Support unlimited results when the query specifies a count: parameter, removing hardcoded limits.

Fixed the Product license page in the admin section crashing when the Sourcegraph license is invalid or revoked.

• Use site config defined batcheshelper image unless explicitly overridden
• KUBERNETES_JOB_STEP_IMAGE should override pre / post images

Fixed the prompt detail page (/prompts/:id) returning "must specify owner or viewerIsAffiliated args: must be site admin" for non-admin users by adding the missing viewerIsAffiliated: true argument to the PromptsDetailPage query.

Deep Search now displays deepsearch_read tool calls with a dedicated UX.

Deep Search can now read other Deep Search threads when you include a URL in your conversation.

When Deep Search sidebar is opened from a repository's root page, the conversation now includes the repository name as context.

Improved ranking of file suggestions in @-mention of the Deep Search sidebar in the blob view. Results from the repository the user is currently browsing are prioritized.

Added shareable URL field to Deep Search API responses

Failed questions are now automatically hidden after a successful retry or follow-up question

Deep Search now uses Claude Sonnet 4.6 as the main agent model.

Persist unsubmitted Deep Search queries in sessionStorage, preventing loss of unsaved queries during accidental navigation.

Added a search bar to the history panel of Deep Search

Commit search results now display a count of git notes attached to each commit.

Deep Search and MCP tools now return outputs in a more compact format, reducing token usage.

Search now automatically redirects to the file view when only one result is returned, with an info toast notification. Back navigation returns to search results without re-triggering the redirect.

Added syntax highlighting support for JSONC files.

Code intelligence dashboards now allow filtering indexing errors by time range (last 7 days, 30 days, 90 days, last year, or all time).

The Smart Summary label is now hidden in the symbol tooltip until summary generation completes, improving layout stability.

Added admin-only network diagnostic endpoints (/netdiag) for testing proxy and load balancer compatibility, including upload, download, timeout, SSE streaming, and latency tests to verify ingress reverse proxy configuration.

Invalid keys that are not in the advanced configuration schema are now highlighted in the configuration editor.

The "Report a bug" page is now available to all authenticated users in user settings, instead of only to site admins in the site admin area.

Site admins on self-hosted instances now see a warning notification on the admin dashboard when telemetry export has failed persistently, including the target address and last error. The notification auto-clears once export recovers.

When the site configuration auth.idpDynamicClientRegistrationEnabled is set to false, existing DCR registered clients and tokens are disabled.

Optimised assigning pending permissions to newly created users

Integrations page now includes "Add to Cursor" and "Add to VS Code" buttons for Sourcegraph MCP.

Added a new RBAC permission SEARCH_CONTEXTS#WRITE_GLOBAL for managing global search contexts. Users with this permission can manage global search contexts independently of site-admin status.

Added background worker jobs that compile repository activity data.

Filesystem operations in gitserver and archive extraction use Go 1.24's os.OpenRoot API, replacing manual path-traversal checks.

Multiple Slack workspaces can now be connected to the same Sourcegraph instance. Visit the Administration > Slack integration page for setup.

Site admins can now set up the Slack integration for link unfurling independently of Deep Search, and control whether Deep Search is allowed in Slack via a new "Allow Deep Search" toggle on the Slack integration admin page.

Truncated deep search responses now show a rich preview card automatically via link unfurl, with a single "Send full response to thread" button replacing the previous prompt with two buttons.

Added a user setting to disable the Deep Search Slack integration CTA. This can be set globally for all users under Administration > Global Settings by adding "deepSearch.slackCta.disable": true,

Enable Slack agent mode, allowing users to interact with Sourcegraph via the split-view pane in Slack's top bar

Show a warning when entering a GitHub App base URL that contains a path

• Added support for fixed-size panels (px, rem, em)
• Added keyboard navigation support
• Added ARIA window splitter specification compliance
• Migrated implementation to Svelte 5

Error messages now appear on the repository settings page when reclone or fetch scheduling operations fail, improving visibility into repository synchronization issues.

Show error state when requesting a manual reclone or sync fails for a repository

Expanded fuzzy finder into a command palette. Click, click, click. "Wait? Where's that option gone...? Damn, they changed the UI again!" Say no more, we've got you. We've upgraded our fuzzy finder into a full-blown command palette.

Jump to parts of Sourcegraph you need quickly and easily. Search files, repositories and symbols in flash. Just CMD/Ctrl + K.

This is just a starting point to making all parts of Sourcegraph more accessible, and if we're lucky, maybe even reduce some RSI.

Access tokens now display their last 5 characters in the UI, making it easier to identify which token corresponds to credentials stored in configuration files or environment variables.

Expired access tokens are now visible in the UI and marked as expired, allowing users to identify and delete them for easier token management.

The changelog modal now includes deep links: the header 'Changelog ↗' link navigates to the specific changelog post, and a new footer link 'View all changes in this update' directs users to the release page's details section.

Git notes are now displayed on commit pages and in commit elements throughout the UI. On commit pages, full notes are shown, while other views display a count of notes.

Users can now view their own entitlement usage under the new "Entitlements" tab on the user settings page (/settings).

Deleting a feature flag now automatically removes its per-user and per-org overrides.

Add src CLI usage guidance to the integrations page

Entitlement warnings and errors now display correctly when entitlement limits are reached.

Quota warnings and errors now display correctly in the Deep Search UI when quota limits are reached.

Improve reliability of conversation title generation by reducing reasoning overhead for simple tasks.

Harden Deep Search image upload validation to verify content type matches declared MIME type.

Fixed citation UI header styling in Deep Search to match search result page appearance in dark mode.

• Fixed citation block overflow issues with file names and paths using right-to-left text layout
• Added tooltips to display full file paths when truncated
• Fixed line number background in code preview
• Added dynamic border in code preview when scrolling horizontally
• Fixed star and delete button styling on selected items

Fixed a bug in @-anchor detection that could cause the selected suggestion to be inserted at an incorrect position in the prompt, particularly when line breaks were involved.

