New features, improvements, and fixes shipped to Trailbase.
JWT secrets are now encrypted at rest with AES-256-GCM. Webhook URLs are validated against SSRF attacks (blocks private IPs and non-HTTP protocols). Rate limiting added to all sensitive endpoints. Zod validation on all API inputs.
New integration guide inside the dashboard with personalized code snippets. Shows your actual API key and tenant ID so you can copy-paste directly into your codebase.
Added detailed comparison pages for Trailbase vs WorkOS, Pangea, Datadog, Papertrail, osquery, custom-built, and generic audit log tools. Feature-by-feature breakdowns with honest verdicts.
Run automated compliance checks against SOC 2, HIPAA, GDPR, and ISO 27001 frameworks. Generate audit-ready reports as PDFs. Continuous monitoring with alerts when controls fail.
Full RBAC engine with roles, permissions, and resource-level grants. The explain graph shows exactly why a permission was granted or denied — debug access control decisions in seconds.
Configure alert rules for security events, anomalies, and threshold violations. Get notified instantly via Slack, Discord, email, or custom webhooks. Cooldown periods to prevent alert fatigue.
Every audit event is cryptographically linked using SHA-256 hash chains. Verify the integrity of your entire audit trail with a single API call. Tamper with one record and the chain breaks.
Released the official Trailbase TypeScript SDK (@frozotrailbase/sdk). Send audit events with 3 lines of code. Includes immutable logging, searchable dashboard, and JSONL/CSV exports to customer S3 buckets.