-
Notifications
You must be signed in to change notification settings - Fork 1
Platform Changelog
Claude Agent edited this page Jun 28, 2026
·
35 revisions
This page tracks deployed platform functionality, updated daily. It is indexed by the OSC architect RAG system so users can ask "what was recently deployed?" or "when did feature X ship?".
- Fix Manage Parameters modal to degrade gracefully when the parameter store returns a 404 or 503, showing a clear error instead of leaving the panel in a broken state
- Add session guards to profile pages to prevent cryptic "digest mismatch" errors when sessions expire during navigation
- Distinguish "orchestrator unreachable" from generic network errors in instance-management tools — the agent now reports the cluster is down rather than retrying indefinitely
- Require explicit confirmation before executing destructive MCP operations (delete, remake, restart) — agents must confirm intent before the action runs, per ADR-0030
- Extend confirmation handshake to
admin-remake-service— admin service rebuilds now require the same explicit confirmation as other destructive operations - Add
update-my-app-source-refMCP tool — repoints a custom app to a different git branch or commit SHA without needing to redeploy from scratch - Fix MinIO client to parse port and SSL settings from the instance URL — resolves connection failures when the MinIO endpoint uses a non-default port
- Redact sensitive values at write time in the MCP secret scanner — secrets are masked before they can be stored in tool logs or conversation history
- Add
sovereigntyfield to the MyApp response — indicates whether a custom app is hosted on Elastx (Swedish-owned,"se") or Linode/Akamai (US-owned,"us") - Thread secondary orchestrator domain through all HA standby operations — high-availability MyApps now correctly route standby lifecycle calls to the secondary cluster
- Fix public hostname resolution in
switchProxyTargetfor Elastx-hosted apps — proxy target switches now use the correct public-facing hostname instead of internal cluster DNS
- Add Open Live launch post to the blog (authored by Magnus Svensson)
- Fix attribution tracking to capture
gad_sourceandgad_campaignidGoogle Ads parameters
- Fix MyApp restarts in multi-region deployments — restart operations now route through the correct orchestrator URL and succeed reliably across all five runner types
- Fix app build status detection to probe the app's public endpoint rather than internal cluster DNS — reduces false "still building" states on newly deployed apps
- Fix MyApp list deduplication — when the same app appears on both primary and secondary sites, the primary site entry now takes precedence
- Add live email search to the team members list — admins can now filter by email address without scrolling through the full list
- Show a friendly error when the parameter store is temporarily unreachable in the Manage Parameters panel instead of leaving it in a broken state
- Fix app rebuilds sourced from Gitea repositories — the admin token in the source URL is now refreshed on every rebuild so stale credentials no longer cause build failures
- Fix PostgreSQL connection URL detection to recognise both
postgres://andpostgresql://schemes
- Surface the specific reason when workspace deletion is blocked — users now see which active subscriptions are preventing deletion instead of a generic error
- Auto-regenerate a stale service secret when the platform access token has been rotated — reduces "service secret expired" failures after credential rotation
- Fix log viewer stability during pod restarts — cancellation errors no longer surface as UI errors in the live log panel
- Improve text contrast in the empty AI assistant panel (WCAG AA compliance)
- Return a clear "service does not support updates" message when
update-service-instanceis called on a service that lacks an update endpoint (404/405), so the agent can communicate the limitation rather than emitting an opaque error - Detect "build in progress" placeholder pages during
wait-for-app-readyprobing — avoids incorrectly reporting a newly deployed app as ready before it has started - Handle platform-overload errors (
MaxRetriesPerRequestError) with a structuredPLATFORM_UNAVAILABLEresponse rather than crashing the tool call - Intercom setup now confirms each dependency is fully running before proceeding, even when the dependency was created in a prior session
- Tag custom domain ingresses with the owning tenant ID (
osaas.io/tenant-idlabel) — improves observability and enables per-tenant filtering in cluster tooling
- Support configurable ingress class for custom-domain ingresses via environment variable — enables deployments on clusters with non-default ingress controllers
- Fix YouTube video loading in the How It Works section — CSP now allows
youtube-nocookie.comembeds so the demo video plays correctly
