Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt

Use this file to discover all available pages before exploring further.

1.28.19
May 5, 2026
Improvements
  • Agent artifacts: Agents can now publish files from their workspace as shareable URLs using the built-in publish_artifact tool. Use it to share generated reports, CSVs, or any file with end users. Artifact publishing is enabled by default on new agents. See Agents — Artifact publishing.
  • Runlayer MCP: agent memory toggle: The create_agent and update_agent Runlayer MCP tools now accept an enable_memory parameter so you can enable or disable built-in agent memory programmatically.
  • Shareable session links: Agent run sessions can now be shared via a direct link from the sessions list.
  • CLI 0.24.4 → 0.24.6: Improved AI Watch hook enforcement reliability on Cursor; internal stability fixes.
1.28.18
May 1, 2026
Improvements
  • Analytics: Skill risk assessment: The Skills tab now includes a Skill risk assessment widget showing skills ranked by security score with per-skill risk level badges (High, Medium, Low, Minimal, Unknown). See Analytics.
  • Analytics: Plugin usage by client: The Plugins tab now includes a Plugin usage by client widget showing which MCP clients generate the most plugin activity. See Analytics.
  • Slack DM mode via Runlayer MCP: The update_agent Runlayer MCP tool now supports setting slack_terminal_run_dm_mode to control run-result DMs (always, errors_only, or disabled) without using the UI.
  • Agent templates refreshed: Agent creation templates have been replaced with a new set distilled from real workspace patterns, including 1:1 Prep, Release Notifier, Account Intelligence, Daily Briefing, and others.
  • CLI 0.24.3: Bug fixes for skill and plugin install name resolution.
1.28.17
April 29, 2026
Improvements
  • GPT-5.5: GPT-5.5 is now available as an agent model when OpenAI is configured as an LLM provider. See LLM Providers.
  • New client setup guides: Setup instructions are now available for Zed, Cline CLI, GitHub Copilot CLI, and Antigravity.
  • Microsoft OneDrive & SharePoint: OneDrive and SharePoint MCP connectors are now available. The Outlook, OneDrive, and SharePoint setup guides are consolidated into a single Microsoft 365 page.
  • Runlayer MCP server management: Runlayer MCP now supports creating, updating, and deleting connectors (admin-only, confirm-required). See Runlayer MCP.
  • Shadow Connectors widgets: The Shadow page now includes a Connectors section with most common shadow servers, users with shadow servers, top servers to migrate, and MCP client usage breakdown.
  • Agent accounts for all users: All workspace members can now view agent accounts, create delegations, and create session grants — no longer limited to admins.
  • Slack say on all triggers: The agent say tool now works on webhook and scheduled runs (not just Slack-triggered runs) when the Slack MCP connector is attached.
  • Agent memory opt-in: Agent memory is now opt-in — enable it from the agent’s advanced settings. Previously it was automatically available on all agents.
  • Agent cross-turn context: Agent conversations now include tool calls and results from prior turns, giving the model better continuity across multi-step tasks.
  • New catalog connectors: Skyvern is now available in the connector catalog.
  • Claude Code plugin install: Plugins are now installed into Claude Code via the marketplace format for better compatibility.
1.28.16
April 27, 2026
Improvements
  • PII scan direction: PII detection can now be scoped to tool inputs, outputs, or both. Configure globally in Settings → Security Scanners or override per connector. Defaults to input-only. See ToolGuard Models.
  • Agent365 Work IQ branding: All Microsoft Agent 365 servers in the connector catalog now include the (Work IQ) suffix to align with Microsoft’s updated product naming.
  • Admin setup instructions for all users: A new workspace setting (Settings → Workspace) lets admins show the full admin-facing client setup instructions to every user, not just admins.
  • Shadow Connectors widgets: The Shadow page now includes a Shadow vs Managed breakdown chart and a Shadow Server Discoveries timeline.
  • MDM guide refresh: Detect and Enforce MDM deployment guides have been refreshed with updated naming (Iru, Kandji) and streamlined instructions.
  • Microsoft Outlook MCP: A dedicated Outlook setup guide is now available for the Outlook MCP connector.
  • New catalog connectors: Fellow, Tines, Kubernetes, and Superhuman Mail are now available in the connector catalog.
  • Agent account creation simplified: The outdated connector setup step has been removed from the agent account creation flow.
1.28.15
April 23, 2026
Improvements
  • Shadow page: Shadow discovery metrics (MCP servers and skills) now have a dedicated page in the sidebar, separate from the Analytics dashboard.
  • Skill security scores: After uploading skill files, the skill detail page displays the overall security score and per-file risk indicators with a drill-down dialog for each finding.
  • Manual skill security rescan: Skill owners and admins can trigger a security rescan from the skill detail page for skills uploaded before scanning was enabled.
  • Agent activity security section: Each agent run in the Activity view now includes a collapsible Security section showing ToolGuard scan results, policy denials, and warnings.
  • Schedule timezone modes: Agent schedules now support a Local wall clock mode that evaluates the cron expression in the selected timezone and automatically adjusts for DST transitions.
  • Auto-grant delegation: Starting your first interactive chat with an agent automatically grants a delegation so the agent can act on your behalf.
  • Identity Forward for Deploy: Deployed MCP servers can now receive the authenticated caller’s identity via X-Runlayer-* HTTP headers. See Deploy — Identity Forward.
  • Policy-blocked tools flagged: Tools and resources blocked by connector policies are now visually flagged in the connector detail view.
  • New catalog connectors: Pinpoint ATS, Clay, and pganalyze are now available in the connector catalog.
  • Slack agent input: Agents now process link unfurls and bot attachments from Slack messages as part of their input context.
  • Connector description limit: MCP server descriptions now support up to 4096 characters (previously 1024).
  • Shadow MCP false-positive fix: Improved shadow MCP matching to reduce false-positive detections on command-line argument tokens.
  • Detect MDM guide simplification: Organization API key prerequisites have been removed from the Detect MDM deployment guides — enrollment keys handle authentication automatically.
1.28.14
April 21, 2026
Improvements
  • Configurable skill risk policy: Admins can now configure how the platform responds to skill security scan results. Set per-tier actions (Block, Warn, or Allow) for high-risk and medium-risk skills in Settings → Security Scanners. High-risk defaults to Block; medium-risk defaults to Warn.
