Heym Changelog: 23 Releases, 632 Stars, and Month Two

TL;DR: Month two ran from May 27 to June 28, 2026. Heym shipped 23 releases (v0.0.32 to v0.0.54), passed 632 GitHub stars and 65 forks, and merged more than 140 pull requests. The headline story was integrations: eight new nodes including Supabase, GitHub, Notion, Linear, ClickHouse, Amazon S3, Discord, and ElevenLabs voice, five of them contributed by the community. Alongside that came a full Dashboard tab with AI-generated widgets, a Postgres pgvector backend for RAG, native OpenTelemetry tracing, an AI assistant that plans before it builds, file upload triggers, and a security sprint with two patched advisories. This is the complete record.

Table of Contents

• By the Numbers
• The Theme of Month Two: Integrations
• Week 5: Voice, File Shapeshifting, and a Trace Timeline
• Week 6: A Security Sprint, Templates, and the Runbook
• Week 7: OpenTelemetry, Dashboards, and Smarter DataTables
• Week 8: The Integration Surge and a Planner That Asks First
• YouTube Tutorials
• Community Moments
• What Is Coming Next
• Thank You
• FAQ
• References

This is the Heym changelog for month two: a complete record of every feature, fix, and community milestone shipped between May 27 and June 28, 2026.

I am Ceren, one of the engineers building Heym. Month one was about deepening the foundations we launched with. Month two was about reach. We connected Heym to the tools people actually run their work in, gave the platform a way to look at its own numbers, and spent a hard week closing security gaps. I want to write all of it down, the same way I did last time, as an honest record for the people who starred, forked, opened pull requests, and reported issues. If you missed it, the month one changelog covers the first 30 days.

What is Heym? Heym (heym.run, github.com/heymrun/heym) is a self-hosted, open-source AI workflow automation platform. It provides a visual canvas for building workflows with LLM nodes, multi-agent orchestration, built-in RAG backed by Qdrant or Postgres (pgvector), MCP server and client support, human-in-the-loop checkpoints, and full LLM observability. It runs on your own infrastructure with a single Docker Compose command and is published under MIT with Commons Clause.

If you are new here: Heym is a self-hosted, open-source AI workflow automation platform. You get a visual canvas, LLM and agent nodes, built-in RAG, MCP server and client, human-in-the-loop checkpoints, and full LLM observability, all running on your own machine. The repository is at github.com/heymrun/heym.

By the Numbers

Here is the month-two snapshot as of June 29, 2026, with the end-of-month-one figures for comparison.

Metric	End of Month One	End of Month Two	Change
GitHub stars	456	632	+176
Forks	53	65	+12
Releases shipped	31	54 (23 this month)	+23
Days since launch	30	62	+32
Pull requests merged	122	260+	+140
New integration nodes	core set	+8	Supabase, GitHub, Notion, Linear, ClickHouse, S3, Discord, ElevenLabs

23 releases across roughly 32 days kept the one-release-per-day rhythm going. The difference this month was who was shipping. A meaningful share of the work came from outside the core team, and the integration nodes in particular were largely community contributions that we reviewed, hardened, and merged.

Key fact: In its second month as a public project, Heym grew from 456 to 632 GitHub stars, shipped 23 releases (v0.0.32 to v0.0.54), and added eight integration nodes, five of which were contributed by external developers.

The example below is the kind of workflow month two made possible: a file lands, an agent enriches it using the new integration nodes as tools, the result is embedded into a pgvector store, and a dashboard widget tracks the run. Every one of those pieces shipped between May 27 and June 28.

1. Trigger

File upload trigger

A document arrives and starts the run (v0.0.53)

2. Reason

Agent with tool nodes

The agent calls Notion, GitHub, or Linear nodes as tools to enrich the data

3. Store

pgvector RAG

Embeddings are written to a Postgres vector store, no extra service (v0.0.50)

4. Observe

Dashboard widget

An AI-generated chart tracks volume, cost, and latency (v0.0.41)

What runs around the workflow

Tracing

OpenTelemetry export

Every span streams to Jaeger, Tempo, or Honeycomb (v0.0.39)

Safety

Hardened sandbox

Condition and Python evaluation run inside an AST-checked sandbox

The Theme of Month Two: Integrations

Month one was about making the core engine solid. Month two was about connecting it to the rest of your stack.

