Changelog

A running log of updates to Centrali—new features, improvements, and fixes across the platform.

Versioned using semantic versioning (major.minor.patch).

v6.8.0Jun 1, 2026

Embeddable Event Log & faster signup

You can now embed Centrali's Event Log directly into your own product — give each of your customers a live, scoped view of their own webhook events, payloads, and deliveries without building any of it yourself. Signing up is faster too: continue with Google or GitHub and land straight in the console, with no email-verification step blocking your start.

Added

Embed the Event Log into your own app: give your customers a live, scoped view of their webhook events, payloads, and deliveries — authenticated with a token you mint from the SDK, with no UI to build yourself.
Sign up with Google or GitHub — new visitors can create an account straight from the social buttons on the signup page, with no password to set.

Improved

New accounts now land in the console the moment they sign up — email verification is a dismissible reminder you can act on later instead of a gate that blocks you from starting.
Rate limits now apply per credential, so a burst of traffic from one integration no longer eats into the throughput of your others.

Fixed

Aggregation queries (sum, average, min, max, and group-by) now correctly handle field paths written with the `data.` prefix, so grouped and aggregated results no longer come back empty.

v6.7.0May 29, 2026

Event Log & webhook delivery controls

You can now see every webhook event flowing in and out of Centrali in a new Event Log — inspect its full payload, follow the lineage that ties an inbound event to the function run and outbound deliveries it triggered, and replay any event with one click. This release also adds configurable retry policies, a dead-letter queue for failed deliveries, and durable buffering so inbound events are never dropped.

Added

Event Log: see every inbound and outbound webhook event in the console, with full payloads and the lineage that connects an inbound event to the function run and outbound deliveries it set off.
Replay any inbound or outbound event with one click — and jump straight to the function run it triggered.
A dead-letter queue now collects deliveries that exhaust their retries, so failed webhooks land in a console inbox you can inspect and replay instead of vanishing.
Set your own outbound retry policy — control how many times and how aggressively Centrali retries an endpoint that's failing.
Outbound webhook payloads are now versioned, so you can evolve your event shape without breaking existing receivers.

Improved

Inbound webhook events are now durably buffered the moment they arrive — before your function runs — so a restart or a slow handler never drops an event.
Raised the default OAuth token rate limit to 300 requests per minute, and made it configurable, so high-throughput integrations hit far fewer rate-limit errors.

v6.6.0May 21, 2026

Bot protection on signup

Signup at auth.centrali.io is now protected against automated abuse, keeping the sign-up flow clean for real users with no extra steps for you.

Added

Signup is now guarded by bot protection, blocking automated abuse of the sign-up flow.

v6.5.0May 21, 2026

Service-account storage convergence

Internal cleanup that completes the service-account re-platform from 6.4.0. The legacy `oidc_clients` table — overloaded across customer SAs, frontend clients, and OIDC RP clients for years — is now single-purpose: it holds only the interactive OIDC RP clients used by the login flow. No customer-visible changes; your service-account credentials continue to work exactly as they did in 6.4.0.

Improved

Renamed the legacy `oidc_clients` table to `oidc_provider_clients` to match what it now holds (interactive OIDC RP clients, nothing else). A short-lived compatibility view kept old replicas serving traffic during the rolling deploy with no login disruption.

Security

Retired the duplicate service-account rows that had been sitting in the legacy `oidc_clients` table since 6.4.0 hashed them at rest — the canonical store (`service_accounts`) has been the authoritative source for issuance since 6.3.0, and the leftover rows are now gone with their plaintext column.

v6.4.0May 20, 2026

Hashed service-account credentials & self-healing compute

Service-account secrets are now stored hashed at rest (argon2id) — your existing credentials keep working unchanged. Compute jobs also self-heal after a worker-pool restart, so scheduled functions and orchestrations no longer stall waiting for a worker that never comes back.

Fixed

Scheduled functions and orchestrations no longer stall after a compute worker-pool restart — the pool detects missing workers on the next sync and brings them back in, with a clean health gate so quarantined workers don't take traffic before they've proven they're healthy again.

Security

Service-account credentials are now hashed at rest with argon2id — the plaintext copy that previously lingered in the database is gone, and your existing secrets keep working with no action on your side.

v6.2.0May 17, 2026

Security & reliability hardening

A focused security and reliability release. Read and update responses for legacy service-account clients no longer echo the client secret back to the caller, and login and rate limiting now ride out transient Redis interruptions without dropped sessions or 500s. No changes to your integrations.

Improved

Read and update responses for legacy service-account clients no longer echo back the client secret — it is shown once, at creation, exactly as before, so integrations that captured it then need no change.
Login and rate limiting now ride out transient Redis interruptions without dropped sessions or 500s.
The Collections API tab's “Try It” button now mints the correct token in service-account mode, instead of returning a 403 against the data service.

v6.1.0May 14, 2026

Standard Webhooks & Canonical Queries Across IAM

Outbound webhooks now follow the Standard Webhooks specification — verifiable with any `standardwebhooks` or `svix` library — and rotating a signing secret keeps the previous one valid for 24 hours so receivers can roll over without missed deliveries. Inbound http-triggers ship ready-made signature presets for Stripe, Slack, GitHub, Shopify, and Svix, and the canonical `POST /…/query` surface now covers every IAM resource — users, roles, groups, permissions, policies, oauth-clients, and more — so an operator that works on records works in IAM too.

Added

Outbound webhooks now sign deliveries with the Standard Webhooks scheme — `webhook-id`, `webhook-timestamp`, and `webhook-signature: v1,<base64>` headers (with branded `Centrali-*` aliases) over `${id}.${timestamp}.${body}` give you replay protection and verify cleanly against any `standardwebhooks` or `svix` library.
Rotate a webhook signing secret without dropping deliveries — the previous secret stays valid for 24 hours and the dispatcher emits both signatures during the window, so receivers can cut over on their own schedule.
`POST /webhook-subscriptions/:id/test` fires a synthetic delivery through the production pipeline, and `GET /webhook-subscriptions/:id/health` returns 1h and 24h success rates, circuit-breaker state, and the last failure context — so you can confirm a receiver from the console without waiting for a real event.
Inbound webhook provider presets on http-triggers — pick Stripe, Slack, GitHub, Shopify, or Svix from the console and the signature verification is wired up for you, no hand-crafted header and secret config.
Inbound Svix and Stripe signature verification on http-triggers — the same `validateSignature` logic that runs on endpoint triggers now runs on http-triggers, and the MCP surfaces the capability so AI agents can configure inbound verification end to end.
Canonical `POST /…/query` everywhere in IAM — `users`, `user-attributes`, `user-roles`, `user-groups`, `roles`, `groups`, `permissions`, `policies`, `resources`, `oauth-clients`, and `service-account-roles` all accept the same operators, `include`, sort, pagination, and `{ data, meta }` envelope you already use on records.
Opt-in `count(*)` and a `statement_timeout` guardrail on `POST /records/query` — heavy queries can no longer hold the connection pool indefinitely, and counts are now opt-in to keep the default path fast.
Hardened self-serve signup — verify-only email confirms the address before account creation, post-verify auto-login drops you into the right workspace, the `/signup` page now carries a marketing column previewing what you're getting, and a failed workspace init rolls back transactionally so there are no orphan accounts or workspaces.

Improved

MCP surfaces inbound signature verification as the recommended path when configuring an http-trigger, so AI agents land on the secure setup by default.
Better error attribution on `POST /records/query` — service errors now classify instead of bucketing as "Query Timeout", workspace context is threaded through RPC error logs, and failed-record events emit the offending `recordSlug` so you can trace problems back to a row.
Scheduled-trigger attach on record create is idempotent and runs after commit, so concurrent create-then-update no longer leaves orphan scheduled jobs behind.
Workspace creation accepts `passwordConfirm` on `POST /workspaces` — the request schema now matches the controller.

Removed

The bare `X-Signature` outbound webhook header is gone, replaced by the Standard Webhooks set above. **Breaking change for receivers** — if you sign-verify outbound webhooks today, follow the Standard Webhooks migration note in the platform docs before upgrading.
In-product support tickets — the feature never reached GA and has been removed in favour of external support channels.

v6.0.0May 7, 2026

Multi-Join Queries, Typed Variables & One Query Surface Everywhere

Records queries now join across collections — `INNER`, `LEFT`, `RIGHT`, and `FULL OUTER` — with a visual multi-join builder in the console and the same canonical shape in the SDK and MCP. Saved queries get typed `${variables}` end-to-end, compute functions can call them with `api.executeSavedQuery`, and the same `POST /…/query` surface (operators, `include`, `text`, envelope) now covers function-runs, orchestration-runs, audit-log, and files — so an operator that works in one place works everywhere.