Fixed recent conversations flashing when toggling the sidebar and ensured conversation deletes sync across components.

Prevented memory exhaustion from crafted images by limiting decompressed image size to 25MP.

Fixed Deep Search in the repository sidebar so follow-up responses now stay auto-scrolled as results stream in.

Fix pasted text formatting in the Deep Search input

Remove user info from Deep Search prompt to improve handling of codebase-wide questions.

Fixed "Markdown copied" and "JSON copied" notifications being cut off when the sidebar is collapsed.

Fix deep link detection in deep search conversation URLs.

Fixed copy buttons in Deep Search answers to show green check marks and updated tooltips.

Limited the maximum width of the Deep Search sidebar to 920px for better readability while maintaining full width on mobile devices. Prompt and answer sections now use the full available sidebar width.

Optimized context handling in Deep Search sidebar conversations to avoid resending identical source reference context from previous questions.

Fixed incorrect panel state when navigating between search results and file views

Search results toolbar is now more responsive, keeping result stats and action buttons stable and readable across screen sizes.

Improved selection visibility in CodeMirror for pre-selected and cursor-selected lines

On the commit page, the copy button next to the abbreviated commit SHA now copies the full SHA instead of the abbreviated SHA to the clipboard

Fixed "Find references", "Go to definition", and "Find implementations" buttons in the search results file preview panel, which previously had no effect when clicked.

Significantly improved Precise code navigation performance by optimizing symbol ranking and query ordering, reducing lookup times from timeouts to seconds.

Fixed a data race in the search method that could cause panics when concurrent goroutines modified the thread status map. The search method now safely retrieves a snapshot of thread statuses while holding the appropriate lock.

Moved the enqueue auto-indexing form to appear only when viewing the auto-indexing jobs tab.

Optimized upload discovery query by reversing join order and preventing full upload table scans, eliminating timeouts on large instances

Fixed pagination bug that caused missing results and infinite loops when one data source (uploads or indexes) was exhausted before the other

Error codes returned by codeintel upload API are now consistent: 401 is used for token problems and 403 for permission problems

Fixed broken documentation link in Batch Changes settings page that previously returned a 404 error

Fixed an issue where creating a GitHub App through the Batch Changes settings interface would fail.

Fixed a bug where password reset links generated immediately after updating the external URL in site config could use the previous (or default unconfigured.sourcegraph.com) URL due to a stale cache. The external URL cache is now invalidated whenever site config is saved.

Fixed panic when telemetry allowlist entries are configured via environment variable

Fixed M2M credential names and descriptions containing apostrophes or other special characters being displayed with raw HTML entities (e.g., ' instead of ').

Fixed account security page to correctly show SAML connection status when the SAML provider does not provide standard attribute statements.

Changed the OAuth consent screen messaging for third-party MCP clients from "has not been verified by Sourcegraph administrators" with an "Unverified" badge to "Third-party" badge with simpler trust guidance.

Service accounts are now excluded from the registered users count on the administration users page and license page, and shown separately with their own count.

Remove the option to configure completion quotas when Cody is disabled. Unless Cody is enabled, this configuration no longer has any effect.

Set the HOME environment variable in executor job pods to ensure processes running in the pod containers use the mounted volume instead of falling back to /.

Propagated KUBERNETES_FS_GROUP environment variable to the executor job pod's security context.

Improved handling of extremely large outputs when a worker executes commands

Loading GitHub App code host connections from a declarative config file no longer prevents frontend pods from starting when failures occur.

Fixed GitLab OAuth login failures caused by API rate limiting when allowGroups is configured and the user belongs to a large number of groups. Group membership is now verified with a single targeted API call per allowed group instead of paginating through all user groups.

Fixed a bug where the permissionsSyncJobs GraphQL resolver would only return a maximum of 100 results, despite it being documented as 500.

This increases the timeout on SMP from 2 to 10 minutes and also removes the capability to override the timeout by setting the header "X-Timeout-Ms".

Preserve Gemini thinking signature when thinking text is empty to prevent inference failures on tool calls

sampling.retain trace attribute is now only set when tracing is explicitly requested via ?trace=1 query parameter or X-Sourcegraph-Request-Trace header, rather than being set for all requests when observability.tracing: { sampling: all } is configured. Behaviour in other sampling modes (selective, none) is unchanged.

Removed redundant permission sync jobs to prevent queue growth

Fixed incorrect status reporting for long-running repository clones

Fixed queue position calculation for repository optimization to exclude soft-deleted repositories

Improved Slack integration error messages when an associated Sourcegraph account email could not be found, informing the user how to resolve the issue themselves.

Slack app manifest now always displayed on the Administration > Slack integration page for reference, irrespective of integration status.

Icon and link button variants no longer incorrectly display borders, shadows, or push-down effects when used in expandable sections and tree nodes.

Removed stale preload for sourcegraph-mark.svg that was causing browser warnings on SvelteKit pages where the asset is not used.

Improved contrast for raised and muted backgrounds in dark mode. Fixed code insight centered legend button styling.

Fixed curl request examples to include required content-type header for GraphQL queries.

Blame gutter now uses a muted background color for reduced visual contrast.

Added /integrations to the frontend Go router static page entries so requests are served by the Svelte-backed UI page instead of returning 404.

Schema migrations now terminate blocking transactions by default to prevent upgrades from stalling on long-running queries.

Remove expandable step previews in Deep Search.

Removed feature to replace manual uploads with auto-indexing.

The update.channel site-config setting no longer has any effect. Pings and update checks are now controlled by license features.

Removed Gemini 2.0 Flash and Flash Lite models, redirecting usage to Gemini 2.5 Flash

The deprecated native Jaeger export option has been removed. To set up a tracing backend, refer to our documentation.