- Remove Easy Install option from the service creation modal — workspace setup now offers AI-assisted or Advanced (manual) setup only
- Fix duplicate WebSocket connections from the Chatwoot live chat widget
- Fix cost estimate display to match the post-creation per-day cost breakdown
- Fix user-friendly error message when the My Apps list fails to load due to a timeout
- Fix service deletion to treat a cast-receiver "No such instance" 500 as a successful no-op, matching the existing 404 handling
- Add
refresh-workspaceMCP tool — re-reads which workspace the current token maps to, useful when the agent appears to be managing the wrong workspace after reconnecting or switching sub-workspaces - Add
wait-for-service-readyMCP tool for catalog service instances — polls until the instance reports healthy or times out after 5 minutes; called automatically aftercreate-service-instance - Fix PAT management tools to connect to the correct token service endpoint
- Add publish/unpublish support for services with a
statusfield — services can now be toggled between published and unpublished states in the catalog
- Add error handling to prevent HTTP 500 on Kubernetes API failures — infrastructure errors now return a structured error response instead of crashing the request
- Add click-to-load YouTube embed in the How It Works section — video loads on click to avoid auto-loading third-party resources on page visit
- SEO improvements: Organization entity markup, Products footer links, and sitemap aggregation for better search indexing
- Return a clear
AUTH_REQUIREDerror when MCP tools try to access a parameter store that requires authentication, so the agent knows to configure auth before retrying - Fix
setup-parameter-storeto handle responses where the instance URL is not yet available, avoiding a crash during slow provisioning - Inform the agent that
delete-parameter-storetakes up to 2 minutes to fully propagate, preventing false "still exists" retry loops - Auto-fetch startup logs when
create-service-instancereports a startup failure — the agent can now diagnose config errors and missing env vars without a separateget-logs-for-instancecall
- Fan out MyApp runner-namespace secrets to the Elastx (prod-se) cluster — secrets created for MyApp instances are now automatically replicated to both Linode and prod-se
- Create the correct TLS certificate issuer alias during prod-se provisioning, fixing certificate issuance failures when deploying new service instances to the Sweden region
- Remove the fallback URL from parameter store creation response to prevent agents from connecting to an endpoint before the instance is ready
- Redirect
/statustostatus.osaas.io— the platform status page now shows the hosted status dashboard instead of a broken embed
- Add
osc_search_toolsandosc_call_toolmeta-tools for operator-mode embedding —osc_search_toolsreturns a lightweight tool catalog (name + description, filterable by category or query),osc_call_tooldispatches to any OSC tool without exposing the full schema surface - Fix storage credential detection to identify the new-instance propagation window: when MinIO credentials are not yet active after instance creation, the tool now returns a clear message to wait 30 seconds and retry rather than a generic error
- Fan out service instance restart calls to the Elastx (prod-se) cluster — restarting an instance from the dashboard or via MCP now propagates to both Linode and Sweden regions
- Show a human-readable error when subscription or entitlement limits block instance creation
- Show the variable names in "missing required variables" errors so users know exactly which configuration is incomplete
- Redirect expired or reused magic-link sign-ins to a dedicated
/auth/errorpage instead of a 500 error - Add outcome-led service descriptions and an in-card "Ask the assistant" button to the empty-state first-deploy card
- Fix paste mode for the OSC token field when editing an agent task with no token saved
- Fix
createAgentTaskto reject invalidsourceUrlvalues before they reach the backend
- Add
compositionmode toestimate-service-costto estimate the combined cost of a set of services as a group - Return a clear message when
get-logsis called on a service with no log endpoint rather than returning an opaque error - Add server-side read-only mode: append
?mode=readonlyto the MCP URL to restrict all tools to read-only operations - Require cost confirmation before
create-service-instancecompletes when the estimated cost exceeds the workspace token budget - Fix network error context in PAT fetch calls and handle stale MinIO credentials and TLS errors in storage tools
- Add Regenerate credentials button to the parameter store page so users can rotate the
CONFIG_API_KEYwithout recreating the store
- Organize all MCP tools into named categories — AI assistants now filter by category (e.g.
