Changelog

Full violation workflow — NEW → ACKNOWLEDGED → INVESTIGATING → RESOLVED status lifecycle with state machine validation.

Violation assignment — assign violations to team members with automatic status transitions.

Resolve and dismiss forms — capture resolution type, root cause category, linked tickets, and dismissal reasons.

Incident timeline — structured audit log for every state change, assignment, note, and resolution on each violation.

Email notifications on violation assignment and critical severity detection.

Violation detail page redesigned with status progress bar, timeline view, and action buttons.

Violation list now shows assignee and quick-action buttons for acknowledge and assign.

Violation severity badge colors not rendering correctly in dark mode on Safari.

Network connections — invite vendor and partner organizations with accept/decline workflow.

Policy sharing — share policies across connected organizations with version tracking and auto-sync.

Pending approval workflow — review shared policy updates before they sync to your organization.

Network-invited onboarding — organizations joining via network invite see shared policy context during setup.

Notification system expanded with network invite, accept, decline, and policy share events.

OAuth token refresh failing silently for OneDrive connections after 7+ days of inactivity.

Policy Marketplace — browse governance packs organized by category (compliance, security, AI safety) and industry (healthcare, finance, legal).

Subscribe or fork — subscribe for auto-sync updates, or fork as a one-time template you own and customize.

Managed policies — marketplace subscriptions create shadow copies that stay in sync with the publisher’s source.

Policy list now shows marketplace origin badge and subscription status.

Policy detail shows marketplace source link and auto-sync toggle for subscribed policies.

Policy version diff view not rendering rule deletions when comparing non-adjacent versions.

Knowledge bases — upload PDFs, Word docs, and text files with async processing (OCR → chunking → embedding → vector indexing).

RAG-powered evaluation — attach knowledge bases to policies for organization-specific context during evaluation.

Document rule extraction — upload a compliance document and automatically extract structured, enforceable rules.

Knowledge base linking — connect knowledge bases to policies directly from the policy detail page.

Evaluation results now show which layer (deterministic, semantic, or knowledge) produced each finding.

Document upload uses presigned URLs for direct-to-storage transfers.

File upload progress indicator stalling at 99% on documents larger than 10MB.

Vector search returning results from archived knowledge bases.

GitLab and Bitbucket integrations — commit status enforcement on push and merge request events.

Slack and Teams integrations — channel monitoring with automatic channel sync and violation warnings.

Google Drive, Dropbox, and OneDrive integrations — document scanning with file quarantine enforcement.

Gmail and Outlook integrations — email content evaluation with quarantine labels and folder-based enforcement.

OpenAI, Anthropic, and Gemini proxy integrations — evaluate LLM request/response pairs with block, warn, or monitor enforcement.

REST API and MCP validation endpoints for custom systems and AI agents.

Configurable enforcement modes — block, warn, or monitor independently per policy per integration.

All integration credentials now encrypted with AES-256-GCM at rest.

Integration setup flow redesigned with better OAuth error handling and connection status indicators.

GitHub webhook signature validation failing on repositories with special characters in names.

Semantic evaluation layer — LLM-powered evaluation for rules requiring interpretation of tone, intent, and context.

Per-rule evaluation mode — choose deterministic or semantic evaluation for each rule individually.

AI-assisted policy generation — describe what you want to govern in natural language and get structured, enforceable rules.

Evaluation results include confidence indicators and reasoning for semantic findings.

Added stopOnFirstViolation optimization — skip remaining rules once a critical violation is found.

Evaluation timeout on policies with more than 50 rules when all rules use semantic evaluation.

Semantic evaluation returning inconsistent severity levels for identical inputs on retry.

Subscription management — Starter, Growth, Business, and Enterprise plans with self-service checkout and billing portal.

Usage tracking — real-time evaluation counts, integration slots, seat usage, and project limits per organization.

Trial enforcement — 14-day free trial with countdown banner, expiration overlay, and read-only mode after expiry.

Quota enforcement — automatic blocking when plan limits are reached with clear upgrade prompts.

Feature flags — plan-gated access to SSO/SAML, custom knowledge bases, and advanced analytics.

Overage handling — configurable allow/block with 80% usage warning notifications.

Webhook replay causing duplicate subscription records on network timeouts.

Deterministic policy engine — evaluate rules with pattern matching, keyword detection, allowlists/denylists, and field conditions (10+ operators).

Violation tracking — severity classification (Low/Medium/High/Critical) with structured records, snippets, and explanations.

GitHub integration — evaluate pull requests against bound policies with check run pass/fail enforcement.

Policy versioning — full version history with DRAFT → ACTIVE → DEPRECATED lifecycle.

Policy sets — group related policies into collections for batch application.

Policy bindings — map policies to specific integrations and surfaces.

Dashboard with evaluation volume and violation trend charts.

Policy compiler not handling nested compound conditions with mixed AND/OR logic.

Policy builder — guided wizard for creating policies with structured rule definitions, severity controls, and action configuration.

AI policy generation — describe a policy in natural language via a conversation interface and get structured rules.

Individual rule editing — inline dialog for editing rule name, description, severity, and semantic prompts.

Policy detail page redesigned with tabs for rules, versions, evaluations, violations, and bound integrations.

Conversation interface not auto-scrolling to latest message during AI generation.

Onboarding wizard — 4-step flow (industry → demo → connect integration → company details) with value-first design.

Role-based access control — Owner, Admin, and Member roles with scoped permissions for destructive actions.

Member management — invite, remove, and change roles with last-owner protection and self-role-change prevention.

Member onboarding — separate flow for users invited to existing organizations.

Session management with sealed cookies, silent refresh, and proactive keepalive.

Auth cookies not setting correctly on cross-origin requests between app and API subdomains.

Multi-tenant architecture — organization-level data isolation enforced at every layer.

Projects — group policies, integrations, and knowledge bases by project within an organization.

Organization and project selection — full-screen selector pages with create, switch, and account management.

Organization deletion and account deletion with membership checks and credential clearing.

Structured logging with per-request correlation IDs for end-to-end traceability.

Project context not clearing on organization switch, causing stale data in the sidebar.

Authentication — SSO with support for Google, Microsoft, GitHub OAuth, and SAML.

Policy CRUD — create, read, update, and archive governance policies with JSON-based rule definitions.

Marketing site with homepage, pricing, and use case pages.

Containerized deployment with CI/CD pipeline.