TrustGraph 2.5 Released: Alibaba Cloud Support, SPARQL and GraphQL Workbenches, and End-to-End MCP Authentication

San Francisco, CA — TrustGraph announces the release of TrustGraph 2.5, adding Alibaba Cloud as a supported deployment target, shipping interactive SPARQL and GraphQL workbenches in the UI, delivering comprehensive SPARQL 1.1 function support in the query engine, and closing a significant authentication gap in the MCP server. This release continues TrustGraph's push toward production-grade enterprise deployments across a broader range of cloud infrastructure.

Alibaba Cloud Support

TrustGraph 2.5 adds support for Alibaba Cloud, making TrustGraph deployable on one of the world's largest cloud platforms and opening the door to users operating in markets where Alibaba Cloud is the primary infrastructure provider. This expands TrustGraph's supported cloud footprint alongside existing support for AWS, Azure, GCP, OVHcloud, Scaleway, and IBM Cloud.

A Richer UI: SPARQL and GraphQL Workbenches

Building on the UI foundation shipped in 2.4, TrustGraph UI v0.2.4 adds two major new workbenches that make TrustGraph's query capabilities directly accessible in the browser:

• SPARQL Workbench — An interactive SPARQL query editor with syntax-highlighted results, error reporting, and query history. Write and iterate on SPARQL SELECT, ASK, CONSTRUCT, and DESCRIBE queries against your knowledge graph without leaving the browser.
• GraphQL Workbench — A GraphQL query page with an editor, presets, and table and raw result views for structured data queries.
• Config-Driven Query Presets — Preset and example query support for SPARQL, Graph RAG, and Agent pages, driven by config-service entries so teams can ship curated starting points to their users.

The UI also ships two demo pages — a Solar System Missions visualizer (a top-down ecliptic view of spacecraft trajectories via live SPARQL queries) and a World Events Explorer (a geo-temporal event viewer with map, timeline range brush, and type filtering) — now consolidated in a dedicated Demos section with header navigation.

Workspace/Collection/Flow Switcher

The UI header now features a live workspace, collection, and flow switcher driven by IAM (whoami and list-my-workspaces) over the authenticated WebSocket. All post-auth calls are scoped to the active workspace, workspace-scoped query caches are wiped on switch, and roughly 40 previously hardcoded flow("default") and COLLECTION references have been replaced with live session reads. Users can now move between workspaces fluidly without reloading the application.

MCP Server Authentication

TrustGraph 2.5 delivers end-to-end Bearer token authentication for the MCP server, replacing an approach where the gateway token was sent as a query parameter and silently ignored. Each MCP caller now gets a dedicated WebSocket authenticated via the gateway's in-band first-frame protocol, with whoami verification on first connect.

This release also expands the MCP tool surface significantly:

• sparql_query — new tool for SPARQL SELECT/ASK/CONSTRUCT/DESCRIBE queries
• graphql_query — new tool for structured data GraphQL queries
• embeddings — now accepts a list of texts (previously single string only)
• triples_query — migrated to Term wire format with compact keys, plus collection and graph parameters
• All tools now accept an optional workspace parameter

Comprehensive SPARQL 1.1 Engine

TrustGraph 2.5 delivers a major expansion of the SPARQL query engine, adding support for 30+ built-in functions across string, numeric, date/time, hash, and term constructor categories — including SUBSTR, STRBEFORE, STRAFTER, REPLACE, FLOOR, CEIL, ROUND, ABS, YEAR, MONTH, DAY, NOW, MD5, SHA256, UUID, EXISTS/NOT EXISTS, and more. The MINUS set-difference algebra operator is also now supported.

Beyond new functions, the engine has been substantially re-architected for performance:

• Streaming evaluation via async generators — results stream incrementally, SLICE terminates early, and full result-set materialization is avoided for streamable operators
• Bind join optimization for VALUES/ToMultiSet joins — the small side seeds selective queries on the large side, turning wildcard BGP queries into selective ones
• TriplesClient.query_gen() — a new async generator wrapping the streaming callback API via an asyncio.Queue bridge
• Fixed LIMIT propagation into child algebra nodes that was starving OPTIONAL and other operators of results
• Fixed FILTER IN/NOT IN handling for both rdflib representations

Complete Holon Core Round-Trips

Holon cores in 2.5 now preserve the full provenance chain on round-trip. Named graph fields are preserved through Cassandra storage (7-element tuple), so provenance triples retain their graph URIs. Source material — library documents — is now streamed alongside triples and embeddings during core download and upload, preserving the document hierarchy across instances. Knowledge cores can now be moved between TrustGraph deployments without losing provenance or source material.

Production-Ready Data Store Configuration

TrustGraph 2.5 hardens storage configuration for production deployments:

• Qdrant — a centralized qdrant_config.py helper with environment variable fallback for URL, API key, replication factor, and shard number; all six Qdrant processors updated; writers pass replication and shard parameters to create_collection
• Cassandra — fixed hardcoded replication_factor=1 that was overriding CASSANDRA_REPLICATION_FACTOR; TLS upgraded from the deprecated PROTOCOL_TLSv1_2 to ssl.create_default_context()
• Replication parameters now correctly wired through the YAML/params path for both stores

Reliability and Bug Fixes

2.5 resolves a broad set of correctness and reliability issues:

• Large document handling — Cassandra reads for triples and embeddings are now paginated with fetch_size paging, preventing OOM on large datasets
• Workspace routing in bulk clients — bulk WebSocket clients were silently routing all operations to the default workspace; fixed
• CLI workspace routing — several CLI commands (show-flows, show-flow-blueprints, set-prompt --system, load-structured-data) were silently ignoring the -w flag; fixed
• WebSocket auth workspace override — AsyncSocketClient was unconditionally overwriting explicitly requested workspaces with the auth-ok response workspace; fixed
• Structured data query auth — fixed 401 errors when loading structured data with IAM enabled
• Librarian object store credentials — credentials for S3-compatible object stores can now be supplied via Kubernetes Secrets through environment variables without appearing in launch.yaml

Availability

TrustGraph 2.5 is available now on GitHub and via the TrustGraph config tools. Full release notes and updated documentation are available at docs.trustgraph.ai.

---

For more information:

• TrustGraph changelog: https://docs.trustgraph.ai/reference/changelog/trustgraph.html
• Workbench changelog: https://docs.trustgraph.ai/reference/changelog/workbench.html
• Documentation: https://docs.trustgraph.ai
• GitHub Repository: https://github.com/trustgraph-ai/trustgraph
• Discord Community: https://discord.gg/sQMwkRz5GX
• Website: https://trustgraph.ai