Skip to content

Tale v0.2.87

Choose a tag to compare

@larryro larryro released this 24 Jun 03:35
6b90e78

Highlights

Enterprise SSO & SCIM provisioning (#1936)

Unified, file-based Enterprise SSO replacing the old per-provider config: a single connection covering OIDC, OAuth2, and SAML, plus SCIM 2.0 user/group provisioning. Configured from the admin UI (Settings → Enterprise SSO). See the new Enterprise SSO docs.

Two-tier sandbox concurrency limits (#1971)

Sandbox concurrency is now governed at two levels: global environment caps and per-org governance. Default caps were lowered to suit a small host — operators on larger boxes should set these explicitly:

  • SANDBOX_MAX_CONCURRENT default 4 → 2
  • SANDBOX_MAX_SESSIONS default 10 → 2
  • SANDBOX_MAX_SESSIONS_PER_ORG remains 50

Unified chat panel + branch-aware workspace inheritance (#1934)

Consolidated chat experience into a single panel, with sandbox workspaces that inherit from their parent branch.

Fixes

  • Sandbox-agent 401 responses no longer launder into a fake success (#2100).
  • Website scan no longer spins indefinitely on un-markable (canonical) URLs.

Operator notes

Migrations run automatically on tale deploy (auto-detected, confirmed at deploy). This release adds:

  • Fold legacy audit_retention policy into retention_policy (destructive, reversible)
  • Migrate ssoProviders into the file-based Enterprise SSO connection (reversible)
  • Export orgPackagePolicy → file-based run_code governance policy (reversible)
  • Export modelSyncSettings → file-based model_sync governance policy (reversible)
  • Drop legacy orgPackagePolicy rows, post-export cleanup (destructive, reversible)
  • Drop legacy modelSyncSettings rows, post-export cleanup (destructive, reversible)

Upgrade with tale upgrade, then tale deploy.