What's New in CloudWise

Stay up to date with the latest features, improvements, and bug fixes in CloudWise.

Automatic Updates

CloudWise will notify you about new features directly in the dashboard. Look for the New Features banner when updates are available!

Version 1.99.0 - June 24, 2026

A Faster Dashboard and a Calmer Way to Work Findings

The dashboard got a ground-up redesign and a big speed-up, and inspecting a cost finding is now a side-by-side experience instead of a pop-over.

Inspect findings side-by-side — in the workspace Findings view, clicking a finding opens its full detail (evidence, the safe-to-fix verdict, and a copyable read-only command) in a panel right beside the list, so you keep your place. Narrow screens fall back to a focused panel.
New “Cockpit” dashboard — redesigned from the ground up into a focused cockpit (spend, savings, anomalies and top findings at a glance) and rebuilt to load noticeably faster, with the headline numbers painting almost instantly on repeat visits.
Reports follow your account picker — the account you select in the header now scopes the Reports page too, and the cost agent can break spend down by date range, granularity and per-account.
Clearer guidance for offline accounts — workspaces analyzing an uploaded Cost & Usage Report now lead with upload-first, connection-agnostic guidance for air-gapped and Compliance users.

Bug fixes:

Made the dashboard load faster by trimming the data it fetches and querying it more efficiently.
Cut cold-start latency so the first request after an idle period responds noticeably quicker.

Version 1.96.0 - June 21, 2026

🎨 Dashboard Cards, Re-skinned

The dashboard’s supporting cards now wear the dark design system.

Forecasting chart, anomaly alerts, cost-by-tag, usage and feature/plan badges are all on the dark theme
Money, savings and trends use a consistent on-brand palette — gold for money, green for savings, red for cost increases — matching the rest of the app and Reports

Version 1.95.0 - June 19, 2026

🎨 Air-Gapped Analysis, On Its Own Page

Air-gapped (offline) cost analysis now lives on its own dedicated, dark-themed page.

A cleaner, focused home for uploading Cost & Usage Reports and reviewing offline cost breakdowns
Built for Compliance-tier workspaces — nothing leaves your environment

Version 1.94.0 - June 19, 2026

🎨 Reports, Re-skinned

The whole Reports experience now wears the dark design system.

Filter bar, report tables, charts, export and the report builder are all on the dark theme
Clearer filtering and on-brand gold/green/red for spend and savings, consistent with the rest of the app

Version 1.93.0 - June 19, 2026

🎨 Settings & Setup, Re-skinned

The Settings and Setup screens now wear the same dark design system as the rest of the app.

Subscription, notifications, budget alerts, API keys, password, MFA, AWS accounts, permissions and organization-discovery pages all match the dark theme — cleaner forms, clearer toggles
The page name shows once, in the top bar, instead of being repeated in the body
The AWS Accounts page now links straight to AWS Organization discovery and the read-only permissions view (previously hard to reach), and the organization-discovery flow has a clear way back

Version 1.92.0 - June 18, 2026

🎨 Remediation, Re-skinned

The Remediation screen — where you review, approve and roll back AI-suggested fixes — now matches the app's dark design system.

The remediation queue, action cards, execution timeline and savings widgets are re-skinned for clearer status, risk and reversibility cues
Realized-vs-projected savings read more clearly at a glance

Version 1.91.0 - June 18, 2026

🎨 Consistent, On-brand Notices

The app's cross-cutting banners now render through one consistent design-system component.

Stale-data warnings, account-status and template-update prompts, the new-features banner, profile-completion and demo notices are now all built on a single "Notice" component
Consistent styling, spacing and dismiss behavior across the app

Version 1.90.0 - June 18, 2026

🎨 Your Workspace, Now With Real Views

The workspace rail is no longer just shortcuts — Overview, Findings, Remediations, Cost and Commitments are now real, selectable views.

Each view has its own URL: open one straight from the rail, refresh or share the link, and the workspace remembers where you are
The conversation is still one click away, and every view can hand off to the agent
Click any waste finding to open a detail drawer: why it's flagged, a safe-to-fix / needs-review verdict, a copy-ready read-only command to verify it yourself, and a one-click "ask the agent to fix this"

Version 1.89.0 - June 18, 2026

🎨 A More Cohesive, Steadier App

A shared design-system layer now backs the pages across the app, and the app chrome stays put while you work.

A consistent, on-brand look across the signed-in product
The top bar, product rail and notices strip stay pinned while only your content scrolls — navigation and account context are always in reach

Version 1.88.0 - June 17, 2026

🤖 The Agent Understands All Your Accounts

The assistant now scopes its answers to the account(s) you've selected and can compare across them.

Ask about one account, a subset, or all of them — cost, findings, commitments and alerts honor your selection
"Compare my two accounts" and "show costs for account X" now work as expected
Fix: Reserved-instance and Savings-Plan coverage is now summed across all your accounts instead of just the first

Version 1.87.0 - June 17, 2026

🎨 Switch Accounts Without Leaving the Conversation

The workspace header now scopes the whole surface to the account(s) you pick — connected or air-gapped, one or several.

Multi-select account switcher: choose "All accounts", a single account, or a subset, within your plan's limits
Connected and offline (air-gapped) accounts are shown distinctly, and your selection persists as you move around
The agent answers for exactly the scope you selected
Account-status and stale-data notices moved up into an app-wide notices strip, scoped to your selection

Version 1.86.0 - June 17, 2026

🎨 One Shell Around Everything

Every signed-in page now lives inside a single, consistent app shell.

The workspace, reports, settings, and account setup share one Rail + Tabs shell
The account switcher and a single sign-out/settings menu live in the header everywhere
No more jarring jumps between differently-chromed pages — the whole signed-in product reads as one continuous surface

Version 1.84.0 - June 16, 2026

🎨 A New Front Door

Sign-in, sign-up, and every account screen are rebuilt on the CloudWise design system — the same dark, gold-and-periwinkle look as the workspace.

Login, registration, password reset, email verification, and the MFA challenge all share the agentic app's theme, type, and accents
One consistent look from the landing page through to the workspace
No flow changed — it just looks like one product now

Version 1.82.0 - June 16, 2026

🔒 Air-Gapped, Reachable Everywhere

The air-gapped (offline) analysis flow is now reachable from every entry point and on every tier.

Wired into the connect flow and the no-data workspace state, with no dead ends
Available on every plan, so regulated teams can always start an offline analysis
Upload a cost export and get findings right inside the conversation — no data leaves your environment

Version 1.80.0 - June 15, 2026

✉️ Email, On Brand

Every CloudWise email is rebuilt on one shared template that matches the agentic app.

Budget alerts, cost-spike anomalies, waste-findings digests, remediation approvals and results, scheduled cost reports, and onboarding reminders all share one light, deliverable design
The CloudWise wordmark header, gold and periwinkle accents, and app type treatment — one product, end to end
Every call-to-action now links into the workspace

Version 1.79.0 - June 15, 2026

🛡️ Guardrails, Alerts, and Offline — In the Workspace

The agentic workspace gains the surfaces regulated and cost-conscious teams need.

Remediation guardrails — ask "what are my guardrails?" and the agent shows the rules it obeys (confidence, risk, MFA threshold, daily caps, exclusions), with a link to edit them
Cost anomalies — recent spend spikes surface as a card: service, baseline vs. current, percent change, and severity
Spend trend — ask where your spend is heading and get a clean trend line inline
Air-gapped analysis — start an offline, no-egress cost-export analysis without leaving the conversation

Version 1.78.0 - June 15, 2026

💰 Talk to Your Whole Bill

The workspace now answers spend, not just waste.

Ask "where's my money going?" and get spend by service and region, trend, and budget variance — as rendered cards
Reserved Instance and Savings Plan coverage, utilization, and commitment risk, on ask
The standalone cost, reports, and savings pages are retired in favor of the workspace

Version 1.77.0 - June 15, 2026

💬 Help, Answered in the Conversation

The Copilot now answers your support questions directly — grounded in a freshly reviewed FAQ corpus.

Ask "how do I connect read-only?" or "why can't I execute a fix?" and get the answer in the conversation, no docs-page detour
FAQ corpus reviewed for current tiers, pricing, remediation, and air-gapped behavior
Help survives as a clean, searchable fallback with the feedback form

Version 1.76.0 - June 15, 2026

⚙️ Settings, Refreshed

The entire settings cluster moves onto the new CloudWise design system through one shared shell.

Password, two-factor auth, API keys, notification preferences, budget alerts, subscription, and remediation policy — all re-skinned consistently
Settings and the agentic workspace now feel like a single product
Conventional, fast forms — no chat surface where it doesn't belong

Version 1.75.0 - June 15, 2026

🤖 Your Copilot, Fully Inside AWS

The in-app cost Copilot now runs on Claude via Amazon Bedrock.

Migrated from OpenAI to Claude (Haiku 4.5 for everyday questions, Sonnet 4.6 for deep analysis)
Your cost data never leaves AWS — IAM auth, no third-party AI subprocessor on the path
Answers grounded strictly in your own cost data

Version 1.74.0 - June 14, 2026

💳 Usage Credits, Live Trends & AI Inside Your AWS

A two-currency usage model arrives, the waste overview gains a real trend line, and AI-generated action steps move onto Claude on Amazon Bedrock.

Usage metering & action credits — two clear meters: Copilot questions (a generous daily allowance that upsells rather than hard-stops) and monthly action credits spent only when you execute a remediation. Agentic includes 20 credits/month, Compliance 100, with Stripe top-ups any time. A new credits view shows exactly where you stand.
Live waste trend — the waste overview plots a real trend line from your own scan-history baselines, not just a single snapshot.
AI action steps on Amazon Bedrock — generated remediation steps now run on Claude (Haiku 4.5) via Bedrock with IAM auth; your cost data stays inside AWS with no third-party AI subprocessor on this path.

Version 1.73.0 - June 14, 2026

🧠 The Agent Remembers You

The workspace agent now carries durable, cross-session memory.

Tell it a preference or a fact about your environment once and it remembers across new threads and restarts
Memory is stored per-user and recalled automatically on every turn
You stay in control — ask it to forget and it forgets

Version 1.72.0 - June 13, 2026

💬 A Real Conversation Engine

The workspace agent moves to a true tool-calling conversation core.

One unified loop on Claude via Amazon Bedrock powers both the anonymous sample experience and your live connected account
The agent picks and calls the right tools (overview, findings, remediation) to answer naturally instead of following a fixed script

Version 1.71.0 - June 12, 2026

🤖 Meet the Agentic Workspace

The biggest release of the redesign: /workspace is now a conversational agentic surface. Anonymous visitors get the full workspace on a sample account — the demo is the app.

The agent opens with where your money is going: waste overview with a selectable trend window (week-over-week, day-over-day, month-over-month, rolling 30d) and per-service trend markers
Findings ranked by impact, with detection confidence and execution risk
Region breakdowns on ask ("break it down by region")
Propose vs execute by tier: read-only tiers get the exact command to run; Agentic gets one-click approve & execute with a full status journey — roll back within 24h, retry failures, report issues
Compliance stays air-gapped by design: propose-only, with audit framing
Remediation activity view: everything the agent ran and where it stands

Version 1.70.0 - June 11, 2026

🎨 Documentation Gets the New Look

The documentation site now wears the same dark CloudWise brand as the product — same palette, same type system, same feel from the homepage through the guides.

Version 1.69.0 - June 11, 2026

🌐 New Marketing Shell + Faster Blog

Every public page — about, contact, privacy, security, terms — now lives in the redesigned dark shell, and the blog is server-rendered.

Faster post loads with syntax-highlighted code blocks
Proper article metadata for search engines

Version 1.68.0 - June 11, 2026

💳 New Pricing Page — Four Tiers, Monthly or Annual

Pricing rebuilt on the new design system: Free, Shield, Agentic AI, and Compliance side by side.

Each tier with its verb: Ask → Watch → Fix → Govern
Monthly/annual billing toggle — annual saves up to 35%
Badges mark the recommended and most popular plans

Version 1.67.0 - June 11, 2026

Housekeeping release.

Fixed the sign-up conversion event not firing on some registration paths
Standardized UTM parameters across marketing links for clean campaign attribution

Version 1.66.0 - June 11, 2026

🔗 Connect Your AWS in One Flow

A new register-and-connect spine: sign in with Google or a magic code, add a read-only CloudFormation role, and land in the workspace — one continuous flow, no long forms.

Minimal registration: SSO or an emailed code
Read-only connect with a guided CloudFormation template
Your first scan kicks off automatically on connect

Version 1.65.0 - June 10, 2026

🤖 Ask the Agent — Right on the Landing Page

The landing-page demo now answers free-typed questions through a guardrailed CloudWise agent running on AWS Bedrock.

Answers scoped to the clearly-labeled sample account
Server-side guardrails: fixed context, per-session rate limits, token cap
Includes 1.65.1: backend dependency security updates

Version 1.64.0 - June 10, 2026

🚪 A New Front Door: the Agentic Landing

CloudWise repositions as an agent for your AWS bill. The new homepage opens with a live mini-agent demo on a sample account.

Talk to the agent: overview, findings, and remediation cards rendered in the conversation
The Ask → Watch → Fix → Govern ladder
Refreshed brand kit, with positioning for startup and regulated audiences

Version 1.63.0 - June 9, 2026

🧱 New Design Language Foundations

The CloudWise redesign begins: a dark, focused design system that every surface now builds on.

Shared color tokens and typography (Space Grotesk, Inter, JetBrains Mono)
Accessible UI primitives: buttons, cards, chips, segmented controls

Version 1.62.0 - June 9, 2026

📘 Reserved Instance Commitment-Risk Guide

New engineering deep-dive on the blog: the Commitment Risk Score — a four-signal composite that tells you whether your architecture is stable enough to safely buy Reserved Instances or Savings Plans.

Signals: instance-family churn, spend volatility, resource lifecycle, existing commitment utilization
Worked example of the family-churn signal, plus copy-pasteable AWS CLI commands

Read the guide →

Version 1.61.0 - June 9, 2026

📰 Release Notes Hub

The in-app release notes got a full overhaul.

Complete history backfilled (v1.45–v1.59), organized by year so the hub scales
Highlighted features surface in the in-app New Features banner
A drift gate now fails the build if notes fall behind the shipped version

Version 1.59.0 - June 8, 2026

🏢 AWS Organizations Auto-Discovery

Connect once at the organization level and CloudWise automatically discovers the member accounts under your AWS Organization — no more adding each account by hand.

Enumerate and onboard member accounts from a single connection
Complete multi-account cost coverage without account-by-account setup
Faster onboarding for larger AWS estates

Multi-account setup guide →

Version 1.58.0 - June 8, 2026

📊 Budget Variance Dashboard & Scheduled Email Reports

Track budget-vs-actual spend at a glance, and have any report delivered to your inbox automatically.

Budget Variance Dashboard — planned vs. actual spend per budget with over/under variance and drill-down, surfacing overruns before the month closes (all tiers)
Scheduled Email Reports — schedule any report for daily, weekly, or monthly email delivery; your scheduling preference now persists across sessions
Bug fix: scheduled-reports preference now persists correctly end-to-end

Version 1.57.0 - June 8, 2026

🔐 Air-Gapped DLP Controls, Smarter Notifications & Quieter Errors

DLP-Strict (SHA-256) anonymization is now an explicit, gated control for air-gapped uploads
Completed alerting, Slack/webhook delivery, cost-trending, archival, and reprocessing services so alerts and integrations fire reliably
Bug fixes: reduced error-reporting noise with graceful degradation when auth dependencies are briefly unavailable; more resilient login/MFA under cold starts

Version 1.56.0 - June 4, 2026

🚦 Free-Tier Account Limit & Onboarding Email Drip

Free tier supports one connected AWS account; adding a second returns a clear in-product upgrade prompt instead of a generic error
New users receive a three-email onboarding series to connect an account, run a first scan, and find quick wins

Version 1.55.0 - June 2, 2026

✨ Conversion Quick Wins — Faster Path to Value

Prominent "Explore with sample data" call-to-action
More discoverable air-gapped upload path
Inline AI Copilot links from key pages so you reach insights in fewer clicks

Version 1.54.0 - June 2, 2026

💲 Consistent Pricing Everywhere

Tier prices ($19 / $49 / custom) now come from a single source of truth, eliminating mismatches between the pricing page, in-app upgrade prompts, and checkout.

