AxonFlow v7.4.5 Release Notes
A platform patch release. Two org-identity propagation bugs on the MAP execution path are fixed. No new endpoints, SDK methods, or features. No breaking changes on the platform.
A coordinated SDK release train ships alongside this patch — Go v6.0.0 (major), Python v6.9.0, TypeScript v6.2.0, Java v6.2.0 — covered in SDK release train below.
Platform fixes
GET /api/v1/executions returned zero rows for newly-completed MAP plans
Plans executed via POST /api/request with request_type=execute-plan were recorded in the execution-tracking store with an empty org_id, while the read-side filter (driven by the authenticated org from Basic auth) required a non-empty match. Every MAP plan execution produced a row that was invisible to subsequent list calls.
The execution recorder now persists the same authenticated org used for filtering on read. Existing rows recorded against org_id="" remain invisible to scoped reads — this patch ships no backfill. New plans recorded after upgrade appear correctly.
Body-supplied identity could override the authenticated org/tenant on policy evaluation
executePlanHandler and planRequestHandler read identity from two surfaces on the same request: the X-Org-ID / X-Tenant-ID headers populated by the agent, and the req.Client["org_id"] / ["tenant_id"] fields read directly from the request body. A direct-orchestrator caller bypassing the agent could send a body with client.org_id set to a different value and have policy evaluation, plan storage, and replay tracking run against three different identities on the same request.
The headers are now authoritative across all three paths. A small helper overlays X-Org-ID / X-Tenant-ID onto both req.User.{OrgID,TenantID} and req.Client["org_id"] / ["tenant_id"] immediately after the auth gate. Behaviour:
| Request body | Headers | Result |
|---|---|---|
client.org_id = "other-org" | X-Org-ID: real-org | User.OrgID == "real-org", Client["org_id"] == "real-org" (header wins on both surfaces) |
client.org_id = "x" | header missing | unchanged (agent-flow callers, where header and body match, are unaffected) |
no body client | X-Org-ID: real-org | helper initializes the map and sets it |
Agent-fronted requests are not impacted in observable behaviour — the agent already set the body and header to matching values. The fix changes what happens for direct-orchestrator callers: a request can no longer be recorded under one org and policy-evaluated under another.
Bundled-example reliability sweep
Several examples/* directories that had silently drifted out of running shape now compile, run, and exit with a clear PASS/FAIL summary against a stock community-mode docker-compose stack. If you build against the bundled examples, see the v7.4.5 entry in the platform CHANGELOG.md for the per-example list.
SDK release train
Four SDK releases ship alongside this platform patch. Every SDK gains LLM-provider listing parity (listProviders / list_providers / listLLMProviders); the Go SDK additionally cuts a major to fix a long-standing wire-shape bug in SDKCompatibility. None of these are required for the platform fix above — agent-fronted callers run on whichever SDK they were running before.
| Surface | Version | Bump |
|---|---|---|
| Go SDK | v6.0.0 | major — module path moves to github.com/getaxonflow/axonflow-sdk-go/v6; SDKCompatibility.MinSDKVersion and RecommendedSDKVersion change from string to map[string]string; new MinSDKVersionFor("go") / RecommendedSDKVersionFor("go") helpers |
| TypeScript SDK | v6.2.0 | minor |
| Python SDK | v6.9.0 | minor |
| Java SDK | v6.2.0 | minor |
listProviders() across all four SDKs
Every SDK now exposes a method to list configured LLM providers and their per-provider health snapshot, calling GET /api/v1/llm-providers. Three callable shapes per SDK: the basic single-page method, a …Paged variant that returns one page plus PaginationMeta (page, page_size, total_items, total_pages), and a listAll… variant that walks every page (default page_size=100).
// Go
providers, err := client.ListProviders(ctx, &axonflow.ListProvidersOptions{Type: "openai"})
result, err := client.ListProvidersPaged(ctx, &axonflow.ListProvidersOptions{Page: 2, PageSize: 50})
enabled := true // ListProvidersOptions.Enabled is *bool, so take the address
all, err := client.ListAllProviders(ctx, &axonflow.ListProvidersOptions{Enabled: &enabled})
// TypeScript
const providers = await client.listProviders({ type: 'openai' });
const page = await client.listProvidersPaged({ page: 2, page_size: 50 });
const all = await client.listAllProviders({ enabled: true });
# Python — provider_type is the kwarg ("type" would shadow the builtin)
providers = client.list_providers(provider_type="openai")
page = client.list_providers_paged(page=2, page_size=50)
all_p = client.list_all_providers(enabled=True)
// Java
List<LLMProvider> providers = client.listLLMProviders("openai", null, null, null);
LLMProviderListResponse page = client.listLLMProvidersPaged("openai", null, 2, 50);
List<LLMProvider> all = client.listAllLLMProviders("openai", true);
Six new fields on LLMProvider
The platform has emitted these on GET /api/v1/llm-providers for some time, but the SDK type definitions silently dropped them. The v7.4.5 SDK release surfaces all six:
| Field | Type | Description |
|---|---|---|
endpoint | string | Configured provider endpoint URL |
model | string | Default model identifier |
region | string | Provider region (where applicable) |
rate_limit | integer | Configured rate limit per minute (0 = unlimited) |
timeout_seconds | integer | Per-request timeout |
settings | object | Provider-specific configuration (free-form key/value) |
Older platforms return zero values; SDK callers should treat absence as "platform did not populate the field" rather than an error.
