Changelog

​

New

• macOS TCC permission cards. When a tool hits a macOS permission denial (Downloads, Desktop, Documents), Friday shows a yellow card with a Settings deeplink and a one-click mv command to relocate your files.

​

Improved

• Unified sidebar navigation. Skills, MCP catalog, and chat list now share a single SidebarNav component, making the UI more consistent and the codebase easier to maintain.

​

Fixed

• Run button no longer cancels jobs on navigation. Triggering a job via the Run dialog now uses async mode, so closing or navigating away from the tab no longer kills the job.
• MCP doctor skips curated providers. Notion, Linear, Atlassian, and PostHog entries now take the fast path instead of dead-ending on a conflict error.
• Playground mic stays live until stopped. Voice input in the playground now records continuously until you click the toggle again.
• Release publish flow no longer stalls. The studio-release publish command no longer hangs on a less pager prompt.

​

New

• Microsoft Mail OAuth provider. Read and send Outlook and Microsoft 365 mail through a new microsoft-mail provider in Link. Personal, work, and school accounts all sign in through the same flow.
• Secure env_set confirmation. For secret-looking keys (token, key, secret, password, credential), the confirmation card hides the value behind a password input. Secrets never appear in chat history.

​

Improved

• Chat surface polish. Message actions hug the bubble edge. Inline timestamps drop seconds (hover for full date and time). Fullscreen chat keeps its rounded framing.
• MCP catalog sorts alphabetically. Previous order grouped by source invisibly.
• Quieter daemon logs. Installed builds default to FRIDAY_LOG_LEVEL=warn instead of debug, which flooded logs with per-token MCP stream events.

​

Fixed

• Launcher self-recovers from crashes. The macOS LaunchAgent now restarts after abnormal exits while leaving clean Quit alone. Existing users get migrated on their next launcher boot.
• MCP session eviction unsticks long-lived SSE streams. The cleanup tick now force-evicts the oldest idle session first, resolving the chat-storage “Offline” wedge that previously required a daemon restart.

​

New

• Raw webhook provider. Wire any external service to a workspace via webhooks. The tunnel accepts raw bytes and your workspace agent parses the body and verifies signatures itself, replacing the old hardcoded GitHub/Bitbucket/Jira providers.
• OpenRouter LLM provider. Set OPENROUTER_API_KEY and pick any tool-capable model from their catalog. Configure with conversational: openrouter:<model-slug> in friday.yml.
• Async webhook mode. Add ?nowait=true to webhook POSTs for fire-and-forget delivery.

​

Fixed

• Workspace imports from the discover catalog work in installed Friday Studio. The playground routes now resolve the daemon URL at runtime.
• Bundled user agents run after import. Imported workspaces referencing bundled type: user agents no longer fail with “agent not found”.
• MCP HTTP connections restored. Pinned @ai-sdk/mcp to 1.0.41 after 1.0.42 broke every HTTP MCP connection.
• Workspace display names in MCP panels. The tool invoker and usage panels now show the resolved workspace name instead of the raw template default.

​

Breaking

• Webhook URLs have moved. /hook/github/..., /hook/bitbucket/..., and /hook/jira/... no longer resolve. Update external services to use /hook/raw/<workspaceId>/<signalId> instead.
• Signature verification moves to workspace agents. WEBHOOK_SECRET and WEBHOOK_MAPPINGS_PATH env overrides are removed. Verify signatures in your agent code.
• Webhook body cap lowered to 4 MiB (was 25 MiB).
• triggerSignal return type narrows. AtlasClient.triggerSignal now returns a discriminated union: { status: "completed", sessionId, output?, summary? } or { status: "accepted", correlationId }. Callers must narrow on status before accessing sessionId or correlationId.
• triggerSignalWithSession / triggerSignalWithResult signatures changed. Five trailing positional optionals collapsed into a single opts: TriggerSignalOpts bag.
• WEBHOOK_TUNNEL_URL removed. Use EXTERNAL_TUNNEL_URL only.

​

New

• Agent argument guardrails. Before Friday runs a write, send, or delete action, it verifies every argument traces to a real tool result. Hallucinated arguments are caught before they execute.
• Honesty enforcement. Claims in agent responses must trace back to actual tool results. Confident-sounding fabrications no longer make it through.
• Encryption enabled by default. Friday Studio now runs on HTTPS with a locally trusted certificate, generated automatically on first boot.
• Per-workspace environment config. Each workspace carries its own .env file. Variables there apply to every agent and job in that workspace without touching global config.
• Expanded file attachments. Drag PDFs, HTML, CSVs, Markdown files, and images directly onto chat or use the upload button — all inlined as context for that turn.
• Reworked MCP registry. Discovering and installing tools that connect to your services (Stripe, Bitbucket, Jira, and more) is faster and clearer.

​

Improved

• Browser app performance. Slowdown during long conversations has been resolved. If you’re still seeing it, let us know.

​

Fixed

• Google OAuth failing on desktop installs with TLS enabled.
• Services bouncing after ~60s on HTTPS installs.
• Response body leaks across ~45 fetch paths closed.

​

New

• Elicitations. Agents can now pause mid-job to ask you a question — approvals, confirmations, or multi-choice decisions — and wait for your answer before continuing. Respond directly from the Activity page.

​

Fixed

• Expanded cards in the activity feed no longer snap shut when the page updates.