Version 1.52.0 - May 29, 2026

💰 Reserved Instance & Savings Plan Management Dashboard

A dedicated dashboard brings the commitment-intelligence backend (from v1.38) into a single management view:

Utilization across all Reserved Instances and Savings Plans
Upcoming expiry timelines and coverage gaps
Purchase-risk scoring to inform commitment decisions

Bug fix: reproducible Docker builds via npm ci with a lock file.

Version 1.51.0 - May 29, 2026

💳 Billing & Payment Flow Hardening

Completed the remaining payment-flow handling in the Stripe webhook processor, so subscription lifecycle events (activation, updates, failures) are processed reliably end-to-end.

Version 1.47.0 - May 27, 2026

📰 Blog RSS Feed & Reading Experience

Subscribe to CloudWise blog posts via a valid RSS 2.0 feed at /blog/feed.xml
Bug fixes: resolved blog hydration mismatch; improved Twitter/social preview cards and pagination links

Version 1.46.0 - May 26, 2026

🔒 Security Hardening — Auth, Secrets & Rate Limiting

A focused security pass across the platform. Most of this is invisible day-to-day — by design — but it materially strengthens account protection.

Rate limiting on auth, AI, and scan endpoints to blunt abuse and brute-force attempts
Hardened auth cookies (httpOnly, Secure, SameSite)
Removed a hardcoded test-token backdoor and a legacy JWT signature-skip fallback
Removed a dev-mode access-control bypass
Parameter Store secret loading now fails closed when unavailable, with TTL expiry on cached secrets
User-supplied values are HTML-escaped in email templates
Added a gitleaks pre-commit hook and redacted historically committed credentials

Version 1.45.0 - May 24, 2026

🛠️ Error Monitoring, Remediation Reliability & Tiered Scanning

Sentry error tracking integrated for faster detection and resolution of regressions
Tier-based detector routing end-to-end, with a focused free-tier detector set for faster results
Public IAM permissions page documenting exactly what access CloudWise requests
Bug fixes: unblocked remediation approve buttons across many waste types; deterministic idle-load-balancer plans with dashboard price alignment; rollback correctly rejected for skipped actions; NAT Gateway and Lambda provisioned-concurrency remediation fixes; enabled Shield PDF generation

Version 1.44.0 - April 17, 2026

🌐 Global Accelerator Deep Optimization — 2 New Detectors

Two new Global Accelerator waste detectors, bringing total waste coverage to 191 detectors. Both work in online and offline/air-gapped modes via the DataProvider abstraction. The existing unused_accelerator detector has been refactored to use the same DataProvider pattern with updated pricing ($25.55/month including IPv4 charges).

🔍 New Waste Detectors

Detector	Risk	What It Finds
idle_global_accelerator	HIGH	Deployed accelerator with endpoints but zero ProcessedBytesIn/Out for 30 days — $25.55/month wasted
disabled_global_accelerator	MEDIUM	Accelerator with Enabled=false still incurring fixed hourly charges — $25.55/month wasted

🔧 Refactored Detector

Detector	Change
unused_accelerator	Migrated from raw boto3 to DataProvider abstraction; now supports offline/air-gapped mode; savings updated from $18 to $25.55/month (includes 2× IPv4 address charges)

📋 Infrastructure Updates

Remediation Role bumped to v1.30.0 — adds globalaccelerator:ListListeners, ListEndpointGroups (read) for pre-deletion listener and endpoint verification
Export script expanded with per-accelerator ListListeners, ListEndpointGroups, and CloudWatch ProcessedBytesIn/ProcessedBytesOut metrics (30-day sum)
Golden Fixtures — Added 2 test fixtures for idle_global_accelerator and disabled_global_accelerator

📊 Coverage Update

Total detector count: 189 → 191 (2 new Global Accelerator types)
Remediation IAM template: v1.29.0 → v1.30.0
Air-gapped compatible: 169 → 171

Version 1.43.0 - April 16, 2026

🗄️ ElastiCache Deep Optimization — 4 New Detectors

Four new ElastiCache waste detectors, bringing total waste coverage to 189 detectors. All four work in both online and offline/air-gapped modes via the DataProvider abstraction. elasticache_replication_waste has guarded auto-remediation via decrease_replica_count; the remaining three are advisory/recommendation-only.

🔍 New Waste Detectors

Detector	Risk	What It Finds
elasticache_replication_waste	MEDIUM	Non-production cluster (dev/staging/test/sandbox) with unnecessary replicas — full node cost per replica
elasticache_engine_migration	LOW	Redis OSS or Memcached cluster eligible for 20% cheaper Valkey engine — API compatible with Redis 7.x
elasticache_serverless_optimization	LOW	Node-based cluster with spiky traffic (avg CPU <15%, peak >60%, connection CV >2.0) — better suited for Serverless
elasticache_data_tiering_opportunity	LOW	Large memory-only R5/R6g/R7g cluster eligible for R6gd data tiering — up to 52% savings via node consolidation

📋 Infrastructure Updates

CUR Template bumped to v1.20.0 — adds elasticache:ListTagsForResource for environment tag detection
Remediation Role bumped to v1.29.0 — adds elasticache:DecreaseReplicaCount, IncreaseReplicaCount, DescribeReplicationGroups, ModifyReplicationGroup, ListTagsForResource
Export script expanded with describe-replication-groups, per-cluster list-tags-for-resource, and additional CloudWatch metrics (CPUUtilization, BytesUsedForCache, DatabaseMemoryUsagePercentage)
Golden Fixtures — Added 4 test fixtures; elasticache_replication_waste expects actionable plan with rollback, other 3 are advisory-only

📊 Coverage Update

Total detector count: 185 → 189 (4 new ElastiCache types)
CUR setup template: v1.19.0 → v1.20.0
Remediation IAM template: v1.28.0 → v1.29.0
Air-gapped compatible: 165 → 169

Version 1.42.0 - April 15, 2026

🖥️ Elastic Beanstalk Deep Optimization — 5 New Detectors

Five new Elastic Beanstalk waste detectors plus a refactored existing one (idle_beanstalk), bringing total waste coverage to 185 detectors. All six work in both online and offline/air-gapped modes via the DataProvider abstraction (except beanstalk_orphaned_rds which is online-only). Two new types (beanstalk_unnecessary_alb, beanstalk_over_provisioned, beanstalk_orphaned_rds) are recommendation-only; the rest have guarded auto-remediation.

🔍 New Waste Detectors

Detector	Risk	What It Finds
beanstalk_idle_traffic	HIGH	Zero CloudWatch RequestCount for 14 days — environment serving no traffic
beanstalk_unnecessary_alb	LOW	Load-balanced environment with min=max=1 — ALB overhead with no scaling benefit (~$22/month)
beanstalk_previous_gen_instances	LOW	Previous-generation instance families (t2, m4, c4, r4) — current-gen available at same/lower price
beanstalk_over_provisioned	MEDIUM	Multi-instance environment with <25% avg CPU over 14 days — reduce instance count
beanstalk_orphaned_rds	HIGH	RDS with EB tags and zero connections for 14 days — orphaned after environment termination (online-only)

🔄 Refactored Detectors

Detector	Change
idle_beanstalk	Migrated to DataProvider, health-based detection (Grey/Red), config-based savings estimation, confidence upgraded LOW→HIGH, full offline support

📋 Infrastructure Updates

CUR Template bumped to v1.19.0 — adds elasticbeanstalk:DescribeConfigurationSettings, elasticbeanstalk:DescribeInstancesHealth
Remediation Role bumped to v1.28.0 — adds elasticbeanstalk:UpdateEnvironment write permission, elasticbeanstalk:DescribeConfigurationSettings read-only pre-check
Export script expanded with per-environment describe-configuration-settings, RequestCount and ApplicationRequestsTotal CloudWatch metrics
Golden Fixtures — Added 5 test fixtures; beanstalk_idle_traffic and beanstalk_orphaned_rds expect actionable plans with rollback, other 3 are advisory-only

📊 Coverage Update

Total detector count: 180 → 185 (5 new Elastic Beanstalk types; idle_beanstalk already existed)
CUR setup template: v1.18.0 → v1.19.0
Remediation IAM template: v1.27.0 → v1.28.0
Online-only types: 19 → 20 (beanstalk_orphaned_rds requires cross-service RDS API)
Air-gapped compatible: 161 → 165

Version 1.41.0 - April 14, 2026

🖥️ WorkSpaces Deep Optimization — 4 Detectors

Three new WorkSpaces waste detectors plus a fully activated existing one (oversized_workspace), bringing total waste coverage to 180 detectors. All four work in both online and offline/air-gapped modes via the DataProvider abstraction. workspaces_autostop_opportunity has guarded auto-remediation; remaining three are recommendation-only.

🔍 New Waste Detectors

Detector	Risk	What It Finds
workspaces_autostop_opportunity	MEDIUM	AlwaysOn WorkSpaces disconnected 7+ days — switch to AutoStop billing (HIGH confidence, min $10 savings)
workspaces_pool_overprovisioned_capacity	MEDIUM	WorkSpaces Pools with <75% utilization and 2+ excess slots — reduce pool capacity (HIGH confidence, min $25 savings)
workspaces_windows_license_optimization	LOW	5+ Windows license-included desktops — advisory to evaluate BYOL for ~$4/desktop/month savings

🔄 Activated Detectors

Detector	Change
oversized_workspace	Previously emitted for AutoStop candidates; now performs real bundle rightsizing using CloudWatch UserSessionsCount over 14 days. Conservative single-step downgrade mapping (PowerPro→Power, Power→Performance, etc.). Min $15 savings. MEDIUM confidence.

📋 Infrastructure Updates

Remediation Planner — Added modify_workspace_properties to WorkSpaces ALLOWED_ACTIONS; full guidance for all 4 types
Remediation Executor — Mirrored modify_workspace_properties action support; added Phase 2 guardrails for workspaces_autostop_opportunity (AlwaysOn pre-condition, deny-tag check via cloudwise:autostop-deny=true, modifiable state validation)
Golden Fixtures — Added 4 test fixtures; workspaces_autostop_opportunity expects actionable plan with rollback, other 3 are advisory-only
Frontend — workspaces_autostop_opportunity has guarded auto-remediation enabled; other 2 new types remain in ADVISORY_RECOMMENDATION_ONLY set
Remediation Role — v1.27.0: added workspaces:DescribeTags for deny-tag guardrail check

📊 Coverage Update

Total detector count: 177 → 180 (3 new WorkSpaces types; oversized_workspace already existed)
CUR setup template: v1.17.0 → v1.18.0 (added workspaces:DescribeWorkspaceBundles, workspaces:DescribeWorkspacesPools)
Remediation IAM template: v1.25.0 → v1.27.0 (added workspaces:ModifyWorkspaceProperties, workspaces:DescribeTags)
Export script: Added describe-workspaces-connection-status, describe-workspaces-pools, UserSessionsCount CloudWatch metric
Online-only types: 20 → 19 (oversized_workspace moved to all-modes via DataProvider + exported CloudWatch metrics)
Air-gapped compatible: 157 → 161

Version 1.40.0 - April 13, 2026

🔬 EMR Deep Optimization — 6 Detectors

Four new EMR waste detectors plus two refactored existing ones, all migrated to the typed DataProvider abstraction for full online/offline parity. Proper EMR pricing with EC2 base rate + EMR surcharge replaces hardcoded estimates.

🔍 New Waste Detectors

Detector	Risk	What It Finds
emr_over_provisioned	MEDIUM	YARN memory available > 50% — right-size CORE instance groups
emr_missing_auto_termination	LOW	Keep-alive cluster with no auto-termination policy — risk of indefinite idle costs
emr_previous_gen_instances	LOW	Previous-generation instance types (m3→m5, m4→m5, c3→c5, etc.) — cheaper current-gen available
emr_spot_opportunity	LOW	Task nodes on On-Demand pricing — Spot saves ~60–70% on fault-tolerant task work

🔄 Refactored Detectors

Detector	Change
idle_emr_cluster	Migrated to DataProvider, CloudWatch IsIdle + AppsRunning metrics, proper pricing, confidence upgraded to HIGH
long_running_emr	Threshold changed 7d → 30d, step history analysis, full monthly cost calculation, offline mode support

📋 Infrastructure Updates

CUR Template bumped to v1.17.0 — adds elasticmapreduce:ListSteps, GetAutoTerminationPolicy, DescribeStep
Remediation Role bumped to v1.25.0 — adds ModifyInstanceGroups, PutAutoTerminationPolicy, AddInstanceGroups write permissions
Export script expanded with per-cluster instance groups, step summaries, and 3 CloudWatch metrics (IsIdle, YARNMemoryAvailablePercentage, AppsRunning)
Full remediation templates for all 4 new waste types with rollback support

📊 Coverage Update

Total detector count: 173 → 177 (4 new EMR types; idle_emr_cluster and long_running_emr refactored)
CUR setup template: v1.16.0 → v1.17.0 (added elasticmapreduce:ListSteps, GetAutoTerminationPolicy, DescribeStep)
Remediation IAM template: v1.24.0 → v1.25.0 (added ModifyInstanceGroups, PutAutoTerminationPolicy, AddInstanceGroups)
Export script: Expanded with per-cluster instance groups, step summaries, and 3 CloudWatch metrics
AI action steps: EMR cluster resizing, auto-termination policies, Spot migration guidance

Version 1.39.0 - April 11, 2026

🔥 Kinesis Deep Optimization — 6 Detectors

Four new Kinesis waste detectors plus two refactored existing ones, all using the DataProvider abstraction for full online/offline parity. Complete Firehose support added.

🔍 New Waste Detectors

Detector	Risk	What It Finds
kinesis_on_demand_downgrade	LOW	On-Demand stream with stable throughput (CV < 0.3) — switch to Provisioned
kinesis_extended_retention_waste	LOW	Extended retention (>24h) with zero consumer reads for 14 days
kinesis_enhanced_fan_out_waste	MEDIUM	Enhanced fan-out consumer with zero reads for 14 days
kinesis_firehose_idle	MEDIUM	Firehose delivery stream with zero records for 14 days

🔄 Refactored Detectors

idle_kinesis_stream: Now uses DataProvider abstraction (no offline guard), 14-day detection window
over_provisioned_kinesis: Now uses IncomingBytes for capacity analysis (1 MB/s per shard), 20% threshold

📊 Coverage Update

Total detector count: 169 → 173
CUR setup template: v1.15.0 → v1.16.0 (added kinesis:ListStreamConsumers, kinesis:DescribeStreamConsumer, firehose:ListDeliveryStreams, firehose:DescribeDeliveryStream)
Remediation IAM template: v1.23.0 → v1.24.0 (added Kinesis + Firehose actions)
Export script: Expanded with stream details, fan-out consumers, and Firehose export
AI action steps: Kinesis mode switching, consumer management, retention optimization
AWS services covered: 44 → 45 (added Firehose)

Version 1.38.0 - April 8, 2026

🔒 Commitment Risk Intelligence

Eight new commitment lifecycle detectors provide full Reserved Instance and Savings Plan intelligence — from utilization monitoring to expiry alerts, convertible RI exchange opportunities, and composite risk scoring for purchase decisions.

