Latch deploys continuously, so entries are grouped by the day they landed.
Developer documentation and nested spend caps
Docs you can read without signing in, and per-mount spend caps that actually nest.
-
fixed
Per-mount spend caps now enforce alongside the latch-level capSpend caps on a multi-mount latch nest: the latch-level cap is the overall daily ceiling and each mount's cap is a sub-limit within it, metered on its own counter. Previously a latch-level cap took precedence over per-mount caps, and mounts shared one daily counter. Mount-scoped requests now also return x-latch-cost-mount-limit/used headers, and the self-introspection budget endpoint lists each mount's sub-limit with live spend.proxy·#243
-
new
Latch has a public developer docs siteA quickstart, task guides, and a full filter reference now live at /docs, next to a generated REST reference for the proxy API and this changelog. No sign-in needed.docs·#241
Multi-mount, generally available
-
new
Multi-mount latches are generally availableFront several upstream services from one token: each mount routes a path prefix to its own upstream, secret, and pipeline.latch·#221
-
improved
Narrow an inherited mount on an extended latchA child extension can remove an inherited mount or add filters on top of it, without touching the parent.web·#222
Retire an agent for good
-
new
Terminal revocation for agent identitiesRetire an enrolled agent key permanently, so a decommissioned machine can never present a valid slip again.agent-identity·#223
Multi-mount latches
One token in front of several upstream services, each with its own credential and its own policy.
-
new
A single latch can now front several upstream servicesGive a latch a mount table: each mount routes a path prefix to its own upstream, with its own secret and its own filter pipeline. One lat_ token, many services, one audit trail.tee·#217
-
improved
The mount-type selector is hidden; new latches default to proxyOne less decision on the way to a working latch.web·#220
Accurate traffic accounting
-
fixed
/proxy and /admin are exempt from the canonical HTTPS redirectAPI and proxy calls are no longer 301'd to the canonical host, and redirected traffic is counted correctly.server·#218
Self-serve beta signup
-
new
Sign up for the beta without waiting on a manual approvalNew signups are auto-approved once verified, with a denylist for exclusions.auth·#214
Owner-attributed usage, and Linux enrollment
-
new
Per-user daily proxy-usage rollupDaily usage attributed to the owner, so you can see who is actually using what.analytics·#206
-
improved
Enrollment now covers Linux hostsAdded a Linux host enrollment card and de-Mac-centered the copy.web·#216
Payload correctness, batch approvals, observability
-
fixed
payload max_length and min_length no longer fail open or deny everythingLength bounds on the payload filter now evaluate correctly (LAT-294).engine·#215
-
new
Rate-limited batch approval of access requestsweb·#211
-
improved
Closed product and engineering observability gapsobservability·#213
Friendlier failures
-
new
Stylized 404 page, with a server-side fallback for unknown routesweb·#212
-
fixed
The MCP server validates method and path arguments instead of leaking raw JS errorsmcp-server·#209
Faster TEE policy evaluation
-
improved
WASM-by-handle for TEE policiesReference a cached policy instead of re-shipping the WASM on every call.rex·#197
Proxy fidelity
The proxy forwards what you actually sent.
-
fixed
Non-JSON request bodies are forwarded verbatimThe proxy no longer applies application/json to a body that is not JSON (LAT-281).proxy·#202
-
fixed
The caller's GET query string is forwarded upstreamproxy·#200
-
fixed
Invalid simulate overrides no longer 500 or flood /admin/simulateweb·#204
-
fixed
Theme defaults to system, so Monaco editors are no longer stuck in light modeweb·#203
-
fixed
Dropped misleading empty payload filters from the templatesweb·#201
Editor logging toggles, and rate-limit guards
-
new
Request and response body logging toggles in the latch editorweb·#198
-
fixed
rate_limit bounds maxRequests and windowSeconds, and rejects absurd valuesengine·#196
The blog, and names that hold
-
new
Self-hosted blog at onlatch.com/blogweb·#171
-
fixed
Latch and secret names must be unique, with flat clone numberinglatch·#194
-
fixed
Latch expiry no longer shows "just now", or a blank edit fieldweb·#195
-
fixed
The Claude Desktop .mcpb manifest carries its required author fieldconnect·#193
In-enclave Cedar, and the protection flow made visible
-
new
In-enclave Cedar evaluation (engine v2)Cedar policies evaluate inside the enclave, compiled only for Cedar latches.tee·#184
-
new
Activity shows the per-request protection flowIdentity, then the REX enclave, then attestation, then upstream. Traced per request.web·#190
-
fixed
Simulation skips stateful filters, with an advisory noteA stateful filter cannot be meaningfully replayed in a dry run (LAT-231).engine·#182
-
fixed
custom_code language options match the venue; the no-op Rust option is gone on host latchesweb·#183
-
fixed
Expires At validates its range, and rejects unparseable dateslatch·#191
-
fixed
Long secret names are capped and wrapped instead of breaking the layoutweb·#192
Activity export, and activation analytics
-
new
Activity page CSV exportweb·#185
-
new
Numbered page navigation for the access-requests queueweb·#186
-
new
Per-user first-proxy-call activation event, linked to the latchanalytics·#174
-
fixed
The allowed timeout window matches the enclave's 30 second caprex·#181
Prometheus metrics
-
new
Prometheus /metrics endpointOnboarding, proxy, and spend instrumentation exposed for scraping.observability·#177
-
fixed
The TEE timeout is editable, within a 60 to 120 second rangelatch·#176
-
fixed
Cloning a TEE latch preserves TEE instead of producing a broken local latchlatch·#175