?filter=databases) more reliably
- Surface clone failure reason and add GitHub repository pre-flight check in MyApps setup
- Show open pull-request status on Agentic SDLC sub-tickets in the issues list
- Fan-out parameter store secret create/delete/rotate operations to the Elastx cluster automatically
- Add git credential reference option when creating agent tasks (select a stored credential instead of pasting a token)
- Add inline tenant ID availability check during workspace creation
- Add "Talk to us" and "Book a call" link in the empty-state dashboard hero
- Fix secret reference name overflow in the instance parameters display
- Fix token expiry input validation to prevent creating tokens with invalid expiry dates
- Show "In review" status for Agentic SDLC sub-tickets that have an open pull request
- Add git credential reference field to
create-agent-taskandupdate-agent-taskMCP tools - Add operator mode detection — append
?mode=operatorto the MCP URL for operator-scoped tool access - Fix health checks for queue-worker services that have no HTTP endpoint
- Reject embedded
{{secrets.*}}placeholders passed directly inside service parameter values - Allow claude.ai origins in CORS so the OSC MCP server works from claude.ai
- Fix
restart-service-instanceMCP tool to return a structured error when the instance link is not found - Auto-supply the OSC access token in
create-agent-taskwhen not provided
- Copy the GitHub token to the stage app during stage environment provisioning
- Show a proactive help nudge ("Still exploring? We're here if you need a hand") in the empty-state dashboard after browsing services for 10 minutes without deploying
- Fix token usage estimate dialog contrast and link styling
- Fix OAuth token minting to correctly tag tokens as OAuth-issued in /api/connect/token
- Exempt OAuth-issued tokens from the PAT lifetime cap, allowing OAuth apps to mint long-lived PATs on behalf of users
- Fix log viewer to stack entries vertically instead of overlapping
- Surface agentic setup links at the empty-state activation moment
- Remove deprecated GET /api/user/pat endpoint
- Fix live-mode log polling: first fetch is now immediate, pagination state resets correctly
- Handle 404 responses from service API gracefully as instance-not-found in stop and manage actions
- Show token balance, refill model, and zero-state in the deploy modal
- Fix
list-user-inbox-itemsMCP tool returning truncated results when the response is paginated - Extend
restart-my-apprate limit window to 60 minutes - Add terminal-error guidance to
admin-remake-servicetool description - Add circuit-breaker and recovery hints to parameter-store operations
- Fix Agentic SDLC: task secrets now fall through to the legacy secret store when a key is missing from the primary store
- Add
generateOAuthToken()andisOAuthToken()to the@osaas/tokenSDK for tagging and identifying OAuth-issued tokens
- Add reload button to My Apps requests page (Agentic SDLC)
- Allow referencing a saved git credential when creating a MyApp (select from dropdown instead of pasting token)
- Hide public-access toggle for HTTP-only instances that have no NodePort (prevents confusing no-op toggle)
- Surface NodePort endpoints in
describe-service-instance— UDP-based services (STUN/TURN, SRT) now show host:port endpoint lines and a usage hint
- Fix Agentic SDLC: propagate
configApiKeyto stage app on stage-link callback so encrypted parameter stores work end-to-end - Fix Agentic SDLC: widen PR review trigger to include all human reviewer comments (not only
[blocking]-tagged ones) - Fix MyApps: add 30-second minimum-age guard to prevent false rebuild triggers from stale pod observations
- Fix MyApps: map HTTP 404 response to
runningstate during build status polling for Python/Go/dotnet/WASM runtimes - Fix certificate issuer: use GTS ClusterIssuers when
acmeIssuer=gtsis configured
- Fix: stop retrying POST/PUT/PATCH/DELETE requests on fetch timeout (only GET/HEAD safe for retry)
- Surface actionable error when a My Domain proxy name exceeds the 63-character DNS limit
- Add divergence detection to
restart-my-app rebuild=trueto prevent unnecessary rebuilds -
wait-for-app-readyreturns terminalnot_foundwhen the app 404s during polling - Clarify
set-instance-public-accesscontrols TCP port exposure only, not HTTP auth-gate access - Handle deploy-manager "already removed" 200 response as a clean not-found on app delete
- Use pre-flight
getAppresult to detect non-existent apps before delete, avoiding false 404 errors
- Fix proxy Service name validation to enforce the 63-character DNS-1035 limit (was incorrectly allowing 253)
- Use serviceId as stable DNS label for TCP ingress hostnames instead of per-tenant appName
- Fix wildcard TLS cert host binding to use stable API domain
- Fix orphaned ReplicaSets after service instance deletion
- Fix port-name suffix incorrectly appended to TCP ingress hostname
- Show Swedish flag badge on service cards and detail page for prod-se instances
- Make ACME issuer configurable (LE default, GTS optional)
- Remove cache bypass workaround now that fast-jwt v6 is safe
- Add
start-git-credential-registrationMCP tool: initiates browser-based PAT registration, returns a one-time URL valid for 10 min - Add
get-git-credential-setup-instructionsMCP tool: returns a ready-to-run curl command for headless/CI environments - Add
list-git-credentialsMCP tool: list registered credential names and timestamps (PAT values are never returned) -
create-my-appnow accepts agitCredentialparameter — pass a pre-registered credential name instead of a raw PAT -
update-my-app-github-tokennow acceptsgitCredentialfor rolling token rotation with no downtime - Return structured error from
