Dedupe chat asset writes#2839 - Dedupes chat asset writes and idempotently uploads to prevent GCS 429s. (Author: @bflad )
Structured hook telemetry attributes#2838 - Makes hook routes (Claude, Cursor, Codex, OTEL Logs, OTEL Metrics) filterable in Datadog by
,
,
, and
. Replaces nested
payloads with top-level slog attrs and logs on every early-return path so silent 401s and missing-session-id branches are visible when debugging hook setup. (Author: @bradcypert )
Codex Stop hook in Cowork#2842 - Gets the Stop hook working in Cowork again. (Author: @chase-crumbaugh )
Resilient tool merging across multiple MCP servers
This patch release prevents a single failing MCP server from wiping out tools from healthy ones in multi-MCP chat configurations.
Bug fixes
One failing MCP server no longer drops tools from healthy ones#2816 - When a chat is configured with multiple MCP servers, a rejection on any single
call (e.g. a 401 on one toolset) used to wipe out the merged tool map and trigger React Query retries against every server. Healthy servers are now merged in normally; only when every server fails does the query reject and retry. (Author: @danielkov )
Codex hooks, OTEL forwarding, Slack Block Kit, and WorkOS-native auth
A major release: Gram now ships hooks support for Codex (OpenAI), forwards OTEL telemetry to customer-configured destinations, supports rich Slack Block Kit messages with interactive button replies, and migrates the entire authentication layer to WorkOS-native auth. Assistants gain self-healing chat history and an always-on platform toolset.
endpoint accepting all six Codex hook events (SessionStart, PreToolUse, PermissionRequest, PostToolUse, UserPromptSubmit, Stop), enforces org-level risk policies on blocking events, and records telemetry to ClickHouse. The plugin generator now produces a downloadable Codex observability plugin (ZIP and install script) that registers the hooks via a Gram marketplace entry in
. The install instructions dialog gains a Codex tab alongside Claude Code and Cursor. (Author: @bradcypert )
OTEL forwarding to customer destinations#2756 - Customers can configure a URL and headers on the Org Logs page; a body-tee middleware mirrors every payload received on
to that endpoint. Forwarding is org-wide, async (bounded worker pool, fire-and-forget on failure), capped at 4 MiB per request, and gated behind
for writes and
for reads. Header values are encrypted at rest. (Author: @chase-crumbaugh )
Slack Block Kit messages with interactive replies#2798 - Outbound Slack messages can now render rich Block Kit content.
and
accept an optional typed
field (section, actions plus button, context, divider) alongside the text fallback. Button clicks come back as
interactions on the existing Slack trigger webhook and reach the assistant as a new turn carrying
WorkOS-native authentication#2669 - Removes the legacy Speakeasy IDP authentication layer and migrates to WorkOS-native auth. Authorization, token exchange, and session management now go directly through the WorkOS SDK instead of the intermediate Speakeasy IDP proxy. Deterministic UUIDv5 user and org IDs bridge cross-system identity without runtime lookups. Adds OAuth CSRF nonce validation and a browser-binding cookie to the login flow. (Author: @adaam2 )
Always-on platform toolset for assistants#2719 - Every assistant now exposes a platform toolset to its runtime alongside its user-attached toolsets, with no user-facing toolset row and no setup required. The
product feature flag is removed; assistant memory tools are always-on. (Author: @danielkov )
Self-healing corrupt chat history#2805 - Assistants now self-heal when the inference provider rejects a chat as malformed: the runtime trims history to the last 5 user messages, prepends a recovery notice that nudges the agent to recover lost context via its tools, and retries instead of leaving the thread stuck. (Author: @danielkov )
Multiple GitHub collaborators on plugin publish#2611 - The publish dialog accepts a list of usernames as chips, and the
Audit log webhooks#2815 - Adds support for configuring webhooks to deliver audit log events to external destinations. (Author: @disintegrator )
Employee token observability dashboard#2716 - Repurposes the Agents insights tab into an employee token observability dashboard. Shows per-employee token consumption, estimated cost, tool usage breakdown, and platform/model distribution. Clicking an employee row opens a detail dialog with model-level usage, time-series charts, and tool breakdown. Results can be scoped to specific coding tools like Cursor or Claude Code. (Author: @subomi )
