You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Minor Changes
25ce5ea: Email org admins when a new access request is submitted.
c9eaac0: Skill activations in Codex sessions are now tracked best-effort: opening a skill's SKILL.md and explicit $skill-name prompt mentions surface as skill.activated events in observability, matching Claude Code sessions.
f92917c: Add the adminRemoteSessions management service for curating a platform-wide catalog of remote session providers. A "global" provider is a remote_session_issuer paired with one or more remote_session_client records that have no owning project and no owning organization (project_id IS NULL AND organization_id IS NULL), so it is shared across every organization rather than scoped to one. The service exposes CRUD over global issuers and clients (createGlobalIssuer, listGlobalIssuers, getGlobalIssuer, updateGlobalIssuer, deleteGlobalIssuer, and the matching *GlobalClient methods, plus listGlobalClients by issuer). Every method is gated to platform admins (Speakeasy employees) and is session-authenticated only. Issuer slugs are unique within the global scope, deleting an issuer is blocked while a live client still references it, and client secrets are write-only. This ships the creation/administration surface only; the runtime consumption path (projects inheriting global providers) is a separate follow-up, so global rows exist but nothing reads them yet.
f16bde1: Re-introduce the unified /rpc/hooks.ingest endpoint with working self-serve authentication for hook plugins. On session start the plugin opens the Gram dashboard in a browser, receives a hooks-scoped API key on a localhost callback, and caches it per device — no python or manual key setup required. Machines that have never authenticated are not blocked: sessions proceed with a warning, Claude is prompted to offer connecting via the bundled login helper, and enforcement only becomes strict after the first successful sign-in.
e9ff915: Add the Non-Corporate Accounts risk-policy category (detection source account_identity). Policies can now flag sessions authenticated with a personal AI account (identity.personal_account) or with an AI-account email domain outside a configurable approved list (identity.unapproved_domain), reusing the account attribution captured by session ingest. The create/update policy endpoints accept approved_email_domains, findings are emitted once per session, and the Policy Center exposes the approved-domains input in the category's Customize sheet (flag-only, like other agent-integrity detectors).
ad4e76d: Adds a prompt guardrail replay endpoint with per-message judge verdicts, cost and latency details, and CEL scope support.
Adds persistent reviewer verdict save, list, and delete endpoints for policy eval regression sets.
Patch Changes
548e704: Assistants can now attach MCP servers directly, including remote (external‑SaaS) and tunnelled servers that aren't backed by a Gram toolset. The assistant setup chat can list the project's MCP servers and attach one by name, and the assistant's runtime connects to it alongside its toolsets.
34b8a1b: Editing an environment now requires environment:write instead of project:write. Creating, updating, and deleting environments previously gated on project:write, so principals holding only environment:write were rejected. The dashboard gates for these actions were realigned to match.
8104660: chore: use icons to delineate team vs personal accounts
ed49c7d: Clear stale cached hooks credentials on auth rejection so Claude prompt submission can continue and prompt users to reconnect.
5828815: Preserve assistant setup chat history: list prior onboarding threads and make them URL-addressable (scoped by source_kind).