Deep Search now displays a warning banner when answers are truncated due to output token limits.

Citations in Deep Search conversations are numbered continuously across all questions. When the same source is referenced in multiple questions, it reuses the original citation number, making it easier to track sources throughout a conversation. The citations panel auto-scrolls to show relevant sources as you navigate between answers.

Deep Search now provides better answers to "what have I worked on recently" questions by automatically including current user and date context.

Added Deep Search conversation search to the fuzzy finder, allowing users to search past conversations by title or content using Cmd+J (or Ctrl+J on Linux/Windows).

Moving to Code Navigation from Deep Search file previews opens a side panel where the conversation can be continued while exploring the codebase.

When Deep Search is enabled, it replaces Cody Web in the UI. The /cody/chat route and Cody sidebar are no longer shown.

Reintroduced the get_contributor_repos tool to enable queries about contributor activity.

Added quick conversation navigation by holding Opt (or platform equivalent) to bring up an answer navigator

Added button and keyboard shortcut to upload images to Deep Search

Added Cmd+. (Mac) / Ctrl+. (Windows/Linux) keyboard shortcut to start a new Deep Search conversation from anywhere within the interface.

@mention suggestions now remember recently used repositories and show them instantly

Deep Search now streams answers with a typing effect, improving perceived latency.

Added context window indicator to inform users of how much of the context window has been used.

Include images in Deep Search questions by pasting or dragging up to 2 images per question (5MB max each) to share screenshots, diagrams, or error messages.

File preview in Deep Search now supports code intelligence features including hover tooltips, go to definition, and find references.

Deep Search conversations now display a Slack icon in the thread header when initiated from Slack, providing a direct link back to the original Slack thread.

Reduced Deep Search conversation persistence from 24 hours to 1 hour, and sidebar open/closed state now resets on page refresh instead of persisting indefinitely. Conversations can always be restored from the history panel.

Deep Search now uses a dedicated subagent for finding relevant files, reducing token usage and allowing more thorough searches before reaching context window limits.

When the search input is empty, a "Recent searches" suggestion group now appears showing up to 5 of your most recent queries with syntax highlighting and clock icons. Selecting an entry populates the search input with that query.

Added a new site config option batchChanges.restrictMergeToAdmins to restrict merge and auto-merge actions to site admins only.

Site admin authentication settings now offer password policy presets (Standard, Strong, Fortress) instead of requiring manual configuration of each complexity rule. Session idle timeout uses an explicit checkbox instead of empty-field conventions. Access request toggle is disabled with an explanation when built-in signup is already enabled.

Added a form-based UI for managing authentication settings including session management, signup controls, password policies, and access restrictions, replacing the need to edit raw JSON configuration.

Added a dedicated UI in the site administration area for configuring TLS/mTLS settings.

• Renamed site admin "Site configuration" page to "Advanced configuration" and moved it to the bottom of the Configuration section in the sidebar
• Added vertical resize capability to the JSON settings editor container

Added a dedicated page in the site administration area for configuring email SMTP settings.

Admins can now update the license key directly from the License page

Consolidated Background jobs and Code Insights jobs pages as tabs within the Diagnostics page.

Added query parameters to the Diagnostics page to make tab selection shareable and bookmarkable. Old diagnostic routes now redirect to the new page with the appropriate tab selected.

Consolidated Pings, Migrations, Outbound requests, and Slow requests pages under a single "Diagnostics" page in the site admin sidebar.

Administrators can now mark an email as verified when creating a user.

Reorganized site admin sidebar navigation: Repositories section now lists repos before code hosts, Users & auth section moved higher, new Integrations section groups Slack/webhooks, and redundant API Console and Documentation links removed.

A warning is now displayed on the repositories administration page when authz.enforceForSiteAdmins is enabled.

Users now see a modal informing them their session has expired, with an option to redirect to the sign-in page.

GitHub privacy emails (format: <ID>+<username>@users.noreply.github.com) are now resolved to Sourcegraph users when the GitHub account is linked, improving user attribution on commit pages and other views.

auth.idpDynamicClientRegistrationEnabled is now enabled by default for easy MCP access.

OAuth Clients registered via Dynamic Client Registration are now limited to the "mcp" scope only, improving security by preventing overly permissive applications.

