Highlighted resources

May 2026: Feature releases & highlights

Avatar photoStefan Wallin

Rich forms support for applications, examples library, enhanced MCP server, improved secure call-home.

Developer experience for defining applications

At the heart of Avassa is the idea that getting from containerized application to edge deployment should be as fast and straightforward as possible. Being able to define applications efficiently using the Avassa application specification is therefore fundamental to the developer experience.

Several resources are already available to help developers get started:

  • A summary of related documentation is available in the Application Essentials section.
  • The full application specification is available in the API reference documentation.
  • If you already have a Docker Compose or Docker run example, the Docker feature mapping guide helps translate common Docker concepts into Avassa application specifications.

🆕 To simplify the process further, we have added a rich library of application examples. As developers, we all know that starting from a working example is often faster than reading the full documentation.

Most importantly, we have also added full forms support for the application specification in the Avassa UI. This makes it easier to create, inspect, and modify application definitions directly in the user interface, with structured guidance across the available configuration options.

The application specification is presented as a structured tree where individual sections can be expanded, inspected, and modified. In the example below, the Mosquitto application contains two containers, service placement settings, ingress networking, and volumes.

Screenshot

Additional capabilities can be added through contextual “More options…” menus, making it easier to discover and configure the complete application model. The screen shot below illustrates “More options…” activated.

The forms-based editor is aware of dependencies within the application model. In the example below, the user is defining volume mounts for the Mosquitto container. Since mounts can only reference volumes defined by the parent service, the Volume selector automatically presents the available service volumes, simplifying configuration and reducing the risk of invalid references.:

Pick a volume from available:

The same mechanism is supported for selecting secrets from vaults, pick lists are shown for available vaults and secrets.

With the addition of full forms support and a rich collection of application examples, defining applications in Avassa becomes both easier and more discoverable. New users can get started faster, while experienced users gain a more efficient way to navigate and edit complex application specifications. Together, these enhancements further streamline the path from containerized application to edge deployment.

Improved call-home authentication using challenge-response

Previous Avassa releases introduced support for client certificate authentication as part of the call-home mechanism between Edge Enforcers and Control Tower.

While mutual TLS provided strong authentication, some customer environments experienced interoperability challenges with enterprise firewalls, proxies, and TLS inspection infrastructure. In practice, outbound TLS connections using client certificates are sometimes handled inconsistently in tightly controlled corporate networks.

🆕 To improve compatibility across enterprise and industrial environments, Avassa now introduces a challenge-response based authentication mechanism for call-home authentication.

With this approach, the outbound connection itself uses standard TLS behavior commonly accepted by enterprise network infrastructure, while edge host authentication is performed at the application layer via a cryptographic challenge-response exchange.

This preserves strong host authentication while significantly improving compatibility with restrictive corporate networking environments and TLS inspection infrastructure.

The enhanced mechanism is supported in the Control Tower UI. Go to Settings→System and enable host authentication:

As before, you can choose the granularity of the certificate, system-wide, per site, or per host. Then, when you go to the user menu and request the Edge Enforcer install command, you will now have the option to generate a certificate to be passed to the installer:

Screenshot

In this case, we chose to generate a certificate that can be used for one day:

Screenshot

The new mechanism is especially valuable in:

  • segmented enterprise environments
  • industrial ISA-95/Purdue networks
  • environments with outbound proxies or TLS interception
  • deployments where edge hosts operate behind centrally managed security infrastructure

The overall result is a more robust and deployable call-home architecture while maintaining the security properties required for large-scale edge deployments.

Read more: https://docs.avassa.io/how-to/call-home-challenge-auth

Enhanced MCP Server

The MCP server bundled with supctl is significantly expanded, letting AI clients (Claude Code and similar) drive real investigations and propose configuration changes against the Control Tower.

  • get_container_logs now reads per-container log topics directly from the site, with edge-side grep, since, and max_entries.

“Get the last hour of container logs for my-app on edge-stockholm-1 and grep for (?i)panic|stack trace.”

  • New slash-command prompts: /diagnose-site, /check-certificates, /recent-alerts, /deployment-status.

“/check-certificates – anything expiring in the next two weeks?”

  • New get_docs and read_doc tools fetch matching pages from docs.avassa.io so the agent can ground answers in the product documentation.

Staging changes, stage_change, is now safe under concurrent edits, and the http connection is hardened.

Other enhancements

Programmers have always learned in different ways. Some start with the reference manual. Some prefer guided tooling. Most eventually find a working example and adapt it to their needs. With the addition of full forms support and a growing library of application examples, Avassa now supports all three approaches.