🔍 New Waste Detectors

Detector	Risk	What It Finds
unused_reserved_instance	HIGH	EC2 RI with < 20% utilization over 30 days
unused_savings_plan	HIGH	Savings Plan with < 20% utilization over 30 days
expiring_reserved_instance	HIGH	Active EC2 RI expiring within 90 days
expiring_savings_plan	HIGH	Active Savings Plan expiring within 90 days
convertible_ri_exchange_opportunity	MEDIUM	Convertible RI on previous-gen instance eligible for free exchange
savings_plan_coverage_gap	MEDIUM	Compute usage not covered by any Savings Plan
cur_unused_reservation	HIGH	CUR line items with unused reservation capacity
cur_savings_plan_waste	HIGH	CUR line items showing Savings Plan underutilization

✨ Commitment Risk Score

Composite risk scoring (0-100) for purchase recommendations:

Instance Family Churn (35%): How much the workload mix changes month-to-month
Spend Trend Volatility (25%): How unpredictable compute spend is
Resource Lifecycle Duration (25%): How long individual resources live
Existing Commitment Waste (15%): Current RI/SP utilization rates

All 8 existing purchase recommendation detectors now include commitment risk metadata with title prefixes for HIGH (⚠️) and CRITICAL (🚫) risk levels.

📊 Coverage Update

Total detector count: 161 → 169
CUR column mappings: 2 → 19 reservation/savings plan columns mapped
IAM permissions: Added savingsplans:DescribeSavingsPlans (read-only)
AI action steps: Commitment-specific remediation guidance added
Unit tests: 51 new tests covering all commitment detectors and risk scoring

Version 1.37.0 - April 6, 2026

🚀 Explore with Sample Data, Permission Transparency & Live Verifier

See CloudWise in action in under 60 seconds — no AWS credentials needed. New trust-building features show exactly what we access and let you verify permissions before connecting.

✨ Explore with Sample Data (Demo Mode)

Try CloudWise instantly with realistic synthetic cost data — no AWS connection required:

Generates a realistic startup-scale scenario (~$4,500 monthly spend, ~$1,950 waste found) covering EC2 idle instances, unattached EBS, stale snapshots, and more
Works with your free account — no AWS credentials needed
Data persists across page refreshes (backed by DynamoDB with 7-day TTL)
Reuses the existing Air-Gapped Results page — same UI as real analyses
Guided checklist walks you through key actions: review findings, filter by service, view remediation previews, export a sample report
Rate-limited to 3 demo seeds per user per day

🔒 Permission Transparency Page

New /setup/permissions page shows exactly what CloudWise accesses in your AWS account:

Category	Access Level	Details
Cost & Usage Report	Read-only	`ce:GetCostAndUsage`, `ce:GetCostForecast`, `cur:GetUsageReport`
Compute (EC2, Lambda, ECS)	Read-only	`ec2:Describe`, `lambda:List`, `cloudwatch:GetMetricData`
Storage (S3, EBS)	Read-only	`s3:ListBucket`, `ebs:Describe*`
Database (RDS, DynamoDB)	Read-only	`rds:Describe`, `dynamodb:Describe`
Remediation (Agentic+ only)	Write (optional)	Separate CloudFormation stack with explicit denies for IAM, VPC, KMS, secrets

Permissions parsed directly from the actual CloudFormation templates — not a marketing page
Links to raw YAML templates for full auditability
Explicit "❌ No write/delete/modify" callouts per service category

🔍 Live Permission Verifier

Verify your IAM role works before connecting your AWS account:

Check	What It Verifies
AssumeRole access	CloudWise can assume your cross-account role
Cost Explorer read	`ce:GetCostAndUsage` permission granted
CUR bucket access	S3 bucket for Cost & Usage Reports is accessible
EC2 Describe access	Can read EC2 instance metadata
CloudWatch Metrics	Can read CPU, network, and other metrics
S3 ListBucket	Can list S3 buckets for storage analysis

Real-time pass/fail results as each check completes
Specific remediation guidance on failure (e.g., "Check CloudFormation stack outputs")
On all pass: auto-enables the "Connect Account" button

🛡️ Instant Revoke & Delete Controls

Clear assurance visible on the setup page before and after connecting:

One-click disconnect — remove the IAM role link instantly
One-click data delete — erase all ingested cost data
Delete your account — removes everything, no questions asked
Always available in Settings → Account

📊 Onboarding Funnel Tracking

Full GA4 funnel visibility from signup to first value:

Step	Event	Trigger
1	`onboarding_started`	After successful registration
2	`email_verified`	After email confirmation
3	`aws_account_connected`	After first AWS account added
4	`first_value_seen`	Dashboard loads with data
5	`onboarding_completed`	First session with data (once per user)

Time-to-complete measurement from signup to onboarding finished
Demo mode events: demo_mode_started, demo_mode_completed, demo_to_live_conversion
New useOnboardingAnalytics hook encapsulates all tracking

Version 1.36.0 - April 5, 2026

🧯 Lightsail Waste Detection Expansion

Five new Lightsail detectors now identify additional waste patterns beyond idle instances, covering static IPs, disks, snapshots, load balancers, and managed databases.

🔍 New Waste Detectors

Detector	Risk	What It Finds
lightsail_unattached_static_ip	LOW	Static IP addresses allocated but not attached to any instance ($3.65/mo)
lightsail_unattached_disk	MEDIUM	Block storage disks not attached to any instance ($0.10/GB/mo)
lightsail_old_snapshot	MEDIUM	Manual snapshots older than 90 days ($0.05/GB/mo)
lightsail_idle_load_balancer	MEDIUM	Load balancers with zero healthy instances ($18/mo)
lightsail_idle_database	HIGH	Managed databases with zero connections for 14 days ($15–$115/mo)

✨ Improvements

Refactored existing idle_lightsail detector to use DataProvider abstraction (supports offline/air-gapped mode)
All 6 Lightsail sub-detectors run concurrently via asyncio.gather
Full remediation plan support with pre-checks, API calls, and rollback
Air-gapped export script now collects static IPs, disks, snapshots, load balancers, and databases

📊 Coverage Update

Total detector count: 155 → 161
Air-Gapped coverage: 143 → 149 detectors
Compute category: 21 → 26 detectors (6 Lightsail detectors total)
Unit tests: 22 new Lightsail tests covering all 6 detectors with edge cases
Golden fixtures: 5 new GOLDEN_FIXTURES and REFERENCE_PLANS entries for plan quality validation

Version 1.35.0 - April 3, 2026

🧾 Extended Support Penalties — Multi-Service Lifecycle Cost Detection

Five new extended-support detectors now identify hidden lifecycle surcharges across core AWS services, expanding coverage beyond Aurora-only detection.

🔍 New Waste Detectors

Detector	Risk	What It Finds
RDS Extended Support Cost	LOW	Non-Aurora MySQL/PostgreSQL instances in or nearing Extended Support windows. Uses billing-backed surcharge totals when available, otherwise vCPU-hour estimates. Advisory-only.
ElastiCache Extended Support Cost	LOW	Redis OSS or Memcached clusters on legacy engine versions entering or incurring support penalties. Advisory-only.
EKS Extended Support Cost	LOW	EKS clusters on older Kubernetes minor versions that are in warning window or active paid Extended Support. Advisory-only.
OpenSearch Extended Support Cost	LOW	OpenSearch/legacy Elasticsearch domains in legacy support tiers with avoidable surcharge exposure. Advisory-only.
DocumentDB Extended Support Cost	LOW	DocumentDB clusters on legacy engine versions approaching or incurring support surcharges. Advisory-only.

🛠️ What Improved

Added a shared lifecycle policy engine for version support windows and surcharge modeling
Added billing-backed surcharge ingestion (Cost Explorer in online mode, exported breakdowns in air-gapped mode)
Added warning state support for pre-charge planning windows (default 90 days)
Added user-facing mappings in Air-Gapped Results labels, remediation risk maps, and release metadata

📊 Coverage Update

Total detector count: 150 → 155
Air-Gapped coverage: 138 → 143 detectors
Database category: 27 → 31 detectors
Compute category: 20 → 21 detectors
Unit tests: detector/provider/model suites expanded for all five new waste types

Version 1.34.0 - March 31, 2026

🗄️ Aurora to RDS Downgrade Detector

New community-driven detector: aurora_to_rds_downgrade_opportunity identifies Aurora clusters with high I/O costs but low compute utilization where migrating to standard RDS with gp3 storage would be cheaper. Built from a suggestion by a CloudWise's community member — the 4th Aurora deep optimization detector.

🔍 New Waste Detector

Detector	Risk	What It Finds
Aurora to RDS Downgrade Opportunity	MEDIUM	Aurora clusters where I/O cost ≥25% of total spend, but compute is low (CPU avg <20%, connections avg <100, ≤1 reader). Standard RDS with gp3 storage offers 3,000 free baseline IOPS, eliminating I/O charges. Filters out Global Database, Serverless, and >64TB clusters. Advisory-only.

🧠 Detection Signals

Signal	Threshold	Rationale
I/O cost ratio	≥25% of total cluster spend	High I/O spend is the primary cost driver Aurora charges per-IOPS
CPU utilization	avg <20% over 14 days	Low compute means the workload doesn't need Aurora's distributed architecture
Connection count	avg <100 over 14 days	Low connection count indicates a single-instance workload, not needing Aurora's multi-writer capabilities
Reader count	≤1 reader instance	No read scaling requirement — RDS read replicas can cover this
Storage size	<64 TB	Within RDS gp3 maximum volume size
Not Global Database	—	Global Database requires Aurora's replication layer
Not Serverless	—	Already using variable capacity model

📊 Coverage Update

Total detector count: 149 → 150
Air-Gapped coverage: 137 → 138 detectors
Database category: 26 → 27 detectors (4th Aurora detector)
Unit tests: 12 new Aurora-to-RDS tests covering detection signals, edge cases, and exclusions
Golden fixtures: 1 new GOLDEN_FIXTURES and REFERENCE_PLANS entry for plan quality validation

Version 1.33.0 - PDF Report Builder

📄 PDF Report Builder

Generate professional, branded PDF reports from any CloudWise data source. Select fields, sort, group, and customize layout.

Key Features

Feature	Description	Tier
Field Selection	Choose which columns appear in your report	Shield+
Sort & Group	Multi-key sorting with grouped sections and subtotals	Shield+
PDF Generation	Download polished PDF with cover page, TOC, and data tables	Agentic+
Custom Templates	Save and reuse report configurations	Agentic+ (5 max)
Custom Branding	Add your company name to reports	Compliance

Data Sources

Reports can pull from four data sources:

Cost Insights — optimization recommendations from the Dashboard
Cost Reports — cost breakdowns by service, account, region
Remediation Actions — action history and savings tracking
Air-Gapped Waste — offline waste detection findings

Built-in Presets

Three presets available for each data source:

Executive Summary — high-level overview for leadership
Detailed Technical — all fields with granular data
Account Comparison — side-by-side account breakdown

Pages Updated

The Generate Report button is now available on:

Dashboard page
Cost Reports page
Remediation page
Air-Gapped Results page

Read the full Report Builder guide →

Version 1.32.0 - March 27, 2026

📨 Amazon MQ Optimization Detectors

New oversized MQ broker detector plus idle MQ broker refactored with DataProvider abstraction for full air-gapped support. Covers instance rightsizing with deployment-mode-aware pricing.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Oversized MQ Broker	LOW	Amazon MQ brokers with avg CPU < 15%. Recommends stepping down to a smaller instance type using the MQ downsize map, accounting for deployment mode multipliers (single/active-standby/cluster). Advisory-only.

🐛 Bug Fixes

ALLOWED_ACTIONS["mq"] desync: Was completely missing from remediation.py and remediation_executor, blocking all MQ remediation plans
Idle MQ pricing: Refactored from hardcoded $0.10/hr to correct per-instance-type pricing across mq.t3.micro through mq.m5.4xlarge
IAM deduplication: Removed duplicate mq:DeleteBroker and mq:DescribeBroker entries from remediation role

🛠️ Architecture Improvements

DataProvider migration: MQ detection uses the DataProvider abstraction for both online and air-gapped modes
Two new DataProvider methods: get_mq_brokers(), get_mq_metrics()
Export script expanded: Exports MQ broker configuration, CloudWatch metrics (CpuUtilization, TotalMessageCount) alongside existing connection metrics
IAM permissions: Added mq:CreateBroker to allowed actions for oversized broker downsizing via recreation
Idle window extended: Idle MQ broker now uses 14-day lookback window (was 7 days)

📊 Coverage Update

Total detector count: 148 → 149
Air-Gapped coverage: 136 → 137 detectors
Analytics category: MQ brokers now covered by 2 detectors (idle + oversized)
Unit tests: 15 new MQ tests covering both detectors with edge cases
Golden fixtures: 1 new GOLDEN_FIXTURES and REFERENCE_PLANS entry for plan quality validation

Version 1.31.0 - March 26, 2026

🗄️ Neptune Graph Optimization Detectors

Three new Neptune waste detectors plus a refactored idle Neptune detector with DataProvider abstraction for full air-gapped support. Covers Serverless migration opportunities, instance oversizing, and old snapshot cleanup.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Neptune Serverless Opportunity	LOW	Provisioned Neptune clusters with avg CPU < 20% and max CPU < 50%, where Serverless at 2 NCU baseline would reduce cost. Compares instance-class pricing vs NCU-hour estimates. Advisory-only.
Oversized Neptune	MEDIUM	Neptune instances with avg CPU < 20% and max CPU < 40%. Recommends stepping down instance type using the Neptune downsize map. Advisory-only.
Neptune Old Snapshot	MEDIUM	Manual Neptune snapshots older than 90 days. Estimates monthly storage retention cost. Automated deletion with rollback.

🐛 Bug Fixes

ALLOWED_ACTIONS["neptune"] desync: Was completely missing from remediation.py and remediation_executor, blocking all Neptune remediation plans
Idle Neptune pricing: Refactored from hardcoded $0.10/hr to correct per-instance-class pricing across 20 instance types

🛠️ Architecture Improvements

DataProvider migration: Neptune detection uses the DataProvider abstraction for both online and air-gapped modes
Three new DataProvider methods: get_neptune_clusters(), get_neptune_cluster_metrics(), get_neptune_snapshots()
Export script expanded: Exports Neptune cluster configuration, CloudWatch metrics (GremlinRequests, SparqlRequests, CPUUtilization), and snapshot metadata
IAM permissions: Added rds:StopDBCluster, rds:StartDBCluster to remediation role (Neptune uses rds: IAM namespace)

📊 Coverage Update

Total detector count: 145 → 148
Air-Gapped coverage: 133 → 136 detectors
Database category: 23 → 26 detectors (3 new Neptune detectors)
Unit tests: 20 new Neptune tests covering all 4 detectors with edge cases
Golden fixtures: 3 new GOLDEN_FIXTURES and REFERENCE_PLANS entries for plan quality validation

Version 1.30.0 - March 25, 2026

🗄️ Aurora Database Optimization Detectors

Three new Aurora waste detectors for I/O cost optimization, Extended Support charges, and Serverless v2 migration opportunities. Adds full air-gapped support via DataProvider abstraction.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Aurora I/O Optimization Opportunity	LOW	Aurora clusters where I/O charges exceed 25% of total cost. Compares Standard vs I/O-Optimized storage pricing to calculate net savings. Automated remediation via `ModifyDBCluster`.
Aurora Extended Support Cost	LOW	Aurora clusters running end-of-life engine versions (PostgreSQL 12/13, MySQL 5.7) incurring $0.10–$0.20/vCPU-hr Extended Support charges. Advisory-only — recommends major version upgrade.
Aurora Serverless Opportunity	LOW	Provisioned Aurora clusters with avg CPU < 15% and max CPU < 40%, where Serverless v2 would reduce cost. Compares provisioned instance pricing vs ACU-hour estimates. Advisory-only.

