Verified reference, May 13, 2026
CloudCruise product updates after May 8, 2026: what actually shipped.
You typed this into Google because you are doing a vendor refresh and want to know if CloudCruise has changed since you last looked. The honest answer is short and easy to verify, and it is below in a callout. Everything else on this page is the source for that answer: per-repo last-update dates, the one commit that landed in the window, and a command you can run today to re-check.
Direct answer, verified May 13, 2026
One verifiable product update landed after May 8, 2026: a single security commit on the JavaScript SDK.
- cloudcruise-js, commit 35400dd, May 11, 2026 at 20:10 UTC. Title: “Restrict SDK API key requests to production CloudCruise API”. A one-change hardening that prevents the SDK from sending API key requests to non-production endpoints. Source: github.com/CloudCruise/cloudcruise-js.
- cloudcruise-cli v1.2.0, May 8, 2026 at 22:16 UTC. Technically the day of, not after. Added prior-workflow-version fetching, renamed
--versionto--version-number, tightened docs. Source: github.com/CloudCruise/cloudcruise-cli. - Everything else is quiet. No new posts on cloudcruise.com/blog after April 27. No commits on BADGER since February 3. No commits on cloudcruise-python since April 30. Zero tagged GitHub releases across the org.
Section one
What shipped, per repo, with the actual last-push timestamp.
The CloudCruise GitHub organisation has five public repos. Four are actively maintained engineering surfaces (the JS, Python, and CLI SDKs plus the BADGER DSL spec). One, test-websites, has not been touched since September 2025 and is out of scope for a product-updates question. Below is the inventory, sorted by most-recent push, with the answer to the literal question in the first row.
| Repo | Last push (UTC) | What landed |
|---|---|---|
| cloudcruise-js | 2026-05-11 | One commit after May 8: 35400dd restricted the SDK to only call the production CloudCruise API. Before that, last activity was Feb 20, 2026. |
| cloudcruise-cli | 2026-05-08 | v1.2.0 cut on May 8 itself. Added prior-workflow-version fetching, renamed the flag from --version to --version-number, and rewrote a chunk of the docs/skill rollback section. |
| cloudcruise-python | 2026-04-30 | Strict vault input/response types and enriched RunError. No commits after April 30. |
| BADGER | 2026-02-03 | Single README revision in February emphasising the graph framing. The DSL spec has not been touched in over three months. |
Read the table top to bottom and the shape of CloudCruise's engineering allocation since their March 2026 seed becomes obvious. Active work happens on the SDKs. BADGER is treated as a published spec, not a moving target. The DSL has been stable for over three months, which is a feature if you are integrating against it and a tell about where the closed-source runtime is getting most of the attention.
Section two
Re-verify the answer yourself in three commands.
This page's answer is dated and will go stale. Below is the exact recipe used to produce it, so you can re-run it the day you read this and check whether anything changed. Requires curl and jq, both standard on macOS and any Linux distribution. No API key.
The first command lists every public CloudCruise repo with its last-push timestamp. Anything newer than the date you arrived on this page is fresh. The second pulls the five most-recent commits on the JS SDK, which is the repo most likely to receive feature work. The third scrapes any 2026-shaped date out of the blog HTML, which is rough but reliable enough to catch new posts. Three commands, under five seconds, no auth.
Section three
The one commit after May 8, in detail.
The post-May-8 update is small enough to describe in a paragraph. The cloudcruise-js SDK previously allowed the API key to be sent to any endpoint the caller pointed it at. After commit 35400dd, the SDK rejects API key requests to anything other than the production CloudCruise API. The change is sensible: a leaked SDK key pointed at a staging or local-mock endpoint is the classic shape of a token-exfiltration bug, and constraining the SDK at the source means a downstream developer cannot accidentally create that vector even with a misconfigured wrapper.
For a buyer doing diligence, two things are worth noting. One, the team is still actively maintaining the JavaScript SDK with engineering attention in the same month they shipped a CLI minor. Two, the change shape (defensive, fingerprintable, short) is the kind of patch that happens after a security review or an incident report from a customer. Neither is publicly disclosed, and the commit message does not say. The honest reading is: the JS SDK got tightened on May 11, and the team has not yet shipped a public statement about why.
