Write risk policies in plain language, export agent traces to your observability stack, and faster assistant startup
Risk policies can now be expressed as a prompt evaluated by an LLM judge instead of a fixed rule, assistant runtimes can export their traces over OTLP to Sentry, Datadog, or Honeycomb, and assistants connect to all their MCP servers in parallel so thread startup no longer grows with server count.
Features
Prompt-based risk policies with an LLM judge#3294 - Write a risk policy as a plain-language prompt and let an LLM judge evaluate tool-call messages against it, in both the realtime enforcement scanner and the batch analyzer, with findings flowing into risk results. Gated behind the
Export agent traces to Sentry, Datadog, or Honeycomb#3325 - Assistant runtimes can now export agent traces — turns and tool calls — over OTLP to any OpenTelemetry-compatible backend, with gRPC and HTTP transports supported and traces tagged with their assistant and project. (Author: @danielkov )
Assistants start threads faster#3338 - Assistants now connect to all of their MCP servers in parallel when a thread starts, so startup time no longer grows with the number of servers and one slow or unreachable server can't stall the rest. Hung servers fail fast against connect and handshake timeouts. (Author: @danielkov )
Configure guardrails during onboarding#3265 - A new Configure policies onboarding step lets teams enable the Shadow MCP guardrail and per-category detection policies (secrets, PII, prompt injection) directly during setup. (Author: @adaam2 )
Display names and logos for remote session issuers#3336 - Remote session issuers can now carry an optional display name and logo, rendered as the primary label with the issuer URL as the secondary line. On the attach sheet, the display name auto-derives from the issuer URL hostname until you edit it. (Author: @bflad )
Risk policy bypass requests are enforced at runtime#3236 - The bypass request workflow introduced in v0.66.0 is now wired into runtime access checks, so an approved bypass actually grants access. (Author: @tgmendes )
Clearer audit log event names for access workflows#3287 - Shadow MCP approval requests and access rules now emit generic
and
webhook events; the old Shadow MCP-specific names remain available for compatibility. (Author: @alx-xo )
Bug fixes
MCP auth prompts go to the assistant's owner#3324 - OAuth links for an assistant's MCP servers are now delivered to the assistant's owner instead of whoever happened to trigger it, and anyone else is told the owner has to complete the connection — so an unexpected auth message is no longer mistaken for a failed setup. (Author: @danielkov )
Observability hook events arrive with your identity#3335 - The generated observability plugin now probes for
, the binary the device agent actually ships as, so identity enrichment works on a standard install instead of events arriving anonymously. Applies to the Claude Code, Cursor, and Codex plugin templates. (Author: @bradcypert )
No more request storm from the command palette#3318 - The Recently Visited feature no longer fires unauthenticated
requests from every page, including the login page; the lookup is gated on the palette being open and reuses the session the auth provider already fetched. (Author: @simplesagar )
Onboarding is legible in dark mode#3326 - The onboarding stepper and instrument-agents step now use theme-aware colors so text and controls remain readable in dark mode. (Author: @adaam2 )