  • Intune Remediation deployment method: The Intune deployment guide now supports the Remediation method (requires Intune P2). Intune handles scheduling natively — no scheduled task is created on the device.
  • New catalog connectors: Smartsheet and DataGrail Vera are now available in the connector catalog.
  • Draft connectors hidden from clients: Connectors in Draft status are no longer exposed via the MCP endpoint or the proxy — only the creator can see them until the connector is activated.
  • OAuth popup fix: Fixed the upstream OAuth popup flow when the remote server’s COOP header prevents window.opener access.
  • Subagent update fix: Updating a subagent no longer clears fields that were not included in the update payload.
1.28.13
April 19, 2026
Improvements
  • Runlayer Assistant generally available: The in-app Runlayer Assistant is now available to all workspaces with agents enabled — no separate feature flag required.
  • Onelayer plugin always visible: The Onelayer plugin now appears in the plugin list for all users without a feature flag gate.
  • Slack run source details: Agent runs triggered from Slack now display conversation, channel, and trigger details in the Activity view, with a direct link to the originating Slack message.
  • New catalog connector: Amazon Redshift (read-only SQL — discover, explore, and query Redshift clusters and serverless workgroups).
  • MDM PowerShell improvements: Windows MDM scheduled tasks now run with a hidden PowerShell window (-WindowStyle Hidden -NonInteractive) so recurring scans no longer flash a console window.
  • Sensitive audit log guard fix: Updating a connector without changing its sensitive audit log settings no longer requires Super Admin permissions.
1.28.12
April 17, 2026
Improvements
  • Claude Opus 4.7: Claude Opus 4.7 is now available as an agent model when Anthropic is configured as an LLM provider.
  • Agent icon in creation flow: You can now set a custom icon when creating an agent, not just after creation.
  • Deployment custom icons: Deployments now support custom icons — set one during creation or update it from the deployment settings dialog.
  • Resume agent runs from Activity: Open a past agent run in the Activity view and click Resume to continue the conversation in the Playground with the full prior context loaded.
  • Slack plan improvements: Agent messages in Slack now display which LLM model produced each response. Tool outputs are no longer shown inline to keep messages cleaner.
  • Deploy auto-grants developer access: When you deploy a connector via the CLI, the deploying user is now automatically granted developer-level access to the resulting connector.
  • New catalog connector: ZoomInfo is now available in the connector catalog.
  • Ashby out of beta: The Ashby connector is now generally available (no longer marked as beta).
  • PPPC profile for Detect (macOS): The Shadow MCP Detect deployment flow now includes a downloadable PPPC profile for macOS MDMs. Deploy it before the scan script to prevent macOS consent prompts for runlayer-scan.
1.28.11
April 15, 2026
Improvements
  • Analytics: top agents by tool calls: The Agents tab now includes a ranking of agents by raw tool call volume alongside the existing top-by-runs widget.
  • Agent default model updated: New agents now default to Claude Opus 4.6 (claude-opus-4-6). Existing agents keep their current model.
  • Agent memory clarified: Agent creation and update endpoints now document the built-in persistent SQLite database — no extra storage setup required.
  • Onelayer auto sync: The Onelayer org install dialog now includes an Auto Sync toggle so the plugin is automatically pushed to developer clients via runlayer setup sync.
  • Auto-provisioning syncs plugins: runlayer setup sync now installs both connectors and plugins marked for auto-sync, not just connectors.
  • CLI target resolution: runlayer run now accepts a connector alias in addition to a UUID.
  • Agent account authentication cookbook: New recipes page with copy-paste examples for M2M tokens, OBO flows, session grants, and external user mapping.
  • New catalog connectors: Render and Hugeicons are now available in the connector catalog.
  • Slack alert toggle states: Budget and scheduled-run failure Slack alerts now show clear status when Slack is not yet configured on the agent.
  • Codex MCP instructions: Improved Codex client setup instructions.
  • Audit log chart fix: The audit log timeline chart now truncates at the current time instead of extending into the future.
  • OAuth fixes: Fixed refresh-token retry loop on upstream 401, isolated rate-limit buckets per identity, and fixed OAuth popup getting stuck on close.
1.28.10
April 13, 2026
Improvements
  • Session grants: Agent account authentication to OAuth-protected connectors now uses session grants — a model that decouples OAuth credential sharing from delegations. Grants can be personal (caller-only) or shared (fallback for other users). See Agent Accounts.
  • Session grant admin revocation: When an admin deactivates a user, all of that user’s session grants are automatically revoked.
  • Terraform Provider (Beta): Manage Runlayer policies and resources from Terraform. See the Terraform Provider guide.
  • OAuth guide for deployed servers: New guide covering dual-auth architecture, DynamoDB token storage, and the two OAuth integration patterns for custom MCP servers. See OAuth for Deployed MCP Servers.
  • Slack say tool: Agents triggered from Slack can now post additional messages back to the conversation thread using a built-in messaging tool.
  • Connector docs expanded: The Connectors page now covers the connector catalog, manual setup, deploy flow, and ToolGuard security in detail.
  • MDM script fixes: PowerShell scripts no longer fail on uv stderr output; macOS scripts fix .runlayer directory ownership.
1.28.9
April 11, 2026
Improvements
  • Analytics Agents tab: The Analytics dashboard now includes an Agents tab with an agents inventory card (total, public vs private, created in period) and an agent runs over time chart.
  • Duplicate agent: Any workspace member can duplicate an agent from the agent detail page or from the agent card menu. The copy clones configuration, connectors, and tools.
  • Onelayer OpenAI org install: “Add to Organization” for the Onelayer plugin now supports both Anthropic and OpenAI paths. The OpenAI flow walks admins through registering an MCP connector and uploading skills in ChatGPT.
  • Directory sync locks manual editing: When SCIM directory sync is enabled, manual role and group editing is disabled in the UI with an explanatory banner.
  • Connector search: Connectors can be searched by name or description using the global command palette (Cmd/Ctrl+K) and via the query parameter on the servers API.
  • Schedule count badge: Agent cards now display a badge showing how many active schedules the agent has.
  • Connector icons on agent cards: Agent cards display icons for their attached connectors.