The advanced settings experimentalFeatures.deepSearch.enabled and experimentalFeatures.deepSearch.sharing.enabled are now deprecated. Please use the new top-level fields deepSearch.enabled and deepSearch.sharing.enabled instead. To give customers time to migrate, we will support both the old and new fields for several releases. The precedence is: top-level > experimentalFeatures > default.

The site config batchChanges.nativeServerSideExecution replaces the feature flag native-ssbc-execution. Support for native-ssbc-execution will be removed in a future release.

Renamed sidebar entries from "Permissions" and "Roles" to "Repository permissions" and "Role-based access control" for clarity.

Enabled collection of user IDs in telemetry when admins delete users to improve user deduplication.

Renamed the "Account security" settings menu item and page heading to "Security".

Resolved security vulnerabilities CVE-2026-25121, CVE-2026-25122, and CVE-2026-26958 by updating apko and edwards25519 dependencies.

Added KUBERNETES_EXECUTOR_POD_SECURITY_CONTEXT and KUBERNETES_EXECUTOR_CONTAINER_SECURITY_CONTEXT to configure Kubernetes Executors pod and container security contexts.

Fixed an issue where Gemini 3 Flash was incorrectly marked as experimental, preventing query categorization, title suggestions, open-source research sub-agent, and the finder tool from working on customer instances with model status filters.

The Finder subagent has been reverted while we investigate some issues.

Improved prompt caching for system prompts and tool descriptions, resulting in lower latency and reduced token costs for deep search queries.

Added a debug GraphQL query to view telemetry events queued for export.

The API now supports users/- as an alias for the authenticated user, in addition to the existing users/~self alias.

The Enterprise Portal access error page now explains that site admin access on a Sourcegraph instance does not automatically grant access to the Enterprise Portal, and directs users to contact their support engineer. The instance admin dashboard analytics card also clarifies that a separate account linked to the customer's subscription is needed.

When no Deep Search quota is available, the error now renders correctly instead of showing NaN

Deep Search subagents now consistently produce summaries for the main agent to consume.

Fixed newly created batch changes incorrectly showing "Updated by a deleted user" in the header byline.

/api/users.v1.Service/ListUsers now returns a better error for invalid active period filters. The API reference also no longer shows an example with ACTIVE_PERIOD_UNSPECIFIED.

Made parent field optional on ListConversationSummaries RPC, defaulting to the authenticated user when omitted.

Fixed authentication for codex and older versions of Cursor and VSCode to correctly include the "mcp" scope when authenticating via OAuth for MCP endpoints.

Azure DevOps repositories marked as disabled are no longer cloned or surfaced as synced repositories in Sourcegraph.

• Premade prompts in the dropdown menu now work as expected
• Large files no longer encounter token limits

Fixed migrator drift check failing for codeintel/codeinsights schemas in IAM-authenticated environments by ensuring the frontend schema connection is always included when version checking is enabled.

Fixed executor src-cli download failing when the latest version API call errors.

Kubernetes-native executors can now run as a non-root user by setting KUBERNETES_RUN_AS_USER, KUBERNETES_RUN_AS_GROUP, and optionally KUBERNETES_FS_GROUP environment variables on the executor service. When using Helm, add these to your override.yaml:

executor:
...
  kubernetesJob:
    fsGroup: 100
    runAsGroup: 101
    runAsUser: 101

Note that "100" and "101" are the values Sourcegraph images use for the sourcegraph user. Adjust these values for your environment.

Fixed repository permissions being dropped when permission syncs failed due to configured internal rate limits.

Fixed URL parsing to handle legacy format URLs correctly, preventing unintentional truncation of repository names.

Improved Slack integration behavior when a Deep Search takes longer than a few minutes to complete, showing a helpful link preview instead of Deep Search timed out.

Fixed error message shown when a non-author attempts to ask a follow-up question in Slack.

Deep Search now displays a warning banner when answers are truncated due to output token limits.

Citations in Deep Search conversations are numbered continuously across all questions. When the same source is referenced in multiple questions, it reuses the original citation number, making it easier to track sources throughout a conversation. The citations panel auto-scrolls to show relevant sources as you navigate between answers.

Deep Search now provides better answers to "what have I worked on recently" questions by automatically including current user and date context.

Added Deep Search conversation search to the fuzzy finder, allowing users to search past conversations by title or content using Cmd+J (or Ctrl+J on Linux/Windows).

Moving to Code Navigation from Deep Search file previews opens a side panel where the conversation can be continued while exploring the codebase.

When Deep Search is enabled, it replaces Cody Web in the UI. The /cody/chat route and Cody sidebar are no longer shown.

Reintroduced the get_contributor_repos tool to enable queries about contributor activity.

Added quick conversation navigation by holding Opt (or platform equivalent) to bring up an answer navigator

Added button and keyboard shortcut to upload images to Deep Search

Added Cmd+. (Mac) / Ctrl+. (Windows/Linux) keyboard shortcut to start a new Deep Search conversation from anywhere within the interface.

@mention suggestions now remember recently used repositories and show them instantly

Deep Search now streams answers with a typing effect, improving perceived latency.

Added context window indicator to inform users of how much of the context window has been used.

Include images in Deep Search questions by pasting or dragging up to 2 images per question (5MB max each) to share screenshots, diagrams, or error messages.

File preview in Deep Search now supports code intelligence features including hover tooltips, go to definition, and find references.

Deep Search conversations now display a Slack icon in the thread header when initiated from Slack, providing a direct link back to the original Slack thread.

Reduced Deep Search conversation persistence from 24 hours to 1 hour, and sidebar open/closed state now resets on page refresh instead of persisting indefinitely. Conversations can always be restored from the history panel.

Deep Search now uses a dedicated subagent for finding relevant files, reducing token usage and allowing more thorough searches before reaching context window limits.