Split assistant onboarding name and personality steps#2818 - Onboarding now asks for the assistant's name and personality as two separate steps instead of one combined card. When the user has already named the assistant in chat, the agent skips the name picker and goes straight to the personality step. (Author: @danielkov )
MCP servers listing search#2820 - Adds a search bar to the MCP servers listing page. (Author: @bflad )
Identity tab refresh#2755 - Renames the org "Security" tab to "Identity" and refreshes the SSO and Directory Sync cards: drops the SAML-specific branding, replaces the hover popover with a tooltip on a fully clickable Configure button, and captures an
ML prompt-injection classifier (opt-in)#2667 - Adds an opt-in L1 ML prompt-injection classifier (deberta-v3) that runs alongside the heuristic baseline. Enable the new "ML classifier (deberta-v3)" rule under the Prompt Injection category. Detection runs in a sidecar service. (Author: @vishalg0wda )
filter and can return direct external MCP tools, unblocking the toolset editor's "Add Tools" picker for tools from already-attached external MCP servers. (Author: @walker-tx )
Onboarding chat connects to all MCP servers#2736 - The assistant onboarding chat now connects to every MCP server attached to the assistant, not just the first one, so the agent can call tools across all configured toolsets. (Author: @danielkov )
Bug fixes
Remove public MCP server cap on unpaid plans#2822 - Removed the 1-public-MCP-server cap on accounts without an active subscription. Users can now enable as many public MCP servers as they want on any plan. (Author: @danielkov )
Harden AnalyzeBatch against Presidio degradation#2770 - Hardens batch risk analysis against Presidio degradation. (Author: @bflad )
Spill oversized MCP tool results to disk#2797 - The assistant runtime now spills oversized MCP tool results to a file inside the assistant workdir instead of letting them 413 the provider. The in-band tool result is replaced with a pointer (
) so the model can read or grep the full output via the filesystem tools. (Author: @danielkov )
Drop trigger dispatches for deleted assistants#2802 - Drops trigger dispatches whose target assistant has been deleted instead of failing the activity. (Author: @danielkov )
Plugin re-publish refreshes installed clients#2804 - Every plugin manifest now ships with a per-publish version (
) instead of a hardcoded
, so Claude Code, Cursor, and Codex marketplace clients see a newer version on republish and pull updated content. (Author: @bradcypert )
Order Slack credential prompts to match Slack UI#2817 - Onboarding now asks for Slack credentials in the order users encounter them in Slack's UI: Signing Secret first, then Bot User OAuth Token, then User OAuth Token. (Author: @danielkov )
Prevent transient 404 after deleting MCP toolset#2826 - Prevents a transient "toolset not found" error from appearing immediately after deleting an MCP server's toolset. (Author: @bflad )
Disable Create Assistant when missing permissions#2752 - Disables Create Assistant buttons in the dashboard when the user lacks the permissions needed to create one, with a tooltip explaining why. (Author: @danielkov )
config option that connects a single chat to multiple MCP servers, merging and namespacing tools so identical names do not collide.
Features
Multi-MCP server support in chat config#2736 - Adds an
config option that connects a single chat to multiple MCP servers. Tools across servers are merged and namespaced as
so identical names do not collide; each entry can pin its own
slug. When set,
takes precedence over the existing single-server
option, which continues to work unchanged. (Author: @danielkov )
Bug fixes
Drop tool calls missing
#2736 - Drops persisted tool calls that arrive without a
instead of giving them an empty-string id. Previously two such parts in the same restored thread would alias under the same key and the runtime would throw "Tool call argsText can only be appended, not updated" while loading the chat. (Author: @danielkov )
This patch release unifies the Observe filter bar across Insights, Tools, and Logs views, rebuilds the assistant Slack install step into two clearer cards, and auto-enables MCP on toolsets attached to assistants.
