Skip to Content
Recent Changes

Recent changes

This page tracks user-visible contract changes. Internal infrastructure work is omitted unless it changes how clients should call the service.

2026-07-15

Artifact deletion and quota

  • Artifact owners can delete once every referencing job is terminal; only non-terminal job references return 409 artifact_in_use.
  • Accepted deletion hides metadata and releases account quota immediately. Namespaced backing data retains its default 24-hour physical-GC grace; legacy backing data remains guarded operational inventory without consuming user quota.
  • GET /api/v1/artifacts and 507 artifact_quota_exceeded responses expose authoritative quota limit, used, and remaining bytes. Artifact metadata separates active and terminal reference counts.

2026-07-13

Open access

  • Wallet access is open: any wallet can authenticate (POST /api/v1/auth/wallet/challenge → sign → POST /api/v1/auth/wallet/verify) and fund the account — no allowlist entry or approval step. The first verify for a new wallet creates the account. API keys (flk_…) remain issued on request via the waitlist.

MPP payment protocol

  • MPP (Machine Payments Protocol) is accepted alongside x402 on the funding rail. Every quote 402 now carries a WWW-Authenticate: Payment challenge (method evm, intent charge; decoded copy in the body’s mpp block) in addition to the x402 PAYMENT-REQUIRED header.
  • Quotes settle over either carrier at the same endpoints: x402 via the PAYMENT-SIGNATURE header (bearer auth), or MPP via Authorization: Payment <base64url credential> with an EIP-3009 authorization payload — no bearer token needed. Successful MPP settlements return a base64url JSON Payment-Receipt response header; repeats stay replay-safe (replay: true).
  • GET /api/v1/account/quotes/:id includes the decoded MPP challenge (mpp block) for open quotes.

2026-07-11

Artifacts

  • Public uploads now use the authenticated controller relay, with a 2 GiB request limit, or register an existing external URL. Direct and multipart object-store upload endpoints return 410 Gone.
  • The default retained-byte quota is 100 GiB per account. Local/R2 content hashes are deduplicated within the account; quota exhaustion returns 507 artifact_quota_exceeded.
  • Artifacts remain retained until explicitly deleted. References from producing jobs and job inputs block deletion during the 30-day terminal-job retention window with 409 artifact_in_use; unreferenced namespaced backing data is collected after the default 24-hour grace.
  • Job submission validates concrete _artifacts.download IDs, account ownership, and retained references atomically before work or billing admission.

Jobs and results

  • Worker process exit status is authoritative terminal truth. result_quality and result_warnings are reserved as null and []; non-empty result_schema submissions return 422.
  • Admission rejects unsupported task-shaped payloads, excessive retries or dependencies, invalid fan-out/resource shapes, and inaccessible artifacts before creating work or reserving funds.
  • max_retries accepts 0 through 10; holds cover the requested attempt budget, while infrastructure requeues do not consume that retry budget.
  • Dependencies wait for real terminal task outcomes. completed and partial dependencies unblock work; failed and cancelled dependencies cancel blocked jobs.
  • Non-empty callback_url values return 422. Use job SSE, multi-job watch, or polling for completion updates.

User projects

  • User uploads require OCI execution with runtime.sandbox: "gvisor".
  • User-upload manifests cannot declare runtime.init.commands, runtime.services, or validation.commands. Put installs and build steps in the Dockerfile and use declarative executable/file validation.

Operations

  • Public health and readiness endpoints remain available. Prometheus metrics are operator-gated and require a local request, admin authorization, or the dedicated metrics token.
Last updated on