AxonFlow v8.5.0 Release Notes

Released 2026-05-30. Decision Mode gains request-context propagation and durable audit persistence, OJK compliance gains an explicit UU PDP Pasal 56(b) transfer-basis tag plus a wired cross-border-transfers export, and all six platform images now ship for both linux/amd64 and linux/arm64. No breaking changes. The paired SDK release moves Go, Python, TypeScript, and Java to v8.4.0 and Rust to v0.6.0 (SDK and platform versions are independent — they each follow their own semver).

Headline: Decision Mode carries context — and now writes a durable audit row

Decision Mode (POST /api/v1/decide) is the Policy Decision Point / Policy Enforcement Point pattern for AI governance: an infrastructure gateway (the PEP) asks AxonFlow (the PDP) for a verdict before forwarding traffic. v8.5.0 adds two things regulated deployments asked for: caller-supplied context that rides with the decision, and a durable audit row for every decision.

Request context propagation

A decision request can now include an optional top-level context object — arbitrary key/value metadata the calling gateway already knows (tenant tier, region, feature flag, upstream route) that you want attached to the decision for audit and correlation.

curl -X POST http://localhost:8080/api/v1/decide \
  -H "Content-Type: application/json" \
  -d '{
    "stage": "llm",
    "caller_identity": { "gateway_id": "checkout-gateway", "tenant_id": "acme" },
    "target": { "type": "llm", "model": "gpt-4o-mini", "provider": "openai" },
    "query": "Summarize this invoice",
    "context": {
      "tenant_tier": "enterprise",
      "region": "id-jakarta",
      "feature_flag": "decision-mode-ga"
    }
  }'

How the context is handled:

Allowlisted. Only keys in the configured allowlist are retained — unknown keys are dropped, so a noisy caller can't bloat the audit trail.
Canonicalized and capped. Each value is canonicalized and capped at 256 bytes; at most 10 keys are retained per request.
Truncation flag. When either cap trims the payload, the decision sets a truncation flag so downstream consumers know the stored context is partial — context_truncated in the audit row, request.context.truncated on the trace span.
Trace attributes. Allowed keys are emitted as OTel span attributes under request.context.<key>, so you can filter and group decision spans by tenant, region, or flag in your trace backend.

Configure the allowlist with the AXONFLOW_DECISION_CONTEXT_ALLOWLIST environment variable (comma-separated key names). When unset, a sensible default key set ships out of the box.

Decisions now persist to the audit trail

Before v8.5.0, POST /api/v1/decide emitted only an OpenTelemetry span. Deployments that had not wired an OTel backend saw GET /api/v1/decisions return empty even after live traffic. v8.5.0 writes a best-effort audit row for every decision, so the decision history is queryable with no observability stack required.

GET /api/v1/decisions lists decisions and surfaces a 5-key truncated view of each decision's context.
The explain endpoint returns the full context plus a context_truncated flag.
The propagated context is stored under policy_details->'context'.

OpenAI-compatible gateway callers (POST /v1/chat/completions) continue to use the llm_call_audits table unchanged.

UU PDP Pasal 56(b) transfer-basis tag

Indonesia's UU PDP (Law No. 27/2022) governs cross-border personal-data transfers. Article 56 enumerates the lawful bases; Pasal 56(b) covers transfers governed by an explicit Data Protection Agreement between controller and recipient.

Cross-border transfer records can now carry an explicit transfer_basis = "pasal_56b_dpa" value alongside the existing safeguards field:

{
  "data_type": "personal_financial",
  "destination_country": "SG",
  "transfer_basis": "pasal_56b_dpa",
  "safeguards": ["standard_contractual_clauses", "encryption_in_transit"]
}

The tag is backward-compatible — existing records without it are unaffected — and is never auto-translated from another basis. It records what the operator explicitly asserted. The accepted set of transfer bases is validated server-side.

OJK cross-border transfers export

The OJK audit export (POST /api/v1/ojk/audit/export) supports a cross_border_transfers data type for regulators who require a dedicated cross-border ledger. In prior releases that data type was declared but its query path returned empty. v8.5.0 ships the missing query — org-scoped and parameterized — so the export returns the logged cross-border transfer records:

curl -X POST http://localhost:8081/api/v1/ojk/audit/export \
  -H "Content-Type: application/json" \
  -H "X-Tenant-ID: <your-tenant-id>" \
  -d '{"data_types": ["cross_border_transfers"], "format": "json", "framework": "UU_PDP"}'

The OJK compliance module and UU PDP cross-border transfer support first shipped in v8.3.0 — see the v8.3.0 release notes for the full Indonesia compliance overview.

Multi-architecture platform images

All six platform images — agent, orchestrator, customer-portal, customer-portal-ui, and the bundled Prometheus/Grafana — now build and publish for both linux/amd64 and linux/arm64.