When the search input is empty, a "Recent searches" suggestion group now appears showing up to 5 of your most recent queries with syntax highlighting and clock icons. Selecting an entry populates the search input with that query.

Added a new site config option batchChanges.restrictMergeToAdmins to restrict merge and auto-merge actions to site admins only.

Site admin authentication settings now offer password policy presets (Standard, Strong, Fortress) instead of requiring manual configuration of each complexity rule. Session idle timeout uses an explicit checkbox instead of empty-field conventions. Access request toggle is disabled with an explanation when built-in signup is already enabled.

Added a form-based UI for managing authentication settings including session management, signup controls, password policies, and access restrictions, replacing the need to edit raw JSON configuration.

Added a dedicated UI in the site administration area for configuring TLS/mTLS settings.

• Renamed site admin "Site configuration" page to "Advanced configuration" and moved it to the bottom of the Configuration section in the sidebar
• Added vertical resize capability to the JSON settings editor container

Added a dedicated page in the site administration area for configuring email SMTP settings.

Admins can now update the license key directly from the License page

Consolidated Background jobs and Code Insights jobs pages as tabs within the Diagnostics page.

Added query parameters to the Diagnostics page to make tab selection shareable and bookmarkable. Old diagnostic routes now redirect to the new page with the appropriate tab selected.

Consolidated Pings, Migrations, Outbound requests, and Slow requests pages under a single "Diagnostics" page in the site admin sidebar.

Administrators can now mark an email as verified when creating a user.

Reorganized site admin sidebar navigation: Repositories section now lists repos before code hosts, Users & auth section moved higher, new Integrations section groups Slack/webhooks, and redundant API Console and Documentation links removed.

A warning is now displayed on the repositories administration page when authz.enforceForSiteAdmins is enabled.

Users now see a modal informing them their session has expired, with an option to redirect to the sign-in page.

GitHub privacy emails (format: <ID>+<username>@users.noreply.github.com) are now resolved to Sourcegraph users when the GitHub account is linked, improving user attribution on commit pages and other views.

auth.idpDynamicClientRegistrationEnabled is now enabled by default for easy MCP access.

OAuth Clients registered via Dynamic Client Registration are now limited to the "mcp" scope only, improving security by preventing overly permissive applications.

Added a new mcp scope for issuing access tokens or OAuth tokens with access limited to MCP tools only. This provides a more restricted alternative to the previously required user:all scope.

Added a search bar to the Code Insights "All Insights" tab, enabling users to quickly filter insights by title instead of scrolling through paginated results.

Group Results (Compute) Code Insights feature is now generally available and no longer requires an experimental feature flag.

• Fixed CSS token cascade issues causing broken UI in Cody Web
• Fixed prompts editor layout shifts and focus state
• Fixed modal rendering issues
• Fixed z-index overlaps for tooltips and popovers

Added a worker that runs ANALYZE on database tables on weekends to optimize query performance.

Added KUBERNETES_JOB_HOST_NETWORK environment variable for the Executor service to enable host networking for Kubernetes job pods. This is useful when pods need to access routes accessible by the host but not from the pod, such as when running a kind cluster on podman.

On sourcegraph.com, MCP tool descriptions now explicitly indicate they search open source code, making it easier for AI agents to distinguish between public and private Sourcegraph instances.

Repository recloning operations now display real-time progress updates on the repository mirroring page. The reclone and fetch buttons are hidden while a reclone is in progress.

Gitserver now coordinates optimization tasks per repository, ensuring only one optimization runs at a time with priority-based preemption.

Repository optimization now writes incremental progress reports, making it easier to monitor long-running optimization operations.

This enables us to render the Slack identity of a user instead of just the Sourcegraph username.

Added instructions for uploading a profile picture to the Slack app.

Add "View in Sourcegraph" button alongside "Show Full Response" for long answers

Users can now send direct messages to the Slack app for Deep Search. To use this feature, uninstall the app, update the manifest, and reinstall the app.

Slack integration now supports rich link previews for code file links.

Slack integration now supports asking Deep Search questions with images in the thread, with a maximum of 2 images per message.

Slack integration now uses the ContentBlocks API to pass thread context as structured data instead of prepending it to the question text.

Added a dismissible banner to the Deep Search homepage featuring the new Deep Search Slack integration.

Slack configuration errors are now displayed in the Administration -> Notifications area.

Sourcegraph now supports rich link preview for search links in Slack.

Verbose responses in Slack now include an AI-generated summary, providing immediate insight before expanding the full response.

Removed the 30-minute expiration for deferred Slack messages, so unfurled responses are now always available.

Added an interactive button to handle lengthy Slackbot responses (over 3,000 characters). Users can choose to view the full response inline or in the Deep Search thread. Full responses are temporarily stored for 30 minutes, after which users must view them in the Sourcegraph instance.

Removed the feature flag UI from the site admin interface for all non-Cody self-hosted Sourcegraph instances. Site admins that still need to manage feature flags can do so using the src CLI tool with GraphQL API commands.

Removed the feature flag UI from the site admin interface for all non-Cody self-hosted Sourcegraph instances. Site admins that still need to manage feature flags can do so using the src CLI tool with GraphQL API commands. See this docs page for instructions on how to do so.

Repository URLs now use the /r/ prefix (e.g., /r/github.com/owner/repo). Old top-level repository routes automatically redirect to the new format for backward compatibility. This prevents conflicts between product routes and repository names.

• Easier discovery of everything Sourcegraph can do. As the platform has grown, some capabilities have been harder to find in the old horizontal navigation. The new expandable vertical menu makes it easier to access, explore, and understand the full range of features available.
• Optimized for the way developers actually work. Most developers use Sourcegraph on laptops and larger displays. The vertical nav makes better use of that screen space, while still working well on smaller devices.
• A dedicated space for important updates. The new layout gives a clear, unobtrusive place to highlight major features and announcements so important updates aren't missed.
• A refreshed, modern interface. This update is part of a broader effort to improve the platform's visual clarity, reduce clutter, and move away from the older tab-based top navigation.

