Releases: toise-dev/toise
Release list
v0.9.2
[0.9.2] - 2026-07-03
Graph viewer overhaul (example only). This release changes only the
examples/graph-viz consumer — a standalone, dependency-free page that reads the
GraphQL API. The server and the pkg/emit SDK are unchanged, so the binaries are
functionally identical to 0.9.1; no wire-contract change, no data migration.
Added
- Time-travel timeline. A graduated ruler with absolute time labels on nice
boundaries and a cursor whose exact timestamp follows the drag; view the topology
as-of any past instant via theentities(asOf:)/relations(asOf:)arguments, plus
a replay / fast-forward mode to scrub through history like a video. - Change-density heatmap behind the timeline: one row per entity type, a
contribution-graph grid whose cell colour and intensity show how many changes that
type saw in each slice of the span, so busy periods stand out at a glance. Drag
across it to zoom the timeline into a period. - Display options: a static-layout toggle (fixed positions, no re-animation on
updates), an edges on / labels / off toggle to declutter, and a search filter
that hides everything whose identity/attributes don't contain the query (to isolate,
e.g., an application). - A resizable detail panel for a clicked entity, with a close button.
Changed
- The layout now settles into legible star/hub clusters and freezes there — computed
with the canvas hidden and revealed already laid out, instead of a drifting hairball
that flies in. Edges are faint and label-free by default so large graphs stay readable.
Fixed
- Long identity/attribute values no longer overflow and clip in the detail panel; the
density profile counts real changes (heartbeats excluded), not the heartbeat flood.
Install
curl -fsSL -o toise.tar.gz https://github.com/toise-dev/toise/releases/download/v0.9.2/toise_v0.9.2_linux_amd64.tar.gz
tar xzf toise.tar.gz && ./toise_v0.9.2_linux_amd64/toise-server --help
docker pull ghcr.io/toise-dev/toise:v0.9.2The graph viewer is examples/graph-viz/index.html — serve it behind the same proxy as /graphql. Server and pkg/emit SDK are unchanged from 0.9.1.
v0.9.1
[0.9.1] - 2026-07-03
Correctness and hardening from a full engineering review. A patch release that
closes a silent time-travel data bug, an audit-attribution bug, and a cluster of
durability, tenant-lifecycle, and security residuals, and completes the same_as
identity-belief path end to end. Every change is additive and backward compatible:
existing producers, consumers, and deployments keep working unchanged; no wire-contract
break, no data migration. The producer SDK moves to pkg/emit/v0.4.0.
Added
same_asconfidence and basis, end to end (SDKpkg/emit/v0.4.0). A producer
can now assert an identity belief — "these two nodes are the same real thing,
confidence 0.95, basisifPhysAddress" — viaRelationship.Confidence/.Basison
the SDK andconfidence/basison thesame_asdescriptor at ingest. The read-time
canonical overlay (ADR 0020) collapses those beliefs; until now it had no way to be
fed and was inert. Belief attributes ride only onsame_asedges; other embedded
edges stay attribute-free. The conformance kit advises on asame_asedge whose
confidence is missing or out of[0,1].
Fixed
- As-of queries silently dropped live entities past the retention horizon. After
pruning, an as-of fold for an instant between the retention horizon and now could omit
a still-live entity whose only surviving event was a recent heartbeat — returning a
graph missing real infrastructure, with no error, to LLM and GraphQL callers alike.
Retention now re-materializes a baseline event at the horizon for such entities
(self-cleaning, no unbounded growth). ADR 0013 amended. - Operator writes were audited under the wrong tenant. Every
annotate_entitywas
recorded as tenantdefault(and a derive-only scoped token's write was misattributed)
because the resolved tenant was never stamped into the request context. Fixed at the
tenant router, so the audit trail attributes every write to the tenant it targeted. - A gapped or overlapping shipped log was replayed silently. Log restore now
validates segment contiguity and hard-errors on a gap or overlap instead of rebuilding
a wrong graph; a marshal error on ship is surfaced, and the cursor cache is invalidated
on a failed put. - Tenant lifecycle.