  • CLI 0.24.0: Bug fixes and scan parsing improvements.
1.28.8
April 9, 2026
Improvements
  • Goose MCP client support: Goose is now a supported MCP client with hosted and local setup guides, native skill install, and plugin install via MCP fallback.
  • CLI 0.23.0: New interactive skills find and plugins find commands for browsing and installing skills or plugins from the terminal.
  • Agent list sorting and filtering: The Agents page now supports sorting by newest, oldest, alphabetical, and last-used, plus a status filter (active / disabled).
  • Agent playground auto-tools: The Playground now automatically injects Runlayer tools (search, run, manage) so agents can reason about the workspace without manual connector setup.
  • Agent connector grant access: Connectors requiring authorization now show a guided access setup dialog directly during agent creation, with per-connector status indicators.
  • SIEM export (S3): Audit logs can now be continuously exported to an S3 bucket for SIEM ingestion (CrowdStrike, Splunk, Sentinel). See Audit Logs.
  • Enforce remote MCP URL allowlist: Admins can now allowlist specific remote MCP URLs so Enforce does not block trusted third-party MCP servers. See Enforce.
  • Tool selector categories: The tool picker in policies now includes an annotation-based category dropdown next to “Select All” for faster bulk selection.
1.28.7
April 6, 2026
Improvements
  • Runlayer MCP subagent management: Add, update, and delete subagents on an agent directly through Runlayer MCP tools (confirm-required).
  • Manage Slack App link: Agent Slack settings now include a direct link to manage the agent’s Slack app on api.slack.com.
  • Improved scheduled run reliability: Scheduled agent runs now retry transient authentication errors automatically instead of failing immediately.
  • New catalog connector: Ravenna (AI knowledge management — search knowledge bases, manage channels, and automate support workflows).
1.28.6
April 3, 2026
Improvements
  • Analytics v2 Overview redesign: The Overview tab now shows a Tasks chart (human vs agent), Usage card (users, agents, connectors), Most Used Clients, and a redesigned Security Alerts widget. The previous tool calls timeline has been replaced.
  • Deploy agent from plugin: Create an agent directly from a plugin detail page — the new agent inherits the plugin’s connectors and skills automatically.
  • New catalog connectors: AirOps (50 tools) and Pendo are now available in the connector catalog. Datadog now uses the full toolset by default.
  • CLI deploy URL: The CLI now prints the deployment URL after a successful deploy.
1.28.5
April 2, 2026
Improvements
  • Sensitive audit log redaction: Super Admins can mark connectors as sensitive. When enabled, tool call arguments, results, and security scan details are automatically redacted from audit log entries for that connector.
  • Analytics Connectors tab: Connector-related widgets (top by tool call, connector health, usage by client) are now in a dedicated Connectors tab. Skills tab renamed “Skills created over time” to “Skills usage over time.”
  • Scheduled run failure DMs: Agent owners receive a Slack DM when a scheduled agent run fails.
  • Agent advanced settings: Model, environment variable, and subagent settings are now visible only to admins and the agent owner.
1.28.4
April 1, 2026
Improvements
  • ToolGuard sensitivity levels: Each scanner phase (Tool List Guard, Tool Call Guard, Tool Intent Guard) now supports Strict, Balanced (default), or Moderate sensitivity, configurable globally and per connector.
  • Runlayer MCP policy CRUD: Create, update, and delete policies directly through Runlayer MCP governance tools (in addition to list and read).
  • Security warning classification: Hidden-character masking and sensitive-token masking findings are now classified as security warnings instead of violations.
  • Connection test timeout: MCP connection tests now enforce a 15-second timeout to prevent long hangs.
  • CLI 0.22.2: Minor fixes and improvements.
1.28.3
April 1, 2026
Improvements
  • AI Watch now scans Codex and OpenCode plugins: Detect discovers installed plugin artifacts in Codex and OpenCode alongside existing client support.
  • Enforce now supports Claude Code on macOS: Shadow MCP tool call interception is available for Claude Code.
  • Agent policies: Agents now have a dedicated Policies section for managing per-agent access rules directly from the agent detail page.
  • Analytics: skill usage timelines and top skills: The Skills tab now shows skill usage over time and a ranking of the most-used skills.
  • Zoom connector: Zoom is now available in the connector catalog with meeting search, recording access, and Docs creation tools.
  • CLI 0.22.0: Includes Codex and OpenCode plugin scanning support.
1.28.2
March 31, 2026
Improvements
  • Agent subagents: Agents can now delegate work to lightweight child agents that inherit the parent’s connectors and tools but follow their own instructions.
  • Analytics v2 tabbed layout: The Analytics dashboard is now organized into Overview, Skills, and Plugins tabs with dedicated widgets for each area.
  • Agent run audit events: Agent runs now emit AGENT_RUN, AGENT_RUN_SUCCESS, and AGENT_RUN_FAILURE audit log events with source, model, and duration.
  • Deploy force-delete: Deployments with connected connectors can now be deleted via a Delete All option that removes the deployment and its connected servers together.
  • Agents API: The public Agents API routes have been renamed from /assistants to /agents.
  • Kandji shadow MCP support: Kandji is now included in Shadow MCP device filtering.
1.28.1
March 29, 2026
Improvements
  • Codex as native plugin client: Codex now has first-class plugin install support in the CLI.
  • Agent templates: Create agents from pre-built templates (workspace agent, research agent, weekly summary, morning brief) that pre-fill name, prompt, connectors, and tools.
  • Retry failed agent runs: Failed runs can be retried directly from the Activity view.
  • Agent owner visible: The agent owner is displayed on the agent detail page.
  • Grant access on connectors: Connectors that require authorization show a Grant access button directly on the connector card when attaching to an agent.
  • Kandji MDM: Kandji is now a supported MDM platform for auto-provisioning.
  • Vimeo connector: Vimeo is now available in the connector catalog.
  • Workday configurable OAuth scopes: Workday deployments now support configurable OAuth scopes.
1.28.0
March 25, 2026
Major Features
  • Agents closer to GA: Agents now support workspace-level LLM provider settings with Anthropic, OpenAI, and OpenAI-compatible gateways, backend proxying for model traffic, richer Playground and Activity views, custom icons, built-in per-agent memory, and simpler enable/disable controls for Slack, webhook, and scheduled runs.