Added a new mcp scope for issuing access tokens or OAuth tokens with access limited to MCP tools only. This provides a more restricted alternative to the previously required user:all scope.

Added a search bar to the Code Insights "All Insights" tab, enabling users to quickly filter insights by title instead of scrolling through paginated results.

Group Results (Compute) Code Insights feature is now generally available and no longer requires an experimental feature flag.

• Fixed CSS token cascade issues causing broken UI in Cody Web
• Fixed prompts editor layout shifts and focus state
• Fixed modal rendering issues
• Fixed z-index overlaps for tooltips and popovers

Added a worker that runs ANALYZE on database tables on weekends to optimize query performance.

Added KUBERNETES_JOB_HOST_NETWORK environment variable for the Executor service to enable host networking for Kubernetes job pods. This is useful when pods need to access routes accessible by the host but not from the pod, such as when running a kind cluster on podman.

On sourcegraph.com, MCP tool descriptions now explicitly indicate they search open source code, making it easier for AI agents to distinguish between public and private Sourcegraph instances.

Repository recloning operations now display real-time progress updates on the repository mirroring page. The reclone and fetch buttons are hidden while a reclone is in progress.

Gitserver now coordinates optimization tasks per repository, ensuring only one optimization runs at a time with priority-based preemption.

Repository optimization now writes incremental progress reports, making it easier to monitor long-running optimization operations.

This enables us to render the Slack identity of a user instead of just the Sourcegraph username.

Added instructions for uploading a profile picture to the Slack app.

Add "View in Sourcegraph" button alongside "Show Full Response" for long answers

Users can now send direct messages to the Slack app for Deep Search. To use this feature, uninstall the app, update the manifest, and reinstall the app.

Slack integration now supports rich link previews for code file links.

Slack integration now supports asking Deep Search questions with images in the thread, with a maximum of 2 images per message.

Slack integration now uses the ContentBlocks API to pass thread context as structured data instead of prepending it to the question text.

Added a dismissible banner to the Deep Search homepage featuring the new Deep Search Slack integration.

Slack configuration errors are now displayed in the Administration -> Notifications area.

Sourcegraph now supports rich link preview for search links in Slack.

Verbose responses in Slack now include an AI-generated summary, providing immediate insight before expanding the full response.

Removed the 30-minute expiration for deferred Slack messages, so unfurled responses are now always available.

Added an interactive button to handle lengthy Slackbot responses (over 3,000 characters). Users can choose to view the full response inline or in the Deep Search thread. Full responses are temporarily stored for 30 minutes, after which users must view them in the Sourcegraph instance.

Removed the feature flag UI from the site admin interface for all non-Cody self-hosted Sourcegraph instances. Site admins that still need to manage feature flags can do so using the src CLI tool with GraphQL API commands.

Removed the feature flag UI from the site admin interface for all non-Cody self-hosted Sourcegraph instances. Site admins that still need to manage feature flags can do so using the src CLI tool with GraphQL API commands. See this docs page for instructions on how to do so.

Repository URLs now use the /r/ prefix (e.g., /r/github.com/owner/repo). Old top-level repository routes automatically redirect to the new format for backward compatibility. This prevents conflicts between product routes and repository names.

• Easier discovery of everything Sourcegraph can do. As the platform has grown, some capabilities have been harder to find in the old horizontal navigation. The new expandable vertical menu makes it easier to access, explore, and understand the full range of features available.
• Optimized for the way developers actually work. Most developers use Sourcegraph on laptops and larger displays. The vertical nav makes better use of that screen space, while still working well on smaller devices.
• A dedicated space for important updates. The new layout gives a clear, unobtrusive place to highlight major features and announcements so important updates aren't missed.
• A refreshed, modern interface. This update is part of a broader effort to improve the platform's visual clarity, reduce clutter, and move away from the older tab-based top navigation.

Access requests are now displayed as a status notification.

Added a "What's new" popover in the navigation that displays recent changelog posts, allowing users to discover new features directly within the product.

Hides several admin UI elements on Cloud that are not relevant and actionable to customers on Cloud, including gitserver disk details, email delivery configuration, Updates/Gitserver/Observability pages, OOB migrations, license key form, and gitserver storage warnings.

