Changelog
v0.5.0
Released 26 February 2026.
The control plane comes online. The agent stops talking to YAML and starts talking to a server.
Agent
Changed
- ChangedProject pivots to a server-driven architecture. The dev-mode YAML harness is kept for local development; the agent's source of truth in production is now the control plane it heartbeats to.
Control plane
Added
- AddedFirst public cut. Django 6 application with operator accounts, organisations, role-based access control across four roles, an append-only audit log, envelope encryption for stored credentials, redacted structured logs,
/healthzand/readyzendpoints, a CSP-enforcing middleware, and a django-q2 task cluster wired into boot. - AddedDatabases, storage destinations, schedules, and retention policies as first-class records. The default retention is GFS (7 daily, 4 weekly, 12 monthly), overridable per database, with an optional hard age bound.
- AddedMutual TLS between the agent and the control plane. The agent generates its keypair on the host, sends a CSR, and receives a leaf certificate signed by the agent CA. The private key never leaves the host.
- AddedHeartbeat and
/configendpoints with hash short-circuiting — the server tells the agent it is up-to-date without re-sending the whole config when nothing has changed. - AddedSingle-use job credential exchange. Database passwords and storage secrets are fetched per job, never stored on the agent's disk, and the issuance is recorded in the audit log.
- AddedOperator-facing backups history and a console dashboard. One-shot restore initiation from the console, with the agent reporting the result back.