Added

Multi-join records queries — add a `joins[]` array to `POST /records/query` to combine collections with `INNER`, `LEFT`, `RIGHT`, or `FULL OUTER` joins, with author-bound auth so joined rows respect the same read rules as the base collection.
Visual multi-join builder in the console — assemble joins, pick the join type, and preview the canonical query body without writing JSON by hand.
Typed `${variables}` on saved queries — declare each parameter's type and default, bind values at run time, and get `${var}` autocomplete in the console editor; the MCP saved-query tools surface the same parameter contract to AI agents.
`api.executeSavedQuery(slug, params)` in compute — run any saved query from inside a function with the typed-parameter contract enforced, so business logic and dashboards stay on the same query.
Canonical query surface for function-runs, orchestration-runs, audit-log, and files — the same operators, `include`, `text`, sort, pagination, and `{ data, meta }` envelope you already use on records, on `POST /function-runs/query`, `POST /orchestration-runs/query`, `POST /audit-log/query`, and `POST /files/query`.
Per-relation `where` and `select` on `include` — filter and project nested relations independently of the parent, with configurable recursive depth for deeply nested expansions in a single round trip.
Client-side query validation in the SDK — `@centrali/query` is now bundled with the SDK, so operator mistakes and unknown fields are caught before the request leaves your code.
Saved Queries and Collections are first-class IAM resources — write policies that grant or restrict access to `saved-queries` and `collections` directly instead of relying on broader scopes.
Search executor dashboard — counters and stage-level timings on full-text search are now surfaced for visibility into latency and result volume.

Improved

MCP saved-query tools list available joins in their tool descriptions, so agents know which collections can be combined before they author a query.
SDK ships as a modular `src/` layout — treeshake-friendly imports keep client bundles smaller when you only use part of the surface.
`client.runs` is now `client.functionRuns` for consistency with the new function-runs query surface; the old name keeps working with a deprecation warning.
Saved queries written in the legacy `{{var}}` interpolation style continue to run, and a one-shot backfill rewrites them to the typed `${name}` form on the next save.
Saved-query export and import now round-trip every column cleanly — no more losing fields between workspaces.
Scheduled-trigger update and cancel run inside the same transaction as the parent change, so partial failures roll back together instead of leaving a trigger stranded.

Deprecated

`{{var}}` saved-query interpolation is deprecated in favour of typed `${name}` parameters — both still execute, but new authoring should use the typed form.
Legacy GET list routes for saved queries, function-runs, orchestration-runs, audit-log, and files now emit `Deprecation: true` headers — migrate to `POST /…/query` to pick up operators, `include`, and the canonical envelope.

Removed

`api.searchRecords` is removed — use the `text` clause on `POST /records/query` (or `centrali.records.search`) for full-text search alongside structured filters.

v5.5.0Apr 29, 2026

Canonical Query API & Saved Queries

A brand-new query surface for records — `POST /records/query` with first-class operators (`eq`, `in`, `contains`, `gte`, …), `and` / `or` / `not` composition, full-text search, and a dry-run `/query/test` endpoint that catches mistakes before you save. Smart Queries graduate into Saved Queries with typed variables, and the Visual Query Builder, SDK, and MCP all speak the same vocabulary so an operator that works in one place works everywhere.

Added

New canonical query API on `POST /records/query` — filter with documented operators (`eq`, `ne`, `in`, `nin`, `contains`, `starts_with`, `gte`, `lte`, `between`, `is_null`, …) and compose with `and` / `or` / `not` instead of stringing together URL params.
Built-in `text` clause for full-text search inside the same query — combine a search term with structured filters, sort, and pagination in one request.
`include` clause to pull related records alongside the parent in a single round trip.
Dry-run endpoint `POST /records/query/test` — validates a query and reports unreadable-field references and other errors before you save it, so the visual builder and saved-query authoring catch mistakes up front instead of returning empty results.
Saved Queries replace Smart Queries — `centrali.savedQueries.*` in the SDK and the new `/saved-queries` API accept the canonical shape, so the queries you save and the queries you run share the same vocabulary.
Typed `variables` on saved queries — declare parameters with a type and default, then bind them at run time with `${name}` instead of hand-substituting strings.
SDK gets `centrali.records.query`, `centrali.records.search`, and `centrali.records.test`, plus the full `centrali.savedQueries` surface — all returning a canonical `{ data, meta }` envelope.
Visual Query Builder and Records filter UI now source their operator list from a single shared catalog — operator dropdowns are narrowed by field type, and the `$like` silent-failure regression cannot recur.
MCP `query_records` and the saved-query tools accept canonical query shapes, and `describe_records` documents the new operators and envelope so AI agents author queries the same way the SDK does.

Improved

Existing saved queries written in the legacy `$`-prefix style (`$eq`, `$and`, `{{var}}`) open and edit cleanly — the console normalizes them to canonical on load, and the next save rewrites the stored body.
The Queries list surfaces a banner on any saved query that uses operators the canonical engine cannot represent, so you know exactly what to fix before the deprecation window closes.
`centrali.queryRecords(slug, options)` keeps working with the legacy URL-param shape during the deprecation window, with a one-shot console warning pointing at the canonical form.

Deprecated

Smart Queries are now Saved Queries — `centrali.smartQueries.*` still works but emits a deprecation warning on first use; migrate to `centrali.savedQueries.*`.
Legacy `/structures` and `/smart-queries` routes now return RFC 8594 `Sunset` headers (2026-09-10 and 2026-10-28 respectively) alongside `Deprecation: true`, so HTTP clients can surface the cutover date directly.

v5.3.0Apr 25, 2026

Trigger Diagnostics, Webhook SDK & OAuth Hardening

A new Diagnostics tab on every trigger surfaces request-level rejections — bad signatures, missing bodies, unknown paths — before they ever become a run, so caller-side issues are obvious at a glance instead of buried in logs. The SDK and MCP gain first-class webhook-subscription wrappers, and OAuth gets a deep security pass.

Added

Diagnostics tab on every trigger — see request-level rejections (bad signatures, missing bodies, unknown paths) before they become a run, with a healthy/degraded/broken status banner, rejections grouped by reason, a daily accepted-vs-rejected request chart, and a recent-runs sidebar that jumps you straight into run logs.
First-class webhook subscriptions in the SDK — `centrali.webhookSubscriptions` exposes list/get/create/update/delete/rotateSecret plus nested deliveries.list/get/retry/cancel, so you can manage outbound webhooks without hand-rolling fetch calls.
Ten new MCP tools for webhook subscriptions, plus a `describe_webhooks` tool covering event types, payload shape, signature verification, and the retry/replay/cancel lifecycle.

Improved

MCP `describe_compute` now correctly documents trigger-level encrypted params — store secrets directly on any trigger's `params` with `{ value, encrypt: true }` instead of wrapping a function in an orchestration just to hold a secret.

Security

OAuth client secrets are now hashed with argon2id at the OWASP 2024 baseline; legacy hashes are transparently upgraded on the next successful authentication.
Per-client-id rate limiting on /oauth/token and /oauth/revoke catches credential brute-force regardless of source IP.
Strict `kid` validation on external JWT providers — missing or unmatched key IDs are rejected, and JWKS endpoints are validated when you create or update a provider so misconfigurations surface immediately instead of at runtime.
Atomic single-use enforcement on authorization codes and refresh tokens closes a race window where concurrent callers could both succeed; a replayed refresh token now revokes the entire token family.
Every failed /oauth/token exchange now writes an audit event with source IP and user agent, so security teams can spot brute-force attempts directly from the audit log.

v5.2.0Apr 21, 2026

Webhook Reliability & Console Polish

A major webhook overhaul lands in this release: editable subscriptions, rotatable signing secrets, automatic retries with exponential backoff, and a filterable delivery history with one-click replay. Console ergonomics also improve across function logs, the Smart Query editor, and the function test panel.

Added

Edit webhook subscriptions after creation — update the URL, events, and metadata without having to delete and re-create the subscription.
Rotate webhook signing secrets with a grace period so receivers can cut over to the new secret without downtime.
Automatic retry for failed webhook deliveries with exponential backoff — transient receiver failures recover without manual intervention.
Filterable webhook delivery history with a detailed view of each attempt, response code, and retry state.
Replay any webhook delivery from the console's delivery-log detail dialog, or programmatically via the new replay endpoint.
Cancel a pending webhook retry before it fires to stop a runaway delivery loop.
'My Logs / All Logs' toggle on the function run detail view — switch between your own runs and every run in the workspace.
Resizable test panel on the function code editor — give tests more room when you need it.
Resizable and collapsible Smart Query editor — expand to the full width for long queries or collapse it out of the way.

Improved

Sign-in now carries a workspace hint on redirect so you land in the right workspace after authenticating.

Fixed

Workspace switcher now re-issues your OIDC token on switch, so you're never left with stale workspace context.
Email CTA buttons render correctly in Gmail now that styles are inlined instead of stripped.

v5.1.2Apr 17, 2026

Console UX Polish & Wildcard Domains

Allowed domains now accept wildcard patterns like *.example.com, the function and record JSON editors get an expand-to-dialog view for comfortable editing, and error pages finally offer a way back to the dashboard.