By the end of the month Heym had eight new integration nodes. You can read or write a Supabase table, push to a Discord channel, open a Linear issue, update a Notion database, query ClickHouse, move files through Amazon S3, act on a GitHub repository, and talk to a workflow with your voice through ElevenLabs. Each of these turns a category of manual glue code into a node you drop on the canvas and wire up.

What made this possible was the work from month one that let any node act as an agent tool. Every integration node is not just a step you place in a fixed sequence; it is also a tool an agent can call at runtime. Add the Linear node to an agent's tool inputs and the agent can decide, on its own, to file an issue when a condition is met. That is the difference between an integration and an integration that an autonomous agent can reach for. For the broader pattern of agents choosing tools, the multi-agent AI systems guide goes deeper.

The rest of this post walks through the four weeks of month two in order.

Week 5: Voice, File Shapeshifting, and a Trace Timeline

May 27 to June 2 (v0.0.32 through v0.0.33)

The first week of month two shipped two crowd-pleasers and quietly closed a class of security gaps.

v0.0.32: Chat Token Usage and Compression Fixes

The chat AI Builder now shows token usage as you build, so a long building session no longer hides its own cost. We also fixed a fallback in chat context compression that could drop tool output on very long conversations. Small, but it is the kind of bug that only shows up after you have been iterating in chat for twenty minutes.

v0.0.33: ElevenLabs Voice, Drive File Conversion, and Dark Mode

This release had three distinct stories.

First, voice. You can now talk to your AI workflows. Any chat message can be read out loud, and a hands-free voice mode lets you speak and have the workflow speak back, with automatic language detection through an ElevenLabs integration. It works in any language and is dark-mode and mobile ready.

Second, file shapeshifting. The Drive node gained a convertFile operation built on pandoc and Pillow. Generate a report as markdown and deliver it as PDF. Capture a screenshot and compress it to JPEG. Extract text from a PDF and turn it into a Word doc. One node, many formats, fully automated. CSV, EPUB, and JSON inputs are all supported.

Third, the Traces view gained a Steps Timeline. Instead of reading raw JSON, you now see a rendered timeline of every step in a run, with the system prompt rendered as markdown and copy buttons on each code block. If you have ever debugged an agent's reasoning by squinting at a JSON blob, this is the fix. Dark mode across the app also got a round of polish in the same release.

On the security side, v0.0.33 shipped parameterized queries for the Slack and Telegram webhook node lookups to remove a SQL injection vector, and it began enforcing a cryptographically random SECRET_KEY, rejecting the hardcoded default that some early self-hosters had left in place.

Week 6: A Security Sprint, Templates, and the Runbook

June 3 to June 9 (v0.0.34 through v0.0.38)

Week six was the heads-down security week of the month, wrapped around two features people had been asking for.

v0.0.34 and v0.0.35: Public Templates and Cross-Worker Stability

Heym shipped a public template library so you can start from a working workflow instead of a blank canvas. Alongside it we fixed cross-worker active-execution state and added SSE heartbeats to the chat stream, which stops long-running streams from timing out when execution is spread across multiple workers. If you run Heym with more than one worker process, this is the release that made streaming reliable.

v0.0.36 and v0.0.37: The OAuth and Hardening Sprint

This is the week we treated security as the feature. In two releases we landed a stack of fixes: hardened OAuth token handling, an ASGI request body size limit, validated-IP pinning for Drive URL downloads, enforced workflow resource access during execution, and a restriction so only workflow owners can manage shares. We also added a configurable request timeout for LLM calls, so a slow model no longer hangs a run indefinitely.

Most importantly, we published a SECURITY.md with a private vulnerability reporting policy and isolated Python tool execution inside an OS-level sandbox (advisory GHSA-wcgw-9hfw-f6f2). If you let workflows run arbitrary Python, that sandbox is the boundary that keeps a tool from reaching the host. Security work is never finished, but a project that handles your credentials and runs your code owes you a real boundary and a real way to report problems. For the broader picture of keeping AI systems safe, our LLM guardrails guide covers the input, output, and action layers.

v0.0.38: The Runbook

Then a fun one. Heym got a Runbook. Press play and watch the canvas build and run a workflow on its own, cursor and all. It is the fastest way to understand AI-native automation: you do not read about it, you watch it happen. We use it on the site and in the product as a self-running demo.