Features
Unified Observe filter bar#2616 - Unifies the Observe filter bar for Insights Tools and Logs Tools views; server, email, and type filters are now multi-select dropdowns with OR semantics. (Author: @alx-xo )
Slack install step split into install + tokens cards#2735 - Rebuilds the assistant-onboarding Slack install step as two separate cards: an install card (workspace pick, install, Event Subscriptions Retry) followed by a tokens card. Copy rewritten for non-technical users, with the Event Subscriptions Retry step called out as the most common silent failure. (Author: @danielkov )
Bug fixes
Auto-enable MCP on assistant-attached toolsets#2722 - Auto-enables MCP on toolsets when they are attached to an assistant, so the runtime can build a startup config without manual toggling. (Author: @danielkov )
PostHog disposition person property#2728 - Tags users who sign up with
with a PostHog person property so the assistants feature flag can target them. (Author: @danielkov )
Long-running assistants with context compaction and self-wake triggers
This release brings token-aware context compaction so long-running assistants can keep going past the original window limit, introduces one-shot wake triggers that let an assistant schedule its own resumption, and fixes the assistant Slack onboarding flow end-to-end.
Features
Token-aware context compaction#2674 - The assistant runtime now compacts conversation history as it approaches the model's context window: older turns are summarized so long-running assistants can keep going past the original window limit. System prompt, context items, and the most recent turns are preserved. (Author: @danielkov )
One-shot wake triggers#2709 - Adds wake triggers: one-shot self-wakes that an assistant schedules from inside its own turn to resume work later. New
and
tools let an assistant set a future fire time (up to 30 days out) with an optional self-note; when the wake fires, dispatch lands on the same thread it was scheduled from. (Author: @danielkov )
WorkOS webhook ingestion#2690 - Adds an endpoint to consume WorkOS webhooks to sync data from WorkOS. (Author: @tgmendes )
Bug fixes
Slack onboarding install reliability#2711 - Assistant onboarding now installs a Slack app reliably end-to-end: the install card stays in view until the user clicks "I've installed it", a single approval grants both the bot and user OAuth tokens, and the generated manifest can no longer be rejected by Slack. Slack-touching assistants now get a Slack trigger by default. (Author: @danielkov )
This patch release moves the assistant Fly runtime to one app per assistant (instead of one app per thread), surfaces exhausted OpenRouter credits as HTTP 402 to chat callers, and overhauls the dashboard MultiSelect component.
Bug fixes
One Fly app per assistant#2721 - Assistant Fly runtime now provisions one app per assistant (with one machine per thread) instead of one app per thread. Reduces Fly app churn and speeds cold starts; reap continues to drain old per-thread apps automatically. (Author: @danielkov )
OpenRouter exhausted credits as HTTP 402#2726 - OpenRouter responses indicating exhausted credits now surface as 402 Payment Required to chat callers instead of a generic 5xx, and the chat-resolution analyzer stops burning retries against a request that cannot succeed. (Author: @danielkov )
Features
MultiSelect component overhaul#2615 - Overhauled MultiSelect component with new
This release adds long-term memory for assistants, propagates runtime image upgrades to idle Fly machines, and surfaces per-employee Gram uptake under AI Insights.
Features
Assistant memory#2629 - Adds per-assistant long-term memory backed by vector embeddings. Agents can remember, recall, and forget facts across threads via three new platform tools, gated by the
product feature. Includes a management API for listing and deleting memories, and a background reaper that hard-deletes soft-deleted rows on schedule. (Author: @danielkov )
Runtime image upgrades for idle Fly machines#2701 - Propagates assistant runtime image upgrades to existing Fly machines. On the next admission, an idle machine running an older runtime image is recycled in place to the latest version. Mid-turn admissions are left alone so a future idle window picks up the upgrade. (Author: @danielkov )
Employees tab in AI Insights#2699 - Adds an Employees tab to the AI Insights section that tracks Gram uptake and compliance across organization members. Shows per-member token usage, compliance status, and last activity over the last 30 days, paginated at 25 per page. Usage is attributed by matching the email reported by each AI coding tool to the member's Gram account. (Author: @subomi )
Bug fixes
Slack manifest bot-scope superset#2665 - Always grants the full Slack bot-scope superset in the assistant onboarding manifest builder, regardless of which platform tools are attached. Slack manifests are static post-install, so per-tool scope gating only locked future capabilities behind a forced re-install. (Author: @danielkov )
Environment scope grants in RBAC toolbar#2698 - Surfaces
and
in the RBAC dev toolbar and the
fallback so the env-clone permission picker works end-to-end. (Author: @simplesagar )
Assistants self-serve signup, credit gating, and risk policy expansions
This release lets unauthenticated users land on Gram with
and have an org auto-provisioned with the free-tier Polar subscription pre-attached. It also adds a credit-balance gate on
, environment cloning, user session management APIs, and two new risk policy sources for destructive CLI commands and prompt injection.
