What's Changed

• build(deps): bump github.com/cloudflare/circl from 1.6.2 to 1.6.3 by @dependabot[bot] in #286
• Action gates EDGE-102/103 production wiring by @yaront1111 in #285
• build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.1 by @dependabot[bot] in #284
• build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #283
• build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #282
• build(deps): bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in #281
• build(deps): bump docker/build-push-action from 5.4.0 to 7.2.0 by @dependabot[bot] in #280
• build(deps): bump webpack-dev-server from 5.2.3 to 5.2.4 in /docs-site by @dependabot[bot] in #279
• build(deps): bump qs and express in /docs-site by @dependabot[bot] in #287
• security(gosec): clear 25 gosec alerts and gate CI on new findings by @yaront1111 in #288
• feat(audit): populate actor identity for authenticated HTTP+gRPC events (task-68bd4954) by @yaront1111 in #290
• chore(docs): retire orphan docs-site tree + GitHub Pages deploy by @yaront1111 in #291
• feat(edge): redacted descriptive action targets on governance events (task-6a93a0fc) by @yaront1111 in #292
• feat(audit): governance/event-type filtering on compliance export + events endpoint (task-7f0f57bf) by @yaront1111 in #293
• fix(reqhash): strip policy.attachment_id so worker-originated approvals survive reconcile (task-821a6ebb) by @yaront1111 in #294
• fix(edge): bind cordum-agentd loopback fresh on Windows (task-6b9299ff, supersedes task-02133692) by @yaront1111 in #295
• Mirror docs accuracy fixes and generate tables by @yaront1111 in #297
• ci(docs): add offline markdown link-check for docs/** by @yaront1111 in #296
• docs: fix 5 broken relative links + drop lychee baseline suppression (recovers #298) by @yaront1111 in #300
• fix(gateway): deflake copilot-session decision tests (30-day retention time-bomb) by @yaront1111 in #308
• build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 by @dependabot[bot] in #304
• build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.1.0 by @dependabot[bot] in #305
• build(deps): bump marocchino/sticky-pull-request-comment from 2.9.4 to 3.0.4 by @dependabot[bot] in #303
• build(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #306
• build(deps): bump github/codeql-action from 3.35.5 to 4.36.0 by @dependabot[bot] in #302
• Fix new-user install: loginable dashboard out of the box + correct docs by @yaront1111 in #307
• ci(binaries-pr-validation): resilient GnuPG step (apt mirror flake) by @yaront1111 in #309
• Audit UX: human-readable attribution + humanization layer (task-c8d4b056) by @yaront1111 in #301
• fix(gateway): pack install validates policy fragments against kernel schema (closes the silent split-brain) by @yaront1111 in #317
• fix(dashboard): live stream connects in session-cookie mode (not just apikey) by @yaront1111 in #310
• docs(examples): warn about hello-worker direct-subject trap; add multi-topic example by @yaront1111 in #315
• feat(dashboard): empty-state "Create identity" affordance for heartbeating workers by @yaront1111 in #318
• feat(config): safety-policy schema rejection suggests sibling rule-type by @yaront1111 in #316
• fix(edge): hook fail-closes on degraded PreToolUse under enforce mode by @yaront1111 in #319
• Cordum platform + Monday-demo hardening — consolidated landing by @yaront1111 in #320
• fix(production-gate): surface gate-4 remediation error instead of swallowing it by @yaront1111 in #327
• feat(dashboard): per-agent governance decisions Activity view + injection scanner pattern by @yaront1111 in #326

Full Changelog: v1.0.1...v1.1.0

What's Changed

• build(deps): bump fast-uri from 3.1.0 to 3.1.2 in /docs-site by @dependabot[bot] in #251
• build(deps): bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 in /docs-site by @dependabot[bot] in #259
• feat(pack,safetykernel): metadata.aliases + constraints additive-extension (Backend 6, task-e4e9489c) by @yaront1111 in #261
• feat(dashboard): PR D split — hero page migrations by @yaront1111 in #266
• chore(deps): update CAP to v2.13.1 by @yaront1111 in #272
• Wip/2026 05 15 orphan rescue by @yaront1111 in #276

