Skip to Content
Back to changelog

AI Insights for risk findings, Cursor cost and token tracking, and multi-role RBAC

This release brings risk-aware suggestions into the dashboard’s AI Insights sidebar on the Security Overview and Policy Center pages, adds Cursor support to the Insights Employees and Costs tabs, and ships multi-role assignments for RBAC.

Features

  • AI Insights for risk findings #2922  - The dashboard’s AI Insights sidebar now surfaces risk-aware suggestions on the Security Overview and Policy Center pages, letting the assistant reason over recent policy findings without seeing raw secrets. Findings are read through a redacted endpoint that replaces the match field with an opaque fingerprint of the form <redacted len=N sha=XXXXXXXX>, so identical secrets are still dedupable across findings while their content stays hidden, and a system-prompt rule bars the assistant from echoing redacted values verbatim. (Author: @simplesagar )
  • Cursor cost and token tracking in Insights #2923  - Organization admins can now connect a Cursor Admin API key, and Cursor token and cost usage flows into the Insights Employees and Costs tabs alongside Claude Code data. An hourly job pulls usage events from Cursor so per-employee cost and token totals stay current. (Author: @subomi )
  • Multi-role RBAC #2982  - Users can now be assigned multiple roles simultaneously, replacing the previous single-role assignment model. (Author: @adaam2 )
  • MCP resource method interceptors #2958  - Wires initial MCP resource method interceptors into /x/mcp so remote MCP traffic can be observed and shaped through the same interceptor pipeline as tool calls. (Author: @bflad )
  • Expanded onboarding personality picker #2980  - Expands the assistant onboarding personality picker with Brad and Walker, rebalances Quinn against Nolan and Daniel, and groups team voices into a compact chip row above the generic preset cards. (Author: @danielkov )

Bug fixes

  • Source Activity panel for Remote MCP sources #2819  - telemetry.getObservabilityOverview now accepts an optional remote_mcp_server_id filter so callers can scope summary, time-series, and per-tool breakdown metrics to a single Remote MCP source. /x/mcp tools/call traffic also writes a structured row to ClickHouse telemetry_logs per invocation, and the Source Activity panel on the Remote MCP source overview shows real telemetry for the last 7 days. (Author: @bflad )
  • Explicit user-identity opt-in for public MCP authorize #2971  - Public-MCP /authorize now accepts a requireUserIdentity=1 query parameter that forces the caller through the IDP so the resulting session is bound to a user subject rather than an anonymous one. Without the parameter, public-toolset /authorize continues to mint an anonymous subject. The assistant runtime sets the parameter when initiating MCP authorization flows against Gram-served endpoints so subsequent tool calls can be attributed to the user. (Author: @danielkov )
  • Owner-only OAuth in the assistant system prompt #2984  - Assistants are now instructed to treat OAuth/MCP authentication as owner-only and to avoid pre-emptively prompting for auth on toolsets they have not yet needed. (Author: @danielkov )
  • Always emit result in JSON-RPC success responses #3007  - Always emits the result field in JSON-RPC success responses from the MCP server. Empty-result handlers (notably ping) previously sent {"jsonrpc":"2.0","id":N}, which violated JSON-RPC 2.0 and the MCP spec — Cursor’s MCP SDK rejected those frames with invalid_union zod errors and dropped the transport to a failed state after each keep-alive ping. (Author: @walker-tx )
  • Resilient assistant-runtime reaper for Fly Machines #3019  - Bounds each Destroy/List call against the Fly Machines API by its own timeout, and uses a Temporal heartbeat for liveness on the janitor activity rather than relying on a short overall timeout that turned tombstone-machine hangs into elevated workflow-failure alerts. (Author: @danielkov )

Last updated on

AI everywhere.

Control here.

Talk to usLearn more