Added

Wildcard domain support in allowed domains — add patterns like *.example.com to whitelist every subdomain of a parent domain without listing each one.
Expand-to-dialog toggle on the function code editor — give your code the full screen when you need it, without leaving the form.
Expand-to-dialog toggle on the record JSON editor — view and edit large record payloads in a wide dialog overlay instead of a cramped inline field.

Fixed

Error pages now include a 'Return to dashboard' link so you can recover without refreshing or navigating manually.
Wildcard domain matching now requires an exact dot-separated boundary — *.example.com will no longer accidentally match badexample.com.
*.example.com now matches subdomains only (e.g. api.example.com), not the apex domain itself — add the apex as a separate entry when needed.

v5.1.1Apr 16, 2026

Schema Discovery Promotion & Stuck Batch Fix

Schema discovery is now easier to find and more reliable. A 'Discover Fields' button and nudge banner appear on the Records tab for schemaless collections, and LLM inference runs when you ask for it instead of firing automatically on every record.

Added

'Discover Fields' button and nudge banner on the Records tab for schemaless collections — one click jumps you to the AI > Schema Discovery tab to scan your records.
Manual control over LLM-powered schema inference in schemaless mode — trigger scans and inference explicitly from the UI instead of having them fire automatically on every record write.

Fixed

Stuck 'Inference in progress…' indicator now clears after 5 minutes — stale batches no longer block future schema discovery runs.

v5.1.0Apr 16, 2026

Unified Login, Social OAuth & Console Filter Builder

A single login page now handles both OIDC and OAuth flows — users who signed up via Google or GitHub can authenticate through OAuth without needing a password. The console gains an Airtable-style record filter builder, and OAuth coverage expands to all IAM resources.

Added

Unified login page with social authentication for OAuth — users who signed up via Google or GitHub can now authenticate through the OAuth consent flow without needing a password. Both OIDC and OAuth flows use a single login page.
Record filter builder in the console — Airtable-style UI for constructing dynamic filters on the Records tab. Select fields from the collection schema, choose operators (equals, contains, greater than, less than, etc.), and combine conditions with compound AND filters. Supports range queries like 'amount > 10 AND amount < 20'.
OAuth consent screen redesigned with a 3-column scope layout and admin scopes broken into sub-categories for clearer permission review.
GET /users/me endpoint — returns the authenticated user's profile, roles, and groups in a single call without requiring admin scope, enabling OAuth-authenticated tools to resolve the current user's identity.

Fixed

OAuth error screens now show useful recovery actions — 'Try Again' and 'Return to Centrali Console' replace the previous empty recovery options that left users stuck.
MCP get_current_identity tool now works with OAuth user tokens — previously only supported service account auth. Detects auth type and fetches user identity (email, name, roles, groups, scopes) via the new /users/me endpoint.
Added OAuth scope definitions for 18+ IAM resources — triggers, webhooks, drafts, scheduled jobs, analytics, audit logs, notifications, realtime, and all workspace admin resources. Previously only 10 of 28 resources had scope mappings, causing silent 403 errors.
CPU usage was stored in raw microseconds instead of seconds, inflating reported usage by 1,000,000x. Corrected the conversion and migrated existing data.
AI service now recovers when Redis becomes available after startup — configured persistent retry strategy instead of failing permanently on initial connection loss.
HTTP trigger metadata fields (signature header name, extraction pattern, etc.) are now trimmed of whitespace on save, and secretEncoding defaults explicitly to 'raw'.
Range filters in record queries (e.g., 'amount > 10 AND amount < 20') no longer silently drop the second condition — filter normalization and the query builder now correctly handle multiple operators on the same field.
Forgot-password page submit button now stretches full-width instead of shrinking and left-aligning.

v5.0.3Apr 15, 2026

Schema Discovery Field Casing Fix

Schema discovery now preserves the original casing of field names instead of normalizing them.

Fixed

Schema discovery preserves original field name casing — previously normalized casing could cause mismatches with source data.

v5.0.2Apr 15, 2026

Scheduler Crash Fix

Prevents the scheduler service from crashing when a scheduled job has an empty scheduledAt value.

Fixed

Scheduler no longer crashes when encountering jobs with empty or missing scheduledAt values.

v5.0.1Apr 15, 2026

Webhook Secrets & Schema Discovery Reliability

Webhook trigger secrets are no longer stripped on update, and schema discovery has been migrated to JetStream for reliable message delivery.

Fixed

Updating a webhook trigger no longer strips previously configured secret and signature fields.
Schema discovery migrated from core NATS to JetStream for reliable, at-least-once message delivery — prevents scans from silently dropping under load.

v5.0.0Apr 14, 2026

Hosted MCP Server & Webhook Signatures

Connect AI assistants like Claude to your Centrali workspace with a single URL — no local setup required. Plus, webhook triggers now support Stripe and other providers that use compound signature headers.

Added

Hosted MCP server — connect Claude Desktop, Cursor, or any MCP-compatible AI assistant to your workspace using a cloud URL with OAuth authentication, no local installation needed.
MCP integration page in the console — view your workspace's MCP endpoint URL, copy connection config, and see supported authentication modes at a glance.
Webhook signature validation now supports compound signature headers (e.g., Stripe's t=timestamp,v1=signature format) with configurable extraction patterns.
Advanced signature settings in the trigger console — configure HMAC algorithm, digest encoding, secret encoding mode, timestamp extraction, and signature patterns directly from the UI.

Improved

Trigger parameters editor redesigned as a compact inline table — faster to scan and edit, with a type dropdown to switch between plain and secret values per row.
Trigger paths containing slashes are automatically normalized to hyphens, preventing routing errors.

Fixed

Audit log expanded row details now appear inline below the clicked row instead of at the bottom of the page.
Editing an existing webhook trigger no longer strips advanced signature fields that were configured via API.

v4.6.0Apr 10, 2026

OAuth 2.0 for Apps & Integrations

Build third-party integrations and CLI tools that authenticate with Centrali using industry-standard OAuth 2.0. Two grant types are supported: Client Credentials for machine-to-machine access and Authorization Code with PKCE for browser-based login flows.

Added

OAuth 2.0 Client Credentials grant — create OAuth apps in the console and use standard client ID/secret authentication for machine-to-machine integrations.
OAuth 2.0 Authorization Code grant with PKCE — enable browser-based login for third-party apps, CLI tools, and MCP with a branded consent screen.
OAuth scope model — 30 granular scopes (e.g., records:read, files:write, compute:execute) let you control exactly what each integration can access.
Consent memory — users approve an OAuth app once and skip the consent screen on subsequent logins.
Refresh token support with automatic rotation for long-lived sessions.
OAuth app management in the console — create apps, choose public or confidential client types, manage redirect URIs, rotate secrets, and view credentials with usage examples.
MCP server now supports three authentication modes: browser OAuth, client credentials, and service account.

Fixed

Workspaces scheduled for deletion are now properly cleaned up after the 30-day grace period.

v4.5.2Apr 5, 2026

Record Archives, Media Metadata & Migrations Fix

Soft-deleted records are now visible and restorable from the console — a new Active/Archives toggle on the Records tab lets workspace admins view, restore, and bulk-restore deleted records without API calls. Plus, media files now have duration, codec, and resolution extracted automatically on upload.

Added

Console archives view — view, restore, and bulk-restore soft-deleted records directly from the Records tab. An Active/Archives toggle lets you switch between live and deleted records without leaving the page.
Automatic media metadata extraction on upload — duration, codec, resolution (width/height), and bitrate are extracted using FFprobe and stored on the file record.
Media metadata HTTP headers on render URL responses — X-Media-Duration, X-Media-Width, X-Media-Height, X-Media-Codec, and X-Media-Bitrate are set on every render response for media files. Use a HEAD request to read metadata without downloading the file.
Media metadata fields in the file metadata API — duration, width, height, codec, and bitrate are returned in GET /files/meta/:id responses.
Duration, codec, and resolution display in the console storage panel for audio and video file previews.

Fixed

Collection history migrations tab crashing when viewing migration history.
Audio players using the render URL with WebM/Opus files could not determine duration (browser returned Infinity or NaN) because WebM stores duration metadata at the end of the container. Duration is now available via the X-Media-Duration header and file metadata API.

v4.5.1Apr 2, 2026

Audio & Video Storage, Trigger Parameters & Streaming Downloads

Upload and play audio and video files up to 500 MB with full seeking support. The storage service now streams downloads and supports HTTP range requests, so media plays progressively in the browser. Plus, the console now lets you configure trigger parameters — both plain text and encrypted secrets.

Added

Audio and video file support — upload files up to 500 MB (raised from 100 MB). Use standard HTML5 audio and video elements with render URLs for playback.
HTTP range request support on file downloads — enables seeking and progressive playback in audio/video players without downloading the entire file.
Streaming file downloads — files are streamed directly from storage instead of being buffered in memory, improving performance for large files.
Audio and video preview in the console storage panel — click a media file to play it inline with native browser controls.
Trigger parameters editor in the console — add plain text and encrypted (secret) key-value parameters when creating or editing function triggers.
Encrypted trigger parameters are masked in the console UI and securely decrypted at runtime, letting you store API keys and secrets directly on triggers.

