Version 2.2.0 focuses on security, operational stability, and platform modernization. It adds two-factor authentication for interactive login flows, improves behavior around license checks and license-server availability, reduces database load for workflow-heavy installations, and updates the runtime/development stack used by radixAPI.
Two-factor authentication is available for interactive logins.
Admin and client users can be required to complete an authenticator-app one-time-password step after password validation.
The login endpoint supports an interactive_login flag so API clients can distinguish interactive browser login from token-oriented service flows.
A dedicated 2FA verification endpoint has been added.
Clients complete setup or login challenges through /api/auth/2fa/verify.
The endpoint is throttled to reduce brute-force risk.
Administrators can manage 2FA for eligible users.
Admin users can enable, disable, or reset two-factor authentication for admin and client accounts.
Reset clears the existing secret and enrollment state so the user can enroll again on the next interactive login.
Admin-only management endpoints can be exempted from license checks.
This prevents license restrictions from blocking core administrative access to users, resources, logs, settings, and selected workflow-management routes.
License-server fallback handling has been improved.
When the license server is temporarily unreachable, the API can continue using a cached license when one is available.
Unreachable server errors are handled separately from upstream license errors, making responses clearer.
The license health check now includes license-server reachability.
Healthcheck output can report whether the configured license server can be reached, with fallback handling for TDL-derived server information.
Monitoring startup reporting sends workstation/license information to the license manager.
The API can report registered workstation data on startup when monitoring reporting is enabled.
Workflow cleanup has been split into clearer soft-delete and hard-delete stages.
The cleanup flow is easier to reason about and reduces the amount of work done during permanent deletion.
New cleanup configuration is available.
RADIX_CRON_CLEANDATABASE_AFTERDAYS defines how many days soft-deleted workflows are kept before permanent deletion.
RADIX_CRON_CLEANWORKFLOWS_SOFTDELETE controls whether expired workflows are soft-deleted first or deleted immediately.
Schema validation is cached.
Workflow creation no longer needs to reload all workflow schemas from the database for every request, reducing repeated database work.
Database cleanup now runs VACUUM ANALYZE after permanent cleanup.
This helps PostgreSQL reclaim space and keep query planning efficient after large cleanup runs.
A custom radixAPI logger has been added.
The logger writes application log events through the configured logger service while keeping Nest console output available for local use.
Logger level filtering can be controlled through the logger.level environment-variable entry.
This allows deployments to reduce persisted log volume by limiting stored levels.
OpenSearch and audit-log behavior were aligned with the new logger flow.
Workflow and audit logging remain searchable while allowing stricter filtering.
Node.js runtime images have been updated from Node 16 to Node 24.
Docker build, builder, and production stages now use Node 24 images.
Local infrastructure images have been updated.
The bundled Docker Compose files now use PostgreSQL 18 and Keycloak 26.6.
241826.629.5.2435