Org in a Box
Changelog

Changelog

What's new in each release of Org in a Box.

This changelog tracks the local-demo build in this checkout first. Items that describe Azure sandbox pools or staged production promotion are still preview/experimental unless explicitly called out as part of the checked-in deployment path.

v1.1.1 — 2026-04-21

Added

  • Harness routes on the HTTP server, plus a refactored chat input that surfaces harness-specific agents and models.

Changed

  • Docs site branding and deployment notes refreshed to match the current Azure topology.
  • Email sender now fails softly on invalid ACS connection strings and the sidebar component conditionally renders per-path actions.

v1.1.0 — 2026-04-20

Added

  • Platform / customer Entra app registration split. Runtime now resolves two distinct client/tenant ID pairs — AZURE_PLATFORM_* for internal platform admins and AZURE_* for customer SSO — with the platform values falling back to the customer reg for single-app dev setups. Infra (infra/main.bicep, modules/container-apps.bicep) pipes the new IDs through to Container Apps, and .env.example / docker-compose.yml surface them locally.
  • Platform provisioning schema + routes. New platform_admins, tenant_admin_invites, tenant_domains, tenant_allowed_groups, and tenant_setup_state tables; POST /v1/platform/* routes for platform auth handoff, invite delivery, tenant provisioning, and admin claim. First customer admin is now created via invite claim instead of implicit first-login.
  • ACS Email invite delivery. Platform invites are delivered through Azure Communication Services Email; the connection string and sender address are sealed in Key Vault and read by oiab-api at boot. Invite base URL is optional and falls back to the root template.
  • Gateway tenant scoping. Gateway, paired-user, and CLI commands now enforce tenant-scoping end-to-end. Single-tenant installs continue to work via a default tenant seed.
  • Web workspace redesign. Full dark-glass redesign of the dashboard, chat session, sidebars, and command palette (⌘K / ⌘J). Includes MarkdownRenderer with Shiki code highlighting, ToolCallCard + animated thinking/streaming indicators, glass input + template grid, drag-drop multipart upload, and a live tool-activity panel in the right sidebar.
  • TriggersPage, SecretsManager, GatewaysPage in the web workspace, backed by new /v1/agent-profiles, /v1/policies, /v1/agent-groups REST routes.
  • platform-web (internal admin) and tenant-web (customer admin) Next.js 16 apps, currently compose-only.
  • TUI: live tool calls, markdown rendering, and input history. opencode tool-call parts render inline with status/args/results; assistant output is formatted as Obsidian-flavoured markdown; the status bar shows live cumulative token counts + session id; and zsh-style up/down input history is persisted per session.
  • Onboarding: secure tenant admin claim + setup routes gated on provisioning_status and hardened access rules. Tenant admin setup is now the canonical first-admin entry point.

Changed

  • Web, platform-web, tenant-web, and docs all upgraded in lockstep to Next 16.2.4 + React 19.2.5; docs also moves to Fumadocs UI / core 16.8.1 and fumadocs-mdx 14.3.1. Turbopack is now the default dev and build pipeline. Root layouts set data-scroll-behavior="smooth"; useSearchParams() call sites are wrapped in <Suspense> to satisfy Next 16's prerender.
  • Customer auth gate hardened: customer JWTs must resolve to an existing tenant mapping — unmapped tenants now get 403 tenant_not_provisioned instead of a silent wildcard tenant.
  • /agents page and Templates nav removed from the customer web app; first-admin onboarding now routes through tenant admin.
  • Provider updates now stage a runtime bundle first; bun orginabox runtime apply promotes the staged bundle and reloads the sandbox runtime.
  • Session turns now fail closed when no applied runtime default model exists, instead of silently falling back to sandbox defaults.
  • Local anonymous/demo mode now scopes recent sessions to the operator user instead of listing every row in sessions_index.
  • Browser-owned sessions now stay visible when the same browser switches between anonymous demo mode and authenticated mode.
  • Sessions created from templates now snapshot the template prompt/model behavior so later template edits do not change existing sessions.
  • Session-specific routes now require ownership of the indexed session before reading transcripts, streaming events, answering permissions, deleting, or queueing new turns.
  • Browser onboarding now treats gateway pairing as optional for web chat, exposes runtime apply permissions in the UI, and preserves the first draft if dashboard-to-chat prompt bootstrapping fails.
  • Settings now includes a provider manager so the active provider can be switched from the browser instead of CLI-only flows.
  • Provider mutation routes now follow the same owner/admin boundary as runtime apply in signed-in workspaces instead of letting any authenticated user rewrite the staged runtime.
  • Azure deploy docs and workflow now require a real PostgreSQL admin password secret and the local contributor compose flow no longer needs a separate API profile.
  • Azure web builds now fail fast when environment-specific public URLs are missing, and the Key Vault PostgreSQL URL secret now URI-encodes credentials before publishing it.
  • Manual Azure workflow runs now wait for optional Bicep infra deployment before updating Container Apps.
  • Demo docs now cover the local startup path, runtime activation, and chat/provider troubleshooting.
  • Azure docs now reflect the preview sandbox Container App, shared runtime volume, and the remaining “provisioned but not yet live-validated” boundary.