Fixed

MCP setup instructions referenced an invalid URL (dev.centrali.io) — corrected to centrali.io.
SDK documentation showed incorrect filter syntax for query operations.
Query and filter documentation inconsistencies across SDK, user docs, and MCP tools.

v4.5.0Mar 30, 2026

Complete Audit Logging, Reference Expansion Fix & k6 Test Suite

Audit logging now covers all record operations — bulk, batch, restore, migrate, revert, and TTL expiration are fully tracked. The SDK's expand parameter for reference expansion is fixed, and a new k6 test suite provides smoke, load, and stress testing across all 12 services.

Added

Audit logging for bulk record operations (insert, update, delete, restore) — each emits an aggregate audit event visible in the Audit Log page.
Audit logging for batch record operations (create, update, delete) — each record emits its own audit event.
Audit logging for single record restore, version revert, schema migration updates, and TTL expiration.
New audit event types: restored, reverted, and expired.
k6 test suite with smoke tests for all 12 services, load tests for data CRUD, IAM auth throughput, and storage file operations, and stress tests up to 100 concurrent users.
Reserved query parameters documentation in the SDK README.

Fixed

SDK expand parameter for reference expansion was silently treated as a record data filter, causing queries with expand to return incorrect or empty results.
QueryBuilder now correctly excludes expand from filter processing.

v4.4.9Mar 30, 2026

Function Recipes, App Insights Reporting & Audit Log

New compute function recipes for common patterns (proxy APIs, send email, scheduled cleanup), a full application insights reporting dashboard with anomaly trends and trigger health, and a dedicated audit log page with search, filters, and CSV export.

Added

Application insights reporting — anomaly insights UI with trend charts and a trigger health dashboard showing execution success rates, latency, and error patterns.
Audit log page — searchable, filterable audit trail in the console with date range picker, action type filters, and CSV export for compliance.
Function usage visibility — "Used by" tab on functions showing which triggers and orchestrations reference each function, with warnings on delete if references exist.
Compute function recipes — ready-to-use patterns for proxy APIs, sending email (with three template approaches), and scheduled data cleanup.
AI Agent Quick Start page in documentation.

Improved

MCP developer experience — bulk/batch record tools, explore_collections for quick schema discovery, and scaffold_function for generating compute function boilerplate.
Service account permission documentation with step-by-step setup guide.

Fixed

Trigger links in the "Used by" tab now navigate to the correct route.
Audit service API paths now include the correct /api/v1 prefix.

v4.4.8Mar 28, 2026

Migration-Aware Collection Updates & MCP Proxy Fix

Updating a collection's schema through MCP now uses the safe upgrade workflow — analyze impact, preview migration, then apply — instead of a raw overwrite. Plus fixes for MCP connectivity in proxy environments and page generation timeouts.

Added

MCP migration-aware collection updates — new analyze_collection_update, preview_collection_migration, and get_collection_upgrade_progress tools for safe schema changes.
MCP update_collection now uses the upgrade endpoint with full migration support (analyze → preview → upgrade) instead of a raw PUT.

Fixed

MCP tools returning 404 in environments with system proxies — added proxy bypass to all custom HTTP clients.
Auth provider creation failing when called by service accounts — createdBy field now accepts service account IDs.
Page generation failing with 503 timeout — fixed internal service routing mismatch.

v4.4.7Mar 27, 2026

Sync Compute Endpoints, IAM Routing Fix & Audit Fixes

Compute functions can now be exposed as synchronous HTTP API endpoints that return responses inline — no polling needed. Plus critical fixes for MCP connectivity to IAM services, cleaner search results, and better error messages.

Added

Synchronous compute endpoints — create triggers with executionType 'endpoint' to turn functions into custom HTTP APIs. Centrali waits for the function to complete (up to 30s) and returns the output directly in the response.
SDK client.triggers.invokeEndpoint(path, options) — call sync endpoints from app code with full HTTP method, payload, headers, and query param support.
MCP invoke_endpoint tool — call sync compute endpoints by path, returns status + body inline.
Cross-tool naming guide in describe_centrali — explicit mapping between recordSlug, structureSlug, collections, and structureIds so agents know which parameter to use where.

Improved

Search results no longer include internal indexing fields (searchText, workspaceSlug) — only useful record data is returned.
Page generation errors now include the actual failure reason instead of a generic 500, with specific guidance for missing structures (404) and service timeouts (503).
Consistent plan-gating errors — both validation scans and anomaly analysis now return PLAN_REQUIRED (previously anomaly analysis returned FORBIDDEN for the same condition).
Pages lifecycle documentation now explains that publishing keeps a working draft for future edits, and notes eventual consistency for write-then-read operations.

Fixed

MCP IAM routing — auth provider, service account, role, group, and publishable key tools now correctly route to the IAM service instead of returning 404.
External auth provider permissions now use the standard 'retrieve' action instead of the non-standard 'read'.
Anomaly insights severity values corrected from critical/high/medium/low to the actual values: info/warning/critical.

v4.4.6Mar 26, 2026

MCP Service Accounts, Permissions & Publishable Keys

AI assistants can now fully manage service accounts, grant least-privilege permissions, and create publishable keys — everything needed to set up app credentials from an MCP conversation.

Added

SDK client.runs.getJobStatus(jobId) — poll async compute job status directly from app code, matching the MCP's get_compute_job_status flow.
MCP service account tools — create, list, update, delete, rotate secrets, revoke, and generate dev tokens for machine identities.
MCP permission remediation — scan what a service account can access, simulate authorization checks, then generate and apply least-privilege fixes automatically.
MCP role and group management — full CRUD for roles and groups with service account assignment, so AI assistants can build complete access control setups.
MCP publishable key tools — create scoped frontend API keys (pk_live_) with per-collection and per-action access control.
MCP describe_service_accounts — comprehensive introspection tool covering the full setup flow, permission model, remediation workflow, and publishable key scopes.

Improved

describe_centrali now includes an app credential setup guide: backend apps use service accounts with remediation for least-privilege access, frontend apps use scoped publishable keys.

v4.4.5Mar 25, 2026

SDK Documentation & Compute Contract

Clearer SDK documentation for AI agents and developers — the compute input contract is now fully documented, auth guidance is explicit by context, and all code examples use the canonical function signature.

Improved

SDK compute input contract — documented exactly what triggerParams and executionParams contain for each trigger type: HTTP, endpoint, scheduled, pages action, and orchestration step.
Auth-by-context guide — new table in the SDK README showing the recommended authentication method for browser apps, server apps, MCP agents, and external auth providers.
Secrets guidance — documented orchestration encrypted params as the recommended way to pass API keys and credentials to compute functions.
Function runs documentation — documented the async execution model (trigger returns job ID, poll client.runs for results) and the client.runs namespace.
All SDK code examples now use the canonical async function run() signature instead of the legacy module.exports pattern.

v4.4.4Mar 25, 2026

SDK Function Runs & Cascade Delete

Query function execution history directly from the SDK — check whether jobs completed, inspect outputs, and filter runs by trigger or function. Plus, deleting a function now automatically cleans up its associated triggers with a clear warning in the console.

Added

SDK client.runs namespace — query function execution history with three methods: get a run by ID, list runs by trigger, or list runs by function. Supports pagination and status filtering.
Cascade delete for triggers — deleting a compute function now automatically removes all associated triggers (on-demand, event-driven, scheduled, and HTTP) within a single transaction. Scheduled jobs are cancelled and run history is cleaned up.

Improved

Function delete confirmation dialog now shows which triggers will be removed before you confirm, including each trigger's name and type.

v4.4.3Mar 25, 2026

Dev Tokens & Deploy Guides

Generate short-lived bearer tokens for service accounts directly from the console — skip the OAuth flow for local development and testing. Plus, deploy guides and an env setup command in create-centrali-app.

Added

Console-generated dev tokens — generate short-lived bearer tokens (1h, 8h, 24h, or 7d) for any service account from the Keys tab. Skip the OAuth client_credentials flow when testing locally.
create-centrali-app env command — auto-detects your template type, prompts for missing values, and outputs environment variables in dotenv, Vercel CLI, or Netlify CLI format.
Deploy guides (DEPLOY.md) in both CLI templates with step-by-step Vercel and Netlify deployment instructions.

Improved

Expired dev tokens now return actionable error messages with the expiry timestamp and a hint to regenerate in the console, instead of a generic 401.

Fixed

Publishable key scope checks now correctly match the collection slug for per-resource permissions.

v4.4.2Mar 25, 2026

Scoped Publishable Keys for Frontend Access

New credential type for frontend apps — publishable keys with per-resource scopes. Safe to embed in browser code. Create keys in the console, select which collections and actions to expose, and use them with the SDK or create-centrali-app.