The cloudcruise-cli v1.2.0 release on May 8 is more interesting as a directional signal. The new --version-number flag and the “feat(workflows): support fetching prior workflow versions” commit (4da02e5) together imply the platform is moving toward versioned workflow artefacts that can be retrieved out-of-band, which is the prerequisite for any rollback or A/B testing flow on a graph. The CLI ships before the platform feature is announced, which is a common pattern: the SDK lands first so partner integrations can be tested, the blog post follows when the marketing site is ready. Worth watching for a follow-up post in the next two to four weeks.
Section four
Where to watch, and what you will not find.
CloudCruise has chosen not to publish a changelog. There is no /changelog page (returns 404), no tagged releases on any GitHub repo, and no status page. The team communicates through the blog for announcements and through commit history for the day-to-day, which is a reasonable choice for a small developer-platform company but means a buyer has to do the work of compiling updates themselves.
Channels worth monitoring
- github.com/orgs/cloudcruise/repositories sorted by last push (most reliable signal; the JS, Python and CLI SDKs receive real engineering work)
- cloudcruise.com/blog (the blog is product marketing; expect a post per healthcare or fintech announcement, not per feature)
- the npm package @cloudcruise/cloudcruise-js for new minor versions
- PyPI package cloudcruise for new minor versions of the Python SDK
- docs.cloudcruise.com — undated, so diff the sitemap to catch new pages
Channels that do not exist (do not waste time)
- a CloudCruise-published changelog page (it does not exist as of May 13, 2026, and /changelog returns 404)
- release notes posted by date in the docs (the workflow editor docs are version-less)
- tagged releases on any cloudcruise GitHub repo (zero releases across all five public repos)
- a public roadmap or status page
Section five
How to read “not much changed” as a buyer.
A five-day quiet window in May is not a vendor-health signal. It is a five-day quiet window. CloudCruise shipped a $5M seed in March 2026, two substantive blog posts in late April, three healthy SDK releases in late April and on May 8, and a security patch on May 11. The cadence is fine. The flat patch on May 8 through 13 is the kind of thing that happens to every small team in any given week.
What it means for a buyer doing diligence right now is mostly that the recent feature commitments (versioned workflows, SDK hardening) are credible directional signals and you can plan a pilot against them. If you are deciding whether to wait for a specific feature, the honest answer is to ask CloudCruise directly, not to read tea leaves out of a commit log.
The harder question for most buyers is not about cadence at all. It is whether a browser-only RPA platform fits the workflow you are actually trying to automate. CloudCruise drives anything that lives inside Chromium. The moment the workflow opens a desktop SAP GUI screen, an Epic Hyperspace window, an Oracle Forms session, or a Jack Henry green-screen, the DOM stops being a meaningful representation and a different surface is needed. Mediar reads the Windows UI Automation accessibility tree instead, which exposes role, name, automation id, and bounds for every visible control across every running Windows process. Same idea (workflow file plus selector cascade plus AI authoring), different input surface. Teams running both let the browser tool handle the browser steps and the desktop tool handle the desktop steps inside one end-to-end flow.
Already on CloudCruise and the workflow leaves the browser tab?
If half your workflow is a payer portal and half is an Epic Hyperspace window or a SAP GUI screen, we run the desktop half. Book a 30-minute call and we will walk through whether the boundary in your stack lines up.
Frequently asked questions
Did CloudCruise ship any product updates after May 8, 2026?
One public commit, verified on May 13, 2026. The cloudcruise-js SDK received commit 35400dd on May 11, 2026, titled 'Restrict SDK API key requests to production CloudCruise API'. That is a one-line security tightening, not a feature release. The cloudcruise-cli v1.2.0 release landed on May 8 itself (technically the day of, not after), adding support for fetching prior workflow versions. No new blog posts, no BADGER commits, no cloudcruise-python commits, and no tagged releases anywhere in the org during that five-day window.
What is commit 35400dd and why does it matter?