🛠️ Architecture Improvements

DataProvider migration: Aurora detection uses the DataProvider abstraction for both online and air-gapped modes
Two new DataProvider methods: get_aurora_clusters(), get_aurora_io_metrics()
Export script expanded: Exports Aurora I/O CloudWatch metrics (VolumeReadIOPs, VolumeWriteIOPs, VolumeBytesUsed)
IAM permissions: Added rds:ModifyDBCluster, rds:DescribeDBClusters to remediation role

📊 Coverage Update

Total detector count: 142 → 145
Air-Gapped coverage: 130 → 133 detectors
Database category: 20 → 23 detectors (3 new Aurora detectors)
Unit tests: 19 new Aurora tests covering all 3 detectors with edge cases
Golden fixtures: 3 new GOLDEN_FIXTURES and REFERENCE_PLANS entries for plan quality validation

Version 1.29.0 - March 24, 2026

⚡ AppSync Deep Optimization Detectors

Two new AppSync waste detectors for idle cache instances and unused real-time subscriptions, plus a bug fix for the existing unused_appsync detector. Adds full air-gapped support via DataProvider abstraction.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Idle AppSync Cache	MEDIUM	Provisioned cache instances with < 100 requests in 14 days. Calculates savings from hourly cache rates ($0.044–$6.78/hr). Automated deletion with rollback.
Idle AppSync Subscriptions	LOW	Active WebSocket connections with < 100 GraphQL requests in 14 days. Estimates connection-minute costs. Advisory-only.

🐛 Bug Fix

unused_appsync metric fix: Replaced incorrect 4XXError metric with Latency SampleCount — 4XXError is only emitted on client errors, not on every request

🛠️ Architecture Improvements

DataProvider migration: AppSync detection migrated from raw boto3 calls to the DataProvider abstraction, enabling full air-gapped/offline mode support
Three new DataProvider methods: get_appsync_apis(), get_appsync_api_cache(), get_appsync_metrics()
Export script expanded: Exports AppSync cache configuration and 5 new CloudWatch metrics (Latency, CacheHitCount, CacheMissCount, ConnectSuccess, ActiveConnections)
IAM permissions: Added appsync:GetApiCache, appsync:DeleteApiCache, appsync:UpdateApiCache to remediation role

📊 Coverage Update

Total detector count: 140 → 142
Air-Gapped coverage: 128 → 130 detectors
Serverless category: 9 → 11 detectors (3 AppSync detectors total)
Unit tests: 12 new AppSync tests covering all 3 detectors with edge cases
Golden fixtures: 2 new GOLDEN_FIXTURES and REFERENCE_PLANS entries for plan quality validation

Version 1.28.0 - March 23, 2026

🔒 Security Posture Detectors

Ten new security posture waste detectors covering encryption-at-rest gaps, access control issues, and backup coverage validation. All advisory-only with HIGH confidence. Works in both Online and Air-Gapped modes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Unencrypted EBS Volume	MEDIUM	EBS volumes without encryption at rest. Recommends enabling default EBS encryption or creating encrypted snapshot copy.
Unencrypted RDS Instance	MEDIUM	RDS instances without storage encryption enabled. Recommends creating encrypted read replica and promoting.
RDS No Deletion Protection	MEDIUM	RDS instances without deletion protection enabled. Recommends enabling DeletionProtection.
RDS Publicly Accessible	HIGH	RDS instances with PubliclyAccessible flag set. Recommends disabling public access immediately.
Unencrypted EFS Filesystem	MEDIUM	EFS filesystems without encryption at rest. Encryption cannot be changed after creation.
S3 No Default Encryption	LOW	S3 buckets relying on default SSE-S3 without customer-managed KMS encryption.
DynamoDB No Deletion Protection	MEDIUM	DynamoDB tables without deletion protection enabled. Recommends enabling via UpdateTable.
OpenSearch No Encryption at Rest	MEDIUM	OpenSearch domains without encryption at rest. Recommends enabling via UpdateDomainConfig.
Unencrypted DocumentDB Cluster	MEDIUM	DocumentDB clusters without storage encryption. Encryption cannot be changed after creation.
Resource Without Backup Coverage	MEDIUM	EBS, RDS, DynamoDB, and EFS resources not covered by any AWS Backup selection.

🛠️ Changes

Advisory-only: All ten new detectors are recommendation-only in v1 — no automated mutation
High confidence: All detectors use deterministic API checks (no CloudWatch metrics thresholds)
New security category: Introduces a dedicated security posture category in the waste detection framework
Cross-reference detection: Backup coverage detector cross-references AWS Backup selections against protected resources
Export script: Updated to collect encryption status, deletion protection, and public access flags

📊 Coverage Update

Total detector count: 130 → 140
Air-Gapped coverage: Extended with all 10 new security posture detectors
New category: Security Posture (10 detectors) covering encryption, access, and protection
Unit tests: 38 new tests covering all 10 detectors with edge cases

Version 1.27.0 - March 21, 2026

🔍 OpenSearch Expanded Detectors

Three new OpenSearch waste detectors for rightsizing, storage optimization, and commitment savings. All advisory-only in v1. Works in both Online and Air-Gapped modes (RI detector is Online-only).

🔍 New Waste Detectors

Detector	Risk	What It Finds
Oversized OpenSearch	MEDIUM	Domains with avg CPU < 20% and max CPU < 40% with active search traffic. Recommends stepping down instance type.
OpenSearch EBS Overprovisioned	MEDIUM	EBS-backed domains with > 60% free storage and flat growth (< 0.1 GB/day). Estimates reclaimable GB.
RI Opportunity OpenSearch	LOW	On-demand domains eligible for Reserved Instance savings via Cost Explorer recommendations.

🛠️ Changes

Advisory-only: All three new detectors are recommendation-only in v1 — no automated domain mutation
Multi-signal detection: Oversized detector uses avg CPU, max CPU, and search traffic as combined signals
Idle cascade: Idle domains are excluded from oversized and EBS checks to avoid duplicate findings
Step-down map: Savings estimation uses known instance type step-downs or 30% conservative fallback
EBS analysis: Growth trend analysis from 14-day FreeStorageSpace CloudWatch metrics
Export script: Now collects CPUUtilization (Avg+Max), JVMMemoryPressure, FreeStorageSpace, IndexingRate, and EBS domain config

📊 Coverage Update

Total detector count: 137 → 140
Air-Gapped coverage: Extended with oversized_opensearch and opensearch_ebs_overprovisioned
Database category: Expanded with deeper OpenSearch analysis (18 → 21 detectors)
Commitment category: New ri_opportunity_opensearch (Online-only, Cost Explorer API)
Golden fixtures: 3 new remediation planner golden fixtures for plan quality tests
Unit tests: 7 new tests covering all 3 detectors with edge cases

Version 1.26.0 - March 20, 2026

⚡ Step Functions Expanded Detectors

Three new Step Functions waste detectors targeting real billing drivers: transition efficiency, retry storms, and Express duration waste. All advisory-only in v1. Works in both Online and Air-Gapped modes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Step Functions Retry Storm	MEDIUM	State machines with > 25% retry ratio AND > 20% failure rate. Retries multiply transitions without business value.
High Transition Density	MEDIUM	Standard workflows averaging > 50 transitions per successful execution. Excessive state granularity inflates cost.
Express Duration Waste	MEDIUM	Express workflows with p95 duration > 30s and high execution volume. Duration charges accumulate quickly.

🛠️ Changes

Advisory-only: All three new detectors are recommendation-only in v1 — no automated workflow mutation
Bug fix: Fixed UNUSED_STATE_MACHINE enum reference → canonical IDLE_STATE_MACHINE
DataProvider: Step Functions detector now uses DataProvider abstraction for online/offline parity
Export script: Added ExecutionsFailed, ExecutionsTimedOut, ExecutionsSucceeded, StateTransition, and ExecutionTime metrics

📊 Coverage Update

Total detector count: 134 → 137
Air-Gapped coverage: Extended with all 3 new detectors
Integration category: Expanded with Step Functions-specific detectors
New SFN metrics collected: ExecutionsFailed, ExecutionsTimedOut, ExecutionsSucceeded, StateTransition, ExecutionTime_Average, ExecutionTime_Maximum
Bug fix: Offline data provider SFN methods now correctly read dict-valued export data

Version 1.25.0 - March 19, 2026

📁 FSx Deep Optimization Detectors

Three new FSx waste detectors for storage right-sizing, throughput optimization, and backup hygiene. All work in both Online and Air-Gapped modes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Oversized FSx	MEDIUM	Filesystem with < 40% storage capacity utilized. Recommends right-sizing to 2× current usage.
FSx Throughput Overprovisioned	MEDIUM	WINDOWS/ONTAP/OPENZFS filesystem with avg throughput utilization < 30%. Lustre excluded (bursty by design).
Old FSx Backup	MEDIUM	Manual FSx backup older than 90 days (configurable). Retention-tagged backups excluded. Full remediation support (delete with pre-checks).

🏗️ Architecture Improvements

DataProvider Refactor: All FSx detectors now use the DataProvider abstraction, enabling full Air-Gapped mode support
3 New DataProvider Methods: get_fsx_filesystems(), get_fsx_backups(), get_fsx_filesystem_metrics()
Export Script: Extended with FSx backup collection for offline analysis
Idle subsumption: Idle FSx detection (zero I/O) suppresses oversized and throughput findings for the same filesystem

📊 Coverage Update

Total detector count: 131 → 134
Air-Gapped coverage: Extended with all 3 new detectors
Storage category: Expanded with FSx-specific detectors
New FSx allow-list actions: delete_file_system, create_backup, delete_backup, describe_backups, update_file_system
CUR Template: Updated to v1.8.0 with fsx:DescribeBackups
IAM Remediation Role: Updated to v1.15.0 with FSx permissions

Version 1.24.0 - March 18, 2026

🗄️ DocumentDB Expanded Detectors — Old Snapshots + Overprovisioned Instances

Two new DocumentDB waste detectors, bringing total detector count to 131.

🔍 New DocumentDB Detectors

Waste Type	Risk	Detection
`old_documentdb_snapshot`	Medium	Manual cluster snapshot older than retention threshold (default 90 days)
`overprovisioned_documentdb`	Medium	Cluster with sustained low CPU (< 20%), connections (< 5), and IOPS (< 100) over 14 days

Both detectors available in Air-Gapped Mode via export script
old_documentdb_snapshot has full remediation support (delete snapshot with pre-checks)
overprovisioned_documentdb is advisory-only (recommends instance class downsize)
Newest snapshot per cluster is always protected from deletion
Retention-tagged snapshots (cloudwise:retain) are excluded
Remediation role template updated to v1.14.0 with rds:CreateDBClusterSnapshot, rds:DeleteDBClusterSnapshot, rds:DescribeDBClusterSnapshots

Version 1.23.0 - March 16, 2026

🔒 AWS Backup Deep Optimization — 5 New Detectors

Five new waste detectors for AWS Backup, bringing total detector count to 129. Covers recovery point hygiene, plan assignment validation, lifecycle tiering, and cross-region copy policy analysis.

🔍 New AWS Backup Detectors

Waste Type	Risk	Detection
`old_backup`	Medium	Recovery point past retention window (> 90 days)
`redundant_backup`	Medium	Duplicate recovery points for same resource in same vault
`backup_no_lifecycle_tiering`	Low	Recovery point not transitioned to cold storage
`stale_backup_plan_assignment`	Low	Backup plan with selection rules matching zero resources
`backup_copy_policy_overreach`	Low	Cross-region copy rules duplicating backups unnecessarily

All 5 detectors available in Air-Gapped Mode via export script
Full remediation support for old_backup, redundant_backup, backup_no_lifecycle_tiering, and stale_backup_plan_assignment
backup_copy_policy_overreach is advisory-only (recommendation, no automated execution)
Remediation role template updated to v1.13.0 with Backup IAM permissions

Version 1.22.0 - March 15, 2026

📊 Cost Observability — Detector Explanations + Prometheus Metrics Exporter

Structured "Why is this waste?" explanations added to every waste finding — available to all tiers. New Prometheus /metrics endpoint with API key authentication for Shield+ users.

🔍 Detector Explanations ("Why is this waste?")

Every waste finding now includes a structured explanation with 5 sections:

Section	What It Shows
Detection	What metric triggered the finding and over what period
Threshold	The measured value vs. the cutoff (e.g., "CPU avg 2.3% < 5% threshold")
Pricing	How the savings number was calculated (instance type, hourly rate, monthly hours)
Why it's waste	Plain-language reasoning for why this pattern is wasteful
Risk	What could go wrong if you act on this finding

Implemented across all 124 detectors with AST-enforced test coverage
Collapsible "Why is this waste?" panel in Remediation Dashboard, Detailed Cost Insights, and Air-Gapped Results
Available on all tiers (Free+) — transparency should never be paywalled

📡 Prometheus Metrics Exporter (Shield+)

New /api/v1/metrics endpoint serves waste detection findings in Prometheus text exposition format:

Metric	Type	Description
`cloudwise_waste_monthly_savings`	gauge	Estimated monthly savings by waste_type, resource_type, confidence, region
`cloudwise_waste_items_total`	gauge	Count of active waste findings by type
`cloudwise_accounts_total`	gauge	Number of connected AWS accounts
`cloudwise_last_scan_timestamp_seconds`	gauge	Unix timestamp of most recent scan

API Key Authentication — generate keys in Settings → API Keys (up to 5 per user, stored hashed)
Dual auth support — query parameter (?api_key=cw_...) or Bearer token
Pre-built Grafana dashboard template included
Integration docs with PromQL examples and alerting rules

🐛 Bug Fixes

Fix	Impact
Multi-region export script AWS_REGION override	CloudShell pre-sets `AWS_REGION` which overrides `AWS_DEFAULT_REGION`. The export script's multi-region loop only set `AWS_DEFAULT_REGION`, causing all regions to collect data from the CloudShell's home region. Now sets both. Export script v1.9.2.
Deterministic waste item ID region timing	Waste item IDs were computed at `__post_init__` with empty region, then region was assigned later. Same resource across regions produced identical DynamoDB sort keys (last-region-wins overwrite). IDs now regenerated after region/account assignment.

🏗️ Architecture

New endpoint: GET /api/v1/metrics — Prometheus text exposition format (Shield+)
New endpoint: POST/GET/DELETE /api/v1/api-keys — API key CRUD (Shield+)
New DynamoDB table: api-keys with GSI on key_hash for O(1) validation
New model: ApiKey (id, user_id, key_prefix, key_hash, name, is_active)
New service: ApiKeyService — create, list, revoke, delete, validate
WasteItem model: explanation: Optional[Dict[str, str]] field (backward-compatible)
All 124 detectors: Populate 5-key explanation dict (detection, threshold, pricing, why_waste, risk)
Test enforcement: AST visitor ensures every WasteItem() call includes explanation= with all 5 keys

Version 1.21.0 - March 14, 2026

🐳 ECS/Fargate Deep Optimization — 3 New Detectors + 3 Bug Fixes

Three new ECS/Fargate waste detectors plus three critical bug fixes. Raises ECS detector count from 2 to 5 and fixes a ghost waste type that was defined in 15+ files but never detected.

🔍 New Waste Detectors

Detector	Risk	What It Finds
ECS No Auto Scaling	MEDIUM	Fargate services with 2+ tasks and no Application Auto Scaling — paying peak pricing 24/7. Estimates 30% savings.
Container Insights Waste	LOW	Container Insights enabled on dev/staging, small (< 3 services), or idle clusters — costing $0.07–$0.30/metric/month for 100+ metrics.
Oversized ECS Memory	MEDIUM	Fargate services with max memory utilization < 40% over 7 days. Recommends smallest valid Fargate memory option with 50% headroom.

🐛 Bug Fixes

Fix	Impact
idle_ecs_service detection implemented	Was defined in models, remediation, planner, executor, frontend, and docs but detection code never emitted it. Now catches services with desiredCount > 0 and runningCount = 0.
ALLOWED_ACTIONS["ecs"] added to backend + executor	ECS remediation plans were being rejected at execution time because "ecs" was missing from the allow-list in remediation.py and executor handler.py.
Memory pricing corrected	Fargate memory pricing fixed from $0.004445 to $0.004446/GB-hour per AWS published rates.

