Follow us on to be up to date with the latest changes.
v1.40.0
Elements
// July 1, 2026
Claude Sonnet 5 is now the default assistant model
New assistants and in-app model usage now default to Claude Sonnet 5, available across the playground, Elements, and onboarding model pickers.
Features
Default to Claude Sonnet 5#3758 - Claude Sonnet 5 (
) is now the default model for in-app usage and newly created assistants, added to the allowlist and every model picker across the playground, Elements, and onboarding. Specialized models used for risk and PromptIntel judging, chat segmentation, embeddings, and follow-on suggestions are unchanged. (Author: @simplesagar)
Connect to stricter OAuth providers with outbound CIMD support
Remote session OAuth now works with identity providers that require Client ID Metadata Documents (CIMD), so organizations with stricter upstream authorization servers can register outbound clients without a shared secret.
Features
Outbound CIMD support for remote session OAuth#3706 - Create a
in CIMD mode: Gram generates the client ID, hosts a public client metadata document, and sends that URL as the client ID on every outbound authorize, token, and refresh call, with no symmetric secret required. Issuer discovery now detects CIMD support automatically, which gates the new option, and the client and issuer views surface the metadata URL and support status. (Author: @bflad)
Cleaner assistant chats when apps inject extra context
Context an application injects into a user turn no longer clutters the conversation. It now folds into a collapsible disclosure that's there when needed and out of the way otherwise.
Features
Collapse injected context into an "Additional context" disclosure#3721 - App-injected context in a user turn now folds into a collapsed Additional context disclosure that expands to inspect, instead of rendering the raw tags inline. The expanded block wraps to the message width, so opening it no longer widens the chat bubble. (Author: @adaam2)
Gate access to other members' agent sessions with a new chat:read scope
A new RBAC scope lets you decide who can read other members' agent session transcripts. Everyone can always read their own sessions; reading everyone's now requires an explicit grant.
Features
chat:read scope for agent session transcripts#3688 - A new
scope gates access to other members' agent session transcripts: anyone can read sessions they own, while reading every member's session requires an unrestricted
. The scope is not a default of any system role — not even admin — so it must be granted via a custom role. Members without it see only their own sessions, and each dashboard session open is recorded in the audit log. (Author: @adaam2)
Project Assistant: rename chats, see who owns each assistant, and a tidier context block
A handful of Project Assistant improvements land together: rename conversations inline as you work, see at a glance who owns each assistant, and keep the chat clean with app-injected context folded into a collapsible disclosure.
Features
Rename assistant chats from the live chat view#3649 - The dock header shows the active conversation's title and lets you click to rename it inline. Names you set are kept — automatic title generation skips any chat you've renamed, and clearing the title re-enables auto-naming. (Author: @simplesagar)
See who owns each assistant#3709 - An assistant's creator is now shown as its owner — an avatar and name on both the assistant card and the setup page — resolving to the creating member, "No owner" when never attributed, or "Orphaned, no owner" when the creator has left the organization. (Author: @simplesagar)
Tidier injected context in assistant chats#3721 - App-injected context in a user turn now folds into a collapsed Additional context disclosure you can expand to inspect, instead of rendering the raw tags, and the expanded block wraps to the message width so opening it no longer widens the bubble. (Author: @adaam2)
Edit system role permissions, tune risk detection sensitivity, and tighter shadow MCP enforcement
Organizations get more control over access and risk detection this release: the built-in admin and member roles can now be tailored per organization, and risk policies gain a sensitivity slider for tuning how aggressively detections fire. Shadow MCP enforcement is also hardened against a couple of false results.
