Changelog

​

Bug fixes

• Fixed network policy that was blocking internal sandbox health checks for specific environments.

​

Upgrade guide

​

What’s new

• Security enhancements: VPC customers can now restrict the origin of assets and impose Content Security Policies with attributes in the values file.
• @-mention feed agents in chat: Feed agents now appear as a mentionable type in the chat @ dropdown. Fixed minor bug for connector names.
• Feed channels: Channel badges (public/private) on posts, channel-scoped URLs for post navigation, and stricter per-channel posting RBAC. Sharing a feed post now auto-joins the recipient; revocations remove join and viewer access atomically.
• Feed agents — webhook-only mode: Pass an empty schedule list to create an agent that runs exclusively on webhook triggers, with no recurring cron. Existing schedules are preserved unless explicitly changed.
• Feed — Slack delivery improvements: Improved markdown-to-Slack conversion with rune-aware truncation and smarter markup boundaries for cleaner Slack previews.
• Context library — WYSIWYG editor: Markdown files in the context library now have a toggleable rich-text editor with a formatting toolbar. Frontmatter is extracted and normalized; rendered headings are anchorable.
• Context library — role-transition refresh: The context page now refetches library files, permission gates, and review state when a user assumes or clears a role, preventing stale listings and stale write buttons.

​

Bug fixes

• Chat: Unsent draft text no longer leaks between chats when navigating; each chat retains its own draft independently.
• PowerBI: Connector auto-enable no longer gets forcibly cleared during connector updates.
• Ontology: Fixed parameter placeholder for MSSQL/Azure Synapse schema DDL queries.
• Chat: Safari caret mispaint after inserting an @-mention chip via Backspace is resolved.
• Platform API: Code execution failures now return a consistent response payload with an explicit error field and empty outputs.

​

Upgrade guide

• If you are using sealedSecrets, make sure to seal those values using kubeseal and then add the value to the values.yaml file.
• If you are using externalSecrets or nativeExternalSecrets, make sure the secrets are created in Secrets Manager.

​

What’s new

• @-mention chips: Type @ in the chat composer to insert connectors or context library files as chips. Category-first navigation with file-explorer drill-down for the library.
• Agent webhooks: Agents can now be triggered via webhook. See the API reference at /api-reference/agents/webhooks/trigger-agent-webhook.
• Platform API: New GET /v2/chats endpoint to list chats with pagination, search, sorting, and an is_running status field.
• Feed channels: Feed is now organized into channels. Agents can publish to zero or more channels; users can create, join, and leave channels from the sidebar.
• Context v3 (beta): Promoted to Beta Features, enabled by default for new orgs. Includes Bitbucket, GitLab, and Azure DevOps SSH host key support; patch references linkified in the history tab; improved Connect Git wizard UX.
• Dashboards: Clickable views/viewers stat in the dashboard header opens a popover with a per-viewer breakdown.
• Settings: Org-level “Default Dashboard Output” setting to make dashboard mode the default output format in chat. Org-level “Private Playbooks by Default” setting in the Security tab.
• Ontology: Enabled by default for new orgs; new orgs seeded with example connectors.
• Models: Fast mode enabled for Anthropic Opus 4.7.

​

Bug fixes

• RBAC: API key create/rotate/revoke operations now follow the correct permission flow. Fixed the assume roles issue.
• Sandbox: Org-installed packages no longer override base dependency versions.
• Chat: Connector chip correctly attached when inserted after a multi-line paste in Chrome.
• Shared chat link no longer stuck on a loading skeleton until refresh.
• Snowflake: Ontology table discovery using native object listing, surfacing objects beyond INFORMATION_SCHEMA.

​

Upgrade guide

​

What’s new

• API v2: New set of REST API endpoints (/v2) with standard HTTP methods, path parameters, and JSON request/response bodies. Check https://docs.textql.com/api-reference/v2/introduction for details.
• Feed agents: Multi-cron schedule support and UX improvements.
• Authentication: Per-member OAuth token resolution for Snowflake SSO and Databricks U2M for Ontology construction.
• Playbooks: Delete playbook action added to the … dropdown on the playbook detail page, with a confirmation modal.
• Email tool: Email send is now opt-in per agent via a recipient list. Includes a new email:send RBAC permission.
• Dashboards: Per-source query cache invalidation.
• Bedrock: STS role assumption support — configurable role ARN and external ID for cross-account Bedrock access.
• Proxy: Configurable trusted-host allowlist so private resolved IPs for designated hosts pass outbound request validation.
• Models: Unified default model resolution for chats — resolution order is role default → org default → system default.
• PDF handling: PDF text extraction and page rendering are now sandboxed via a gRPC service, improving reliability and security of PDF file uploads.
• Chat: Patch cell UX improvements — long descriptions clamped with Show more/less, scoped markdown heading sizes, thin custom scrollbar on file list, and an “Open in Reviews” footer link.