Full Changelog: v1.0.0...v1.0.1

What's Changed

• docs: expand .env.example with multi-key auth formats by @mvanhorn in #195
• fix(dashboard): surface chat send errors to user (#168) by @mvanhorn in #196
• ci(production_gate): poll-retry helper + Gate 3 demotion (split 3/6 from #198) by @yaront1111 in #201
• docs: pending content sync (split 1/6 from #198) by @yaront1111 in #199
• feat(dashboard): UI sync — governance, MCP, delegation chain, approval snapshot (split 4/6 from #198) by @yaront1111 in #202
• chore(infra): Go 1.25 + cap v2.9.3 + workflow/script sync (split 2/6 from #198) by @yaront1111 in #200
• feat(delegation): gateway + policy + storage — request surface and auth by @yaront1111 in #206
• feat(platform): scheduler dispatch-gate + MCP + audit chain + SDK regen by @yaront1111 in #207
• fix(approval): stale-snapshot recovery + TOCTOU fix + scheduler reconciler provider by @yaront1111 in #210
• ci: mark benchmark steps as advisory (continue-on-error) by @yaront1111 in #211
• build(deps): bump vite and vitest in /sdk/typescript by @dependabot[bot] in #209
• fix(quickstart): share .env with shell so /status probe uses the same key as the gateway by @yaront1111 in #212
• chore: version/release hygiene — pyproject 3.9 fix, tag↔version CI gate, VERSIONING.md by @yaront1111 in #216
• fix(gateway): register GET /api/v1/audit/verify — handler existed but route didn't by @yaront1111 in #215
• fix(task-035cdc8e): preserve approval job hash on require-approval by @yaront1111 in #217
• fix(task-d9d7f428): remove legacy OpenAPI sidecars by @yaront1111 in #226
• fix(task-ef0df193): harden dashboard page test providers by @yaront1111 in #221
• feat(audit): wire audit verification pipeline by @yaront1111 in #222
• fix(task-c5df8d69): harden mock-bank e2e and docs by @yaront1111 in #218
• fix(task-73bc2227): harden TLS e2e hello pack by @yaront1111 in #225
• fix(task-8dd966c7): gate audit/governance compliance endpoints by @yaront1111 in #219
• Fix/full baseline windows followups by @yaront1111 in #227
• scheduler: make output-meta timeout configurable + retry on deadline by @yaront1111 in #228
• Moe/epic 2e0ed1ee/task fa783d7a UI polish by @yaront1111 in #229
• feat(safetykernel): add OTLP trace export for policy evaluations (#158) by @mvanhorn in #230
• fix(dashboard,gateway): admin-role flow + InputSafety + verification route + favicons + security hardening by @yaront1111 in #231
• feat(auth): enforce managed API key Scopes in basicAuthProvider (task-151cf2c0) by @yaront1111 in #234
• fix(dashboard): label expired/invalidated prior approvals correctly by @yaront1111 in #236
• feat(auth): map OIDC groups to Cordum roles by @yaront1111 in #235
• feat(copilot): full Copilot Session detail UX by @yaront1111 in #233
• Update logo image path in README.md by @yaront1111 in #237
• feat(audit): add optional HMAC-SHA256 chain authentication (refs #36) by @SBALAVIGNESH123 in #238
• salvage: non-LLM bug fixes from archived LLM-in_Dashbord (Trivy CI pin + audit verify-concurrency perf) by @yaront1111 in #240
• Fix production gates and workflow retry scheduling by @yaront1111 in #241
• build(deps): close all 11 open Dependabot security alerts by @yaront1111 in #242
• Feature/cordum edge p0 by @yaront1111 in #243

