Skip to content

v1.18.0

Choose a tag to compare

@github-actions github-actions released this 05 Jul 14:46
76cb9fe

Highlights

Engram Cloud now supports principal-based user and token management end to end.

This release replaces the old single-token cloud model with managed human users, per-user managed tokens, project grants, first-admin bootstrap, dashboard administration, and runtime managed-token authentication while preserving the legacy ENGRAM_CLOUD_TOKEN path during migration.

Cloud user and token management

  • Added managed principals, human users, per-user hashed tokens, and project grants backed by cloud storage.
  • Enforced deny-by-default project access for managed principals on sync routes.
  • Added managed-admin JSON API handlers for users, tokens, grants, enable/disable, and revoke flows.
  • Added dashboard sessions for managed admins, first-admin bootstrap, and managed-user UI for tokens and grants.
  • Added CLI bootstrap support for creating the first managed admin and optionally issuing the first managed token.
  • Wired engram cloud serve so managed tokens authenticate against real runtime storage when ENGRAM_CLOUD_TOKEN_PEPPER is configured.

Security and audit hardening

  • Managed tokens are shown only once and stored as hashes using a dedicated token pepper.
  • Disabled managed users cannot receive newly issued managed tokens.
  • Revoked tokens and disabled users are rejected consistently by the runtime auth path.
  • Token issuance and success audit insertion are atomic for admin API, dashboard, and bootstrap token issuance, so failed audit writes do not leave live unaudited credentials.
  • Dashboard login, bootstrap, legacy recovery, deny, and admin mutation paths now record stronger audit events.

Dashboard and operator UX

  • Added managed-user dashboard pages for listing users, inspecting details, issuing tokens, granting projects, revoking tokens/grants, and enabling/disabling users.
  • Disabled users no longer show an active token creation affordance.
  • Disabled-user token creation attempts render a dashboard-styled 409 page instead of raw plain text.
  • Docker compose examples now document ENGRAM_CLOUD_TOKEN_PEPPER for managed-token auth testing.

Documentation

  • Updated cloud quickstart and troubleshooting docs for managed-token bootstrap and token pepper configuration.
  • Archived the OpenSpec change artifacts and promoted the cloud user token management spec.

Validation

  • Local validation before release: go test ./...
  • Tracker PR CI: Unit Tests and E2E Tests passed.
  • Local Docker QA verified authenticated mode, managed-token sync, invalid-token rejection, user/token/grant flows, revocation, disabled-user rejection, and dashboard persistence.

Changelog

  • 76cb9fe Merge cloud user token management
  • 064c20a fix(cloud): make managed token issuance audit atomic
  • 4b4a85a562cf291c6dc86e5b59f39f010e12c74d fix(cloud): polish disabled token dashboard UX
  • 3c6c7ce fix(cloud): reject token issuance for disabled users
  • 8babe577a28e3b91b2b6223282d30a83e3ae33e3 feat(cloud): wire managed-token auth into cloud runtime
  • ee2ac819c807f9cba26bd7d5d57c94fde2a65b31 feat(cloud): add CLI admin bootstrap and sync contract tests
  • 7587be0e4711e20de986e494fa8a98a24e9d4cc9 feat(cloud): add managed-user dashboard UX
  • 4035ab5df370d5a96767324689f973dd89ffd523 feat(cloud): audit dashboard login and legacy recovery
  • 4bd03db532567a27b95f53a3c8927e5c64c26aa5 feat(cloud): add dashboard principal sessions and bootstrap
  • 7172b953b7231e7371ade07d00e2a0d25ec18c19 feat(cloud): add managed admin API handlers
  • 2669f3bf7b7c0d2031acb74323850bf329f13168 feat(cloud): enforce principal sync grants
  • 9defadf8177eae2780aa8a73f399c00ab143354a feat(cloud): add identity storage foundation
  • d4c3b386c11389997468f9af13f4e674d1412637 feat(cloud): add auth principal foundation
  • a6c473dc8b577598f628122d256a1d93d6d51143 docs(cloud): plan user token management
  • 18890d0 docs: refresh codebase setup guide
  • 6fc70fb26a08d9fb9b66dac29dd3a63173136133 fix(pi): clarify native Engram provider failures
  • 44faeee5731a093fa4577bd81aec0f3f7dc3e52d fix(setup): update cursor post-install test after #522 (#524)