Access requests are now displayed as a status notification.

Added a 'What's new' popover in the navigation that displays recent changelog posts, allowing users to discover new features directly within the product.

Hides several admin UI elements on Cloud that are not relevant and actionable to customers on Cloud, including gitserver disk details, email delivery configuration, Updates/Gitserver/Observability pages, OOB migrations, license key form, and gitserver storage warnings.

Diff pages now load faster by initially rendering plaintext hunks and lazily loading syntax highlighting as hunks are scrolled into view.

Entitlements now support an hourly option.

Administrators can now reset user entitlement usage via the "Entitlement usage" page.

To support moving off of notebooks, we're providing an exports API. The GraphQL query field notebookExports provides markdown exports of all notebooks with filtering options.

Added toast notification system with helper functions and custom Sourcegraph styling for light and dark themes.

Improved error handling when token limits are exceeded by estimating prompt size before LLM calls and ensuring errors are displayed in the UI.

Fixed tool renderers to display "0 results" instead of raw JSON when no results are found.

Deep Search now resumes automatically after server restarts instead of getting stuck in a pending state.

Added support for Proto/Protobuf, SCSS, Groovy, PowerShell, CMake, and Makefile highlighting in Deep Search markdown code blocks.

Fixed URLs in deep search results being incorrectly double-prepended with the domain when they already contained the external URL.

Fix errors when deleting Deep Search conversations while they are still processing.

Fixed horizontal scrolling in the Deep Search sidebar when a long filename context chip was displayed.

Fixed a visual bug where a draggable divider line appeared on the right edge of Deep Search on narrow screens.

Fixed overflow issue in search input history mode

Search-based symbols in the symbol tree now preserve the current file view (e.g., blame view) instead of resetting to code/raw view.

Fixed symbol sidebar toggle reliability and made Deep Search, Cody, and Symbol sidebars mutually exclusive so only one can be open at a time

Hid expand/collapse button for path search results that have no expandable content

Fixed alignment of code intelligence preview popover when blame panel is visible

Fixed inconsistent alignment of the batch change state pill (OPEN/CLOSED badge) in the batch changes list.

Fixed author attribution when signing batch changes commits with GitHub Apps by appending a Co-authored-by trailer to preserve the original author.

GitLab OAuth tokens are now properly validated using the /oauth/token/info endpoint to check scopes, while personal access tokens continue to use the /user endpoint. This ensures correct token validation behavior for both authentication methods.

When connecting a code host identity to Batch Changes, errors are now correctly surfaced in the UI.

Fixed incorrect pattern syntax in the "GitHub Actions: Pin Versions" batch spec template to use proper regex instead of glob syntax

Fixed database constraint violations when recreating batch changes in the same repositories by properly cleaning up associated changesets during deletion

Fixed a bug where users (including service accounts) could not be created by a site admin when signup is disabled.

Site configuration history now loads significantly faster in many cases.

Fixed site config occasionally reverting to old config after saving

Fixed an issue where site config would occasionally revert to old config after saving

Sourcegraph will now avoid dropping a user's repository permissions if it encounters a 429, 500, 502, 503, or 504 when refreshing the OAuth access token (as encountered during the Feb 9 GitHub incident: https://www.githubstatus.com/incidents/lcw3tg2f6zsd). The permission syncer will simply re-use the users' old permissions until the next sync.

• Fixed race condition in OAuth token refresh that could cause invalid_grant errors when concurrent refresh attempts occurred
• Fixed stale external account linkage when users reconnect their OAuth accounts, ensuring token refresh uses the correct refresh token

User profile roles are now only visible to site admins and the user themselves, fixing a permissions issue where roles were visible to unauthorized users.

Removed distracting fly-in animation when loading Code Insights dashboards

Skip invalid repositories (deleted or not cloned) to prevent infinite processing loops

Code monitor webhooks now accept all HTTP 2xx status codes (200-299) as successful responses, preventing duplicate notifications when webhook endpoints return HTTP 202 Accepted or other 2xx codes.

Reduce concurrent load on gitserver by spreading out code monitor queries with jitter

Long gone because of webworker issues in Safari, Cody Web is now available again.

Report which container failed if an executor pod fails when executing on Kubernetes.

Fixed executors on Kubernetes joining commands incorrectly

Improve page that lists executor instances to better handle instances with extremely long names

When connecting a GitHub external account to Sourcegraph, the user's GitHub profile link is now properly displayed on the Account Security page. If the link is not visible, remove and re-add the GitHub connection.

Fixed missing sync reasons in the SOURCEGRAPH group for the permissionsSyncJobs API.

Fixed an issue where Anthropic models could produce malformed tool call arguments, causing Deep Search conversations to become stuck in an errored state.

Fixed stale license validation states being used after updating license keys, ensuring validation results always correspond to the currently configured key.

Added --scopes mcp argument to the MCP login command to ensure proper OAuth scope grants for MCP functionality.

Upgraded go-tuf dependency to v2.4.1 to fix three medium-severity security vulnerabilities (CVE-2026-23991, CVE-2026-23992, CVE-2026-24686).

Show the right error message in Slack search link preview when there is a query syntax error

Fixed confusing UI state in Administration -> Slack configuration where the UI showed a warning that Slack couldn't contact the Sourcegraph instance even when the integration was working correctly. The UI now displays a cache-busting ?retry URL parameter to force Slack to re-verify the connection.

Improved error message when non-author users attempt follow-up questions in Slack, directing them to use @Sourcegraph new question <message> instead.

