Changelog

• ceca2c0 fix(store): exact match for DAG name lookup in listRoot (#1490)

Changelog

• 5d6e50d fix(auth): allow API token to perform write/execute operations (#1486)

Added

• API: Added optional singleton flag to POST /dags/{fileName}/enqueue endpoint to prevent duplicate runs when a DAG is already executing or queued; returns HTTP 409 Conflict when enabled and active/queued runs exist (#1483, #1460)

Changed

• Deps: Upgraded gopsutil from v3 to v4 (#1470)
  • Note: On Linux, UsedPercent for memory now derives from MemAvailable rather than the previous method, which may alter reported values by 6-10%
• Release: Removed NetBSD from release targets

Fixed

• Scheduler: Queue processor now respects maxConcurrency configuration in global config for DAG-based queues (#1482)
• Runtime: Fixed dequeue command missing queue name parameter, causing API-based dequeue operations to fail (#1481)
• Auth: API token authentication now works alongside builtin authentication mode; unified middleware supports JWT Bearer tokens, API tokens, Basic auth, and OIDC simultaneously (#1480, #1478, #1475)
• UI: User Management menu now only displays for admin users when authentication mode is "builtin"; reset password functionality restricted to admin users (#1484)
• Runtime: Special environment variables (DAG_RUN_ID, DAG_NAME, etc.) now work correctly in handlerOn.exit and other handler contexts (#1474)
• Security: Escaped config path strings injected into HTML templates to prevent potential JavaScript injection vulnerabilities on Windows (#1472)

Contributors

Thanks to our contributors for this release:

What's Changed

• fix(ui): escape config path string injected in html by @yottahmd in #1472

Full Changelog: v1.26.2...v1.26.3

Added

• Spec: Added optional negate flag for preconditions at both DAG and step levels to invert condition evaluation (#1451)
• Spec: Added init handler field that executes after preconditions but before workflow steps - if it fails, subsequent steps are prevented from executing (#1455)
• Spec: Added abort handler as canonical replacement for the deprecated cancel handler (#1455)
• Spec: Added skipBaseHandlers option to prevent sub-DAGs from inheriting parent handler configurations (#1455)
• Spec: Added continueOn shorthand syntax - users can now specify continueOn: "skipped" or continueOn: "failed" instead of verbose object definitions (#1454)
• CLI: Added --default-working-dir flag to start and enqueue commands to specify a fallback working directory for DAG executions; automatically propagates to sub-DAGs (#1459)
• Feature: Added comprehensive resource monitoring for CPU, memory, disk, and system load with in-memory retention store and API endpoint (GET /services/resources/history) (#1461)
• UI: Added resource usage visualization charts on System Status page (#1461)
• Feature: Implemented built-in JWT-based authentication system with role-based access control (RBAC) (#1463)
  • Four-tier role hierarchy: admin, manager, operator, viewer
  • Complete user management APIs (create, list, view, update, delete)
  • File-backed user store with atomic writes and thread-safety
  • Login flow, protected routes, user management UI
• Config: Added AUTH_MODE environment variable supporting none, builtin, and oidc modes (#1463)

Changed

• Config: Refactored configuration loader to use service-scoped loading that only loads necessary settings for each command context, improving startup performance (#1467)
• Config: Replaced public Global config field with Core across the codebase (#1467)
• Config: Standardized key=value parsing using strings.Cut instead of strings.SplitN (#1467)
• API: v1 API routes are now disabled when authentication is enabled (#1463)