  • Shadow AI coverage now includes skills: Detect can now discover shadow skills in supported clients, classify them by risk, and surface analytics so admins can see what is spreading, where it came from, and which skills are outdated.
  • Deploy UX has been revamped: The deploy flow was rebuilt around guided dialogs, inline CLI commands, clearer setup states, better connector visibility, and a new Build with Runlayer MCP entry point for AI-assisted server creation.
  • Plugins are easier to publish, install, and manage: Runlayer now has a more complete plugin workflow across UI and CLI, including Claude-format plugin publishing, inline manifest support, native install guidance for more clients, richer plugin metadata, and more reliable push/sync behavior.
  • Granular admin roles reduce the need for Super Admin: Runlayer now supports specialized roles for Security, IT, Helpdesk, Developer, and Analytics work, with capability-based access across the UI and API plus multi-principal policies for clearer separation of duties.
Other Improvements
  • CLI improvements: CLI credentials are now stored in the OS keychain, verified-local is folded into run, and local capabilities sync now also support http and sse servers.
  • Auditability improvements: Skills and plugins now have stronger audit parity, with additional coverage for installs, updates, and upstream token refresh events.
  • Workspace admin polish: Workspace settings got safer unsaved-change handling, plugin and deployment flows were cleaned up, and admin user details now have a dedicated page layout.
  • OAuth Broker coverage expanded: Added Guru as a supported OAuth Broker vendor.
Full release notes (expand)
  • Workspace LLM providers: Admins can configure Anthropic, OpenAI, and OpenAI-compatible gateway settings at the workspace level, and agents automatically expose the right model choices in the UI.
  • Backend LLM proxying: OpenAI model traffic can now route through the backend proxy layer instead of going direct from the sandbox.
  • Playground and Activity upgrades: The agent experience now has a stronger playground, clearer tool-call rendering, cleaner run traces, and better activity detail views.
  • Custom agent icons: Agents can now use custom uploaded icons for clearer identity in lists and deployment surfaces.
  • Per-agent memory: Each agent now has built-in SQLite-backed memory scoped to that agent.
  • Safer deployment channels: Agents can be disabled without deleting them, which blocks Slack, webhook, and scheduled execution until re-enabled.
  • SkillWatch analytics: Analytics now includes skill discovery metrics, risk breakdowns, top sources, and outdated-skill visibility.
  • Shadow skill classification: Detected skills are classified so admins can prioritize higher-risk discoveries first.
  • Broader discovery coverage: Detect and CLI scan flows now do a better job finding skills and plugin artifacts in supported clients.
  • Install analytics: Runlayer now captures install analytics to make adoption easier to track.
  • Guided deploy creation: Creating a deployment is now a two-step guided flow instead of a single dense setup screen.
  • Inline CLI commands: Deployment setup surfaces the exact CLI commands inline where users need them.
  • Clearer setup states: New setup-required badges and empty states make it easier to see what a deployment still needs before it is usable.
  • Deployment connectors tab: Connected servers now have a dedicated tab with tool counts for easier review.
  • Build with Runlayer MCP: A new entry point connects deployment setup with the MCP Builder workflow.
  • Deployment rename support: Admins can now rename deployments directly from the UI.
  • CLI plugin publishing: runlayer plugins push now supports fuller Claude-style plugin publishing and install flows.
  • Inline manifest support: Runlayer now reads mcpServers from .claude-plugin/plugin.json, with fallback to legacy .mcp.json.
  • Native install guidance: Added stronger install/setup guidance for native client flows, including VS Code.
  • Richer plugin metadata: Plugin descriptions are more flexible, plugin list scoping is improved, and duplicate/manage flows are better.
  • More reliable push and remove flows: Improved plugin push stability, root skill path handling, and removal by UUID.
  • Granular admin roles: Super Admin is now joined by specialized roles including Security Admin, IT Admin, Helpdesk, Developer, Analytics Admin, and User.
  • Clear separation of duties: Security, IT, troubleshooting, deployment, analytics, and catalog work can now be split across narrower roles instead of defaulting to broad admin access.
  • Capability-gated UI and API: Navigation, pages, and backend routes now enforce capabilities more consistently so users only see and use what their role allows.
  • Multiple principals per rule: A single permission rule can now include multiple users, groups, roles, or agents.
  • Read-only troubleshooting and analytics access: Helpdesk and Analytics-focused workflows now have narrower access patterns for logs, user info, and company-wide metrics.
  • Better policy UX: Global and connector-level policy flows were updated to make larger access models easier to edit.
  • Audit parity for plugins and skills: More plugin/skill actions now show up consistently in audit logs.
  • OS keychain storage: CLI logins now store credentials in the system keychain instead of plain local config only.
  • Simpler local run flow: verified-local is consolidated into run, reducing setup friction for local MCP workflows.
  • Automatic local capability sync: Local MCP capabilities are refreshed automatically after proxy connection.
  • Admin polish: Added a dedicated user details page layout and safer unsaved-changes handling in workspace settings.
  • OAuth vendor coverage: Added Guru to the supported OAuth Broker vendor list.
1.27.0
February 23, 2026
Major Features
  • Plugins & Skills: Skills are now first-class—browse, manage, and upload them from their own section. Bundle skills with connectors into plugins for a single MCP endpoint with the right tools and instructions.
  • Manage Connectors View: Rebuilt “My Connectors” and “Manage Connectors” pages with sidebar navigation, a request/approval flow for non-admins, and granular per-connector permissions by user, group, role, or agent. “Policies” renamed to “Permissions.”
  • Tool Intent Guard: Runtime model that analyzes tool inputs and outputs together—detecting intent drift, output poisoning, data exfiltration, and prompt injection with fewer false positives. (Previously called “ToolGuard Output Scanning”.)
  • Configurable PII: PII scanning is now fully configurable per connector with custom rules.
  • Organization API Keys & JIT Auth: Org-level API keys scoped by role for Detect scans and security scanning. Automatic configuration provisioning uses enrollment keys. Just-in-Time Auth prompts for credentials only on first tool call with a three-tier cache.
