Plattform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Modelle Tools & Services
Lösungen
Organisationen Entwickler Internet Service Provider Managed Service Provider AI-in-a-Box
Ressourcen
Support Documentation Blog Downloads
Unternehmen
Über uns Forschung Karriere Investieren Kontakt
Anmelden

Changelog

User-visible changes to ScaiVault, newest first. Versioning is API-path based — breaking changes ship under a new path version (v2) and don't disturb v1 callers.

SDK releases — 2026-06-01#

Three rounds of SDK work landed this release. See the per-language CHANGELOGs in each SDK package for the full detail.

API-key authentication. All three SDKs now accept ScaiVault key_… API keys in addition to ScaiKey JWTs. The SDK auto-detects the key_ prefix on token and routes to X-API-Key; you can also pass the credential as the explicit api_key / apiKey / ApiKey argument. Before this release, passing an API key as the bearer token would 401 (the server tried to JWT-parse it).

Response-shape audit. Every SDK response type was re-validated against the API's Pydantic response models. 73 missing-field gaps were closed across the three SDKs (notably on Certificate, IssuedCertificate, Subscription, FederationBackend, DynamicEngine/Role, Lease, ACMEAccount/Order, AuditSummary, GeneratedSecret). The SDK no longer silently drops fields on deserialize.

Feature parity. The JavaScript and .NET SDKs are now at full parity with the Python SDK — all 127 endpoints covered. New operation clients: acme, federation, identity, subscriptions, webhooks, batch, plus dynamic.testEngine, pki.renewCertificate, and pki.deleteCA. JS/.NET PKI CSR endpoints moved from the deprecated /pki/csr/... alias to the canonical /pki/csrs/....

Server fix. SecretResponse (returned by PUT/GET /secrets/{path}) now includes id, matching the list-endpoint shape. The asymmetry had caused the SDK's typed Secret model to crash on deserialize when used via client.secrets.write() / .read().

Package downloads — scailabs.ai/downloads:

SDK Version
Python (scaivault-sdk) 1.6.1
JavaScript / TypeScript (@scaivault/sdk) 1.8.0
.NET (ScaiVault.Sdk) 1.8.0

1.0.0 — 2026-05-17#

Public launch.

Available API surfaces. Secrets (CRUD, versioning, expiration, soft-delete with recovery, batch read), Policies (path-pattern rules with IP/MFA/time-window conditions), Rotation (auto and event-driven, with grace periods and warn-before notifications), PKI (internal CA hierarchy + ACME via Let's Encrypt/ZeroSSL/BuyPass/Google + CSR workflow + trust anchors + CRL/OCSP), Dynamic Secrets (Postgres/MySQL/MongoDB/Redis/AWS/Azure/GCP/SSH), Federation (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager — proxy or sync mode), Webhooks and Subscriptions, Audit log with export to S3/GCS/Azure.

Clients shipped. Python, JavaScript/TypeScript, .NET. Python and .NET fully cover the API; JavaScript covers everything except a handful of admin-only operations. CLI (scaivault) and MCP server (67 tools) for shell and agent integration.

Identity. Authentication delegated to ScaiKey. Three-level tenancy (partner / tenant / identity). Identity cache synced from ScaiKey, kept fresh by webhooks plus a 15-minute background reconciliation.

Crypto. Envelope encryption with per-row data keys wrapped by a KMS-held root. AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault Transit, and PKCS#11 HSMs (including TPM 2.0) supported.

Limits. Default rate limits per identity per endpoint category — see Rate Limiting. Quotas per tenant — see Multi-tenancy.

Public docs. This site.

What's next#

We track upcoming work in our public roadmap. The shape and content of the API is stable; ongoing work is operational (more DNS providers, more dynamic engines, more federation backends).

Updated 2026-06-15 20:39:12 View source (.md) rev 2