A sidebar-first dashboard, a fully equipped Project Assistant, and Remote MCP servers in plugins
The dashboard gets a cleaner sidebar-only layout that puts the workspace switcher, account menu, and theme toggle in one place. The Project Assistant can now answer real observability questions — searching logs, tool calls, and chats, pulling metrics, and summarizing risk findings — and plugins can distribute Remote MCP servers alongside toolset-backed ones.
Features
Sidebar-first app layout#3247 - The full-width top nav is gone: the workspace switcher, account menu, theme toggle, and a new Roadmap link all live in the sidebar, light mode is the default, and switching projects shows a loading skeleton instead of flashing an empty nav. (Author: @simplesagar )
Project Assistant answers observability questions#3218 - The Project Assistant can now search logs, tool calls, chats, and users, pull project and user metrics, list and load chats, browse the org's user directory, summarize risk findings without exposing secret content, and fetch deployment logs — so you can ask it questions like "what errored since Monday" instead of digging through pages yourself. (Author: @simplesagar )
Distribute Remote MCP servers through plugins#3269 - Plugins can now include Remote MCP-backed servers alongside toolset-backed ones. The add-server picker offers both, display names default to the backing server's name, and generated bundles emit Remote MCP servers as OAuth HTTP servers with no static auth header. (Author: @bflad )
Request a bypass when a risk policy blocks you#3224 - When a risk policy blocks an action, the request URL flow now has backend support for filing a bypass request, backed by current-state request records and principal grants. (Author: @tgmendes )
Right-click any dashboard card#3251 - Right-clicking a Plugin, Source, Environment, Assistant, Custom Tool, Prompt, or Resource card opens the same action menu as its visible button, with the same RBAC gating, so common actions are one click closer. (Author: @simplesagar )
Far fewer false-positive IP address findings#3170 - Risk scanning now consults a unified catalog of reserved ranges, public DNS resolvers, placeholder IPs, and cloud/CDN address space, suppressing about 80% of IP findings on a production sample versus roughly 10% under the previous filter — so the findings that remain are worth your attention. (Author: @mfbx9da4 )
Observability hooks attribute events to the right person#3211 - Generated observability hooks now use device-agent identity when available, so hook events arrive attributed to the actual user while existing fallbacks keep working when the daemon isn't running. (Author: @bradcypert )
Project Assistant starts lean#3264 - A new Project Assistant no longer auto-attaches every MCP server in the project; it starts with its built-in and platform tools, and admins attach the servers they actually want it to use. (Author: @danielkov )
Project Assistant understands relative time#3246 - Each conversation turn is now stamped with its timestamp, so questions like "errors since Monday" resolve correctly even in long-lived threads. (Author: @simplesagar )
Status-driven MCP server overview#3245 - The experimental MCP server details page now shows Server Address, Authentication, and Source/Tools as cards with Ready or Needs Setup signals, including an explicit authentication posture that flags a public server with no remote identity as unsecured. (Author: @walker-tx )
Bug fixes
Faster, cleaner Project Assistant threads#3240 - Replies now surface within a few hundred milliseconds for short turns thanks to adaptive polling, reopened threads no longer show raw internal framing blocks, and thread titles are generated from the conversation instead of fixating on boilerplate. (Author: @simplesagar )
No more duplicate endpoints in the catalog Add Server dialog#3262 - Registry entries that expose the same streamable-http URL twice (like Datadog's OAuth and API-key variants) now collapse to a single checkbox, matching how deploys already resolved them. (Author: @adaam2 )
