Releases

Changelog

A running history of Flowcerta platform changes, parser coverage updates, rule additions, and customer-visible release notes.

v0.8May 2026Routing & Free Scan
  • Workflow Review unified routing — every operator entry point (upload handoff, validation banners, findings, overview hotspots, portfolio drilldowns, compliance per-control workflows) now routes into the same Workflow Review queue.
  • Power Automate analyzer expansion — three new detectors landed: PA-002 (hardcoded credentials in action inputs), PA-003 (HTTP actions with retries disabled), PA-004 (unbounded Do Until loops).
  • Free scanner email gate — anonymous /scan results now show top findings free and gate the rest behind an email submit. Every scan produces a shareable read-only report URL.
  • CI smoke test — Playwright app-shell smoke now runs on every pull request, with chromium auto-installed in CI.
v0.7May 2026Operator Visibility
  • Inventory operations — per-row validation history drawer, regression count stat card, and a tunable stale-threshold and needs-review score per org.
  • Validation feed signals — non-regression diffs, blocking-finding markers, applied policy summary (overridden and exempted rule IDs), and inline rule playbook links.
  • Ingest diagnostics — recent failed ingest jobs surface on the validations page; GET /api/v1/jobs/{id} returns the failure reason.
  • UiPath crosswalk reconciliation — every UiPath 2024.10 rule classified against the catalog; reconciliation report surfaces name drift between the catalog and upstream.
  • Two new UiPath detectors — FC-UIP-PMG-001 (duplicate activity IDs) and FC-UIP-ARG-003 (undefined output property).
  • Empty states clarified — every dashboard page explains what the empty state means in context rather than rendering a bare placeholder.
  • Live UiPath rule refresh tool — refreshes the published rule docs from upstream on a seven-day cache.
v0.6April 2026Provenance & Pipelines
  • Pipeline context preservation — validation records now keep repository, branch, commit, run, and Power Platform deployment context end to end (Migration 036).
  • Weekly digest composer and scheduler — opt-in weekly summary emails for governance activity.
  • Orchestrator connections scaffolding — opt-in connector slot for UiPath Orchestrator and AA Control Room (Migration 034 foundation for proactive scan-on-publish).
  • Detector explainability — every RiskFlag carries SourceXPath and SourceLineNumber so "why did this fire?" lands at the source.
  • CLI explain subcommand — debug rule decisions with full provenance and detector narratives.
  • GitHub Actions annotations — CLI emits inline GitHub Actions annotations for findings in CI logs.
  • Validation source provenance — the dashboard shows where each validation was submitted from (CI, manual upload, API key).
  • Bundled rule catalog — the dashboard reads rule metadata from a generated catalog so toggles, playbooks, and policy packs stay in sync.
v0.5April 2026Governance Workflow
  • Validation ownership — assign a named owner to any validation result from the detail view.
  • Finding dispositions — mark findings as Will Fix, Acknowledge, or Request Exception without leaving the results view.
  • Risk exception approval workflow — managers can approve or reject exceptions with a written rejection reason captured in the record.
  • Regression detection — change impact diff now surfaces severity changes and waiver changes across repeat validations of the same workflow.
v0.4March 2026Policy Packs
  • Policy pack environment profiles — configure per-environment rule overrides (dev/test/prod) without hand-editing JSON.
  • Validation evidence export — copy a handoff-ready evidence summary from any validation detail for audit and review use.
  • CI/CD source filtering — filter the Validations feed by source to see only pipeline-submitted runs.
  • Validation finding actions — link directly from a finding to the published rule playbook and re-validation shortcut.
v0.3March 2026Compliance & Teams
  • Compliance mapping pipeline — each finding now maps to applicable controls in ISO 27001, SOC 2 Type II, GDPR, and NIST CSF.
  • Rule playbook links — findings for seeded rules link directly to published remediation guidance.
  • Team collaboration — assign reviewers, track approval state, and view org-scoped review history on Pro and Enterprise plans.
  • Policy pack rule management — custom rulesets with per-rule severity, enforcement mode, and exemption controls.
v0.2February 2026API & Integrations
  • Validation API — POST /api/v1/validate accepts multipart workflow files and returns a structured score, findings, and blocking status.
  • GitHub Actions integration — drop-in CI step with enforcement_mode=blocking support.
  • Azure DevOps support — CmdLine@2 task example with Build.DefinitionName and Build.BuildNumber pipeline labels.
  • API key management — create and revoke keys with scoped permissions from the Team panel.