened inbound webhooks: optional HMAC-SHA256 signing with a timestamp replay window, plus ingest-level de-duplication so a duplicate delivery returns the original run and concurrent duplicates collapse to one. Configure per workflow via the new /webhook/config endpoint.
- NEWStructured agent output: give an agent node a JSON Schema and Ballast validates the response, auto-repairs invalid output by re-prompting with the errors, and hands downstream nodes the typed, parsed object — or fails clearly if it can't be repaired.
- NEWServer-side evaluation deploy gate: set quality/cost thresholds on a workflow and a release is blocked (422) when the latest evaluation for that version regresses past them — an eval regression now prevents a deploy, not just warns.
- NEWAudited budget override: an admin can approve exceeding a per-run budget for a specific run; the run resumes past the cap and the override is written to both the audit log and the governance event stream.
- IMPROVEDBudgets are now atomic and universal: block budgets are enforced on every trigger surface (manual, replay, webhook, schedule, and MCP), an optional per-run reservation stops concurrent triggers racing past a limit, and budget status now includes committed spend and a forward projection.
- IMPROVEDGoverned model fallback: fail-over now classifies the provider error and only fails over for approved, transient classes (never on an auth error), and every fallback model is checked against the workspace allowlist first — a forbidden fallback is refused and recorded.
- IMPROVEDApprovals gained conditional stages (a stage applies only when its `when` expression is true — e.g. legal review only outside the US) and multi-tier reminder/escalation ladders (remind, escalate, then expire), each rung firing exactly once.
- IMPROVEDGovernance gained named PII field types (email, phone, credit card, SSN, IP, API key) alongside custom regexes, and tool permissions gained a per-argument value policy — both enforced at run time and recorded as governance events.
- IMPROVEDVerified by a 25-task production benchmark suite that now passes 25/25 (all critical), three runs in a row, alongside 263 green backend tests and a clean migration chain.
v0.11.3
2 new4 improved1 fixed
Launch-readiness hardening
- NEWAPI keys can be created with an expiry from Settings → API keys, and expired or soon-to-expire keys are visible at a glance.
- NEWFree-plan limits from the pricing page are now enforced end-to-end: 5 workflows and no cron schedules, with clear upgrade messages instead of silent overages.
- IMPROVEDOffboarding is airtight: deactivating a member (including via SCIM) or removing them now also cuts off every API key linked to them, immediately.
- IMPROVEDHuman-gate decisions are atomic — two simultaneous approvals can never double-run (and double-bill) a workflow — and a run resumed after the workflow was edited executes the exact graph version it started with.
- IMPROVEDMember PII, the API-key inventory, and billing state are no longer readable by viewer-level credentials; reads are gated like their writes.
- IMPROVEDSelf-host: docker compose now refuses to boot without a real SECRET_KEY and OWNER_EMAIL (no more known-default credentials), forwards every documented env var, and the first admin is your own account — demo teammates only seed in local dev.
- FIXEDUpgrading an existing Postgres database no longer creates columns with mismatched types; password-reset links and SSO redirects land on the console origin even when APP_BASE_URL is unset; the console shows a clear error with retry when the API is unreachable instead of an infinite spinner.
v0.11.2
2 new2 improved
A calmer, faster console
- NEW⌘K command palette: jump to any console page or workflow by name from anywhere — arrow keys to navigate, enter to open.
- NEWOne-click audit log export: the full immutable log downloads as CSV straight from the Audit page, ready for SIEM ingest.
- IMPROVEDThe dashboard is reorganized around how you actually read it: a single segmented KPI band up top, activity trends beside the live-runs and approval queues, and equal-height activity / failures / spend panels that scroll internally instead of sprawling.
- IMPROVEDEvery console page now shares one visual language — consistent widths, panel headers with view-all links, and no duplicated titles.
v0.11.1
2 new2 improved
A sharper front door
- NEWHow-it-works section on the landing page: design → execute → govern, the whole platform in three moves.
- NEWFor-engineers section with real, copyable Python and TypeScript SDK snippets — trigger a governed run and resolve a human gate in a dozen lines.
- IMPROVEDThe platform grid now covers the connection layer — MCP in both directions, webhooks, REST, and typed SDKs — and the enterprise section lists all seven shipped controls: SSO (OIDC), SCIM 2.0, MFA, RBAC, audit export, encryption, and self-host.