Features
Editable system-role permissions#3727 - Edit the permissions of the built-in
and
roles per organization, while their name and description stay platform-managed. The Admin role is guarded against losing the
permission to prevent an org lockout. The roles tab is reworked so the whole role row opens the edit sheet, scope groups show a description when collapsed, and the members column uses an interactive member facepile with hover focus and click-to-view-all. Directory Sync (SCIM) organizations see info alerts on the team, roles, and identity pages explaining that members and roles are managed by the identity provider while SCIM is enabled. (Author: @adaam2)
Configurable risk detection sensitivity#3723 - Each risk policy now has a minimum match-confidence threshold, adjustable with a Sensitivity slider in the policy wizard, so detections can be tuned to be more or less aggressive. The default sensitivity is lowered to 0.5. (Author: @dennnis-ez)
Bug fixes
Harden Codex shadow MCP enforcement#3719 - Codex shadow MCP calls are now checked against the session's actual MCP server inventory, closing a gap where enforcement could be bypassed. (Author: @danielkov)
Fix Cursor shadow MCP enforcement false positives#3720 - Cursor shadow MCP enforcement no longer wrongly blocks Speakeasy-hosted MCP servers when a shadow MCP risk policy is enabled. Access is now decided by the server URL rather than requiring the agent to echo an internal identifier. (Author: @danielkov)
Fix duplicate servers in the MCP catalog#3310 - The MCP catalog no longer lists duplicate servers (with an inflated count) when loading more results. (Author: @alx-xo)
More reliable risky-message filtering and thread search
Two chat-detail fixes land together: the "Risky only" filter now finds flagged messages no matter where they sit in a long thread, and search steps through every match in order instead of highlighting them all the same color.
Bug fixes
Fix "Risky only" filter missing findings on other pages#3715 - The filter previously showed nothing when flagged messages sat on transcript pages that weren't loaded.
now returns the seqs of flagged messages so the panel can window the full thread and filter correctly, and the toggle is available to any authorized viewer rather than only org admins. (Author: @adaam2)
Step through search matches one at a time#3715 - Search-within-thread now steps through every occurrence in document order, across message text and tool call arguments and output, with the active occurrence highlighted distinctly, instead of jumping per message and highlighting every hit the same color. (Author: @adaam2)
Blocked tool calls get their own page the agent can reason about, plus filter sessions by agent type
When the risk engine blocks a tool call it's now a durable, linkable page with thumbs-up/down feedback — and the reason is handed back to the agent so it explains the denial instead of inventing one. Agent Sessions also gain an agent-type filter.
Features
Durable tool-call block pages#3672 - Blocked tool calls are now first-class entities with a stable
URL and 👍/👎 feedback. The block reason is injected into the agent-facing response (Claude, Cursor, and Codex) with a link to the block page, so the agent can reason about the denial instead of hallucinating one, and a More Info link reaches it from the Risk Events modal. (Author: @daviddanialy)
Filter agent sessions by agent type#3712 - The Agent Sessions page gains an agent-type filter, populated from the agent sources actually present in each project's chats. (Author: @simplesagar)
Read-only and destructive labels in Distribute MCP tools#3713 - The Distribute → MCP → Tools view now shows the same text permission labels (Read-only, Destructive, Idempotent) as the Connect catalog, instead of icon-only badges, for quicker at-a-glance behavior hints. (Author: @daviddanialy)
Up-to-date badge on plugin detail#3708 - The plugin detail page now shows an explicit Up to date badge and surfaces the last-published time even when there are unpublished changes, rounding out the publish-freshness view. (Author: @daviddanialy)
Shorter access-request links on blocked tool calls#3710 - The "Request access" link on a blocked tool call now embeds a short cache-backed token instead of a 1,000-plus character encrypted blob, with previously issued links still working until they expire. (Author: @daviddanialy)
Bug fixes
Risky-only filter and in-thread search reworked#3715 - The chat detail "Risky only" filter now windows the full thread and shows flagged messages even when they sit on other transcript pages, and search steps through every occurrence in document order — across message text and tool call arguments and output — with the active match highlighted distinctly. (Author: @adaam2)
Prompt correlation no longer stalls on busy sessions#3716 - Claude Code prompt correlation now bounds its work and drains a large backlog of unlinked prompts incrementally, so prompts stay reliably linked to their telemetry instead of failing entirely on high-volume sessions. (Author: @danielkov)
Detect step Continue enables for category-level detectors#3714 - Creating a risk policy now enables the Continue button when only category-level detectors (Prompt Injection, Shadow MCP, Destructive Tools, Destructive CLI Commands) are selected, instead of treating those categories as empty and keeping the step disabled. (Author: @daviddanialy)
Rename assistant chats without leaving the conversation
Project Assistant chats can now be renamed right from the live chat view instead of navigating elsewhere first.
