Skip to content

v0.2.81 — Tasks, collaboration, and session security

Choose a tag to compare

@larryro larryro released this 02 Jun 05:08
e338ec0

v0.2.81 — Tasks, collaboration, and session security

This release adds a task platform with a collaborative inbox and project-scoped secrets, plus Slack and Confluence integrations and a generic OIDC SSO adapter. It hardens sessions with optional server-side idle timeout and adds daily audit-log integrity verification, alongside dependency CVE patches and a large batch of UI and import fixes.

🔒 Security

  • Server-side session idle timeout: set the optional SESSION_IDLE_TIMEOUT_MINUTES (1–1440) to sign a session out after inactivity. The window slides on activity and is enforced server-side across email/password, SSO, and trusted-headers sessions; the client also warns and signs out idle sessions. Unset by default, so existing behavior is unchanged. (#1808, #1810)
  • Daily audit-log integrity check: the hash-chain + checkpoint verification that previously ran only on demand now runs daily across every org and raises a security-category audit row plus a structured alert on any chain break, truncation, checkpoint mismatch, or unsigned PII scrub. (#1805)
  • Force re-authentication after a voluntary password change so prior sessions can't continue. (#1769)
  • Block CI on high/critical CVEs and fast-track Renovate security updates (supply-chain hardening). (#1784)
  • Dependency security patches: axios 1.16.0 (#1788), python-multipart 0.0.27 (#1787), brace-expansion 5.0.6 (#1785), turbo 2.9.14 (#1786).

🤖 Model & Provider

  • Centralize AI reply-language behind a shared priority chain (explicit request → message language → browser-locale fallback) and remove the per-agent language block from all shipped agents, so reply-language resolves consistently across agents. (#1795)

🚀 Features

  • Task platform with a collaborative inbox: tasks, comments, activity, dependencies, and board views, with project-scoped secrets, per-agent secret access, and user notifications/subscriptions. (#1761)
  • Slack integration: inbound bot (app mentions and DMs) and outbound workflow/security notifications, via a bring-your-own Slack app installed by manifest + OAuth. (#1762)
  • Confluence Cloud read-only sync integration. (#1807)
  • Generic OIDC identity-provider adapter for SSO. (#1809)
  • Upload product images during product create/edit. (#1797)

🛠 Improvements

  • Consolidate API settings into a single page and refine the navigation chrome and account menu. (#1806)
  • Assign documents and folders to multiple teams. (#1773)
  • Default to the team context in the prompt library's Team tab. (#1798)
  • Show price, category, and status in the product list. (#1767)
  • Show tags and assigned team on prompt list rows. (#1777)
  • Paginate the organization members table. (#1796)
  • Clarify upload-success vs. background-indexing copy, and hide masked content behind a skeleton while loading. (#1778, #1779)

🐛 Fixes

  • Ignore a spurious empty Radix Select change that falsely dirtied org settings. (#1816)
  • Accept uiLanguage in the shared userContext validator. (#1802)
  • Gate the DB healthcheck on an init-completion marker. (#1801)
  • Make form-field borders visible in light mode, and cap the select dropdown height to the viewport. (#1800, #1799)
  • Validate required columns on product CSV import, and harden customer/vendor import against silent data loss. (#1793, #1766)
  • Gate the automation tester on input validation, and add a timeout to the MCP server connection test. (#1792, #1790)
  • Lock upload team selection to the folder's team. (#1776)
  • Gate create-dialog submit buttons on form validity. (#1765)
  • Surface the missing-password error on the add-member form. (#1768)
  • Reject conflicting allow/block extensions in the upload policy. (#1770)
  • Use sensible thread titles for attachment-only chats, and stop dictation when a chat message is sent. (#1771, #1772)
  • Label custom condition branches in the automation flow. (#1774)
  • Right-align the team row action menu. (#1794)
  • Comment cascade, screenshot, notification skeleton, and label fixes. (#1763)

📝 Other

  • Document PII at-rest posture (Option B). (#1804)
  • Cryptography reference aligned with BSI TR-02102-1. (#1780)
  • Worked examples: Prometheus + Grafana, audit-log export, and modular AI-directed test guides per feature module. (#1781, #1782, #1783)
  • Private-host provider policy + OAuth2 callback URL docs, and fix the OpenAI-compatible endpoint path. (#1775, #1764)

Upgrade

Run tale upgrade to update the CLI, then tale deploy to apply the new version.

No manual migration is required — new tables and the daily audit-log integrity check apply automatically on deploy. Optionally, set SESSION_IDLE_TIMEOUT_MINUTES (1–1440) to enable server-side idle sign-out; leave it unset to keep the current session lifetime.

Contributors

@yannickmonney, @larryro, @Israeltheminer, plus dependency security updates via Renovate.


Full Changelog: v0.2.80...v0.2.81