Diff pages now load faster by initially rendering plaintext hunks and lazily loading syntax highlighting as hunks are scrolled into view.

Entitlements now support an hourly option.

Administrators can now reset user entitlement usage via the "Entitlement usage" page.

To support moving off of notebooks, we're providing an exports API. The GraphQL query field notebookExports provides markdown exports of all notebooks with filtering options.

Added toast notification system with helper functions and custom Sourcegraph styling for light and dark themes.

Improved error handling when token limits are exceeded by estimating prompt size before LLM calls and ensuring errors are displayed in the UI.

Fixed tool renderers to display "0 results" instead of raw JSON when no results are found.

Deep Search now resumes automatically after server restarts instead of getting stuck in a pending state.

Added support for Proto/Protobuf, SCSS, Groovy, PowerShell, CMake, and Makefile highlighting in Deep Search markdown code blocks.

Fixed URLs in deep search results being incorrectly double-prepended with the domain when they already contained the external URL.

Fix errors when deleting Deep Search conversations while they are still processing.

Fixed horizontal scrolling in the Deep Search sidebar when a long filename context chip was displayed.

Fixed a visual bug where a draggable divider line appeared on the right edge of Deep Search on narrow screens.

Fixed overflow issue in search input history mode

Search-based symbols in the symbol tree now preserve the current file view (e.g., blame view) instead of resetting to code/raw view.

Fixed symbol sidebar toggle reliability and made Deep Search, Cody, and Symbol sidebars mutually exclusive so only one can be open at a time

Hid expand/collapse button for path search results that have no expandable content

Fixed alignment of code intelligence preview popover when blame panel is visible

Fixed inconsistent alignment of the batch change state pill (OPEN/CLOSED badge) in the batch changes list.

Fixed author attribution when signing batch changes commits with GitHub Apps by appending a Co-authored-by trailer to preserve the original author.

GitLab OAuth tokens are now properly validated using the /oauth/token/info endpoint to check scopes, while personal access tokens continue to use the /user endpoint. This ensures correct token validation behavior for both authentication methods.

When connecting a code host identity to Batch Changes, errors are now correctly surfaced in the UI.

Fixed incorrect pattern syntax in the "GitHub Actions: Pin Versions" batch spec template to use proper regex instead of glob syntax

Fixed database constraint violations when recreating batch changes in the same repositories by properly cleaning up associated changesets during deletion

Fixed a bug where users (including service accounts) could not be created by a site admin when signup is disabled.

Site configuration history now loads significantly faster in many cases.

Fixed site config occasionally reverting to old config after saving

Fixed an issue where site config would occasionally revert to old config after saving

Sourcegraph will now avoid dropping a user's repository permissions if it encounters a 429, 500, 502, 503, or 504 when refreshing the OAuth access token (as encountered during the Feb 9 GitHub incident: https://www.githubstatus.com/incidents/lcw3tg2f6zsd). The permission syncer will simply re-use the users' old permissions until the next sync.

• Fixed race condition in OAuth token refresh that could cause invalid_grant errors when concurrent refresh attempts occurred
• Fixed stale external account linkage when users reconnect their OAuth accounts, ensuring token refresh uses the correct refresh token

User profile roles are now only visible to site admins and the user themselves, fixing a permissions issue where roles were visible to unauthorized users.

Removed distracting fly-in animation when loading Code Insights dashboards

Skip invalid repositories (deleted or not cloned) to prevent infinite processing loops

Code monitor webhooks now accept all HTTP 2xx status codes (200-299) as successful responses, preventing duplicate notifications when webhook endpoints return HTTP 202 Accepted or other 2xx codes.

Reduce concurrent load on gitserver by spreading out code monitor queries with jitter

Long gone because of webworker issues in Safari, Cody Web is now available again.

Report which container failed if an executor pod fails when executing on Kubernetes.

Fixed executors on Kubernetes joining commands incorrectly

Improve page that lists executor instances to better handle instances with extremely long names

When connecting a GitHub external account to Sourcegraph, the user's GitHub profile link is now properly displayed on the Account Security page. If the link is not visible, remove and re-add the GitHub connection.

Fixed missing sync reasons in the SOURCEGRAPH group for the permissionsSyncJobs API.