Features
Auto-provision org on assistants signup#2656 - Auto-provisions an org and attaches the free-tier Polar subscription when an unauthenticated user lands on Gram with
and has no org after IDP signin. Materializes the default project and environment, marks the org as whitelisted to bypass the BookDemo gate, and redirects to
risk-policy source for flagging destructive CLI commands. Covers shell (
,
,
,
,
), git (
,
,
), database (
,
, unguarded
), and cloud (
,
,
) destructive patterns. Surfaces in PolicyCenter as a "Destructive CLI Commands" rule category. (Author: @bradcypert )
Heuristic prompt injection detection#2606 - Adds a "Prompt Injection" risk policy category to flag or block instruction overrides, role hijacks, system-prompt leaks, encoded payloads, delimiter injection, and shell tool-abuse attempts. (Author: @vishalg0wda )
Credit-balance gate on chat completions#2566 - Adds a pre-request credit check on
for free-tier orgs. Returns HTTP 402
once the cached Polar Chat Credits balance is exhausted. Pro and enterprise stay bounded by the existing OpenRouter monthly key cap. Self-serve top-up checkout is available via
Model context window in chat completions metadata#2641 - Decorates
responses with the upstream model's context window via a
extension. Pulled from OpenRouter's per-model listing and cached for 72 hours. The streaming path injects the value into the final SSE frame. (Author: @danielkov )
Environment cloning#2561 - Adds a clone action to environment cards on the Environments page. The clone dialog lets users pick a new name and choose whether to copy only variable names with empty placeholders or duplicate the encrypted secret values. Ciphertext is copied row-to-row inside Postgres, never decrypted. Gated by
plus a per-resource read check on the source environment. (Author: @simplesagar )
Bug fixes
Catalog registry pagination#2649 - Fixes catalog registry pagination so infinite scroll fetches all entries beyond the first page.
now returns the upstream registry's
alongside the server list, which
passes through to the API response. (Author: @walker-tx )
OAuth discovery for root-level well-known metadata#2662 - Fixes OAuth discovery for MCP servers that host well-known metadata at the origin root regardless of endpoint path (such as Atlassian). The discovery chain now retries both
and
against the origin root with the path stripped. (Author: @walker-tx )
Marketplace plugin restart caching#2670 - Fixes private Claude Code plugins showing "not cached at (not recorded)" after restarting Claude Code. The marketplace proxy now fetches the current HEAD commit SHA and embeds it alongside
in each
plugin source, giving Claude Code a stable cache key that survives restarts. (Author: @bradcypert )
PostHog event on assistants auto-provision#2673 - Captures a
PostHog event when the auth callback auto-provisions an org for a user landing with
. The event carries
,
,
, and
so the funnel from signup to benefit attach is observable. (Author: @danielkov )
Denied challenges widget filter#2676 - Filters the "Recent Challenges" widget on the org home page to only show denied, unresolved challenges. When there are no denied challenges, the widget now renders the same empty state used on the Denied tab of the Challenges page. (Author: @adaam2 )
Remote MCP source management and observability hook reliability
This release adds the initial UI and APIs for managing custom remote MCP sources, plus reliability fixes for the observability plugin hook flow and Claude Code plugin caching.
