What's New¶
Track every release, feature addition, and improvement to the Verity platform.
v1.0.0 — Initial Release¶
March 2026
General Availability
Verity v1.0.0 marks the first production-ready release of the Access Decay Intelligence Platform — 19 microservices, 6 connectors, a full scoring pipeline, and a React dashboard.
Highlights¶
-
Access Decay Scoring
Six-factor decay engine scores every access grant on a continuous 0–100 scale: days since last use, peer comparison, privilege level, asset sensitivity, login frequency, and HR signals.
-
Automated Review Routing
Review packets are generated only for grants above the risk threshold and routed to the correct data owner via Temporal workflows with configurable SLA enforcement.
-
ClickHouse Audit Trail
Every state change is immutably logged to ClickHouse — scores, reviews, decisions, and remediations — with a 7-year default retention and auditor-friendly query interface.
-
React Dashboard
A responsive Next.js dashboard for reviewers and administrators: grant explorer, score trends, review inbox, remediation history, and compliance reports.
Microservices (19)¶
All services are containerised, health-checked, and deployable via Helm.
| Plane | Services |
|---|---|
| Ingest | connector-azure-ad, connector-fabric, connector-synapse, connector-databricks, connector-postgresql, connector-hr, ingest-worker |
| Normalise | normalise-engine |
| Score | decay-engine |
| Review | review-generator, workflow-engine |
| Remediate | remediation-executor |
| Platform | api-gateway, audit-writer, compliance-reporter, notification-service, scheduler, dashboard-ui, admin-cli |
Connectors (6)¶
| Connector | Source System | Auth Methods |
|---|---|---|
connector-azure-ad |
Microsoft Entra ID (Azure AD) | Service Principal, Managed Identity |
connector-fabric |
Microsoft Fabric | Service Principal |
connector-synapse |
Azure Synapse Analytics | Service Principal, Managed Identity |
connector-databricks |
Databricks (Azure / AWS / GCP) | Service Principal, PAT |
connector-postgresql |
PostgreSQL databases | Username/Password, SSL Cert |
connector-hr |
HR systems (CSV / SCIM) | API Key, File Upload |
Infrastructure¶
| Component | Technology | Purpose |
|---|---|---|
| Primary database | PostgreSQL 16 + TimescaleDB | Operational store — principals, assets, grants, scores, reviews |
| Audit store | ClickHouse | Immutable event log, compliance reports, analytics |
| Event streaming | Kafka (KRaft mode) | Asynchronous communication between all planes |
| Cache | Redis 7 | Score look-ups, session data, rate limiting |
| Workflow engine | Temporal | Durable review-lifecycle orchestration |
| Container orchestration | Kubernetes + Helm | Production deployment |
| Local development | Docker Compose | Single-command development environment |
Quality¶
- 425+ tests across unit, integration, and end-to-end suites.
- Alembic migrations for PostgreSQL schema management.
- ClickHouse migrations for audit-schema evolution.
- GitHub Actions CI/CD — lint, test, build, and publish on every push.
- Helm chart validation in CI.
Documentation¶
- Full MkDocs Material documentation site with:
- Architecture deep dives and Mermaid diagrams
- Service-by-service reference
- API reference with request/response examples
- SDK & Connector development guide
- Deployment guides (Docker Compose, Kubernetes, CI/CD)
- Operations runbooks and troubleshooting
Full Changelog¶
All changes in v1.0.0
Core Platform
- Five processing planes: Ingest → Normalise → Score → Review → Remediate
- Six-factor decay-scoring engine with configurable weights
- Canonical data model: Principals, Assets, Grants, Scores, Reviews
- Identity resolution across multiple source systems
- Peer-comparison scoring using department and role clustering
- Asset-sensitivity classification (1–5) with sensitivity multiplier
- Review-packet generation with score trend and recommended action
- Temporal workflow orchestration for review lifecycle
- SLA enforcement with configurable escalation chains
- Dry-run and live remediation modes
- Dead-letter queue (DLQ) handling with replay capability
Connectors
- Azure AD connector — users, groups, app roles, service principals
- Fabric connector — workspace permissions, lakehouse/warehouse access
- Synapse connector — SQL/Spark pool permissions, workspace roles
- Databricks connector — workspace, cluster, SQL warehouse, Unity Catalog
- PostgreSQL connector — role grants, schema permissions
- HR connector — CSV and SCIM ingestion for joiner/mover/leaver events
Dashboard & API
- Next.js React dashboard with grant explorer, score trends, review inbox
- FastAPI REST API with OpenAPI documentation
- Role-based access control (RBAC) for dashboard users
- Real-time score updates via WebSocket
- Compliance report generation and evidence-package export
Infrastructure & DevOps
- Docker Compose development environment (single
docker compose up) - Helm charts for Kubernetes deployment
- GitHub Actions CI/CD pipeline
- Prometheus metrics and Grafana dashboards
- Structured JSON logging with correlation IDs
- Health-check endpoints for all services
Found a bug or have a feature request?
Open an issue on GitHub.