Other Improvements
  • 25+ new catalog connectors: Lemlist, Webflow, Google Analytics, Neon, Pylon, DX, official Slack MCP, Deepwiki, CircleCI, Ashby, Figma Desktop, Miro, Jamf, Cloudflare (16 servers), Datadog, Vanta, Granola, LaunchDarkly, and more—plus BigQuery and Slack out of beta.
  • Faster dashboards: Analytics and metrics pages load significantly faster under heavy usage.
  • Audit log improvements: New tabs, filters, cross-page date alignment, and a Top MCP Clients chart in Analytics.
  • MCP client setup: New guides for Raycast, Claude Code, and Gemini CLI, with admin-managed and remote-only instruction modes.
  • OAuth improvements: Compliant discovery for ChatGPT, Cursor Hook compatibility, and automatic session cleanup on credential revocation.
  • Bug fixes: Token scanner false positives, SCIM sync failures on stuck events, and audit log chart aggregation.
Full release notes (expand)
  • Skills as top-level feature: Skills have their own section in the sidebar with dedicated browse, detail, and management pages.
  • Plugin builder: Create and edit plugins with a visual builder—bundle connectors (with tool allowlists) and skills into a single MCP endpoint.
  • Skill file uploads: Upload .skill or .zip files from the UI, or choose from pre-built templates.
  • Skill details page: View skill contents with markdown rendering, file listing, and card UI.
  • List and card views: Toggle between card and list layouts for Skills and Plugins.
  • Preview before connecting: Preview skill files and tools within a plugin before adding it to your setup.
  • Skill tools bulk select: Select and request multiple skill tools at once.
  • Manage Connectors View: Separate “My Connectors” (user-facing) and “Manage Connectors” (admin) pages with distinct layouts.
  • Sidebar management: Each connector has a sidebar with tabs for Permissions, Settings, Security, Tools, Resources, Prompts, Metrics, and Activity.
  • Request and approval flow: Non-admins see “Request new” instead of “Add connector.” Requests include a reason, admins see a pending count, and approval creates a permission rule in one step.
  • Clickable card items: Cards across views are now clickable links for faster navigation.
  • Tool Intent Guard: Model that analyzes tool inputs and outputs together—scoring both risky content and semantic similarity to detect output poisoning, data exfiltration, and prompt injection. Replaces the previous output-only model. (Previously called “ToolGuard Output Scanning”.)
  • Security Scanning API: ToolGuard available programmatically via /score/tool_guard_io—scan from CI, integrate into your own workflows, or build on top of Runlayer’s security layer.
  • Static tool risk scanning: View tool-level security risks directly in the UI from catalog scans.
  • Security score: Per-connector security posture scoring to quickly identify where risk is concentrated.
  • Configurable PII scanner: Enable or disable built-in PII types, add custom rules with regex patterns, and configure scanning per connector.
  • Token scanner fixes: Reduced false positives in token detection.
  • ToolGuard model updates: Multiple model updates for improved detection accuracy.
  • Violation decision audit trail: Security violation approve/reject decisions are now logged for compliance.
  • Policy conditions on tool annotations: Write permission conditions that reference tool annotations for fine-grained access control.
  • Policy condition autocomplete: Autocomplete when writing permission conditions.
  • Organization API keys: Org-level API keys with multiple keys per workspace, scoped by role (Detect Scan, Security Scan). Auto-provisioning uses enrollment keys.
  • Role-based API key scoping: Scoped keys for MCP Watch, Security Scan, and CLI endpoints.
  • Just-in-Time (JIT) Auth: Per-tool authentication with a three-tier cache—credentials requested only on first tool call.
  • CIMD support: Client ID Metadata Document support for OAuth client identification.
  • OAuth session cleanup: Upstream sessions automatically revoked when credentials are rotated or deleted.
  • Compliant OAuth discovery: RFC 8414 compliant discovery for ChatGPT and other MCP clients.
  • Admin users search and filter: Admins can search and filter the users list.
  • Identity based rate limiting: Rate limits now apply per authenticated identity instead of per IP.
  • Audit log tabs and filters: New tabbed layout with improved filtering and cross-page date alignment.
  • Faster dashboards: Analytics and metrics pages load significantly faster under heavy usage.
  • MCP Watch with org API keys: MCP Watch Detect authenticates via org API keys. Auto-provisioning (hooks, sync) uses enrollment keys.
  • New catalog connectors: Lemlist, Webflow, Google Analytics, Jam.dev, Neon, Pylon, DX, official Slack MCP, Deepwiki, CircleCI, Ashby, Figma Desktop, Miro, Jamf, Statsig, Exa Websets, Adaptive, Hex, Cloudflare (16 servers), Datadog, Vanta, Granola, and LaunchDarkly.
  • BigQuery and Slack connectors out of beta.
  • Figma MCP updated to latest transport.
  • Admins can gate beta catalog servers per workspace.
  • MDM deployment guides: New guides for Mosyle and generic MDM solutions.
  • Improved container security: Hardened runtime security defaults for deployed services.
  • Multiple CLI releases with usability and stability improvements.
1.25.0
January 19, 2026
Major Features
  • Deploy servers directly from the Catalog: Go from discovery to a running managed server faster—and get clearer status that distinguishes “deployment complete” from when a server is actually ready after cold starts.
  • MCP Watch (Shadow MCP discovery): Admins can now spot unmanaged MCP servers across devices, track discovery trends over time, and identify migration opportunities directly from Analytics.
  • MCP Watch Re-analysis: Admins can now trigger re-analysis of discovered MCP servers directly from the UI.
  • Microsoft Agent 365 Integration: Full OAuth broker support and catalog servers for Microsoft Agent 365.
  • Server metrics dashboard: New per-server metrics tab with tool call health, usage, and performance charts to help troubleshoot issues faster.
  • Agent Accounts (Beta): Register AI applications as agent accounts to authenticate programmatically and call MCP tools through Runlayer.
  • Slack rollout improvements: Organization-wide Slack App installs make it easier to enable Slack notifications across the workspace, with support for multiple Slack apps per agent.
  • Plugins improvements: Plugins now support OAuth authentication for safer, smoother connections in more environments.
Other Improvements
  • Safer deployment logs: Sensitive environment variables are now redacted in deployment logs by default.
