Shuffle Release Notes

🚀 New Features

Azure DevOps Workflow Sync

• Added a new Sync mode to the workflow import dialog, allowing users to list all workflows from a remote repository (e.g., Azure DevOps) before importing them.
• A new "List & Sync" modal displays all remote workflows in a table with Name, Folder, Last Updated, and an Import / Sync action button.
  • If a workflow already exists in the org, the button shows Sync (with a refresh icon); otherwise it shows Import (with a download icon).
• Users can toggle Sync mode via a switch in the import dialog (Sync: list workflows before importing).
• Implemented listRemoteWorkflows() and handleRemoteWorkflowAction() functions in Workflows2.jsx.
• Merged via PR #1960 and PR #1962.

Orborus Controlled Agent Mode

• Orborus can now operate as a local compliance and response agent, capable of running independently from a central backend.
• Added base_url support for Orborus sensor mode.
• Orborus has been moved to its own repository github.com/shuffle/orborus; the Orborus source code has been removed from this monorepo (commit).

🐛 Bug Fixes

Frontend

• Fixed missing app images on workflow canvas: if an action's large_image is missing (e.g., in imported or synced workflows), the image is now injected from the available apps sidebar by matching app_id or app_name. (commit)
• Fixed execution context on sub-org switch: When switching to a different sub-org, stale execution_id URL parameters are now cleared and execution modal state is reset to avoid showing the wrong org's execution. (commit)
• Fixed execution ID reading from URL: execution_id is now always read from window.location.search (not stale cursearch), and correctly handled in sub-org context. (commit)
• Added executionsLoading state to the workflow execution panel to better track loading state and prevent stale UI updates. (commit)
• Removed duplicate "close" button text from execution panel: execution_id URL param is now properly cleared when the close button is clicked. (commit)
• Removed the "Folder" column from the remote workflows table in the sync modal (temporarily hidden). (commit)
• Fixed minor UI issues and bugs across various components. (PR #1968, PR #1970)
• Fixed Shuffle Tools app image fallback in execution result view to always display the correct icon when large_image is missing. (commit)
• Fixed disableRule / enableRule safety in Orborus: made these operations safer to prevent unintended state changes. (PR #1964)
• Fixed auth issue after subflow execution: resolved an authentication context problem that appeared after a subflow completed. (commit)
• Fixed base_url for Orborus sensor. (commit)

Backend / Execution Engine

• Improved stability of subflows and workflow executions: multiple fixes for race conditions and state inconsistencies during parallel/subflow execution. (commit)
• Fixed duplicate action result handling: added a fix to ignore duplicate action results during execution updates (later reverted due to side effects, then re-approached via stability improvements). (commit, revert)
• Removed confusing "waiting" stage from workflow execution status: this intermediate state was causing user confusion. (commit)
• Return HTTP 200 before workflow transaction to improve responsiveness and reduce timeout-related issues. (commit)
• Pass proxy settings from backend to worker: if a worker does not have proxy settings, it now inherits them from the parent. (commit)

Licensing

• Applied licensing changes to the frontend: Changed limitation metric to go from workflow runs to app runs, default limit: 25k app runs. (commit)
• Note: Users on Shuffle open-source will not be hard-blocked upon reaching the 25k app run limit. Instead, when a burst of executions is detected, throughput will be throttled to 1 workflow execution per minute. All rate limits reset automatically on the 1st of each month.

🔧 Infrastructure & Kubernetes (Helm)

• Added debug mode support to all Shuffle Helm chart components (backend, orborus, worker, app) via new *.debug boolean values. When enabled, sets DEBUG: "true" as an environment variable. (PR #1961)
• Fixed shuffle.appInstance.env Helm helper: the helper now accepts a proper context dict, fixing env variable propagation to app deployments.
• Automatically sets GOMEMLIMIT environment variable in Kubernetes deployments. (commit)
• Helm chart README cleanup: removed duplicate parameter table entries and fixed heading levels. (commit)
• Hardcoded the Kaniko image for consistency across build environments. (commit)

📦 Dependency Updates

| Component | Update | Date |
|-----------|--------|------|
| shuffle-shared | v1.1.4 → v1.1.4-experimental → v1.2.8 → v1.2.50 | Mar–May 2026 |
| frikky/schemaless | v0.0.32 → v0.0.34 | Mar 2026 |

👥 Contributors

| Contributor | GitHub |
|-------------|--------|
| Lalit Deore | @LalitDeore |
| Yash Singh | @yashsinghcodes |
| Aditya | @0x0elliot |
| Frikky | @frikky |
| Pascal Sthamer | @P4sca1 |