​

Bug fixes

• Model picker on the new agent creation page now populates all org-enabled models (was showing only “System Default”).
• SCIM, desktop download, and Git API routes excluded from the frontend auth catch-all and handled by their own access control rules, allowing these in functionality when enforceAuth: True.

​

Upgrade guide

​

What’s new

• Sharing redesign: Share modal rebuilt with airlock-style preview and hardened permission controls.
• Platform API: File uploads now supported in the chat and stream API endpoints.
• Context v3: Automatic migration from legacy v1/v2 contexts; GitHub sync improvements; owners validation with error messages; auto-attach refinements.
• Context notifications wired up end-to-end.
• Feed: Agent profile improvements and streaming refinements.
• Notifications system upgrades.
• Agents: Improved new agent creation flow.
• Settings: Sidebar cross-navigation links between sections.

​

Bug fixes

• Oracle: Fixed missing synonym resolution for connect_string/wallet auth.
• Sandbox: Fixed RBAC admin permission enforcement.
• Share modal no longer fails to re-open after being closed.
• Numbered list rendering fixed in chat.
• UX improvements for expired and timed-out threads.
• Sidebar navigation pinning and back-navigation across panels.
• Packages settings tab no longer stuck in loading state when empty.

​

Upgrade guide

​

What’s new

• Models: GPT-5.5 and Kimi K2.6 (via Fireworks) available. Per-agent LLM model switcher; model switcher made generally available.
• Fast mode inference support added.
• SAP HANA support added (including SAP HANA Cloud option).
• Connectors: SQL Server Kerberos and certificate auth; API Token auth for custom connectors; MCP headers now encrypted in transport.
• Agents: Fleet hub at /agents with shared edit panel and template cards. Cron-based scheduling for agent runs. Retrying agents on failure. Fork agent threads into new chats.
• Feed: Streaming, following agents, per-agent Slack config, seeding flow, RBAC admin controls, author hover cards and colored @mentions.
• Context v3: GitHub remote sync, file tree for auto-attach, history tab, multimedia file support, TQL ontology support, directory-level permissions UI.
• SCIM: Fix Okta group push; allow linking SCIM groups to system roles.
• OIDC: Fix single-tenant role sync and environment UI.
• Dashboards: Auto-respawn unhealthy workers; remove auto LIMIT from queries; parallel python data source execution; persistent sandbox state with configurable retention; atomic globals flush on hot refresh.
• Playbooks: Notify owner on connector failure with bounded retries.
• RBAC: Tool-level RBAC enforcement; fix assume-roles enforcement; locked models shown in picker with role restriction tooltip.
• Chat: Auto-approve ontology/context tool cells without expanding drill-down. Chat stop is more reliable.
• Ontology: Surface connector table errors with manual refresh option.
• Sharing: More granular thread sharing controls.
• Context: Infinite scroll for history panel.
• File uploads: Excel/tabular parsing fallback; improved error rendering.
• Desktop app: Redesigned platform download page.

​

Bug fixes

• Tableau: Retry on expired sessions; fix multi-connector modal selection.
• PowerBI: Fix stale dataset name resolution; run upfront discovery queries at thread start.
• Databricks: Fix client credentials auth in SQL execution.
• SAP HANA: Fix sqlglot transpilation.
• Auth: Survive backend restarts without forcing re-login; fix logout redirect for enforceAuth mode; clear stale cookies on OIDC reauth.
• Chat: Fix parallel SQL/Python race condition; fix blank parallel tool cells from SDK delta misrouting; disable attach button while streaming.
• Connectors: Fix domain whitelist save button; fix New API Access button skipping picker; default auth type to token for API providers.
• Slack: Auto-sync channels; gate admin actions for non-admins.
• Security: Harden sandbox (CVE-2026-31431); harden console TLS cipher suites; fix xmldom/postcss vulnerabilities.
• Bedrock: Strip eager_input_streaming for Haiku 4.5.
• Feed: Hide deleted agents from leaderboard; fix tag display on agent posts.

