Improvements

• Environments: Deleting a component now automatically triggers its associated pipeline job, ensuring infrastructure is properly cleaned up as part of the process.

• Organizations: When working inside a child organization, the parent organization is now shown next to the organization switcher for easier context.

• Plugins: Plugin widgets are now accessible as tabs directly on the component page, after the Configuration tab.

• Pipeline : You can now define hooks in your stack configuration to automatically trigger pipeline jobs or resource refreshes when a component is created, updated, or deleted.

• StackForms: Conditions now support the len() function, allowing you to show or hide fields based on whether an array input (such as a multiselect dropdown) has any values selected.

• Pipelines: If a hook-triggered pause or unpause fails mid-operation, the pipeline job state is now automatically restored to what it was before, keeping things consistent.

• Performance: Git operations are now faster and more reliable thanks to local repository caching. Unused caches are automatically cleared after 7 days.

Fixes

• Authentication: Users with an invalid or expired licence are now sent directly to the licence page (Org Settings → Plan) instead of a generic access-denied error.

• Plugins: Pressing Enter in registry rename or connect modals now saves the action instead of reloading the page.

• Plugins: Pasting a child organization URL now correctly switches you into that organization.

• Plugins: Navigating across organizations no longer causes incorrect billing-related redirects.

• Projects: The "No workers running" warning no longer appears briefly when first loading the projects page.

• Other: Closing an error notification no longer also closes its open "View Details" panel.

• Other: The back button now works correctly from build, pipeline, and component views — including after re-login or when arriving via a direct link.

• Dashboard: The onboarding checklist has been removed from the dashboard.

• API - Forms: Slider range fields that receive a text value now handle the conversion correctly, preventing errors when loading certain stack forms.

• API - Pipelines: Deleting a component no longer fails if its pipeline was never created or is already gone.

• API - Roles: Deleting a role in an organization with no members no longer incorrectly returns an admin-rights error.

• API - StackForms: Dropdown fields that load their options from a plain URL now correctly show their default value on first load.

• API - Roles: Access to child organizations is now limited to Organization Admins by default. Users without an admin role will no longer be able to see or switch into child organizations unless explicitly granted access.

Improvements

• API - Plugins: The getPluginRegistryPlugin endpoint now includes installation details (such as install status and version info) when the plugin is already installed in your organization.

Fixes

• API - Authentication: Resolved an issue where MFA login could occasionally fail due to an incorrect time comparison.

• API - Components: Fixed a bug where leaving an optional autocomplete field empty caused the component configuration to fail to save.

• API - Components: Fixed a server error that occurred when retrieving the configuration of a component previously configured by a deleted organization member.

Improvements

• API - StackForms: StackForm variables can now be used to template pipeline variables and configuration, in the same way they are used for the custom technology

• API - StackForms: StackForm variables are now available in the templating engine for all technologies, including Terraform

• API - Components: The getComponent response now includes a stackform updatedat field, making it possible to detect when StackForms configuration was last saved

• API - Other: Added support for Redis cluster URIs to asynq

Fixes

• StackForms: Inventory resource widgets now correctly restore the previously selected resource when reopening a configured component

• StackForms: Missing widget dependencies are now each shown only once, using the widget's display name

• StackForms: Group conditions referencing terraform module-prefixed keys (e.g. $module.foo.bar == true) now evaluate correctly

• Plugins: Navigating directly to a plugin widget URL from a different organization now correctly loads the target organization and page

• Plugins: Plugin management actions are now only visible to the organization that owns the plugin

• API - Environments: Users with environment-level access restrictions now see only the environments they have access to when listing project environments

• API - Service Catalog: A branch that is deleted and later recreated is now correctly recognized as active again

• API - Service Catalog: Users now receive clear feedback when the catalog default branch is unusable during component creation

• API - Service Catalog: Stacks created from a blueprint template now correctly appear in the component creation flow

• API - Plugin: The plugin widget iframe proxy now correctly deduplicates query parameters when the same value is present in both the widget configuration and the request

