Skip to Content
Back to changelog

Codex hooks, OTEL forwarding, Slack Block Kit, and WorkOS-native auth

A major release: Gram now ships hooks support for Codex (OpenAI), forwards OTEL telemetry to customer-configured destinations, supports rich Slack Block Kit messages with interactive button replies, and migrates the entire authentication layer to WorkOS-native auth. Assistants gain self-healing chat history and an always-on platform toolset.

Features

  • Codex (OpenAI) hooks support #2746  - Adds a new /rpc/hooks.codex endpoint accepting all six Codex hook events (SessionStart, PreToolUse, PermissionRequest, PostToolUse, UserPromptSubmit, Stop), enforces org-level risk policies on blocking events, and records telemetry to ClickHouse. The plugin generator now produces a downloadable Codex observability plugin (ZIP and install script) that registers the hooks via a Gram marketplace entry in ~/.codex/config.toml. The install instructions dialog gains a Codex tab alongside Claude Code and Cursor. (Author: @bradcypert )
  • OTEL forwarding to customer destinations #2756  - Customers can configure a URL and headers on the Org Logs page; a body-tee middleware mirrors every payload received on /rpc/hooks.otel/v1/* to that endpoint. Forwarding is org-wide, async (bounded worker pool, fire-and-forget on failure), capped at 4 MiB per request, and gated behind org:admin for writes and org:read for reads. Header values are encrypted at rest. (Author: @chase-crumbaugh )
  • Slack Block Kit messages with interactive replies #2798  - Outbound Slack messages can now render rich Block Kit content. chat.postMessage and chat.postEphemeral accept an optional typed Blocks field (section, actions plus button, context, divider) alongside the text fallback. Button clicks come back as block_actions interactions on the existing Slack trigger webhook and reach the assistant as a new turn carrying action_id, action_value, and block_id. (Author: @danielkov )
  • WorkOS-native authentication #2669  - Removes the legacy Speakeasy IDP authentication layer and migrates to WorkOS-native auth. Authorization, token exchange, and session management now go directly through the WorkOS SDK instead of the intermediate Speakeasy IDP proxy. Deterministic UUIDv5 user and org IDs bridge cross-system identity without runtime lookups. Adds OAuth CSRF nonce validation and a browser-binding cookie to the login flow. (Author: @adaam2 )
  • Always-on platform toolset for assistants #2719  - Every assistant now exposes a platform toolset to its runtime alongside its user-attached toolsets, with no user-facing toolset row and no setup required. The assistant_memory product feature flag is removed; assistant memory tools are always-on. (Author: @danielkov )
  • Self-healing corrupt chat history #2805  - Assistants now self-heal when the inference provider rejects a chat as malformed: the runtime trims history to the last 5 user messages, prepends a recovery notice that nudges the agent to recover lost context via its tools, and retries instead of leaving the thread stuck. (Author: @danielkov )
  • Multiple GitHub collaborators on plugin publish #2611  - The publish dialog accepts a list of usernames as chips, and the publishPlugins API now takes github_usernames (array) instead of github_username (string). (Author: @bradcypert )
  • Audit log webhooks #2815  - Adds support for configuring webhooks to deliver audit log events to external destinations. (Author: @disintegrator )
  • Employee token observability dashboard #2716  - Repurposes the Agents insights tab into an employee token observability dashboard. Shows per-employee token consumption, estimated cost, tool usage breakdown, and platform/model distribution. Clicking an employee row opens a detail dialog with model-level usage, time-series charts, and tool breakdown. Results can be scoped to specific coding tools like Cursor or Claude Code. (Author: @subomi )
  • Split assistant onboarding name and personality steps #2818  - Onboarding now asks for the assistant’s name and personality as two separate steps instead of one combined card. When the user has already named the assistant in chat, the agent skips the name picker and goes straight to the personality step. (Author: @danielkov )
  • MCP servers listing search #2820  - Adds a search bar to the MCP servers listing page. (Author: @bflad )
  • Identity tab refresh #2755  - Renames the org “Security” tab to “Identity” and refreshes the SSO and Directory Sync cards: drops the SAML-specific branding, replaces the hover popover with a tooltip on a fully clickable Configure button, and captures an identity_provider_interest PostHog event on click. (Author: @simplesagar )
  • Configurable Project Overview date range #2777  - Makes the Project Overview page date range configurable via a TimeRangePicker in the header, matching the Insights and Logs pages. The selected range is URL-backed (range, from, to, label). (Author: @simplesagar )
  • ML prompt-injection classifier (opt-in) #2667  - Adds an opt-in L1 ML prompt-injection classifier (deberta-v3) that runs alongside the heuristic baseline. Enable the new “ML classifier (deberta-v3)” rule under the Prompt Injection category. Detection runs in a sidecar service. (Author: @vishalg0wda )
  • External MCP tools in tools.list filter #2772  - /rpc/tools.list now accepts a tool_types filter and can return direct external MCP tools, unblocking the toolset editor’s “Add Tools” picker for tools from already-attached external MCP servers. (Author: @walker-tx )
  • Onboarding chat connects to all MCP servers #2736  - The assistant onboarding chat now connects to every MCP server attached to the assistant, not just the first one, so the agent can call tools across all configured toolsets. (Author: @danielkov )

Bug fixes

  • Remove public MCP server cap on unpaid plans #2822  - Removed the 1-public-MCP-server cap on accounts without an active subscription. Users can now enable as many public MCP servers as they want on any plan. (Author: @danielkov )
  • Quiet false-positive Temporal alerts #2758  - Benign ContinueAsNewError and CanceledError log at Info, and VerifyCustomDomain is non-retryable on NXDOMAIN. (Author: @bflad )
  • Harden AnalyzeBatch against Presidio degradation #2770  - Hardens batch risk analysis against Presidio degradation. (Author: @bflad )
  • Spill oversized MCP tool results to disk #2797  - The assistant runtime now spills oversized MCP tool results to a file inside the assistant workdir instead of letting them 413 the provider. The in-band tool result is replaced with a pointer ({ truncated, saved_to, original_bytes }) so the model can read or grep the full output via the filesystem tools. (Author: @danielkov )
  • Drop trigger dispatches for deleted assistants #2802  - Drops trigger dispatches whose target assistant has been deleted instead of failing the activity. (Author: @danielkov )
  • Plugin re-publish refreshes installed clients #2804  - Every plugin manifest now ships with a per-publish version (0.1.<unix_ts>) instead of a hardcoded 0.1.0, so Claude Code, Cursor, and Codex marketplace clients see a newer version on republish and pull updated content. (Author: @bradcypert )
  • Order Slack credential prompts to match Slack UI #2817  - Onboarding now asks for Slack credentials in the order users encounter them in Slack’s UI: Signing Secret first, then Bot User OAuth Token, then User OAuth Token. (Author: @danielkov )
  • Prevent transient 404 after deleting MCP toolset #2826  - Prevents a transient “toolset not found” error from appearing immediately after deleting an MCP server’s toolset. (Author: @bflad )
  • Disable Create Assistant when missing permissions #2752  - Disables Create Assistant buttons in the dashboard when the user lacks the permissions needed to create one, with a tooltip explaining why. (Author: @danielkov )

Last updated on

AI everywhere.

Control here.

Talk to usLearn more