Features
Rename assistant chats from the chat view#3649 - Click the conversation title in the chat header to edit it inline. Manually chosen names are preserved. Automatic title generation skips any chat that's been renamed, and clearing the title re-enables auto-naming. (Author: @simplesagar)
Jump straight from the audit log to any subject and register remote session clients without leaving the issuer page
Every subject in the org audit log now links to its own detail page so you can pivot from an event to the thing it happened to, and org admins can register a standalone remote session client directly from the Remote Identity Provider page.
Features
Jump from any audit log entry to its subject#3683 - MCP servers, risk policies, environments, assistants, roles, members, and collections now render as links in the org audit log, alongside the deployments, toolsets, projects, plugins, and API keys already linked. Project-scoped subjects route under their own project, and risk policies and roles deep-link to the specific item. (Author: @simplesagar)
Register a remote session client from the issuer page#3678 - Org admins can create a standalone client directly from a Remote Identity Provider's Clients tab via a new New Client sheet, supporting Dynamic Client Registration when the issuer advertises a registration endpoint or manual client ID and secret entry. The client inherits a project-scoped issuer's project, or the admin names a project when the issuer is organization-level. (Author: @bflad)
See chat titles in the cost dashboard#3677 - The cost dashboard's session table now shows each chat's title in place of its id, so spend is easier to attribute to the conversation that drove it. (Author: @adaam2)
Hook event processing metrics#3685 - Hook event processing duration is now measured for Claude, Codex, and Cursor hook traffic, giving clearer visibility into hook performance. (Author: @subomi)
Bug fixes
Shadow MCP enforcement survives a missing session snapshot#3614 - The Claude hook shadow-MCP guard no longer depends on the server having cached the SessionStart MCP inventory in time: the inventory is persisted per session and replayed in the blocking PreToolUse payload, so enforcement stays reliable and still fails closed when no inventory is available. (Author: @bradcypert)
Combined session filters no longer return empty#3673 - Session list dimension filters now match per-chat instead of per-row, so combining a user-directory filter such as department with a hook source no longer comes back empty when those attributes live on different rows of the same chat. (Author: @subomi)
Pin the chats you keep coming back to and publish plugins without leaving their detail page
Pin important conversations to a dedicated section above your recent chats, and republish a plugin in one click straight from its detail page — with an at-a-glance badge that tells you whether what's live matches what you've changed.
Features
Pin chats on the chat page#3670 - Pin and unpin conversations on the chat page; pinned chats surface in a dedicated Pinned section above Recent Chats so the ones you return to stay within reach. (Author: @simplesagar)
Publish plugins from the detail page#3690 - After adding or removing a server or editing a plugin's metadata, a Publish now prompt offers a one-click republish — or opens the first-publish dialog for projects not yet connected to GitHub — so there's no need to return to the plugins list. The page also shows publish freshness: an Unpublished changes badge when the live state differs from what was last published, or the last published time when up to date. (Author: @daviddanialy)
Bug fixes
Faster tool observability filters#3699 - The logs and insights pages now read hosted MCP server display names straight from telemetry filter options instead of hydrating full toolset resources for server filter labels, so those filters load faster. (Author: @danielkov)
Long chat searches no longer error#3700 - The find-in-conversation bar now gates queries at 200 characters and flags the over-limit state inline — the search icon turns into a red warning with a tooltip and the match counter shows a live count — instead of failing with a hard validation error. (Author: @adaam2)
Jump straight to any message with in-thread search
Long chat threads are easier to navigate now: a find-in-conversation bar jumps between matching messages instantly, backed by full server-side text search instead of only scanning what happens to be loaded on screen.
