AxonFlow v8.1.0 Release Notes

Released 2026-05-23. Two additive features ship under the v8.1.0 platform tag: HITL outbound webhook callbacks and HTTP Idempotency-Key deduplication. No breaking changes.

What changed in v8.1.0

HITL outbound webhook callback (`notify_url`)

POST /api/v1/hitl/queue now accepts an optional notify_url field. When set, the platform fires a signed HTTP POST to that URL after the HITL row reaches a terminal state (approved, rejected, overridden, or expired).

Webhook envelope payload:

Field	Description
`approval_id`	Unique identifier for the HITL request
`status`	Terminal status: `approved`, `rejected`, `overridden`, `expired`
`decided_by`	Identity of the approver (or `system` for expiration)
`decided_at`	ISO 8601 timestamp of the decision
`original_query`	The original query submitted for approval
`request_type`	HITL request type (e.g. `tool_call`, `query`)
`severity`	Severity level of the original request
`decision_envelope`	Full decision metadata including any reviewer notes

Signature verification: The webhook POST includes an X-AxonFlow-Signature: sha256=<hex> header. The signature is HMAC-SHA256 over the raw request body, keyed by the value of AXONFLOW_HITL_WEBHOOK_SIGNING_KEY. Verify the signature before processing the payload.

Delivery behavior: Delivery is asynchronous. Failed deliveries retry at 5s, 30s, and 5m intervals. Each attempt is logged.

HTTP `Idempotency-Key` header deduplication

Three endpoints now consume the Idempotency-Key request header and deduplicate retries within a 24-hour window:

POST /api/v1/mcp/check-input
POST /api/v1/audit/tool-call
POST /api/v1/hitl/queue

A retry with the same key within 24 hours returns the cached response with an Idempotent-Replayed: true header. Successful (2xx) and client-error (4xx) responses are cached; server errors (5xx) are not cached so the request can be retried.

Key format: validated against ^[A-Za-z0-9_.:\-/]+$, maximum 256 characters. Cross-tenant isolation is enforced — the same key used by different tenants produces independent results.

HITL feature map

GET /api/v1/hitl/status now advertises notify_url: true and idempotency_key: true in its feature map, allowing SDK clients to discover these capabilities at runtime.

What's fixed

HITL stale-request expiration under FORCE RLS. The background expiration sweep for stale HITL requests now runs correctly under FORCE Row-Level Security. Previously, the sweep silently matched zero rows when the agent connected as axonflow_app_role — a sister bug to the heartbeat path fixed in v8.0.0.

Configuration

Env var	Required	Description
`AXONFLOW_HITL_WEBHOOK_SIGNING_KEY`	To enable webhooks	HMAC-SHA256 signing key for outbound webhook payloads. When unset, webhook deliveries are logged as `DROP`.

Schema changes

Migration 114: adds notify_url TEXT NULL column to hitl_approval_queue.
Migration 115: creates idempotency_keys table with FORCE Row-Level Security enabled. Composite primary key on (key, tenant_id, endpoint).

What's NOT changed

SDK floor: Python / TypeScript / Go / Java now ship at v8.2.0; Rust preview at v0.4.0. Previous SDK versions (v8.1.0 / v0.3.1) keep working.
Plugin floor: claude / cursor / codex at v1.5.0; openclaw at v2.5.0. Unchanged from v8.0.0.
Compatibility: every v7.x / v8.0.x client keeps working.

Upgrade notes

Self-hosted Community (Docker / `docker compose up`)

Pull the v8.1.0 image and apply the two new migrations (114 + 115). To enable HITL webhooks, set AXONFLOW_HITL_WEBHOOK_SIGNING_KEY in your environment. When unset, the webhook feature is inactive and deliveries are logged as DROP.

In-VPC Enterprise

No preflight required for v8.0.x to v8.1.0. Existing licenses, credentials, and DSN secrets keep working.

Community-SaaS users

No action required.

SDK users

Upgrade to v8.2.0 (Python / TypeScript / Go / Java) or Rust v0.4.0 when released. The v8.2.0 SDKs add the create_hitl_request() helper for programmatic HITL queue submission. Existing v8.1.0 SDK callers keep working.

Plugin users

No action required. Existing plugins keep working.

Companion SDK release

SDK	Version	What's new
Python	v8.2.0	`create_hitl_request()` helper for programmatic HITL queue submission
TypeScript	v8.2.0	`createHitlRequest()` helper
Go	v8.2.0	`CreateHITLRequest()` helper
Java	v8.2.0	`createHitlRequest()` helper
Rust	v0.4.0	Full HITL surface including `create_hitl_request()`

Migration resources

v8.0.0 Release Notes — the headline v8 release with FORCE RLS and application-role default flip.
v7 → v8 Migration Guide — deployment-shape decision tree and simple-path community upgrade.

What changed in v8.1.0​

HITL outbound webhook callback (notify_url)​

HTTP Idempotency-Key header deduplication​

HITL feature map​

What's fixed​

Configuration​

Schema changes​

What's NOT changed​

Upgrade notes​

Self-hosted Community (Docker / docker compose up)​

In-VPC Enterprise​

Community-SaaS users​

SDK users​

Plugin users​

Companion SDK release​

Migration resources​