Steadybase

Changelog

Version history and release notes for Steadybase.

Changelog

March 2026

v1.0.0 — Security Hardening Release

Released: March 4, 2026

Security

  • Added auth middleware on all API endpoints
  • Implemented JWT authentication with 24-hour token expiration
  • Randomized invite codes (removed default/guessable codes)
  • Added rate limiting: 300 req/15min global, 10 req/15min for auth
  • Restricted CORS to allowed origins only
  • Added security headers via Helmet (X-Frame-Options, HSTS, X-Content-Type-Options)
  • Required authentication for WebSocket connections
  • Implemented audit logging for security-relevant operations
  • Added per-user chat isolation
  • Added prompt injection defense in AI interactions
  • Configured nginx to block .git, .env, and node_modules paths
  • Hardened TLS to 1.2+ minimum
  • Moved VAPI key to server-side only (removed from REST API response)
  • Set file permissions to 600 on sensitive configuration files
  • Removed .env.backup file

Platform

  • 8 AI workers operational (Sarah AE, Mike BDR, Deal Desk, Content Writer, Call Scorer, Health Monitor, Forecast Engine, Onboarding Bot)
  • 6 Temporal workflows registered (Drew Coordinator, Client Onboarding, Lead Qualification, Content Generation, Ticket Resolution, Memory Store)
  • Hierarchical memory system with 4 scopes (org, team, worker, session)
  • Multi-LLM routing (Claude, GPT-4o, Gemini)
  • Drew Coordinator 9-step multi-agent orchestration
  • Human-in-the-loop approval gates
  • Cross-namespace Nexus calls (simulated)

API

  • Brain API (/api/brain) — Chat with Claude CLI
  • Workers API (/api/workers) — Worker management
  • Deals API (/api/deals) — Pipeline management with filtering
  • Memory API (/api/memory) — Hierarchical memory CRUD
  • Metrics API (/api/metrics) — Pipeline, token, consumption, and worker metrics
  • WebSocket server (/ws) — Real-time event streaming
  • Health check endpoint (/api/health)

Infrastructure

  • Deployed on AWS EC2 (t4g.medium, us-west-2)
  • PM2 process management with auto-restart
  • Nginx reverse proxy with Let's Encrypt TLS
  • Temporal Cloud connection via mTLS

Integrations

  • Temporal Cloud (durable workflow execution)
  • VAPI (voice call analysis)
  • Slack Bot (notifications)
  • iOS App (Capacitor)

Earlier History

OpenClaw Fork

Steadybase was forked from OpenClaw, an open-source AI chat application. The fork added:

  • Multi-agent architecture (8 workers + coordinator)
  • Temporal Cloud integration for durable workflows
  • Hierarchical durable memory system
  • Multi-LLM routing
  • GTM-specific features (deals, pipeline, forecasting)
  • Enterprise authentication and security controls

See The Fork Story for the full history.

Previous

Phase 4: Scale

Next

Changelog

On this page