Skip to Content
Back to changelog

Risk overview analytics, cascading domain deletes, and richer remote session OAuth

This release adds the Risk overview dashboard, cascades custom domain deletes through MCP endpoints, lets remote session clients pin OAuth audience and scope, and gives cron triggers per-schedule steering notes.

Features

  • Cascade custom domain soft-deletes to MCP endpoints #2810  - Deleting a custom domain now soft-deletes every mcp_endpoints row registered under it across all projects in the org, emits one mcp-endpoint:delete audit event per cascaded row, and previews the impacted endpoints in the dashboard delete-confirmation modal via the new /rpc/domain.listMcpEndpoints endpoint. (Author: @bflad )
  • Configurable upstream OAuth audience and scope on remote session clients #2941  - Adds nullable audience and scope columns on remote_session_clients and surfaces them on the management API. When audience is set, the upstream OAuth dance attaches the audience parameter to the authorize redirect, authorization-code-to-token exchange, and every refresh-token request. When scope is set, the dance requests those scopes instead of echoing the issuer’s full scopes_supported, which avoids over-granting access on providers that advertise broad scope sets. (Author: @qstearns )
  • Notes on cron triggers #2955  - Cron triggers now accept an optional note field, matching wake triggers. The note is included in every scheduled tick the assistant sees, so one assistant can carry multiple cron triggers with distinct per-schedule steering — for example, “run daily digest” versus “check deploy status”. (Author: @danielkov )
  • Risk overview analytics #2912  - Adds summary metrics, charts, and trend data for recent policy findings on the Risk overview. (Author: @alx-xo )
  • Assistant spec panel links MCP server rows #2972  - The Assistants spec panel now links each attached MCP server to its MCP details page, so the draft view jumps straight to inspect or configure the server. (Author: @danielkov )
  • Toggle assistant active state from the list #2974  - The active/paused indicator on each assistant card is now an interactive switch — pause or resume an assistant directly from the assistants list without opening it. (Author: @danielkov )

Bug fixes

  • Hook source on Claude Code usage metrics #2968  - Fixes the token graph blanking when filtering by agent type on /insights/costs by including the hook_source attribute on Claude Code usage metrics. (Author: @simplesagar )
  • Better server names and inspection in hooks logs #2990  - Extracts server names from MCP configs in hooks logs and improves the UI for inspecting individual logs. (Author: @chase-crumbaugh )
  • One assistant thread per Slack top-level message #2951  - Slack-triggered assistant chats now open a fresh assistant thread for each top-level message instead of folding distinct conversations onto a single per-channel thread. Top-level Slack messages and DMs used to share one Gram thread — and one Fly runtime — per channel, so unrelated users’ messages bled into the same context window. (Author: @danielkov )
  • Ephemeral Slack button for MCP re-auth #2959  - Assistants on Slack now surface MCP OAuth re-auth via an ephemeral Block Kit button instead of dumping the raw URL into the thread, so only the user that needs to authenticate sees the prompt. (Author: @danielkov )

Last updated on

AI everywhere.

Control here.

Talk to usLearn more