Fixed video playback in Safari for Markdown-rendered content

• Fixed button group pressed effects and focus ring rendering
• Fixed Batch Changes row layout issue in Safari 18.x and lower
• Fixed blob UI bottom panel alignment to show border only when open

Pages with sidebar navigation are now usable on mobile and tablet devices. The sidebar can be toggled open and closed, and sidebar sections are collapsible on smaller screens.

Fixed z-index stacking issue where app shell floating elements incorrectly appeared above survey toasts and feedback modals

Fixed UI flash when loading temporary settings from cache

The "Account security" page now displays the login for each connected external account (e.g., GitHub, GitLab).

Fixed line number alignment when switching to blame view

Fixed sticky file header positioning on commit page

Fixed image alignment in the image viewer and now always display the dimensions of binary images.

Fixed navigation error when leaving organization profile page

Fixed cursor-based pagination to correctly apply filters when using multi-column cursors. Previously, filters (such as search queries or clone status) were silently ignored for a subset of results due to SQL operator precedence, causing paginated endpoints to return more results than expected and include items that didn't match the filter criteria.

User settings page headers now have a consistent appearance across all sections.

Deep Search no longer generates diagrams by default, making responses faster and more responsive. You can still request diagrams anytime by including "draw a diagram" or similar in your query.

Removed the "Find implementations" button from the code navigation hover tooltip. This button appeared inconsistently—showing for symbols where it wasn't applicable (like local variables or package names)—and relied on indexer support that varied by language. With less than 0.1% of code navigation actions using this feature, the hover experience has been streamlined.

Hid implementations and supers buttons in the explore panel when using search-based code navigation, as these features are only supported by precise code intelligence.

Removed automatic PostgreSQL 12 to PostgreSQL 16 upgrade support from builtin Sourcegraph database containers (pgsql, codeintel-db, and codeinsights-db).

Removed support for generation 1 Gemini models (no longer accessible) and Mistral models (no longer deployed on Fireworks serverless).

Deprecated observability.tracing.type: "jaeger"; use "opentelemetry" with an OTLP-compatible collector instead

Remove autoupgrade supporting functions and methods

Removed feature flag UI access for non-Sourcegraph operators in Cloud environments.

Removed the single-container (sourcegraph/server) deployment mode. The sourcegraph/server Docker image is no longer published. Customers must migrate to Docker Compose or Kubernetes before upgrading to 7.0.0.

Search Notebooks pick up on the idea that most searches are not just one search. In a common workflow, you run multiple searches, gather several pieces of information, and then you compile your final answer from all these sources. Back in 2022, Notebooks solved a real need to be able to document and share that research trail.

Sound familiar? Notebooks are reflecting the steps a Deep Search takes to compile it's answer. It collects citations and the answer in a central place. We believe that the future lies much more in this agent-driven code exploration and future iterations of it than the manual Notebooks idea that predates the AI era.

Removed explicit code ownership assignment and teams management from the web app. Codeowners files are still processed and this information is still available via search and the ownership panel.

Migrated the search-content-based-lang-detection feature flag to the searchContentBasedLanguageDetection site configuration setting. Customers who previously had the flag enabled and would like to continue using this feature should enable it in their site configuration settings.

• The /api/openapi/ pages, home to the Cody API, have been moved to /legacy/openapi/. Existing links are redirected.
• Integrations going forward should use the new official Sourcegraph API documented in /external-api.

• Moved the GraphQL API console from /api/console/ to /debug/console/ to reflect its role as an internal API. Existing links are redirected.
• Going forward, external integrations should use the new official Sourcegraph API documented in /external-api.

Upgrade opentelemetry-collector to v0.144.0.

Fixed negated terms in hybrid search to correctly exclude files when the term appears in either the file path or contents.

Fixed search history not saving new searches after the Svelte 5 signals migration.

Improved user deletion latency by optimizing database calls and removing redundant work

Fixed user-initiated actions (OAuth sign-in, auth token validation) that would hang when the internal Bitbucket rate limit was hit. These operations now bypass the internal rate limiter.

Fixed action buttons (such as delete) in code insight headers that were not functioning correctly

Migrator now gracefully handles cases where the pg_stat_statements extension cannot be installed due to database permission restrictions

Fixed an issue where access tokens created by hard-deleted users could not be listed.

Commits with changes to large files are now displayed with plaintext diff output when syntax highlighting is unavailable.

All users can now filter batch changes by user, not just site administrators. The current user appears at the top of the user filter list for easy access to their own batch changes.

Fixed "View on code host" button to properly escape % characters in file paths when generating external links.

Code Insight preview results now exclude archived and forked repositories by default, matching the backend behavior present since 3.40.

Disable deepsearch and sg_deepsearch tools at .api/mcp and .api/mcp/v1 respectively. To use Deep Search, directly use /.api/mcp/deepsearch.

Repository permissions are no longer dropped when encountering HTTP/2 stream cancellation or "internal error" from the upstream GitLab code host. Instead, existing permissions are preserved and the permissions sync is retried later.

Fixed an issue where URLs containing the external URL would be incorrectly mangled, resulting in duplicate domain paths

Fixed invalid links in deepsearch markdown content that contained the host twice

Fixed TLS configuration not being applied to HTTP client, causing OAuth authentication failures.

Fixed TLS certificate validation via regular expressions in site config

Fixed an edge case where Deep Search questions did not respect cancellation state from the database, preventing them from continuing indefinitely after being cancelled.

Fixed infinite loop in DeepSearch when LLM tool argument parsing fails during streaming by properly propagating errors to internal callers

MCP deepsearch queries on the old .api/mcp/v1 and new .api/mcp endpoints will now time out after 50 seconds to avoid Cloudflare connection timeouts. Queries exceeding this timeout return a link so agents can track completion and inform users where to follow progress.

• Fixes a log spam issue where EnsureRevision calls would logspam "failed to perform background repo update" when a scheduled repo update is already running.
• Fixes an issue where EnsureRevision would incorrectly increase the update failure counter on a repository if a scheduled fetch is already running.
• Fixes an issue where log output from Fetch could cause a Fetch to stall forever because the reader silently errored.

