aiWare UI Updates
-
Added watchlist size limits (750,000 entries) to prevent mentions processing instability caused by oversized watchlists.
-
Updated Hub so that manifest and version updates only write new image hashes rather than resyncing the entire chart collection, with clearer UI messaging that these updates deploy only application binaries.
-
Updated the new-source step of the Data Center scheduled job wizard to prevent users from picking unsupported source types.
-
Fixed an issue where applications filed into multiple application groups could not be removed from a group when V2 Folder was enabled.
-
Fixed an issue that prevented granted packages from appearing in the Resource Center Discovery tab for instance admins.
aiWare API Updates
-
Added GET /api/admin/signup/org/config/:registrationSlug on core-admin-server so the desktop app can load registration config by slug, returning only public form metadata.
-
Added createdBy, ownedBy, and updatedBy fields to Sources, with DAL updates to populate them from the auth context and a backfill for existing rows.
-
Added Flyway migration to create and maintain media_source_type 24 (S3 v2) consistently across all environments.
-
Added requestClone and refreshClone mutations and paginated TDO mapping queries for Clone TDO, with full functional and OLP enforcement, promoting the prior POC to production.
-
Expanded the token returned by getSourceJWT to include folder read, create, update, and delete permissions so ingest operations can complete successfully.
-
Updated the Discovery policy package to accept JWT tokens for GraphQL operations, replacing the previous super-user ServiceUserClient.
-
Updated aidata-ingester-service to authenticate to GraphQL using a dedicated service token rather than a shared service user.
-
Fixed an internal server error when filing an AIWARE Desktop app into an application folder.
-
Fixed an OpenID Connect login failure affecting users whose usernames contained single quotes or other SQL reserved characters, and hardened the query to use parameterized variables.
-
Fixed a 502 Bad Gateway on GET /v1/admin/token/{token}/extend that prevented the Stay Signed In flow from refreshing session tokens.
-
Fixed an issue where createTDOWithAsset emitted the asset_upload event before full TDO initialization (metadata, content templates, RBAC, folder filing) completed, which could cause consumers to read partially initialized TDOs.
-
Fixed createOrgInvite so the mutation returns an error when provided an invalid authGroup, appId or roleId instead of silently succeeding.
-
Various security improvements.
aiWare Processing Updates
-
Added edge controller configuration support for aidata-ingester-service, matching the convention used by other core services, with required values populated in the dev, unstable, and stable charts.
-
Added asynchronous handling of deleteIngestSlugsForSource in core-eventing-server so that deleting ingest slugs by source ID executes in batches rather than as a single blocking operation.
-
Added org validation to the ai CLI package import flow so that the core-token must be associated with the provided org-id before packages are imported.
-
Updated realtime Automate so that Service (/process) and Always-Up Node-RED pods honor the AutomateNodeRedStudioDockerImage value from the edge controller database, overriding any image pinned on the flow revision.
-
Updated automate-app service route configuration to use valid service names and avoid apex domains so configurations load correctly from the edge controller in air-gapped clusters.
-
Updated task-insert-server to reach GraphQL through the in-cluster Kubernetes service rather than the public domain, fixing health reporting on clusters with custom domains whose DNS is not yet configured.
-
Fixed an issue where engine pods continued running indefinitely after the engine stopped sending heartbeats.