  • Faster audit logs at scale: More read-heavy operations (including audit logs) were optimized to keep the UI responsive under load.
  • Improved tool security scanning performance: Added caching for tool list scanning to reduce repeated work and speed up scans.
  • Updated ToolGuard: New threat detection capabilities and improved security scanner defaults.
  • OAuth compatibility fixes: Better discovery and validation across providers, including fixes for edge-cases with client IDs and PKCE.
  • Analytics improvements: Analytics graph now shows today’s tool calls for more up-to-date visibility.
  • Bug fixes: Fixed PII scanner false positives on numeric IDs in URLs, OAuth token handling for tokens without expiration, and audit log validation for tool names with special characters.
Full release notes (expand)
  • Agent Accounts (Beta): Register AI applications as agent accounts to authenticate programmatically (machine-to-machine or on-behalf-of) and call MCP tools through Runlayer.
  • Microsoft Agent 365 Integration: Full OAuth broker support and catalog servers for Microsoft Agent 365.
  • Runlayer self-MCP server: Run Runlayer itself as an MCP server for safe automation and debugging workflows.
  • Security scanner management tools: New tools in Runlayer MCP for managing security scanner settings programmatically.
  • MCP Catalog API service: Added a dedicated API for serving the catalog to downstream security scanners (API key authenticated).
  • Catalog tool list support: Tool lists are now available alongside catalog data to support static analysis and compatibility checks.
  • Deploy servers directly from the Catalog with Runlayer Deploy.
  • Clearer deployment status that distinguishes “deployment complete” from actual server readiness after cold starts.
  • Automatic redaction of sensitive environment variables in deployment logs.
  • Ability to force a new deployment and trigger redeploys more explicitly.
  • Backlinks from Deploy back to the originating Connector to make change tracking easier.
  • Improved deployment performance and stability.
  • Fixed audit log validation errors for tool names containing special characters.
  • Server metrics: Tool call health, usage, and performance charts in the server details Metrics tab.
  • MCP Watch dashboard: See shadow MCP discoveries, “managed available” migration opportunities, and trends over time in Analytics.
  • MCP Watch re-analysis: Admins can now trigger re-analysis of discovered MCP servers directly from the UI.
  • MCP Watch CLI: A CLI workflow to collect device-side MCP configuration scans.
  • Broader MCP Watch client support: Added support for additional MCP clients (including Goose and Zed).
  • MCP Watch in production: Expanded MCP Watch availability for production environments.
  • Slack notifications improvements: Easier org-wide installs, richer message context (including tool input/output), support for multiple Slack apps per agent, and better support for common Slack deployment patterns.
  • Analytics improvements: Analytics graph now shows today’s tool calls for more up-to-date visibility.
  • Request correlation: Added request IDs to audit logs to make investigations and support workflows faster.
  • More readable audit log records: Typed actor/resource fields and compatibility improvements for long-lived deployments.
  • Audit log performance: Optimized database queries for faster audit log loading at scale.
  • Better tracing: Added MCP method metadata and tool-call events to improve debugging and performance analysis.
  • ToolGuard performance: Significant caching and scan optimizations to reduce repeated work and speed up security scanning.
  • ToolGuard threat detection: Updated ToolGuard with new threat detection capabilities.
  • Updated security scanner defaults: Improved default security scanner settings for better out-of-the-box protection.
  • Tool list scan caching: Longer cache TTLs to reduce repeated tool list scans at scale.
  • Lower token usage on large toolsets: Token reduction improvements for tool discovery/search flows.
  • PII scanner accuracy: Fixed false positives (including numeric IDs in URLs).
  • Safer proxying: Centralized and hardened sensitive-header stripping for proxied requests.
  • Policy UX improvements: Refreshed policy dialogs and tables for clearer permissions and faster edits.
  • Global policies fixes: More reliable create/edit flows and better group handling in policy assignment.
  • OAuth discovery and validation: Improved discovery behavior across providers, including better fallbacks.
  • OAuth edge-case fixes: Compatibility fixes for PKCE, redirect URIs, numeric client IDs, and tokens without expiration time.
  • OAuth broker improvements: Expanded broker support, Microsoft Agent 365 vendor config, and more reliable behavior for upstream providers.
  • Improved upstream OAuth handling: Better handling of upstream OAuth invalidation and edge cases.
  • Updated Catalog (Discover) to the latest UI for faster browsing and clearer information density.
  • Updated Connectors pages and Connector details to the latest UI, with improved layout and navigation.
  • Improved authorization request flow (request access, reason capture, and follow-up permission prompts).
  • Persisted search queries and connector filters when navigating between pages.
  • More consistent tools and policies presentation (sorting, layout, and dialog improvements).
  • Improved group management and group-related UX, including fixes and polish for common workflows.
  • Expanded the catalog with new servers including Braintrust, Gong, Snowflake (OAuth), Lever, Workday, Salesforce (remote), Socket.dev, Scanner.dev, Amplitude, HuggingFace, BrowserUse, Heroku, CrowdStrike Falcon, and Microsoft Agent 365—plus refreshed metadata and icons.
  • MCP Catalog fingerprints: Server and tool fingerprint identifiers for better tracking and deduplication.
  • Better support for deploy-based servers inside catalog and registration flows.
  • Improved small-screen behavior and table usability across multiple settings pages.
  • Multiple UI polish fixes across dark mode, headers, spacing, and layout consistency.
  • Connectors tab state now persists in the URL for easier sharing and navigation.
  • CLI login via device flow for easier authentication from constrained environments.
  • Added CLI cache clear command for simpler troubleshooting.
  • Improved CLI scan output for faster investigation and clearer results.
  • Multiple CLI releases with usability and stability improvements.
1.13.1
December 5, 2025
Major Features
  • Permission Warnings: Users now see a warning before connecting an MCP client if they lack the necessary permissions.
  • ToolGuard Area of Concern: Security violations now show the specific area of concern that triggered the detection.
Other Improvements
  • Added Pulumi and Parallel Search to the MCP catalog.
  • CLI: New pull command for downloading runlayer.yaml deployment configurations.
  • New optional MCP caching setting for tools/list requests to improve performance.
  • Increased rate limit to 1000 requests/hour for OAuth client registrations.