Fixed

• Runtime: Log tails and recent stderr now decode multiple encodings (Shift_JIS, EUC-JP, ISO-8859-1, Windows-1252, GBK, Big5, EUC-KR, UTF-8) properly based on system locale (#1449)
• Runtime: Special environment variables (DAG_NAME, DAG_RUN_ID, DAG_RUN_LOG_FILE) are now properly accessible in failure handlers and executor config evaluation (#1448)
• Queue: Fixed queued DAG jobs failing to process with "name or path is required" error - queue items now use lazy, file-backed loading with proper error handling (#1457, #1437)
• UI: Disabled step retry buttons while a DAG is actively running to prevent unintended behavior (#1447)
• Validation: Added maximum DAG name length validation (40 characters) with pre-validation on rename operations (#1469)
• Config: Made auth mode nullable in configuration, establishing "none" as the default with runtime validation (#1469)
• UI: Enhanced dark-mode text selection styling for input fields (#1469)

Contributors

Thanks to our contributors for this release:

This release includes an important fix for Windows version and enhancement for SMTP authentication.

What's Changed

• fix(windows): bug in command construction with powershell/cmd.exe by @yottahmd in #1445
• fix(mail): add STARTTLS and LOGIN auth support for SMTP by @yottahmd in #1446

Full Changelog: v1.25.0...v1.25.1

v1.25.0 (2025-12-04)

Added

• UI: Display script detail dialog on steps list (#1435)
• UI: Added Paths display panel in System Status page, showing system filesystem locations (DAGs, logs, config files, etc.)
• Config: Resolve path environment variables to absolute paths and sync for subprocesses (#1430)

Changed

• Config: Log encoding now auto-detected from system locale (Unix) or Windows code page instead of defaulting to UTF-8 (#1439)
• API: DAG rename no longer renames run history to prevent data loss

Fixed

• Core: Resolve working directory relative paths correctly - DAG-level workingDir resolves against DAG file location, step-level dir resolves against DAG's workingDir (#1436)
• Windows: Improved PowerShell and cmd.exe shell handling (#1439)
  • Scripts in working directory now execute correctly (auto-prefixes .\ when needed)
  • PowerShell scripts now fail properly on non-zero exit codes from external commands
  • Environment variable matching is now case-insensitive
  • Added platform-specific base environment variables
• UI: Fixed graph visualization crash when step names contain parentheses (#1440, #1434)

Contributors

Thanks to our contributors for this release:

Full Changelog: v1.24.11...v1.25.0

This release includes a fix for critical bug in cron scheduler introduced in v1.24.8, many bug-fixes for Windows version, a UI improvement (popover on DAG-run status), and a new DAG-level shell field.

Added

• DAG: Set a default shell once per workflow via a new root-level shell field; both DAG and step shell values accept strings or arrays so you can pass shell flags without quoting hassles (#1426)
• UI: Running and failed step names displayed on the DAG runs page for quick status overview without navigating to details (#1420, #1401)
• Installer: Windows support with PowerShell and cmd.exe installation options (#1428)

Changed

• CLI: dequeue now accepts a queue name positional argument and will pop the oldest item when --dag-run is omitted; provide --dag-run to target a specific run (#1421)
• Core: Refactored logging code to use typed attributes for better observability (#1422)

Fixed

• Scheduler: Fixed DAG entry reader not starting on startup, causing scheduled runs not to execute (#1427, #1423)
• Executor: Handle Windows script extensions for proper command execution (#1425)
• Config: Use correct config file path on Windows (#1424)

Contributors

Thanks to our contributors for this release:

Full Changelog: v1.24.8...v1.24.11

This release includes some of important bug fixes in queue functionality.

Fixed

• Core: ensure DAG working directory exists
• Core: fix bug in DAG-run data retrieval
• API: fix bug in the queue items API endpoint
• Core: fix bug in queue item processing

Added

• Spec/API/UI: Added timeoutSec step-level field to cap individual step execution time; when set it overrides any DAG-level timeout for that step (#1412)

Contributors

Thanks to our contributors for this release:

Full Changelog: v1.24.7...v1.24.8

This release includes a hot fix for OIDC authentication issue.

Changelog

• 8e93120 auth/oidc: keep provider context alive for jwks fetch (#1414)

Contributors

Thanks to our contributors for this release: