Tale v0.2.89
Patch release on top of v0.2.88. Enterprise SSO/SCIM security hardening, chat attachments for sandboxed agents, and issue-desk PR de-duplication. No data migrations and no required configuration changes.
Highlights
-
Enterprise SSO & SCIM hardening (#2118).
- Open-redirect protection on the auth flows: a user-influenced redirect target must resolve to a path on our own origin. Absolute, protocol-relative (
//host), and backslash-smuggled (/\host) targets are rejected and fall back to a safe default (issue #2037). - SCIM
active: falsenow soft-deactivates a user — the IdP's usual de-provisioning signal. The org membership is kept with adisabledrole and is fully restored on a lateractive: true. - A hard SCIM
DELETEfully deprovisions — subsequentGET/PATCHreturn404, per RFC 7644 §3.6. - The org owner is protected from SCIM deprovisioning, and duplicate user creation returns
409 Conflict. SCIM group-membershipPATCHnow applies replace → add → remove deterministically.
- Open-redirect protection on the auth flows: a user-influenced redirect target must resolve to a path on our own origin. Absolute, protocol-relative (
-
Chat attachments delivered to sandboxed external agents (#2119). Files attached in chat are now staged for Claude Code / OpenCode agents on the persistent
/uservolume under/user/uploads— outside the agent's workspace, so uploads never pollute project files — under their real file names (so "summarize report.pdf" just resolves), with read access granted via--add-dir. A per-turn cap guards against abuse. -
Issue desk reuses an existing PR (#2122). Re-running the desk on an issue that already has an open pull request now updates that PR instead of opening duplicates.
Fixes & polish
- Settings UX polish (#2126): data-residency header actions and layout refinements across the settings surfaces (2FA, API keys, providers, deployment, personalization, user env).
- Drop overlay (#2121): the full-page drag-and-drop overlay now clears correctly after a file is dropped on the composer.
Operator notes
- New optional
SANDBOX_BROWSER_VIEW(default OFF). When set to1, agent browser sessions run a headed Chromium with a read-only VNC mirror streamed into the chat UI; the platform attaches Playwright MCP over CDP. Left unset, behaviour is unchanged (headless, no live preview). The CLI env generator now emits it commented-out. - Graceful shutdown in
compose.yml.stop_grace_periodis now set for the platform (45s) and sandbox (30s) services, sodocker compose updrains in-flight chat streams / executions beforeSIGKILLinstead of using Docker's 10s default. This already matched the CLI compose generator. - No data migrations and no required configuration changes in this release.