Improvements

• Organizations: Admins can now define regex-based naming convention rules per entity type (projects, environments, components, and credentials), with custom validation messages to guide users

• Dashboard: Recent Activity has been moved to the main Dashboard column, improving visibility and reducing the empty feeling on the dashboard

• StackForms: Read-only fields are now visually distinct from editable fields, making it easier to identify which inputs can be changed

• StackForms: Typing in large forms is now significantly faster, field suggestions are no longer re-fetched on every keystroke

• StackForms: New DateTime widget available for stack authors to collect date and time input from users

• API - Plugin: Query parameters from plugin requests are now correctly forwarded to the plugin backend, fixing API calls that failed when running plugins inside the Cycloid console

Fixes

• Events: Activity tabs (project, environment, env-component) no longer render blank after navigating between tabs in a project scope

• Credentials: Back arrow from credential details now consistently returns to the credentials list instead of an unrelated page

• Environments: Component list now updates immediately after a component is deleted, without requiring a page reload

• StackForms: Users are now kept on the StackForms step when a component configuration fails, instead of being incorrectly redirected to the component creation page

• StackForms: Autocomplete widget with a dynamic values_ref no longer displays duplicate values and now correctly applies the default selection

• StackForms: Autocomplete widget now correctly applies the default value on load when its dependency has already been resolved

• API - Inventory: Fixed an error that prevented the resource graph from loading for components using older Terraform state files

• Other: When the same error occurs repeatedly, it now collapses into a single alert instead of stacking multiple identical notifications

• Other: Fixed Docker image so nginx and the API run as non-root users with correct file ownership, resolving a permission denied crash on startup for self-hosted deployments

Improvements

• Dashboard: The FinOps and GreenOps modules are now hidden when no Cloud Cost Management account is configured, reducing confusion for organizations that haven't set up cost tracking yet

• Logs: Scrollbar on build log output is now always visible and can be dragged to quickly navigate long outputs

• API - Performance: Added tracing for form configuration fetches and increased the number of entities resolved in parallel, improving load times for large forms

• API - Plugin: The plugin manager can now be automatically registered from Cycloid, enabling full automation of the plugin setup via API

• API - Plugin: Added a new endpoint to fetch plugin deployment logs, making it easier to monitor and debug plugin installations

Fixes

• Members: Fixed an issue where inviting users to a full organization could fail. The permission check now correctly receives the invited emails before validating available seats

• Pipeline view: Fixed URL copy button incorrectly redirecting to an anchor link

• Roles: Fixed role cloning from the roles list page

• API - Invitations: Fixed an issue that occurred when inviting a new user to an organization that had already reached its member limit

Removed

• API - Quota: The Quota feature has been fully removed from the platform, codebase, and documentation

Improvements

• Authentication: OIDC provider settings now support uploading a custom CA certificate and skipping TLS verification. Useful for organizations using self-signed certificates

• User Interface: Error pages now preserve the original URL so users can retry access directly after permissions are granted, and the 403 page now provides clearer guidance

• Organizations: New users signing in via SSO will be guided to contact their administrator or wait for an invitation from the organization. This behaviour is controlled via the organization settings.
  

• Project: Fixed issue where deleting a project, environment, or component would fail with a 404 error if the original stack had been removed from Git. A new ignore_config_files_err flag allows deletions to proceed even when the stack config files are no longer available

• StackForms: Sections and groups now support an optional description field to provide users with additional context directly in the form

• StackForms: Read-only widget support. Values can now be displayed to users without allowing them to edit, useful for computed or immutable fields

• StackForms: Stack form values are now resolved in parallel to significantly speed up form loading for large forms

• API - Licence: Insufficient permissions caused by an invalid or expired licence now return a dedicated InvalidLicence error code, making it easier to identify and resolve licence issues

• API - Authentication: Added OIDC TLS configuration support on the API side, including custom CA certificate and skip TLS verification options

• API - Organizations: New users are prevented from creating their own organization when a root org already exists

• API - Service Catalog: Increased the maximum size of the readme field to support stacks with longer documentation