Fixed an issue where Anthropic models could produce malformed tool call arguments, causing Deep Search conversations to become stuck in an errored state.

Fixed stale license validation states being used after updating license keys, ensuring validation results always correspond to the currently configured key.

Added --scopes mcp argument to the MCP login command to ensure proper OAuth scope grants for MCP functionality.

Upgraded go-tuf dependency to v2.4.1 to fix three medium-severity security vulnerabilities (CVE-2026-23991, CVE-2026-23992, CVE-2026-24686).

Show the right error message in Slack search link preview when there is a query syntax error

Fixed confusing UI state in Administration -> Slack configuration where the UI showed a warning that Slack couldn't contact the Sourcegraph instance even when the integration was working correctly. The UI now displays a cache-busting ?retry URL parameter to force Slack to re-verify the connection.

Improved error message when non-author users attempt follow-up questions in Slack, directing them to use @Sourcegraph new question <message> instead.

Fixed video playback in Safari for Markdown-rendered content

• Fixed button group pressed effects and focus ring rendering
• Fixed Batch Changes row layout issue in Safari 18.x and lower
• Fixed blob UI bottom panel alignment to show border only when open

Pages with sidebar navigation are now usable on mobile and tablet devices. The sidebar can be toggled open and closed, and sidebar sections are collapsible on smaller screens.

Fixed z-index stacking issue where app shell floating elements incorrectly appeared above survey toasts and feedback modals

Fixed UI flash when loading temporary settings from cache

The "Account security" page now displays the login for each connected external account (e.g., GitHub, GitLab).

Fixed line number alignment when switching to blame view

Fixed sticky file header positioning on commit page

Fixed image alignment in the image viewer and now always display the dimensions of binary images.

Fixed navigation error when leaving organization profile page

Fixed cursor-based pagination to correctly apply filters when using multi-column cursors. Previously, filters (such as search queries or clone status) were silently ignored for a subset of results due to SQL operator precedence, causing paginated endpoints to return more results than expected and include items that didn't match the filter criteria.

User settings page headers now have a consistent appearance across all sections.

Deep Search no longer generates diagrams by default, making responses faster and more responsive. You can still request diagrams anytime by including "draw a diagram" or similar in your query.

Removed the "Find implementations" button from the code navigation hover tooltip. This button appeared inconsistently—showing for symbols where it wasn't applicable (like local variables or package names)—and relied on indexer support that varied by language. With less than 0.1% of code navigation actions using this feature, the hover experience has been streamlined.

Hid implementations and supers buttons in the explore panel when using search-based code navigation, as these features are only supported by precise code intelligence.

Removed automatic PostgreSQL 12 to PostgreSQL 16 upgrade support from builtin Sourcegraph database containers (pgsql, codeintel-db, and codeinsights-db).

Removed support for generation 1 Gemini models (no longer accessible) and Mistral models (no longer deployed on Fireworks serverless).

Deprecated observability.tracing.type: "jaeger"; use "opentelemetry" with an OTLP-compatible collector instead

Remove autoupgrade supporting functions and methods

Removed feature flag UI access for non-Sourcegraph operators in Cloud environments.

Removed the single-container (sourcegraph/server) deployment mode. The sourcegraph/server Docker image is no longer published. Customers must migrate to Docker Compose or Kubernetes before upgrading to 7.0.0.

Search Notebooks pick up on the idea that most searches are not just one search. In a common workflow, you run multiple searches, gather several pieces of information, and then you compile your final answer from all these sources. Back in 2022, Notebooks solved a real need to be able to document and share that research trail.

Sound familiar? Notebooks are reflecting the steps a Deep Search takes to compile it's answer. It collects citations and the answer in a central place. We believe that the future lies much more in this agent-driven code exploration and future iterations of it than the manual Notebooks idea that predates the AI era.

Removed explicit code ownership assignment and teams management from the web app. Codeowners files are still processed and this information is still available via search and the ownership panel.

Migrated the search-content-based-lang-detection feature flag to the searchContentBasedLanguageDetection site configuration setting. Customers who previously had the flag enabled and would like to continue using this feature should enable it in their site configuration settings.

• The /api/openapi/ pages, home to the Cody API, have been moved to /legacy/openapi/. Existing links are redirected.
• Integrations going forward should use the new official Sourcegraph API documented in /external-api.