- IMPROVEDSmoother throughout: scroll-linked hero depth, gentler marquee, and a live status indicator in the footer. Booking a demo and talking to sales are now one click from the hero, pricing, and enterprise sections.
v0.11.0
5 new4 improved1 fixed
Enterprise-ready: SSO, MFA, data controls & hardening
- NEWSingle sign-on (OpenID Connect): sign in with any OIDC provider — Okta, Google, Entra ID, and more. Users are just-in-time provisioned on first login, and the sign-in page shows a Continue-with button whenever SSO is configured.
- NEWTwo-factor authentication (TOTP): enrol an authenticator app in Settings → Security; sign-in then requires a 6-digit code, with wrong codes counting toward the lockout.
- NEWData controls: export a workspace's full data as JSON, and erase a workspace (GDPR right to erasure) with a name-confirmed cascade delete. The audit log exports to CSV for SIEM ingest.
- NEWSCIM 2.0 provisioning: connect your identity provider to automate onboarding — and offboarding, where deactivating a user immediately cuts off their sessions and API keys.
- NEWAPI keys can be given an expiry, and expired keys are refused at the door.
- IMPROVEDHardened authentication: brute-force login lockout, sessions invalidated when a password changes, and the SSRF guard on outbound tool calls is now on by default and no longer bypassable via redirects.
- IMPROVEDStored integration secrets — custom-tool auth headers and webhook signing secrets — are now encrypted at rest.
- IMPROVEDSecurity headers (HSTS, frame-deny, nosniff) and an optional per-deployment IP allowlist; the OpenAPI schema and docs are disabled in production; billing plan changes are driven solely by the Stripe webhook so a workspace can't self-upgrade.
- IMPROVEDScheduled triggers now fire exactly once even across multiple replicas, via an atomic claim on each due tick.
- FIXEDRetention and workflow deletion no longer fail on runs or schedules (cascade gaps closed); a condition whose branches fan into a merge no longer reports success while silently skipping the merge; resume always selects the true latest checkpoint; cancelling a run cancels its in-flight work.
v0.10.0
4 new1 improved
Cloud-ready: workspaces, phone approvals, metered billing
- NEWMulti-tenant workspaces: every workspace is fully isolated at the data layer — its workflows, runs, API keys, and audit log are never visible to another. Self-serve signup can provision a fresh workspace per account.
- NEWApprove from your phone: when a run pauses at a human gate, approvers get an SMS with a single-use, 24-hour magic link to a mobile page (installable as an app) that approves or rejects with no login.
- NEWMetered billing: Stripe Checkout and the customer portal drive plan upgrades, and a signed webhook keeps each workspace's plan in sync with its subscription. Self-host stays unmetered.
- NEWProduction deploy: one-command Docker Compose with Postgres, cross-dialect migrations, a full env reference, and a hardening guide (DEPLOY.md).
- IMPROVEDRun quotas, retention, and the scheduler are now per-workspace; the executor runs as each run's tenant so tool names resolve within the right workspace.
v0.9.0
3 new1 improved
Batch runs: score a workflow over a whole test set
- NEWBatch runs: POST a list of inputs to a workflow and each becomes its own governed run — validated, quota-counted, audited, and executed exactly like a manual trigger — grouped as one batch.
- NEWBatch aggregates: GET /api/batches/{id} returns status counts, total cost, and the eval pass-rate across every check on every run in the batch. Point a batch at a test set and read a single pass-rate — a built-in regression harness for your agents.
- NEWSDKs gained run_batch() in Python and TypeScript, with a wait option that polls until every run in the batch reaches a terminal state, then returns the aggregate.
- IMPROVEDRun quotas are now batch-aware: an oversized batch is refused up front with the exact remaining allowance, instead of being accepted and blowing past the monthly limit one run at a time.
v0.8.0
5 new1 improved
Evaluations: score every run
- NEWEvaluation checks: attach pass/fail assertions to a workflow — substring, regex, equality, max cost, max latency, or a safe expression over run state. Every successful run is scored automatically.
- NEWRun evaluations panel: each check's result and detail on the run page, plus a pass/total badge on every row in the run list.
- NEWChecks drawer in the builder: define, edit, and save a workflow's assertions without touching code.
- NEWFleet eval pass-rate on the dashboard and in GET /api/metrics/overview — across every check on every evaluated run.
- NEWSDKs gained set_checks(): configure a workflow's evaluations from Python or TypeScript; results ride along on the run object.
- IMPROVEDChecks run in the same sandboxed expression interpreter as conditions and loops. A malformed or failing check becomes a failed result — it never breaks the run.
v0.7.0
5 new1 improved
Operations & revenue: schedules, plan limits, retention, alerts
- NEWScheduled triggers: attach 5-field cron schedules (UTC) to any workflow, each with its own stored input. The in-process scheduler ticks every ~20 seconds; invalid expressions are rejected at creation with the exact field problem.
