Skip to content

Tale v0.2.89

Choose a tag to compare

@larryro larryro released this 25 Jun 00:29
ec9d807

Patch release on top of v0.2.88. Enterprise SSO/SCIM security hardening, chat attachments for sandboxed agents, and issue-desk PR de-duplication. No data migrations and no required configuration changes.

Highlights

  • Enterprise SSO & SCIM hardening (#2118).

    • Open-redirect protection on the auth flows: a user-influenced redirect target must resolve to a path on our own origin. Absolute, protocol-relative (//host), and backslash-smuggled (/\host) targets are rejected and fall back to a safe default (issue #2037).
    • SCIM active: false now soft-deactivates a user — the IdP's usual de-provisioning signal. The org membership is kept with a disabled role and is fully restored on a later active: true.
    • A hard SCIM DELETE fully deprovisions — subsequent GET/PATCH return 404, per RFC 7644 §3.6.
    • The org owner is protected from SCIM deprovisioning, and duplicate user creation returns 409 Conflict. SCIM group-membership PATCH now applies replace → add → remove deterministically.
  • Chat attachments delivered to sandboxed external agents (#2119). Files attached in chat are now staged for Claude Code / OpenCode agents on the persistent /user volume under /user/uploads — outside the agent's workspace, so uploads never pollute project files — under their real file names (so "summarize report.pdf" just resolves), with read access granted via --add-dir. A per-turn cap guards against abuse.

  • Issue desk reuses an existing PR (#2122). Re-running the desk on an issue that already has an open pull request now updates that PR instead of opening duplicates.

Fixes & polish

  • Settings UX polish (#2126): data-residency header actions and layout refinements across the settings surfaces (2FA, API keys, providers, deployment, personalization, user env).
  • Drop overlay (#2121): the full-page drag-and-drop overlay now clears correctly after a file is dropped on the composer.

Operator notes

  • New optional SANDBOX_BROWSER_VIEW (default OFF). When set to 1, agent browser sessions run a headed Chromium with a read-only VNC mirror streamed into the chat UI; the platform attaches Playwright MCP over CDP. Left unset, behaviour is unchanged (headless, no live preview). The CLI env generator now emits it commented-out.
  • Graceful shutdown in compose.yml. stop_grace_period is now set for the platform (45s) and sandbox (30s) services, so docker compose up drains in-flight chat streams / executions before SIGKILL instead of using Docker's 10s default. This already matched the CLI compose generator.
  • No data migrations and no required configuration changes in this release.