Skip to Content
Back to changelog

Tool-level RBAC for MCP servers and shadow MCP blocking

This release introduces tool-level role-based access control for MCP servers. Grants now use typed selectors with resource_kind, resource_id, disposition, and tool fields instead of untyped string maps, enabling fine-grained per-tool access policies. Shadow MCP blocking adds opt-in prevention of unmanaged MCP servers that operate outside the Gram management system. The dashboard also gains an icon-mode sidebar with improved navigation feedback.

Features

  • Tool-level RBAC with typed selectors #2357  - Migrated RBAC authorization to a selector-based system where grants carry typed fields (resource_kind, resource_id, disposition, tool) instead of untyped string maps, enabling per-tool access control for MCP servers. (Author: @adaam2 )
  • Shadow MCP blocking #2449  - Added opt-in support for blocking unmanaged MCP servers that operate outside Gram’s management system. (Author: @chase-crumbaugh )
  • Icon-mode sidebar and navigation improvements #2419  - Added icon-mode sidebar with label fade animations, loading spinners on navigation clicks, and unified empty states across dashboard pages. (Author: @simplesagar )

Bug fixes

  • Dashboard scope picker UUID storage #2442  - Fixed the dashboard scope picker to store toolset UUIDs instead of slugs as resource identifiers, resolving a bug where UI-created grants failed to match backend authorization checks. (Author: @adaam2 )
  • Impersonation banner height calculation #2445  - Fixed the impersonation banner height calculation so the page bottom remains reachable when the banner is visible. (Author: @bradcypert )

Last updated on

AI everywhere.

Control here.

Book a demoLearn more