🏗️ Architecture

6 new DataProvider methods: get_ecs_clusters, get_ecs_services, get_ecs_task_definition, get_ecs_metrics, get_ecs_autoscaling_targets, get_ecs_container_insights_status (Online + Offline)
Remediation support: Full planner/executor integration with update_service, describe_task_definition, update_cluster_settings actions
Air-Gapped mode: All 5 ECS detectors work offline via exported JSON data
Golden fixtures: 3 new test fixtures + reference plans for all new waste types

📊 Coverage Update

Total detector count: 121 → 124
Air-Gapped coverage: 109 → 112 detectors (all 5 ECS types work offline)
Containers category: 2 → 5 detectors
Remediation role: Updated with ecs:UpdateService, ecs:DescribeTaskDefinition, ecs:UpdateClusterSettings

Version 1.20.0 - March 13, 2026

🔄 AWS Transfer Family Deep Optimization Detectors

Three new Transfer Family waste type detectors — go beyond the existing idle server check to find unused protocols, inactive servers, and idle web apps costing $216–$360/month each.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Idle Transfer No Activity	HIGH	Servers running 30+ days with zero file transfers (FilesIn + FilesOut = 0). Each protocol costs $0.30/hr = $216/month.
Unused Transfer Protocol	MEDIUM	Individual protocols on a server with no activity in 30+ days, while other protocols remain active. Suggests removing idle protocols via `UpdateServer`.
Idle Transfer Web App	HIGH	Transfer Family web apps with no activity in 30+ days. Each web app costs $0.50/hr = $360/month.

🏗️ Architecture

New dataclasses: TransferServerData, TransferWebAppData, TransferMetricsData
5 new DataProvider methods: get_transfer_servers, get_transfer_server_users, get_transfer_web_apps, get_transfer_metrics, get_transfer_web_app_metrics (Online + Offline)
Remediation support: Full planner/executor integration with update_server, delete_web_app actions
Air-gapped support: All 3 detectors work in offline/air-gapped mode

📊 Coverage Update

Total detector count: 118 → 121
Air-Gapped coverage: 111 → 114 detectors
Network Optimization category: 3 new detectors
Remediation role: Updated with transfer:UpdateServer, transfer:DeleteWebApp, transfer:ListUsers, transfer:DescribeUser, transfer:ListWebApps, transfer:DescribeWebApp

Version 1.19.0 - March 12, 2026

💸 S3 High Request & Transfer Cost Detector (CUR-based)

New CUR-based S3 detector — flags buckets where non-storage costs (data transfer + API requests) exceed storage costs. Uses Cost Explorer GetCostAndUsage with per-resource granularity. Works in both Online and Air-Gapped modes.

"The real bleeding often comes from the traffic and API request costs, not the storage itself." — Vladlen Chernyavskiy

🔍 New Waste Detector

Detector	Risk	What It Finds
S3 High Request & Transfer Cost	LOW	Buckets where transfer + request costs exceed storage costs (ratio > 1.0×), with total cost > $10/month and non-storage cost > $5/month. Tailored recommendations based on dominant cost driver.

🎯 Tailored Recommendations by Cost Driver

Unlike other detectors that provide generic advice, this detector identifies the dominant non-storage cost category and tailors recommendations:

Dominant Cost	Example Recommendations
Internet Egress	CloudFront distribution, VPC endpoints, S3 Select, Transfer Acceleration
API Requests	Application-level caching, request batching, S3 Event Notifications
Cross-Region Transfer	S3 Cross-Region Replication, Multi-Region Access Points, compute co-location
Regional Transfer	VPC Gateway Endpoints (free), AZ co-location, NAT Gateway bypass

🏗️ Architecture

Data source: Cost Explorer GetCostAndUsage API with GroupBy [RESOURCE_ID, USAGE_TYPE] — a single API call ($0.01) returns all S3 buckets with full cost breakdown
New dataclass: S3CostBreakdown with 7 cost categories (storage, transfer out, regional transfer, cross-region transfer, Tier 1 requests, Tier 2 requests, other) plus computed properties
New DataProvider method: get_s3_cost_breakdown() in both Online and Offline providers
Recommendation-only: No auto-remediation — reducing egress/request costs requires architectural changes (CloudFront, caching, replication)

📊 Coverage Update

Total detector count: 116 → 117
Air-Gapped coverage: 109 → 110 detectors
Storage category: 19 → 20 detectors
CUR-based detectors: First S3 cost analysis detector using Cost Explorer per-resource data

Version 1.18.0 - March 11, 2026

⚙️ AWS Glue Deep Optimization Detectors

Five new Glue waste detectors plus a bug fix for idle crawler detection. Identifies oversized jobs, missing timeouts, failing retries, dev endpoint migration opportunities, and Data Catalog bloat. All work in both Online and Air-Gapped modes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Oversized Glue Job	LOW	Jobs with JVM heap utilization < 30% (via CloudWatch) or short execution with high DPU allocation. Recommends DPU right-sizing.
Glue Job Missing Timeout	LOW	Jobs where configured timeout ≥ 10× average execution duration. Prevents catastrophic billing from stuck jobs.
Failed Glue Job Retry	LOW	Jobs with ≥ 50% failure rate and retries configured. Calculates wasted DPU-hours from repeated failed runs.
Glue Dev Endpoint Migration	LOW	Any active dev endpoint — AWS recommends migrating to Interactive Sessions (auto-stop billing vs 24/7 billing).
Glue Data Catalog Bloat	LOW	Data Catalog objects exceeding 1M free tier threshold. Primary bloat source: table versions from `UpdateTable` calls.

🐛 Bug Fix

Idle Glue Crawler: Detection code was defined in enums, risk maps, and frontend but never actually implemented. Now fully functional — flags crawlers not run for 90+ days.

🏗️ Architecture Improvements

DataProvider Refactor: All Glue detectors now use the DataProvider abstraction (previously bypassed with raw _get_client('glue') calls), enabling full Air-Gapped mode support
6 New DataProvider Methods: get_glue_jobs(), get_glue_job_runs(), get_glue_dev_endpoints(), get_glue_crawlers(), get_glue_catalog_stats(), get_glue_metrics()
Export Script: Extended with Glue job run history, Data Catalog statistics, and CloudWatch heap metrics collection

📊 Coverage Update

Total detector count: 111 → 116
Air-Gapped coverage: 104 → 109 detectors
Analytics category: 8 → 13 detectors
New Glue allow-list actions: update_job, get_job_runs
IAM Role: Added glue:UpdateJob (write) and glue:GetJobRuns (read-only)

Version 1.17.0 - March 09, 2026

📦 S3 Storage Optimization Detectors

Three new S3 waste detectors — identify rapid growth, wrong storage class, and empty buckets. All work in both Online and Air-Gapped modes (with CloudWatch metrics export).

🔍 New Waste Detectors

Detector	Risk	What It Finds
S3 Rapid Growth	LOW	Buckets growing >100% in 30 days with size >1 GB and absolute growth >10 GB, without expiration rules. Estimates monthly storage cost at $0.023/GB.
S3 Wrong Storage Class	LOW	Buckets with >50 GB in S3 Standard (>90% of total) without Intelligent-Tiering or lifecycle transitions. Recommends ~40% savings via IT migration.
S3 Empty Bucket	LOW	Empty buckets (0 objects, 0 bytes) older than 30 days, excluding infrastructure buckets (CDK, CloudFormation, CodePipeline, logs).

📊 Coverage Update

Total detector count: 108 → 111
Air-Gapped coverage: 101 → 104 detectors (S3 metrics collected via export script)
Storage category: 16 → 19 detectors
CloudWatch metrics: BucketSizeBytes (per StorageType) + NumberOfObjects (AllStorageTypes)
New S3 allow-list actions: put_bucket_intelligent_tiering_configuration, get_bucket_intelligent_tiering_configuration

Version 1.16.0 - March 7, 2026

🗄️ Redshift Concurrency Scaling Waste Detector

Sixth Redshift waste detector — flags clusters exceeding the free 1-hour/day concurrency scaling credit. Works in both Online and Air-Gapped modes.

🔍 New Waste Detector

Detector	Risk	What It Finds
Redshift Concurrency Scaling Waste	LOW	Clusters where concurrency scaling usage exceeds the free 1-hour/day (3,600 seconds) credit. Calculates billable CS seconds, estimates monthly cost by node type, and recommends WLM tuning for ~60% savings.

📊 Coverage Update

Total detector count: 107 → 108
Air-Gapped coverage: 100 → 101 detectors (CS metrics collected via export script)
Database category: 17 → 18 detectors
CloudWatch metrics: ConcurrencyScalingSeconds (Sum) + ConcurrencyScalingActiveClusters (Average, Maximum)

Version 1.15.0 - March 5, 2026

📊 CUR 2.0 (Data Exports) Support — Automatic Format Normalization & CloudFormation Template

Full support for AWS CUR 2.0 (Data Exports) format. The parser automatically detects and normalizes CUR 2.0 snake_case headers to CUR 1.0 format at parse time — no user configuration needed. Works in both Online and Air-Gapped modes.

🔄 Automatic CUR Format Detection

CloudWise now auto-detects whether an uploaded or fetched CUR file uses CUR 1.0 (PascalCase with / separators) or CUR 2.0 (snake_case) column naming:

CUR 1.0 Column	CUR 2.0 Column	Status
`lineItem/UsageAmount`	`line_item_usage_amount`	✅ Auto-mapped
`lineItem/UnblendedCost`	`line_item_unblended_cost`	✅ Auto-mapped
`product/ProductName`	`product_product_name`	✅ Auto-mapped
`pricing/publicOnDemandCost`	`pricing_public_on_demand_cost`	✅ Auto-mapped
`reservation/ReservationARN`	`reservation_reservation_a_r_n`	✅ Auto-mapped
`savingsPlan/SavingsPlanARN`	`savings_plan_savings_plan_a_r_n`	✅ Auto-mapped
`resourceTags/user:Environment`	`resource_tags_user_environment`	✅ Auto-mapped
`costCategory/Team`	`cost_category_team`	✅ Auto-mapped

35 column mappings covering lineItem, product, pricing, reservation, savingsPlan, bill, and identity column families. Tag and cost category columns are dynamically remapped.

☁️ CloudFormation Template v1.4.0

The setup template now lets users choose their CUR version at deploy time:

New CURVersion parameter — dropdown with 1.0 (default) and 2.0 options
CUR 1.0 creates AWS::CUR::ReportDefinition (Legacy) → S3 prefix daily-v1/
CUR 2.0 creates AWS::BCMDataExports::Export (Data Exports) → S3 prefix daily-v2/
S3 bucket policy includes both billingreports.amazonaws.com and bcm-data-exports.amazonaws.com principals unconditionally for seamless CUR 1.0 → 2.0 upgrades
IAM permissions added: bcm-data-exports:GetExport, bcm-data-exports:ListExports

🔐 Anonymization Script Improvements

Renamed cloudwise-anonymize-cur.sh → cloudwise-anonymize-cur.py (backward-compatible .sh symlink provided)
CUR 2.0 tag detection — the script now anonymizes resource_tags_user_* and cost_category_* prefixes (CUR 2.0 format) in addition to existing resourceTags/ and costCategory/ prefixes (CUR 1.0)
All documentation updated to reference python3 cloudwise-anonymize-cur.py

🐛 Bug Fixes

CUR 2.0 rejection — Fixed parser rejecting CUR 2.0 files with snake_case headers; now auto-normalizes to CUR 1.0 format before validation.
Anonymize script invocation — Fixed errors when users ran bash cloudwise-anonymize-cur.sh; script is Python and now correctly named .py.
CUR 2.0 tag anonymization — Fixed resource_tags_user_* and cost_category_* columns not being detected for anonymization.

📋 Technical Details

30 new unit tests across 7 test classes (format detection, tag remapping, header normalization, end-to-end parsing, validation)
81 total CUR processing tests all passing
Template version: 1.3.0 → 1.4.0 (frontend and backend constants synced)
SHA256SUMS regenerated for the renamed script

Version 1.14.0 - March 5, 2026

🗄️ Redshift Detectors — Underutilized, No Pause, Spectrum Heavy, Legacy DC2 & WLM Over-Provisioned

Five new Redshift waste detectors covering underutilization, pause scheduling, Spectrum cost analysis, DC2→RA3 migration, and WLM over-provisioning. Works in both Online and Air-Gapped modes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Underutilized Redshift	MEDIUM	Redshift clusters with average CPU below 10% over 14 days but still receiving connections. Recommends right-sizing or pausing during off-hours.
Redshift No Pause	MEDIUM	Clusters without scheduled pause actions where >40% of hours have zero connections. Auto-remediable — creates a scheduled pause action.
Redshift Spectrum Heavy	LOW	Clusters where Spectrum (S3 scan) cost exceeds 50% of compute cost. Recommends migrating heavy Spectrum workloads to Athena or Glue.
Redshift Legacy DC2	LOW	Clusters using DC2 node types. Recommends migration to RA3 for managed storage, better price-performance, and Spectrum support.
Redshift WLM Over-Provisioned	MEDIUM	Clusters with near-empty WLM queues and <50% concurrency slot utilization. Recommends downsizing nodes.

🛠️ Remediation Support

Redshift No Pause is fully auto-remediable — CloudWise can create a scheduled pause action
Underutilized Redshift, Spectrum Heavy, Legacy DC2, and WLM Over-Provisioned provide recommendation-only guidance
New IAM permissions added to the CloudFormation remediation role template

🐛 Bug Fixes

ElastiCache idle detection — Fixed incorrect max_connections attribute usage; now uses current_connections_avg.
OpenSearch idle detection — Fixed non-existent total_searches attribute; now uses is_idle boolean from provider.
OpenSearch deleted domain check — Fixed unsafe attribute access; now uses getattr() with fallback to status field.

📊 Coverage Update

Total detector count: 102 → 107
Air-Gapped coverage: 91 → 96 detectors (all 5 Redshift types work offline)
Database category: 12 → 17 detectors
Redshift pricing: dc2.large ($0.25/hr), dc2.8xlarge ($4.80/hr), ra3.xlplus ($1.086/hr), ra3.4xlarge ($3.26/hr), ra3.16xlarge ($13.04/hr)

Version 1.13.0 - March 3, 2026

📡 MSK Detectors — Idle & Oversized Cluster Detection

Two new MSK waste detectors for Amazon Managed Streaming for Apache Kafka. Works in both Online and Air-Gapped modes — the export script already collects MSK cluster inventory and all four CloudWatch metrics per cluster.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Idle MSK Cluster	HIGH	Provisioned MSK clusters with zero `MessagesInPerSec` AND zero `BytesInPerSec` over the configured idle window (default 7 days). Monthly savings = broker_count × hourly_rate × 730.
Oversized MSK Cluster	MEDIUM	MSK clusters where both average `CpuUser` < 20% AND network throughput < 50% of instance capacity over 7 days, but the cluster is NOT idle. MSK is network-bound — checking both CPU and network prevents false positives from CPU-only analysis.

🌐 Network-Aware Oversized Detection

MSK is network-bound, not CPU-bound. A cluster running at 8% CPU but saturating its network is properly sized. CloudWise now uses a dual-signal approach:

CPU utilization — must be below 20% average over 7 days
Network utilization — (BytesInPerSec + BytesOutPerSec) must be below 50% of the instance type's known network capacity

16 instance types mapped to their network throughput ceiling (62.5 MB/s for kafka.t3.small through 312.5 MB/s for kafka.m5.24xlarge/m7g.16xlarge). Unknown types default to 125 MB/s.

🐛 Bug Fixes

MSK metrics wiring — OnlineDataProvider now implements get_msk_metrics() so idle/oversized detection actually executes at runtime instead of being silently caught by the exception handler.
MSK Air-Gapped metrics — Upload service was silently dropping MSK CloudWatch metric files (msk_messages_, msk_bytes_in_, msk_bytes_out_, msk_cpu_) during consolidation — pattern matching had no entry for MSK. Fixed with 4 new consolidation patterns.

