Skip to content

Mistle

v0.26.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 4d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth deps

Summary

AI summary

Updates Chores, Bug Fixes, and deps across a mixed release.

Changes in this release

Feature Low

Add oauth organization switching endpoints

Add oauth organization switching endpoints

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Add mistle org list endpoint

Add mistle org list endpoint

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Add mistle org switch capability

Add mistle org switch capability

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Update git commit signing identity linking logic

Update git commit signing identity linking logic

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Add organization welcome email feature

Add organization welcome email feature

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Add MCP OAuth discovery support

Add MCP OAuth discovery support

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Bind OAuth grants to specific resources

Bind OAuth grants to specific resources

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Add MCP OAuth client registration endpoint

Add MCP OAuth client registration endpoint

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Add MCP OAuth consent flow implementation

Add MCP OAuth consent flow implementation

Source: llm_adapter@2026-05-30

Confidence: high
Feature Low

Accept MCP OAuth bearer tokens for authentication

Accept MCP OAuth bearer tokens for authentication

Source: llm_adapter@2026-05-30

Confidence: high
Dependency Low

Upgrade pnpm to version 11

Upgrade pnpm to version 11

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Dependency Low

Bump multiple dependencies (tar, jose, vite, etc.)

Bump multiple dependencies (tar, jose, vite, etc.)

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Performance Low

Lower MCP operation events default limit

Lower MCP operation events default limit

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Medium

Clear SeaweedFS proxy env in dev compose

Clear SeaweedFS proxy env in dev compose

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Medium

Reconcile provider state before sandbox resume

Reconcile provider state before sandbox resume

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Medium

Show IPv6 local ports in dashboard

Show IPv6 local ports in dashboard

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Medium

Preserve public OAuth login redirect origin

Preserve public OAuth login redirect origin

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Medium

Address OAuth consent review comments

Address OAuth consent review comments

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Low

Bypass transparent proxy for gateway websockets

Bypass transparent proxy for gateway websockets

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Low

Align egress path prefix matching

Align egress path prefix matching

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Low

Restore session status indicator dots

Restore session status indicator dots

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Low

Restore dashboard lint concurrency

Restore dashboard lint concurrency

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Low

Align completed home session form spacing

Align completed home session form spacing

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Bugfix Low

Return JSON for invalid OAuth authorize resource

Return JSON for invalid OAuth authorize resource

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Refactor Low

Streamline beta notice messaging

Streamline beta notice messaging

Source: granite4.1:30b@2026-05-30-audit

Confidence: low
Full changelog

[0.26.0] - 2026-05-30

Features

  • Add oauth organization switching endpoints (#2540)
  • Add mistle org list (#2542)
  • Add mistle org switch (#2545)
  • Update git commit signing identity linking (#2546)
  • Add organization welcome email (#2549)
  • Add mcp oauth discovery
  • Bind oauth grants to resource
  • Add mcp oauth client registration
  • Add mcp oauth consent flow
  • Accept mcp oauth bearer tokens

Bug Fixes

  • Clear SeaweedFS proxy env in dev compose (#2533)
  • Reconcile provider state before sandbox resume (#2532)
  • Bypass transparent proxy for gateway websockets (#2530)
  • Align egress path prefix matching (#2531)
  • Restore session status indicator dots (#2534)
  • Restore dashboard lint concurrency (#2535)
  • Update vite fixture lockfile
  • Show ipv6 local ports in dashboard (#2537)
  • Preserve public oauth login redirect origin (#2543)
  • Align completed home session form spacing (#2547)
  • Lower MCP operation events default limit (#2548)
  • Streamline beta notice messaging (#2553)
  • Address oauth consent review comments
  • Return json for invalid oauth authorize resource
  • Use configured Infisical identity in scheduled system CI (#2571)

Documentation

  • Remove Discord from docs footer (#2538)

Tests

  • Instrument GitHub webhook system timings (#2529)
  • Add tensorlake runtime system coverage (#2541)

CI

  • Run runtime system tests in PR CI (#2536)
  • Restore scheduled system tests (#2566)

Chores

  • Upgrade pnpm to v11 (#2523)
  • (deps) Bump tar from 0.4.45 to 0.4.46 in /packages/sandboxd (#2491)
  • (deps) Bump @storybook/addon-docs from 10.3.6 to 10.4.0 (#2493)
  • (deps) Bump jose from 6.2.2 to 6.2.3 (#2496)
  • (deps) Bump vitest from 4.1.5 to 4.1.7 (#2495)
  • (deps) Bump vite from 8.0.13 to 8.0.14 in /tests/system/fixtures/vite-dev-server (#2522)
  • (deps) Bump @tanstack/react-pacer from 0.22.0 to 0.22.1 (#2494)
  • (deps) Bump oxlint from 1.61.0 to 1.66.0 (#2492)
  • Enable pnpm global virtual store (#2539)
  • Update codex to 0.135.0 (#2544)
  • (deps) Bump DeterminateSystems/magic-nix-cache-action from 13 to 14
  • (deps) Bump github/codeql-action from 4.35.5 to 4.36.0
  • (deps) Bump serde_json from 1.0.149 to 1.0.150 in /packages/commit-sign
  • (deps) Bump react-day-picker from 9.14.0 to 10.0.1
  • Update Pi to 0.77.0 (#2567)
  • (deps) Bump mailpit-api from 1.9.0 to 2.0.0 (#2564)
  • Update opencode cli (#2568)
  • (deps) Bump @codemirror/lint from 6.9.5 to 6.9.6 (#2560)
  • (deps) Bump serde_json from 1.0.149 to 1.0.150 in /packages/sandboxd (#2559)
  • (deps) Bump @opentelemetry/sdk-node from 0.217.0 to 0.218.0 (#2557)
  • (deps) Bump nodemailer and @types/nodemailer (#2562)
  • (release) V0.26.0 (#2572)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mistle

Get notified when new releases ship.

Sign up free

About Mistle

All releases →

Related context

Beta — feedback welcome: [email protected]