MaxTenantsis enforced atomically under concurrent first-use
(no over-mint past the cap), anddelete-tenantrefuses to run against a live server
(it takes the pebble lock) instead of removing an open store's files. - A mass expiry no longer stalls ingestion. When a producer dies and its whole
subtree lapses at once, the sweep commits every expiry in one durable batch (one
fsync) instead of one per entity and edge. - The conformance kit rejected the AnyValue
entity.descriptionToise itself emits
since 0.9.0, and a producer-guide snippet told producers to retry a permanent
PartialError. Both corrected.
Security
- OIDC/JWT role claim. A configured-but-absent, empty, or unrecognized role claim is
now a hard reject instead of a silent grant of the full role. ingest_mtls_only. A configuration that would leave the read surface open (no read
authenticator, orderive-onlytenancy a client certificate cannot carry) is refused
at startup rather than silently serving reads unauthenticated.
Install
# Linux amd64 (adjust os/arch: darwin/linux, amd64/arm64)
curl -fsSL -o toise.tar.gz https://github.com/toise-dev/toise/releases/download/v0.9.1/toise_v0.9.1_linux_amd64.tar.gz
tar xzf toise.tar.gz && ./toise_v0.9.1_linux_amd64/toise-server --help
# Container
docker pull ghcr.io/toise-dev/toise:v0.9.1
# Producer SDK
go get github.com/toise-dev/toise/pkg/emit@v0.4.0Producer SDK: pkg/emit/v0.4.0 (adds same_as identity beliefs). Docs: https://toise.dev/docs
v0.9.0
v0.9.0
Strict OpenTelemetry entity-events (1.58.0) alignment and read-surface security.
0.9.0 promotes the 0.9.0-beta line to stable and adds an out-of-order relation fix and a
Go toolchain security bump. Every change is additive and backward compatible — existing
producers, consumers, and deployments keep working unchanged, and the zero-config single
binary is untouched. No wire-contract break, no data migration. Upgrade in place.
Strict spec alignment (entity-events 1.58.0)
- Full AnyValue in
entity.description(#259). Descriptions carrying arrays and
nested maps are ingested faithfully end to end (ingest → store → projection →
GraphQL/MCP); composite values render as compact JSON taggedarray/kvlist.
Identity stays scalar by contract (ADR 0018). ADR 0004 amended. entity.delete.reason(#260). A producer's motive on a delete (open enum,
never validated against a closed set) is captured, persisted, and exposed on MCP
recent_changes/graph_diffand GraphQLChangeEvent.deleteReason.entity.report.interval == 0(or absent) = no cadence (#261), locked by a
conformance test: removed only by an explicitentity.delete, never by the sweep.
Read-surface security
- Decoupled ingest and read authentication (#262). New opt-in
ingest_mtls_only
(TOISE_INGEST_MTLS_ONLY, requirestls_client_ca_file): OTLP ingest is
authenticated by mutual TLS alone — no bearer — while GraphQL/MCP keep requiring their
per-client scoped tokens or OIDC. Default off. ADR 0028 amended.
Fixed
- Relation buffer no longer drops a parked edge whose target reappears periodically
(#269). An out-of-order edge is held for at least one source re-emit cycle, so the
endpoint's next heartbeat attaches it; the hold auto-scales from
entity.report.interval.
Security
- Go toolchain bumped to 1.26.4 (#271), clearing three reachable standard-library
advisories (GO-2026-5038mime, GO-2026-5037crypto/x509, and one further). No
application code changed.
Producer SDK
pkg/emit/v0.3.0(unchanged since the beta):Entity.RichAttributesemits the full
AnyValue;Entity.DeleteReasonemitsentity.delete.reason. Scalar-only producers are
byte-for-byte unchanged.
Install
# Binary (Linux amd64 shown — also darwin/linux × amd64/arm64)
curl -fsSLO https://github.com/toise-dev/toise/releases/download/v0.9.0/toise_v0.9.0_linux_amd64.tar.gz
tar xzf toise_v0.9.0_linux_amd64.tar.gz
# From source
go install github.com/toise-dev/toise/cmd/toise-server@v0.9.0
# Container (multi-arch image on GHCR)
docker pull ghcr.io/toise-dev/toise:v0.9.0
docker run --rm -p 8080:8080 -p 4317:4317 ghcr.io/toise-dev/toise:v0.9.0Each tarball ships a .sha256 — verify before installing.