It is a single behavioural change in the cloudcruise-js SDK on May 11, 2026: the SDK will now only send API key requests to the production CloudCruise API endpoint. Before that, the SDK could be pointed at non-production endpoints with a real API key, which is exactly the foot-gun that has caused public token leaks at other vendors. It is a tiny, sensible hardening. It tells you the team is still paying attention to the JS SDK and that they read recent industry incident reports. It does not tell you about feature direction.
What did v1.2.0 of the CLI add on May 8?
Three concrete things, in order from largest to smallest. First, a feature: 'feat(workflows): support fetching prior workflow versions' (commit 4da02e5). This means the CLI can now reach back to older snapshots of a workflow, which is the prerequisite for any rollback flow. Second, an interface change: the flag for selecting a version was renamed from --version to --version-number with an InvalidArgumentError on misuse (commit 317f510). Third, a documentation tightening of the rollback section in the embedded skill (commits b5a063e and 3a50d22). Read as a whole, it is the team building toward versioned, rollback-able workflows; how far that goes is not yet public.
Why is there no public CloudCruise changelog?
CloudCruise does not publish one. /changelog on the marketing site returns 404. The closest thing to release notes is the commit history on the four public SDK repos plus any blog post the team chooses to write. There are also zero GitHub Releases tagged across all five public repos (cloudcruise-js, cloudcruise-cli, cloudcruise-python, BADGER, test-websites), which is unusual for a developer-facing platform. If you need stable date-stamped product updates for a procurement review, you will have to compile them yourself from commit history.
What was the most recent CloudCruise blog post before this date?
Two posts in late April 2026. April 27: 'The RPA Tax on Your Engineering Org'. April 23: 'Automating Patient Eligibility Verification: Technical Implementation Guide'. Both fit CloudCruise's public theme of healthcare browser automation since the $5M seed in March 2026. No posts have been published in the May 8 to May 13 window.
Has BADGER been updated?
Not since February 3, 2026. The last commit on github.com/CloudCruise/BADGER is 739397b, a README revision titled 'Revise README to emphasize automation as graphs'. The DSL spec has not changed. The open-source repo continues to be a useful architecture document for the BADGER node taxonomy and the five selector strategies, but it is not where the active product engineering shows up. The active work is in the SDK repos.
How do I get notified the next time CloudCruise ships something?
Three reliable signals. One, watch the CloudCruise GitHub org's repository list sorted by most-recent push. The JS, Python, and CLI SDKs receive engineering work every two to four weeks on average and are the highest-fidelity feature-shipping signal. Two, subscribe to the npm package @cloudcruise/cloudcruise-js and the PyPI package cloudcruise for new minor versions. Three, RSS or scrape /blog if you care about announcements. Skip /changelog and /status; they do not exist.
Why does Mediar publish a page about a competitor's release cadence?
Because the question is being typed into Google and the rest of the open web answers it badly. Searches that combine a vendor name with a recency window almost always come from a buyer doing a refresh on whether anything changed since their last evaluation. We would rather you find a verified answer here, even if the verified answer is mostly 'not much', than read stale comparison pages from January. If your workflow lives inside a browser, CloudCruise is a credible tool. If your workflow lives in SAP GUI, Oracle Forms, a Jack Henry green-screen, or any other thick-client Windows app, the DOM stops being a meaningful representation; that is the boundary Mediar sits on the other side of.
Where does Mediar fit if I am already on CloudCruise?
Side by side, not in place of. CloudCruise drives the workflows that live entirely inside Chromium: payer portal logins, vendor extranet downloads, SaaS form fills. Mediar drives the workflows that open a desktop SAP GUI screen, an Epic Hyperspace window, an Oracle Forms session, or a Jack Henry session, by reading the Windows UI Automation accessibility tree instead of a DOM. Same idea (a workflow file plus a selector cascade plus AI authoring), different input surface. Customers running both let the browser tool handle the browser steps and the desktop tool handle the desktop steps inside a single end-to-end flow.
Comments (••)
Leave a comment to see what others are saying.Public and anonymous. No signup.