Back to all releases

v0.82.0

Platform

// July 7, 2026

Connect MCP servers on private networks and silence known risk false positives

MCP servers that live behind a firewall can now join a Gram project: run the new tunnel agent next to the server and Gram routes traffic to it, no inbound network access required. On the risk side, a built-in exclusions library now suppresses well-known false positives — test credit cards, example API keys, placeholder emails — so risk events stay focused on findings that matter.

Features

  • Tunneled MCP servers #3703 - MCP servers running in a private network can now be added as tunneled sources. The tunnel agent ships as a public Docker image (
    , linux/amd64 and linux/arm64) that runs alongside the server and connects out to Gram, and the tunneled MCP server page includes Docker and Kubernetes setup instructions. (Author: @ThomasRooney)
  • Built-in exclusions library for risk detections #3895 - Known false positives — test credit card numbers, example API keys and tokens, module and content hashes, and placeholder emails — are now suppressed automatically across all detection sources. A read-only Built-in library section on the Exclusions tab lists the live catalog, backed by the new
    endpoint. (Author: @dennnis-ez)

Bug fixes

  • Session status reflects refresh expiry #3936 - A session's active or expired status is now keyed off its refresh token expiry, so sessions that can still refresh no longer show as expired. (Author: @linear-code)
  • Non-Corporate Accounts policy card restored #3940 - The Non-Corporate Accounts detector — including its approved-email-domains configuration — is back on the risk-policy detail form after being dropped in a refactor, and the Off-Policy Content card no longer appears twice. (Author: @daviddanialy)
Sagar Batchu
Sagar Batchu
View on GitHub