• API - StackForms: Read-only widget support, widgets can now be marked as read_only to display computed values without allowing user edits

• API - StackForms: Sections and groups now support an optional description field in the StackForms configuration

• API - StackForms: auto_complete widget with empty values_ref responses errors are handled gracefully now

• API - Workers: Added configuration options to customize the interval for background worker tasks

• Other: Version information is now included when copying a stacktrace, making it easier to report issues with the right context

Fixes

• Environments: Component update page no longer breaks when the current stack branch has been deleted

• Environments: Fixed an issue where the component configuration was re-fetched using a stale version ID after a stack version update

• Organizations: Organization on delete modal now shows updated data after creating a new org

• Organizations: Fixed an issue where navigating back in the browser would break context

• Project: Fixed icon selector in project settings

• Service Catalog: API errors during catalog repository refresh are now shown directly in the stack changes modal instead of only as a global alert

• Service Catalog: Component header version tag now updates immediately after applying a stack update

• StackForms: Condition validation errors in the StackForms editor are now displayed appropriately

• API - Components: Component configuration can now be retrieved using an updated version even when the previous version no longer exists on the remote

• API - StackForms: Fixed auto_complete widget validation when no predefined values are provided

• API - StackForms: Fixed URL encoding for values_ref endpoints. Variables containing spaces or special characters are now properly encoded

• API - Other: Fixed component update failing when the previous component version had been removed

• API - Other: Fixed an edge case where the stack use cases endpoint would fail with an empty version ID

Security

• API - Other: JWT hashing updated

Improvements

• Authentication: New option to enforce invite-only access for SSO. When enabled, only users who have been explicitly invited can log in.

• Authentication: Redirect /signup to /login when email authentication is disabled (OIDC-only mode)

• Service Catalog: Version management moved to the Configuration tab. Provides better visibility on available updates and out-of-sync components directly where you manage your stack

• Service Catalog: Disabled refresh versions for shared stacks from other organizations

• Project: Server-side pagination for projects, components, environments and pipelines. Project listing performance improved from ~28s to under 1s for very large organizations.

• Organizations: New Cycloid Special Variable parent_organization. Gives stacks and pipelines access to the parent organization context in multi-tenant setups

• Components: New ignore_config_files_err flag allows deleting components, environments and projects even when the original stack has been removed from Git

• StackForms: Improved error messages when a values_ref source returns an invalid payload or fails to respond

• API - Authentication: New configuration option to enable or disable automatic SSO enrollment

• API - Components: New flag ignore_config_files_err allows successful deletion of components even when config file removal fails

• API - Organizations: New Cycloid Special Variable parent_organization for accessing parent organization context

• API - Performance: Pagination introduced for pipelines, components and environments endpoints

• Other: Catalog repository creation now shows an alert clarifying branch selection for stack discovery

• Other: External analytics are now disabled for on-prem customers to avoid proxy authentication requirements

Fixes

• Authentication: Fixed a login loop when authenticating via SSO on certain browsers

• Authentication: Fixed an extra signup step appearing when signing up through OIDC

• Caching: Frontend upgrades now properly invalidate browser cache, preventing users from running outdated versions after a platform update

• Credentials: SSH key creation no longer fails when pasting keys into a hidden field

• Credentials: SSH keys are now fully visible when the reveal toggle is used

• Environments: Fixed version dropdown overlapping with other component rows in the environments list

• Organizations: Admin permissions now correctly preserved when navigating from a parent to a child organization

• Organizations: Fixed "Unknown error" tooltip for organizations with expired subscriptions

• Organizations: Organization settings sections now hide gracefully instead of showing 403 errors when the user lacks permissions

• Project: Restored component description editing on settings page

• Project: Project list now displays correctly for members with glob-filtered permissions

• StackForms: Editor preview now correctly reflects changes to the values property

• StackForms: Fallback to internal ID variable for resource lookup in widgets

• API - StackForms: Improved error messages when a values_ref source returns an invalid payload or fails to respond, making it easier to diagnose misconfigured remote value sources