Features
Remote MCP source management UI and APIs#2608 - Adds the initial Remote MCP source management UI under the
feature flag, with a Custom remote server entry in the Add Source dropdown, a URL-only create form, and a detail page covering Overview, MCP Servers, and Settings tabs. Also adds
for probing a candidate remote MCP server URL via an MCP
request, plus
and
filter parameters on
. Renames the existing Third party server entry to Registry server. (Author: @bflad )
Bug fixes
Observability hook event flags and error handling#2682 - Fixes generated observability plugin hooks not firing correctly in production. Hook events now carry explicit
flags matching the public Gram plugin (
for blocking events like
and
,
for fire-and-forget events like
and
). The generated
script now captures the HTTP response body and status code separately and exits with code 2 on 4xx/5xx so an unreachable Gram server cannot silently bypass blocking policies. (Author: @bradcypert )
Claude Code plugin caching across sessions#2697 - Fixes Claude Code plugins not loading after restart. The marketplace URL returned by
now points directly at the git proxy (
) and the install instructions emit
in the
snippet, which Claude Code caches reliably between sessions. The URL-based manifest endpoint and its rewrite logic have been removed. (Author: @bradcypert )
RBAC dev toolbar environment scope toggle#2684 - Fixes a crash in the RBAC dev toolbar when toggling
or
for the first time. Hardens
and
to materialize a known-good baseline before spreading, and adds a defensive
guard at the render site so legacy malformed localStorage state cannot crash either. (Author: @simplesagar )
This release ships a token-gated marketplace proxy that lets Claude Code, Claude Cowork, and Cursor install Gram-published plugins without exposing the upstream GitHub repo. It also adds Slack reaction platform tools, custom policy messages, and authorization challenge management endpoints.
Features
Marketplace proxy for private plugin installs#2614 - Adds a stateless marketplace proxy that streams plugins from GitHub through token-gated routes, including a Claude Code marketplace manifest endpoint and a git Smart HTTP proxy for plugin source clones. The Plugins page surfaces install instructions for Claude Code, Claude Cowork, and Cursor in a new modal. (Author: @bradcypert )
so assistants can react to messages and discover available emoji. (Author: @danielkov )
Default-attach Slack reaction tools in onboarding#2631 - Default-attaches Slack reaction tools during assistant onboarding and injects reaction etiquette guidance into the assistant's behavior section. The Slack manifest builder now maps the reaction handlers to the
Custom risk policy messages#2533 - Allows setting custom policy messages that are shown to end users when a risk policy fires. (Author: @chase-crumbaugh )
Publish observability-only plugins#2610 - Allows publishing to GitHub when the org has only the observability plugin and no custom plugins. (Author: @bradcypert )
Function memory display and MCP server card redesign
This release surfaces function memory and instance counts on the source overview page and redesigns the MCP servers list on the plugin detail page to match the card pattern used elsewhere in the dashboard. It also includes infrastructure tuning for Fly machine resource limits and several bug fixes.
Features
Function memory and instances on source overview#2559 - Shows function memory and instance count on the source overview page. (Author: @simplesagar )
Plugin detail MCP server card redesign#2552 - Redesigns the MCP servers list on the plugin detail page so each entry matches the card pattern from the MCP list page: the Network icon in the dot-pattern sidebar, name plus tool-count badge in the header, and the Public / Private / Disabled status indicator in the footer. Introduces a shared
component used across MCP views. (Author: @bradcypert )
Bug fixes
Fly machine resource tuning#2571 - Increases CPUs to 4 GiB and lowers the soft limit to 20% of the hard limit. (Author: @disintegrator )
Assistant chat source tag#2575 - Tags chat sessions started from the Assistants page with
instead of
. Agent session logs now show
as the source for these sessions rather than conflating ongoing assistant chats with the onboarding flow. (Author: @simplesagar )
Agent session conversation history#2557 - Fixed certain agent session side panel failing to load conversation history. (Author: @danielkov )
Auto observability for published plugins and plugin card grid
This release makes observability automatic for teams installing Gram-published plugins. Each org's published marketplace now ships a
plugin containing the team's hooks with credentials embedded — no manual SessionStart configuration, no credential paste, no risk of forgetting the setup step. This release also redesigns the Plugins list as a card grid and fixes MCP install snippet env var handling.
Features
Auto observability for published plugins#2395 - Teams installing Gram-published plugins now get observability automatically. Each org's published marketplace ships a
plugin containing the team's hooks with credentials embedded. Tool events flow into the Gram dashboard for the org regardless of how many feature plugins a team member also installs. (Author: @bradcypert )
Plugin card grid#2500 - Switches the Plugins list from a table to a card grid matching the Collections page. Each plugin card surfaces name, slug, description, server count, and last updated time, with the delete action moved into a per-card menu. The empty state is replaced by the shared "create resource" tile for layout consistency. (Author: @bradcypert )
Bug fixes
MCP install snippet env var filtering#2528 - Fixed MCP install page rendering required external MCP headers in the install snippet even when the operator had configured those env vars as System or Omit. (Author: @bradcypert )
OAuth well-known metadata status code#2465 - Builds the well-known OAuth metadata response body before writing the 200 status so error paths surface the real status code instead of 200 with an error body. (Author: @bflad )
Observe component filename normalization#2506 - Normalized observe component filenames to the (section)(feature) pattern. (Author: @alx-xo )
This patch release resolves an issue where assistant messages were duplicated in chat history after a stream reconnects.