See the 0.8 → 0.9 migration guide
and the changelog.
v0.9.0-beta
v0.9.0-beta
Pre-release. Strict alignment with the OpenTelemetry entity-events spec (1.58.0)
and hardened read-surface security. Fully backward compatible.
Strict spec alignment (entity-events 1.58.0)
- Full AnyValue in
entity.description(#259). Descriptions carrying arrays
and nested maps are now ingested faithfully end to end (ingest → store →
projection → GraphQL/MCP), instead of dropping the non-scalar parts. Composite
values render as compact JSON, taggedarray/kvlist. Identity stays scalar
by contract (ADR 0018). ADR 0004 amended. entity.delete.reason(#260). The producer's motive on a delete (an open
enum —terminated,expired,evicted, …, never validated against a closed
set) is captured, persisted, and exposed on MCPrecent_changes/graph_diff
and GraphQLChangeEvent.deleteReason.entity.report.interval == 0(or absent) = no cadence (#261). Locked by a
conformance test: such an entity is only ever removed by an explicit
entity.delete, never expired by the liveness sweep.
Read-surface security (#262)
- Ingest auth and read auth are now decoupled. New opt-in
ingest_mtls_only
(TOISE_INGEST_MTLS_ONLY, requirestls_client_ca_file): OTLP ingest is
authenticated by mutual TLS alone — no bearer required — while GraphQL/MCP keep
requiring their per-client scoped tokens (role read / full, individually
revocable) or OIDC. Default off; the bearer-on-ingest posture is unchanged. - ADR 0028 amended; configuration guide and a consumer note added.
Producer SDK — pkg/emit v0.3.0
Entity.RichAttributes(map[string]any) emits the full AnyValue (arrays,
nested maps), symmetric with what Toise now ingests.Entity.DeleteReasonemitsentity.delete.reasonon a delete.- Additive: scalar-only producers are byte-for-byte unchanged; the published
conformance fixture still holds.
Compatibility
Every change is additive and backward compatible: existing producers, consumers,
and deployments keep working unchanged. The shared-password read path remains a
transitional fallback.
v0.8.0
The SaaS-readiness release. 0.8.0 lands the two pillars a multi-tenant,
externally-exposed Toise needs — access security and resilience / HA —
plus a multi-source identity overlay and a major attribute-enrichment pass.
Everything is additive and opt-in: the zero-config single-binary path is
unchanged and now guarded by a CI smoke test. No wire-contract break, no data
migration — a 0.7 deployment upgrades in place.
Highlights
Access security for multi-tenant SaaS (ADR 0028)
Everything needed to expose Toise to external customers, all off by default:
derive-onlytenant trust mode — the tenant is derived from the scoped token, the clientX-Scope-OrgIDheader is ignored, so a caller can never claim another tenant.- Tokens hashed at rest (SHA-256) — a leaked config or memory dump exposes no usable credential.
- Per-tenant RBAC — role-scoped tenant tokens (read / ingest / full).
- OIDC / JWT verification on the read surfaces — tenant and role read from claims.
- mTLS on ingest — authenticate producers by client certificate.
- Append-only audit log of operator writes.
Resilience & HA (ADR 0029)
- Scheduled online backups and continuous log shipping to a directory or an S3-compatible store (AWS S3, MinIO, Ceph, R2 — one config shape).
restore-logrebuilds a data dir from shipped segments, directly from the configured target (S3 or a directory).- Read HA with no clustering — run N identical replicas behind a load balancer; each rebuilds its projection from the same OTLP fan-out.
- Tenant scaling — a per-node cap (
max_tenants) plus horizontal sharding, with atoise_tenants_opengauge to watch headroom. No Raft, no ring.
Multi-source identity (ADR 0020)
Producers can assert that two entities are the same real thing via a same_as
belief edge carrying a confidence and a basis (e.g. a serial match or a Hyper-V
KVP guest id). Above a configurable threshold, get_entity shows the canonical
group and impact_of / find_path treat a machine's facets as one — without
ever merging storage.