- NEWPlan limits are enforced, not decorative: every trigger surface — manual, webhook, MCP, scheduled — returns 402 at the monthly run quota. Scheduled ticks at quota are skipped and logged, never queued.
- NEWRetention sweeper: a daily job deletes runs (with steps and checkpoints) past the plan window and audit entries past theirs. Every sweep is audit-logged with counts.
- NEWOperational alerts: run failures and pending human gates notify Slack and email. Env-gated, fire-and-forget — delivery problems never touch the run.
- NEWPlan management: PUT /api/workspace/plan switches tiers with immediate effect on quotas and retention; audit-logged as plan_change.
- IMPROVEDSchedules pointing at deleted workflows disable themselves; ticks against invalid graphs are skipped and logged instead of failing silently.
v0.6.0
7 new1 improved
Connect your agents: tool registry, webhooks, MCP, SDKs
- NEWCustom tool registry: register any HTTP endpoint or MCP server tool once and it becomes a first-class node — custom:<name> — with JSON-schema validation, per-tool auth headers, and its own timeout/retry defaults.
- NEWWebhook triggers: every workflow can expose a signed inbound URL. POST any JSON to it and a governed run starts with the body as input. Rotate or disable the secret at any time.
- NEWBallast is an MCP server: POST /api/mcp (streamable HTTP). Claude, Cursor, or any MCP client can list workflows, start runs, and resolve approval gates — RBAC and audit still apply.
- NEWmcp_call built-in tool and kind:mcp registrations: workflow nodes call tools on any MCP server, ad-hoc or registered.
- NEWPython SDK: run(workflow, wait=True), gate approvals, a fluent GraphBuilder, and a @tool/serve pattern that registers a plain function as a workspace tool in ten lines.
- NEWTypeScript SDK: a dependency-free, typed client for runs, tools, and webhooks.
- NEWLangGraph and CrewAI adapters: serve an existing compiled app as a registered tool — your framework keeps running your agent; Ballast wraps it with checkpoints, gates, and audit.
- IMPROVEDGraph validation now recognizes registered custom tools; deleting a tool surfaces broken references at validation time, not mid-run.
v0.2.0
4 new1 improved1 fixed
Production readiness: auth, RBAC & self-serve signup
- NEWSession auth: scrypt-hashed passwords and HMAC-signed tokens. AUTH_MODE=open for local development, required for production.
- NEWRole-based access control: ten granular capabilities with per-member overrides, plus role-scoped API keys via the X-API-Key header.
- NEWSelf-serve signup with an admin-approval mode; teammates join through emailed invite codes with a last-admin guard on removals.
- NEWProduction hardening: an SSRF guard on outbound tool calls, per-IP rate limiting, a one-command Docker deploy, and GitHub Actions CI running the full test suite.
- IMPROVEDRuns interrupted by a backend restart are marked resumable automatically and continue from their last checkpoint.
- FIXEDCORS is registered outermost so 401/403 responses still carry CORS headers instead of surfacing as browser network errors.
v0.1.0
8 new1 improved1 fixed
The platform: engine, builder & console
- NEWStateful graph executor with a database checkpoint after every node — runs survive crashes and resume from the last checkpoint, with no re-running of completed work.
- NEWSix node types — agent, tool, condition, loop, human gate, and merge — that compile to real, executable graph state.
- NEWGenuinely concurrent parallel branches in bounded waves, per-node timeouts, exponential-backoff retries, and bounded loops with a hard max_iterations ceiling.
- NEWVisual builder: drag nodes, connect edges, and configure each in a side drawer — the graph you see is the graph that executes. Every save snapshots a version.
- NEWHuman-in-the-loop gates: pause a run for an approval or structured input, then resume from checkpoint.
- NEWPer-step and per-run cost attribution in USD across Anthropic and OpenAI, with a deterministic mock model so every template runs with no API keys.
- NEWLive run streaming over WebSocket, an immutable audit log, run cancellation, structural graph validation, idempotent triggers, and a one-click template gallery.
- NEWThe admin console — live run monitor, approval queue, spend by workflow, version history — plus the public marketing site and documentation.
- IMPROVEDCondition and loop expressions run in a whitelisting AST interpreter — imports, dunder access, and unbounded exponents are rejected with clear errors.
- FIXEDTimestamps serialize with an explicit UTC suffix; a merge waiting on a branch paused at a gate survives the pause checkpoint and completes after approval.