Bug fixes
Duplicate assistant messages after stream reconnect#2211 - Fixes duplicated assistant messages appearing in chat history after a stream reconnects. (Author: @danielkov )
Assistants v0, MCP server management APIs, and Codex plugin publishing
This release introduces assistants, a new primitive for scheduling AI agents on compute. Assistants run on Fly.io Firecracker machines or local Lima VMs, managed through Temporal workflows, and are configured in the dashboard with model, instructions, toolset, and environment bindings. Alongside assistants, this release adds management APIs for MCP servers and endpoints, extends plugin publishing to generate Codex-compatible packages, and introduces OAuth 2.1 one-click auto-configuration for Remote MCP servers.
Features
Assistants v0#2211 - Adds server-side assistant service with Temporal workflows, Fly.io and local Firecracker runtime providers, per-thread token manager, and dashboard UI for creating and editing assistants with model, instructions, toolset, and environment bindings. (Author: @danielkov )
MCP server and endpoint management APIs#2412 - Adds management APIs and queries for MCP servers and MCP endpoints. (Author: @bflad )
Plugin action audit logging#2478 - Records plugin actions in audit logs, including create, update, delete, server modifications, role assignments, and publish operations. (Author: @bradcypert )
Codex-compatible plugin package publishing#2390 - Extends plugin publishing to generate Codex-compatible packages alongside Claude Code and Cursor packages, including
Click-to-reveal for sensitive data in risk findings#2479 - Adds click-to-reveal functionality for sensitive data in risk findings. (Author: @mfbx9da4 )
Bug fixes
Per-tool RBAC filtering for tools list#2464 - Filters the
response by per-tool RBAC grants for scoped permissions. (Author: @adaam2 )
Role reassignment on deletion#2452 - Shows member reassignment step in the dashboard when deleting a role that has members assigned. (Author: @adaam2 )
Polar billing batch concurrency#2420 - Reduces per-batch concurrency against Polar API endpoints. (Author: @qstearns )
Log filter chips edit on click#2481 - Edits log filter chips on click rather than deleting them. (Author: @simplesagar )
Missing route not-found handling#2482 - Handles missing deployment and MCP detail routes with proper not-found states instead of reaching the error boundary. (Author: @bradcypert )
OAuth probe miss logging#2463 - Skips logging expected
OAuth probe misses to reduce noise. (Author: @bflad )
OAuth client auto-registration#2462 - Automatically registers the OAuth client when a registration endpoint is available for Remote MCP servers. (Author: @qstearns )
This release adds support for configuring the number of machines and memory allocation for deployed Gram Functions. Functions can now scale up to five machine instances with up to 4096 MiB per instance, up from the defaults of two instances at 1024 MiB each.
Features
Configurable scaling for Gram Functions#2238 - Added support for scaling the number of deployed machine instances (up to 5) and memory per instance (up to 4096 MiB) for Gram Functions, with defaults of 2 instances at 1024 MiB. (Author: @disintegrator )
Tool-level RBAC for MCP servers and shadow MCP blocking
This release introduces tool-level role-based access control for MCP servers. Grants now use typed selectors with
,
,
, and
fields instead of untyped string maps, enabling fine-grained per-tool access policies. Shadow MCP blocking adds opt-in prevention of unmanaged MCP servers that operate outside the Gram management system. The dashboard also gains an icon-mode sidebar with improved navigation feedback.
