Skip to content

Ironflow v0.22.5

v0.22.5 completes the deny-only policy enforcement story started in v0.22.4, ships the public JS SDK mirror on npm with sigstore provenance, and expands the JS SDK documentation significantly.

  • Policy effect=allow rejected at write boundaries (#972) — Creating or updating a policy with effect: "allow" now returns HTTP 400 (policy_effect_allow_deprecated). Existing allow rows remain inert at eval but are marked deprecated in the dashboard. See the policy-allow-deprecation runbook for migration guidance.
  • Public JS SDK mirror (#976) — @ironflow/{core,browser,node,langgraph} are now published via the public sahina/ironflow-js mirror with sigstore keyless provenance on every release. npm repository links now resolve to a publicly verifiable Git SHA.
  • Discord waitlist notifications (#978) — Configure DISCORD_WAITLIST_WEBHOOK_URL on the marketing Cloudflare Worker to receive a rich embed whenever a new signup is added to the waitlist.
  • Dashboard: opening a legacy allow policy for edit no longer causes a TypeScript build failure — it coerces to deny on save (#977).
  • Navigation: cross-site Cloud↔Docs links now correctly set external: true, restoring target="_blank" rel="noopener" (#970).
  • JS SDK documentation (#975) — Comprehensive README audit across all four packages: @ironflow/core (+476 lines), @ironflow/node (+318 lines), @ironflow/langgraph (82 → 230 lines), and @ironflow/browser. New sections cover Agent Primitives, Secrets, Schema Registry, Webhooks, Time-Travel, and Paused State.