Deep Search now streams results as they become available.

The Deep Search input now dynamically grows as users type or paste content.

Deep Search history sidebar can now be navigated using arrow keys.

Site admins can now set per-user Deep Search usage limits through entitlements: classes of usage limits that can be assigned as a global default, or to specific users.

Deep Search backend sources are now rendered after citations in collapsible sections within a unified sources container.

Deep Search sidebar is now available in the blob view for enhanced code exploration.

Added Slack bot integration for Deep Search. To get set up, go to Site Admin → Slack integration.

The site admin page is now simply titled "Administration".

Site admin organizations page now uses the standard page container design.

Navigation sidebars in site admin pages now support collapsible sections with localStorage persistence

GitHub Apps can now be configured via the declarative config file with secure handling and storage of private keys

Introduces a new notification widget that replaces the site-wide banners on Sourcegraph, as well as a new site-admin dashboard that shows notifications, as well as some suggestions on what admins can do to manage their instance.

Fixed context retrieval bug when using remote file mentions and chat UI flickering

Added option to skip TLS verification for executors talking to Sourcegraph via EXECUTOR_FRONTEND_TLS_SKIP_VERIFY

Alert when repository cleanups fail consistently

The repository permissions page now displays the total count of users who have access to the repository.

Fix history panel displaying the last question's title instead of the conversation title by generating conversation title only on the first question.

Links now point to answers instead of questions. This resolves confusion where the link pointed to the question but the copy button was part of the answer card. Old links continue to work because the question anchor is preserved in the code.

The tab title is now correctly updated when switching between DeepSearch conversations and then navigating away and back to DeepSearch.

Permalinks now use full commit hashes instead of abbreviated ones.

The star button is no longer rendered for non-owners, eliminating the confusing behavior where changes appeared to work but were reverted on refresh.

Fixed submit button icon visibility in Deep Search

Conversation creation failures now display error messages instead of hanging indefinitely in a loading state

• Fixed Deep Search suggestions to display with correct font styles
• Fixed Feedback modal to have proper spacing and close button styling

Increased the deep search input size from one line to multiple lines for improved usability.

Fixed loading skeleton and sources to reflect the currently viewed question's state instead of a global "is anything searching" state

Fixed file search result content not updating when filtering results in certain situations where truncated content caused stale data to be displayed

Fixed branded logos not appearing on the search homepage and in the global navigation when configured.

Repository name matches are excluded from search results when a repo: filter is present without an explicit type: filter. Users can still search repository names by adding type:repo.

Switch from plain ctags to tree-sitter for analyzing symbols in CSS and SCSS files. The result is more predictable parsing, no comment blocks leaking into the symbols sidebar, and css variables showing up as symbols.

Reduced the complexity of GitHub GraphQL queries for syncing changesets to reduce token consumption

READONLY changesets are now counted as CLOSED in batch change statistics, fixing a discrepancy between the burndown chart and summary stats.

Improve error message clarity when user creation fails in site admin

Fixed incorrect navigation highlighting in site admin where 'Settings' was highlighted instead of 'Batch specs'.

Error messages are now clearer when attempting to connect an external account that is already in use by another Sourcegraph account

Addresses an issue where the OAuth consent pages did not allow to scroll down to the action buttons.

Code insights job UI now displays correctly on mobile devices.

In 6.11 our experimental AWS RDS IAM Auth would panic if we failed to refresh the token. We now correctly treat this as an error to log and retry.

Fix broken links to alerts reference in alert notifications for customers on the latest release.

Fixed an edge case where the permission sync scheduler would excessively enqueue jobs when old completed jobs existed in the database

Temporary files are now cleaned up from repository directories, reducing disk space usage.

Fixed an issue where a service account's access tokens would be deleted when the site admin that created the access tokens for the service account got deleted.

Custom indexing policies are now disabled by default. The codeIntelAutoIndexing.policyManagementEnabled configuration can be used to re-enable support.

Removed the repository setup wizard as it is no longer up to date with code hosts. Site admins are encouraged to add repositories via the "Code Host Connections" section of the site admin page.

Anthropic deprecated Sonnet 3.5 and Haiku 3.5. These models are no longer available in Cody. Make sure to upgrade to a recent Cody client release to ensure all features are still functional.

Removed autoupgrade toggle selector and readiness banner as part of autoupgrade deprecation

Fixed a potential issue where a buffer overflow can cause repository update processes to deadlock.

Fixed git object expiration logic that was setting future dates instead of past dates, preventing potential repository corruption in concurrent operations.

Sourcegraph now supports OAuth 2.0 Dynamic Client Registration (RFC 7591). This makes it easier to authenticate against Sourcegraph from an MCP client. As an administrator you must set auth.idpDynamicClientRegistrationEnabled to true in your site settings.

Sourcegraph can now communicate to code hosts using mTLS by providing a list of {"host", "clientCertificate", "clientKey"} configurations in the site config under mtlsConfigurations in tls.external.

Ensure that citations are enabled by default and rendered correctly even when the feature flag value is not set on the backend.

Fixed an issue where applying a new license key would not clear messages from the old, expired license key.

Immediately navigate to the conversation view showing the submitted question with a loading indicator when creating a new Deep Search conversation, before the server responds.

Users can now use the Tab key to select repository suggestions in the Deep Search @ mention menu, providing a more efficient keyboard-only workflow

Improved @-mention filtering with smarter caching for faster, more responsive filtering and reduced backend requests.

Deep Search conversations can now be exported as Markdown by appending ".md" to the URL.

Add ability to collapse results in reference panel.

Embedded organization batch-changes routes into the Svelte app, improving the integration between React and Svelte components for batch changes functionality.

Added batch changes pages in the personal user area for the creation flow.