Features
Tool-level RBAC with typed selectors#2357 - Migrated RBAC authorization to a selector-based system where grants carry typed fields (
,
,
,
) instead of untyped string maps, enabling per-tool access control for MCP servers. (Author: @adaam2 )
Shadow MCP blocking#2449 - Added opt-in support for blocking unmanaged MCP servers that operate outside Gram's management system. (Author: @chase-crumbaugh )
Icon-mode sidebar and navigation improvements#2419 - Added icon-mode sidebar with label fade animations, loading spinners on navigation clicks, and unified empty states across dashboard pages. (Author: @simplesagar )
Bug fixes
Dashboard scope picker UUID storage#2442 - Fixed the dashboard scope picker to store toolset UUIDs instead of slugs as resource identifiers, resolving a bug where UI-created grants failed to match backend authorization checks. (Author: @adaam2 )
Impersonation banner height calculation#2445 - Fixed the impersonation banner height calculation so the page bottom remains reachable when the banner is visible. (Author: @bradcypert )
Per-skill usage analytics and plugin download options
This release adds per-skill time series data to the hooks summary API, powering new skill usage charts in the dashboard. A dropdown now lets users choose between Claude and Cursor installation when downloading published plugins.
Features
Per-skill time series in hooks summary API#2381 - Added per-skill time series data to the hooks summary API to enable skill-level usage charting. (Author: @alx-xo )
Skill usage analytics charts#2382 - Added skill usage time series and users-per-skill charts to the dashboard. (Author: @alx-xo )
Plugin download dropdown for Claude and Cursor#2413 - Added a dropdown on the plugin download action offering both Claude and Cursor installation options. (Author: @bradcypert )
Plugin.id field, recommended.except() helper, and lucide-react upgrade
This release adds a
field for identity-based plugin operations and a
helper for selectively excluding plugins from the recommended set by identifier. lucide-react is upgraded from 0.554 to 1.8.0, and a crash in the AI Insights sidebar is resolved.
Features
Plugin.id field and recommended.except() helper#2407 - Added a
field to plugin definitions and a
helper that selectively excludes plugins from the recommended set by their identifier. (Author: @adaam2 )
lucide-react upgrade to 1.8.0#2401 - Upgraded lucide-react dependency from 0.554 to 1.8.0. (Author: @alx-xo )
Bug fixes
AI Insights sidebar crash and widget rendering#2404 - Fixed a crash in the AI Insights sidebar triggered by rapid clicks on "Explore with AI" and ensured
and
widgets render correctly in the agent session pop-out. (Author: @simplesagar )
GitHub publishing for plugins and Cursor MCP support
This release adds the ability for admins to publish generated plugin packages to GitHub repositories for distribution through Claude Code and Cursor team marketplaces. Cursor sessions now benefit from native MCP support with token usage tracking, and a concurrent schema extraction race condition is resolved.
Features
GitHub publishing for plugins#2256 - Added support for admins to publish generated plugin packages to a GitHub repository via a configured GitHub App, enabling distribution through Claude Code and Cursor team marketplaces. (Author: @bradcypert )
Cursor native MCP support with token tracking#2398 - Added native MCP support for Cursor clients and token usage tracking for Cursor sessions. (Author: @chase-crumbaugh )
Bug fixes
Concurrent OpenAPI tool extraction data race#2403 - Fixed a data race in concurrent OpenAPI tool extraction that could corrupt schemas or crash deployments when the same schema was referenced by multiple operations. (Author: @disintegrator )
Context-length management and frontend tool turn resumption
This release adds two context-length management primitives that prevent upstream "prompt is too long" errors on long, tool-heavy conversations, and fixes chat turn resumption after client-side frontend tools complete.
Features
Tool output byte cap and context auto-compaction#2316 - Added two context-length management primitives to
:
caps the UTF-8 byte size of any single MCP tool call's result using a head-plus-tail truncation strategy with a notice suffix (disabled by default, opt in per-page), and
auto-compacts older turns when the estimated token count passes a configurable fraction of the model's context ceiling (default 70%, enabled by default). (Author: @simplesagar )
External server publishing, remote MCP management, and risk analysis
This release expands collections to include external MCP servers, introduces a remote MCP server management API with CRUD, RBAC scopes, header encryption, and audit logging, and ships a risk analysis system that scans tool calls and chat messages for secrets and sensitive data. The Hooks dashboard gets new charts and smarter defaults, the MCP server status flow gains safety warnings around environment sharing, and eight native Slack platform tools are now available.