• Moved the GraphQL API console from /api/console/ to /debug/console/ to reflect its role as an internal API. Existing links are redirected.
• Going forward, external integrations should use the new official Sourcegraph API documented in /external-api.

Upgrade opentelemetry-collector to v0.144.0.

Fixed negated terms in hybrid search to correctly exclude files when the term appears in either the file path or contents.

Fixed search history not saving new searches after the Svelte 5 signals migration.

Improved user deletion latency by optimizing database calls and removing redundant work

Fixed action buttons (such as delete) in code insight headers that were not functioning correctly

Migrator now gracefully handles cases where the pg_stat_statements extension cannot be installed due to database permission restrictions

Fixed an issue where access tokens created by hard-deleted users could not be listed.

Fixed user-initiated actions (OAuth sign-in, auth token validation) that would hang when the internal Bitbucket rate limit was hit. These operations now bypass the internal rate limiter.

Commits with changes to large files are now displayed with plaintext diff output when syntax highlighting is unavailable.

All users can now filter batch changes by user, not just site administrators. The current user appears at the top of the user filter list for easy access to their own batch changes.

Fixed "View on code host" button to properly escape % characters in file paths when generating external links.

Code Insight preview results now exclude archived and forked repositories by default, matching the backend behavior present since 3.40.

Repository permissions are no longer dropped when encountering HTTP/2 stream cancellation or "internal error" from the upstream GitLab code host. Instead, existing permissions are preserved and the permissions sync is retried later.

Fixed an issue where URLs containing the external URL would be incorrectly mangled, resulting in duplicate domain paths

Fixed invalid links in deepsearch markdown content that contained the host twice

Fixed TLS configuration not being applied to HTTP client, causing OAuth authentication failures.

Fixed TLS certificate validation via regular expressions in site config

Fixed an edge case where Deep Search questions did not respect cancellation state from the database, preventing them from continuing indefinitely after being cancelled.

Fixed infinite loop in DeepSearch when LLM tool argument parsing fails during streaming by properly propagating errors to internal callers

MCP deepsearch queries on the old .api/mcp/v1 and new .api/mcp endpoints will now time out after 50 seconds to avoid Cloudflare connection timeouts. Queries exceeding this timeout return a link so agents can track completion and inform users where to follow progress.

• Fixes a log spam issue where EnsureRevision calls would logspam "failed to perform background repo update" when a scheduled repo update is already running.
• Fixes an issue where EnsureRevision would incorrectly increase the update failure counter on a repository if a scheduled fetch is already running.
• Fixes an issue where log output from Fetch could cause a Fetch to stall forever because the reader silently errored.

Deep Search now streams results as they become available.

The Deep Search input now dynamically grows as users type or paste content.

Deep Search history sidebar can now be navigated using arrow keys.

Site admins can now set per-user Deep Search usage limits through entitlements: classes of usage limits that can be assigned as a global default, or to specific users.

Deep Search backend sources are now rendered after citations in collapsible sections within a unified sources container.

Deep Search sidebar is now available in the blob view for enhanced code exploration.

Added Slack bot integration for Deep Search. To get set up, go to Site Admin → Slack integration.

The site admin page is now simply titled "Administration".

Site admin organizations page now uses the standard page container design.

Navigation sidebars in site admin pages now support collapsible sections with localStorage persistence

GitHub Apps can now be configured via the declarative config file with secure handling and storage of private keys

Introduces a new notification widget that replaces the site-wide banners on Sourcegraph, as well as a new site-admin dashboard that shows notifications, as well as some suggestions on what admins can do to manage their instance.

Fixed context retrieval bug when using remote file mentions and chat UI flickering

Added option to skip TLS verification for executors talking to Sourcegraph via EXECUTOR_FRONTEND_TLS_SKIP_VERIFY

Alert when repository cleanups fail consistently

The repository permissions page now displays the total count of users who have access to the repository.

Fix history panel displaying the last question's title instead of the conversation title by generating conversation title only on the first question.

Links now point to answers instead of questions. This resolves confusion where the link pointed to the question but the copy button was part of the answer card. Old links continue to work because the question anchor is preserved in the code.

The tab title is now correctly updated when switching between DeepSearch conversations and then navigating away and back to DeepSearch.