Week 7: OpenTelemetry, Dashboards, and Smarter DataTables

June 9 to June 16 (v0.0.39 through v0.0.44)

Week seven was the observability and data week, and it shipped one of the biggest features of the whole month.

v0.0.39: Native OpenTelemetry

Heym now speaks OpenTelemetry. Every workflow run becomes a trace: one span per run, one span per node, with model and token usage on each. Send it to Jaeger, Tempo, Honeycomb, or any OTLP backend. There is no instrumentation code to write, just one environment variable, and it is disabled by default so it never touches a run unless you turn it on. This sits alongside the built-in Traces view: the internal view for day-to-day debugging, OTLP export for teams that want Heym data in the same backend as the rest of their services.

v0.0.40 and v0.0.41: The Dashboard Tab

This is the headline feature of month two.

Heym now has a Dashboard tab. You build a complete observability dashboard on the canvas without leaving the product. Describe any metric in your own words, in any language, and the AI generates the right widget: bar, line, area, pie, gauge, scatter, proportion, or bar gauge. Then refine any widget with a single prompt.

Under the hood, widgets are powered by a new Chart Output node. A restricted widget canvas builds each chart, with bidirectional title and description sync, per-widget cache TTL so expensive queries do not rerun on every view, AI-assisted title and description generation, and an optional link-out URL on any widget. The same release added an Amazon S3 node, contributed by the community, for moving files in and out of object storage.

v0.0.42 to v0.0.44: AI-Assisted DataTables and the ChatGPT Connector

The DataTable node got noticeably smarter. You can now describe the table you want and have the AI generate the schema for you, then edit the suggested columns before creating it. We added a count operation, operator filters on find, and table cloning. Charts gained a text and markdown type so a widget can render prose, not just numbers. We also fixed the MCP ChatGPT connector so Heym workflows show up cleanly as tools there, and we hid widget-only workflows from the MCP tool list so your dashboard internals do not leak into an AI client's toolset.

Week 8: The Integration Surge and a Planner That Asks First

June 17 to June 28 (v0.0.45 through v0.0.54)

The final stretch of the month is where the integration story really landed, alongside two pieces of AI-builder intelligence and one more security fix.

v0.0.45: Supabase

The Supabase node lets you query and mutate your Postgres tables right inside a workflow. Select, insert, update, upsert, and delete, with operator filters, logical AND and OR groups, automatic table and column discovery, and a one-click connection test. No custom HTTP wiring.

v0.0.46 and v0.0.47: Skill History, HITL Guards, and the GitHub Node

v0.0.46 added a skill history dialog and tightened the human-in-the-loop resume path, guarding against resuming a request that is already resolved or expired. v0.0.47 brought the GitHub node, contributed by the community, so a workflow can act on repositories directly, plus an Ask AI filter dropdown and a fix to the expression dialog inputs.

v0.0.48: An AI Assistant That Plans Before It Builds

Two things landed here, and both change how the AI Builder feels.

First, the assistant now plans before it builds. Give it a vague request and instead of guessing, it asks you a few quick questions. Tap a suggested chip or type your own answer, and it builds the workflow from your answers. Less guessing, fewer throwaway canvases.