Features
External servers in collections#2332 - Added support for publishing external MCP servers into collections so external and first-party servers can be shared through the same catalog. (Author: @subomi )
Remote MCP server management API#2254 - Added remote MCP server management API endpoints with CRUD operations, RBAC scopes, header encryption, and audit logging. (Author: @bflad )
Hooks dashboard chart improvements#2281 - Improved the Hooks dashboard with new charts, refined visuals, and smarter default filters. (Author: @alx-xo )
Fine-grained MCP tool selection and team access#2255 - Added a team invite flow with accept page, configurable expiry, security hardening, and a dedicated team access tab on MCP servers. (Author: @adaam2 )
Risk analysis for secrets and sensitive data#2297 - Added a risk analysis system that scans MCP tool calls and chat messages for secret leaks and other sensitive data. (Author: @mfbx9da4 )
Expandable charts on Hooks analytics#2344 - Charts on the Hooks analytics page can now be expanded to full width for easier reading. (Author: @alx-xo )
Collapsed bar charts with show more#2345 - Hooks dashboard bar charts now collapse to the top six rows with a show more link to expand the full dataset. (Author: @alx-xo )
Blank MCP server CTA and trigger events label#2325 - Added a blank MCP server CTA on the empty-project MCP page for starting with built-in tools and connecting a data source later, and relabeled
counts from "N attempts" to "N events". (Author: @danielkov )
Public MCP server safety warning#2289 - Warns users before flipping an MCP server to Public when the attached environment has system-provided values that would be shared with every caller. (Author: @simplesagar )
Trigger dispatcher registration and Slack signals#2326 - Added
for post-construction dispatcher wiring, short-circuited Slack
in
, dropped the
→
fallback so top-level DM and channel messages correlate on the channel alone, and surfaced
AI Insights stable deep-links and context management#2316 - Added stable URL deep-links for agent sessions in Chat Logs (
), upgraded the default AI Insights model to claude-sonnet-4.6, and enabled tool-output byte capping plus tighter auto-compaction to prevent "prompt is too long" errors on long tool-heavy conversations. (Author: @simplesagar )
AI Insights exploration on Project Overview#2310 - Added info tooltips to every KPI and chart card on the Project Overview dashboard, plus an Explore with AI wand on each chart that opens the Insights sidebar and auto-submits a chart-specific question. The nav-bar AI Insights trigger also gains a brand gradient border on hover. (Author: @simplesagar )
Bug fixes
Cross-provider chat recovery#2320 - Fixed chats breaking when switching providers mid-conversation. Assistant turns that contained both a text reply and a tool call could cause the next turn to fail with a validation error on some provider routes, leaving the conversation unrecoverable. Affected chats now continue to work seamlessly across providers. (Author: @danielkov )
413 guard on chat completion proxy#2316 - Added a defense-in-depth 413 guard on the
chat proxy that rejects any single tool-result message over 200KB with a clean HTTP 413 and
error instead of forwarding it to OpenRouter as an opaque "prompt is too long" 400. (Author: @simplesagar )
Normalized Source for Claude Code hooks#2335 - Normalized the
column on
for Claude Code hook intake so tool-call messages use the OTEL
like user and assistant messages, instead of hardcoding
Dark mode onboarding banner#2304 - Fixed the project onboarding banner to support dark mode by using semantic background tokens instead of hardcoded white. (Author: @bradcypert )
Onboarding banner gradient removed#2318 - Removed the gradient from the onboarding banner. (Author: @alx-xo )
Project-scoped plugin toolset picker#2305 - Fixed the plugin toolset picker to show project-scoped toolsets instead of all org toolsets, using
Plugin toolset picker loading state#2302 - Shows a skeleton loading state for the toolset picker in plugin detail instead of incorrectly displaying "No toolsets available" while loading. (Author: @bradcypert )
This patch release adds token and cost tracking for Claude agent sessions and tightens the eagerness of Speakeasy IDP state synchronization to reduce unnecessary operations.
Features
Token and cost metrics for Claude agent sessions#2262 - Captures token and cost metrics for Claude agent sessions in the dashboard. (Author: @chase-crumbaugh )
Bug fixes
Less eager Speakeasy IDP state sync#2282 - Reduced the eagerness of ID token synchronization from Speakeasy IDP to Gram to avoid unnecessary sync operations. (Author: @qstearns )
