chore: version packages

[gram-bot]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

dashboard@0.60.0

Minor Changes

• b58bf0f: Adds an org-level AI Integrations product surface with Cursor as the first provider. Organization admins can connect a Cursor Admin API key from org settings, and an hourly Temporal workflow polls Cursor for token and cost usage events and writes them into ClickHouse telemetry_logs so the dashboard shows Cursor usage and cost alongside Claude Code data. The dashboard cost copy is updated to reflect Cursor and Claude Code coverage, and the employee detail page now shows cost beside total tokens.

• ed12a35: Add multiple role support to the RBAC system. Users can now be assigned multiple roles simultaneously, replacing the previous single-role assignment model.

• 3b8bfb4: Adds risk.results.listForAgent — a redacted variant of risk.results.list for AI assistant / MCP consumption. The new endpoint returns the same fields as listRiskResults but replaces the match field with match_redacted, an opaque token of the form <redacted len=N sha=XXXXXXXX> where N is the byte length and XXXXXXXX is the first 8 hex characters of sha256(match). Identical secrets produce identical fingerprints so agents can dedupe leak counts without ever seeing secret content.

  shadow_mcp findings pass match through verbatim because the value is a server URL or stdio command identifier (already shown unmasked in the dashboard), and exact byte positions are coarsened to a single position_known boolean to remove reconstruction signals.

  The dashboard's AI Insights sidebar gains risk-aware suggestions on the Security Overview and Policy Center pages, plus a system-prompt rule that bars the assistant from echoing match_redacted values verbatim.

Patch Changes

• 9d6ba7b: The Source Activity panel on the Remote MCP source overview now shows real telemetry for the last 7 days, scoped to that remote server via the new remote_mcp_server_id filter. TelemetrySummaryRow and ToolBarList are extracted into a shared SourceActivityPanel component consumed by both the OpenAPI and Remote MCP source overview tabs.
• 4b49beb: Expand the assistant onboarding personality picker with Brad and Walker, rebalance Quinn against Nolan and Daniel, and group team voices into a compact chip row above the generic preset cards (Friendly / Professional / Playful / Analytical / Teacher).
• 8e247f9: Chat loading is now paginated by generation, returning one generation per request. The chat detail panel fetches older generations in parallel until the full transcript is assembled, so long-running sessions no longer stall on the initial fetch.

server@0.59.0

Minor Changes

• 5f4c259: Add admin API endpoints for managing organizations and OAuth/OIDC configuration, protected by a dedicated admin security middleware. Includes a mock OIDC server for local development and testing.

• 0c431a0: initial MCP resource method interceptors

• 8e247f9: Chat loading is now paginated by generation, returning one generation per request. The chat detail panel fetches older generations in parallel until the full transcript is assembled, so long-running sessions no longer stall on the initial fetch.

• b58bf0f: Adds an org-level AI Integrations product surface with Cursor as the first provider. Organization admins can connect a Cursor Admin API key from org settings, and an hourly Temporal workflow polls Cursor for token and cost usage events and writes them into ClickHouse telemetry_logs so the dashboard shows Cursor usage and cost alongside Claude Code data. The dashboard cost copy is updated to reflect Cursor and Claude Code coverage, and the employee detail page now shows cost beside total tokens.

• ed12a35: Add multiple role support to the RBAC system. Users can now be assigned multiple roles simultaneously, replacing the previous single-role assignment model.

• 3b8bfb4: Adds risk.results.listForAgent — a redacted variant of risk.results.list for AI assistant / MCP consumption. The new endpoint returns the same fields as listRiskResults but replaces the match field with match_redacted, an opaque token of the form <redacted len=N sha=XXXXXXXX> where N is the byte length and XXXXXXXX is the first 8 hex characters of sha256(match). Identical secrets produce identical fingerprints so agents can dedupe leak counts without ever seeing secret content.

  shadow_mcp findings pass match through verbatim because the value is a server URL or stdio command identifier (already shown unmasked in the dashboard), and exact byte positions are coarsened to a single position_known boolean to remove reconstruction signals.

  The dashboard's AI Insights sidebar gains risk-aware suggestions on the Security Overview and Policy Center pages, plus a system-prompt rule that bars the assistant from echoing match_redacted values verbatim.

Patch Changes

• 9d6ba7b: /rpc/telemetry.getObservabilityOverview now accepts an optional remote_mcp_server_id filter so callers can scope summary, time-series, and per-tool breakdown metrics to a single Remote MCP source. Combinable with the existing toolset_slug filter.

• 9d6ba7b: /x/mcp tools/call traffic now writes a structured row to ClickHouse telemetry_logs per invocation, mirroring the existing /mcp emit. The row carries gram.remote_mcp_server.id and gram.tool.name attributes so the Source Activity panel for a Remote MCP source can filter telemetry by the originating remote server. Emission is fire-and-forget so ClickHouse latency does not appear in tool-call tail latency.

• fae81e1: Public-MCP /authorize accepts a new requireUserIdentity=1 query parameter that forces the caller through the IDP so the resulting session is bound to a user subject rather than an anonymous one. Without the parameter, public-toolset /authorize continues to mint an anonymous subject regardless of ambient cookies or Bearer tokens. Callers from outside the endpoint's organization receive a 403 from the IDP callback — public toolsets that need cross-organization access should omit the parameter and use anonymous sessions.

  The assistant runtime sets the parameter when initiating MCP authorization flows against Gram-served endpoints so subsequent tool calls can be attributed to the user. Foreign (non-Gram) authorization endpoints discovered via .well-known/oauth-authorization-server do not receive the parameter.

• d4ab97a: Assistants are now instructed to treat OAuth/MCP authentication as owner-only and to avoid pre-emptively prompting for auth on toolsets they have not yet needed.

• 508aef1: Always emit the result field in JSON-RPC success responses from the MCP server. Empty-result handlers (notably ping) previously sent {"jsonrpc":"2.0","id":N}, which violates JSON-RPC 2.0 and the MCP spec. Cursor's MCP SDK rejected those frames with invalid_union zod errors and dropped the transport to a failed state after each keep-alive ping.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gram-docs-redirect	Ready	Preview, Comment	May 22, 2026 9:49pm

[speakeasybot]

🚀 Preview Environment (PR #3001)

Preview URL: https://pr-3001.dev.getgram.ai

Component	Status	Details	Updated (UTC)
✅ Database	Ready	Existing database reused	2026-05-22 13:31:54.
⏭️ Images	Superseded	Newer commit pushed, re-syncing	2026-05-22 13:33:00.

_{Gram Preview Bot}