New Contributors

• @SBALAVIGNESH123 made their first contribution in #238

Full Changelog: V0.9.9.1...v1.0.0

What's Changed

• docs: expand .env.example with multi-key auth formats by @mvanhorn in #195
• fix(dashboard): surface chat send errors to user (#168) by @mvanhorn in #196
• ci(production_gate): poll-retry helper + Gate 3 demotion (split 3/6 from #198) by @yaront1111 in #201
• docs: pending content sync (split 1/6 from #198) by @yaront1111 in #199
• feat(dashboard): UI sync — governance, MCP, delegation chain, approval snapshot (split 4/6 from #198) by @yaront1111 in #202
• chore(infra): Go 1.25 + cap v2.9.3 + workflow/script sync (split 2/6 from #198) by @yaront1111 in #200
• feat(delegation): gateway + policy + storage — request surface and auth by @yaront1111 in #206
• feat(platform): scheduler dispatch-gate + MCP + audit chain + SDK regen by @yaront1111 in #207
• fix(approval): stale-snapshot recovery + TOCTOU fix + scheduler reconciler provider by @yaront1111 in #210
• ci: mark benchmark steps as advisory (continue-on-error) by @yaront1111 in #211
• build(deps): bump vite and vitest in /sdk/typescript by @dependabot[bot] in #209
• fix(quickstart): share .env with shell so /status probe uses the same key as the gateway by @yaront1111 in #212
• chore: version/release hygiene — pyproject 3.9 fix, tag↔version CI gate, VERSIONING.md by @yaront1111 in #216
• fix(gateway): register GET /api/v1/audit/verify — handler existed but route didn't by @yaront1111 in #215
• fix(task-035cdc8e): preserve approval job hash on require-approval by @yaront1111 in #217
• fix(task-d9d7f428): remove legacy OpenAPI sidecars by @yaront1111 in #226
• fix(task-ef0df193): harden dashboard page test providers by @yaront1111 in #221
• feat(audit): wire audit verification pipeline by @yaront1111 in #222
• fix(task-c5df8d69): harden mock-bank e2e and docs by @yaront1111 in #218
• fix(task-73bc2227): harden TLS e2e hello pack by @yaront1111 in #225
• fix(task-8dd966c7): gate audit/governance compliance endpoints by @yaront1111 in #219
• Fix/full baseline windows followups by @yaront1111 in #227
• scheduler: make output-meta timeout configurable + retry on deadline by @yaront1111 in #228
• Moe/epic 2e0ed1ee/task fa783d7a UI polish by @yaront1111 in #229
• feat(safetykernel): add OTLP trace export for policy evaluations (#158) by @mvanhorn in #230
• fix(dashboard,gateway): admin-role flow + InputSafety + verification route + favicons + security hardening by @yaront1111 in #231
• feat(auth): enforce managed API key Scopes in basicAuthProvider (task-151cf2c0) by @yaront1111 in #234
• fix(dashboard): label expired/invalidated prior approvals correctly by @yaront1111 in #236
• feat(auth): map OIDC groups to Cordum roles by @yaront1111 in #235
• feat(copilot): full Copilot Session detail UX by @yaront1111 in #233
• Update logo image path in README.md by @yaront1111 in #237
• feat(audit): add optional HMAC-SHA256 chain authentication (refs #36) by @SBALAVIGNESH123 in #238
• salvage: non-LLM bug fixes from archived LLM-in_Dashbord (Trivy CI pin + audit verify-concurrency perf) by @yaront1111 in #240
• Fix production gates and workflow retry scheduling by @yaront1111 in #241
• build(deps): close all 11 open Dependabot security alerts by @yaront1111 in #242
• Feature/cordum edge p0 by @yaront1111 in #243

