https://docs.rapidvalue.be/changelog Release notes for RapidValue IGA. en-US Sun, 24 May 2026 19:29:28 GMT https://docs.rapidvalue.be/changelog#poc-trial-program https://docs.rapidvalue.be/changelog#poc-trial-program Fri, 01 May 2026 00:00:00 GMT A 30-day trial path designed for "let me show this to my CISO and DPO". • Sales-bootstrap CLI (rv-poc) — single bash command provisions a tenant, registers the first agent, and prints the customer install one-liner. → Sales CLI reference • Take-home report — privacy-safe HTML/Markdown export of the tenant's posture. CISO + DPO can review without logging in. → POC mode • POC expiry write-blocking — read-only mode after day 30 (HTTP 423 Locked on writes, safe paths whitelisted for report download + conversion) • Cross-tenant POC dashboard — internal funnel view across all active trials (bootstrapped → connected → activated → formalized) • Agent-default execution mode — POC tenants create connectors with execution_mode=agent by default, surfacing the tier-3 architecture from d https://docs.rapidvalue.be/changelog#tier-3-hybrid-agent https://docs.rapidvalue.be/changelog#tier-3-hybrid-agent Fri, 01 May 2026 00:00:00 GMT The agent that runs in your VPC and brokers all connector calls. • Single-file Python agent (~700 lines) — tier3_agent.py, no daemonizing framework required. → Install the agent • All 18 connector methods routed — AgentProxyConnector is a drop-in Connector subclass; call sites stay unchanged • Local credential vault — agent reads agent-vault.json keyed on connector business_id. Secrets never travel from control plane to agent. → Security model • HMAC-verified self-update — per-agent signing key, timing-safe compare. Control plane can't ship arbitrary code without a valid signature. • Crash-loop rollback — .bak + .stable marker. If a new agent binary crashes during boot, next start auto-reverts and reports. • Optional mTLS — register a client cert fingerprint per agent; the https://docs.rapidvalue.be/changelog#connector-onboarding https://docs.rapidvalue.be/changelog#connector-onboarding Fri, 01 May 2026 00:00:00 GMT Targets live in under 5 minutes via the 5-step wizard. • SCIM 2.0 + LDAP/AD engines — covers ~25 SaaS vendors out of the box plus any standards-compliant directory • Quick-add wizard — 5-step Dialog (type → connection → discovery → mapping → first sync). → Wizard onboarding • Auto-discovery + heuristic field mapping — pre-fills IGA schema; override per field • Connector catalog landing page — browseable catalog with already-connected badges and one-click add • Sector-pack recommendation — wizard suggests field mappings based on your tenant's installed sector pack • ConnectorProtocol v1 — wire-stable Pydantic envelopes; custom connectors get the agent-proxy treatment for free https://docs.rapidvalue.be/changelog#role-mining-opportunities https://docs.rapidvalue.be/changelog#role-mining-opportunities Fri, 01 May 2026 00:00:00 GMT Replaces "role mining run output" with a business-readable view. • 3-bucket intent framing — *Formalize a pattern* · *Extend an existing role* · *Bring drift under control*. → Quick start step 3 • Business stories — each opportunity reads as plain-language framing instead of statistical output • One-click formalize — opens the role with live grant tail and member preview pre-filled • PostFormalizePanel — Day-2 priorities surfaced as soon as a role is created (governance to attach, members to migrate) • Bulk-formalize — select multiple opportunities, formalize in one flow • Live grant tail — drawer shows actual downstream entitlements before you commit https://docs.rapidvalue.be/changelog#resource-lifecycle-governance https://docs.rapidvalue.be/changelog#resource-lifecycle-governance Fri, 01 May 2026 00:00:00 GMT End-to-end management of applications, entitlements, and the deprecation flow. • DeprecationPlan + cascade — schedule removal of an app or entitlement; downstream impact computed and surfaced • AUTO_MIGRATE for affected identities — pre-staged migration to successor resources, executed at deprecation cutover • Onboarding governance — provenance tracking + DT spawning when new applications are added • Service Library + Identity Overview tab — drawer-default for identity inspection • Modification governance — security-review DT auto-revert if approval rejected • Scheduler integration — lifecycle transitions fire on schedule, not on manual trigger https://docs.rapidvalue.be/changelog#identity-model-3-layer-policy https://docs.rapidvalue.be/changelog#identity-model-3-layer-policy Fri, 01 May 2026 00:00:00 GMT • IdentityTypeDefinition registry — human / contractor / service / NHI as first-class with type-specific properties • 3-layer policy model — Layer 1 cohort birthrights · Layer 2 role-derived · Layer 3 explicit grants • Context unification — membership_roles, is_primary, schema_object_id as one consistent concept • JSON-DSL policy evaluator — readable, audit-friendly policy expressions • Cohort preview + Layer-3 rollup — see who's affected before activating a policy • WhoAmI tab + sensitive-context DT — drill into any identity's effective access with full provenance https://docs.rapidvalue.be/changelog#sol-ist-7-status-compliance https://docs.rapidvalue.be/changelog#sol-ist-7-status-compliance Fri, 01 May 2026 00:00:00 GMT Canonical taxonomy for "what's the state of this grant?": compliant · to_provision · action_missing · non_compliant · to_deprovision · drift_explicit · drift_unmanaged • Auto-recompute on policy activation + identity attribute change • SoD-aware — preventive checks at request time + detective re-scan after sync • Attribute-level drift detection — fine-grained beyond membership-only • Persisted IdentityWarning — historical state preserved for audit https://docs.rapidvalue.be/changelog#decisiontask-unification https://docs.rapidvalue.be/changelog#decisiontask-unification Fri, 01 May 2026 00:00:00 GMT Replaces five legacy task systems (ApprovalStep · CertificationItem · SmartCert · RecertTask · Survey) with one model. • Single inbox — every decision lives in one place per persona • Audit-event consistency — same audit shape regardless of task origin • Field-visibility matrix per role — column-level RBAC for the inbox grid https://docs.rapidvalue.be/changelog#sector-packs https://docs.rapidvalue.be/changelog#sector-packs Fri, 01 May 2026 00:00:00 GMT Industry-baseline bundles of approval rules + certification policies. Available: Financial Services · Healthcare · Public Sector · Manufacturing · Mid-Market · AI Enterprise. → Sector packs • Pre-configured approval rules per risk tier • Cert cadences keyed to sector norms (90/180/365 days) • SoD policies typical for the industry • Field-mapping templates for sector-typical targets • Diff-vs-pack tracking — see where you've diverged from the baseline, for audit conversations https://docs.rapidvalue.be/changelog#documentation-site https://docs.rapidvalue.be/changelog#documentation-site Fri, 01 May 2026 00:00:00 GMT Public docs portal at docs.rapidvalue.be — wizard reference, agent install, security model, sector packs, POC mode, API orientation. --- Older sprint detail is archived in the internal sprint history (docs/sprints/ in the repository). Customer-relevant highlights from those waves: • Sector Packs + sovereignty self-assessment — early framework that led to the current sector-pack architecture • Toxic Combinations + Unstructured Data — SoD-adjacent risk surface for files + folders • Connector Auto-Discovery + Blast Radius — what-changes-if-I-grant preview • Quick Scan Wizard + NHI Discovery — the precursor to today's 5-step wizard • SMART Certifications + Guided Policy Builder — the foundation for the current cert engine --- We ship continuously to the SaaS control plane. Agent bina