Desktop App

​

0.11.0

• Add an uninstall command to completely remove Formal from the machine
• Add an input.source field to allow policies to differentiate desktop policy enforcement from connector policy enforcement

• Improve performance of fetching updates from the control plane
• Improve performance of formal ls

​

0.10.1

• Support filling out Forms using formal form fill

• Change macOS CA trust dialog back to the default Security dialog

​

0.10.0

• Add device trust support for MySQL
• Forward MySQL policy block messages to clients

​

0.9.21

• Support Codex block messages
• Support HTTP header rewrites for HTTP technology

• Decrease bundle size by 50%
• Rename transparent proxy to transparent mode
• Rename ca install for Linux to ca trust for macOS-Linux parity

​

0.9.20

• Only check for updates if check_for_updates is set in config.toml.

​

0.9.18

• Show a custom Formal dialog when asking the user for permission to add CAs

​

0.9.17

• By default, block QUIC traffic when the transparent proxy is enabled. Control this via the allow_quic configuration parameter.
• Support Claude Chat for LLM sessions when allow_quic is false.

​

0.9.16

• Support enabling the transparent proxy on desktop app startup via config.toml

​

0.9.15

• Support auto-classification of HTTP and MCP traffic
• Support device trust for MongoDB

• Install the network extension as part of the installer

​

0.9.14

• Support desktop evaluation and logging of MCP traffic
• Support network rules that don’t require resources

• Indicate to users that sudo is required for formal ca trust
• Use total input tokens instead of input tokens
• Correct CA installation out of sync race conditions

​

0.9.13

• Support user identity in policy evaluation
• Support transparent proxy for Linux

​

0.9.12

• Support LLM header rewrites
• Remove the --only-agents, --transparent, and --local-tls flags

​

0.9.10

• Support session stage evaluation for the LLM technology

​

0.9.9

• Support policy enforcement for the MCP technology without a connector
• New formal transparent-proxy install and formal transparent-proxy uninstall commands

​

0.9.8

• Add Formal CA to keychain via installer

• Support policy enforcement for HTTP resources without a connector
• Support connection process and user information in network rules

​

0.9.7

• Automatically add Formal CA to Keychain when enabling the transparent proxy

​

0.9.6

• Enable the transparent proxy via the system tray.
• Support users in network rules

​

0.9.5

• Support custom block messages for Claude Code tool calls

​

0.9.4

• Support network rules in transparent proxy

​

0.9.3

• Support policy enforcement of LLM sessions without a Connector

​

0.9.2

• Improve performance of transparent mode

​

0.9.0

• Add support for machine user auth via AWS SigV4

​

0.8.4

• Improve LLM session id saving for replay

​

0.8.3

• Support connecting to MCP resources
• Support log encryption for LLM technology

​

0.8.2

• Separate TLS settings for LLM technology

• Emit session events for LLM technology sessions

​

0.8.1

• Do not require a Connector to use the LLM technology

​

0.8.0

• Support connecting with --transparent mode
• Support connecting with --only-agents mode
• Support connecting with --local-tls mode
• Pass process ancestor information
• Support LLM technology

• Reject CLI arguments for formal-agent

​

0.7.3

• Managed Connector SSH host keys in an isolated host keys file.

​

0.7.2

• Fixed a bug where the resource alias was used for smart routing rather than the resource name.

​

0.7.1

• Added support for resource aliases
• Added a --launch argument to formal connect to launch the appropriate CLI program after connecting (for example psql or ssh).

• Fixed a bug where the interactive formal ls parent process didn’t exit when launching a CLI program, obscuring connection errors and policy block messages.

​

0.7.0

• Improved formal ls performance by moving search filtering server-side
• Reduced unnecessary API calls during credential renewal

​

0.6.0

• Fixed a bug where the desktop app CLI would attempt to launch the agent when run without a TTY.
  • Note: this introduces a small breaking change where running formal without a TTY will now exit with an error and show help text. Please run formal agent instead.

​

0.5.7

• Fix smart routing for MySQL resources

​

0.5.6

• Fix a bug where the desktop app would timeout when listing resources in non-interactive mode

​

0.5.5

• Add support for JSONL and YAML output format to formal ls

​

0.5.4

• Fix MySQL authentication with clients that send a null byte for empty passwords

​

0.5.3

• Refresh MFA challenges every second

​

0.5.2

• Add support for the new MySQL proxy implementation

• Fix DynamoDB authentication

​

0.5.1

• Improve MFA user experience

​

0.5.0

• Add support for MFA policy enforcement

​

0.4.4

• It is no longer required to specify a resource name with formal disconnect. By default, it disconnects all resources.