Added

Scoped publishable keys — workspace-scoped keys (pk_live_) for frontend API access. Each key carries explicit scopes (e.g., records:list:posts, triggers:execute:send-email) that define exactly what it can do.
Publishable Keys management in the console under ACCESS — create keys with a scope selection matrix, copy the full key on creation (shown once), edit scopes, revoke keys.
SDK publishableKey option — pass a publishable key to createClient() for frontend apps. No client secret needed.
Per-key rate limiting — 200 requests/min for reads, 30 requests/min for writes.

v4.4.1Mar 25, 2026

create-centrali-app, Import Fixes & UI Polish

New CLI tool to scaffold Centrali-powered apps in seconds — npx @centrali-io/create-centrali-app. Choose React + Vite or Next.js with the SDK pre-configured, plus bug fixes for JSON import and dialog sizing.

Added

create-centrali-app — scaffold a new Centrali-powered app with one command. Choose React + Vite or Next.js, TypeScript by default, SDK pre-configured with service account auth. Run: npx @centrali-io/create-centrali-app my-app

Fixed

JSON records import now uses the correct bulk import endpoint — exported records with metadata fields (id, createdAt, etc.) are properly stripped on import, enabling cross-workspace data migration.
Function and trigger run detail dialog now displays at its intended width instead of being constrained to the default narrow size.
MCP create_collection tool now uses valid schemaDiscoveryMode values (strict, schemaless, auto-evolving) — previously sent an invalid value that caused collection creation to fail.

v4.4.0Mar 24, 2026

Orchestration Loops & Function Endpoints

Automation workflows can now repeat steps with for-each and while loops — iterate over lists, poll until conditions are met, and process batches with per-iteration failure handling. Plus, turn any compute function into a synchronous API endpoint that returns computed results inline.

Added

Orchestration Loops — a new loop step type with two modes: for-each (iterate over a list from a previous step's output) and while (repeat until a condition is met). Configure max iterations, choose failure behavior per iteration (fail the run, skip and continue, or end the loop gracefully), and access loop variables (loop.item, loop.index) inside body steps.
Loop iteration drill-down in the run viewer — expand a loop step to see every iteration's body steps with individual status, output, and error details. Zero-iteration loops show a warning explaining why nothing executed.
Trigger run with custom input — automation runs can now be triggered with a JSON payload from the console. Loop-aware guidance shows which fields your workflow expects.
Run detail download — export the full run (metadata, input, outputs, step records) as a JSON file for debugging or auditing.
Copyable JSON blocks in run details — expand long outputs to full height and copy with one click.
Function Endpoints — a new trigger type that executes a function synchronously and returns its output as the HTTP response. Create an endpoint, configure its path, and call it like any REST API.
Multi-mode endpoint authentication — choose from Bearer token (JWT), API Key (auto-generated), HMAC signature validation, or Public access.
Per-endpoint timeout control — configure execution timeouts between 1 and 30 seconds.

Fixed

Function run status now displays correctly in the console — runs with 'failure' status were incorrectly shown as 'Pending'.
Failed run filter tab now correctly queries the database for failed runs.

v4.3.0Mar 21, 2026

AI Page Assembly, Data-Bound HTML, Modals, and Orchestration Hardening

Describe the page you need and let AI build it for you — or improve an existing page from the editor. This release also adds data-bound HTML blocks with live template rendering, a declarative modal system, image and video blocks, and significant orchestration improvements including encrypted parameters, per-run rate limiting, and reliable step completion.

Added

AI-powered page assembly — describe what you need in plain language and get an intelligent, goal-aware page layout generated automatically. Two flows: create new pages from the page list, or improve an existing page from the editor's AI tab. Every generation is logged with the full prompt, raw AI response, and accept rate for observability.
Data-bound HTML blocks — write HTML templates with {{fieldName}} placeholders that render live collection data. Build custom cards, banners, and layouts that go beyond standard block types.
Declarative modal system for Pages — add modals to hosted pages that display forms, confirmations, and detail views, triggered by button clicks or actions without writing frontend code.
Image and video page blocks — embed images and videos directly into hosted pages with responsive sizing, captions, and external media URL support.
Smart query variable binding — bind URL query parameters and page-level variables to block filters and data sources, enabling dynamic pages that respond to navigation context.
Form hidden fields and default values — configure hidden fields and default values (including system-derived values like auth.email and system.uuid) in form field-group blocks.
Orchestration encrypted parameters — add step-level encrypted params to compute steps in orchestration workflows. HTTP triggers now decrypt encrypted parameters before passing them to compute.
Navigate-to-page parameter mapping — pass dynamic values between pages via paramMapping in navigate-to-page actions.
Auth provider editing — edit auth provider details directly from the console detail page.

Improved

Per-orchestration rate limiting — event-driven triggers are now rate-limited per orchestration, preventing runaway executions from high-frequency events.
Timeout is now a distinct run status — timed-out executions display as 'timeout' instead of being grouped with failures, making it easier to diagnose issues.
Orchestration waiting filter — filter automation runs by 'waiting' status to find paused workflows.
Dashboard auto-refresh — dashboards can now auto-refresh on a configurable interval.
Data table pagination — page size selector added to data tables and related list blocks.
Orchestration step completion now uses JetStream publish for reliable delivery.

Fixed

Dynamic select dropdowns now correctly handle auth checks, flatten nested records, support list mode, and populate field pickers.
Metric card aggregate filters now correctly merge static and runtime filters instead of picking one.
Select dropdown fields now render properly in page forms.
Data field mapping and dashboard table rendering fixes for pages.
Date formatting and boolean display in table cells.
MCP token refresh on 401/403 responses.
MCP event trigger names corrected (event to eventType, dot to underscore notation).

v4.2.0Mar 16, 2026

CSV Import, Dashboard Blocks, and User Management

Import data from CSV files with preview and column mapping, build rich dashboards with metric cards, charts, kanban boards, calendars, and more — plus user profile editing and role member management in the console.

Added

CSV import — upload CSV files to create new collections or populate existing ones. Includes a file preview, automatic column detection, drag-and-drop column mapping, type inference, and validation before import.
Dashboard blocks for Pages — build interactive dashboards with metric cards, charts (bar, line, area, pie), data tables, stat groups, filter bars, activity feeds, progress indicators, kanban boards, and calendar views. All blocks are configurable from the page editor and powered by server-side aggregation.
Static HTML and Markdown blocks for Pages — add rich text content, documentation, or custom HTML directly into your published pages with built-in sanitization.
User profile editing — admins can now edit user details (name, email, username) directly from the console. Users can also edit their own profile.
Role members tab — view which users are assigned to each role, add members with a searchable dialog, and remove members with confirmation.
Batch and bulk event triggers — triggers now fire correctly for bulk record operations with symmetric API paths for batch endpoints.

Improved

Trigger loop prevention — recursive trigger chains are now detected and blocked automatically, preventing runaway executions.
Users list now displays full name with username beneath it for easier identification.

Fixed

User updates no longer fail silently for users who belong to multiple workspaces.

v4.1.1Mar 15, 2026

AI Compute Assistant Improvements

Improved reliability of the AI-assisted compute function editor in the new console.

Fixed

AI compute function generate and edit now work correctly in the new console.
Improved error messages when AI features encounter issues.

v4.1.0Mar 14, 2026

Pages (Beta), Inline Record Editing, and Security Hardening

Centrali Pages lets you build and publish hosted web pages — list views, detail pages, forms, and dashboards — directly from your collections, with no frontend code required. This release also adds inline record editing in the console, a restored AI schema discovery tab, and significant security hardening across all services.

Added

Pages (Beta) — build and publish hosted web pages backed by your collections. Create list pages with filterable data tables, detail pages for individual records, form pages for data entry, and dashboard pages with metric cards and charts. Pages include a visual editor, custom theming, version history, and one-click publishing.
Page actions — configure navigation between pages, trigger compute functions, and invoke HTTP triggers directly from page buttons and row clicks. Actions support parameter passing, confirmation dialogs, and post-action feedback via toast notifications.
Page theming — customize primary color, accent color, background, font family, and logo per page. Live preview shows changes before publishing.
Page version history — every save creates a versioned snapshot. View, compare, and roll back to any previous version.
Inline record editing — edit records directly in the console without navigating away from the collection view.
AI schema discovery tab restored — the schema discovery tab in the AI view is back with scan results, field suggestions, and validation recommendations.

Improved

Standardized backend Docker builds across all workspace services for faster, more consistent CI.
Schema tab no longer shows stale fields — refreshes automatically after scans complete.

Fixed

Security hardening — remediated vulnerabilities across SQL query builders, WebSocket defaults, and file upload handling.

v4.0.1Mar 12, 2026

Collections Rename and HTTP Trigger Fixes

The data service now supports /collections as the primary route alias, with /structures deprecated. HTTP trigger creation bugs have been fixed.

Added

Collections route alias — /collections is now the primary API route in the data service. The /structures routes remain available but are deprecated. SDK, MCP, and documentation updated.

Fixed

HTTP trigger crash when creating triggers with missing path metadata.
HTTP trigger paths now consistently normalized with a leading slash.
HTTP trigger placeholder text corrected in the console trigger creation form.

v4.0.0Mar 10, 2026

New Console, Auth Pages, and Platform Overhaul

Centrali 4.0 ships a completely rebuilt admin console with a modern React interface, moves authentication pages into the IAM service for better security, and delivers a polished experience across every feature area.

