Changelog

A reverse-chronological log of customer-visible changes shipped to the Nembl product.

For under-the-hood architecture changes (deploy patterns, ownership splits, etc.), see the architecture guide.

May 2026

Workflow editor polish + public status page

The canvas vocabulary now matches the published workflow events: phase nodes labeled Begin and End (formerly "Start" and "Completed"), pairing cleanly with workflow.begin / workflow.end. Phase-level events stay phase.start / phase.stop.
End nodes get a filled green disc inside a concentric ring — paired visually with the Begin node, distinct from it.
Sub-process nodes get a thick BPMN call-activity border + a nested-workflow corner badge so they're obvious at a glance vs plain Process steps.
Blank workflows now open with a publishable Begin → End skeleton instead of an empty canvas.
Connection handles auto-hide on view / runtime canvases and gain a show/hide toggle in the editor toolbar.
A public status page is live at status.devopspolis.com (opens in a new tab) — incident history + service uptime, linked from the docs footer.

External AI agents — plug in your own via webhook or MCP

You can now register a third-party AI agent — your own code, a LangChain / LangGraph deployment, an MCP server, or any HTTPS endpoint — and treat it as a first-class participant in a Nembl workflow phase. Same RACI engagements, same recommendation review, same audit trail as the built-in agents.

What this enables for you:

Use any agent framework you want. If your agent can receive an HTTPS POST or expose an MCP tool, it works. No SDK to install, no framework lock-in — Nembl signs each request and maps your response back into the workflow.
Strong authentication out of the box. Bearer tokens, API-key headers, or HMAC-signed requests with a 5-minute replay window. The auth secret lives in your existing Nembl vault; rotating is one click.
Workflow-shaped contract. Your endpoint receives the dispatch envelope (workflow context + variables + the actions your agent is allowed to propose) and returns a structured result: an analysis, optional reasoning, and a list of proposed actions (add_comment, create_task, update_variables, etc.). Anything outside your declared capabilities is dropped server-side.
Health monitoring. Nembl probes registered endpoints every 15 minutes; three consecutive failures pause dispatches and notify your admins. First success after failure flips you back to active automatically.
Capability declarations. Pick which workflow actions an external agent is allowed to propose. Endpoints stay scoped to what they were registered to do.

To set one up: register a connection under Admin → External Agent Connections, then create an agent (Admin → Agents → New Agent), choose the External backend, and link your connection. Available on Starter and above.

Session tracking + force sign-out

Every signed-in session is now tracked as a first-class entity from sign-in through sign-out. The session record holds the active context (personal account vs. Company), the sign-in provider (Cognito or credentials), the user-agent, the IP address, and a continuously- updated "last seen" timestamp.

What this enables for you:

Live session visibility — see who is signed in across your Company, where, and what they're doing, with a real-time list that updates as people sign in, switch context, or sign out.
Force sign-out — when a device is lost, a contractor's access ends, or a credential needs rotating, administrators can revoke an individual session (or every active session for a user) in one click. Revocation takes effect on the user's next request — within about a minute even if their browser is still open.
Audit trail — every sign-in, sign-out, and Company-switch writes an audit row keyed to the session, so post-incident forensics can reconstruct exactly which session did what, when, and from where.

The same mechanism is what lets administrators in Plan Admin watch a live "Active Sessions" view, scope by recency (5 min / 30 min / 1 hour / …), and drill into any session for full provenance — including sign-in attempt history from the federated identity provider.

What used to be called "Secrets" is now Vaults throughout the UI. The underlying entity is unchanged — same storage, same scoping, same connector bindings — but the name better reflects that vaults can hold more than just short string credentials (certificates, structured config, ARN references on the roadmap).

The permission model split too: secret:read grants metadata access (name, tags, last-rotated date, bound resources) and secret:reveal grants decrypted value access. A "Reveal" button on the vault detail page is gated on secret:reveal. The permission identifiers stay secret:* for back-compatibility.

See Creating & Managing Vaults and the Glossary entry.

Subprocess composition

Subprocess phases shipped with a typed contract: child workflows declare their inputSchema and outputSchema on the workflow's Interface card, parents map variables to those declared inputs/outputs with autocomplete and type-checking. Each subprocess END phase gets its own handler block on the parent with a per-END outputProjection — so different exit handlers can pull different child variables back to the parent.

Tier-aware variable references (phase.*, instance.*, system.*, global.*) replace the older flat namespace. Cross-version compatibility checking warns when changing the linked workflow version breaks existing mappings.

onError / onCancellation / onTimeout handlers each take a strategy (transition | pause | fail) to control parent behavior when a child errors, gets cancelled, or runs over its timeout.

See Subprocess Workflows.

Request types + REQ-N reference IDs

Every request now carries a human-readable Reference ID in the form REQ-1247 — usable in conversations, emails, and external systems. Per-company sequence; no collisions across tenants.

Forms can also set a request type discriminator (STANDARD default plus special types like ESCALATION, INCIDENT). The type drives downstream behavior: inbox routing rules can require specific types, analytics dashboards segment by type, and DECISION phases can branch on request.type.

See Tracking Requests and Forms.

Inbox processing order (FIFO / LIFO / PRIORITY)

Each inbox now has a configured processing order that sets the default sort: PRIORITY (urgent first, date as tiebreaker — the SLA-friendly default), FIFO (oldest first — fairness-sensitive intake), or LIFO (newest first — when stale items lose value). Admins configure it on the inbox settings page; workers can still re-sort manually with the column headers.

