CRAFT Release Notes

CRAFT ships on a monthly cadence using calendar versioning (YYYY.MM). Each release bundles updates across the platform; user-facing changes are summarized below in Keep a Changelog style.

Current Release: CRAFT 2026.05

Release Cadence & Versioning Policy

CRAFT publishes a unified YYYY.MM release on or around the last business day of each calendar month. The release name reflects the month it ships in; if a release slips into the following month, the version follows the actual ship month.Underlying components continue to follow semantic versioning and may publish point releases between monthly bundles.

2026.05

Released 2026-05-14

Added

Snowflake key-pair and OAuth/SSO authentication for data connectors — enterprise SSO without long-lived passwords.
Sample-data preview tool so agents can inspect connector data before issuing a full query.
Embedding API key secrets — embedding-provider credentials are now managed through the platform secret store.

Changed

Workflow execution cleanup in the runtime UI: more predictable cancellation and retry behavior.
Expanded automated test coverage across the runtime UI to harden regression detection.

Fixed

Stability improvements across connector authentication flows.

Security

Reduced reliance on static credentials for data connectors via the new key-pair and SSO flows.

2026.04

Released 2026-04-30

Added

Snowflake data connections — connect to Snowflake warehouses alongside existing data sources.
Org-level data connections — share data connections across an entire organization instead of configuring them per project.
Model registry — register, verify, and govern the LLMs and embedding providers your projects use, with execution-permission controls.
Agent registry — catalog and manage agents as first-class assets.
Audit logging — telemetry-grade audit trails routed through the standard OpenTelemetry collector for downstream SIEM and compliance pipelines.
Conversational chat experience — streaming responses, downloadable code artifacts, an artifact picker, and a redesigned context bar that makes the active project, dataset, and references visible at a glance.
Service Registry — the former services area is now a dedicated registry with permission-gated actions and clearer catalog integration.
Workflow execution streaming — virtualized live updates keep long-running workflow executions responsive even with thousands of steps.
Email notifications — a new endpoint enables transactional email from platform workflows.

Changed

Asset ownership model — assets now track creators consistently across the platform, laying the groundwork for richer provenance and collaboration features.
Artifact previews — preview any text-based artifact with accurate truncation and inline metadata, so agents and users can inspect content without downloading it.
Business glossary — duplicate-tag validation, permission-checked deletes, and search that resets pagination correctly for faster curation.
Workflow authoring — clearer enrichment defaults and reference-pack handling reduce setup friction.
Error feedback — backend error messages now surface directly in UI toasts instead of being masked by generic notifications.

Fixed

Chat reliability — resolved hangs when starting a new chat mid-stream, restored context visibility on user messages during streaming, and replaced fixed retry limits with event-based reconnection for more resilient SSE sessions.
Data connection credentials — credential updates now apply correctly, and connection names reject special characters that previously caused downstream failures.
Postgres on managed RDS — resolved SSL certificate verification failures when connecting to RDS-hosted PostgreSQL.
Memory consistency — memory updates now increment versions correctly to prevent stale reads under concurrent edits.
Pagination — data connections and glossary lists no longer get stuck on empty pages after deletion or filter changes.

Security

Hardened search input — dataset search validates input and escapes wildcard characters to eliminate an injection vector.
MIME type enforcement — artifact and file uploads validate MIME types to block unexpected content.
Service account authentication for audit ingest — the audit ingestion endpoint now requires a service-account JWT.
Bootstrap endpoint hardening — restricted to platform developers, closing an over-permissive default.
Repository governance — tightened access and review controls across the platform codebase.

Deprecated

owner_id on assets — superseded by the new creator/ownership model; existing integrations continue to work but should migrate to the creator-based fields.

2026.03

Released 2026-03-31

Added

Memory service with context packs — agents can persist and recall named context packs and memories across runs, with pattern-based filtering on retrieval.
Column distribution analysis in data profiles — histograms and value frequencies for low-cardinality columns, percentiles for numeric columns, length and case patterns for text, temporal ranges, and JSON structure summaries.
Business Glossary API — manage glossary terms (list, create, update, verify, tag) with project-scoped access, ready for SDK and UI integration.
OpenTelemetry instrumentation across runtime services — traces, metrics, and logs emitted in standard OTLP format for integration with your observability stack.
Streaming file uploads for artifacts — large uploads no longer buffer entirely in memory, enabling reliable transfer of multi-gigabyte files.
Generated Python and TypeScript SDKs for data readiness workflows — published alongside each release from the OpenAPI spec, so client integrations stay in sync with the service.

