Skip to Content
Back to changelog

Webhooks catalog, collections RBAC, and team invitations

This release introduces a typed webhooks catalog for audit log events, enforces RBAC on the collections API, normalizes risk finding identifiers across scanners, and ships a DB-backed team invitation flow with trusted domain guards.

Features

  • Webhooks catalog #2905  - The webhooks feature now generates a catalog of event types and schemas. The catalog is emitted as an OpenAPI 3.1 document that is synced to Svix. (Author: @disintegrator )
  • Granular per-subject audit log webhook events #2927  - Each auditable subject (deployments, projects, MCP servers, API keys, toolsets, risk policies, sessions, and more) now emits its own typed webhook event (for example, audit_log.deployment_event_v1), enabling subscribers to filter by subject domain rather than receiving all audit activity under a single event type. (Author: @disintegrator )
  • RBAC on collections API #2892  - List and ListServers now require org:read; Create, Update, Delete, AttachServer, and DetachServer require org:admin. The dashboard’s sidebar, collections list, and detail pages open up to org:read members, while create, edit, delete, and server attach and detach controls stay behind org:admin. (Author: @subomi )
  • Audit log collection mutations #2914  - Emits audit log entries for collection mutations: mcp_collection:create, :update, :delete, :attach_server, and :detach_server. Update, AttachServer, and DetachServer now run in a transaction alongside the audit insert, and a new urn.McpCollection identifier (prefix mcp_collection) is used as the audit subject. (Author: @subomi )
  • Team invitations with trusted domain guards #2896  - Adds RBAC and assigned roles on pending organization invites, lets org admins change the role before acceptance, and emits audit log entries for invite creation and role changes. Invite acceptance now uses Gram invite tokens plus WorkOS User Management Magic Auth codes — the server validates the invite token, creates and consumes the Magic Auth code for the invited email, verifies the email match, and completes provisioning. (Author: @ThomasRooney )
  • Normalized risk finding identifiers #2855  - RiskResult.rule_id and RiskResult.description now follow a consistent shape across every detection source. rule_id is lowercase, snake_case, with an optional dot-separated category prefix (for example, secret.<rule>, pii.credit_card, shadow_mcp, destructive.shell.rm_rf, prompt_injection). (source, rule_id) is the stable identifier downstream consumers should match on, and description is a short human-readable sentence that never echoes the matched value. (Author: @mfbx9da4 )
  • Remote MCP interceptor payload mutation #2757  - Adds support for remote MCP interceptor payload mutation, and implements shadowmcp and mcp:connect interceptors. (Author: @bflad )
  • Bulk install all servers in a collection #2899  - Adds an Install All button to the collection detail page for bulk server installation. (Author: @subomi )
  • Improved trace session detail UX #2864  - Adds filtering and a clearer presentation for trace entries. (Author: @alx-xo )

Bug fixes

  • Drop IPv6 short-form and IPv4 unspecified false positives #2915  - Drops Presidio IP_ADDRESS false positives produced from short-form IPv6 strings (b::, dead::, 1::) and IPv4 unspecified 0.0.0.0. Analysis of prod risk_results showed these single-hex-group <hex>:: matches dominated IP_ADDRESS noise alongside the existing :: filter; they are now dropped before becoming findings. (Author: @mfbx9da4 )
  • Exclude plugin download key creation from audit log #2760  - Excludes per-request plugin download API key creation from the audit log to prevent flooding with api_key:create events. (Author: @bradcypert )
  • Skip WorkOS reads when org is linked locally #2844  - Skips WorkOS reads when the org is already linked locally, removing redundant lookups on the auth path. (Author: @bflad )
  • Filter already-added toolsets from plugin add-server dialog #2904  - Filters the plugin Add Server dialog to exclude toolsets already attached to the plugin, preventing duplicate entries. (Author: @bradcypert )
  • Credits-exhausted message in chat #2921  - Shows a graceful message in AI Insights and the Playground when an organization runs out of chat credits. Previously the chat would silently stop streaming on a 402 from the gateway because the AI SDK masks stream errors by default. The thread now renders a clear credit-limit message, and the new describeStreamError and CREDITS_EXHAUSTED_MESSAGE exports are available on @gram-ai/elements for downstream consumers that want to react to the same condition. (Author: @simplesagar )

Last updated on

AI everywhere.

Control here.

Talk to usLearn more