Added

Completely rebuilt admin console — new React 18 + Vite + TailwindCSS interface replacing the legacy Ant Design UI, with dark mode, command palette, keyboard shortcuts, and responsive layout.
Interactive dashboard with real-time workspace metrics — collections, records, function runs, storage usage, and active jobs at a glance with 7/30-day activity charts.
Visual automation builder — drag-and-drop workflow editor for creating multi-step automations with HTTP triggers, conditions, and orchestration steps.
Inline API reference — every collection now includes a dedicated API tab showing all REST endpoints with authentication details and base URLs.
AI-powered data validation — configure validation rules per collection with format, typo, duplicate, and semantic checks powered by the AI service.
Webhook delivery health dashboard — monitor delivery success rates, view delivery logs, and track retry attempts for each webhook endpoint.
HTTP trigger management — create, configure, and monitor HTTP triggers with health status tracking and direct URL access.
Function code editor with inline test runner — write, test, and debug compute functions with live output, console logs, and execution metrics.
Server-rendered auth pages in IAM — forgot-password, reset-password, and verify-email pages now live in the IAM service as branded EJS templates, eliminating the dependency on the console frontend for auth flows.
Notification bell with subscription management — real-time notification center with configurable event subscriptions per workspace.
Onboarding walkthrough — guided first-run experience with workspace templates and interactive hints for new users.
Command palette (Cmd+K) — search resources, records, and access quick actions from anywhere in the console.

Improved

Collection detail view reorganized into logical tabs — Details, Schema, Records, API, History, Settings, and AI — reducing clutter while surfacing more functionality.
Schema editor with field property panel — edit field types, validation rules (required, unique, min/max), and see changes as drafts before deploying.
Sidebar navigation restructured into logical groups — Data, Logic, Team, Access, and Settings — with collapsible sections and workspace switcher.
Dark mode with system preference detection and localStorage persistence across sessions.
Email verification and password reset links now point to IAM-hosted pages instead of the console frontend, improving security and reducing cross-service dependencies.
ABAC permissions editor with searchable combobox, flat condition format, and system entity detection.

Fixed

Logout flow now properly destroys all OIDC and Express session cookies, preventing silent re-authentication.
Search indexing fixed for empty changes arrays that previously caused indexing failures.
Backend fixes for record queries — corrected $in, $or operators and history endpoint pagination.

v3.1.7Mar 3, 2026

JWKS Rotation Reliability Fix

A bug in the monthly key rotation job was silently breaking token verification for all apps within minutes of each rotation. The rotation now correctly preserves the previous signing key for in-flight tokens and automatically restarts the IAM service to pick up the new key.

Fixed

JWKS rotation job now preserves the previous public key as a grace period fallback — the cron container previously used an empty working directory, so the existing key was never carried forward, immediately invalidating all tokens signed before the rotation.
IAM service now automatically restarts after each key rotation so the OIDC provider reloads the new signing key from disk rather than holding the old key in memory indefinitely.

v3.1.6Mar 3, 2026

Workspace Templates, Storage Visibility, and Free Tier Updates

New workspaces now launch with a guided template picker to get you productive from day one. The billing dashboard gives every workspace full visibility into storage and usage trends. Free tier limits have been updated to better reflect what each plan offers.

Added

Workspace template picker — new workspaces are guided through a curated set of starter templates on first login. Browse templates, preview the structure they create, and apply one with a single click to hit the ground running.

Improved

File storage usage is now tracked and surfaced in the billing dashboard for all workspace plans, giving you real-time visibility into your Azure Blob consumption.
Usage history is now available across all plans — month-over-month trends let you see how your consumption grows over time and plan your upgrades accordingly.
Free tier storage limits updated to 500 MB DB and 200 MB file storage, more accurately reflecting the tier's scope and creating a clearer boundary with the Standard plan.
Blob storage overage billing is now supported on the free plan, so you can keep going past the limit without interruption.

v3.1.5Mar 2, 2026

Record TTL, Structure View Redesign, and UX Improvements

Records can now expire automatically with built-in TTL support. The Structure detail view has been streamlined with better tab organization, and user management is smarter when inviting existing users.

Added

Record TTL (Time-to-Live) — assign expiration dates to individual records. Expired records are automatically swept and removed, keeping your structures clean without manual cleanup.

Improved

Structure detail view redesigned — tabs reduced from 14 to 11 with logical visual groupings, making navigation clearer and less cluttered.
Inviting an existing user to a workspace now adds them directly instead of returning a conflict error.
API error responses are now consistent across all services, making error handling more predictable for SDK and API users.

Fixed

Long text values in records table cells are now properly truncated, preventing tables from becoming difficult to scan.
User management page — improved layout, spacing, and interaction feedback.

v3.1.4Feb 27, 2026

Workspace Deletion and Data Export

Workspaces can now be safely deleted with a 30-day grace period and full data export. Restore anytime during the grace window, or download a complete archive of your workspace before it's removed.

Added

Workspace soft delete with 30-day grace period — owners can initiate workspace deletion from Settings, with a countdown and one-click restore during the grace window.
Workspace data export — download a ZIP archive of all workspace data (structures, records, functions, triggers, smart queries, settings) before deletion.
Guided export flow — step-by-step export experience before workspace deletion with real-time progress tracking and download.
Pending-deletion notice — users accessing a workspace pending deletion see a dedicated page with restore option for owners.

Improved

Export flow UX redesigned with clearer progress indicators and dark mode support.
Dashboard loads faster with improved metrics aggregation and caching.
Settings page layout cleaned up with redundant tabs removed.

Fixed

Role checks in workspace deletion UI now use correct permission names.
Settings link added to sidebar for easier access to workspace management.

v3.1.3Feb 25, 2026

Plan Limits, Overage Billing, and Performance Improvements

Workspace usage is now enforced against plan limits with optional pay-as-you-go overages for Standard and Pro plans. Dashboard performance is significantly improved with Redis caching, parallelized queries, and optimized metrics aggregation.

Added

Plan-based quota enforcement — workspace usage (compute executions, CPU, memory, storage) is now enforced against plan limits across all services, ensuring fair resource allocation.
Overage billing (pay-as-you-go) — Standard and Pro plan workspaces can opt in to continue using resources beyond plan limits. Includes configurable spending caps, payment method requirements, and automatic threshold notifications at 50%, 80%, and 100% of cap.
Overage settings in Console — new settings tab to enable or disable overages, set spending caps, and view current overage rates per plan.
On-demand function run context decryption — new policy-gated endpoint to decrypt function run execution context for authorized users.
Partner and internal workspace support — special license types for partner integrations and internal workspaces with unlimited resource quotas.

Improved

Dashboard metrics now load significantly faster with Redis caching, parallelized billing aggregation, and materialized trigger health metrics.
Triggers table uses a paginate-first query strategy for faster initial page loads.
Realtime SSE events and outbound webhooks now operate independently from compute function triggers, improving reliability.
Enhanced 402 responses guide users when plan limits are reached, with clear upgrade paths and overage opt-in options.
Provisioning banner no longer polls indefinitely for workspaces that have already completed setup.

v3.1.2Feb 23, 2026

Realtime and Webhook Independence Fix

Realtime SSE events and outbound webhooks now fire on every record event, regardless of whether compute function triggers are configured. Previously, workspaces without compute triggers received no realtime or webhook events.

Fixed

Realtime SSE events and outbound webhooks no longer depend on compute function triggers. Previously, the record event workflow returned early when no matching triggers were found, silently skipping webhook dispatch and Redis publish for realtime. Webhooks and realtime now fire unconditionally before trigger processing.

v3.1.1Feb 21, 2026

Function Runs Data Retention and Infrastructure Upgrades

Function run payloads are now automatically retained with configurable lifetimes — expired data is archived to Azure Blob Storage before being stripped, keeping your database lean while preserving full audit trails. Plus PostgreSQL 16 for local development.

Added

Function runs data retention — daily cron job automatically strips old run payloads past their retention period, with Prometheus metrics for observability.
Archive to Azure Blob Storage — run payloads are archived to blob storage before retention stripping, preserving full execution data for compliance and debugging.
Archive download endpoint — retrieve archived function run payloads via a dedicated API endpoint.
Console UI archive download button — download archived payloads directly from the run detail view when data has been retained.
Payload expired banner — the console now shows a clear banner on function runs whose payloads have been stripped, with a download link to the archived data.
Error summary columns — function runs now store structured error summaries, with a backfill migration for historical failed runs.
Partitioned function_runs table — migration, backfill, and cutover scripts for table partitioning to improve query performance at scale.

Improved

Local development PostgreSQL upgraded from 15 to 16.
Retention cron runs in UTC with Prometheus metrics for rows processed, errors, and duration.