restart-my-appwhen the app is still in creating state - Return structured 409 from
update-my-app-github-tokenon conflict - Return structured error for non-managed buckets in
list-objects-on-bucket -
enable-app-stage-prodresponse now includes async-init guidance for apps initialising after first enable
- Consolidated tenant instance list now aggregates across primary and secondary hosting sites (multi-region support)
- Return 404/503 instead of generic 500 when version listing fails during Agentic SDLC operations
- Propagate subPath and analyticsService to stage app provisioner in Agentic SDLC
- Replace PayPal with Stripe as payment provider on purchase pages
- Add Git Credentials tab to My Apps dashboard for private repository access without sharing raw tokens
- Add browser-based PAT registration page for secure git credential setup (PAT never passes through MCP or chat)
- Add rate limit and client-side cooldown to magic link login flow
- Fix overlapping labels in Add Git Credential modal
- Fix submit button not disabled while create-team form is pending
- Fix: show service instances without requiring a subscription record
- Add
start-git-credential-registrationMCP tool: initiates browser-based PAT registration, returns a one-time URL (valid 10 min) - Add
get-git-credential-setup-instructionsMCP tool: returns a ready-to-run curl command for headless/CI credential registration - Add
list-git-credentialsMCP tool: list registered credential names and timestamps (PAT values never returned) -
create-my-appandupdate-my-app-github-tokennow acceptgitCredentialparameter; inline token args deprecated -
get-service-schemauses structured fuzzy matching for improved service discovery - Auto-diagnose on
update-service-instanceUnknown reason failures - Add
list-all-feedbackadmin tool - Add
create-personal-access-token,list-personal-access-tokens,revoke-personal-access-tokenMCP tools - Expose OscEntry DLL field on dotnet My App via MCP
- Support private repository git credentials — store a named PAT, reference it by name at app creation and git-token rotation
- Add git-credential-session mint and redeem endpoints backing the browser-based PAT registration flow
- Add AI agent safety section to homepage
- Add lifecycle tools section to /mcp page
- Widen SAT cookie domain to .osaas.io for cross-cluster authentication
- Fix
/api/auth/loginto redirect correctly to/api/auth/signin(308)
- Add OscEntry DLL field to dotnet MyApp — pin the entry DLL at creation or update it later in Settings
- Faster app deletion with parallelized runtime probing
- Auto-trigger Trivy security scan after every rebuild
- Fix linked issue URL input invisible in dark mode
- Add 10s timeout to deleteMyApp with clear abort error
- Fix agent task completion tracking: route syncRunningTaskStatus through updateRunInHistory
- Add MCP integration guide link to Codex tutorial What's Next section
- Show sign-in code confirmation message and enable OTP autofill on magic-link login
- Pre-populate feedback drawer fields from the list item to fix empty linked issue URL
- Close plan downgrade warning modal immediately on API success
- Add list-service-instances preflight and terminal-error guidance for bulk delete operations
- Automatically probe and refresh stale Gitea tokens in Agentic SDLC workflows
- Show platform build status (building/running/failed) in the My Apps logs modal
- Context-aware empty-state message in logs modal when app is still building
- Paginate list-parameters to return all keys when a store has more than one page
- Steer create-my-app to wait-for-app-ready instead of get-my-app after creation
- Add required-field guard to create-service-instance to catch missing mandatory fields early
- Require list-service-instances preflight before bulk delete to prevent stale-name failures
- Make /enable endpoint async, returning 202 Accepted immediately
- Add VS Code Bearer token auth header option to /mcp setup page
- Add Windsurf setup tab to /mcp page with mcp_config.json snippet
- Use per-domain delete to handle secondary-slot custom domains
- Show tenant and user names in feedback list
- Show confirmation modal after plan downgrade
- Show workspace name in feedback table Tenant/User column
- Close restart modal immediately for HA apps
- Emit DAU by product attribution (liivo/osc)
- Add stop-condition to get-parameter to prevent exhaustive store search
- Add Gitea repo recovery workflow to system prompt
- Correct off-by-one in secondary proxy slot length check
- Surface My Apps as equal activation path in dashboard empty-state
- Add Pro plan first-session value walkthrough after subscription activation
- Add voucher code input to activate-subscription modal
- Add Trial ends column to admin subscriptions table
- Add voucher promo code toggle to day-0 FirstDeployCard footer
- Prevent secret name chip from overflowing modal edge
- Show trial end date in Token Usage card
- Apply voucher code during Stripe checkout via successUrl redirect
- Hide trial end banner for users on paid plans
- Use port 8080 fallback in Node.js and Python skill examples
- Add MCP subagent guidance and get-mcp-config tool
- Strengthen service ID anti-patterns and add circuit-breaker
- Add list-feedback trigger for feedback status queries
- Redact secrets in assistant messages before MongoDB persistence
- Add backfill-secrets entry point and fix K8s job manifest
- Surface K8s failure condition message in backup records
- Add AI Agentic Engineer MCP block above the fold
- Pre-render service list in SSR for SEO/AEO
- Bump service-count refs from 180 to 183
- Expose trialEnd in TenantPlan schema for admin trial date visibility
- Persist trialEnd in MongoDB to avoid redundant Stripe API calls on GET /tenantplan