📊 Coverage Update

Total detector count: 100 → 102
Air-Gapped coverage: 89 → 91 detectors (both MSK types now work offline)
Instance-type-aware pricing: 16 MSK instance types (kafka.t3.small through kafka.m7g.16xlarge)
Network capacity table: 16 instance types with known throughput ceilings
Serverless clusters: Automatically skipped (no fixed brokers to detect)

Version 1.12.0 - March 1, 2026

🔍 CloudWatch Logs Detectors — Excessive Retention & Empty Log Groups

Two new CloudWatch Logs waste detectors for cost optimization and infrastructure hygiene. Both detectors work in Online and Air-Gapped modes using existing data — no export script or IAM changes required.

📸 EBS Snapshot Detectors — Orphaned Snapshot Detection

Two new EBS snapshot waste detectors that cross-reference snapshots against volumes and AMIs. Both detectors work in Online and Air-Gapped modes. Requires ec2:DescribeImages permission (added to IAM template) and updated export script for air-gapped AMI data.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Excessive Retention Log Group	LOW	Log groups with 365+ day retention and >100 MB stored data. Recommends reducing to 30-day baseline — a 365→30 day reduction saves 92% of storage costs ($0.03/GB/month).
Empty Log Group	LOW	Orphaned log groups with 0 bytes stored, 30+ days old. Typically left behind by deleted Lambda functions or ECS services. Reclaims quota (10,000 log groups per region).
Orphaned EBS Snapshot	LOW	EBS snapshots whose source volume has been deleted. Cross-references all snapshots against existing volumes — if the volume no longer exists, the snapshot is flagged. Savings: volume_size × $0.05/GB/month.
AMI Orphaned Snapshot	LOW	EBS snapshots created by `CreateImage` for AMIs that have been deregistered. Matches snapshot descriptions against the CreateImage pattern and checks AMI registration. Requires `ec2:DescribeImages`.

🐛 Bug Fixes

Old Log Group detector — Fixed log_group.last_event_timestamp → log_group.last_event_time field name mismatch. The CloudWatchLogGroupData model uses last_event_time, but the detector referenced the non-existent last_event_timestamp attribute, silently skipping all stale log group detection.

📊 Coverage Update

Total detector count: 96 → 100
Remediable types: 77 → 81 (all four new types are LOW risk, fully remediable)
Air-Gapped coverage: 87 → 91 detectors (93% of total)

Version 1.11.0 - February 28, 2026

📴 Air-Gapped Mode — Multi-Region UX, IAM Audit & Lambda Data Fixes

Redesigned multi-region export workflow, expanded IAM permissions from 14 to 58 with automated CI sync guard, and fixed 4 bugs preventing Lambda Excessive Timeout and Idle Provisioned Concurrency detectors from firing in Air-Gapped mode.

🌍 Multi-Region Export UX Redesign

The export wizard now uses a clean two-step download-then-run flow:

Step 1 — Download & Verify: Downloads the export script and verifies its SHA-256 checksum. Includes a Copy button for easy paste into CloudShell.
Step 2 — Run: Toggle between single-region (current region) and multi-region mode. In multi-region mode, enter comma-separated region codes (e.g., us-east-1, eu-west-1, ap-southeast-1). The wizard builds the exact command with --regions flag. Copy button copies only the run command.

This replaces the previous layout where download, verify, and run commands were combined in a single code block.

🔐 IAM Permissions Audit — 14 → 58 Permissions

Comprehensive audit of every AWS API call in the export script. The upload wizard's IAM policy template now covers all 44 AWS services across 6 categories:

Category	Services	Example Permissions
Compute	EC2, Lambda, ECS, EKS, Auto Scaling, Compute Optimizer	`ec2:Describe`, `lambda:List`, `ecs:List*`
Storage	S3, EBS, EFS, FSx, Backup, ECR	`s3:ListAllMyBuckets`, `elasticfilesystem:Describe*`
Database	RDS, DynamoDB, ElastiCache, Redshift, Neptune, DocumentDB, QLDB, Keyspaces	`rds:Describe`, `dynamodb:Describe`
Analytics	OpenSearch, Kinesis, MSK, Glue, Athena, EMR, QuickSight	`es:Describe*`, `kafka:ListClustersV2`
Integration	SQS, SNS, API Gateway, AppSync, MQ, EventBridge, Step Functions, App Runner	`sqs:ListQueues`, `apigateway:GET`
Management	CloudWatch, CloudTrail, Config, SSM, Secrets Manager, ACM, SageMaker, CloudFormation	`cloudwatch:GetMetricData`, `sagemaker:List*`

New CI Guard: check-iam-permissions-sync.sh automatically verifies every AWS service in the export script has matching IAM permissions in the wizard. Integrated into both quick-test.sh (pre-flight) and local-ci-pipeline.sh (quality gate).

🔧 Lambda Air-Gapped Data Pipeline — 4 Bug Fixes

Fixed a chain of 4 interconnected bugs that prevented Lambda waste detectors from firing in Air-Gapped mode:

Bug	Impact	Fix
Missing Duration metric export	`LAMBDA_EXCESSIVE_TIMEOUT` requires `duration_avg_ms > 0` but no Duration data was exported	Export script now collects Lambda Duration metrics (Average + Maximum, 1-day period)
PC utilization files silently dropped	`lambda_pc_util_*.json` files routed to `_consolidate_metrics` which had no pattern for them	Upload service now stores `lambda_pc_util_` files as raw resources in both single-region and multi-region paths
Metrics availability gap	`_check_metrics_availability` only checked for `lambda_metrics` — missed `lambda_invocation_metrics` consolidated key	Added `lambda_invocation_metrics` and `lambda_duration_metrics` to availability check list
JSON pagination truncation	`describe-log-groups` and `get-lambda-function-recommendations` could return truncated JSON	Added `--no-paginate` flag to both AWS CLI commands

After re-running the updated export script and re-uploading, both Reduce Lambda Timeout and Remove Idle Provisioned Concurrency detectors fire correctly.

🐛 Bug Fixes

CUR anonymizer invocation — Changed from bash cloudwise-anonymize-cur.sh to python3 cloudwise-anonymize-cur.sh in the upload wizard. The script is Python with a .sh extension — running with bash caused import: command not found errors.
Step 2 Copy button — Copy now copies only the run command, not the download/verify lines from Step 1
Step 1 Copy button — Added dedicated Copy button to the download-and-verify terminal block
Duration merge in offline provider — get_lambda_metrics() now merges duration data from the separate lambda_duration_metrics key, populating duration_avg_ms and duration_max_ms fields

Version 1.10.0 - February 26, 2026

⚡ Lambda Waste Detectors — Provisioned Concurrency, Timeout, ARM64 & Runtime

Four new Lambda waste detectors targeting the biggest Lambda cost traps. All detectors work in both Online and Air-Gapped modes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Idle Provisioned Concurrency	MEDIUM	Lambda PC configurations with <10% utilization over 14 days. PC costs $0.0000041667/GB-second 24/7 regardless of invocations — a single idle 1GB PC costs ~$108/month. Savings: $50–$500+/month.
Excessive Lambda Timeout	LOW	Functions where timeout is ≥10× average duration (with ≥100 invocations). Recommends `max(10s, avg_duration × 3)`. Prevents runaway billing.
ARM64 Migration Opportunity	LOW	x86_64 functions on ARM64-compatible runtimes (Python, Node.js, Java, .NET, Ruby) with monthly cost ≥$1. Graviton2 offers 20% per-invocation savings.
Deprecated Lambda Runtime	LOW	Functions on deprecated/EOL runtimes (python3.7/3.8, nodejs14.x/16.x, dotnet6, ruby2.7, java8). Security/compliance housekeeping flag.

🔧 Infrastructure Changes

Provisioned Concurrency pricing added to FALLBACK_LAMBDA_PRICING for accurate savings calculations
3 new IAM actions added to CloudWiseRemediationRole: lambda:DeleteProvisionedConcurrencyConfig, lambda:PutProvisionedConcurrencyConfig, lambda:ListProvisionedConcurrencyConfigs
Export script now collects Lambda PC configs and CloudWatch ProvisionedConcurrencyUtilization metrics for Air-Gapped mode
RISK_MAP updated across backend remediation, planner Lambda, and executor Lambda
WASTE_TYPE_TO_CATEGORY updated in waste detection processor
Total detector count: 92 → 96

Version 1.9.0 - February 24, 2026

🧠 SageMaker Waste Detectors, Lambda-to-Lambda Scan & Async Waiters

Three new SageMaker waste detectors, a permanent fix for the API Gateway 29-second timeout, comprehensive async state waiters in the remediation executor, and critical Air-Gapped mode fixes.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Previous-Gen SageMaker Instance	LOW	Notebooks and endpoints running on ml.m4.* or ml.c4.* instance types that can be upgraded to current-gen (ml.m5/ml.c5) for 18–27% cost savings. Fully remediable via stop → update → start.
Oversized SageMaker Endpoint	MEDIUM	Endpoints with <20% CPU and <20% Memory utilization that have meaningful traffic — right-sizing candidates.
Stopped Notebook with EBS Storage	LOW	Stopped SageMaker notebooks retaining EBS volumes at $0.116/GB-month. 7-day grace period after stopping.

All three detectors work in both Online and Air-Gapped modes.

⚡ API Gateway 29s Timeout — Permanently Fixed

The waste detection processor now invokes the API Lambda directly via Lambda-to-Lambda calls, bypassing the API Gateway 29-second hard timeout entirely. All 15 regions complete successfully with no more 504 errors. Automatic HTTP fallback ensures backward compatibility.

⏳ Remediation Executor — 8 Async State Waiters

The remediation executor now waits for async AWS operations to complete before proceeding to the next step, preventing failures caused by resources still in a transitional state:

SageMaker: stop_notebook_instance and update_notebook_instance — waits up to 300s each
EC2: stop_instances — waits up to 120s
EBS: detach_volume — waits up to 120s
RDS: stop_db_instance (300s) and modify_db_instance (600s)

This makes the previous-gen SageMaker remediation (stop → update instance type → start) work end-to-end.

📴 Air-Gapped Mode Fixes

Epoch timestamp parsing — SageMaker returns epoch seconds (not milliseconds like other services). Auto-detection now handles both formats correctly, fixing the "20,488 days idle" display bug.
Previous-gen status filter — Changed from whitelist to blacklist approach, catching notebooks in Pending/Updating states.
Stale DynamoDB items — get_waste_items now filters by upload_id to exclude items from previous uploads whose TTL hasn't physically deleted them yet (can take up to 48 hours).

🐛 Bug Fixes

Fixed instance_ids → db_instance_ids parameter name mismatch in the RDS database detector
Replaced hardcoded $36.50 SageMaker savings with instance-type-based pricing from FALLBACK_SAGEMAKER_PRICING
Expanded ALLOWED_ACTIONS["sagemaker"] with update_notebook_instance, describe_endpoint, and describe_endpoint_config
Added RISK_MAP entries for all 5 SageMaker waste types
Expanded FALLBACK_SAGEMAKER_PRICING with previous-gen and GPU instance types
Updated CloudWiseRemediationRole to v1.7.0 with sagemaker:UpdateNotebookInstance
Updated export script with describe-endpoint details and CPU/Memory CloudWatch metrics collection

Version 1.8.0 - February 22, 2026

⚖️ Load Balancer Waste Detectors & Rollback Improvements

Three new waste detectors for load balancers and important reliability improvements to remediation rollback. Detect idle load balancers, over-provisioned costs, and Classic Load Balancers that should be migrated — with full Air-Gapped mode support.

🔍 New Waste Detectors

Detector	Risk	What It Finds
Low-Traffic ALB	MEDIUM	Load balancers receiving almost no traffic over 14 days while still having healthy targets. Estimated ~$16/month savings per idle load balancer.
High LCU Cost ALB	LOW	Load balancers where usage-based costs exceed 2× the base cost. Recommends rule consolidation or switching to a Network Load Balancer.
Classic LB Migration	LOW	Classic Load Balancers that should be migrated to modern ALB or NLB for cost savings and better features.

All three detectors work in both Online and Air-Gapped modes. The export script automatically collects the data needed for these detectors.

🔄 EC2 Rollback — Fully Working

We've fixed several issues that could cause EC2 termination rollback to fail. Rollback now reliably restores your instance to its original state:

Correct image & volume restoration — Rollback now properly uses the original instance image and recreates volumes in the correct availability zone
Reliable timing — CloudWise now waits for each step (instance launch, volume creation) to complete before moving on, preventing timing-related failures
Full state restoration — If your instance was stopped before remediation, it will be stopped again after rollback — not left running
Updated permissions — The remediation role template (v1.6.0) now includes the permissions needed for volume attach/detach during rollback

🎨 Remediation Dashboard Improvements

Redesigned action buttons and detail panels for remediation actions
Real-time status updates so you can watch execution progress
Clearer risk badges, execution timelines, and reversibility indicators
Friendlier error messages when something goes wrong

🐛 Bug Fixes

Fixed Air-Gapped mode not detecting load balancer waste correctly
Fixed healthy target count showing as zero for load balancer detectors
Improved reliability when deleting load balancers (proper ordering of dependent resources)
Fixed duplicate warning message on remediation detail pages
Fixed a documentation rendering issue on the Waste Detection guide

Version 1.7.0 - February 17, 2026

🤖 Agentic AI Tier — Automated Waste Remediation

Introducing the Agentic AI tier ($199/year). CloudWise now proposes cost-saving actions, you approve with one click, and it executes them safely — with automatic rollback if anything goes wrong.

💰 Agentic AI Tier — $199/year

Everything in Shield, plus:

Automated waste remediation — CloudWise proposes fixes, you approve them
110+ fixable waste types out of 120+ total detectors
50 remediation proposals per month
Complete audit trail — Every action is logged for 7 years, showing who approved what and when
Automatic rollback — Backups are taken before any changes, with one-click undo
72-hour approval window — Proposed actions expire if not approved, so nothing runs without your say-so

✅ How It Works

CloudWise finds waste — e.g., a stopped EC2 instance with expensive EBS volumes attached
Click "Fix This" — CloudWise generates a safe action plan showing exactly what will happen
Review & Approve — See the risk level, what will change, and whether it can be undone
CloudWise executes — The approved changes are made in your AWS account via your remediation role
Rollback if needed — One click to undo, or automatic rollback if something fails

🎯 Key Features

Feature	Details
"Fix This" Button	Appears on every fixable waste finding. One click to start the approval flow.
Approval Dashboard	See all pending approvals, past actions, and how much you've saved.
Automatic Rollback	Every action includes an undo plan. Backups are taken before any destructive changes.
Audit Trail	Full history of who approved what, when it ran, and what changed — kept for 7 years.
Risk Levels	Three categories — Low (safe, quick wins), Medium (backed up first), High (requires careful review).

🐛 Bug Fixes

Updated remediation role template (v1.5.0) with permissions needed for rollback actions
Fixed an issue where certain rollback operations were incorrectly blocked

Version 1.6.0 - February 6, 2026

🔐 Compliance Tier — 365-Day Air-Gapped Mode

Built for regulated enterprises. The new Compliance tier ($299/year) brings long-term data retention, persistent upload history, and quarter-over-quarter variance analysis to Air-Gapped Mode — all without ever connecting to your AWS account.

🏢 Who Is This For?

