Channel chrome, MCP overhaul, and org permissions

This release reworks how you live inside a channel, modernizes how you connect MCP servers, and introduces fine-grained organization permissions across the app. Specialist mentions now reply in parallel, mermaid diagrams render as first-class chat blocks, and you can plug in any OpenAI-compatible endpoint as a provider.

Chat

Channels now have a single Slack-style header. The right-side panel with five tabs is gone; the title, search box, member and specialist counts, panel toggles, and a kebab menu for Tasks, Knowledge, Workflows, and History all sit in one bar. Private channels show a lock icon in the title button and the sidebar, and admins can add regular workspace members to private channels through a workspace member picker. Renaming a channel works the way you expect: the new name propagates to the sidebar and header without a reload, names are unique per workspace regardless of casing, and non-admins see the name and description as read-only. When something does fail, the toast carries the real reason instead of a generic message.

Mermaid diagrams are now a first-class rich-chat block with safe rendering, source inspection, copy, save to the conversation, open in editor, embedded browser preview, and optional persistence into Knowledge Garden. You can upload .mmd and .mermaid files alongside other knowledge sources. Diagram styling now renders correctly while unsafe inline styles and external references stay blocked.

Notifications also picked up a small but visible fix: badge counts and window titles update reliably again instead of failing silently.

Specialists

Mentioning multiple specialists in a single message no longer queues their replies one after another. Membership checks and channel joins now run fully in parallel, the first failure surfaces immediately rather than waiting on a 30-second hang from an unrelated specialist, and any specialists that did join before the failure get rolled back automatically. Loading and error states in the UI stay consistent across concurrent operations.

Voice capture in the specialist builder works again. The voice service now authenticates with your current session, the microphone permission helper only appears after a real denial on macOS, and resetting the permission no longer requires copying a Terminal command — Zephyr does it for you with one click.

Sandbox

The Model Context Protocol stack has been rewritten on a modern foundation. The user-visible result: OAuth-protected MCP servers now sign you in through your browser and return cleanly to the running app, instead of the fragile loopback flow. Tokens move to the OS keychain on first launch, and any plaintext credentials in older entries are migrated automatically. Tool lists, resources, and prompts now update live without a reload, and failing servers are paused and recovered automatically, with status pills showing Connecting, Connected, Reconnecting, Suspended, or Failed.

You can now scope MCP servers per project, per workspace, per user, or per organization, with project entries shadowing workspace entries of the same id. Specialists can declare required MCP servers in their manifest; installing one of those specialists shows a consent dialog with the verified signature, the transport summary, and the tools requested, and the Add button stays disabled until the required servers are connected. Older legacy transport entries are dropped on first launch with a one-time warning.

The orchestrator also handles orphan tool calls more gracefully — tool calls without a matching response no longer break a turn.

Editor

VSCode is on 1.118.1, and the integration between VSCode and Zephyr is more reliable on launch. The race that used to drop tool requests during a cold open is gone, closing and re-opening a panel can no longer route tool calls into a stale listener, and closed panels fail fast instead of waiting out the full response timeout.

Auth

OpenRouter OAuth now uses a stable public referrer so OpenRouter can identify the app consistently across machines. Returning users no longer trip the duplicate-app upsert path during sign-in, while desktop callbacks continue to work for everyone else.

Security

Organization permissions now run through a fine-grained server-side capabilities check. The desktop, mobile, and shared UIs read those capabilities from the server instead of inferring admin status locally — so settings, billing, member management, and provider controls only show up when you actually have permission. Authorization fails closed when the policy service is unreachable, except in explicit local dev. Authorization rules now live in one shared policy, with support for compiling and publishing organization-scoped custom policies.

Settings

You can now bring your own OpenAI-compatible endpoint as a provider. Add the endpoint, discover its models, and the saved entries show up in the catalog and in the model override picker on each specialist. Shared credentialless endpoints can omit the Authorization header entirely.

Non-production builds get a Devtools modal: the channel pill in the title bar (DEV / BETA / NIGHTLY) is now a button that opens a modal with build channel, app version, release and environment info, API URLs, auth status, workspace role, platform, locale, timezone, online state, and user agent. A “Copy diagnostics” button writes a sanitized JSON blob you can paste into a bug report. Production builds don’t render the pill.

Other

The Manage section in the desktop sidebar shows the Tasks entry again — the page was intact, the nav link was just hidden.

The website’s download CTA now lives in the first-screen hero with a platform selector instead of a separate downloads section.

Polish & fixes

Dropdown menu items now use a pointer cursor app-wide.