​

Upgrade guide

​

What’s new

• Dashboards v2: Full rebuild of the dashboard engine — zero-downtime hot reload, parallel Python data source execution, pre-warmed worker pool, direct SQL skips transpilation.
• Context Library v3: Deprecated v2. New frontend, OWNERS file management, and improved auto-attach.
• Feed: Author profiles, hover cards, and colored @mentions. Feed explore tool. Agent streaming foundation.
• Assuming roles: Redesigned sidebar UI and modal.
• Sidebar: “Mark as unread” added to thread action menu.
• Artifact drawer: Markdown previews now rendered.
• Connectors: UI gated on connector:write permission.
• Observability: Billing granularity improvements.
• Security: TLS 1.2/1.3 only; upgraded python-dotenv, pgx, uuid, xmldom, fast-xml-parser.
• Sandbox: Added PyJWT and cryptography packages; async globals save to unblock gRPC.
• Helm chart: Automated changelog and Semver release conventions, improving the upgrade process for new releases.
• File uploads: Excel and tabular file parsing fallback strategy with cleaner user-facing messages.
• Email branding fixed for custom VPC deployments.
• Whitelabel support improvements.
• SCIM: Assign default role when no groups are provided.
• Models: Enhanced PDF/PPTX handling advertised on high-end models.

​

Bug fixes

• Dashboards: Fix Dash callbacks; fix prefill errors on LLM-created dashboards; fix parameterized queries; fix hot refresh on dedicated workers.
• Tableau: Retry on expired sessions.
• Slack: Fix mentions and WhoAmI; chunk blocks to respect 50-block limit.
• Chat: Fix tool_result image interleaving in parallel batches; improved chat navigation performance.
• Sandbox: Reduce lock contention causing deadline exceeded errors.
• Databricks: Fix client credentials auth in SQL execution.
• Console: Fix invoice due date timezone and off-by-one.
• Hourly playbook frequency detection restricted to exclude minute-level schedules.

​

Upgrade guide

• global.aws.useBedrock deprecated. Remove from the code.
• compute.sealedSecrets deprecated. Use compute.secretsMode = "sealedSecrets" instead.
• compute.worker deprecated. Attributes go to another section, called sandbox (at the root level like global, compute, web, etc).
  • compute.worker.computeClass → sandbox.computeClass
  • compute.worker.machineFamily → sandbox.machineFamily
  • compute.worker.imageTag → sandbox.imageTag
  • compute.worker.useInternalSandbox → remove from the code
• compute.constraints.sandbox deprecated — move sandbox constraints to the sandbox.constraints block instead.
• global.loopsApiKey - move to global.loops.apiKey.

​

What’s new

• Slack: Ana now receives sender names in Slack messages. View in App button restored and fixed for all channel types.
• Thread sharing: Granular per-thread sharing controls.
• Tool Restrictions: Improved controls and admin override; tool-level RBAC enforcement.
• MCP: Per-user OAuth token support.
• Playbooks: Enable pause via editor tool. Chat-created playbooks now visible to their creator.
• Artifacts: Copy button added to artifact filenames.
• Feed: Ana can create and update Feed posts as a tool.
• Context library: File-level CRUD API.
• RBAC: Usage and billing sidebar hidden for users without the required permissions.
• Settings: Org logo removal, theme editor polish, and context list cleanup.
• Threads: Stop button now shows stopping state.
• CSV: Excessively long text truncated in preview.

​

Bug fixes

• Sandbox: Timeout guardrails and proxy error reduction.
• Connectors: Fix Snowflake role not applied; fix BigQuery regional dataset routing.
• Chat: Fix connector dropdown direction flip and flicker; fix OAuth prompts hidden by collapsible tool call UI.
• Settings: Fix dropdowns crashing on click.
• Dashboards: Fix unpublished changes status mismatch; increase spawn and script timeouts.
• Auth: Fix cross-org shared link switching.
• SCIM: Add Retry-After header to 429 responses.
• ACU billing calculation fix.
• Mobile UI improvements.
• Security: Critical dependency vulnerability patches.

​

Upgrade guide