What's New in FLUID 0.7.1 — Agentic Governance + Provider-First Orchestration
FLUID 0.7.1 represents a significant evolution focused on Agentic Governance and Provider-First Orchestration. Built with 100% backward compatibility with v0.5.7, it adds powerful new capabilities for the AI-driven enterprise.
💡
agentPolicylocation. AI/LLM consumption policy lives per-expose underexposes[].policy.agentPolicy— not at the root, despite the top-level snippets in this historical release note. The schema has never accepted it at the top level. See the Schema Anatomy for the correct shape.
🤖 Agentic Governance (NEW)
Control which AI models can access your data and how they can use it:
# NEW in v0.7.1: AI/LLM usage policies
agentPolicy:
allowedModels:
- "gpt-4"
- "claude-3-opus"
- "gemini-1.5-pro"
maxTokensPerRequest: 8192
maxTokensPerDay: 100000
allowedUseCases:
- "customer-insights"
- "market-analysis"
deniedUseCases:
- "political-profiling"
- "credit-scoring"
requiresHumanReview: true
auditLog:
enabled: true
includePrompts: true
Why this matters: As AI agents become primary data consumers, organizations need granular control over:
- ✅ Model-specific access — whitelist/blacklist AI models
- ✅ Usage boundaries — define permitted and prohibited use cases
- ✅ Rate limiting — token quotas per request and per day
- ✅ Audit compliance — full logging of AI interactions with data
- ✅ Human oversight — require review for sensitive operations
🌍 Sovereignty Constraints (NEW)
Enforce data residency and jurisdictional compliance at the contract level:
# NEW in v0.7.1: Top-level sovereignty requirements
sovereignty:
jurisdiction: "EU"
dataResidency:
allowedRegions:
- "europe-west1"
- "europe-west3"
deniedRegions:
- "us-central1"
complianceFrameworks:
- "GDPR"
- "HIPAA"
crossBorderTransfer:
allowed: false
Why this matters: Global compliance requires infrastructure-level enforcement:
- ✅ Jurisdictional boundaries — enforce EU, US, APAC data laws
- ✅ Regional constraints — specify allowed/denied cloud regions
- ✅ Compliance frameworks — declare GDPR, HIPAA, SOC2 requirements
- ✅ Transfer controls — block cross-border data movement
⚙️ Provider-First Orchestration (NEW)
Direct invocation of provider actions as first-class orchestration tasks:
# NEW in v0.7.1: Provider actions without wrapper operators
orchestration:
engine: "airflow"
tasks:
- taskId: "ensure_s3_bucket"
type: "provider_action"
provider: "aws.s3"
action: "ensure_bucket"
parameters:
bucket_name: "customer-data-lake"
region: "us-west-2"
- taskId: "load_to_snowflake"
type: "provider_action"
provider: "snowflake.table"
action: "ensure"
parameters:
database: "ANALYTICS"
schema: "GOLD"
table: "CUSTOMER_360"
dependsOn: ["ensure_s3_bucket"]
Why this matters: Simplifies multi-cloud orchestration:
- ✅ Native provider actions — AWS, GCP, Azure, Snowflake primitives
- ✅ No wrapper complexity — direct action invocation
- ✅ Cross-provider workflows — multi-cloud pipelines without vendor lock-in
- ✅ Strong typing — provider-specific validation
📊 Enhanced Access Control (NEW)
Root-level accessPolicy for automated IAM binding generation:
# NEW in v0.7.1: Declarative access grants
accessPolicy:
grants:
- principal: "group:data-analytics@company.com"
permissions: ["read", "select", "query"]
resources:
- "$.exposes[?(@.kind=='table')]"
- principal: "serviceAccount:pipeline@project.iam.gserviceaccount.com"
permissions: ["write", "insert", "update"]
conditions:
ipRanges: ["10.0.0.0/8"]
Why this matters: Infrastructure-as-code for data access:
- ✅ Automated IAM — generate cloud IAM bindings from the FLUID spec
- ✅ Resource targeting — JSONPath expressions for fine-grained access
- ✅ Conditional access — IP restrictions, time windows
- ✅ Audit-ready — version-controlled access policies
📈 Key improvements over v0.5.7
| Feature | v0.5.7 | v0.7.1 | Impact |
|---|---|---|---|
| AI Model Control | ❌ None | ✅ agentPolicy | Govern AI/LLM data access |
| Data Sovereignty | ❌ Manual | ✅ sovereignty | Automated compliance enforcement |
| Orchestration | ⚠️ Abstract | ✅ Provider-first | Direct cloud provider actions |
| Access Control | ⚠️ Expose-level | ✅ Root-level accessPolicy | Centralized IAM automation |
| Cross-Provider | ⚠️ Complex | ✅ Native | Simplified multi-cloud workflows |
| Task Dependencies | ⚠️ Build-only | ✅ Data product deps | Richer dependency graphs |
| Error Handling | ⚠️ Basic | ✅ Categorized | Intelligent retry strategies |
| Cost Tracking | ⚠️ Estimated | ✅ Actual vs estimated | Budget enforcement |
🔄 100% backward compatible
All v0.5.7 contracts work unchanged in 0.7.1:
- ✅ No breaking changes
- ✅ New features are opt-in
- ✅ Existing patterns fully preserved
- ✅ Gradual adoption path
Migration is simple:
# Change version number — that's it!
fluidVersion: "0.7.1" # was "0.5.7"
# Optionally add new features
agentPolicy: { ... }
sovereignty: { ... }
accessPolicy: { ... }
See the Schema Changelog for the full version history, or the 0.5.7 → 0.7.1 diff for the auto-generated change list.
