You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Version 0.0.408 (June 10, 2026)
Roles, groups & quotas for not-yet-registered members — admins can now assign RBAC roles, add to groups, and set a usage-policy (quota) on a pending invite (a user who hasn't signed up yet). These are stored against the invite and automatically materialized onto the user when they register, so access is correct on their very first request. Invites can also be pre-assigned at invite time (role/group/quota fields in the Invite modal), and removing a pending member cleans up its role/group/quota assignments.
Token-gated invites with expiry + resend — invite links now carry a single-use token and expire after 14 days. On local/password sign-up the token is required: an invalid, expired, or missing token (for an invited email under closed signups) blocks account creation entirely. SSO/OIDC sign-up is unchanged (the IdP verifies identity, no token needed). A per-row Resend action (Members tab, requires manage_members) rotates the token, resets the 14-day window, and re-sends — the old link stops working immediately. Admins can also fetch a pending invite's link via an admin-only endpoint (handy when SMTP is off). Pending rows show an Expired status when the window lapses.
Reliable, human invite & welcome emails — the invite email is now sent synchronously with retries + a per-attempt timeout (no more silent fire-and-forget), and the outcome (sent / failed / skipped_no_smtp) is surfaced to the admin. New users get a plain-text welcome email summarizing the agents (data sources) they can access with a link in. Copy is plain-text and human (no buttons), signed "BOW".
Members tab overhaul — compact, cleaner table; checkbox selection with bulk actions (add role, add to group, remove); client-side pagination; row Resend; the Actions column is frozen to the right while the wide table scrolls; borderless inline Role/Quota selects; consistent role-name casing; collapsed group chips ("+N"); wider Note column with tooltip. The Groups and Quotas tabs now share the same compact styling.
Private data sources by default (#364) — newly created data sources / agents are now private by default (is_public = false); only explicitly-added members (and admins) can see them unless opted public. Adding a member to a data source now sends a delayed "you've been added" email (5-minute delay, re-validated at send time so an undone add never mails, claimed so exactly one worker sends).
MCP search (#366) — search_mcps supports wildcard queries (list everything) and ships a clearer tool description.