Changed

Asset addressing now uses fully-qualified names — workflow runs and data quality operations identify assets by FQN (e.g. service.database.schema.table) instead of UUIDs, simplifying integration and cross-service references.
Simpler data quality workflow triggers — tag generation, rule generation, and execution no longer require resource type, URI, or database type as parameters; these are derived automatically from the asset.
Faster metadata assessments — scoring and violation detection now run against in-memory catalog data, reducing per-assessment work from dozens of database queries to a handful of API calls.
Immediate workflow results — data quality execution, data quality assessment, and metadata assessment workflows no longer require manual approval; results are available the moment the workflow completes.
Catalog version history now includes structured diffs — each historical entry shows per-field changes with attribution.

Fixed

Multi-tenant authorization isolation — resolved a case where authorization records could collide across tenants with similarly-named resources.
Concurrent database migrations — multi-replica deployments now coordinate migrations with advisory locks, preventing race conditions during rollouts.
Stale data quality results — re-running tag generation or rule execution no longer surfaces results from previous runs.
Partial metadata updates — updating a table or column now preserves fields not included in the request instead of clearing them.

Security

Software Bill of Materials (SBOM) for runtime services — every release now ships with an SBOM for supply-chain visibility and vulnerability scanning.
Production API documentation disabled by default — interactive /docs and /redoc endpoints are off in production deployments and only enabled where explicitly configured.
Connection secret cleanup — deleting a data connection now also removes its credentials from the platform secret store, eliminating orphaned secrets.

Removed

Debug configuration endpoint — the /config debug endpoint has been removed from production builds.

2026.02

Released 2026-02-27

Added

Data Readiness service — initial release of automated data quality assessment, with AI-driven tag generation, SQL-based rule execution, and weighted readiness scorecards.
Violation lifecycle management — list, review, and resolve data quality violations with filtering by service, database, schema, or table.
Catalog metadata APIs — bulk metadata operations, list endpoints, and major.minor versioning so teams can evolve catalog entities without losing history.
Catalog tag management — create and curate tags, then attach them inline when upserting catalog entities for faster classification.
Artifacts API with default object storage — agents can persist intermediate outputs without per-deployment storage configuration.
Production Helm chart for Kubernetes — deploy the runtime to any cluster with a supported chart that bundles Redis TLS, workflow scheduling, and observability hooks.

Changed

Soft-deleted catalog entities can be re-created — restoring a previously removed asset no longer requires a manual purge.
API version surfaced in OpenAPI/Swagger — the version shown in the API explorer now matches the released package, eliminating drift between docs and runtime.
Simplified secret mirroring in Helm — Kubernetes Reflector replaces External Secrets Operator, reducing required cluster prerequisites.

Fixed

Keycloak bootstrapping compatibility with newer Keycloak releases.
CORS handling extended to remaining APIs for consistent browser access.
Helm value overrides that were silently ignored due to a subchart key mismatch.

2026.01

Released 2026-01-29

Added

Multi-level secrets — store and reference secrets at organization, project, and resource scopes so access narrows naturally to where credentials are actually used.
Object storage APIs — manage assets across cloud and on-premises object stores through a single interface.
Data connection management with verification — register PostgreSQL and Redshift connections through a unified API that verifies reachability before a workflow ever runs.
End-to-end organization provisioning — create an organization with identity, permissions, and project scaffolding in a single call, removing manual setup steps.
Unified service bootstrap — one initialization path brings every platform service online with consistent configuration.

Changed

Secret permissions now derive from the owning resource instead of a separate secret-type model — fewer policies to reason about and more predictable access decisions.
Tightened exception handling across runtime APIs for clearer, more actionable error responses.

Security

Permission checks enforced on every secret endpoint so callers can only read or modify secrets they own.
Hardened bootstrap permissions to prevent over-privileged roles during initial deployment.

Fixed

Reliability fixes for identity-provider TLS handshakes and secret-store cache configuration.

Observability

Security

Compliance

Release Notes

Release Notes

CRAFT Release Notes

2026.05

Added

Changed

Fixed

Security

2026.04

Added

Changed

Fixed

Security

Deprecated

2026.03

Added

Changed

Fixed

Security

Removed

2026.02

Added

Changed

Fixed

2026.01

Added

Changed

Security

Fixed

Observability

Security

Compliance

Release Notes

Documentation Index

​CRAFT Release Notes

​2026.05

​Added

​Changed

​Fixed

​Security

​2026.04

​Added

​Changed

​Fixed

​Security

​Deprecated

​2026.03

​Added

​Changed

​Fixed

​Security

​Removed

​2026.02

​Added

​Changed

​Fixed

​2026.01

​Added

​Changed

​Security

​Fixed

CRAFT Release Notes

2026.05

Added

Changed

Fixed

Security

2026.04

Added

Changed

Fixed

Security

Deprecated

2026.03

Added

Changed

Fixed

Security

Removed

2026.02

Added

Changed

Fixed

2026.01

Added

Changed

Security

Fixed