1.12.0
December 2, 2025
Major Features
  • Visual Query Builder for Audit Logs: Advanced filtering UI for building complex queries.
  • Security Alert Emails: Admins now receive email notifications when security violations occur, configurable in workspace settings.
Other Improvements
  • Added Grain, Fireflies, Iterable, Box, and Contentful to the MCP catalog.
  • New guided onboarding flow for first-time users to configure their MCP clients and preferences.
  • Runlayer Deploy now supports deploying arbitrary Docker images, not just MCP servers.
  • Runlayer Deploy now includes a persistent NoSQL storage for deployed services.
  • Verified icon now shown on trusted MCP servers that came from the catalog.
  • Fixed PII Scanner false positives on ISO timestamps being detected as SSNs.
  • CLI: Fixed edge-cases with token refresh and token expiration.
1.11.0
November 26, 2025
Major Features
  • Server Disable/Enable: Admins can now disable MCP servers to temporarily prevent all access without deleting the server configuration.
  • Alert Mode for Security Scanners: New “Alert” mode allows security scanners to log violations without blocking requests, useful for monitoring and tuning policies.
Other Improvements
  • Added MCP client name and version tracking to audit logs and analytics.
  • Added Ramp to the MCP catalog.
  • MCP tool annotations from servers are now displayed in the UI.
  • Audit log drawer now shows the actual content that was blocked by security scanners.
1.10.0
November 25, 2025
Major Features
  • Human-in-the-Loop Security Review: Admins can now review, approve, or reject security violations from the audit logs.
Other Improvements
  • Added Snowflake, ClickUp, and HubSpot to the MCP catalog.
  • Added duplicate server detection to warn when creating a server with a configuration that already exists.
  • Improved security violation error messages for non-admin users.
  • Skip scanning image and audio content in tool responses for better performance.
  • Various Projects page UI improvements.
1.9.0
November 19, 2025
Major Features
  • Runlayer Deploy, a new way to deploy MCP servers via Runlayer’s managed infrastructure. Learn more.
Other Improvements
  • UI improvements including server drawer fixes and policy management enhancements.
1.8.0
November 13, 2025
Major Features
  • Runlayer CLI deploy command: A new command for deploying Docker-based services to your Runlayer infrastructure.
  • Token Masking Scanner: Sensitive tokens are now redacted instead of blocked, providing better experience while maintaining security.
Other Improvements
  • Added a new setting to control whether employees can submit new MCP servers for admin approval and browse the Catalog to install MCPs. Enabled by default.
  • Redesigned User Details page.
  • Various UI improvements and bug fixes.
1.7.0
November 11, 2025
Major Features
  • Policy Based Access Controls: Complete rewrite of the authorization engine with advanced condition-based policies.
    • Support for policy conditions with operators like contains, matches, in, and logical combinations.
    • Enhanced policy evaluation engine for fine-grained access control.
    • Constraints over MCP client and MCP server attributes. Example: enforce internal-only email domains for Gmail MCP.
    • OAuth Refresh Token Rotation: Automatic rotation of OAuth refresh tokens for improved security.
  • Redesigned Pages: Completely redesigned settings, audit logs and users pages.
1.6.0
November 1, 2025
  • OAuth from MCP Clients: Enables authenticating to upstream OAuth servers directly from MCP clients like ChatGPT, Claude, Cursor and others.
  • Server Configuration Drawer: New streamlined interface for viewing and editing MCP servers.
  • Audit Logs Redesign: Improved table layout and navigation.
  • UI improvements including sticky headers and various bug fixes.
1.5.0
October 28, 2025
  • MCP Prompts Support: Full integration with the MCP prompts specification.
  • Enhanced Catalog: Added popularity-based sorting.
  • Server Editing: Ability to edit server name and description from details page.
  • Multiple UI improvements including calendar component, hover interactions, and analytics enhancements
1.4.0
October 24, 2025
  • Expanded Client Support: Added ChatGPT, Gumloop, and additional AI platforms as supported MCP clients.
    • Client-specific connection instructions and configuration examples.
    • Setup guides for each platform’s MCP integration requirements.
  • Improved OAuth Error-handling: Improved OAuth connection flow to surface clearer, fine-grained error messages, to help debug issues.
  • Improved Prompt Guard v2: Updated to newer model version for better prompt attack detection.
  • Improved Security Feedback: Enhanced security violation messages with better context for troubleshooting blocked requests.
  • OAuth Compatibility: Added support for longer auth tokens from origin MCP servers.
1.3.0
October 16, 2025
  • Local MCP Servers v2: Use local MCP servers with the same security, authz, observability and auditing as remote MCPs.
  • Management API: Automate server and user provisioning via REST API with API key authentication. Full documentation at /docs.
  • MCP Details Redesign:
    • Rebuilt server details with tabbed navigation, client-specific setup instructions (Claude, Codex, others), and one-click deeplinks.
    • Improved server card layouts and visual hierarchy for faster navigation and configuration access.
  • Official MCP Registry Schema: Migrated catalog to standardized MCP registry schema. Ensures ecosystem compatibility and automatic validation.
  • Improved Error messages and Timeouts:
    • Enforced strict timeouts on all MCP operations. Prevents hung requests with predictable error messages.
    • Captures stderr output, exit codes, and connection errors for faster troubleshooting of MCP server failures.
1.1.3
September 30, 2025
  • Made analytics available for non-admin users, showing only their usage data
  • Added Vercel, Intercom, Clockwise, Figma, Pagerduty & Pipedream to the MCP servers catalog
  • Enhanced catalog page with improved links and navigation
  • Fixed missing stdio arguments for local servers
  • Fixed API 403 errors in Server Permissions tab
  • Improved SCIM sync reliability for directory events older than 30 days
1.1.2
September 27, 2025
  • Fixed problem with non-admin users visiting Permissions tab causing API Error
1.1.1
September 25, 2025
  • Fixed SCIM sync initialization for organizations with directory activations older than 30 days
    • Resolved issue where SCIM sync couldn’t initialize properly if the initial directory activation event was more than 30 days in the past
    • Enhanced event retrieval logic to search through historical events when needed
    • Improved sync reliability for long-established directory integrations
1.0.0
September 23, 2025
  • Completely revamped SSO and SCIM implementation
  • Added support for syncing Users and Groups from SCIM
  • Added support for role mapping, to map IdP Groups to Runlayer roles
  • Groups are editable (CRUD) when SCIM is disabled; read-only when SCIM is enabled
BREAKING CHANGE: You’ll need to update the infrastructure definition for your deployment before you can use this version. Additionally, you’ll need to:
  • Add a new AUTH_API_KEY secret (or auth_api_key variable if you’re using the Terraform stack). Runlayer support will provide you with this value.
