Self-hosting releases

​

What’s new

• Mid-conversation steering
• Edit dashboard code and sources inline
• Capabilities settings redesign
• Resumable chat streaming
• Distributed sandbox pool

​

Bug fixes

• Chat: Switching conversations during a network error no longer leaks report mode, dashboard mode, fast mode, or methodology settings between chats.
• Dashboards: Suspended organizations now stop dashboard retry storms — dashboards are marked failed with a clear suspension message instead of repeatedly respawning.
• Chat: Requests like “give me”, “create”, or “write X” now deliver the file directly in chat instead of saving it to the Ontology library.
• Tableau: Upgraded the connector’s web framework to address a Starlette host-header vulnerability.
• Connectors: The AWS Partner Central connector now uses a tightly scoped endpoint allowlist instead of a broad *.amazonaws.com pattern.

​

Upgrade guide

​

What’s new

• Distributed compute engine
• Ana Claude Code plugin
• Library skills via slash command
• Word document uploads
• PowerPoint uploads
• Snowflake optional database
• Ontology patch revision history
• Bedrock per-user audit attribution
• Email tool access control

​

Bug fixes

• PowerBI: Embed now works correctly inside sandboxed iframes (Power BI custom visuals) where allow-same-origin is absent.
• Connectors: OAuth config rows are de-duplicated and access-checked so non-admins can no longer view private connector keys.
• Databricks: Fixed a nil-pointer crash when converting decimal array columns.
• Dashboards: SQL Server and Azure Synapse queries are now correctly routed for dialect transpilation.
• Chat: Fixed a stream iterator panic and a nil dereference during message streaming.
• White-label: The browser notification icon is now brand-aware; white-labeled deployments show their own logo instead of the TextQL default.
• Compute: Sandbox allocation now falls back to Filestore/EFS automatically when FSx capacity is exhausted.

​

Upgrade guide

​

What’s new

• Chat input and conversation polish
• TQL frontmatter in tql files
• Auto-attach select all
• Paginated patch reviews
• PowerBI preconfiguration via embed URL
• Cross-domain email allowlist toggle

​

Bug fixes

• Billing — service account seat exclusion: Service accounts are automatically excluded from active seat-limit calculations.
• Sidebar: Recent Threads no longer appears nearly empty for members with many automated background chats; these are now excluded server-side before the 50-thread limit is applied.
• Ontology: Orphaned patches are now denied on submission.
• Chat: Empty attachment wrapper no longer reserves vertical space in the input card when no files are attached.

​

Upgrade guide

​

What’s new

• Ana as an MCP server
• MCP streaming responses and inline previews
• Interactive ECharts visualizations
• Library TQL data source for dashboards
• Ontology auto-approve rules
• OIDC identity provider
• TextQL Doctor diagnostics
• Language adherence
• Library plan-first git sync

​

Bug fixes

• PowerBI: Connector no longer incorrectly shows as “connected but not available in this chat.”
• OAuth: MCP consent state is correctly resumed after a login redirect.
• Ontology: Auto-approve spinner sizing corrected.
• Chat: Search filters reset on hard refresh instead of persisting stale state across sessions.
• Reports: Markdown tables now render correctly in email delivery.
• RBAC: Playbook template endpoints now correctly enforce playbook:read permission.

​

Upgrade guide

​

What’s new

• Unified Ontology surface
• Ontology settings section
• Ontology relationship graph redesign
• Ontology sync run tracking
• Ontology PDF and image migration
• Ontology GitHub App connect flow
• Ontology reviews split view
• Ontology new file highlighting
• Microsoft Teams integration
• Power BI per-member OAuth
• Firebolt connector
• Observability export to S3
• Playbook connector inheritance
• Plain-English role editor
• Email domain enforcement
• Editable Python package versions
• SCIM and OIDC identity merge
• Safe iframe embedding
• Cerebras LLM provider
• Custom documentation URL

​

Bug fixes

• Chat: Tool cells (SQL, Python, DAX, and others) now stay expanded across remounts and navigation.
• Chat: Cross-origin artifact downloads now force a blob fetch, fixing silent failures in some browser configurations.
• PowerBI: Missing member OAuth no longer triggers a full logout; reauth is surfaced inline instead.
• MCP Servers: Settings modal no longer hangs on “Loading servers…” due to a reactive loop.
• Settings: Notification preferences can now be updated without prior email-based access.
• Share links: Org branding is now respected in share link unfurl cards.
• Model restrictions: Role and org model allowlists are enforced across all chat APIs.

​

Upgrade guide

​

Bug fixes

• Fixed network policy that was blocking internal sandbox health checks for specific environments.

​

Upgrade guide

​

What’s new

• Asset origin restrictions and Content Security Policies
• Rich-text editing for Ontology markdown
• Context page refresh on role changes

​

Bug fixes

• Chat: Unsent draft text no longer leaks between chats when navigating; each chat retains its own draft independently.
• PowerBI: Connector auto-enable no longer gets forcibly cleared during connector updates.
• Ontology: Fixed parameter placeholder for MSSQL/Azure Synapse schema DDL queries.
• Chat: Safari caret mispaint after inserting an @-mention chip via Backspace is resolved.
• Platform API: Code execution failures now return a consistent response payload with an explicit error field and empty outputs.

​

Upgrade guide

• If you are using sealedSecrets, make sure to seal those values using kubeseal and then add the value to the values.yaml file.
• If you are using externalSecrets or nativeExternalSecrets, make sure the secrets are created in Secrets Manager.