v1.0.0 — 2026-04-20

New Features

Dispatch & Sandbox Pool

  • Orchestrator agent classifies tasks and routes to the right execution environment via the dispatch opencode tool — no hard-coded rules, fully LLM-driven with pool availability fallback
  • Five dispatch modes: local, remote, team_single_vm, team_multi_vm, user_pc
  • ACA sandbox pool: warm pool of Azure Container Apps instances (auto-provisioned, health-checked, autoscaled by queue depth)
  • Pool manager: SELECT FOR UPDATE SKIP LOCKED claim/release, orphan recovery on boot, 4 background loops (replenish, health-check, idle-recycle, autoscale)
  • dispatch-execute and dispatch-synthesize job handlers
  • plugin-dispatch: dispatch + await_dispatch opencode tools
  • Result delivery via agent-tunnel result.submit protocol → Postgres NOTIFY → session injection
  • Audit trail in dispatch_decisions table

Agent Teams (plugin-team)

  • Full OpenCode-compatible team coordination system
  • JSONL append-only inbox (O(1) writes) with auto-wake delivery — no polling
  • Fire-and-forget spawn: lead continues working; teammates auto-wake lead on reply
  • Peer-to-peer messaging: any member can message any other directly
  • Two-level state machines: MemberStatus (5 states) + ExecutionStatus (9 states) with validated transitions
  • Sub-agent isolation: helpers spawned by team members cannot access team tools
  • Crash recovery: interrupted teammates marked ready, lead injected with resume notice — no auto-restart
  • 9 team tools: team_create, team_spawn, team_message, team_broadcast, team_tasks, team_claim, team_approve_plan, team_shutdown, team_cleanup

Agent-Tunnel Protocol Extension

  • New result.submit message type: sandbox VMs send structured results back through the tunnel
  • HMAC-signed, replay-protected, validated against sandbox claim status
  • createResultReporter capability for use inside sandbox opencode sessions

v0.9.0 — 2026-04-18

New Features

Multi-Task Orchestrator

  • plan_tasks and plan_status tools exposed to all agents
  • LLM-driven task decomposition into parallel sub-tasks with dependency graph
  • Job handlers: orchestrator-plan, orchestrator-subtask, orchestrator-synthesize
  • REST API: POST /v1/orchestrate, GET /v1/orchestrate/:planId
  • TUI: /orchestrate and /plan-status commands

Learning Loop (Self-Improving Agents)

  • plugin-reflection fires after every session — generates trajectory hash + LLM reflection
  • Auto-proposes skills when ≥3 similar trajectories detected (cosine similarity > 0.8, tool overlap ≥70%)
  • Skill lifecycle: proposed → promoted → deprecated
  • REST API: GET /v1/skills, PATCH /v1/skills/:id/promote|deprecate
  • TUI: /skills command

Browser Automation

  • plugin-browser with 6 tools: browser_navigate, browser_click, browser_type, browser_snapshot, browser_screenshot, browser_scroll
  • Accessibility-tree snapshots (~100× cheaper than screenshots)
  • Lazy Chromium singleton; noVNC at :6080 for visual debugging

Azure Deployment

  • packages/core/Dockerfile — multi-stage Bun image for API + worker
  • Bicep IaC modules: ACR, Key Vault, Log Analytics, App Insights, PostgreSQL Flexible Server (pgvector), Container Apps
  • KeyringProvider abstraction: FileKeyring (local) + AzureKeyVaultKeyring (production)
  • .github/workflows/deploy-azure.yml — test → build → staging → manual gate → prod
  • Parameter files: dev / staging / prod