Permalinks now use full commit hashes instead of abbreviated ones.

The star button is no longer rendered for non-owners, eliminating the confusing behavior where changes appeared to work but were reverted on refresh.

Fixed submit button icon visibility in Deep Search

Conversation creation failures now display error messages instead of hanging indefinitely in a loading state

• Fixed Deep Search suggestions to display with correct font styles
• Fixed Feedback modal to have proper spacing and close button styling

Increased the deep search input size from one line to multiple lines for improved usability.

Fixed loading skeleton and sources to reflect the currently viewed question's state instead of a global "is anything searching" state

Fixed file search result content not updating when filtering results in certain situations where truncated content caused stale data to be displayed

Fixed branded logos not appearing on the search homepage and in the global navigation when configured.

Repository name matches are excluded from search results when a repo: filter is present without an explicit type: filter. Users can still search repository names by adding type:repo.

Switch from plain ctags to tree-sitter for analyzing symbols in CSS and SCSS files. The result is more predictable parsing, no comment blocks leaking into the symbols sidebar, and css variables showing up as symbols.

Reduced the complexity of GitHub GraphQL queries for syncing changesets to reduce token consumption

READONLY changesets are now counted as CLOSED in batch change statistics, fixing a discrepancy between the burndown chart and summary stats.

Improve error message clarity when user creation fails in site admin

Fixed incorrect navigation highlighting in site admin where 'Settings' was highlighted instead of 'Batch specs'.

Error messages are now clearer when attempting to connect an external account that is already in use by another Sourcegraph account

Addresses an issue where the OAuth consent pages did not allow to scroll down to the action buttons.

Code insights job UI now displays correctly on mobile devices.

In 6.11 our experimental AWS RDS IAM Auth would panic if we failed to refresh the token. We now correctly treat this as an error to log and retry.

Fix broken links to alerts reference in alert notifications for customers on the latest release.

Fixed an edge case where the permission sync scheduler would excessively enqueue jobs when old completed jobs existed in the database

Temporary files are now cleaned up from repository directories, reducing disk space usage.

Fixed an issue where a service account's access tokens would be deleted when the site admin that created the access tokens for the service account got deleted.

Custom indexing policies are now disabled by default. The codeIntelAutoIndexing.policyManagementEnabled configuration can be used to re-enable support.

Removed the repository setup wizard as it is no longer up to date with code hosts. Site admins are encouraged to add repositories via the "Code Host Connections" section of the site admin page.

Anthropic deprecated Sonnet 3.5 and Haiku 3.5. These models are no longer available in Cody. Make sure to upgrade to a recent Cody client release to ensure all features are still functional.

Removed autoupgrade toggle selector and readiness banner as part of autoupgrade deprecation

Fixed a potential issue where a buffer overflow can cause repository update processes to deadlock.

Fixed git object expiration logic that was setting future dates instead of past dates, preventing potential repository corruption in concurrent operations.

Sourcegraph now supports OAuth 2.0 Dynamic Client Registration (RFC 7591). This makes it easier to authenticate against Sourcegraph from an MCP client. As an administrator you must set auth.idpDynamicClientRegistrationEnabled to true in your site settings.

Sourcegraph can now communicate to code hosts using mTLS by providing a list of {"host", "clientCertificate", "clientKey"} configurations in the site config under mtlsConfigurations in tls.external.

Ensure that citations are enabled by default and rendered correctly even when the feature flag value is not set on the backend.

Fixed an issue where applying a new license key would not clear messages from the old, expired license key.

Immediately navigate to the conversation view showing the submitted question with a loading indicator when creating a new Deep Search conversation, before the server responds.

Users can now use the Tab key to select repository suggestions in the Deep Search @ mention menu, providing a more efficient keyboard-only workflow

Improved @-mention filtering with smarter caching for faster, more responsive filtering and reduced backend requests.

Deep Search conversations can now be exported as Markdown by appending ".md" to the URL.

Add ability to collapse results in reference panel.

Embedded organization batch-changes routes into the Svelte app, improving the integration between React and Svelte components for batch changes functionality.

Added batch changes pages in the personal user area for the creation flow.

Added batch-changes-gitlab-oauth feature flag to gate GitLab OAuth integration for Batch Changes.