Go SDK v6.0.0 — SDKCompatibility wire-shape fix (BREAKING)
SDKCompatibility.MinSDKVersion and RecommendedSDKVersion move from string to map[string]string, matching the actual on-the-wire shape the platform /health endpoint has been returning since v4.8.0. The previous string type silently unmarshalled the JSON object to an empty string, which made the Go SDK version-mismatch warning a no-op.
Two new helpers replace the previous direct field reads. Fetch the full health response via HealthCheckDetailed() and read the per-language entry from the embedded SDKCompat:
health, err := client.HealthCheckDetailed()
if err != nil {
log.Fatalf("health check failed: %v", err)
}
minVer := health.SDKCompat.MinSDKVersionFor("go") // e.g. "5.0.0"
recVer := health.SDKCompat.RecommendedSDKVersionFor("go") // e.g. "6.0.0"
If you currently read SDKCompatibility.MinSDKVersion or RecommendedSDKVersion directly as a string, switch to the per-language helpers. This aligns Go with the existing TypeScript and Java SDK shapes; Python ships the same shape on v6.9.0.
Go SDK module path: /v6
Per Go module conventions, the major bump moves the module path:
# Before (v5.x — still works for users staying on v5.x)
go get github.com/getaxonflow/axonflow-sdk-go/v5
# After (v6.0.0+)
go get github.com/getaxonflow/axonflow-sdk-go/v6
Update import statements:
import "github.com/getaxonflow/axonflow-sdk-go/v6"
The v5.x line continues to receive security patches; new feature work lands on v6.x.
Sandbox() endpoint default — Go and TypeScript
The decommissioned staging-eu.getaxonflow.com (torn down 2026-04-09) is no longer the default endpoint for the SDK Sandbox() helper. The Go and TypeScript SDKs now default to http://localhost:8080. Production callers who pass an explicit endpoint via NewClient / new AxonFlow({ endpoint }) are unaffected.
If you were relying on the implicit Sandbox() default to reach a hosted environment, switch to passing an explicit endpoint:
client := axonflow.NewClient(axonflow.AxonFlowConfig{
Endpoint: "https://try.getaxonflow.com",
// ...
})
Operators
platform/{agent,orchestrator}/capabilities.go advertises the v7.4.5 release-train SDK versions as recommended_sdk_version:
{
"min_sdk_version": {"go": "5.0.0", "python": "6.0.0", "typescript": "5.0.0", "java": "5.0.0"},
"recommended_sdk_version": {"go": "6.0.0", "python": "6.9.0", "typescript": "6.2.0", "java": "6.2.0"}
}
The min_sdk_version floor is unchanged — older SDKs continue to work. The recommended_sdk_version bump is what the SDK-side "below recommended" warning checks against; users on the v7.4.4-train SDKs will see the warning until they upgrade.
Upgrade checklist
- Operators on
/api/v1/executions: new MAP plan executions now appear in list responses on agent-fronted reads. Existing rows keeporg_id=""and remain invisible to scoped reads — no backfill is shipped with this patch. - Operators with direct-orchestrator callers: any caller that bypasses the agent and supplies
client.org_id/client.tenant_idin the request body should be aware that those fields are no longer authoritative when anX-Org-ID/X-Tenant-IDheader is present. Agent-fronted callers are unaffected because the agent already set body and header to matching values. - Go SDK users (optional, but recommended): update import paths from
axonflow-sdk-go/v5toaxonflow-sdk-go/v6. If you readSDKCompatibility.MinSDKVersionorRecommendedSDKVersionasstring, switch toMinSDKVersionFor("go")/RecommendedSDKVersionFor("go"). The v5.x line continues to receive security patches, so this is not forced by the platform fix. - Python / TypeScript / Java SDK users (optional): additive minor bumps. Bump the package version; no code changes required to keep working.
- Sandbox users: if you relied on the implicit
Sandbox()default to reachstaging-eu.getaxonflow.com, that hostname has been decommissioned since 2026-04-09. Pass an explicitEndpoint.
SDK and plugin compatibility
| Surface | Minimum | Recommended |
|---|---|---|
| Go SDK | v5.0.0 (v5.x line still patched) | v6.0.0 |
| Python SDK | v6.0.0 | v6.9.0 |
| TypeScript SDK | v5.0.0 | v6.2.0 |
| Java SDK | v5.0.0 | v6.2.0 |
| OpenClaw plugin | v1.3.2 | v1.3.2 |
| Claude Code / Cursor plugins | v0.5.2 | v0.5.2 |
| Codex plugin | v0.4.2 | v0.4.2 |
Related
- SDK Version Compatibility — the full compatibility matrix and upgrade procedures
- Go SDK Getting Started — updated for the v6 module path
- Authentication — SDK installation snippets
