# Alpha

> The control plane comes online. The agent stops talking to YAML and starts talking to a server.

URL: https://bkpdb.com/changelog/2026-02-26/
Date: 2026-02-26
Tag: alpha

---

## Agent

### Changed

- Project pivots to a server-driven architecture. The dev-mode YAML harness is kept for local development; the agent's source of truth in production is now the control plane it heartbeats to.


## Control plane

### Added

- First public cut. Django 6 application with operator accounts, organisations, role-based access control across four roles, an append-only audit log, envelope encryption for stored credentials, redacted structured logs, `/healthz` and `/readyz` endpoints, a CSP-enforcing middleware, and a django-q2 task cluster wired into boot.
- Databases, storage destinations, schedules, and retention policies as first-class records. The default retention is GFS (7 daily, 4 weekly, 12 monthly), overridable per database, with an optional hard age bound.
- Mutual TLS between the agent and the control plane. The agent generates its keypair on the host, sends a CSR, and receives a leaf certificate signed by the agent CA. The private key never leaves the host.
- Heartbeat and `/config` endpoints with hash short-circuiting. The server tells the agent it is up-to-date without re-sending the whole config when nothing has changed.
- Single-use job credential exchange. Database passwords and storage secrets are fetched per job, never stored on the agent's disk, and the issuance is recorded in the audit log.
- Operator-facing backups history and a console dashboard. One-shot restore initiation from the console, with the agent reporting the result back.