Added a site-admin page for viewing batch changes specs.

Embedded site-admin batch changes pages into the Svelte app, improving consistency and maintainability of the admin interface.

When site-config or global settings files are loaded from the file system, the config editors in-app now reflect the read-only state.

Redact access tokens in model configuration displayed in the site-config UI.

Added external accounts page for site administrators.

Added auth providers page to site-admin interface

Added a new updates page in the site admin interface.

Frontend service restarts are no longer required when changing certain settings.

Embedded the site-admin init page into the Svelte app

Embedded the site-admin background jobs page into the Svelte app.

The out-of-band migrations page in site admin is now embedded in the Svelte app.

Site admins can now manage OAuth clients through dedicated pages in the admin interface.

Added a roles management page in the site admin interface

Embed OpenAPI documentation pages into the Svelte application at /api/openapi/public and /api/openapi/internal endpoints.

OAuth now supports multiple redirect URIs (space or comma separated)

Embedded the auth consent page into the Svelte app and added test coverage for invalid user codes on the auth device page.

Support for Opus 4.5 with extended thinking is now available. Opus 4.1 models have been deprecated in favor of the new version.

Claude Opus 4.5 is now available for selection

GitHub permissions syncing now uses gzip compression for caching organization and team membership data in Redis, significantly reducing memory usage for large organizations.

Added GraphQL API console support to the Svelte app using graphiql v4 with CodeMirror. Introduced a mechanism to undo CSS reset styles for embedded components using the data-css-unstyled attribute.

incident.io is now supported as an alert notifier in observability.alerts configuration

Added a site-admin page for viewing permissions sync jobs.

Organization pages now use React Router loaders for data fetching and improved navigation performance.

Fixed an issue where clicking the Deep Search link in the top nav from the conversation view did nothing - it now navigates to the Deep Search home page as expected.

Fixed a runtime error on the All Sources tab that was caused by duplicate render keys.

Expanded file preview now has consistent horizontal padding with citations.

Markdown styles are now applied to Deep Search responses when citations are enabled.

The hovered separator is now always displayed on top of resizable panels.

Removed support for deprecated Atom and AppCode editors from the "Editor" action.

Fixed a database constraint issue that could cause errors when scheduling code intelligence indexing jobs after a job reset.

S3proxy multipart uploads no longer fail due to CRC32 checksum validation errors

Repository HEAD auto-indexing jobs are now deduplicated to prevent queue growth.

Fixed scroll functionality on the batch change spec page when embedded in full-screen mode

OAuth authentication errors (like "could not get verified email for GitHub user") are now displayed in the UI instead of causing users to get stuck in an infinite login loop.

Site admins now see a banner when viewing another user's settings pages, indicating they are viewing settings for a different user.

Fixed an issue where deep copying model configuration incorrectly handled nil values, preventing default models from being applied correctly.

Fixed corrupt model configuration states that could cause Cody to use incorrect license keys when communicating with Cody Gateway, previously requiring a frontend container restart to resolve.

MCP tools are no longer rejected by antigravity and VS Code versions older than 1.32.

Gitserver now automatically reclones repositories when a "fatal: bad tree object XXX" error is observed during a fetch.

Fixed React reset styles overwriting component styles, resolving incorrect list styling

Fixed double scroll issue on prompt pages caused by conflicting height rules between React shell UI and PageLayout.

Fuzzy finder is now always enabled and no longer requires experimental settings.

Removed unused in-app analytics APIs including instanceOwnershipStats, User.usageStatistics, Site.usageStatistics, and Site.analytics.

Removed the experimental opencodegraph feature that was previously behind a feature flag.

Sourcegraph reranker is now disabled by default and can be enabled via a feature flag.

Added a predefined OAuth2 client for the Sourcegraph Raycast extension.

Errors in Deep Search are now displayed inline in the answer section with options to retry or start a new search, replacing the previous error banner.

Added the ability to star favorite threads with a new sidebar tab showing all starred threads in one place.

Upgraded Deep Search to use Claude Sonnet 4.5 as the main model and Claude Haiku 4.5 for summary generation, improving performance while maintaining quality.

Deep Search now displays only new steps for each follow-up question instead of showing all previous steps, reducing confusion in the UI.

