Released 2026-05-27. Consolidates five releases that shipped together. Interactive agents pick up their full public chat surface, webhook agents move to a hardened URL shape, every agent gets a per-agent AI connection picker, the engine collapses workflow and agent execution onto one architecture, and owners get a per-team audit log of every BYOK call.
Interactive agents — public chat surface
- Public chat URL with optional custom slug — interactive agents are addressable at
/a/<slug>in addition to the random embed token. - Public / password access — toggle on the agent editor mirrors the form & visualizer model. Encrypted at rest, rotatable, can be cleared anytime.
- Embed-domain controls are independent of public access. A password-protected agent embedded on your site still asks visitors for the password.
- Owner takeover — the run detail page has a Conversation view where a teammate can reply as the agent without invoking the LLM. The next end-user reply sees your turn in conversation history.
- Direct vs Embed — the agent runs list distinguishes visitors who opened the public link from sessions loaded via the iframe/JS SDK.
- "Waiting on the team" state — public chat surfaces show a friendly pending message and poll for the decision while an approval is open.
- Per-checkpoint billing — each awaiting_user turn debits credits for tokens since the previous checkpoint, so long chats don't sit unbilled.
Webhook agents
- Platform picker — webhook agents pick the upstream platform (Stripe, GitHub, Slack, and more) so the engine verifies that platform's signature header natively.
- Rotatable URL token — the webhook URL embeds a routing token (not the signing secret). Rotate the token to kill the URL without touching the secret. Subscribers verify by signature header; a leaked URL no longer forces re-configuring every upstream platform.
- User-supplied signing secret — paste the secret from the upstream platform's webhook configuration directly. Rotating it is the upstream's job; FlowFn no longer mints one for you.
AI configuration on agents
- Per-agent AI connection picker — pin a specific team AI connection on an agent (or leave it on your account default).
- Backup connection — when the plan / platform AI key hits a quota or rate limit, the run automatically falls back to a named team connection so it doesn't fail.
- Playground AI bindings get the same backup-connection control.
Schedule agents
- Schedule agents always run in UTC — the editable timezone field is replaced with a read-only label.
- Scheduled triggers follow the same DB-merge pattern workflow schedules use — one cron tick on the schedule server merges every matching agent; pausing an agent on its doc stops dispatch on the next tick.
Engine architecture (unified workflows + agents)
- One worker process consumes both
flowfn-workflow-execute-<SERVER_CODE>andflowfn-agent-runs-<SERVER_CODE>queues. Agent runs are no longer executed in-process on the API box. - Shared server allocation — an agent's allowed tools determine its processing type (heavy media → computer-optimized; rest → balanced). Same
max_concurrent_runscap, same dedicated-team-server preference workflow runs use. - Periodic stuck-job sweep on a 10-minute cron, replacing the previous per-boot sweep. Catches mid-run worker crashes.
- If you operate the deployment: server types collapse to
service/worker/schedule(the previousagenttype is gone). TheAGENT_ENABLEDenv var no longer has any effect; agents always use BullMQ.
Per-team BYOK activity audit
- Open Teams → team card → BYOK activity. Lists every external call FlowFn made on your team's AI keys, platform-tool connections, or MCP servers.
- Filter by surface (agent run / workflow run / playground action / playground chat), kind (platform action / AI model / MCP tool), and status (ok / error).
- Metadata only — request bodies, response bodies, prompts, completions, and API keys are never recorded.
- 90-day retention with a daily purge cron. Audit rows tied to your own agent or workflow runs are included in the self-service data export.
Approve flow
- Approve / Reject email links moved to namespaced routes:
/approve/agent/<id>for agents and/approve/workflow/<runId>/<taskRunId>for workflows. - Widget password endpoint renamed
/access→/request-accessto match form conventions.
Other
Several destructive actions (delete approval rule, clear branding logo, regenerate secret) now ask for confirmation. Public agent endpoints moved under /api/agents/*; agent runs detail moved to /api/runs/agents/....