Changelog

New MCP client inventory page in the Hub. Aggregates every detected client across the fleet with last-seen activity, gateway attribution, and per-client metrics so security teams can see exactly which clients are talking to which servers.

Dedicated Governance page in the Hub for managing MCP allow/block policies across servers, clients, and agents. Block or approve any server or agent fleet-wide from one place, view the live list of active blocks, and one-click unblock. Block actions are also available directly on Server rows for admins.

Compose richer governance rules with multiple conditions and OR-separated server groups. The expanded validator preserves condition caps while letting you express policies that previously required several rules.

Ultra now runs cleanly inside Ona cloud development environments — treated as a first-class MCP client, so any background agents running in your environment can be monitored, observed, and secured just like any other client.

Hermes joins the list of supported MCP clients, with one-step config migration so Hermes routes through Ultra just like Claude Code, Claude Desktop, Cursor, Codex, etc.

Test guardrail configurations against historical traces before enforcing. Pick a scope, choose a time range, and see exactly which traces would have been caught — including a stateful evaluator shim that simulates rate-limit behavior over real traffic so policies can be tuned without risk to production.

New built-in guardrail that scans MCP request and response payloads for personally identifiable information. Detects emails, phone numbers, SSNs, and other sensitive identifiers, with configurable block, warn, or audit actions.

Token-bucket rate limiting and circuit breaking guardrail to stop runaway agent loops, flood attacks, and endpoint scraping. Org and workspace-scoped limits are statically partitioned across active gateways and recomputed automatically as gateways join, leave, or go offline.

Gateways now report Ultra version and workspace name, and the Servers list shows transport type and binary location on host. Idle gateways are distinguished from offline ones, and the Gateways page now shows the full team's gateways instead of only the current user's.

Trace details now include collapsible per-trace guardrail evaluation results. Inspect exactly which rules fired, which conditions matched, and what action was taken for any individual request — no more cross-referencing logs to understand why a call was blocked or warned.

Configurable security guardrails for MCP tool calls. Define policies to block, warn, or audit specific actions based on tool name, parameters, or calling context. Enforce least-privilege access at the protocol level.

Enterprise single sign-on with SAML 2.0 integration. Connect your identity provider for centralized authentication and automated user provisioning across your Ultra organization.

Sign in to Ultra Hub with your Google account. One-click authentication for teams already using Google Workspace.

Automated user lifecycle management with SCIM 2.0. Sync users and groups from your identity provider to Ultra Hub, with support for Okta and other SCIM-compatible providers.

Native Okta integration for SAML SSO and SCIM provisioning. Manage Ultra access directly from your Okta admin console with automatic user sync and deprovisioning.

Device trust and endpoint compliance via Jamf Pro. Verify managed device status and enforce security posture requirements before granting access to MCP infrastructure.

Real-time Slack notifications for security events, anomaly detections, and policy violations. Configure per-channel routing with customizable alert thresholds.

Launched docs.ultra.security with comprehensive guides for installation, configuration, client setup, Hub management, observability, and security concepts.

New application-level security events system with a dedicated Admin Log page in the Hub. Tracks login attempts, member role changes, invite lifecycle events, and organization management actions with structured, auditable security trails.

Four-tier role hierarchy -- Owner, Admin, Member, and Read-only -- with per-route permission enforcement across the Hub. Ensures proper least-privilege access for all users.

Complete security platform purpose-built for Model Context Protocol ecosystems with intelligent threat detection and response.

Complete visibility into your MCP ecosystem with real-time monitoring, automated discovery of all agents, servers, and tools. Includes detailed trace views for every MCP interaction with full request-response inspection.

Comprehensive logging for all MCP interactions with tamper-proof audit trails, real-time analytics, and compliance reporting. Full request and response payloads, latency breakdowns, and policy evaluation results.

Behavioral analysis of agent-tool interactions that establishes baselines and flags deviations in real time. Detects unusual tool call patterns, unexpected parameter values, and suspicious sequences.

Advanced client and agent identity verification with cryptographic attestation, tamper-proof mechanisms, and zero-trust authentication.