Skip to content

v1.1.4

Choose a tag to compare

View all tags
@Miles-YF Miles-YF released this 09 Mar 03:09
· 199 commits to main since this release
v1.1.4
b5970bd

Overview

This release introduces content-aware tool policy control and a durable human-in-the-loop approval workflow, with follow-up improvements for approval reliability, replayability, auditability, and documentation clarity.

Highlights

  • Added content-aware tool policies with DSL-based evaluation and server/global policy resolution.
  • Added persistent async HITL approval queue to replace the previous synchronous timeout-based approval flow.
  • Added approval execution result replay and per-request-hash rate limiting.
  • Added approval audit metadata and pagination support for admin APIs.
  • Improved policy evaluation safety, retry ordering, approval lifecycle stability, and admin visibility.

Added

  • Content-aware tool policy engine for MCP tool calls.
  • Async approval queue with persistent lifecycle tracking and deduplicated approval requests.
  • Admin APIs for:
    • policy CRUD
    • effective policy resolution
    • approval listing/detail/decision
    • pending approval count
  • Approval execution result storage and replay path.
  • Approval decision audit fields and paginated approval query support.
  • Policy set version uniqueness with optimistic retry support.
  • Socket notification enhancements for approval created/decided/expired/executed/failed events.

Fixed

  • Prevented archived policies from being hidden permanently in admin list results.
  • Cleaned up approval request state transitions to avoid orphaned EXECUTING records.
  • Corrected retry ordering to avoid stale cache evaluation.
  • Normalized serverId lookup behavior in admin policy resolution.
  • Added regex and DSL matcher guardrails to improve policy evaluation safety.
  • Replaced immediate approval errors with synchronous wait polling fallback.
  • Hardened HITL approval lifecycle and client compatibility.
  • Stabilized approval retries and wait-state handling.
  • Fixed nullable userId handling.
  • Restored package version consistency before final release bump.

Documentation

  • Restructured README around Gateway / Runtime / Extensions.
  • Added documentation for auto-recovery, request retry, REST API converter, Skills MCP, and lazy start.
  • Added policy and approval admin API documentation.

Database Migrations

This release includes the following Prisma migrations:

  • 20260227000000_add_content_aware_policies_hitl_queue
  • 20260227170000_add_tool_policy_set_version_uniqueness
  • 20260306013500_add_execution_result_to_approval_request
  • 20260306093000_add_approval_decision_audit_fields

Upgrade Notes

  • Run database migrations before starting the new version.
  • Review any admin-side integrations if they consume approval or policy APIs, because this release expands approval metadata, result replay fields, and policy management capabilities.

Full Changelog

  • feat: add content-aware tool policies and async HITL approval queue
  • fix: return all policy statuses in admin list endpoint to prevent archived policies from becoming permanently hidden
  • fix: move approval request cleanup before retry check to prevent orphaned EXECUTING records
  • fix: restore package.json version to match published release
  • feat: add version uniqueness with optimistic retry for policy sets
  • fix: normalize serverId and add server-side policy lookup in admin handler
  • fix: correct retry ordering to prevent stale cache evaluation
  • fix: add regex length guard and TTL cache for policy evaluation
  • docs: add policy and approval admin API documentation
  • fix: add length guards to DSL glob matcher and regex condition
  • fix: reuse subject variable in regex test to avoid double String() coercion
  • docs: restructure README for MCP infrastructure positioning
  • docs: add REST API converter, Skills MCP, and lazy start to README
  • docs: restructure features into Gateway/Runtime/Extensions, add auto-recovery and request retry
  • fix: replace immediate approval error with synchronous wait polling
  • fix: harden HITL approval lifecycle and client compatibility
  • fix: stabilize approval retries and wait-state handling
  • feat: add execution result replay path and per-hash rate limiting
  • fix: userId is a nullable parameter
  • feat: add approval audit metadata and pagination
  • Merge pull request #6 from dunialabs/feat/content-aware-policies-hitl-queue
  • version: 1.1.4
Assets 2
Loading