Features
Search within a chat thread#3634 - Jump between matches with prev/next controls, or Enter/Shift+Enter to step forward and back (wrapping at the ends), and Escape to clear. The active match highlights in bright yellow against paler surrounding matches across message text, tool names, and tool arguments and output, and the tool call holding the active match expands automatically. Powered by a new
parameter on
that returns matching messages plus surrounding context. (Author: @adaam2)
Trigger agents from Slack, Linear, and GitHub webhooks
Agents can now react to what happens in the tools your team already lives in. A shared webhook-trigger foundation lets Slack, Linear, and GitHub events drive your agents, with signature verification, delivery de-duplication, and event filtering handled for you — so wiring up a new source is a matter of pointing it at Gram.
Features
Linear webhook triggers#2729 - Drive agents from Linear events with verified HMAC-SHA256 signatures and
de-duplication. Comments fold onto their parent issue's conversation, so an agent sees the full context of an issue rather than scattered events. (Author: @danielkov)
GitHub webhook triggers#2729 - Drive agents from GitHub events with verified
signatures and
de-duplication. Pull request, review, and comment activity correlates onto the PR, and pushes onto their repo and branch, so related events arrive as one coherent conversation. (Author: @danielkov)
A shared foundation for webhook sources#2729 - A common webhook-trigger abstraction centralizes signature verification, replay protection, and a default-deny event-type allowlist with CEL filters, so every source — including the existing Slack trigger, now rebuilt on it — behaves consistently and new sources land quickly. (Author: @danielkov)
Search, navigate, and analyze huge agent conversations
Investigating long agent chats and MCP traffic just got far more capable. Search the full text of a conversation and jump between matches, scroll a transcript with tens of thousands of messages without it bogging down, jump straight to just the risk findings, and analyze tool-call activity for any single MCP server.
Features
Search within a chat thread#3634 - The chat detail sheet gains a find-in-conversation bar backed by full-thread server-side search. Jump between matches with the prev/next controls or Enter/Shift+Enter, the active match is highlighted across message text, tool names, and tool arguments and output, and the tool holding it expands automatically. (Author: @adaam2)
Smooth, virtualized transcripts with a risk-only view#3590 - Even a chat with tens of thousands of messages scrolls smoothly: the transcript is paginated and virtualized with infinite scroll that keeps your place. A risk-only view returns just the messages with active findings, padded with surrounding context and grouped into expandable segments. (Author: @adaam2)
Accurate conversation totals#3601 - Counts in the filter bar now reflect the whole conversation instead of just the loaded page, so a 19,000-message chat no longer reports "Showing 150 of 150 entries" and the risk count agrees with the risk-only view. (Author: @adaam2)
Per-server MCP analytics#3470 - Each MCP server's details page gains an Analytics tab scoped to that server across both remote-backed and toolset-backed activity: a time-range picker, trend cards for tool calls, failed calls, error rate, and average latency, a tool-calls time series, and top tools by call count and by failure rate. (Author: @bflad)
Drag-to-zoom on charts#3516 - Select a time window directly on dashboard charts to zoom into the period you care about. (Author: @alx-xo)
Search the Assistants list#3544 - A search box above the Assistants list filters the grid by name and model, with a clear "no matches" message when a query comes up empty. (Author: @simplesagar)
Leaner, more reliable registry catalog#3622 - The registry list view no longer pulls full tools lists into its response, shrinking the payload and making the catalog hold up better on flaky networks. (Author: @qstearns)
Cmd+K focus and ranking#3582 - Recently visited pages show only when the search box is empty, so a closer text match always ranks first, and the closest result keeps the auto-selected highlight without an extra keypress. (Author: @simplesagar)
Filter sheet options now apply#3526 - The multiselect controls in the unified filter sheet now register clicks, so filters on the MCP & Tools and Insights pages respond again. (Author: @bflad)
Agent filter reloads data#3545 - Selecting an agent on the MCP & Tools insights page now updates the tool usage summary instead of leaving the graphs unchanged. (Author: @bflad)
A dedicated User Sessions page brings every active session together under the Identity nav, with filters, per-server session panels, and one-click revoke. Setting up SSO and directory sync is smoother too, with the Configure buttons now routing through the in-product setup wizard.