GitHub account connections now use Proof Key for Code Exchange (PKCE)

Enterprise Portal now shows SLOs for Sourcegraph Cloud instances to track how the instance is performing.

Adds a warning on the GitHub App page in Sourcegraph to warn site admins that a GitHub App does not have the necessary permissions to enable groups caching.

Fixed pagination cursor to match id-descending ordering, preventing glitches during infinite scrolling.

Fixed incorrect base quota calculation for Deep Search metering when customers have complex license histories with expired licenses

Increased timeout from 1 minute to 4 minutes to reduce timeout errors.

Fixed rendering of the Search Jobs management page when search jobs exist for soft-deleted users.

Return WWW-Authenticate header on 401 responses to advertise OAuth schema to MCP clients.

Used constraints instead of exact match in database version validation

Fixed an issue where permissions sync jobs couldn't be paginated if they referenced a deleted user or repository.

Fix default GitHub and GitLab URLs being incorrectly applied when not explicitly configured in site config.

GitHub Apps now require the Repository administration: read permission for groups caching functionality.

Fixed groups caching validation for GitHub Apps by checking for members: read permission instead of OAuth scopes.

Fixed GitHub sign-in failing due to PKCE data retrieval issues

Decline sign-in attempts for NoSignIn auth providers while still allowing users to connect new auth providers when already logged in.

Removed the VSCode Code Search extension's ability to share authentication credentials with the Cody extension. Users must now authenticate directly with their own credentials or access token.

We have updated the structured response of all MCP tools to conform to the advertised output schema.

The kubernetes executor now idempotentally creates secrets (deleting and recreating it if it exists already) instead of failing the entire job.

Add retry button to resubmit questions when errors occur in Deep Search

Added RBAC to Deep Search. By default, all users have full read and write access for Deep Search, but this can be restricted by changing the default role permissions or by creating new custom roles.

Added a new Explain with Deep Search button in repository navigation that opens a pre-filled Deep Search conversation with context about the current repository or file.

Migrated the batch changes creation page to SvelteKit, including all three UI variations: new template creation, classic form creation, and execution-disabled instruction page.

Batch Changes home page is now rendered within the SvelteKit application framework.

Added a pings page to the site admin interface.

Added global-settings page to site admin interface

Added site admin support to the Svelte app, including Overview, Feedback surveys, and Site configuration pages

Sign-in, sign-up, and post-sign-up pages are now embedded in the Svelte application.

Added a 'request access' page to the Svelte app, allowing users to request access when needed.

Allow 'all' value for requiredSsoOrgs parameter to require authorization to all SSO organizations

Added support for validating GitHub SSO authentication via X-GitHub-SSO headers. Admins can now configure required SSO organizations in the sign-in provider settings to ensure users properly authenticate with SSO-enabled orgs. Error messages for authentication issues are now displayed on the Account Security page.

User profile and settings pages are now rendered in the Svelte app, with improved UI for the profile page and enhanced sidebar navigation supporting menu groups.

Added site admin page for managing outgoing webhooks

Converts schemeless URLs generated by the LLM to absolute URLs to prevent broken links containing /deepsearch/ in the path.

Fixed changeset duplication for Gerrit during network instability by adding pre-retry verification to check if changes already exist before retrying failed operations.

Fixed runtime errors in batch changes changeset diff UI when rendered within SvelteKit

Fixed password validation to properly compare password and confirm password fields across component re-renders

Fixed a race condition where deleting an external account in the middle of a permissions sync could cause permissions for that account to stick around indefinitely.

Gerrit icon now properly adapts to light and dark themes.

Updated redis to 7.4.6-272, which patches CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, and CVE-2025-46819

Fixed an issue where a Perforce user's permissions would not be removed when the user was deleted on Perforce and p4broker was being used as a proxy.

Allow connecting GitHub accounts with no verified emails when already authenticated

• Fixed Gerrit account connection modal not reopening after being closed in external accounts settings
• Fixed Gerrit icon visibility issues
• Improved spacing consistency between React and Svelte external account modals

Fixed password update form validation in user settings

Removed support for LSIF format.

The deprecated site-admin analytics pages have been removed. All Sourcegraph analytics are available at analytics.sourcegraph.com.

Removed support for the deprecated gemini-1.5-pro-002 model