New Contributors

• @SBALAVIGNESH123 made their first contribution in #238

Full Changelog: V0.9.9.1...v1.0.0

What's Changed

• docs: comprehensive documentation overhaul by @yaront1111 in #184
• feat: enterprise features — SSO/SAML/SCIM, RBAC, SIEM export, legal hold by @yaront1111 in #185
• feat(demo): add reset config button to mock bank by @mvanhorn in #186
• feat: per-tenant fail modes, policy replay API, docs cleanup by @yaront1111 in #187
• feat: platform stability hardening + governed change product by @yaront1111 in #189
• feat: add Prometheus metrics for approval workflow by @mvanhorn in #188
• fix: approval stale-snapshot recovery + schema URL routing by @yaront1111 in #191

Full Changelog: v0.9.7...V0.9.9.1

What's Changed

• fix: notify safety kernel when pack policy fragments change by @yaront1111 in #183

Full Changelog: v0.9.6...v0.9.8

What's Changed

• fix: notify safety kernel when pack policy fragments change by @yaront1111 in #183

Full Changelog: v0.9.6...v0.9.7

What's Changed

Helm Chart v0.2.0

• 55 new env vars across all services (licensing, telemetry, audit export, JWT/OIDC, NATS auth, safety policy signing, metrics, output policy)
• External worker access: NATS LoadBalancer + gRPC Ingress
• Artifact Hub annotations + OCI chart publishing
• Health probes for NATS and Redis
• Dashboard and gateway writable mounts for readOnlyRootFilesystem
• Safety kernel NATS connectivity fix

Docker Distribution

• Docker Hub: cordum/api-gateway:0.9.6, cordum/scheduler:0.9.6, etc.
• GHCR: ghcr.io/cordum-io/cordum/api-gateway:0.9.6, etc.
• Helm OCI: oci://ghcr.io/cordum-io/cordum/charts/cordum:0.9.6
• Multi-arch (amd64 + arm64) for Go services
• SBOM, provenance attestation, cosign signing

Security

• Alpine 3.19 → 3.21 (fixes CVEs flagged by Artifact Hub scanner)
• Dashboard nginx 1.25 → 1.27
• Removed deprecated API_KEY env var (use CORDUM_API_KEY)
• Removed legacy GATEWAY_POLICY_FAIL_MODE (use POLICY_CHECK_FAIL_MODE)

Documentation

• License, telemetry, topics API reference
• K8s troubleshooting guide
• cordumctl license commands
• Helm install via OCI registry

Install

helm install cordum oci://ghcr.io/cordum-io/cordum/charts/cordum --version 0.9.6 \
  --namespace cordum --create-namespace \
  --set secrets.apiKey=$(openssl rand -hex 32) \
  --set redis.auth.password=$(openssl rand -hex 32)