​

What’s new

• Insert connectors and files as chat chips
• Paginated chat listing endpoint
• Expanded Ontology git providers
• Per-viewer dashboard breakdown popover
• Org defaults for dashboard output and private playbooks
• Ontology enabled by default with seeded connectors
• Fast mode for Anthropic Opus 4.7

​

Bug fixes

• RBAC: API key create/rotate/revoke operations now follow the correct permission flow. Fixed the assume roles issue.
• Sandbox: Org-installed packages no longer override base dependency versions.
• Chat: Connector chip correctly attached when inserted after a multi-line paste in Chrome.
• Shared chat link no longer stuck on a loading skeleton until refresh.
• Snowflake: Ontology table discovery using native object listing, surfacing objects beyond INFORMATION_SCHEMA.

​

Upgrade guide

​

What’s new

• REST API v2 endpoints
• Per-member OAuth for Snowflake and Databricks ontology
• Delete playbook from detail page
• Opt-in email tool with recipient lists
• Per-source dashboard cache invalidation
• Bedrock STS role assumption
• Configurable proxy trusted-host allowlist
• Unified default model resolution
• Sandboxed PDF processing
• Patch cell UX refinements

​

Bug fixes

• Model picker now populates all org-enabled models (was showing only “System Default”).
• SCIM, desktop download, and Git API routes excluded from the frontend auth catch-all and handled by their own access control rules, allowing these in functionality when enforceAuth: True.

​

Upgrade guide

​

What’s new

• Redesigned share modal with airlock preview
• File uploads in chat and stream APIs
• Automatic ontology migration

​

Bug fixes

• Oracle: Fixed missing synonym resolution for connect_string/wallet auth.
• Sandbox: Fixed RBAC admin permission enforcement.
• Share modal no longer fails to re-open after being closed.
• Numbered list rendering fixed in chat.
• UX improvements for expired and timed-out threads.
• Sidebar navigation pinning and back-navigation across panels.
• Packages settings tab no longer stuck in loading state when empty.

​

Upgrade guide

​

What’s new

• GPT-5.5 and Kimi K2.6 models
• Fast mode inference
• SAP HANA support
• Expanded connector authentication
• Ontology git sync
• SCIM group linking to system roles
• OIDC single-tenant role sync
• Self-healing dashboard workers
• Playbook owner failure alerts
• Tool-level RBAC enforcement

​

Bug fixes

• Tableau: Retry on expired sessions; fix multi-connector modal selection.
• PowerBI: Fix stale dataset name resolution; run upfront discovery queries at thread start.
• Databricks: Fix client credentials auth in SQL execution.
• SAP HANA: Fix sqlglot transpilation.
• Auth: Survive backend restarts without forcing re-login; fix logout redirect for enforceAuth mode; clear stale cookies on OIDC reauth.
• Chat: Fix parallel SQL/Python race condition; fix blank parallel tool cells from SDK delta misrouting; disable attach button while streaming.
• Connectors: Fix domain whitelist save button; fix New API Access button skipping picker; default auth type to token for API providers.
• Slack: Auto-sync channels; gate admin actions for non-admins.
• Security: Harden sandbox (CVE-2026-31431); harden console TLS cipher suites; fix xmldom/postcss vulnerabilities.
• Bedrock: Strip eager_input_streaming for Haiku 4.5.

​

Upgrade guide

​

What’s new

• Dashboards engine rebuild
• Ontology library redesign
• Redesigned assume-roles experience
• Mark threads as unread
• Markdown previews in the artifact drawer
• Connector UI gated on connector write permission
• Observability billing granularity
• TLS 1.2 and 1.3 enforcement
• Automated Helm chart releases

​

Bug fixes

• Dashboards: Fix Dash callbacks; fix prefill errors on LLM-created dashboards; fix parameterized queries; fix hot refresh on dedicated workers.
• Tableau: Retry on expired sessions.
• Slack: Fix mentions and WhoAmI; chunk blocks to respect 50-block limit.
• Chat: Fix tool_result image interleaving in parallel batches; improved chat navigation performance.
• Sandbox: Reduce lock contention causing deadline exceeded errors.
• Databricks: Fix client credentials auth in SQL execution.
• Console: Fix invoice due date timezone and off-by-one.
• Hourly playbook frequency detection restricted to exclude minute-level schedules.

​

Upgrade guide

• global.aws.useBedrock deprecated. Remove from the code.
• compute.sealedSecrets deprecated. Use compute.secretsMode = "sealedSecrets" instead.
• compute.worker deprecated. Attributes go to another section, called sandbox (at the root level like global, compute, web, etc).
  • compute.worker.computeClass → sandbox.computeClass
  • compute.worker.machineFamily → sandbox.machineFamily
  • compute.worker.imageTag → sandbox.imageTag
  • compute.worker.useInternalSandbox → remove from the code
• compute.constraints.sandbox deprecated — move sandbox constraints to the sandbox.constraints block instead.
• global.loopsApiKey - move to global.loops.apiKey.

​

What’s new

• Slack sender names and View in App
• Granular per-thread sharing controls
• Tool restriction controls and admin override
• Per-user MCP OAuth tokens
• Pause playbooks from the editor
• Copy artifact filenames
• Ontology file API
• Usage and billing sidebar permission gating
• Org logo removal and theme editor polish

​

Bug fixes

• Sandbox: Timeout guardrails and proxy error reduction.
• Connectors: Fix Snowflake role not applied; fix BigQuery regional dataset routing.
• Chat: Fix connector dropdown direction flip and flicker; fix OAuth prompts hidden by collapsible tool call UI.
• Settings: Fix dropdowns crashing on click.
• Dashboards: Fix unpublished changes status mismatch; increase spawn and script timeouts.
• Auth: Fix cross-org shared link switching.
• SCIM: Add Retry-After header to 429 responses.
• ACU billing calculation fix.
• Mobile UI improvements.
• Security: Critical dependency vulnerability patches.

​

Upgrade guide