Semantic Memory

  • pgvector cosine search replaces recency-only recall
  • Last user message cached by chat.message hook; embedded before system.transform
  • buildEmbedderFromEnv() in @orginabox/shared — prefers Azure OpenAI, falls back to OpenAI
  • embed-memories job handler for backfilling NULL embeddings
  • 2000-token budget with <memory-context> block wrapping

Agent Templates

  • 8 bundled templates seeded on first boot: Executive Assistant, Research Analyst, IT Help Desk, Content Writer, Code Reviewer, Data Engineer, Project Manager, Security Analyst
  • Idempotent seeding — won't re-create if already present
  • TUI: /template list, /template use <slug>

TUI Polish

  • Status bar showing session ID, model, token count, cost, tenant slug
  • Fuzzy slash-command search (subsequence matching)
  • 7 new commands: /orchestrate, /plan-status, /template, /skills, /login, /audit, /memories
  • /login — Azure device code flow for terminal auth

v0.8.0 — 2026-03-15

New Features

Additional Gateways

  • Slack gateway (Socket Mode + Block Kit)
  • Discord gateway (discord.js v14, DMs + @mentions)
  • Email gateway (IMAP polling + SMTP sending, thread continuity via References header)
  • SETUP.md for each gateway

Multi-Tenancy

  • tenants, roles, user_roles, entra_sessions, agent_templates tables
  • users extended: tenant_id, email, display_name, entra_object_id
  • All tables scoped by tenant_id; NULL = legacy single-operator mode

RBAC

  • 4 system roles: owner / admin / member / viewer
  • RbacPermissions typed JSONB schema
  • resolveUserPermissions(), seedSystemRoles(), per-action helpers
  • Azure AD group → role mapping via tenants.settings.groupRoleMapping

Azure AD SSO

  • PKCE auth flow (auth/entra.ts)
  • HMAC-SHA256 JWTs: 15min access / 7day refresh
  • Auth middleware with JWT → API key fallback
  • Find-or-create tenant + user on first SSO login

REST API Expansion

  • Route modules: auth, sessions, memories, templates, admin, orchestrate, skills
  • SSE proxy for session event streaming

Web Dashboard

  • Next.js 15 + React 19 + Tailwind v4
  • Chat, Memories, Admin pages with Playwright tests

Audit Logging

  • Write-behind buffer (1s / 64-entry flush)
  • SOC 2 action categories with 1–2 year retention tiers
  • Filterable REST API: GET /v1/admin/audit-log

Embeddings

  • EmbeddingProvider interface in @orginabox/shared
  • createOpenAIEmbedder + createAzureOpenAIEmbedder + buildEmbedderFromEnv

Migration

  • 0002_multi_tenancy.sql — idempotent DDL for all enterprise tables

v0.7.0 — 2026-02-01

New Features

  • PostgreSQL job queue with LISTEN/NOTIFY wakeup and SELECT FOR UPDATE SKIP LOCKED
  • agent-turn job handler — opencode promptAsync + SSE streaming
  • analytics-write job handler — usage events with per-request idempotency
  • Plugin system: plugin-memory, plugin-permissions, plugin-analytics, plugin-session-search, plugin-subagent, plugin-tunnel-tools, plugin-host-tools, plugin-skill-autowrite
  • Telegram gateway
  • iMessage gateway (BlueBubbles)
  • Microsoft Teams gateway
  • Docker sandbox (Ubuntu 24.04 + Xvfb + noVNC + opencode)
  • TUI: oiab chat with OpenTUI alternate-screen layout
  • pgvector schema: memories table with 1536-dim embedding column
  • AES-256-GCM keyring for secret encryption

v0.1.0 — 2026-01-15

  • Initial release: single-operator mode with opencode sandbox + Postgres

Prompt Tips

Writing prompts that get great results from enterprise agents.

On this page

v1.1.1 — 2026-04-21AddedChangedv1.1.0 — 2026-04-20AddedChangedv1.0.0 — 2026-04-20New Featuresv0.9.0 — 2026-04-18New Featuresv0.8.0 — 2026-03-15New Featuresv0.7.0 — 2026-02-01New Featuresv0.1.0 — 2026-01-15