For People who like a story:

The platform learned how to choose. And how to protect itself.

V1 was about ground truth.

V1.1 is about control.

Control over where intelligence runs.

Control over who sees what.

Control over the small failure modes that quietly ruin trust.

This release isn’t flashy on the surface.

It’s decisive under the hood.

Act I: Excalibur Stops Betting on a Single Brain

In V1, Excalibur could think.

In V1.1, it can choose how to think.

We added true multi-provider LLM support.

You can now run Excalibur with:

• NVIDIA DGX Cloud

• RunPod serverless GPU inference

And more importantly, Excalibur doesn’t hardcode that decision.

LLM requests now route dynamically to the provider you configure.

Your infrastructure. Your cost model. Your risk tolerance.

No vendor lock-in disguised as “simplicity.”

And because visibility matters, the Settings UI now clearly shows which providers are wired in with proper branding, not guesswork.

Excalibur doesn’t assume where your intelligence should live anymore.

You decide.

Act II: Sharing Without Losing Ownership

Reports are meant to be read.

They’re also meant to be protected.

V1.1 deepens access control with RBAC Phase 2 and 3.

You can now:

• Share reports with teammates through a dedicated access control interface

• Give external viewers a guest, read-only experience

• Manage share links without wondering who still has access

And we closed a dangerous edge case.

Owners can no longer accidentally downgrade themselves when sharing.

Because losing control of your own report should never be one click away.

Collaboration got easier.

Ownership stayed absolute.

Act III: Sessions That End Like Adults

Sessions end.

That’s normal.

What isn’t normal is being logged out twice, silently, or mid-flow.

V1.1 fixes that.

• Sessions now expire gracefully, with a clear user notification

• Duplicate logout calls are gone

No confusion.

No ghost redirects.

No “wait, what just happened?”

Act IV: The Quiet Bugs That Matter

This release also cleaned up the kinds of issues most changelogs hide at the bottom.

We didn’t.

Reporting & Canvas

• Business unit connections now persist correctly when reorganising

• MiniMap and zoom controls visually match the canvas

• Infinite render loops caused by React effects are gone

• Safer DOM handling prevents drag-related crashes

Security & Authentication

• AI provider API keys are now properly encrypted at rest

• CSRF token handling no longer trips TypeScript

• Original owners are now immutable, preventing lockouts

• Templates use the correct service role instead of anonymous access

These aren’t “minor fixes.”

They’re trust repairs.

Act V: Infrastructure Grows Up

Under the surface, Excalibur became more resilient.

• RunPod now uses user-stored API keys, not environment shortcuts

• Neo4j starts more reliably with retry logic

• Memory usage is tighter on DigitalOcean

• Slack integrations no longer break on mismatched variables

The system behaves better under stress.

Which is exactly when it matters.

Act VI: Less Entangled, More Intentional

A few final moves made Excalibur easier to reason about:

• Reporting now separates the welcome experience from the canvas

• LLM integrations were fully audited and documented

• Dependencies were updated and cleaned up with security fixes

No behavioural change for users.

A lot more clarity for the system.

What v1.1 Really Is

This release isn’t about new screens.

It’s about removing fragility.

Excalibur now:

• Thinks across providers

• Shares without risk

• Ends sessions cleanly

• Protects ownership by default

• Runs more reliably in the real world

V1 proved the idea.

V1.1 makes it sturdier.

And from here, we build forward not sideways.

Welcome to Excalibur v1.1.

For Technical Crowd:

Multi-Provider LLM Support

• DGX Cloud Integration: Added NVIDIA DGX hardware as an AI provider option

• RunPod Integration: Added RunPod serverless GPU inference support

• Dynamic Provider Routing: LLM requests now route to user-configured providers

• Provider Logos: Added NVIDIA and RunPod branding to Settings UI

Access Control & Sharing (RBAC Phase 2 & 3)

• Module Sharing: Share reports with team members via access control UI

• Guest User View Mode: Read-only experience for shared report viewers

• Share Link Management: Improved UI for managing report share links

• Owner Protection: Prevent accidental owner downgrade when using share links

Session Management

• Graceful Session Expiration: Auto-logout with user notification on session timeout

• Prevent Multiple Logouts: Fixed duplicate logout calls on expiration

🐛 Bug Fixes

Reporting Dashboard

• Business Unit Connections: Connections now persist when dragging away from organization

• Canvas Controls: MiniMap and zoom controls now have white background (matching canvas)

• Infinite Render Loop: Fixed useEffect dependency issue causing render loops

• Block Draggable: Added null safety guards for DOM node operations

Security & Authentication

• API Keys Encryption: Fixed encryption for stored AI provider API keys

• CSRF Token Hook: Resolved TypeScript error in use-csrf-token

• Owner Lockout Prevention: Added immutable is_original_owner flag

• Template Security: Switched from anon key to service_role for templates

UI/UX Improvements

• Toast Notifications: Use portal to prevent layout shift

• Console Cleanup: Suppress harmless errors in production

• Server Actions: Fixed import issues in SecurityArchitectureDiagram

Infrastructure

• RunPod API Keys: Use user's stored API key instead of environment variable

• Neo4j Retry Logic: Added connection retry for container startup reliability

• Memory Optimization: Optimized builds for DigitalOcean server

• Slackbot Sync: Fixed Neo4j variable names for Slack integration

📦 Dependencies

• Package dependencies updated with npm audit fixes

🔧 Technical Improvements

• Comprehensive LLM integration audit documentation

• Separate welcome and canvas into distinct routes for reporting module