See Managing Your Inbox.

Workflow versioning: "Retired" status

Workflow versions you've taken out of circulation are now labeled Retired (formerly "Deprecated"). Same lifecycle, same semantics — RETIRED versions are hidden from the offering picker but in-flight instances continue running on them.

See Workflow Versioning.

Responsibility Matrix snapshots + per-run customization

Workflow instances now capture a snapshot of their effective matrix at launch time. The instance viewer always shows who was Responsible / Accountable / Consulted / Informed when that specific instance started — even if the source matrix has been edited since.

The Run Workflow modal gained a "Customize for this run" option that opens the matrix in DRAFT mode for that single instance — swap principals, adjust notification toggles, change assignments without affecting the source matrix or any other instance.

See Responsibility Matrices.

Real RAG for AI agents

AI agents can now retrieve from your company's prompt-document corpus on-demand via the retrieve_documents MCP tool. Semantic search is backed by Voyage embeddings (with OpenAI as a fallback hedge), HNSW indexes for fast cosine similarity, and per-document tag-based access policies.

Replaces the older approach of concatenating every prompt document into the agent's system prompt. Documents are embedded on write (fire-and-forget), so updates take effect on the next agent invocation.

See AI Agents — RAG and the MCP Server tool catalog.

Cognito SSO + federated sign-out

Qa and Prod sign-in now flows through Cognito with federated identity support — including federated sign-out so terminating a Nembl session clears the upstream identity provider too. Verify-before-login enforcement catches stale identity-provider state before letting a session complete. The dev environment retains its credentials provider for testing.

Audit log coverage expansion

Filled gaps in the audit trail for IAM operations, B2B publishing, and service-publishing actions. Every administrative change now produces an audit row queryable from Admin → Audit Trail.

April 2026

Three managed agents shipped

Three Nembl-provided agents are now seeded INACTIVE on every company at creation:

Inbox Triage — Queue Intake agent on Haiku, act_with_approval autonomy
Phase Advisor — Workflow Phase agent on Sonnet, suggest-only, fires when assigned as a CONSULTED party
Task Generator — Workflow Phase agent on Sonnet, act_with_approval, produces recommendations with create_task proposed actions

All three use BYOK — bind your own Anthropic or OpenAI API key via a Vault. The activation guard blocks INACTIVE → ACTIVE until a valid bound vault resolves.

See AI Agents and BYOK Setup.

MCP server expanded for inbox + workflow management

New MCP tools for human-or-agent-driven inbox and workflow operations:

create_recommendation / list_recommendations / update_recommendation_status — agents propose actions; humans accept or dismiss in batch
update_request, add_comment, set_request_tags — request mutations
update_workflow_variables — workflow instance variable patching
get_workflow_interface, list_invocable_workflows — discover reusable workflows and their typed interfaces

Per-action acceptor-permission gating: when a human accepts a recommendation, the system checks the accepting user holds the necessary IAM action for each proposed action before executing.

See MCP Server.

Agent runtime moved off the app server

Agent LLM execution moved from the Next.js app server to dedicated per-provider handler functions (Anthropic / OpenAI / Bedrock). Result: agent invocations no longer compete for app server threads, agents can run longer prompts and tool loops without timing out, and the same envelope contract is reusable for future external-agent integrations.

True cancel semantics — pre-LLM checkpoint, mid-LLM abort, post-LLM checkpoint — guarantee that user-initiated cancels stop the in-flight inference cleanly.

Step Functions removed

Workflow execution is now Lambda-only. The original Step Functions orchestrator was retired in favor of a per-event-type Lambda model on EventBridge. Resulted in faster cold-start, simpler observability, and no state-machine quota limits.

See Execution Architecture.

March 2026

Responsibility Matrix system

Three-tier RACI model shipped: Accountable / Responsible / Approver / Consulted / Informed / Backup assignments per phase, with per-assignment notification toggles and a two-tier policy evaluation (inherited policies vs direct user policies). Direct Allow overrides inherited Deny.

Matrices are reusable bundles of assignments applied at the inbox, workflow, or workflow-instance level. The matrix detail page tracks every entity and instance currently referencing it.

See Responsibility Matrices.

Account types and plan restructuring

Two account-type lines, separately priced:

Individual accounts (Free, Pro) — single-person plans
Company accounts (Starter $49 / Growth $149 / Business $399 / Enterprise custom) — multi-seat plans

No free Company plan. Trial mechanics exist for paid Company plans.

Plan Administrator app

Super-admin web app for managing all Nembl accounts, subscriptions, plans, and feature flags from a single interface. Tailscale-only access via split-horizon DNS — admin operations never traverse the public internet.

Workflow MVP — templates, extensibility, and data phases

Templates library shipped with curated starter workflows. Data phases (filter, sort, aggregate, transform, enrich, validate, transpose) shipped as first-class phase types alongside the existing PROCESS / DECISION / PARALLEL / SUBPROCESS / TIMER / END phases.

Earlier 2026

Foundational phases: hierarchical entity model, nested queues, service catalog, BPMN-style workflow builder, IAM policy engine, CloudTrail-style audit logging, AI agents as first-class entities, B2B service registry, package add-ons. See the product vision (opens in a new tab) for the original scope.

Glossary