Attribute enrichment
- A cross-cutting governance vocabulary (ownership, criticality, location, lifecycle) advertised on
describe_schema. - Attribute filtering on the GraphQL
entitiesquery — parity with MCPfind_entities. - Pinned descriptive vocabularies for
host,network.device,network.interface,compute.vm,service.listenerand the remote-probe entities (AT8–AT13).
Also
- ADRs 0028 / 0029 / 0030 ratified; a consolidated Deployment tiers & SaaS operations guide; a tier-0 zero-config CI smoke test.
go install …/cmd/toise-server@latestworks again; the/vizgraph no longer truncates at the 200-item page cap; cold subcommands tolerate shipping environment variables.
Install
# Binary (Linux amd64 shown — also darwin/linux × amd64/arm64)
curl -fsSLO https://github.com/toise-dev/toise/releases/download/v0.8.0/toise_v0.8.0_linux_amd64.tar.gz
tar xzf toise_v0.8.0_linux_amd64.tar.gz
# From source
go install github.com/toise-dev/toise/cmd/toise-server@v0.8.0
# Container (multi-arch image on GHCR)
docker pull ghcr.io/toise-dev/toise:v0.8.0
docker run --rm -p 8080:8080 -p 4317:4317 ghcr.io/toise-dev/toise:v0.8.0Each tarball ships a .sha256 — verify before installing.
Links
- Full changelog:
CHANGELOG.md - Upgrade: 0.7 → 0.8 migration guide
- Operations: Deployment tiers & SaaS
v0.7.0
The integration release. 0.7.0 widens what you can build on Toise: an AI
assistant gets pinnable context and ready-made workflows, operators can annotate
the graph, a dashboard can hold a token that can never write, and a producer in
any language can prove it is on-spec before it ships. It also lands the identity
hardening (resurrection, connection topology) and the audit P1/P2 lot.
Not a wire-contract break, no data migration. One MCP argument was renamed —
see the 0.6 to 0.7 migration guide.
Highlights
- Operator annotations —
annotate_entity(MCP) and the first GraphQL
mutationannotateEntityattach free-form notes to an entity as an overlay:
kept in a per-tenant sidecar, surfaced onget_entityandEntity.annotations,
never mixed into producer truth or the event log. - MCP resources and prompts — pinnable context (
toise://schema,
toise://guide, thetoise://entity/{id}template) and ready-made operator
prompts (investigate_incident,blast_radius,explain_entity,
whats_changed). - Token roles — read-only (
TOISE_READ_TOKENS) and ingest-only
(TOISE_INGEST_TOKENS) bearer tokens, alongside full tokens. - Verbosity tiers —
compact/fullon the entity-returning read tools. toise-conformanceCLI — validate a producer's OTLP output against the
wire contract without a running Toise, in any language; plus a producer
directory in the docs.- API stability policy and a golden contract test pinning the whole MCP
surface (tools, resources, prompts). - Connection topology — "who depends on whom": a producer asserts a durable
depends_onedge to an observable network endpoint, and Toise resolves that
endpoint to the canonical remote listener/host at read time (a derived overlay,
never written into the log).get_neighborsthen answers both "what does this
service depend on?" and, by incoming traversal, "who connects to it?". - Identity-stable resurrection within a grace window, plus new
compute.vm
andcontainerentity types.
Breaking
- MCP
get_neighborsargument renameddepthtomax_depth, matching
find_pathandimpact_of.
Install
Binaries are attached below (linux/darwin, amd64/arm64). The container image is
multi-arch:
docker pull ghcr.io/toise-dev/toise:v0.7.0
The producer SDK is released alongside as pkg/emit/v0.2.0
(go get github.com/toise-dev/toise/pkg/emit@v0.2.0).
v0.6.0
Toise v0.6.0 — the corrective release
0.5.0
Toise 0.5.0 — time travel & the producer SDK
0.4.0
Toise 0.4.0 — correctness & LLM querying
0.3.0
Toise 0.3.0 — production-readiness & multi-tenancy