Skip to main content

Week of May 15, 2026

Date: 2026-05-15 This week brings enterprise governance to general availability and ships a security fix-up pass before public launch.

New features

OIDC / SSO sign-in

StacyVM now accepts OIDC Bearer tokens from Google Workspace, Okta, Azure AD, and Cloudflare Access. Configure your issuer, JWKS URL, audience, and clock-skew tolerance under auth.oidc_*. Both RS256 and ES256/384/512 signing algorithms are supported. See Security and governance.

Role-based access control

Three new roles join the existing api and admin keys:
  • viewer — read-only access. Cannot spawn, exec, or destroy sandboxes.
  • operator — full sandbox lifecycle (spawn, exec, files).
  • tenant_admin — administer a single tenant.
OIDC groups map to roles through auth.oidc_admin_groups, auth.oidc_operator_groups, and auth.oidc_viewer_groups.

Multi-tenancy

Tenants, members, and per-tenant audit logs are now first-class. Every sandbox, admin audit log, and operation log carries a tenant_id, and list/get/exec/file/log routes enforce tenant boundaries for OIDC callers. Manage tenants through /api/v1/admin/tenants or the new Tenants page in the admin dashboard. See Admin control plane.

Policy controls

Per-tenant allow/deny rules for image, provider, and network resources, with glob patterns and priority ordering. Policies are evaluated at spawn time.

Centralized worker token issuer

POST /api/v1/admin/worker-tokens mints short-lived signed worker tokens, so workers no longer need direct access to auth.worker_signing_key. Bootstrap a worker with --bootstrap-admin-key and it will fetch and refresh its own tokens. See Worker RPC contract.

High-availability event bus

When database.driver = postgres, sandbox lifecycle events now propagate across control-plane replicas through a Postgres LISTEN/NOTIFY bridge. Each replica stamps events with an instance UUID so subscribers never receive duplicates.

Postgres backup and rehearsal

Two new commands for production operators:
  • stacyvm db pg-backup <output> — wraps pg_dump for cluster snapshots.
  • stacyvm db pg-rehearse — verifies schema state and required tables before upgrades.

Worker RPC mTLS smoke test

scripts/smoke-remote-worker.sh --mtls generates an ephemeral CA and runs the full remote-worker smoke over HTTPS with mutual TLS. See Remote worker staging.

Runtime certification integration

scripts/certify-runtime.sh --stacyvm-bin now auto-starts a local server, spawns a sandbox, execs a command, and tears it down — end-to-end proof in one command.

Updates

  • stacyvm config lint --production validates OIDC issuer, JWKS URL, audience, and group-to-role mappings.
  • Worker heartbeats advertise https:// URLs when worker.rpc_tls.enabled = true.

Bug fixes

Security

  • RS256 JWT verification — tokens from Google Workspace, Okta, Azure AD, and Cloudflare Access were being rejected because the verifier was not using SHA-256. They now validate correctly.
  • Admin routes in OIDC-only mode — admin endpoints were reachable by anonymous callers when only OIDC (no admin API key) was configured. Admin scope is now enforced whenever any auth is configured.
  • Mixed OIDC + API key auth — valid Bearer tokens were being rejected when an API key header was also expected. Mixed-mode requests now succeed.
  • Policy enforcement on sandbox creation — policies could be created but were never evaluated at spawn time. They are now enforced on POST /api/v1/sandboxes.
  • Worker token issuer scope validation — the admin token issuer now rejects non-worker: scopes with 400 Bad Request instead of silently filtering them.

Other

  • Policy enforcement middleware now buffers request bodies so downstream handlers can still decode them.
  • Durable event bridge no longer double-delivers events to local subscribers on the publishing replica.
  • stacyvm config lint markdown output renders portably across shells.