​

New

• Usage page. /usage shows token spend across every workspace, broken down by model — input tokens, cache reads and writes, output tokens, and USD cost.
• Chat export. Export any conversation as a self-contained zip: a styled HTML transcript, raw JSON, and all referenced artifacts.
• Tabular artifact viewer. CSV, TSV, and JSON artifacts open in a full-screen table view with Copy, Download CSV, and Download Markdown actions. Markdown tables in chat get an Actions dropdown too.
• Welcome wizard. New users are walked through a first-run setup on their first visit.

​

Improved

• Prompt caching. System prompts are now cached at the model layer with a 1-hour TTL. Repeated turns in the same workspace reuse the cached context rather than resending it — you’ll see this as cache read tokens on the usage page, which cost significantly less than fresh input tokens.
• Accurate per-turn cost tracking. Usage now captures the full cost of a turn including nested agents and Python agent LLM calls, not just the top-level model call.
• Chat render performance — streamed messages are faster and smoother.

​

Fixed

• Streamed chat bubbles no longer blank out after the response finishes.
• User messages right-align correctly again.
• Transient OAuth failures no longer force you to reconnect a service — only truly expired tokens do.
• Daemon shutdown is now reliable and no longer holds the port open after reporting complete.

​

Breaking

• Several tool names have been renamed. If you have Python agents that reference the old names, update them:
  • memory_save → save_memory_entry
  • memory_read → list_memory_entries
  • memory_remove → delete_memory_entry
  • artifacts_create → create_artifact
  • artifacts_get → get_artifact
  • workspace_delete → delete_workspace
  • get_mcp_dependencies → describe_mcp_server

​

New

• Human-in-the-loop. Agents can pause mid-job to ask you questions, answered from the Activity page.
• Artifact refs. Jobs write compact references instead of dumping full content into chat context.
• Validation strategies. Use self, external, or auto so empty-output regressions are caught.
• Delegate budgets. Sub-agent cost, token, and time limits.
• Chat sidebar. Workspace dropdown, color-coded, with a “New chat” button.

​

Improved

• Python agents: ctx.input hydrates artifact refs, and ctx.tools works including HITL.

​

Fixed

• AI SDK aborting its own streaming response mid-reply.
• fs_write_file writing files to the daemon’s launch directory instead of the workspace.
• HITL jobs reaped as inactive while waiting on user input.
• Debug page wedged at “Connecting…”.

​

Breaking

• scratchpad removed — use short_term memory.
• outputTo actions must end via the complete tool.
• OutputValidator replaced by validate: external.

​

New

• Resumable chat streaming. Survives Chrome’s ~50s fetch cap with cursor IDs per SSE frame and client-side reconnect.
• Live Schedules feed. /schedules now uses real-time SSE instead of 60s polling.
• Cascade saturation banner. Persistent warning when the job queue backs up, clears when it drains.
• default filter. Write {{inputs.foo | default: 'bar'}} in agent prompts.
• MCP tool-probe caching. 1-hour TTL with background pre-warming to kill npx and uvx cold starts.

​

Fixed

• macOS chat history. Data lived in $TMPDIR, which macOS garbage-collects. The daemon auto-migrates to ~/.friday/nats on first boot.
• Reinstalling no longer wipes your data. The installer only replaces its own files.
• API keys with dashes (sk-ant-...) wrapped in literal quotes by the .env serializer.
• Cron-triggered agents unable to reach workspace MCP servers.
• Cancelled sessions wedging the cascade until a daemon restart.
• Cross-turn chat event leaks corrupting stream output.
• MCP subprocesses running stale config after env var changes.
• .env files edited on Windows now parse correctly (\r stripped).

​

Breaking

• Phantom bundled-agent references hard-fail at validation instead of silently stalling. Check metadata.lastError if a workspace fails to load.

​

New

• NATS JetStream backbone. Chat, memory, signals, tool dispatch, and artifacts all live in durable streams, laying the groundwork for multi-host deployments.
• parse_artifact tool. Extracts PDF, DOCX, and PPTX content to markdown server-side, directly from chat.
• Skill export and import. Bundle and share skills as gzipped files. Promote a workspace skill to a published one with the new publish_skill tool.
• Schedules page. Missed cron firings surface in /schedules with Fire, Fire-all, and Dismiss controls.
• Cron control API. Pause and resume timers at runtime without editing workspace.yml.

​

Improved

• Chat attachments: large files (like Gmail PDFs) no longer fail with MAX_PAYLOAD_EXCEEDED, and PDFs render inline with a download button.
• Follow-up messages mid-turn now cancel the prior turn cleanly.
• Google Sheets connections no longer hit the “This app is blocked” page — OAuth scope is read-only end-to-end.
• AI error messages surface rate limits, auth failures, and deprecated models with actionable detail.

​

Fixed

• Orphaned Chrome processes from crashed daemons self-heal on next launch.
• Agent-created artifacts keep their correct MIME type.
• Daemon shutdown is faster, and the last messages of an active chat survive a restart.
• HTML artifact previews are now sandboxed — agent-authored HTML cannot execute as same-origin.
• skills.sh autocomplete in the add-skill dialog works again.

​

Breaking

• NATS binary required on PATH (or set FRIDAY_NATS_URL to point at an external broker).
• Cron onMissed default changed from skip to manual — add onMissed: skip to preserve old behavior.
• Memory strategies retrieval, dedup, and kv removed — use memory.kind: narrative.
• CLI commands and HTTP routes removed: atlas library, /library/*, /activity, /workspaces/blueprint-recompile.
• Legacy on-disk paths (~/.atlas/sessions-v2/, state.db, and others) are no longer read.

​

New

• Same workflow, same behavior every run.
• Context and memory that get sharper over time.
• Full visibility into every step when something breaks.