All updates RSS
v0.1.7a
Auth Sandbox Settings Specialists Editor Chat Security

OpenRouter OAuth, MCP servers in Settings, and a panel overhaul

Sign in with OpenRouter, configure MCP servers from the UI, and use a smoother browser and code panel.

This release lands sign-in with OpenRouter, a settings page for MCP servers, and a unified panel for the browser and code views with reliable pop-out and per-conversation state. Local model downloads are now byte-accurate and self-validating, and a long list of chat, specialist, and settings rough edges have been smoothed out.

Sign in with OpenRouter

You can now connect OpenRouter from Settings -> Connections without leaving the app. The success screen no longer flashes “Authentication failed,” and the Connections card refreshes the moment you finish signing in.

Specialists routed through OpenRouter also work better when it’s your only configured key. If a specialist asks for an Anthropic or OpenAI model and you only have OpenRouter connected, the platform now uses OpenRouter automatically instead of failing with a missing-credential error. The model override dropdown fills in with OpenRouter-routable models so you can pick one without juggling other providers’ keys, and the empty state has clearer copy about which providers are available.

MCP servers, configured from the UI

Settings now has a Sandbox section where you can register MCP servers and the tools they expose. Servers are saved per workspace, surface their tool list, and are available to specialists immediately. No more hand-editing JSON to wire up a new MCP integration.

A unified panel for browser and code

The embedded browser and the VS Code panel now share one panel system. That fixes a stack of long-standing issues:

  • Pop-out works correctly for both panels.
  • The address bar stays in sync with the page you’re actually looking at.
  • Each conversation keeps its own panel state — the code panel can be open in one chat and closed in another, and switching between them is smooth.
  • Only one browser instance per chat, so you stop ending up with duplicates after switching workspaces.

Local models that just work

Local model downloads are now byte-accurate: progress reflects actual bytes transferred (not file count) when that information is available, with a safe fallback when it isn’t. Downloads also start from 0% instead of jumping mid-stream.

After a download completes, the platform now confirms the model files are actually present. A “downloaded” badge means specialists can really load the model — no more cases where a download “succeeds” but specialists then fail to use it. Auto-download also kicks in when a workspace or user setting points at a local model that isn’t yet on disk, so first-time switches don’t strand you.

The default Qwen model has been bumped to Qwen3-32B. New workspaces pick that up automatically; existing setups keep whatever you had configured.

Specialists and chat polish

  • Specialist drafts no longer fail to load on cold start when the workspace isn’t fully active yet — the editor now retries the read once.
  • Specialist message bubbles match the shadow of regular bubbles, and channel notice bubbles respect the same max width as everything else.
  • The chat composer placeholder is back to neutral, message-oriented copy.
  • Suggestion chips inside DMs now route into a specialist when the match is confident enough, instead of dropping into a plain message.
  • A new Copy button on messages shows a transient checkmark when the text is on your clipboard, and confirmation and error toasts are now handled in one consistent place.

Settings, billing, and tasks

  • Connections, Integrations, and Linked Accounts now share a consistent action card and panel layout. Cmd/Ctrl + , opens Settings, and the modal matches the rest of the app.
  • Default UI scale on first run is now medium (16px), not the maximum size — first-run users no longer get oversized text.
  • Billing plans are fetched live instead of hardcoded in the app, so plan changes propagate without a release.
  • The org admin “Advanced workspace settings” section renders correctly again.
  • Knowledge plot creation no longer fails with a sign-in error.
  • Kanban drag-and-drop respects same-column reorders again — you can move a task up or down within a column without it snapping back.

Security hardening

  • Secure storage (auth, last workspace, API keys, Google Workspace, GitHub tokens) is now separated by build channel. Debug, beta, nightly, and production each have their own slot, so a debug build can’t read or overwrite production credentials. After this release you’ll need to sign in once per channel.
  • Project paths are now validated against the sandbox directory, blocking writes outside it.
  • The embedded VS Code window only allows http and https links to open externally, blocking other schemes from being handed off to the OS.
  • The macOS production build no longer trips Gatekeeper’s “damaged” popup — release signing and notarization are verified on the artifact before upload, and the updater accepts both “prod” and “production” as channel names.

Polish & fixes

  • The Packages tab is hidden from Settings navigation while package-manager functionality stays intact.