​

0.4.3

• Added support for Windows.
• Added support for wrapping AWS S3 commands to funnel traffic through the Connector.

• Change SSH config configuration to be compatible with SCP via the Connector.
• Change SSH config configuration to be use resource names as SSH host names.

​

0.4.2

• Fixed a build issue where the desktop app would not provide an icon on Linux.

​

0.2.7

• Fixed a bug that prevented the desktop app from logging out from the command line.

​

0.2.6

• Added a -y flag to formal auth login to bypass the browser confirmation prompt.

• Fixed a bug where the desktop agent could be launched multiple times.

​

0.2.5

• Implemented pagination of resources to reduce startup delay of formal ls.

• Reworked connecting/disconnecting to resources to be asynchronous, which prevents a connection from blocking the TUI from rendering.

• Fixed a bug where the desktop app would show multiple instances of the same resource while filtering and connecting.
• Fixed a bug where the autolaunch functionality could freeze the TUI.

​

0.2.4

• Added support for using token authentication in headless mode.
• Introduced a configurable timeout for the formal agent command with --timeout.

• Changed the formal ls command to lazily load resources and show a loading spinner instead of blocking the TUI from launching.

​

0.2.3

• Added a formal agent command to launch the Formal Agent through the CLI.
• Added a headless mode, which can be launched through formal agent --headless and allows usage of the Formal Desktop without a GUI. See Desktop App for more details.

​

0.2.2

• Added the ability to open a psql session automatically when connecting to a PostgreSQL resource through formal ls.
• Added a permanent “latest” URL to download the latest version of the desktop app on Linux.

• Fixed a bug where the desktop app could become unresponsive when connecting to a resource.

​

0.2.1

• Fixed a visual bug with the formal ls UI where a resource would not update its status after a connection request

​

0.2.0

• Added the ability to open an SSH session automatically when connecting to an SSH resource through formal ls

​

0.1.4

• Added support for Linux

​

0.1.0

• Added support for configuring the SSH client (i.e., ~/.ssh/config) to more seamlessly connect to SSH, EC2, and ECS Fargate resources using the formal ls UI

​

0.0.91

• Fixed versioning issue

​

0.0.90

• Fixed versioning issue

​

0.0.89

• Added a link to download the latest version of the desktop app if an update is available

​

0.0.88

• Ensured errors are printed to stderr rather than stdout to provide a clean output stream to users

​

0.0.87

• Exposed certain classes of connection errors between the local proxy and the Formal Connector to users

​

0.0.86

• Fixed authentication failures

​

0.0.85

• Added support for using formal@<native-user> as the username to specify the native user

​

0.0.84

• Added support for json option to formal auth credentials -o

​

0.0.83

• Added support for json option to formal auth credentials -o

​

0.0.82

• Avoided crashing on EOF for postgres

​

0.0.81

• Fixed desktop app auth status

​

0.0.80

• Fixed desktop app auth status

​

0.0.79

• Added support for MongoDB smart routing

​

0.0.78

• Fixed typo in error message missing S3 resource name

​

0.0.77

• Added support for TCP Proxy and Relays

​

0.0.75

• Removed the use of AWS profile

​

0.0.74

• Removed the use of AWS profile

​

0.0.73

• Added more efficient routing

​

0.0.72

• Fixed support for dynamodb

​

0.0.71

• Added resource subdomain to Kubernetes resources for connectors

​

0.0.70

• Added support for connectors

​

0.0.69

• Added support for basic auth for clickhouse

​

0.0.68

• Added resource to policy evaluation

​

0.0.67

• Updated desktop app to renew key every 18 hours

​

0.0.66

• Added support for connector in policy evaluation

​

0.0.65

• Updated log message for fetchCABundle

​

0.0.64

• Added more logs to the dynamodb command

​

0.0.63

• Removed posthog

​

0.0.62

• Fixed AWS CLI

​

0.0.61

• Fixed AWS CLI

​

0.0.60

• Added AWS CLI to building process

​

0.0.59

• Added support for certificate bundle dynamodb

​

0.0.58

• Added support for API Token expiration