v4.64.0
Minor Changes
-
1823364: Security hardening from a full audit.
- Voice tool bridges (Vapi, Threll): enforce tenancy on every self-service tool call. The bridges previously disabled RLS without setting
app.org_idand granted wildcard scope, allowing cross-tenant reads/writes; they now apply the standard tenancy GUCs and the restricted self-service scope set. - OAuth JWT verification: pin verification to the algorithm bound to the trusted JWKS key and reject symmetric algorithms, closing an algorithm-confusion gap.
- Analytics
identify(BREAKING): the identity hash now signs${externalId}:${visitorId}so a leaked hash can't link a different visitor. ComputeHMAC(secret, "<externalId>:<visitorId>")wherevisitorIdcomes from the newwindow.mn.getVisitorId(). The server-rendereddata-external-id/data-user-hashauto-identify is removed — do the read-visitor-id → sign →window.mn.identify()round trip instead. - Webhook replay guidance: documented that receivers should reject deliveries whose signed
createdAtis outside a freshness window (in addition to the existingx-munin-delivery-ididempotency). No wire-format change — the signature scheme is unchanged. - MCP scopes:
webhooks_*,feedback_*, andsystem_alerts_*tools now require realwebhooks:*/feedback:*/system_alerts:*scopes instead of being gated by audience alone. - Capability tokens: view, unsubscribe, and email-open tokens now enforce a max age (and reject future-dated tokens), preventing indefinite replay of leaked links.
- Tool hints:
conv_test_channelandconv_test_email_channelare marked destructive (they open outbound vendor connections) so they prompt before running. - Input validation: a caller-supplied
endUserIdis validated against the caller's org in delegated-token minting andcrm_create_contact.
- Voice tool bridges (Vapi, Threll): enforce tenancy on every self-service tool call. The bridges previously disabled RLS without setting
Patch Changes
-
43fdff8: fix(widget): stop iCloud Passwords popover from opening on the message composer
The composer textarea had no
autocompleteattribute, so browsers defaulted it toonand the iCloud Passwords extension classified the widget as a login form (helped by the save-thread email field), offering credential autofill when typing a message. Setautocomplete="off"(andautocorrect="off") on the composer to opt it out. -
3387922: Fix
crm_apply_merge_proposalcrashing with a bare 500 when the proposal'srecommendedPatchcarries a timestamp field (e.g.consentGivenAt) as an ISO string. Drizzle's timestamp encoder callsvalue.toISOString()during query build, which throws on a string. The patch is now normalized before the keeper update: values for timestamp columns are coerced from ISO strings (or epoch numbers) toDate, and keys that aren't real, patchable contact columns are dropped instead of being passed through to.set(). -
b4978ab: Format
dateanddatetimefields in the read-only CMS entry drawer using the viewer's locale instead of printing the raw stored ISO string (e.g.Jun 29, 2026, 12:00 PMrather than2026-06-29T12:00:00.000Z), matching how the edit-mode date picker displays them. -
bd0cb38: fix(channels): stop the email channel dialog button label flashing on cancel
The "Edit email channel" dialog derived its edit/create state live from the
editChannelprop. Cancelling cleared that prop before the dialog's close
animation finished, briefly re-rendering the still-mounted dialog in create
mode (the footer button flashed from "Save changes" to "Create"). The edit
state is now frozen while the dialog is open.- @getmunin/types@4.64.0
- @getmunin/ui@4.64.0
Published packages
@getmunin/analytics-tracker@4.64.0@getmunin/chat-widget@4.64.0@getmunin/agent-host@4.64.0@getmunin/agent-runtime@4.64.0@getmunin/backend-core@4.64.0@getmunin/core@4.64.0@getmunin/dashboard-pages@4.64.0@getmunin/db@4.64.0@getmunin/docs-pages@4.64.0@getmunin/emails@4.64.0@getmunin/mcp-toolkit@4.64.0@getmunin/sdk@4.64.0@getmunin/types@4.64.0@getmunin/ui@4.64.0