Recent changes
This page tracks user-visible contract changes. Internal infrastructure work is omitted unless it changes how clients should call the service.
2026-07-15
Artifact deletion and quota
- Artifact owners can delete once every referencing job is terminal; only non-terminal job references return
409 artifact_in_use. - Accepted deletion hides metadata and releases account quota immediately. Namespaced backing data retains its default 24-hour physical-GC grace; legacy backing data remains guarded operational inventory without consuming user quota.
GET /api/v1/artifactsand507 artifact_quota_exceededresponses expose authoritative quota limit, used, and remaining bytes. Artifact metadata separates active and terminal reference counts.
2026-07-13
Open access
- Wallet access is open: any wallet can authenticate (
POST /api/v1/auth/wallet/challenge→ sign →POST /api/v1/auth/wallet/verify) and fund the account — no allowlist entry or approval step. The first verify for a new wallet creates the account. API keys (flk_…) remain issued on request via the waitlist.
MPP payment protocol
- MPP (Machine Payments Protocol) is accepted alongside x402 on the funding rail. Every quote
402now carries aWWW-Authenticate: Paymentchallenge (methodevm, intentcharge; decoded copy in the body’smppblock) in addition to the x402PAYMENT-REQUIREDheader. - Quotes settle over either carrier at the same endpoints: x402 via the
PAYMENT-SIGNATUREheader (bearer auth), or MPP viaAuthorization: Payment <base64url credential>with an EIP-3009authorizationpayload — no bearer token needed. Successful MPP settlements return a base64url JSONPayment-Receiptresponse header; repeats stay replay-safe (replay: true). GET /api/v1/account/quotes/:idincludes the decoded MPP challenge (mppblock) for open quotes.
2026-07-11
Artifacts
- Public uploads now use the authenticated controller relay, with a 2 GiB request limit, or register an existing external URL. Direct and multipart object-store upload endpoints return
410 Gone. - The default retained-byte quota is 100 GiB per account. Local/R2 content hashes are deduplicated within the account; quota exhaustion returns
507 artifact_quota_exceeded. - Artifacts remain retained until explicitly deleted. References from producing jobs and job inputs block deletion during the 30-day terminal-job retention window with
409 artifact_in_use; unreferenced namespaced backing data is collected after the default 24-hour grace. - Job submission validates concrete
_artifacts.downloadIDs, account ownership, and retained references atomically before work or billing admission.
Jobs and results
- Worker process exit status is authoritative terminal truth.
result_qualityandresult_warningsare reserved asnulland[]; non-emptyresult_schemasubmissions return422. - Admission rejects unsupported task-shaped payloads, excessive retries or dependencies, invalid fan-out/resource shapes, and inaccessible artifacts before creating work or reserving funds.
max_retriesaccepts0through10; holds cover the requested attempt budget, while infrastructure requeues do not consume that retry budget.- Dependencies wait for real terminal task outcomes.
completedandpartialdependencies unblock work;failedandcancelleddependencies cancel blocked jobs. - Non-empty
callback_urlvalues return422. Use job SSE, multi-job watch, or polling for completion updates.
User projects
- User uploads require OCI execution with
runtime.sandbox: "gvisor". - User-upload manifests cannot declare
runtime.init.commands,runtime.services, orvalidation.commands. Put installs and build steps in the Dockerfile and use declarative executable/file validation.
Operations
- Public health and readiness endpoints remain available. Prometheus metrics are operator-gated and require a local request, admin authorization, or the dedicated metrics token.
Last updated on