What's new

​

Versioning policy

• MAJOR (v1.0.0 → v2.0.0) — breaking changes to the public SDK signature (await_human() parameters), wire format, or error codes. Migration guides ship in the release notes.
• MINOR (v0.1.0 → v0.2.0) — new features, new channels/adapters, deprecations. No breaking changes to the SDK signature within a minor.
• PATCH (v0.1.0 → v0.1.1) — bug fixes, doc fixes, internal refactors. Always safe to upgrade.

# Python (pyproject.toml)
awaithumans = ">=0.1,<0.2"

// TypeScript (package.json)
"awaithumans": "~0.1"

​

Releases

​

Week of May 18, 2026 — v0.1.4, v0.1.5

• GET /api/version endpoint. A public, unauthenticated endpoint that returns the running server version. Useful for SDK compatibility checks, uptime probes, and ops dashboards without provisioning a token. See API overview.
• Idempotent-Replayed response header. POST /api/tasks now sets Idempotent-Replayed: true on responses that returned an existing task via the idempotency lookup, and false on first writes. Lets clients and middleware distinguish a real create from a replay without comparing timestamps.
• Notification delivery failures surface in the dashboard. When an email or Slack notify fails (misconfigured transport, bad recipient, SMTP error), the task detail page now shows an amber banner listing each failed recipient with channel and reason, plus a dedicated notification_failed entry in the audit log. No more silent drops when a channel is half-configured.

• Python 3.10 supported again. Dropped a stray datetime.UTC reference that required 3.11+. The SDK now installs cleanly on 3.10. See Python SDK.
• Half-configured channel warnings at startup. awaithumans dev now warns on boot if a channel (email SMTP, Slack bot token) is partially configured, instead of failing silently when the first task is created.
• Dashboard copy buttons work everywhere. The “copy” affordances on task IDs, idempotency keys, and webhook secrets now work in embedded iframes, insecure-context previews, and older Safari — falls back to a manual-select path when the Clipboard API is unavailable.
• npm + PyPI discoverability. Expanded package keywords and badges on the README so the SDKs surface for human-in-the-loop, agent-approvals, and related searches.

• OpenAPI docs served at the documented paths. /api/docs (Swagger UI), /api/redoc, and /api/openapi.json now actually resolve — previously they 401’d because the server mounted them at the framework defaults. The curl examples in API overview work as written. The generated schema’s info.version also now tracks the real package version, so client codegen tools label SDKs correctly.
• No duplicate notifications on idempotent retries. Re-running the same await_human() call (same idempotency key) no longer re-emails or re-Slacks the reviewer. The create route now only fires notify side-effects when the underlying task is freshly inserted, not on replays. See idempotency.
• Branded HTML page on broken handoff links. Expired or invalid “Open task” links from email and Slack now render a styled error page instead of a raw JSON 400 — reviewers see a real message and a path back to the dashboard.
• All docs links point at the real subdomain. Internal cross-links and emailed handoff URLs now consistently use docs.awaithumans.dev instead of a mix of staging hosts.

​

Week of May 11, 2026 — v0.1.1, v0.1.2, v0.1.3

• Three Walls renamed to Authorization / Reality / Presence. The framing now matches the landing page and better captures why human review gets more important as agents get more capable, not less. See the new write-up.
• Quickstart now leads with pip install "awaithumans[server]". The bare awaithumans package is the lightweight SDK; the [server] extra is what you need to run awaithumans dev. The CLI now prints a one-line hint instead of a stack trace if the extra is missing. See Quickstart.
• Visual demos in the docs. A short hero GIF and static dashboard screenshots are now embedded in the README and several docs pages so you can see the task lifecycle without running anything.

• Email handoff links no longer expire instantly for users outside UTC. The “Open task” button in notification emails was returning 400 Sign-in link is invalid or expired immediately after task creation for anyone in a non-UTC timezone. Fixed for both email and Slack channels.
• Project .env files with SDK keys no longer crash awaithumans dev. Adding an SDK-side variable like AWAITHUMANS_URL to a .env file used to crash the server on boot with a validation error. Unknown AWAITHUMANS_* keys are now ignored (with a warning) instead of fatal.
• notify=["email:someone@acme.com"] now works with a single configured identity. A bare email notify with one identity in the database silently dropped the message. It now resolves to the solo identity and sends. SMTP user aliases and port 465 implicit TLS are also handled correctly.
• Email identity listing survives stale encryption keys. One row encrypted under a rotated PAYLOAD_KEY no longer takes down GET /api/channels/email/identities with a 500 — the dashboard’s email-setup screen stays usable.
• Embed view bug fixes. The embedded dashboard now shows a proper “Submitted” view after completion, won’t double-submit on rapid clicks, and drops the stale “You can close this window” line.
• Security patches. Bumped Next.js (13 GHSA advisories) and protobufjs to clear Dependabot alerts. No action needed if you’re on the latest Docker image or SDK.

​

v0.1.0 — Public preview (May 2026)

• One function call: await_human() / awaitHuman()
• Strict Stripe-style idempotency — direct-mode resumes across agent restarts
• HMAC-signed webhooks with 3-day retry envelope
• Server-side AI verification (Claude / OpenAI / Gemini / Azure OpenAI)
• One-command self-hosting

​

Where to next

• Roadmap — what’s coming after v0.1
• GitHub Releases — every version, full notes
• Versioning & release notes — pinning recommendations