Fixed

Column type mismatches in partitioned migration and Docker builds corrected.
Retention cron timezone set to UTC and dry-run batch cap removed for production use.
Retention metrics renamed to run_data_retention_* to avoid collision with existing metric names.
runData column made nullable so retention can safely strip old payloads without breaking queries.

v3.1.0Feb 17, 2026

Configuration-as-Code SDK and Console UI Fixes

22 new SDK methods enable programmatic management of structures, compute functions, triggers, and smart queries — unlocking infrastructure-as-code and CI/CD workflows. Plus fixes for sign-out, Smart Query field names, and a schema rename for clarity.

Added

Configuration-as-Code SDK support — 22 new methods across four managers: StructuresManager (list, get, getBySlug, create, update, delete, validate), ComputeFunctionsManager (list, get, create, update, delete, testExecute), TriggersManager (create, update, delete, listAll, getDetails), and SmartQueriesManager (create, update, delete, test).
New property type definitions, ComputeFunction interfaces, trigger CRUD types, and smart query CRUD types exported from the SDK.
Records CRUD API guide covering all record endpoints (CRUD, bulk ops, versioning, secrets, aggregations).

Improved

Renamed property-level `isStrict` to `strictProperties` to eliminate naming confusion with the removed structure-level `isStrict`. Includes a database migration to rename at all nesting levels and backward-compatible API ingestion.
Swagger component schemas fixed to match actual API responses (camelCase, correct Property type enum, PaginatedResponse shape).
Removed unused packages (keycloak-js, socket.io-client, duplicate express) from console-ui.

Fixed

Sign-out button now fully logs users out — clears OIDC browser state, destroys the Express session, and force-clears provider cookies. Previously, the server-side session was destroyed but browser state caused silent re-authentication.
Smart Query builder field name dropdowns no longer apply camelCase transformation, preserving kebab-case, snake_case, and spaced field names exactly as defined.

v3.0.9Feb 15, 2026

User Onboarding and Error Transparency Fixes

Fixed a critical user onboarding bug where admin-created users were invisible to workspace membership queries, and improved error transparency so connection errors in compute functions show the real cause instead of internal codes.

Fixed

Admin-created users (via createUser) now correctly get a `user_workspaces` entry, fixing an issue where they were invisible to workspace membership queries. Token issuance also validates that the fallback workspace has a valid membership before using it.
Compute function HTTP errors no longer mask real connection errors (ENOTFOUND, ECONNREFUSED, ETIMEDOUT, ECONNABORTED, ECONNRESET, SSL errors) with internal codes like WORKER_UNAVAILABLE. Each error type now surfaces an actionable message with the real error code attached.
Array field suggestions in schema discovery now include `items.type`, fixing incomplete suggestions for array properties.

v3.0.8Feb 13, 2026

Compute Error Observability Fix

Failed compute function runs now surface the actual error message and stack trace in the console Errors tab and in Loki logs, fixing a gap where failures were reported without any detail about what went wrong.

Fixed

Compute worker sandbox logger now includes `workspaceSlug`, fixing an issue where the `"Function execution failed"` error log was silently filtered out of Loki queries — making Deno runtime errors invisible in the console Logs tab.
Gateway logs now include `errorMessage` and `errorCode` for failed jobs instead of only logging `hasError: true`. The job completion callback and job completed log entries both surface the actual error details.
The console Errors tab now displays error details for failed function runs. Previously, the error was persisted to the database but never included in `runData`, so the Errors tab always showed "No errors" even for failed runs.

v3.0.7Feb 13, 2026

Event-Driven Trigger Parameter Fix

Event-driven compute function triggers now correctly pass event data via executionParams and trigger configuration via triggerParams, matching the documented behavior and aligning with all other trigger types.

Fixed

Event-driven triggers now pass the event payload (record data, event type, before/after state) in `executionParams` instead of incorrectly nesting it inside `triggerParams`. Trigger configuration parameters (secrets, API keys, URLs) are now available directly on `triggerParams` as a flat object — consistent with on-demand, HTTP, and scheduled triggers.

v3.0.6Feb 12, 2026

Compute Function HTTP and Query Response Fixes

Compute function HTTP methods now return full response objects with status codes and headers, and api.queryRecords returns the same response shape as the REST API and SDK.

Fixed

Compute function `api.httpGet()` and `api.httpPost()` now return full axios-style response objects (`{ status, headers, data }`) instead of just the response body as a string. Previously, status codes were inaccessible in compute functions.
Compute function `api.queryRecords()` response shape now matches the REST API and SDK — results are returned in the `items` array, consistent with all other query interfaces.

v3.0.5Feb 12, 2026

Atomic Upsert Records and SDK Allowed Domains

New upsertRecord operation atomically creates or updates records by business key with advisory locking for safe concurrent writes. SDK gains AllowedDomainsManager for managing compute function external HTTP access.

Added

Atomic upsert records — find a record by match fields and update it, or create a new one if no match exists. Uses PostgreSQL advisory locking to prevent race conditions. Available via HTTP API, SDK (`client.upsertRecord()`), NATS RPC, and compute functions (`api.upsertRecord()`).
SDK AllowedDomainsManager — programmatically manage allowed domains for compute function external HTTP calls with `client.allowedDomains.list()`, `.add()`, and `.remove()`.

Improved

Record creation events in schemaless and auto-evolving modes now fire after the transaction commits, preventing orphaned NATS events on rollback.
Improved customer-facing documentation for scheduled triggers with clearer examples and configuration guidance.

v3.0.4Feb 11, 2026

Schema Discovery Fixes and Documentation Overhaul

Resolved issues with query validation blocking filters on schemaless structures, improved schema discovery initialization, and overhauled customer-facing documentation.

Improved

Simplified schema mode configuration — removed legacy `isStrict` flag in favor of the unified `schemaDiscoveryMode` setting.
Customer-facing documentation overhauled with updated guides, SDK reference, and corrected screenshots to match the current UI.
Access control documentation updated to accurately reflect the actual authentication implementation.

Fixed

Query validation no longer blocks filters on structures using schemaless or auto-evolving mode.
Record updates in auto-evolving mode now correctly validate as partial updates instead of requiring all fields.
Schema discovery configuration now properly initializes when creating new structures.
Schema discovery defaults to strict mode when no configuration is specified, preventing unexpected behavior.

v3.0.3Feb 10, 2026

CORS Wildcards and Sort Order Fixes

Wildcard CORS patterns now work correctly with protocol prefixes, and sorting by numeric and datetime fields uses proper type-aware ordering.

Improved

CORS middleware updated in IAM, Data, Workspace, Notification, AI, Scheduler, and Search services to support wildcard patterns.
Record query sorting casts numeric fields to `::numeric` and datetime fields to `::timestamp` for correct ordering.

Fixed

CORS wildcard patterns with protocol prefix (e.g., `https://*.domain.com`) now work correctly across all services.
Numeric field sorting uses proper numeric ordering instead of lexicographic — no more '9' sorting after '10000'.
Datetime field sorting uses proper timestamp ordering for correct chronological results.

v3.0.2Feb 9, 2026

SDK Reliability, Nested Arrays, and Data Fixes

Improved SDK reliability with automatic token refresh, better record validation for partial updates, and support for nested array types in the structure builder.

Added

Nested array type definitions — define complex array-of-objects schemas directly in the visual structure builder.
Custom 404 page in documentation — improved navigation experience when a page isn't found.

Improved

SDK automatically refreshes tokens on 401/403 errors — no more manual token handling for expired sessions.
Clearer documentation on filter syntax differences between Client SDK and Compute Functions.

Fixed

Partial record updates now validate only the fields being updated, not the entire record schema.
JSONB filters correctly handle numeric comparisons — number fields now cast properly in filter conditions.
Structure bundle imports correctly resolve cross-references between structures in the same bundle.
Storage routes in Compute Gateway now use correct internal messaging subjects.
SDK pagination uses consistent page/pageSize parameters across all endpoints.

v3.0.1Jan 19, 2026

SDK Type Fix

Quick patch to correct TypeScript types in the SDK for record filtering.

Fixed

SDK filter parameter now correctly typed as object instead of string in QueryRecordOptions.

v3.0.0Jan 18, 2026

Smart Queries: Variables, Joins, and Developer Experience

Smart Queries get a major upgrade with parameterized variables, flexible record ID joins, and a cleaner result structure. Build dynamic, reusable queries that accept runtime parameters and seamlessly combine data across structures.

Added

Parameterized Variables — use `{{variableName}}` syntax in Smart Query conditions and provide values at execution time for dynamic, reusable queries.
Record ID Joins (`_recordId`) — join structures using actual record UUIDs instead of just data fields, perfect for foreign key relationships.
Join Where Filtering (`joinWhere`) — filter on fields from joined records, not just the main structure.
Nested `_joined` Results — joined data now returns in a clean `_joined.{structureSlug}` object, consistent with the `_expanded` pattern for references.
Visual Builder Join Support — configure joins directly in the Smart Query visual builder with field selection and join conditions.
SDK Variables Support — pass variables when executing Smart Queries via the SDK with full TypeScript support.

