Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Changelog

User-visible changes only. Internal refactors and infrastructure work omitted.

v1.1.1 — Three-tier permissions for the cloud registry#

  • Split scailink:remote.* into use, manage_own, and manage_tenant so tenant admins can scope the feature by group via custom roles.
  • Default posture is deny for tenant_user and tenant_viewer; admins enable per group.
  • Admin module-permission catch-all continues to satisfy all three for super, partner, and tenant admins.

v1.1 — Cloud MCP registry#

  • New endpoints under /v1/modules/scailink/remote-servers for registering hosted MCP servers (personal or tenant-shared scope).
  • AES-256-GCM credential storage with per-credential DEK wrapped by the platform KEK. Values are write-only via the API.
  • Automatic discovery on registration plus a 15-minute refresh cron with a per-tenant budget of 10 servers per tick.
  • Three consecutive health-check failures flip a server to status='error'; a successful refresh restores it.
  • streamable_http transport by default with an sse fallback for legacy servers.
  • Per-(user, server) session pool keeps outbound MCP sessions warm for 5 minutes, LRU-capped at 50 per worker.
  • Credential rotation reminders surface at 90 days on the oldest credential.
  • Opt-in forward_user_id adds X-ScaiGrid-User to outbound calls when the third party needs per-user attribution.
  • Tool naming under remote.{user_id}.{slug}.{tool_name} (personal) or remote.tenant.{slug}.{tool_name} (tenant-shared) with stable per-name slug hashing.

v1.0 — Launch#

  • Authenticated WebSocket gateway at /v1/scailink/ws for desktop MCP clients.
  • JSON-RPC 2.0 protocol with session_init / heartbeat / catalog_update / consent_response / session_terminate from clients and tool_invoke / resource_read / prompt_get / consent_request / policy_update from the server.
  • Session resumption via a 120-second grace period across WebSocket disconnects.
  • Per-tool consent: first-touch and out-of-policy invocations prompt the user.
  • Audit log with three detail levels (full, metadata, off) chosen at session_init.
  • REST surface for sessions, capabilities, invocations, consent resolution, and audit reads.
  • Admin UI dashboard for sessions, cloud MCP servers, and the audit timeline.
Updated 2026-05-18 15:01:29 View source (.md) rev 12