Changelog

File downloads for tile versions with failed, errored, or pending moderation now return 403 with a moderation_hidden error code. Inline docs and steering are omitted from those version objects on GET /v1/tiles, GET /v1/tiles/:ws/:tile/versions, and GET /v1/tiles/:ws/:tile/versions/:version.

Tile pages now show a placeholder instead of inline docs and steering when a version is under moderation review, has failed moderation, or encountered a moderation error.

Public tiles now enforce a platform-level critical-severity security threshold: publishing a version with critical-severity findings blocks moderation and prevents the version from becoming available, regardless of workspace security policy settings.

Claude Opus 4.8 (claude-opus-4-8) is now available as an agent model for eval runs.

Security severity levels in moderation failure messages now display as 'Critical', 'High', 'Medium', and 'Low' rather than internal identifiers.

Trend indicators on tile analytics now show 'New' when there is no baseline period to compare against, instead of an incorrect percentage.

Eval-run detail pages now live under workspace-scoped URLs (/workspaces/:workspace/eval-runs/:id), so the sidebar shows the correct workspace navigation. Existing /eval-runs/:id links redirect automatically for workspace members; public run links continue to work without authentication.

moderationStatus and moderationError are now included in the version objects returned by GET /v1/tiles, GET /v1/tiles/:ws/:tile, GET /v1/tiles/:ws/:tile/versions, and GET /v1/tiles/:ws/:tile/versions/:version. moderationStatus is one of pass, fail, error, pending, or skipped; moderationError carries a safe, human-readable message when present. The deprecated moderationPassed boolean is unchanged; moderationStatus is the recommended replacement.

The moderation status banner on tile pages now shows three distinct states: failed moderation (red), moderation error (orange), and review in progress (blue), each with copy tailored to the outcome.

Security review is now a required stage before a published tile version becomes available. After publishing, a version stays in pending moderation state until the security scan completes; a failed or errored scan results in a fail verdict and prevents the version from being accessible.

Tiles now show a pending moderation state immediately after publishing while security review runs; the version becomes available once review completes, and a failed scan keeps it offline.

Workspace member pages now include a short description explaining that org membership is required before a workspace role can be assigned, with a direct link to the org members page.

The error toast shown after a failed skill submission now displays a close button and auto-dismisses.

The allowUrlSources and allowFileSources fields have been removed from the managed-project policy — PUT /v1/workspaces/{workspaceId}/managed-project-policy now returns an error if either field is sent. Existing policies are migrated automatically.

Tiles and skills with no eval coverage now show an adjusted score — 80% of the review-based score at zero evals, ramping to full weight at three or more. Search ranking and score badges reflect this change.

The organization switcher has moved into the user menu with keyboard navigation. The workspace list now shows all workspaces across organizations, with an org badge when you belong to more than one.

GET /v1/workspaces/:id now accepts a workspace name in place of an ID.

Publishing to a workspace where you lack the publisher role now returns 401 Unauthorized with a message directing you to ask a workspace manager or owner — previously returned 404 Not Found.

The workspace selector in the 'Add member to organization' form now correctly requires a selection before submitting.

Workspace settings now include toggles for public publishing, security reviews, and eval runs — accessible to workspace managers and above.

New GET, PUT, and DELETE /v1/workspaces/{workspaceId}/managed-project-policy endpoints for managing workspace dependency-pinning policies.

Tiles in workspaces with security reviews disabled now show a disabled state instead of Pending on the security tab.

Starting an eval run or generating scenarios now returns 400 for workspaces with evals disabled.

New /changelog page summarising what shipped on Web and API each week.

Onboarding now captures role and use case during signup.

Refreshed copy on workspace and org role descriptions to make permissions easier to understand at a glance.

Creating a workspace now requires the org-admin permission.

Workspace created during onboarding now appears in the sidebar immediately without a page reload.

UUID validators relaxed to accept any valid hex format.

Org and workspace selectors stay populated after a page refresh.

Editing workspace settings now requires the edit_settings permission (manager or higher).

Legacy user-scoped API keys no longer accepted — switch to workspace- or org-level API keys.

API endpoints are now tagged as public or experimental in the OpenAPI spec.

Workspace Projects are now available to all customers.

Eval-result emails redesigned with a clearer score breakdown.

HTML files are now permitted in tile publishes.

Refreshed the favicon set across the web product.

Org admins can now change member roles.

Org admins can now remove members from the organization.

Eval-run table rows are now real links so command-click opens them in a new tab.

Pending org invitations can now be listed, resent, and revoked from the UI.

Related tiles and skills are back, now powered by semantic search.

Added an organization switcher above the workspace selector.

Workspace owners can now delete empty workspaces.

Organizations can now be renamed directly from the UI.

A single invitation can now add a user to multiple workspaces in an organization.

Workspace managers can now browse organization members when adding workspace members.

Eval-run page now renders activation results from agent runs.

Eval-run progress now renders as a per-scenario segmented bar.

Pending eval runs are now labeled "In Progress".

New workspace settings page with a Block Public Tiles toggle.

Email notifications are now sent on eval completion.

Tile publishing now uses workspace-level API tokens.

Tile lists can now be sorted by score, security, and impact.

API-key authentication now accepted on GET /users/me.

Codex agent now available for eval runs.

Username now visible in the user dropdown menu.

Login and signup pages refreshed with a new tessellated logo background.

Improved the error messages when tile moderation fails.

Tiles with no score now show a Pending badge instead of a 404.

Authentication-provider buttons now use a consistent "Continue with" label.

Removed the in-product tile-generation flow and the Request Docs CTAs.

Directory fixtures now supported in the V2 eval-run API.

Custom login and signup screens replace the previous hosted auth experience.

CLI device-auth flow added so tessl login works from the terminal.

New API-key management UI rolled out.

Failed security reviews now appear in the UI.

Install CTA is now hidden on tiles and skills with critical-severity security findings.

Email invitations are now rate-limited.