Improved

SDK reference expansion documentation with clear examples for `expand` parameter usage.
Storage URL helpers in SDK for consistent file URL construction.
Smart Query validation catches invalid variable names and missing required variables with helpful error messages.

v2.9.0Jan 15, 2026

Workflow Orchestration: Multi-Step Automation with Visual Editing

Build complex multi-step workflows without writing code. Chain compute functions together, add conditional branching, schedule delays, and monitor every execution with detailed observability.

Added

Workflow Orchestration — visual editor for building multi-step workflows that chain compute functions with automatic retry and error handling.
Decision Steps — route workflows based on data conditions with 10 comparison operators (equals, greater than, exists, in array, etc.) and support for multiple conditions per case.
Delay Steps — pause workflow execution for specified durations, perfect for reminder emails, approval timeouts, or rate-limited API calls.
Event-Driven Triggers — automatically start workflows when records are created, updated, deleted, or restored.
HTTP Webhook Triggers — expose public webhook endpoints with optional HMAC-256 signature validation for secure integrations.
Scheduled Triggers — run workflows on cron schedules, fixed intervals, or one-time execution with timezone support.
On-Demand Triggers — start workflows manually via API with custom input data.
Run Observability — track every workflow execution with step-by-step history, input/output inspection, activity logs, and execution traces.
Available Paths Reference — in-editor documentation showing how to reference trigger input, context variables, and step outputs in decision conditions.

Improved

Console UI gains new Orchestrations section with workflow list, visual editor, and run history views.
Compute functions can now be chained in orchestrations with automatic context passing between steps.

v2.8.0Jan 7, 2026

Permission Introspection, Compute Job Queues, and Security Enhancements

Debug and fix permission issues in seconds with the new Permission Introspection feature. Simulate authorization checks, see exactly why access is denied, and apply fixes with the guided remediation wizard.

Added

Permission Introspection — debug service account permissions with a comprehensive permission scanner showing allowed and denied actions across all resources.
Authorization Simulation — test 'what-if' scenarios by simulating access checks with custom context including IP address, time, and request metadata.
Remediation Wizard — one-click fix for permission issues with guided policy and permission creation.
Structure Security Tab — view all permissions granting access to a structure's records, with security warnings for overly broad access.
Compute Job Queue — reliable compute function dispatch with job queue and worker state tracking.
BYOT External Auth Providers — bring your own identity provider (Clerk, Auth0, Okta) with claim-based authorization.

Security

Debug and trace output requires explicit permission to prevent information disclosure.

v2.7.0Jan 6, 2026

Azure OpenAI, Secure Compute Architecture, and Infrastructure Upgrades

AI service now powered by Azure OpenAI for faster inference, new secure compute architecture with Deno sandboxing, and self-hosted Redis for improved performance.

Added

Azure OpenAI integration — AI service now uses Azure OpenAI for faster, more reliable inference.
Secure compute architecture — new Deno-based sandboxing for safer function execution.
Batch data operations — high-performance bulk operations for faster record processing.

Improved

AI inference timeout increased to 5 minutes for complex operations.
Compute function execution performance improvements.

v2.5.0Dec 25, 2025

Secret Fields, Trigger Health Monitoring, and Platform Hardening

Encrypt sensitive data with secret string fields, monitor trigger health at a glance, and benefit from comprehensive security and observability improvements.

Added

Secret string fields — mark string properties as secrets to encrypt at rest and mask in API responses.
Secret reveal endpoint — access plaintext values of secrets with explicit permission.
Secret compare endpoint — verify values match stored secrets without revealing them.
Secret key rotation — rotate encryption keys across workspaces without downtime.
Trigger health monitoring — badges show trigger status at a glance with detailed health cards.
Function execution email notifications — subscribe to receive emails when functions complete or fail.
Realtime compute events — stream function completion events via SSE.
CSV/JSON conversion helpers — parse and generate CSV/JSON in compute functions.

Improved

Console sidebar navigation revamped with new structure and styling.
Better error messages for CORS and authorization failures.

Fixed

Storage service performance improvements.

Security

Authorization added to scheduler and webhook subscription APIs.
Centralized IAM resource registration for consistent access control.

v2.4.0Dec 22, 2025

AI Everywhere: Schema Generation, Natural Language, and Intelligent Data Quality

Six major AI-powered features transform how you build with Centrali—from schema generation to anomaly detection.

Added

AI Schema Generator — describe your data in plain English and get a complete schema with fields, types, and validation rules.
Natural Language Search — search records using conversational queries like 'orders from last week with status shipped'.
Natural Language Record Creation — create records by describing them instead of filling out forms.
Compute AI Assistant — generate function code from descriptions of what you want the function to do.
AI Data Validation & Cleaning — real-time validation catches format issues, inconsistencies, and outliers as records are created.
Batch validation scanning — run validation across all existing records to find and fix historical data quality issues.
Auto-correction support — automatically fix trusted patterns like email typos and inconsistent formatting.
AI Anomaly Detection & Insights — continuous analysis surfaces unusual values, missing references, and data drift.
AI Insights dashboard — view data quality scores, top issues, trends, and recommendations per structure.
Auto-Schema Discovery — schemaless and auto-evolving modes for dynamic data ingestion.
Schema suggestion workflow — accept or reject new fields discovered from incoming data.

Improved

Console UI polish with unified favicon across all pages.
Improved notification template rendering.

v2.3.0Dec 16, 2025

Full-text search, reference properties, and SDK enhancements

Search records across your workspace instantly, define relationships between structures, and leverage smart queries in the SDK.

Added

Full-text search for records — search across all records in your workspace with instant results.
SDK search() method — search records programmatically with structure filtering and result limits.
Console UI record search — press Cmd+K to find any record in your workspace.
Reference property type — define relationships between structures with validation and cascade behaviors.
Cascade delete support — configure restrict, cascade, or set_null behaviors for references.
SDK smart queries support — list and execute smart queries programmatically.
Trigger pause/resume — pause and resume triggers from the console.

Improved

Search results grouped by structure type for easier navigation.
Reference validation prevents orphaned references at create/update time.

Fixed

Scheduler trigger state sync issues.
SDK response format consistency.

v2.2.0Dec 9, 2025

Real-time events, image transformation, and compute upgrades

Stream record changes via SSE, resize images on-the-fly, and new compute APIs for file storage, crypto, and templating.

Added

Real-time Events via Server-Sent Events (SSE) — subscribe to record changes with filtering by structure, event type, and data values.
SDK realtime namespace with subscribe() for SSE event streaming.
Image resize and compression — transform images on-the-fly without storing multiple versions.
Handlebars templating with api.renderTemplate() — 30+ built-in helpers for currency, dates, conditionals, and more.
api.storeFile() — store binary files (PDFs, images) directly from compute functions.
Crypto API with api.crypto.sha256() and api.crypto.hmacSha256() for hashing and signing.
Base64 utilities with api.base64.encode() and api.base64.decode().
Record import feature for bulk data migration.
SDK triggers namespace with invoke() method for on-demand trigger execution.
API Documentation Portal with interactive OpenAPI specs for all services.
Deleted structures tab with restore and permanent delete options.
Bulk delete action for structures, records, and other resources.

Improved

Renamed 'webhook' trigger type to 'http-trigger' for clarity.
Quick-select interval helpers for scheduled triggers (1 week, 1 month presets).
Redesigned IAM pages (login, logout, error, workspace selector).
Better error messages for structure imports and duplicate property names.
Option to skip smart queries/triggers during bundle import.

Fixed

Trigger drafts now save function selection reliably.
Increment counters properly cleaned up on structure deletion.
Unique constraint validation for nullable fields.

Security

Compute function sandbox hardening with execution timeouts and network isolation.
Domain allowlist validation prevents SSRF attacks in HTTP requests.

v2.1.0Nov 26, 2025

Real-time subscriptions and improved bulk operations

Subscribe to record changes via SSE and improved console UI for workspace management.

Added

Real-time service foundation for Server-Sent Events (SSE).
SDK realtime namespace initial implementation.

Improved

Bulk operations performance and reliability.
Console UI polish and responsiveness.

v2.0.1Nov 21, 2025

Bulk import/export for workspace resources

New bulk import/export flow for structures, functions, smart queries, and triggers with conflict-aware resolution.

Added

Bulk export for structure bundles (structures + smart queries).
Bulk export for function bundles (functions + triggers).
Bulk import APIs with conflict-aware validation and user-selectable resolution modes.
Resolution actions for imports: skip, rename, overwrite, import_as_new.
Dependency remapping for related resources (smart queries → structures, triggers → functions).
New bulk APIs for export, conflict detection, and import across structures and functions.

Improved

More robust validation and error messages for large imports.
Clearer conflict messages when structures or functions already exist.

v2.0.0Nov 20, 2025

Initial public platform release

First stable release of Centrali with structures, search, storage, functions, and workspaces.

Added

Structures for schema-based data modeling.
Smart queries for filtering, sorting, and search.
File storage with metadata and simple delivery APIs.
Serverless functions with event triggers and schedules.
Built-in full-text search indexing for records.
Workspace model with roles and permissions for multi-tenant apps.
Real-time updates API for subscriptions to data changes.
Console UI for managing data, functions, logs, and workspace settings.