TrustGraph
Back to News
Release 2.4

TrustGraph 2.4 Released: A Full UI, Enterprise-Grade IAM, and Workspace Multi-Tenancy

May 30, 2026
5 min read

Listen to this article

0:00
0:00

San Francisco, CA — TrustGraph announces the release of 2.4, the most significant update to the open-source context graph platform since its founding. This release ships a comprehensive web UI for the first time, introduces a full identity and access management (IAM) layer with JWT authentication, and replaces the previous user-based isolation model with a workspace-scoped multi-tenancy architecture — making TrustGraph the leader in semantic infrastructure for production-ready enterprise deployments.

A Full UI — Finally

TrustGraph 2.4 ships TrustGraph UI v0.1.1, a complete browser-based interface that makes the platform accessible to users who aren't living in the terminal. The UI covers the full TrustGraph workflow surface:

  • Agent Console — Query your agents directly with streaming responses and live explainability event tracking, so you can watch reasoning unfold in real time
  • GraphRAG View — Interactive graph RAG queries with a visual explainability DAG and inline provenance display, making it easy to see exactly where answers came from
  • Context Explorer — An interactive 3D context graph explorer with dynamic graph loading, BFS neighborhood extraction, edge pulse animation, and multiple navigation views
  • Document Ingestion — A complete upload and submission workflow with page and chunk inspection and document structure browsing
  • Ontology Workbench — A full ontology editor with class and property trees, OWL/XML and Turtle import/export with round-trip fidelity, circular dependency detection, and safe-delete confirmation dialogs
  • Schema Workbench — Interactive schema management with list, create, edit, and delete operations including field and index management
  • Flow Management — Flow creation and detail views with configurable parameters, temperature controls, and grouped storage layout
  • Workspace UX — Workspace selection and management surfaced directly in the interface
  • Prompt Editor — A dedicated prompt editing workflow

The UI ships with 160 tests covering importers, exporters, the ontology validator, schema validation, explain parsing, URI helpers, and graph data helpers — and is licensed under Apache 2.

Workspace-Based Multi-Tenancy

TrustGraph 2.4 replaces user with workspace as the fundamental isolation boundary across config, flows, library, and context. This is more than a rename — workspace isolation is now enforced at the queue infrastructure layer rather than relying on client-supplied message fields, closing a privilege-escalation vector present in earlier versions. A new WorkspaceProcessor base class discovers workspaces from config, creates per-workspace consumers, and manages consumer lifecycle as workspaces are created and deleted. Per-flow librarian clients, per-workspace response producers, and closure-based topic cleanup on flow stop round out the model.

Note for existing users: The user field has been removed from all API schemas, CLI tools, and SDK methods. All tg-* commands replace --user with --workspace. The tg-init-trustgraph container has been removed in favor of the new bootstrap framework described below. Review the migration guide before upgrading.

Identity and Access Management

TrustGraph 2.4 ships a full IAM service with JWT authentication using Ed25519 signing keys, API key support, capability-based access control, and a pluggable IAM regime interface. The API gateway now enforces authentication on every request by default. A suite of new CLI tools covers the full user and workspace management lifecycle — from tg-login and tg-create-user to tg-create-api-key and tg-create-workspace.

For development, demos, and single-user setups, a new no-auth service permits all access unconditionally with no database, no bootstrap, and no signing keys — drop it in place of iam-svc and the gateway stays regime-agnostic.

Pluggable Bootstrap Framework

The previous one-shot tg-init-trustgraph container is replaced by a generic, long-running bootstrap processor that converges a deployment to its configured initial state. Ordered initializers — PulsarTopology, TemplateSeed, WorkspaceInit, DefaultFlowStart — run with per-initializer completion state stored in a reserved __system__ workspace. Failure in one initializer doesn't block others, and the cadence adapts from ~5s during active convergence to ~300s in steady state. Enterprise and third-party initializers plug in via fully-qualified dotted class paths with no changes to core code.

Infrastructure and Reliability

Beyond the headline features, 2.4 includes a broad set of reliability and correctness improvements:

  • Async-safe Cassandra and Qdrant I/O — All Cassandra triples services rewritten with async methods and asyncio.Lock; all six Qdrant services wrapped in asyncio.to_thread
  • Pulsar message loss on flow restart fixedconsumer.close() replaces consumer.unsubscribe() so subscription cursors survive restarts
  • Stale producers on flow stop fixedFlow.stop() now explicitly stops all producers, eliminating 120-second timeouts after flow restart
  • Cassandra pagination fixed — result iteration now walks all pages, not just the first
  • Gateway timeout propagation — the --timeout flag now actually reaches per-service dispatchers instead of being silently overridden by a hardcoded 120s value
  • Library API round-trip — five cascading bugs preventing get_documentsupdate_document from working have been resolved
  • OpenAI rate limit handling — unrecoverable RateLimitError codes now fail fast instead of retrying indefinitely

Availability

TrustGraph 2.4 is available now on GitHub. Full release notes, updated documentation, and migration guidance are available at docs.trustgraph.ai.

For more information:

View all news articles