What shipped.
All of it.

Every release ships something production-grade. No changelog filler. If it's here, it's callable today.

v0.3.1 April 15, 2026
Cloud provisioning + social login expansion
Added 2 new OAuth providers (Microsoft/Azure AD, Apple Sign In). Shipped public-facing security overview page and "Why Bastionary" page. Added passkeys documentation with full WebAuthn register/assert command surface. Demo data seeded across all admin pages.
  • New Microsoft / Azure AD OAuth2 — enterprise SSO for tenant-scoped organizations
  • New Apple Sign In — form_post callback, id_token JWT extraction, no password required
  • New bastionary.com/security — full security architecture overview page live
  • New bastionary.com/why — "replace 5 vendors" case with real cost comparison
  • Infra RS256/ES256/EdDSA JWT signing wired — asymmetric keys, JWKS endpoint published
  • Infra Architecture diagram embedded on homepage
v0.3.0 April 15, 2026
One-click cloud provisioning + public registration
Full cloud provisioning flow from zero: create account → wizard → get OIDC client + API key in under 3 minutes. Logout wired everywhere. Token persistence fixed across tabs.
  • New POST /api/provision/setup — creates OIDC client + API key + provisioned_apps record atomically
  • New 3-step provisioning wizard (bastionary.com/setup) — credential display with copy + code snippets
  • New Public account registration (/signup) + auto-login redirect to /setup
  • Security POST /api/auth/logout — server-side session revocation, clears both localStorage + sessionStorage
  • Security MFA check transaction isolation — prevents InFailedSQLTransactionError cascade
  • Infra enable_public_registration config flag — self-hosters can lock down signups
v0.2.2 April 10, 2026
Schema hardening + offline licensing
Production DB schema brought in sync with models. Offline RSA PSS license signing verified end-to-end. 10/10 critical endpoint smoke tests green.
  • Infra DB schema migration: users phone fields, license trial/pause/dunning fields, consent versioning
  • New LICENSE.RSA_SIGN + LICENSE.RSA_VERIFY — 2048-bit RSA PSS offline license validation
  • Perf 188 commands verified end-to-end, <250ms p95 on all critical paths
v0.2.0 March 15, 2026
The full stack — shipped
First production release. Auth, billing, licensing, and feature flags in one binary. Not an MVP — a complete platform.
  • New Full OIDC IdP — RFC 6749/7636 compliant, PKCE, PAR, DPoP, JWKS, well-known discovery
  • New SAML 2.0 IdP — SP-initiated SSO, JIT provisioning, attribute mapping, 6 commands
  • New Adaptive MFA risk engine — impossible travel, breach check, new device scoring
  • New SCIM 2.0 — user + group lifecycle sync from Okta, Azure AD, Google Workspace
  • New Fine-grained authorization — Zanzibar-style relation tuples, RBAC/ABAC in one system
  • New Stripe + Paddle + LemonSqueezy + PayPal + Mollie billing in one API
  • New Software licensing — SF-XXXX-XXXX-XXXX keys, seat counts, floating licenses, offline RSA activation
  • New 20 auth hook triggers with encrypted action secrets and webhook delivery
  • Security Append-only audit log with SHA-256 hash chain integrity — tamper-evident
  • Infra 341 commands, 55 admin pages, 6 language SDKs — one POST /api/v1/execute endpoint