Industry	Why Compliance Tier
FinTech & Banking	Regulatory audits require historical cost data and anonymized reporting
Healthcare (HIPAA)	No third-party AWS access allowed; air-gapped analysis is the only option
Government & Defense	FedRAMP and IL4+ environments prohibit cross-account IAM roles
Any regulated enterprise	Security teams require zero-trust evaluation before approving integrations

🛡️ Compliance Tier — $299/year

Everything in Shield, plus:

365-day data retention (vs. 7 days in Free tier)
12 persistent uploads for long-term trend analysis
500 AI Copilot queries/day with 90-day conversation history
Quarter-over-Quarter variance reports with service, account, region, and tag breakdowns
Cost By Tag analysis across Dashboard, Cost Reports, and QoQ Variance
PDF audit reports for compliance documentation
Persistent anonymization salt for consistent hashing across uploads
Priority support (Email + Slack)

Air-Gapped Mode has graduated from a sub-option on the AWS Accounts page to its own dedicated sidebar navigation item. This makes it a first-class feature with a proper home in the CloudWise dashboard.

What's new in Air-Gapped Mode:

Dedicated sidebar menu — Access Air-Gapped Mode directly from the main navigation, no longer buried under AWS Accounts
365-day data retention — Compliance tier uploads are retained for a full year, enabling meaningful trend analysis across billing periods
12 persistent uploads — Keep up to 12 uploads stored simultaneously for quarter-over-quarter comparisons
Billing period tracking — Each upload now records its billing period (start/end dates) for accurate variance analysis
Duplicate billing period detection — CloudWise warns you before uploading data for a period that's already been analyzed
Upload history management — View, browse results, or delete any upload along with all its associated data
Results inside the sidebar — Analysis results now open within the main app layout with full sidebar navigation, not in a standalone page

📊 Quarter-over-Quarter Variance Reports

Compare costs across billing periods with detailed variance analysis:

Service-level breakdowns — See exactly which AWS services changed and by how much
Absolute and percentage changes — Track both dollar amounts and percentage shifts
Period selection — Choose any two completed uploads to compare
Tag-based grouping — Group variance analysis by any tag key (e.g., Environment, Team, Project)
Audit-ready formatting — Clean, printable layout suitable for compliance reviews

🏷️ Cost By Tag — Full Tag Dimension Support

See your AWS costs broken down by any tag key across the entire platform. If you tag your resources in AWS (e.g., Environment, Team, CostCenter), CloudWise now surfaces that data everywhere.

Dashboard — Cost by Tag Card

New dashboard card alongside Cost by Service and Cost by Region
Select any tag key from a dropdown to see top 10 values by spend
Color-coded horizontal bars with percentage breakdowns
Automatically discovers available tag keys from your cost data

Cost Reports — Tag Grouping & Filtering

Group your cost reports by any tag key (appears under a "Tags" section in Group By)
Filter by specific tag values in Advanced Filters
Works with all export formats (CSV, PDF)

QoQ Variance — Tag Dimension

New "Tag" option in the Group By dropdown for variance reports
Select a tag key to compare costs by tag value across billing periods
Tag key auto-discovery from both upload sessions
Includes tag_key in PDF and CSV exports

Tag Discovery API

New GET /tag-keys/{session_id} endpoint discovers all unique tag keys from uploaded cost data
Powers the tag key dropdowns throughout the UI
Works with both connected and air-gapped accounts

🤖 AI Copilot — Compliance Tier

500 queries per day (up from 50 on Shield, 5 on Free)
90-day conversation history — Review past questions and insights across sessions
Full context about your air-gapped uploads, waste detection results, and cost breakdowns

🔑 Persistent Salt Management

For organizations using data anonymization (--anonymize flag), consistent identifier hashing is critical for trend analysis. The new Salt Management feature lets you:

Save your anonymization salt in CloudWise for reuse across uploads
Ensure consistent hashing — The same resource always maps to the same anonymized ID
Enable meaningful QoQ comparisons — Without a consistent salt, anonymized IDs change between uploads, making trend analysis impossible

🏷️ Resource Inventory — Required for Waste Detection

The export script step in the upload wizard has been relabeled from "Optional" to "Required for Waste Detection" based on user feedback. This makes it clear that:

The CUR CSV provides cost data only
The CloudWise export ZIP (resource inventory) is required to run the 120+ waste detectors
Without the export, CloudWise can only analyze costs — not detect waste

🐛 Bug Fixes

Dashboard dark mode: Shield badge and tier indicator badges are now properly visible in dark mode
Dashboard filters: Account filter labels show "Uploads" and "All Uploads" instead of "AWS Accounts" for Compliance tier users
Feature Overview: Now includes Air-Gapped Mode and AI Copilot Compliance feature cards
AI Copilot Shield: Description corrected from "30-day" to "90-day" conversation history
Upload wizard: Error state now displays an error icon and "Upload Failed" heading instead of a spinner
Redirect: /offline URL now redirects to /air-gapped inside the main app layout

Version 1.5.0 - January 29, 2026

📴 Air-Gapped Mode with Data Anonymization

This is a game-changer for security-conscious organizations! We've heard from many potential customers that their companies have strict compliance rules making it difficult to evaluate CloudWise. Cross-account IAM roles require security reviews, procurement processes, and approval chains that can take weeks or months.

Air-Gapped Mode solves this problem entirely. Now you can:

Run a simple export script in AWS CloudShell (no IAM roles, no permissions to grant)
NEW: Anonymize sensitive data with the --anonymize flag before downloading
Download the export ZIP file (with optional local mapping file)
Upload it to CloudWise
Get instant waste detection analysis with 120+ detectors

✨ Key Features

Zero AWS Connection Required

No IAM roles to create
No cross-account access to configure
No security review needed
Perfect for compliance-restricted environments

🔐 Data Anonymization

Use --anonymize flag to hash AWS account IDs and resource identifiers
SHA-256 one-way hashing ensures original data cannot be recovered
Use --output-mapping to generate a local mapping file for correlation
Mapping file stays on YOUR machine - never uploaded to CloudWise
Perfect for DLP compliance and security team approvals

Full Waste Detection Analysis

85 of 92 waste detectors work in Air-Gapped Mode
Covers EC2, EBS, RDS, Lambda, S3, DynamoDB, ElastiCache, and 30+ more services
Same confidence levels and savings calculations as Online Mode
Dashboard shows clear disclaimers when viewing anonymized data

Cost Analysis (with CUR upload)

Upload your Cost and Usage Report CSV for full cost breakdown
CUR anonymization script available for sensitive cost data
See spending by service, with daily trends
Works alongside waste detection

Easy Data Management

Delete offline uploads when you're done evaluating
All data removed from CloudWise systems
Perfect for one-time audits

🎯 Perfect For

Use Case	Why Air-Gapped Mode Works
Security-conscious organizations	No external access to your AWS account needed
Compliance-restricted environments	No IAM changes, no audit trail to explain
Evaluating before committing	See real results before involving your security team
One-time cost audits	Quick analysis without ongoing integration
Proof of concept	Demonstrate value to stakeholders with real data

🚀 How to Get Started

Go to AWS Accounts → Try Air-Gapped Mode
Follow the instructions to run the export script in AWS CloudShell
Upload your files and get instant results

Learn more about Air-Gapped Mode →

🔧 CloudFormation Template Update (v1.2.0)

Bug Fix: Lambda Waste Detection Permission

We identified and fixed a missing permission that could cause "AccessDenied" errors during Lambda waste detection analysis.

What Changed:

Added lambda:ListProvisionedConcurrencyConfigs permission to the CloudFormation template
This permission is required to detect Lambda functions with unused provisioned concurrency

Action Required: If you're seeing permission errors in waste detection for Lambda resources, update your CloudFormation stack to the latest template version (1.2.0).

🐛 Bug Fixes

Dashboard Account Filter: Fixed filtering for offline uploads in the Dashboard account selector
Cost Reports: Fixed regression where Cost Reports page showed no data for connected accounts
Offline Upload Deletion: Added ability to delete offline uploads and all associated data

Version 1.4.0 - January 18, 2026

📈 Cost Reports Trend Indicators

This release adds visual trend indicators to the Cost Reports table, making it easy to spot which services are trending up or down within your selected time period.

✨ User Experience

Trend Indicators in Cost Reports

Trend arrows now appear next to Total Cost and Avg Daily Cost columns
Red up arrow (↑) indicates costs increasing within the period
Green down arrow (↓) indicates costs decreasing within the period
Gray dash (—) for neutral changes or insufficient data
Hover over any indicator to see the percentage change

🐛 Bug Fixes

AWS Service Icon Fixes

Fixed AWS App Runner icon (was showing fallback instead of correct icon)
Fixed Amazon Simple Email Service icon mapping
Fixed AWS Secrets Manager icon mapping
Fixed AWS Key Management Service icon mapping
Improved table cell alignment for consistent spacing

Version 1.3.0 - January 18, 2026

🎨 AWS Service Icons - Visual Dashboard Enhancement

This release adds official AWS service icons throughout the CloudWise dashboard, making it easier to identify services at a glance.

✨ User Experience

AWS Service Icons

Official AWS service icons now appear next to service names in the Dashboard and Cost Reports
70+ AWS services supported with automatic icon matching
Category-colored fallback circles for any unmapped services
Zero bundle impact - icons loaded on-demand from CDN
Responsive design: icons hidden on mobile to keep the interface clean

Where You'll See Icons

Dashboard service breakdown section
"Complete Breakdown" modal for detailed service costs
Cost Reports table (SERVICE column)

🔧 Technical Details

Icons sourced from icepanel CDN for reliability and performance
Lazy loading ensures no impact on initial page load
Smart service name matching handles variations like "Amazon EC2", "AmazonEC2", and "Amazon Elastic Compute Cloud"

Version 1.2.0 - January 2026

🛡️ CloudWise Shield - Annual Protection Plan

We're excited to introduce CloudWise Shield, our new annual protection plan that makes AWS cost monitoring more affordable and powerful than ever.

💰 New Pricing

Shield Tier - $99/year

Simple, affordable annual pricing (just $8.25/month!)
Perfect for individuals and small teams
Previously, this level of protection would cost $100+/month elsewhere

🚨 Cost Anomaly Detection (Shield Feature)

Automatic Cost Spike Alerts

Daily monitoring of your AWS costs using statistical analysis
Instant alerts when spending spikes unexpectedly
Slack and email notifications
Learn more about Anomaly Detection →

Slack Integration

Connect your Slack workspace to receive real-time cost alerts
Rich message formatting with severity levels
One-click setup with incoming webhooks

✨ Dashboard Improvements

Anomaly Alerts Widget

See recent cost spikes directly on your dashboard
Acknowledge alerts to mark as reviewed
Severity color-coding (Critical, High, Medium, Low)

🔧 Infrastructure

New anomaly-alerts DynamoDB table for storing detected anomalies
EventBridge scheduled rule for daily detection runs
Anomaly Detector Lambda with z-score statistical analysis

Version 1.1.0 - January 2, 2026

CloudFormation Template Management & Improved Notifications

This release introduces automatic CloudFormation template version tracking and improved user notifications for maintaining up-to-date AWS integrations.

🏗️ Infrastructure

CloudFormation Template Version Tracking

CloudWise now automatically detects outdated CloudFormation templates and missing IAM permissions
Get notified when updates are available with one-click access to AWS Console for updates
Learn more about template updates →

🔒 Security

Permission Error Detection

Waste Detection now tracks AccessDenied errors and notifies you about missing permissions
Clear guidance on which permissions need to be added to restore full functionality
Troubleshooting permissions →

✨ User Experience

User-Specific Banner Dismissal

Notification banners are now dismissed per-user, ensuring each team member sees relevant updates
"Don't show again" option persists across sessions

Bug Fixes

AI Copilot performance optimization (PR #109)
Waste detection delete fix for cleaned resources (PR #108)
Fixed issue where waste detection could fail silently on permission errors

Version 1.0.0 - November 25, 2025

CloudWise 1.0 - Production Release 🎉

The first production release of CloudWise brings comprehensive AWS cost monitoring, AI-powered insights, and enterprise-ready features.

🤖 AI & Intelligence

AI Copilot ⭐ Highlight

Ask questions about your AWS costs in plain English
Get instant insights, recommendations, and trend analysis powered by AI
Available in Free tier (5 queries/day) with expanded limits for paid tiers
Learn more about AI Copilot →

📊 Analytics

Cost Analytics Dashboard ⭐ Highlight

Real-time visibility into your AWS spending
Breakdowns by service, region, and account
Historical trend analysis and comparisons
Understanding AWS costs →

Cost Reports & Export

Generate detailed cost reports
CSV and PDF export capabilities
Flexible date ranges and filtering
Cost Insights Guide →

💰 Cost Management

Waste Detection ⭐ Highlight

Automatically identify unused and underutilized resources
AI-powered recommendations for cost reduction
Confidence levels to prioritize actions
Waste Detection Guide →

Budget Alerts

Set spending thresholds per account or service
Email notifications when costs approach or exceed limits
Daily, weekly, or monthly monitoring options
Alerts Guide →

🔗 Integrations

Multi-Account Support

Monitor and aggregate costs across multiple AWS accounts
Single dashboard for all your AWS environments
Role-based access with cross-account IAM
Multi-Account Setup →

Bug Fixes

Lambda SnapStart for faster API response times (PR #97)
Eventually consistent reads for all DynamoDB operations (PR #99)
Optimized Cost Reports page endpoints (PR #98)
Fixed AI Copilot DynamoDB credentials (PR #94)
Improved S3 waste detection (PR #95)

Subscription Tiers

CloudWise offers simple, transparent pricing:

Feature	Free	Shield	Agentic AI	Compliance
Price	$0/forever	$99/year	$199/year	$299/year
Waste Detectors	All 80+	All 80+	All 80+	All 80+
Automated Remediation	—	—	✓ (50/day)	✓ (50/day)
Rollback & Audit Trail	—	—	✓	✓
AI Copilot Queries	5/day	50/day	100/day	500/day
Conversation History	—	30 days	180 days	365 days
Cost History	30 days	180 days	180 days	365 days
Cost Forecasting	—	—	—	90-day forecast
AWS Accounts	1	5	5	5
Air-Gapped Mode	7-day eval	7-day eval	7-day eval	365-day retention
Persistent Uploads	—	—	—	12
QoQ Variance Reports	—	—	—	✓
Cost By Tag	Dashboard	Dashboard + Reports	Dashboard + Reports	Dashboard + Reports + Variance
Anomaly Detection	—	✓	✓	✓
Alert Channels	Email	Email + Slack	Email + Slack	Email + Slack + Webhook
Export Formats	CSV	CSV + JSON	CSV + JSON + PDF	CSV + JSON + PDF
Budget Alerts	Basic	✓	✓	✓
Support	Community	Standard	Priority	Priority

View pricing details →

Feedback & Suggestions

Have ideas for CloudWise? We'd love to hear from you!