Second, a Workflow Analysis tool. It reviews your actual runs and tells you what to improve first, leading with the improvement areas and including a security angle. It is the difference between a builder that generates a workflow and one that looks at how the workflow behaved and gives you a prioritized list of fixes. Both features lean on the context engineering patterns we use throughout the assistant.

v0.0.50: pgvector RAG

RAG got simpler. You can now run vector stores on Postgres with pgvector, not just Qdrant. Vectors live in Heym's own database, so there is no extra service to deploy. Pick your backend per store, point a RAG node at it, done. The same insert, search, metadata filters, and reranking work either way, and existing Qdrant setups keep working with nothing to migrate. For self-hosters who wanted fewer moving parts, this removes a whole container from the stack. If you are weighing retrieval against tuning a model, our RAG vs fine-tuning comparison is a good companion read.

v0.0.51 and v0.0.52: Notion, Email Attachments, and Agent-Tool Coverage

The Notion node arrived with full coverage: pages, databases, data sources, and blocks, with both internal-token and OAuth credentials, plus expression-powered inputs and editor discovery tools. The Send Email node grew CC, BCC, and Drive-file attachments, with expandable dialogs and 1/n expression navigation across every field, and every one of those new fields is reachable by an agent using the node as a tool.

v0.0.53: File Upload Trigger, File Save, and a Patched Sandbox Escape

v0.0.53 added a file upload trigger so a workflow can start the moment a document arrives, and a file save node to write results back out. This is the intake-to-output pair that makes document workflows practical end to end.

It also patched a security advisory. GHSA-pm6h-x3h5-j38h was an authenticated sandbox escape in the workflow condition evaluator that allowed arbitrary Python and OS command execution on the backend host. Condition expressions now run through a hardened, AST-based evaluator that blocks attribute traversal, and Slack and Telegram webhook verification now fails closed. It was reported responsibly by okcomputerfan, also known as pixileaf. Thank you. This is exactly why the SECURITY.md private reporting channel from week six matters.

v0.0.54: Linear and ClickHouse

The month closed with two more integration nodes. The Linear node manages issues, comments, teams, projects, states, and members, with create, update, list, and delete operations, so the agent that just diagnosed a problem can also file the ticket. The ClickHouse node connects to a ClickHouse instance and runs analytical queries whose results feed straight into AI and automation steps. Both shipped in the same release that improved README onboarding for new contributors.

YouTube Tutorials

The tutorial playlist at youtube.com/playlist?list=PLPXd_ZbA4wgEHP5PXoaRqbsDJdat7OSd4 covers the full getting-started path, and the Dashboard tab from this month has its own walkthrough below.

New videos are published regularly. The integration nodes added this month, along with the pgvector backend and the planning AI assistant, are next in the queue for tutorials.

Community Moments

If month one was carried by the community asking the right questions, month two was carried by the community writing code.

Five of the eight integration nodes shipped this month came from external contributors. The Amazon S3, Supabase, GitHub, Notion, and Linear nodes were all contributed by @eryue0220, reviewed and hardened together with the core team before merging. That is a remarkable run from a single contributor, and it changed the shape of the product more than any feature we planned ourselves.

Several other contributors left their mark. A vector-store cloning fix that now requires credential access closed a real authorization gap. Human-in-the-loop resume guards and a build-context race-condition fix made concurrent execution safer under load. And the condition-evaluator advisory was reported responsibly by an outside researcher rather than dropped publicly, which is the kind of thing that keeps self-hosted software trustworthy.

If you have built something with Heym, or want to contribute a node, open a GitHub Discussion or a pull request. The integration surge this month is proof that it works.

What Is Coming Next

Looking back at month one's roadmap: pgvector and Supabase delivered the database-write story, the Dashboard tab delivered a big chunk of the observability story, and the integration nodes went well past what we planned. Workflow Alerts is the main item that slipped, and it leads month three.

Month three priorities, in rough order:

1. Workflow Alerts. A dedicated Alerts tab where you set thresholds on token spend, USD cost per run, and error rate, and get notified before a runaway cost or a silent failure reaches production. This carries over from month one and is now next in line.
2. Team workspaces. Role-based access control within a single Heym instance, so different teams get access to different workflow groups without separate deployments.
3. More integrations. The community appetite for nodes is clear. Expect more first-class integrations, and a cleaner path for contributing them.
4. Deeper Portal customization. Custom branding, domain support, and theming for Portal chat interfaces.
5. Evaluation tooling. Built-in ways to score and compare workflow outputs over time, building on the analysis tool that shipped this month.

These are priorities, not a locked roadmap. Several items here started as community requests, and the fastest way to move something up the list is to open a GitHub Discussion or send a pull request.

Thank You

Month two was the month the project stopped being just ours.