Full Changelog: v0.9.5...v0.9.6

What's Changed

• feat: Helm chart v0.2.0 + Docker Hub + marketplace prep by @yaront1111 in #176

Full Changelog: v0.9.2...v0.9.3

What's Changed

• fix: dashboard CI verify fails on missing upstream host by @yaront1111 in #129
• Update images in README for visual enhancements by @yaront1111 in #130
• build(deps): bump rollup from 4.54.0 to 4.59.0 in /dashboard by @dependabot[bot] in #132
• feat: dashboard v2 — full rebuild with warm Mac theme by @yaront1111 in #133
• build(deps): bump esbuild and vitest in /dashboard by @dependabot[bot] in #134
• fix: marketing agent fleet v2 platform fixes by @yaront1111 in #136
• fix: star tracker cross-run artifact download by @yaront1111 in #138
• build(deps): bump jspdf from 4.2.0 to 4.2.1 in /dashboard by @dependabot[bot] in #140
• build(deps): bump undici from 7.22.0 to 7.24.4 in /dashboard by @dependabot[bot] in #137
• feat: zero-config quickstart + slog structured logging by @yaront1111 in #139
• fix: break orphan NATS retry storm for terminal/deleted runs by @yaront1111 in #141
• build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #142
• Security hardening + code quality sweep by @yaront1111 in #147
• build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 in /sdk by @dependabot[bot] in #146
• feat: safety kernel velocity limiting, denied status pipeline, policy overview, legacy cleanup by @yaront1111 in #152
• feat: upgrade dashboard deps — lucide-react 1.7, dagre 3.0, vite-plugin 6.0 by @yaront1111 in #153
• fix: upgrade vite 7→8 for plugin-react 6.0 peer dep by @yaront1111 in #155
• fix: dagre graphlib alias + resolved approvals visibility by @yaront1111 in #156
• fix: remove specific adopter count from public roadmap by @yaront1111 in #144
• fix: approvals page 0/0/0 + mock-bank boot fixes + JobDetailPage redesign by @yaront1111 in #157
• build(deps-dev): bump vite from 8.0.3 to 8.0.5 in /dashboard by @dependabot[bot] in #162
• feat(dashboard): add copy buttons for job and run IDs by @mvanhorn in #165
• fix(ui): surface chat API errors in run detail panel by @mvanhorn in #166
• docs: note chat endpoints are REST-only in OpenAPI README by @mvanhorn in #167
• feat: control plane boundary hardening + CAP v2.9.0 by @yaront1111 in #169
• feat: production hardening — NATS reconnect, dashboard fixes, CLI commands, docs by @yaront1111 in #172
• fix(ci): fix integration test gate failures by @yaront1111 in #173
• fix(auth): use SetNX for atomic email uniqueness in user creation by @yaront1111 in #174
• feat: tier enforcement, licensing, and telemetry by @yaront1111 in #175

New Contributors

• @mvanhorn made their first contribution in #165

Full Changelog: https://github.com/cordum-io/cordum/commits/v0.9.2

What's New

Tier Enforcement & Licensing

• Two-layer license model: Rights (contractual) + Entitlements (runtime-enforced) with Ed25519 signature verification
• Three tiers: Community (free, enforced limits), Team (25 workers, 2000 RPS), Enterprise (unlimited)
• Gateway enforcement: rate limits, body/prompt limits, worker count, workflow steps, approval mode — all return tier_limit_exceeded with upgrade_url
• Scheduler/workflow/safety/audit enforcement: job concurrency requeue, worker caps, step counts, policy bundle limits, velocity rule caps, audit retention, SIEM gating
• Graceful degradation: expired licenses fall back to Community — never brick, never delete data, always preserve audit + break-glass admin
• License hot-reload: POST /api/v1/license/reload, cordumctl license reload, or dashboard button — no restart needed

Telemetry

• Privacy-first: anonymous aggregate counts only, SHA-256 hashed install ID, no PII
• Three modes: off (disabled), local_only (Redis only), anonymous (default, reports to telemetry.cordum.io)
• Transparency: GET /api/v1/telemetry/inspect shows exact payload, /export for download
• Telemetry server: standalone PostgreSQL ingestion service with Grafana dashboard

Dashboard

• License page (/settings/license): tier badge, entitlements table, usage gauges, expiry banners, reload button
• Tier limit bars on Agents and Workflows pages
• Upgrade prompts at 80% usage

CLI

• cordumctl license install/info/reload
• cordumctl status with tier, expiry, usage-vs-limits table

Approval Lifecycle Hardening

• Atomic Redis WATCH/TxPipeline transitions — no more stuck/zombie approvals
• 6 distinct conflict codes (already_resolved, retryable_lock, terminal_run, stale_snapshot, stale_request, not_actionable)
• Durable publish intent with crash-recovery replay
• Operator-safe repair via cordumctl approval repair and POST /api/v1/approvals/{job_id}/repair
• Dashboard renders invalidated/repaired/non-actionable approval states

Pricing Page

• Expanded feature matrix matching dashboard entitlements
• Team tier marked "Coming Soon"