Apple Silicon (M1–M4) Macs run AxonFlow natively for local development.
AWS Graviton and other Ampere ARM Linux hosts run the production images natively.
No Rosetta or QEMU emulation, and no platform: linux/amd64 pin required in docker-compose.

If you added a platform: linux/amd64 workaround to your compose services for v8.4.0 on an ARM host, you can remove it in v8.5.0 — Docker resolves the native linux/arm64 manifest automatically.

New reference example: MCP server + Decision Mode

examples/mcp-decision-mode/ is a runnable Python Model Context Protocol server that demonstrates the PEP/PDP pattern end to end: the MCP server (the PEP) calls AxonFlow POST /api/v1/decide (the PDP) before returning tool results, with Indonesia PII detection and a fail-closed default (deny if the PDP is unreachable). It ships with a stdio end-to-end harness and unit tests, and is a good starting point for wrapping any MCP toolset in policy enforcement.

SDK versions

The paired SDK release moves Go, Python, TypeScript, and Java to v8.4.0 and Rust to v0.6.0. SDK and platform versions are decoupled — each follows its own semver. Once the SDK release lands, the platform /health advertises:

SDK	Recommended	Minimum
Python	8.4.0	8.0.0
TypeScript	8.4.0	8.0.0
Go	8.4.0	8.0.0
Java	8.4.0	8.0.0
Rust (preview)	0.6.0	—

Existing v8.3.0 SDK callers keep working unchanged — the minimum SDK floor stays at v8.0.0. Decision Mode, the OJK export, and the OpenAI-compatible gateway are all reachable over plain HTTP and do not require an AxonFlow SDK.

What's NOT changed

No breaking changes. All existing SDKs, plugins, and API consumers continue to work unchanged.
No schema migration required. Decision Mode audit rows use the existing audit_logs table and its policy_details JSONB column.
Plugin versions: Recommended claude / cursor / codex at v1.5.2; openclaw at v2.6.1. Unchanged from v8.4.0.
Existing endpoints: Proxy Mode (POST /api/request), Gateway Mode (POST /api/policy/pre-check), the OpenAI-compatible endpoint (POST /v1/chat/completions), and Decision Mode (POST /api/v1/decide) all keep their existing contracts. The Decision Mode additions are additive.

Upgrade notes

Self-hosted Community (Docker / `docker compose up`)

Pull the v8.5.0 image. The base docker-compose.yml (community mode) needs no changes. Decision Mode request-context propagation and audit persistence are available immediately.

Self-hosted Enterprise (Docker / `docker compose up`)

docker compose -f docker-compose.yml -f docker-compose.enterprise.yml down
docker compose -f docker-compose.yml -f docker-compose.enterprise.yml pull
docker compose -f docker-compose.yml -f docker-compose.enterprise.yml up -d

Two optional follow-ups for regulated deployments:

Set AXONFLOW_DECISION_CONTEXT_ALLOWLIST to the context keys your gateways send (comma-separated). Leave unset to use the default key set.
If your OTel collector filters span attributes, add request.context.* to its keep rules so the new decision-context attributes are retained.

If you tail audit_logs from a SIEM or retention job, note that Decision Mode rows now land in that table alongside Proxy and Gateway rows.

In-VPC Enterprise (AWS CFN)

No action required. The v8.5.0 images are drop-in. ARM-based (Graviton) task placements are now supported by the multi-arch images.

Community-SaaS users

No action required. Decision Mode context propagation and audit persistence are available at all tiers.

SDK users

The paired SDK release moves Go, Python, TypeScript, and Java to v8.4.0 and Rust to v0.6.0. Upgrading is optional — existing v8.3.0 callers keep working (minimum floor stays v8.0.0). SDK and platform versions are independent.

Migration resources

Decision Mode architecture — PDP/PEP pattern, request/response shape, context propagation.
v8.4.0 Release Notes — OpenAI-compatible gateway + self-hosted deployment alignment.
v8.3.0 Release Notes — Indonesia compliance: OJK audit export module, UU PDP breach notification, cross-border transfer fields.

Headline: Decision Mode carries context — and now writes a durable audit row​

Request context propagation​

Decisions now persist to the audit trail​

UU PDP Pasal 56(b) transfer-basis tag​

OJK cross-border transfers export​

Multi-architecture platform images​

New reference example: MCP server + Decision Mode​

SDK versions​

What's NOT changed​

Upgrade notes​

Self-hosted Community (Docker / docker compose up)​

Self-hosted Enterprise (Docker / docker compose up)​

In-VPC Enterprise (AWS CFN)​

Community-SaaS users​

SDK users​

Migration resources​