Thank you to everyone who starred the repo. Passing 632 stars in 62 days, from a niche self-hosted AI workflow tool, still does not feel routine.

Thank you to the contributors who shipped real code this month. Eight new integration nodes, five of them from outside the core team, is not something we could have planned for, and it made Heym more useful than our own roadmap would have.

Thank you to the researcher who reported the condition-evaluator escape through the private channel instead of the public timeline. Responsible disclosure is a gift, and we treated it as one.

And thank you for reading this far. If something here made you curious enough to try Heym, the repository is at github.com/heymrun/heym and the Docker Compose setup takes about five minutes. The first-month story is in the month one changelog if you want the full arc.

Month three starts now.

Frequently asked questions

What did Heym ship in its second month? Between May 27 and June 28, 2026, Heym shipped 23 releases (v0.0.32 through v0.0.54). The headline additions were eight integration nodes (Amazon S3, Supabase, Discord, GitHub, Notion, Linear, ClickHouse, and ElevenLabs voice), a Dashboard tab with AI-generated chart widgets, a Postgres pgvector backend for RAG, native OpenTelemetry tracing, an AI assistant that plans before it builds, a workflow analysis tool, file upload triggers, and a round of security hardening including two patched advisories.

How many releases did Heym ship in month two? Heym shipped 23 releases between May 27 and June 28, 2026, from v0.0.32 to v0.0.54. That continues the roughly one-release-per-day pace from month one. The project passed 632 GitHub stars and 65 forks during the period, up from 456 stars and 53 forks at the end of month one.

What integrations did Heym add in month two? Eight: Amazon S3, Supabase (Postgres with operator filters and auto table discovery), Discord (webhook delivery), GitHub, Notion (pages, databases, data sources, and blocks with OAuth), Linear (issues, comments, teams, projects, and states), ClickHouse (analytical queries), and an ElevenLabs voice integration for the chat interface. Five of these nodes came from external community contributors.

Can Heym run RAG without Qdrant now? Yes, as of v0.0.50. RAG vector stores can run on Postgres with the pgvector extension instead of Qdrant. Vectors live in Heym's own database, so there is no extra service to deploy. You pick the backend per store and point a RAG node at it. Insert, semantic search, metadata filters, and reranking work the same on either backend, and existing Qdrant setups keep working with nothing to migrate.

Does Heym support OpenTelemetry? Yes, as of v0.0.39. Every workflow run becomes an OpenTelemetry trace with one root span per run and one child span per node, including model and token usage on each span. You can export to Jaeger, Tempo, Honeycomb, or any OTLP backend. There is no instrumentation code to write; tracing is enabled with a single environment variable and is disabled by default.

What is the Heym Dashboard tab? The Dashboard tab, introduced in v0.0.41, lets you build an observability dashboard on the canvas without leaving Heym. You describe a metric in plain language, in any language, and the AI generates the right widget: bar, line, area, pie, gauge, scatter, proportion, or bar gauge. Widgets are powered by Chart Output nodes, can be refined with a single prompt, support per-widget time-to-live caching, and can link out to any URL.

What security issues did Heym fix in month two? Month two included a security sprint. Two advisories were patched: one isolating Python tool execution inside an OS-level sandbox, and one closing an authenticated sandbox escape in the workflow condition evaluator, now replaced by a hardened AST-based evaluator that blocks attribute traversal. Additional hardening covered parameterized webhook queries to prevent SQL injection, enforced cryptographically random SECRET_KEY values, OAuth token handling, ASGI request body size limits, and validated-IP pinning for Drive downloads. A SECURITY.md policy with private vulnerability reporting was added.

References

• Heym GitHub repository: v0.0.32 through v0.0.54 release notes (2026)
• GHSA-pm6h-x3h5-j38h: Authenticated sandbox escape in Heym condition evaluator (2026)
• GHSA-wcgw-9hfw-f6f2: Python tool sandbox isolation in Heym (2026)
• pgvector: open-source vector similarity search for Postgres (2026)
• OpenTelemetry specification: traces and OTLP (2025)
• Model Context Protocol specification, Anthropic (2025)
• Glama MCP server directory: Heym listing (2026)