ExoExo
Exo · EditorialEstablished 2026

The Exo Changelog.

A field journal of what shipped, what we walked back, and the engineering decisions behind both. Entries are dated, signed, and never silently revised.

  1. May 29, 2026
    Vol 1 · No 14
    Note

    Self-host deployment docs, end to end.

    The manual is now written for the operator who deploys Exo themselves. A new Deploy chapter leads with exo-install — the one binary that applies the CRDs, the Exo Operator, and the platform through your own kubectl — and covers manual manifests and the Helm chart, control-plane secrets (including the mandatory EXO_ENCRYPTION_KEY), Postgres, TLS/ingress, air-gapped image mirroring, and upgrades. The Exo Operator chapter gains pages on deploying the Exo Operator (namespace, RBAC, admission webhook) and connecting it in managed mode, and a new Resources & CRDs chapter documents the agentkube.io kinds — Agent and Tool — with worked YAML.

  2. May 28, 2026
    Vol 1 · No 13
    Release

    An interactive TUI for the CLI.

    exo tui (alias exo ui) opens a full-screen browser over your tenant — Agents, Tools, Deployments, Sandboxes, Integrations, Providers, Roles, Teams, and Skills. Press c on an agent or tool to connect straight from the list. The CLI's command surface is organised around two families: cluster resources (agent, tool) reached through your kubeconfig, and dashboard resources (deployment, session, audit, skill, role, idp, …) reached through the Exo API. Skills now sync to disk per runtime with exo skill sync.

  3. May 20, 2026
    Vol 1 · No 12
    Release

    Encryption at rest, Tools, and vendor integrations.

    Sensitive columns — integration credentials, tool permissions, session payloads — are now envelope-encrypted with a keyring rooted in EXO_ENCRYPTION_KEY, which the backend now requires at boot. Cluster Tools (database, SSH, HTTP bastions) get a first-class lifecycle with on-demand bastion pods and idle auto-pause. Slack, Jira, and Adaptive integrations ship.

  4. May 12, 2026
    Vol 1 · No 11
    Release

    SSO, SCIM, and the new identity model.

    SAML 2.0 and OIDC sign-in are now generally available. SCIM 2.0 provisions users and groups from your IdP; LDAP pull-sync covers on-prem AD. The two hardcoded roles are gone — replaced by a permission catalog, tenant-authored roles, custom permissions, and Teams that live alongside IdP-sourced Groups.

  5. May 4, 2026
    Vol 1 · No 10
    Release

    Code Sandboxes, sandbox keys, and OAuth Apps.

    A new execution primitive: author a sandbox once, invoke it from anywhere with a per-sandbox key or an OAuth client-credentials access token. Per-sandbox rate limit at 5 req/s with a burst of 20. Every invocation lands in the audit stream as a sandbox.invoked Event with full actor attribution.

  6. Apr 22, 2026
    Vol 1 · No 9
    Note

    On invocation as an API-only operation.

    We removed the "invoke" button from the dashboard. Production invocation belongs in code, not in clicks — the audit story is cleaner, the rate limits are easier to reason about, and the dashboard is freed up to be what it is best at: authoring and observation.

  7. Apr 14, 2026
    Vol 1 · No 8
    Release

    Provider gateways: Anthropic, OpenAI, Bedrock, Vertex, Gemini.

    Per-tenant LLM gateways behind a single Provider abstraction. Five auth modes for Claude including Workload Identity Federation for Bedrock and Vertex; one default-per-type so agents inherit the right gateway without per-agent config.

  8. Apr 3, 2026
    Vol 1 · No 7
    Release

    Watch-based delta emission in the Exo Operator.

    The Exo Operator now pushes resource changes within a second of the underlying event, replacing the 60-second snapshot cadence. The periodic snapshot stays as a backstop — a dropped delta is reconciled on the next tick.

  9. Mar 30, 2026
    Vol 1 · No 6
    Fix

    Shell channel: redaction before the wire.

    Terminal chunks are now redacted in the Exo Operator before they cross the WebSocket, not in the control plane after they arrive. Combined with the hash-chained SessionEvent stream, this means the control plane sees only redacted text and the chain integrity is verifiable end-to-end.

  10. Mar 15, 2026
    Vol 1 · No 5
    Release

    Events and Sessions, split.

    The unified audit log is now two streams: platform Events (logins, deployment changes, sandbox.invoked, role grants) and Session Recordings (per-session activity inside an agent). Same Event table under the hood, two filters in the UI. The split keeps "who did what" and "what happened in there" queryable separately.

  11. Mar 2, 2026
    Vol 1 · No 4
    Release

    The exo CLI is stable.

    Login, deployments, sandboxes, agents, sessions, events. Signed releases for macOS, Linux, and Windows. OS-keychain caching for the session JWT. Non-interactive auth via OAuth client credentials in CI.

  12. Feb 18, 2026
    Vol 1 · No 3
    Fix

    Deployment reconnect: last-writer-wins.

    A reconnecting Exo Operator replica no longer races with the existing connection. The control plane now evicts the older session immediately and emits a single DeploymentReconnected event, which the dashboard surfaces inline on the deployment row.

  13. Feb 4, 2026
    Vol 1 · No 2
    Release

    Exo Operator v1.0.

    The in-cluster connector goes 1.0. Outbound-only WebSocket, one token per deployment, leader election for HA, controller-runtime informers for change detection. The audit story, the shell channel, and the sandbox provider all ride on the same connection.