• Other: Fixed misleading error when cloning components

Security

• Inventory: Improved access controls for inventory resource attributes, data restricted to organization administrators

Removed

• Service Catalog: Version selector removed from component settings. Version management has been moved to the Configuration tab for a more streamlined workflow

Improvements

• Authentication: New field to set email verification status when creating a user

• Pipeline view: The pipeline editor now opens in fullscreen automatically when entering edit mode, instead of showing in a small inline area

• Service Catalog: Errored stacks are now shown when refreshing a catalog repository, so you can see which stacks failed and why

• StackForms: Dropdowns with only one available option now auto-select it

• Project: Add query params to getComponentConfig endpoint

• Other: App version updates no longer force a logout

• User Interface: Removed the "-saas" suffix from version labels in the UI

• API - Service Catalog: New Cycloid Special Variables stackform_updated_by_user_username and stackform_updated_by_user_email — lets your stack know which user applied the last StackForm change, useful for audit trails or ticket automation

• API - StackForms: values_ref can now return a default value alongside the list of values. Defaults can also be given directly within conditional options, so you no longer need to duplicate conditions for values and defaults separately

• API - Other: Cyclobot AI configuration, exposes config for the Cycloid AI project via the /config endpoint. Disabled by default

• API - Other: New endpoints for fetching and deleting the subscription attached to an organization

• API - Pipeline: Editing a live pipeline no longer applies templating. Templating only runs during pipeline sync from git, using the provided YAML vars

• API - Service Catalog: Catalog refresh now processes each stack independently. If one stack has an error, the rest still refresh, errors are collected and returned in the response

• API - Service Catalog: You can now create new catalog repositories even if they contain invalid stacks. Valid stacks are imported and validation errors for invalid stacks are attached to the response

• API - Performance: Catalog repository version refresh is now faster thanks to increased worker concurrency

• API - Other: API responses can now contain multiple error details in a single response

• API - Other: Config repository branches no longer appear in the stack versions list

Fixes

• Authentication: Email field now pre-fills correctly when using an invitation link

• Credentials: Fixed an error when changing a credential's type (e.g. from custom to basic auth) that caused a backend parsing failure

• Dashboard: Fixed incorrect tooltip content when switching organizations via MSP to a child organization

• Pipeline: Editing a live pipeline no longer fails on save due to templating, live edits now skip templating entirely

• Project: Fixed an issue where creating two projects in a row left the Next button disabled

• StackForms: Fixed autocomplete widget clearing your input unexpectedly

• StackForms: Fixed dropdown widget showing no data on first validation or when changing a key

• StackForms: Default values now display correctly when the saved configuration is empty

• TerraCost: Cost estimation errors are now displayed on the console

• Other: Fixed visual regressions in stack preview panel, tabs and version table styling corrected

• API - Authentication: Direct OIDC login now works for children organizations

• API - Authentication: Incoming OIDC email addresses are now normalized to lowercase, preventing duplicate accounts or login failures from case mismatches

• API - Authentication: OIDC login now automatically accepts pending user invitations, users no longer need to be re-invited after signing in via OIDC for the first time

• API - Roles: Project Creator role now includes list and read permissions for cost accounts and service catalog

• API - StackForms: Fixed a crash when configuring a component with complex mapped values in StackForms

• API - Other: Fixed error handling so the protected or outermost error message is always returned correctly

• API - Other: HTTP requests that previously returned 500 for AlreadyConfigured, Exceeded, and Unavailable error codes now return the correct status codes

• API - Other: Cost estimation returns a user friendly error on invalid stack input

• API - Other: The scs_version parameter is no longer required on various API endpoints. If omitted, it now falls back to the SCS branch

Removed

• API - StackForms: Removed support for values_ref inside conditional options. This was undocumented and unused. Remote values via values_ref at the vars level still works

Security

• Authentication: Client secret in OIDC and GitHub settings is now write-only

• API - Authentication: client_secret is no longer returned by the /authentications endpoint when OIDC is configured.