Added batch-changes-gitlab-oauth feature flag to gate GitLab OAuth integration for Batch Changes.

Added a site-admin page for viewing batch changes specs.

Embedded site-admin batch changes pages into the Svelte app, improving consistency and maintainability of the admin interface.

When site-config or global settings files are loaded from the file system, the config editors in-app now reflect the read-only state.

Redact access tokens in model configuration displayed in the site-config UI.

Added external accounts page for site administrators.

Added auth providers page to site-admin interface

Added a new updates page in the site admin interface.

Frontend service restarts are no longer required when changing certain settings.

Embedded the site-admin init page into the Svelte app

Embedded the site-admin background jobs page into the Svelte app.

The out-of-band migrations page in site admin is now embedded in the Svelte app.

Site admins can now manage OAuth clients through dedicated pages in the admin interface.

Added a roles management page in the site admin interface

Embed OpenAPI documentation pages into the Svelte application at /api/openapi/public and /api/openapi/internal endpoints.

OAuth now supports multiple redirect URIs (space or comma separated)

Embedded the auth consent page into the Svelte app and added test coverage for invalid user codes on the auth device page.

Support for Opus 4.5 with extended thinking is now available. Opus 4.1 models have been deprecated in favor of the new version.

Claude Opus 4.5 is now available for selection

GitHub permissions syncing now uses gzip compression for caching organization and team membership data in Redis, significantly reducing memory usage for large organizations.

Added GraphQL API console support to the Svelte app using graphiql v4 with CodeMirror. Introduced a mechanism to undo CSS reset styles for embedded components using the data-css-unstyled attribute.

incident.io is now supported as an alert notifier in observability.alerts configuration

Added a site-admin page for viewing permissions sync jobs.

Organization pages now use React Router loaders for data fetching and improved navigation performance.

Fixed an issue where clicking the Deep Search link in the top nav from the conversation view did nothing - it now navigates to the Deep Search home page as expected.

Fixed a runtime error on the All Sources tab that was caused by duplicate render keys.

Expanded file preview now has consistent horizontal padding with citations.

Markdown styles are now applied to Deep Search responses when citations are enabled.

The hovered separator is now always displayed on top of resizable panels.

Removed support for deprecated Atom and AppCode editors from the "Editor" action.

Fixed a database constraint issue that could cause errors when scheduling code intelligence indexing jobs after a job reset.

S3proxy multipart uploads no longer fail due to CRC32 checksum validation errors

Repository HEAD auto-indexing jobs are now deduplicated to prevent queue growth.

Fixed scroll functionality on the batch change spec page when embedded in full-screen mode

OAuth authentication errors (like "could not get verified email for GitHub user") are now displayed in the UI instead of causing users to get stuck in an infinite login loop.

Site admins now see a banner when viewing another user's settings pages, indicating they are viewing settings for a different user.

Fixed an issue where deep copying model configuration incorrectly handled nil values, preventing default models from being applied correctly.

Fixed corrupt model configuration states that could cause Cody to use incorrect license keys when communicating with Cody Gateway, previously requiring a frontend container restart to resolve.

MCP tools are no longer rejected by antigravity and VS Code versions older than 1.32.

Gitserver now automatically reclones repositories when a "fatal: bad tree object XXX" error is observed during a fetch.

Fixed React reset styles overwriting component styles, resolving incorrect list styling

Fixed double scroll issue on prompt pages caused by conflicting height rules between React shell UI and PageLayout.

Fuzzy finder is now always enabled and no longer requires experimental settings.

Removed unused in-app analytics APIs including instanceOwnershipStats, User.usageStatistics, Site.usageStatistics, and Site.analytics.

Removed the experimental opencodegraph feature that was previously behind a feature flag.

Sourcegraph reranker is now disabled by default and can be enabled via a feature flag.

Added a predefined OAuth2 client for the Sourcegraph Raycast extension.

Errors in Deep Search are now displayed inline in the answer section with options to retry or start a new search, replacing the previous error banner.

Added the ability to star favorite threads with a new sidebar tab showing all starred threads in one place.

Upgraded Deep Search to use Claude Sonnet 4.5 as the main model and Claude Haiku 4.5 for summary generation, improving performance while maintaining quality.

Deep Search now displays only new steps for each follow-up question instead of showing all previous steps, reducing confusion in the UI.

GitHub account connections now use Proof Key for Code Exchange (PKCE)

Enterprise Portal now shows SLOs for Sourcegraph Cloud instances to track how the instance is performing.

Adds a warning on the GitHub App page in Sourcegraph to warn site admins that a GitHub App does not have the necessary permissions to enable groups caching.

Fixed pagination cursor to match id-descending ordering, preventing glitches during infinite scrolling.

Fixed incorrect base quota calculation for Deep Search metering when customers have complex license histories with expired licenses

Increased timeout from 1 minute to 4 minutes to reduce timeout errors.

Fixed rendering of the Search Jobs management page when search jobs exist for soft-deleted users.

Return WWW-Authenticate header on 401 responses to advertise OAuth schema to MCP clients.

Used constraints instead of exact match in database version validation

Fixed an issue where permissions sync jobs couldn't be paginated if they referenced a deleted user or repository.

Fix default GitHub and GitLab URLs being incorrectly applied when not explicitly configured in site config.

GitHub Apps now require the Repository administration: read permission for groups caching functionality.

Fixed groups caching validation for GitHub Apps by checking for members: read permission instead of OAuth scopes.

Fixed GitHub sign-in failing due to PKCE data retrieval issues

Decline sign-in attempts for NoSignIn auth providers while still allowing users to connect new auth providers when already logged in.

Removed the VSCode Code Search extension's ability to share authentication credentials with the Cody extension. Users must now authenticate directly with their own credentials or access token.

We have updated the structured response of all MCP tools to conform to the advertised output schema.