Features
User Sessions page#3524 - A filterable User Sessions page under the organization Identity nav lists every session with its issuer, client, resolved subject identity, and status, and lets you revoke. Facet filters cover status, client, user, and MCP server, and each MCP server's Authentication tab gains its own sessions panel with right-click and menu revoke plus brand-themed status badges. (Author: @simplesagar)
Read-only session tools for assistants#3524 - Two new platform tools,
and
, let an assistant inspect active sessions safely. (Author: @simplesagar)
Bulk session management on MCP Connections#3581 - The org-level MCP Connections page adds multi-select with select-all to revoke sessions in bulk, a search box, a status filter, and brand status badges. (Author: @simplesagar)
Guided SSO and directory sync setup#3547 - On the Identity page, the SSO and Directory Sync (SCIM) Configure buttons route to the in-product setup wizard until a connection exists, then open the WorkOS portal to manage it — so admins start in the right place instead of being dropped into the admin portal cold. (Author: @simplesagar)
Standalone remote-session clients#3640 - Remote-session clients now manage their identity-provider attachments through dedicated attach and detach endpoints and can be created standalone with zero or more issuers, giving cleaner control over how clients map to issuers. (Author: @bflad)
Steadier assistants, hardened hooks, and resilient functions
This release smooths a lot of rough edges. Assistants pick up newly connected integrations mid-conversation and stop churning their runtimes, hooks fail safely and retry transient errors instead of dropping events, Gram Functions ride out load spikes, and token and cost counts come out right for coding sessions.
Features
Assistants pick up MCP changes mid-conversation#3013 - When you attach or remove an MCP server, the assistant reconciles its live connections on the next turn instead of staying blind to the change until its runtime restarts — so a newly connected integration like GitHub MCP is usable right away. (Author: @danielkov)
Organization-level observability mode for hooks#3565 - Turn on a mode, from the organization logging settings, that makes generated hook plugins fully non-blocking, so they only observe and report and can never deny or delay a tool call. It defaults off, preserving existing behavior. (Author: @danielkov)
Gram Functions ride out saturation#3627 - Tool-call and resource-read requests now retry on a saturated runner's
and Fly's
with jittered backoff instead of surfacing transient saturation as a hard failure, and recovered attempts log as warnings rather than errors. (Author: @bflad)
Function concurrency sized to real capacity#3591 - Function concurrency limits now track actual execution capacity, so a memory bump no longer inflates the request cap, and a saturated runner returns a retryable response instead of dropping the connection. (Author: @bflad)
Operator memory and scale overrides persist#3543 - Function deployments now prefer operator-set memory and scale overrides and carry them forward across redeploys, so a later customer deploy no longer resets them. (Author: @bflad)
Bug fixes
No more assistant runtime teardown loops#3551 - A single bad assistant turn no longer tears down and recreates its runtime forever: errors from a live runtime are treated as terminal and capped, and a hard ceiling fails a stuck event instead of churning machines indefinitely. (Author: @danielkov)
Idle assistant VMs are reaped#2821 - Stopped per-thread runtime VMs are now reaped after 14 days idle instead of waiting for the whole assistant to fall silent, so busy projects stop accumulating orphaned machines while a dormant thread still cold-launches into the same app. (Author: @danielkov)
Truncated tool calls no longer wedge threads#3549 - A model response cut off mid-tool-call is dropped at capture, with the preceding messages kept, so the thread stays usable instead of failing and retrying forever. (Author: @danielkov)
Chat deletion guards for active assistants#3592 - Deleting a chat that backs an active assistant is now blocked and returns a conflict, instead of soft-deleting the conversation out from under a running assistant. (Author: @danielkov)
Assistants recover from a deleted backing chat#3593 - A chat that backs an active assistant clears its soft-deleted state automatically on the next message, so an assistant whose chat was deleted out from under it recovers; chats with no active assistant stay deleted. (Author: @danielkov)
Accurate token totals for coding sessions#3620 - Per-session and per-user totals now derive from input plus output tokens when a provider omits an explicit total, fixing "0 tokens" readings for Claude Code and similar AI-coding sessions. (Author: @simplesagar)