Dashboard: Use the Help & Support page to submit feedback directly
Email: support@cloudcostwise.io for general inquiries

Version 1.99.0 - June 24, 2026
- A Faster Dashboard and a Calmer Way to Work Findings
Version 1.96.0 - June 21, 2026
- 🎨 Dashboard Cards, Re-skinned
Version 1.95.0 - June 19, 2026
- 🎨 Air-Gapped Analysis, On Its Own Page
Version 1.94.0 - June 19, 2026
- 🎨 Reports, Re-skinned
Version 1.93.0 - June 19, 2026
- 🎨 Settings & Setup, Re-skinned
Version 1.92.0 - June 18, 2026
- 🎨 Remediation, Re-skinned
Version 1.91.0 - June 18, 2026
- 🎨 Consistent, On-brand Notices
Version 1.90.0 - June 18, 2026
- 🎨 Your Workspace, Now With Real Views
Version 1.89.0 - June 18, 2026
- 🎨 A More Cohesive, Steadier App
Version 1.88.0 - June 17, 2026
- 🤖 The Agent Understands All Your Accounts
Version 1.87.0 - June 17, 2026
- 🎨 Switch Accounts Without Leaving the Conversation
Version 1.86.0 - June 17, 2026
- 🎨 One Shell Around Everything
Version 1.84.0 - June 16, 2026
- 🎨 A New Front Door
Version 1.82.0 - June 16, 2026
- 🔒 Air-Gapped, Reachable Everywhere
Version 1.80.0 - June 15, 2026
- ✉️ Email, On Brand
Version 1.79.0 - June 15, 2026
- 🛡️ Guardrails, Alerts, and Offline — In the Workspace
Version 1.78.0 - June 15, 2026
- 💰 Talk to Your Whole Bill
Version 1.77.0 - June 15, 2026
- 💬 Help, Answered in the Conversation
Version 1.76.0 - June 15, 2026
- ⚙️ Settings, Refreshed
Version 1.75.0 - June 15, 2026
- 🤖 Your Copilot, Fully Inside AWS
Version 1.74.0 - June 14, 2026
- 💳 Usage Credits, Live Trends & AI Inside Your AWS
Version 1.73.0 - June 14, 2026
- 🧠 The Agent Remembers You
Version 1.72.0 - June 13, 2026
- 💬 A Real Conversation Engine
Version 1.71.0 - June 12, 2026
- 🤖 Meet the Agentic Workspace
Version 1.70.0 - June 11, 2026
- 🎨 Documentation Gets the New Look
Version 1.69.0 - June 11, 2026
- 🌐 New Marketing Shell + Faster Blog
Version 1.68.0 - June 11, 2026
- 💳 New Pricing Page — Four Tiers, Monthly or Annual
Version 1.67.0 - June 11, 2026
- 🔧 Sign-up Analytics Repair
Version 1.66.0 - June 11, 2026
- 🔗 Connect Your AWS in One Flow
Version 1.65.0 - June 10, 2026
- 🤖 Ask the Agent — Right on the Landing Page
Version 1.64.0 - June 10, 2026
- 🚪 A New Front Door: the Agentic Landing
Version 1.63.0 - June 9, 2026
- 🧱 New Design Language Foundations
Version 1.62.0 - June 9, 2026
- 📘 Reserved Instance Commitment-Risk Guide
Version 1.61.0 - June 9, 2026
- 📰 Release Notes Hub
Version 1.59.0 - June 8, 2026
- 🏢 AWS Organizations Auto-Discovery
Version 1.58.0 - June 8, 2026
- 📊 Budget Variance Dashboard & Scheduled Email Reports
Version 1.57.0 - June 8, 2026
- 🔐 Air-Gapped DLP Controls, Smarter Notifications & Quieter Errors
Version 1.56.0 - June 4, 2026
- 🚦 Free-Tier Account Limit & Onboarding Email Drip
Version 1.55.0 - June 2, 2026
- ✨ Conversion Quick Wins — Faster Path to Value
Version 1.54.0 - June 2, 2026
- 💲 Consistent Pricing Everywhere
Version 1.52.0 - May 29, 2026
- 💰 Reserved Instance & Savings Plan Management Dashboard
Version 1.51.0 - May 29, 2026
- 💳 Billing & Payment Flow Hardening
Version 1.47.0 - May 27, 2026
- 📰 Blog RSS Feed & Reading Experience
Version 1.46.0 - May 26, 2026
- 🔒 Security Hardening — Auth, Secrets & Rate Limiting
Version 1.45.0 - May 24, 2026
- 🛠️ Error Monitoring, Remediation Reliability & Tiered Scanning
Version 1.44.0 - April 17, 2026
- 🌐 Global Accelerator Deep Optimization — 2 New Detectors
Version 1.43.0 - April 16, 2026
- 🗄️ ElastiCache Deep Optimization — 4 New Detectors
Version 1.42.0 - April 15, 2026
- 🖥️ Elastic Beanstalk Deep Optimization — 5 New Detectors
Version 1.41.0 - April 14, 2026
- 🖥️ WorkSpaces Deep Optimization — 4 Detectors
Version 1.40.0 - April 13, 2026
- 🔬 EMR Deep Optimization — 6 Detectors
Version 1.39.0 - April 11, 2026
- 🔥 Kinesis Deep Optimization — 6 Detectors
Version 1.38.0 - April 8, 2026
- 🔒 Commitment Risk Intelligence
Version 1.37.0 - April 6, 2026
- 🚀 Explore with Sample Data, Permission Transparency & Live Verifier
Version 1.36.0 - April 5, 2026
- 🧯 Lightsail Waste Detection Expansion
Version 1.35.0 - April 3, 2026
- 🧾 Extended Support Penalties — Multi-Service Lifecycle Cost Detection
Version 1.34.0 - March 31, 2026
- 🗄️ Aurora to RDS Downgrade Detector
Version 1.33.0 - PDF Report Builder
- 📄 PDF Report Builder
Version 1.32.0 - March 27, 2026
- 📨 Amazon MQ Optimization Detectors
Version 1.31.0 - March 26, 2026
- 🗄️ Neptune Graph Optimization Detectors
Version 1.30.0 - March 25, 2026
- 🗄️ Aurora Database Optimization Detectors
Version 1.29.0 - March 24, 2026
- ⚡ AppSync Deep Optimization Detectors
Version 1.28.0 - March 23, 2026
- 🔒 Security Posture Detectors
Version 1.27.0 - March 21, 2026
- 🔍 OpenSearch Expanded Detectors
Version 1.26.0 - March 20, 2026
- ⚡ Step Functions Expanded Detectors
Version 1.25.0 - March 19, 2026
- 📁 FSx Deep Optimization Detectors
Version 1.24.0 - March 18, 2026
- 🗄️ DocumentDB Expanded Detectors — Old Snapshots + Overprovisioned Instances
Version 1.23.0 - March 16, 2026
- 🔒 AWS Backup Deep Optimization — 5 New Detectors
Version 1.22.0 - March 15, 2026
- 📊 Cost Observability — Detector Explanations + Prometheus Metrics Exporter
Version 1.21.0 - March 14, 2026
- 🐳 ECS/Fargate Deep Optimization — 3 New Detectors + 3 Bug Fixes
Version 1.20.0 - March 13, 2026
- 🔄 AWS Transfer Family Deep Optimization Detectors
Version 1.19.0 - March 12, 2026
- 💸 S3 High Request & Transfer Cost Detector (CUR-based)
Version 1.18.0 - March 11, 2026
- ⚙️ AWS Glue Deep Optimization Detectors
Version 1.17.0 - March 09, 2026
- 📦 S3 Storage Optimization Detectors
Version 1.16.0 - March 7, 2026
- 🗄️ Redshift Concurrency Scaling Waste Detector
Version 1.15.0 - March 5, 2026
- 📊 CUR 2.0 (Data Exports) Support — Automatic Format Normalization & CloudFormation Template
Version 1.14.0 - March 5, 2026
- 🗄️ Redshift Detectors — Underutilized, No Pause, Spectrum Heavy, Legacy DC2 & WLM Over-Provisioned
Version 1.13.0 - March 3, 2026
- 📡 MSK Detectors — Idle & Oversized Cluster Detection
Version 1.12.0 - March 1, 2026
- 🔍 CloudWatch Logs Detectors — Excessive Retention & Empty Log Groups
- 📸 EBS Snapshot Detectors — Orphaned Snapshot Detection
Version 1.11.0 - February 28, 2026
- 📴 Air-Gapped Mode — Multi-Region UX, IAM Audit & Lambda Data Fixes
Version 1.10.0 - February 26, 2026
- ⚡ Lambda Waste Detectors — Provisioned Concurrency, Timeout, ARM64 & Runtime
Version 1.9.0 - February 24, 2026
- 🧠 SageMaker Waste Detectors, Lambda-to-Lambda Scan & Async Waiters
Version 1.8.0 - February 22, 2026
- ⚖️ Load Balancer Waste Detectors & Rollback Improvements
Version 1.7.0 - February 17, 2026
- 🤖 Agentic AI Tier — Automated Waste Remediation
Version 1.6.0 - February 6, 2026
- 🔐 Compliance Tier — 365-Day Air-Gapped Mode
Version 1.5.0 - January 29, 2026
- 📴 Air-Gapped Mode with Data Anonymization
Version 1.4.0 - January 18, 2026
- 📈 Cost Reports Trend Indicators
Version 1.3.0 - January 18, 2026
- 🎨 AWS Service Icons - Visual Dashboard Enhancement
Version 1.2.0 - January 2026
- 🛡️ CloudWise Shield - Annual Protection Plan
Version 1.1.0 - January 2, 2026
- CloudFormation Template Management & Improved Notifications
Version 1.0.0 - November 25, 2025
- CloudWise 1.0 - Production Release 🎉
Subscription Tiers
Feedback & Suggestions

Version 1.99.0 - June 24, 2026​

A Faster Dashboard and a Calmer Way to Work Findings​

Version 1.96.0 - June 21, 2026​

🎨 Dashboard Cards, Re-skinned​

Version 1.95.0 - June 19, 2026​

🎨 Air-Gapped Analysis, On Its Own Page​

Version 1.94.0 - June 19, 2026​

🎨 Reports, Re-skinned​

Version 1.93.0 - June 19, 2026​

🎨 Settings & Setup, Re-skinned​

Version 1.92.0 - June 18, 2026​

🎨 Remediation, Re-skinned​

Version 1.91.0 - June 18, 2026​

🎨 Consistent, On-brand Notices​

Version 1.90.0 - June 18, 2026​

🎨 Your Workspace, Now With Real Views​

Version 1.89.0 - June 18, 2026​

🎨 A More Cohesive, Steadier App​

Version 1.88.0 - June 17, 2026​

🤖 The Agent Understands All Your Accounts​

Version 1.87.0 - June 17, 2026​

🎨 Switch Accounts Without Leaving the Conversation​

Version 1.86.0 - June 17, 2026​

🎨 One Shell Around Everything​

Version 1.84.0 - June 16, 2026​

🎨 A New Front Door​

Version 1.82.0 - June 16, 2026​

🔒 Air-Gapped, Reachable Everywhere​

Version 1.80.0 - June 15, 2026​

✉️ Email, On Brand​

Version 1.79.0 - June 15, 2026​

🛡️ Guardrails, Alerts, and Offline — In the Workspace​

Version 1.78.0 - June 15, 2026​

💰 Talk to Your Whole Bill​

Version 1.77.0 - June 15, 2026​

💬 Help, Answered in the Conversation​

Version 1.76.0 - June 15, 2026​

⚙️ Settings, Refreshed​

Version 1.75.0 - June 15, 2026​

🤖 Your Copilot, Fully Inside AWS​

Version 1.74.0 - June 14, 2026​

💳 Usage Credits, Live Trends & AI Inside Your AWS​

Version 1.73.0 - June 14, 2026​

🧠 The Agent Remembers You​

Version 1.72.0 - June 13, 2026​

💬 A Real Conversation Engine​

Version 1.71.0 - June 12, 2026​

🤖 Meet the Agentic Workspace​

Version 1.70.0 - June 11, 2026​

🎨 Documentation Gets the New Look​

Version 1.69.0 - June 11, 2026​

🌐 New Marketing Shell + Faster Blog​

Version 1.68.0 - June 11, 2026​

💳 New Pricing Page — Four Tiers, Monthly or Annual​

Version 1.67.0 - June 11, 2026​

🔧 Sign-up Analytics Repair​

Version 1.66.0 - June 11, 2026​

🔗 Connect Your AWS in One Flow​

Version 1.65.0 - June 10, 2026​

🤖 Ask the Agent — Right on the Landing Page​

Version 1.64.0 - June 10, 2026​

🚪 A New Front Door: the Agentic Landing​

Version 1.63.0 - June 9, 2026​

🧱 New Design Language Foundations​

Version 1.62.0 - June 9, 2026​

📘 Reserved Instance Commitment-Risk Guide​

Version 1.61.0 - June 9, 2026​

📰 Release Notes Hub​

Version 1.59.0 - June 8, 2026​

🏢 AWS Organizations Auto-Discovery​

Version 1.58.0 - June 8, 2026​

📊 Budget Variance Dashboard & Scheduled Email Reports​

Version 1.57.0 - June 8, 2026​

🔐 Air-Gapped DLP Controls, Smarter Notifications & Quieter Errors​

Version 1.56.0 - June 4, 2026​

🚦 Free-Tier Account Limit & Onboarding Email Drip​

Version 1.55.0 - June 2, 2026​

✨ Conversion Quick Wins — Faster Path to Value​

Version 1.54.0 - June 2, 2026​

💲 Consistent Pricing Everywhere​

Version 1.99.0 - June 24, 2026

A Faster Dashboard and a Calmer Way to Work Findings

Version 1.96.0 - June 21, 2026

🎨 Dashboard Cards, Re-skinned

Version 1.95.0 - June 19, 2026

🎨 Air-Gapped Analysis, On Its Own Page

Version 1.94.0 - June 19, 2026

🎨 Reports, Re-skinned

Version 1.93.0 - June 19, 2026

🎨 Settings & Setup, Re-skinned

Version 1.92.0 - June 18, 2026

🎨 Remediation, Re-skinned

Version 1.91.0 - June 18, 2026

🎨 Consistent, On-brand Notices

Version 1.90.0 - June 18, 2026

🎨 Your Workspace, Now With Real Views

Version 1.89.0 - June 18, 2026

🎨 A More Cohesive, Steadier App

Version 1.88.0 - June 17, 2026

🤖 The Agent Understands All Your Accounts

Version 1.87.0 - June 17, 2026

🎨 Switch Accounts Without Leaving the Conversation

Version 1.86.0 - June 17, 2026

🎨 One Shell Around Everything

Version 1.84.0 - June 16, 2026

🎨 A New Front Door

Version 1.82.0 - June 16, 2026

🔒 Air-Gapped, Reachable Everywhere

Version 1.80.0 - June 15, 2026

✉️ Email, On Brand

Version 1.79.0 - June 15, 2026

🛡️ Guardrails, Alerts, and Offline — In the Workspace

Version 1.78.0 - June 15, 2026

💰 Talk to Your Whole Bill

Version 1.77.0 - June 15, 2026

💬 Help, Answered in the Conversation

Version 1.76.0 - June 15, 2026

⚙️ Settings, Refreshed

Version 1.75.0 - June 15, 2026

🤖 Your Copilot, Fully Inside AWS

Version 1.74.0 - June 14, 2026

💳 Usage Credits, Live Trends & AI Inside Your AWS

Version 1.73.0 - June 14, 2026

🧠 The Agent Remembers You

Version 1.72.0 - June 13, 2026

💬 A Real Conversation Engine

Version 1.71.0 - June 12, 2026

🤖 Meet the Agentic Workspace

Version 1.70.0 - June 11, 2026

🎨 Documentation Gets the New Look

Version 1.69.0 - June 11, 2026

🌐 New Marketing Shell + Faster Blog

Version 1.68.0 - June 11, 2026

💳 New Pricing Page — Four Tiers, Monthly or Annual

Version 1.67.0 - June 11, 2026

🔧 Sign-up Analytics Repair

Version 1.66.0 - June 11, 2026

🔗 Connect Your AWS in One Flow

Version 1.65.0 - June 10, 2026

🤖 Ask the Agent — Right on the Landing Page

Version 1.64.0 - June 10, 2026

🚪 A New Front Door: the Agentic Landing

Version 1.63.0 - June 9, 2026

🧱 New Design Language Foundations

Version 1.62.0 - June 9, 2026

📘 Reserved Instance Commitment-Risk Guide

Version 1.61.0 - June 9, 2026

📰 Release Notes Hub

Version 1.59.0 - June 8, 2026

🏢 AWS Organizations Auto-Discovery

Version 1.58.0 - June 8, 2026

📊 Budget Variance Dashboard & Scheduled Email Reports

Version 1.57.0 - June 8, 2026

🔐 Air-Gapped DLP Controls, Smarter Notifications & Quieter Errors

Version 1.56.0 - June 4, 2026

🚦 Free-Tier Account Limit & Onboarding Email Drip

Version 1.55.0 - June 2, 2026

✨ Conversion Quick Wins — Faster Path to Value

Version 1.54.0 - June 2, 2026

💲 Consistent Pricing Everywhere