Skip to Content
Back to changelog

MCP server tool filtering, a self-service device agent page, and sharper risk targeting

This release lets you filter the tools an MCP server exposes using variation groups, adds an org-level page for rolling out the Speakeasy device agent, and gives risk policies finer control over which messages they scan.

Features

  • Filter MCP server tools with variation groups #3162  - Enable and configure tool filtering on an MCP server through new management APIs and dashboard UI, so each server exposes only the tools you want from a shared toolset. (Author: @bflad )
  • Self-service device agent rollout page #3070  - A new org-level Device Agent page gives per-OS install instructions, an MDM managed.json configuration reference, and self-service org_token generation, so admins can deploy the Speakeasy device agent and copy a ready-to-paste config without leaving the dashboard. (Author: @bradcypert )
  • Target risk policies by message type #3133  - Risk policies can now scope enforcement and batch scanning to user messages, tool requests, tool responses, or assistant text, so you only screen the traffic that matters for a given rule. (Author: @vishalg0wda )
  • Filter risk events by user #3165  - The Risk Events page adds a “User contains…” search box that filters findings by the chat’s external user id, alongside the existing policy and rule filters. (Author: @simplesagar )
  • Send a message to a project assistant #3138  - A new endpoint lets a dashboard user message an assistant and poll for its asynchronous reply, with a correlation key to pick the conversation thread and an idempotency key so a retried send is never enqueued twice. (Author: @simplesagar )

Bug fixes

  • OAuth handlers resolved for /mcp/<slug> #3136  - The /mcp/<slug> OAuth flow now resolves its handlers via mcp_endpoints with a toolset fallback, so OAuth-gated servers complete the handshake reliably. (Author: @bflad )
  • Tools load on issuer-gated private servers under RBAC #3174  - RBAC grants are now prepared for issuer-gated private remote MCP servers, so tools/list and tools/call no longer fail and return zero tools for RBAC-enforced callers. (Author: @bflad )
  • Audit logs page scopes AI Insights setup to a project #3163  - The audit logs page no longer calls toolsets.list without a project slug from org-level routes, fixing AI Insights setup there. (Author: @bradcypert )
  • External links render inline #3169  - The shared Link component now renders external links inline with the surrounding text instead of stretching them to full width and pushing trailing punctuation to a new line. (Author: @bradcypert )

Last updated on

AI everywhere.

Control here.

Talk to usLearn more