Hardened hook ingest#3560 - Hook senders retry a dropped request with backoff instead of blocking the tool call or losing the event, and the server de-duplicates redelivered events so each is recorded exactly once. (Author: @danielkov)
Hooks fail closed when Gram is unreachable#3522 - The Cursor hook now emits a deny with a readable reason when Gram is unreachable or returns an error, instead of silently allowing the call and bypassing blocking policies, and sends its MCP inventory on stdin so large inventories no longer risk dropping telemetry. (Author: @bradcypert)
Clearer hook verification message#3556 - When an MCP tool call can't be verified, the deny reason now tells you to restart Claude or run /reload-plugins and includes an error code, instead of implying the session is still initializing. (Author: @danielkov)
Per-session identity isolation in batched logs#3525 - When a collector or gateway re-batches multiple sessions into one OTLP logs export, each Claude Code session keeps its own identity, so a session is never cached or authorized with another session's email or organization. (Author: @bflad)
Trusted trace boundaries on public routes#3663 - Public MCP and OAuth routes start a fresh server-side trace per request and record the inbound trace context as a link, so third parties can't merge unrelated requests into one trace or steer your trace IDs. (Author: @bflad)
Cleaner challenge list#3628 - Challenges raised by users outside the organization, such as a staff member impersonating a customer org, are filtered out so they no longer clutter the list or skew its counts. (Author: @adaam2)
The loading indicator shown while the assistant is working now cycles through a much larger pool of whimsical verbs (Ruminating, Sleuthing, Triangulating, Spelunking, "Connecting the dots", and more), so it repeats far less often during longer waits.
Features
Expand the "thinking" verb pool#3449 - The chat loading indicator draws from a much larger set of whimsical "thinking" verbs while the assistant is working, cutting down on repetition. (Author: @adaam2)
A full-page Project Assistant, organization-wide control over remote identity providers, and policy audiences
The Project Assistant grows up: ask it anything from a dedicated full-page chat with starter prompts and your recent conversations, while the docked composer keeps working seamlessly as you move between the two. Organization admins get a new surface to manage remote identity providers, their clients, and active sessions across every project, and policies can now be scoped to specific audiences.
Features
Full-page Project Assistant chat#3449 - Open the assistant as its own page with a personalized composer, a slash menu of starter prompts, and your recent conversations grouped by time. The dock and the full page share one runtime, so an in-flight reply continues without interruption when you expand the dock into the page. (Author: @adaam2)
Organization admin UI for remote identity providers#3404 - Manage remote session issuers, their clients, and sessions across the whole organization from one place: list organizational and project-specific issuers with client counts, drill into each client's attached MCP servers and sessions, and revoke a single session or all of a client's sessions. Destructive actions are audited. (Author: @bflad)
Define audiences when configuring policies#3431 - Scope a policy to specific audiences when you configure it, so the right rules apply to the right callers. (Author: @tgmendes)
Enterprise onboarding for Cursor and the Anthropic Compliance API#3408 - Configure Cursor and Anthropic Compliance API integrations through optional onboarding steps, with Codex instrumentation and the OpenAI Compliance API shown as coming soon. (Author: @subomi)
Employee detail drilldowns#3472 - Drill from an employee into their tool logs, agent sessions, and risk events to see exactly what an individual has been doing. (Author: @alx-xo)
Slack assistants can stay silent when a reply adds no value#3395 - A Slack-connected assistant now decides whether a reply is worthwhile before posting: ambient thread messages can be answered with silence, while @-mentions always get a response. (Author: @simplesagar)
Parsed objects in MCP tool results#3454 - MCP tool calls that return a JSON object now also include
, so clients can consume a parsed object instead of re-parsing the text result. (Author: @danielkov)
Default assistant model upgraded to Claude Opus 4.7#3446 - Newly created assistants now default to Claude Opus 4.7 for stronger reasoning. Existing assistants are unaffected. (Author: @simplesagar)
Beta badges for the Project Assistant#3493 - The Project Assistant and the broader Assistants surface are promoted from Preview to Beta, with consistent badges across every entry point. (Author: @simplesagar)
