Skip to Content
Back to changelog

External server publishing, remote MCP management, and risk analysis

This release expands collections to include external MCP servers, introduces a remote MCP server management API with CRUD, RBAC scopes, header encryption, and audit logging, and ships a risk analysis system that scans tool calls and chat messages for secrets and sensitive data. The Hooks dashboard gets new charts and smarter defaults, the MCP server status flow gains safety warnings around environment sharing, and eight native Slack platform tools are now available.

Features

  • External servers in collections #2332  - Added support for publishing external MCP servers into collections so external and first-party servers can be shared through the same catalog. (Author: @subomi )
  • Remote MCP server management API #2254  - Added remote MCP server management API endpoints with CRUD operations, RBAC scopes, header encryption, and audit logging. (Author: @bflad )
  • Hooks dashboard chart improvements #2281  - Improved the Hooks dashboard with new charts, refined visuals, and smarter default filters. (Author: @alx-xo )
  • Fine-grained MCP tool selection and team access #2255  - Added a team invite flow with accept page, configurable expiry, security hardening, and a dedicated team access tab on MCP servers. (Author: @adaam2 )
  • Risk analysis for secrets and sensitive data #2297  - Added a risk analysis system that scans MCP tool calls and chat messages for secret leaks and other sensitive data. (Author: @mfbx9da4 )
  • Slack platform tools #2327  - Added eight Slack platform tools: read channel messages, read thread messages, read user profile, search channels, search messages and files, search users, send message, and schedule message. (Author: @danielkov )
  • Expandable charts on Hooks analytics #2344  - Charts on the Hooks analytics page can now be expanded to full width for easier reading. (Author: @alx-xo )
  • Collapsed bar charts with show more #2345  - Hooks dashboard bar charts now collapse to the top six rows with a show more link to expand the full dataset. (Author: @alx-xo )
  • Blank MCP server CTA and trigger events label #2325  - Added a blank MCP server CTA on the empty-project MCP page for starting with built-in tools and connecting a data source later, and relabeled TriggerLogRow counts from “N attempts” to “N events”. (Author: @danielkov )
  • Public MCP server safety warning #2289  - Warns users before flipping an MCP server to Public when the attached environment has system-provided values that would be shared with every caller. (Author: @simplesagar )
  • Trigger dispatcher registration and Slack signals #2326  - Added App.RegisterDispatcher for post-construction dispatcher wiring, short-circuited Slack url_verification in AuthenticateWebhook, dropped the thread_tsts fallback so top-level DM and channel messages correlate on the channel alone, and surfaced bot_id and app_id on Slack trigger events. (Author: @danielkov )
  • AI Insights stable deep-links and context management #2316  - Added stable URL deep-links for agent sessions in Chat Logs (/logs?chatId=<id>), upgraded the default AI Insights model to claude-sonnet-4.6, and enabled tool-output byte capping plus tighter auto-compaction to prevent “prompt is too long” errors on long tool-heavy conversations. (Author: @simplesagar )
  • AI Insights exploration on Project Overview #2310  - Added info tooltips to every KPI and chart card on the Project Overview dashboard, plus an Explore with AI wand on each chart that opens the Insights sidebar and auto-submits a chart-specific question. The nav-bar AI Insights trigger also gains a brand gradient border on hover. (Author: @simplesagar )

Bug fixes

  • Cross-provider chat recovery #2320  - Fixed chats breaking when switching providers mid-conversation. Assistant turns that contained both a text reply and a tool call could cause the next turn to fail with a validation error on some provider routes, leaving the conversation unrecoverable. Affected chats now continue to work seamlessly across providers. (Author: @danielkov )
  • 413 guard on chat completion proxy #2316  - Added a defense-in-depth 413 guard on the /completion chat proxy that rejects any single tool-result message over 200KB with a clean HTTP 413 and request_too_large error instead of forwarding it to OpenRouter as an opaque “prompt is too long” 400. (Author: @simplesagar )
  • Normalized Source for Claude Code hooks #2335  - Normalized the Source column on chat_messages for Claude Code hook intake so tool-call messages use the OTEL service.name like user and assistant messages, instead of hardcoding ClaudeCode. (Author: @bradcypert )
  • Dark mode onboarding banner #2304  - Fixed the project onboarding banner to support dark mode by using semantic background tokens instead of hardcoded white. (Author: @bradcypert )
  • Onboarding banner gradient removed #2318  - Removed the gradient from the onboarding banner. (Author: @alx-xo )
  • Project-scoped plugin toolset picker #2305  - Fixed the plugin toolset picker to show project-scoped toolsets instead of all org toolsets, using useListToolsets rather than useListToolsetsForOrg. (Author: @bradcypert )
  • Plugin toolset picker loading state #2302  - Shows a skeleton loading state for the toolset picker in plugin detail instead of incorrectly displaying “No toolsets available” while loading. (Author: @bradcypert )

Last updated on

AI everywhere.

Control here.

Build MCPGenerate SDKs