  • Update the value of the auth_client_id variable to the new client ID. Runlayer support will provide you with this value.
0.69.0
September 22, 2025
  • Add support for custom NPM configurations and private package repositories
0.68.0
September 22, 2025
  • Auto-add an ALLOW policy for the admin who created a server
0.66.8
September 22, 2025
  • Prevent OAuth flow from ending prematurely if the popup needs to show an approval screen
0.66.7
September 22, 2025
  • Fixed OAuth connection status for servers with refresh tokens
    • Connections with valid refresh tokens are no longer incorrectly marked as expired in the UI
0.67.0
September 21, 2025
  • Added integration support for Codex CLI
  • Renamed “My Servers” to “MCPs” throughout the interface for clearer terminology
0.66.4
September 20, 2025
  • Fixed OAuth token refresh functionality for MCP servers
    • Resolved issue where expired OAuth tokens would not automatically refresh
    • Improved authentication reliability for OAuth-enabled servers
    • Enhanced session persistence for uninterrupted server connections
0.65.4
September 19, 2025
  • Fixed an issue where the IAM permissions needed for Prompt Guard V2 were not being applied correctly
  • Fixed editing servers throwing an error.
  • Removed caching from user API endpoints.
0.65.0
September 18, 2025
  • Manual OAuth Configuration: Support for MCP servers without Dynamic Client Registration (DCR)
    • Configure OAuth client credentials directly for servers that don’t support automatic registration, like Github
    • Client secrets are encrypted at rest
    • Automatic detection when manual setup is required with guided UI flow
  • OAuth flow now supports version 2025-06-18 of the MCP specification
  • Catalog now has two entries for Github: one with OAuth and one with PAT token authentication
0.64.0
September 18, 2025
  • Add Support for Local Servers
    • Run MCP servers directly on your local machine without network dependencies
    • Visual indicators distinguish local servers from hosted infrastructure
    • Add local server Atlassian to Catalog
0.63.0
September 17, 2025
  • Enhanced Prompt Attack Detection: New security scanner with improved accuracy and lower latency
    • Labeled as Prompt Guard V2 in the security settings UI and turned on by default; legacy scanner renamed to “Prompt Guard (Legacy)”
    • Advanced prompt attack detection system for better threat identification
    • Infrastructure optimizations for faster response times
0.62.8
September 17, 2025
  • Fixed a client-side caching bug where the version update banner would show up when it shouldn’t
  • Fix JSON format not initializing correctly on server edit page
0.62.0
September 15, 2025
  • Linear MCP Server: Updated to use HTTP streaming endpoint
0.61.0
September 13, 2025
  • Role-Based Tool and Resource Visibility: Enhanced permission system with intelligent filtering
    • Tools and resources are now filtered based on user permissions in list views
    • Users only see items they have access to, eliminating confusing access denied scenarios
    • Improved performance through optimized policy evaluation
    • Replaced automatic admin bypass with proper role-based access control
0.60.15
September 13, 2025
  • RSS-Enabled Changelog: Automatic RSS feed generation
    • Users can now subscribe to changelog updates via RSS
    • Cleaner, more minimal changelog format with categorized updates
    • Improved readability with description labels for each version
0.60.14
September 12, 2025
  • Improve E2E tests that test MCP server creation
0.60.13
September 12, 2025
  • Enhanced CI/CD Pipeline: Improved build reliability for more stable deployments
0.60.12
September 12, 2025
  • Raw JSON Server Configuration: Introduced dual editing modes (Form and JSON) for server configuration
    • Toggle between intuitive form interface and powerful JSON editor
    • Paste .env content to automatically populate environment variables
    • Real-time validation with clear error messages
    • Comprehensive testing for enhanced reliability
  • OAuth Connection Handling: Fixed issue where tools and resources were fetched even when OAuth was not properly connected
0.60.11
September 12, 2025
  • Improved Proxy Architecture: Enhanced performance through optimized middleware implementation
0.60.10
September 12, 2025
  • Central Icon System: Implemented comprehensive icon system for improved visual consistency
    • Enhanced visual hierarchy and user experience
    • Consistent iconography across the platform
0.60.0
September 10, 2025
  • MCP Server Validation: Added intelligent retry logic for improved reliability
    • Automatic retry with smart intervals
    • Enhanced OAuth discovery and error categorization
    • Reduced false negatives from temporary network issues
0.59.0
September 9, 2025
  • Load Testing Framework: Introduced comprehensive performance testing capabilities
    • Configurable test scenarios for various workloads
    • SSE response validation and compliance checks
    • Performance benchmarking for scalability validation
  • Per-Server Security Settings: Granular security controls for individual servers
    • Override specific security scanners while maintaining global defaults
    • Admin-only security configuration interface
    • Flexible Inherit/Block/Alert/Allow options
  • V2 Design Implementation: Major visual refresh
    • New logo system and comprehensive icon library
    • Component library with Storybook integration
    • Consistent theming with design tokens
0.58.0
September 3, 2025
  • Version Update Notifications: Smart in-app update system
    • Automatic detection of new versions
    • Dismissible notifications with user preferences
    • Responsive design with theme support
0.57.0
September 2, 2025
  • Global Security Scanner Settings: Centralized security configuration
    • Unified security policy management
    • Configurable scanner thresholds
    • Enhanced governance capabilities
0.56.0
September 1, 2025
  • Enhanced Version Management: Improved version tracking across deployments
0.55.0
September 1, 2025
  • Security Scanner Optimization: Major performance improvements
    • Consolidated scanning architecture for faster response times
    • Optimized ML-based security scanning
    • Maintained full security detection capabilities

About Runlayer

Runlayer MCP Platform provides enterprise-grade governance, observability, and security for Model Context Protocol deployments. For detailed documentation and deployment guides, visit our documentation portal.