Unified tool logs#3441 - Tool logs across hosted MCP servers, shadow MCP servers, local tools, and skills now share one view, so all tool activity lives in a single place. (Author: @alx-xo)
Bug fixes
Project Assistant chat no longer hangs after a tool turn#3497 - Fixed the chat getting stuck loading after a tool-using turn, where the assistant had already replied but the composer stayed disabled. (Author: @danielkov)
MCP servers screen survives non-critical load failures#3460 - When a non-critical request fails, the screen keeps showing the most recently loaded servers with a subtle "couldn't refresh" indicator instead of replacing the page with an error. (Author: @danielkov)
Codex observability install script works without
on PATH#3400 - The install script now probes well-known locations, including the Codex desktop app bundle, and writes feature flags inside the
table to avoid a duplicate-key config error. (Author: @danielkov)
Codex sessions record the final assistant message#3451 - Codex sessions now capture the final assistant message at the end of a turn, matching Claude Code behavior. (Author: @danielkov)
Correct RBAC checks in the remote MCP proxy#3405 - Per-tool
checks now resolve grants against the same resource as the server-level check, so access decisions stay consistent. (Author: @bflad)
Refresh remote sessions on demand, consistent controls on every list page, and per-server MCP analytics
Organization admins can now force a remote session to refresh its tokens without waiting for them to expire. Every list page gets the same unified toolbar for search, filters, sort, and view, with new Status and Source filters on the MCP page. And MCP activity can now be sliced per server, including from your Codex sessions.
Features
"Refresh now" for remote sessions#3481 - Organization admins can force an upstream token refresh on a single remote session regardless of its current expiry. The Sessions tab offers the action only for sessions that can actually be refreshed, clear "Unable to refresh" reasons surface when an upstream rejects the token, and each refresh is audited. (Author: @bflad)
One unified toolbar across every list page#3489 - Search, filters, sort, and view controls are consolidated into a single contained toolbar on every list page, with uniform control heights and a shared filter schema. The MCP page gains Status and Source filters, and "Reset to default" now clears every filter at once. (Author: @adaam2)
Per-server MCP analytics#3467 - MCP runtime telemetry now records
, so you can slice activity from either the remote or the fronting-server perspective and filter analytics by a specific MCP server. (Author: @bflad)
Shadow MCP observability from Codex sessions#3357 - Codex sessions report your configured MCP servers to Gram on session start, giving shadow MCP servers the same observability as Gram-managed ones and letting access approvals scope to the server URL. (Author: @danielkov)
List cost-bearing chat sessions for cost analysis#3510 - A new organization-scoped endpoint lists cost-bearing chat sessions filtered by the same dimensions as the existing telemetry query, making it easier to break down spend by session. (Author: @subomi)
Bug fixes
Reliable multi-client routing for remote sessions#3484 - The MCP runtime resolves a per-issuer token map and re-authenticates when an attached remote session is missing or invalid, with an attach-time guard that keeps at most one client per issuer pair so dispatch fails closed rather than routing to the wrong upstream. (Author: @bflad)
Jump back to an assistant by name from the command palette
The Cmd+K command palette now shows assistant names in Recently Visited instead of opaque ids, so you can find your way back to the assistant you were just working on at a glance. The assistant keyboard-shortcut hint also gets a tidier home on the nav bar and in the dock.
Features
Assistant shortcut hint pinned to the nav bar#3444 - The assistant ⌘/ shortcut hint now pins to the right edge of the nav bar on wide screens and appears in the assistant dock, so the way to summon the assistant is always visible. (Author: @simplesagar)
Bug fixes
Recently Visited shows assistant names#3439 - The Cmd+K palette's Recently Visited list now labels assistants by name instead of their opaque id, so recent assistants are easy to recognize and reopen. (Author: @simplesagar)
Quieter logs for trigger webhook auth failures#3436 - Trigger webhook authentication failures are now logged as warnings rather than errors, cutting noise from expected rejections. (Author: @bflad)
Style Elements chat with a new custom CSS escape hatch
Embedders get a supported way to restyle chat beyond the built-in theme:
injects extra CSS into the shadow root after the built-in stylesheet, reaching the stable
class hooks that host-page CSS can't touch across the shadow DOM boundary.
