Changelog

What changed, when, and why.

Keep-a-Changelog format, dated, with explicit deprecation windows. Subscribe via the RSS feed.

v0.3.0

Forge module general availability, agent surface for the deploys module, and the first cut of the public wire-protocol spec.

Added

  • Forge module is now generally available. Compile-and-deploy pipelines for the ten supported runtimes; no more --experimental flag.
  • Agent surface for deploys: structured tools (deploys.create, deploys.rollback, deploys.status) with idempotency keys.
  • Public OpenAPI spec at /api/spec.json, sourced from the same generator that produces the SDKs.
  • cui doctor command that runs a preflight check before cui server boots.

Changed

  • The audit chain notarization cadence is now configurable per workspace (default remains weekly).
  • secrets.list returns lastRotatedAt on every entry — previously only on entries with a rotation policy.
  • Costs module dashboards default to a 30-day window instead of 7 days.

Deprecated

  • The /v0/legacy-events endpoint is deprecated. It will be removed in 0.5. Migrate to /v1/events — same shape, stricter validation.

Fixed

  • repository.diff no longer truncates patches over 64KB.
  • BetterAuth session cookies now respect SameSite=Strict when the workspace is configured with a custom domain.
  • Video module Playwright runner exits cleanly on Cloudflare Turnstile pages (was hanging at 30s timeout).

Security

  • Bumped axios to a version that does not match the 1.14.1 supply-chain advisory across every internal service.
  • The forge build sandbox now drops CAP_NET_RAW by default.
v0.2.0

BetterAuth + SpiceDB integration, the secrets module's rotation engine, and a 3x improvement in cold-start time for the binary distribution.

Added

  • BetterAuth + SpiceDB: workspaces now share a single identity layer across every module. SAML/OIDC connectors land on Team and Business plans.
  • Secrets rotation engine: time-based and event-based policies, with scheduled rotation jobs visible in the audit chain.
  • New cui server single-binary distribution for Linux x86_64, Linux arm64, and macOS arm64.

Changed

  • Cold-start for cui server dropped from ~1.8s to ~0.6s on a t3.small after eliminating two synchronous schema migrations.
  • Logs module now ingests OpenTelemetry log records natively. The legacy /logs/ingest endpoint still works.
  • Configs module schema editor uses Monaco’s diff view by default.

Removed

  • The pre-0.1 /internal/_admin debugging endpoints are gone. They were never documented and never stable.

Fixed

  • Audit-chain verification no longer fails on entries with empty metadata objects.
  • The Helm chart now correctly templates replicaCount: 0 for the optional video module.
v0.1.0

First public release. Seven modules, Docker Compose distribution, opt-in Cuitty Cloud private beta.

Added

  • First public release of Cuitty.
  • Seven modules ship in 0.1: audit, configs, costs, deploys, logs, repository, secrets.
  • Docker Compose distribution: cuitty up brings the full stack up on a single host with Postgres and a libSQL replica.
  • TypeScript SDK (@cuitty/sdk) generated from the OpenAPI spec.
  • Cuitty Cloud private beta: managed offering, US region only at this stage.
  • Public docs at cuitty.com/docs.

Security

  • All releases are signed with cosign; signatures are published to the Sigstore transparency log.
  • Default Compose stack runs every container as a non-root user with a read-only root filesystem.