Skip to Content
Back to changelog

Assistants v0, MCP server management APIs, and Codex plugin publishing

This release introduces assistants, a new primitive for scheduling AI agents on compute. Assistants run on Fly.io Firecracker machines or local Lima VMs, managed through Temporal workflows, and are configured in the dashboard with model, instructions, toolset, and environment bindings. Alongside assistants, this release adds management APIs for MCP servers and endpoints, extends plugin publishing to generate Codex-compatible packages, and introduces OAuth 2.1 one-click auto-configuration for Remote MCP servers.

Features

  • Assistants v0 #2211  - Adds server-side assistant service with Temporal workflows, Fly.io and local Firecracker runtime providers, per-thread token manager, and dashboard UI for creating and editing assistants with model, instructions, toolset, and environment bindings. (Author: @danielkov )
  • MCP server and endpoint management APIs #2412  - Adds management APIs and queries for MCP servers and MCP endpoints. (Author: @bflad )
  • Plugin action audit logging #2478  - Records plugin actions in audit logs, including create, update, delete, server modifications, role assignments, and publish operations. (Author: @bradcypert )
  • Codex-compatible plugin package publishing #2390  - Extends plugin publishing to generate Codex-compatible packages alongside Claude Code and Cursor packages, including .codex-plugin/plugin.json manifest and .mcp.json server config. (Author: @bradcypert )
  • Remote MCP private IP rejection #2457  - Rejects private and reserved IP addresses in Remote MCP Server URL validation. (Author: @bflad )
  • Observe section reorganization #2499  - Reorganizes the Observe section into tabbed Insights and Logs sections. (Author: @alx-xo )
  • OAuth 2.1 one-click auto-configuration #2508  - Adds one-click OAuth auto-configure path for Remote MCP servers, removing the scope requirement. (Author: @walker-tx )
  • Click-to-reveal for sensitive data in risk findings #2479  - Adds click-to-reveal functionality for sensitive data in risk findings. (Author: @mfbx9da4 )

Bug fixes

  • Per-tool RBAC filtering for tools list #2464  - Filters the tools.list response by per-tool RBAC grants for scoped permissions. (Author: @adaam2 )
  • Role reassignment on deletion #2452  - Shows member reassignment step in the dashboard when deleting a role that has members assigned. (Author: @adaam2 )
  • Polar billing batch concurrency #2420  - Reduces per-batch concurrency against Polar API endpoints. (Author: @qstearns )
  • Log filter chips edit on click #2481  - Edits log filter chips on click rather than deleting them. (Author: @simplesagar )
  • Missing route not-found handling #2482  - Handles missing deployment and MCP detail routes with proper not-found states instead of reaching the error boundary. (Author: @bradcypert )
  • OAuth probe miss logging #2463  - Skips logging expected .well-known OAuth probe misses to reduce noise. (Author: @bflad )
  • OAuth client auto-registration #2462  - Automatically registers the OAuth client when a registration endpoint is available for Remote MCP servers. (Author: @qstearns )

Last updated on

AI everywhere.

Control here.

Book a demoLearn more