Features
Add
to
#3388 - Pass extra CSS to be injected into the Elements shadow root after the built-in stylesheet, giving embedders a supported way to restyle the stable
Fix dropped or duplicated first message on a cold page load#3388 - The history-enabled chat runtime now mounts immediately instead of waiting for auth to resolve, so the first message sent right after a cold load is no longer lost or sent twice. The custom transport is also resolved independently of auth and connection-status churn, so it no longer rebuilds mid-turn and discards an in-flight optimistic message. (Author: @adaam2)
See an assistant's triggers in one place and keep the Project Assistant within reach as you navigate
Every assistant now has its own Triggers tab, so you can see what fires it without leaving the page, and the Assistants list gets a workspace-wide Triggers tab of its own. The Project Assistant dock now stays open as you move around the dashboard, swapping in context-aware suggestions for whatever page you land on instead of collapsing on every navigation.
Features
Triggers tabs on the Assistants page#3412 - The Assistants page gains a Triggers tab, each assistant gets a filtered Triggers tab of its own, and the old Audit log tab is renamed to Activity, so you can see what sets an assistant off alongside what it has done. (Author: @simplesagar)
Persistent Project Assistant dock#3388 - The Project Assistant dock stays expanded across page navigation and swaps in suggestions tailored to the current page, with question-phrased prompts and per-subject icons, so help is always one click away instead of reopening on every route change. (Author: @adaam2)
Bug fixes
No more stranded "thinking" indicator in Slack#3409 - Passive Slack events like plain channel messages and reactions no longer light up the loading indicator and leave it spinning until Slack's two-minute timeout; only events the assistant always replies to, such as @-mentions and DMs, show it. (Author: @simplesagar)
First message into the assistant dock is never dropped or duplicated#3388 - Sending a prompt into the dock right after a cold page load now reliably lands in the chat instead of being lost or minting a duplicate conversation. (Author: @adaam2)
A dedicated audit trail for assistant tool calls and a redesigned Assistants panel
Every tool call an assistant makes is now recorded and surfaced on its own Audit log tab on the Assistants page, so you can see exactly what your assistants did without that activity drowning out the platform audit feed. The Assistants detail panel also gets a wider, tabbed redesign with editable instructions, an inline status toggle, and an at-a-glance activity sparkline.
Features
Audit trail for assistant tool calls#3397 - Every tool call an assistant runtime makes — across both MCP toolsets and platform toolsets — now records an audit entry capturing the assistant, thread, tool, and scrubbed parameters, so you have a complete record of what your assistants did. (Author: @simplesagar)
Dedicated Assistants audit log tab#3397 - Assistant tool-call events move out of the platform audit logs feed and onto a new Audit log tab on the Assistants page, filterable by assistant, so high-volume assistant activity no longer crowds out the rest of your audit trail. (Author: @simplesagar)
Redesigned Assistants detail panel#3397 - The detail panel is wider and split into Overview and Sessions tabs, system instructions open in an editable modal, the active/paused toggle is available right on the panel, and index cards show a mini activity sparkline drawn from chat session activity. (Author: @simplesagar)
Replies that type onto the screen, even over polling transports
Chat now feels alive on poll-based transports: replies stream onto the screen token by token while a set of whimsical "thinking" verbs cycles during the wait, and tool call cards stay put instead of flashing as the assistant works.
Features
Streaming-feel replies over polling#3381 - Assistant replies now type onto the screen token by token, emulating an SSE stream over the poll-based transport, and a rotating set of whimsical "thinking" verbs shows progress while the assistant works. (Author: @simplesagar)
Bug fixes
Tool call cards no longer flash mid-turn#3391 - Cards no longer reset — collapsing and re-highlighting their code — when a streaming turn grows a single tool call into a group, and they no longer re-render on every text chunk. (Author: @danielkov)