Skip to content
← Back to release notes
v0.63.0 stable major release

Release v0.63.0

Apr 25, 2026

Major release: AI-agent tenant provisioning over MCP, OAuth 2.1 for AI assistants, macOS GUI installer, and a deep security audit.

AI & Automation

  • MCP Bootstrap (preview): an AI assistant connected to Breeze can now provision a new tenant end-to-end — create the tenant, verify it, attach a payment method via Stripe, and send out deployment invites — using a small set of well-scoped MCP tools.
  • OAuth 2.1 with Dynamic Client Registration and PKCE: Claude.ai, ChatGPT, and other AI assistants can now authenticate to your Breeze workspace through standard OAuth, instead of pasted API keys. Feature-flagged behind MCP_OAUTH_ENABLED.
  • OAuth grant revocation now invalidates sibling access tokens immediately so de-authorizing an AI client takes effect without waiting for token expiry.

Deployment

  • New macOS GUI installer app: a Swift-based installer with bootstrap tokens makes onboarding new Mac devices feel like installing any other native app.
  • Fresh installs of the v0.63 schema now apply migrations in the correct order regardless of when they were authored.
  • Linux SHA256 verification command in the install UI now matches the format the agent actually expects.

Web App

  • Move a device between organizations or sites from the new Change Site modal.
  • Download uninstall scripts directly from the device page, and reload after switching organization or site.

Security & Compliance

  • Closed six HIGH and roughly twenty MEDIUM findings from the most recent security audit covering OAuth, authentication, WebSocket scoping, SSRF, and dependency CVEs.
  • Tightened API key middleware so a key bound to no partners no longer accidentally grants access to MCP tools.
  • External services authentication is now scoped to its own routes instead of the entire app.

Reliability

  • macOS helpers now uninstall cleanly when a Configuration Policy disables them, with a fallback path that handles edge cases on older systems.
  • Linux agent caps shutdown time and recreates its runtime directory on boot so it always restarts cleanly.
  • AI assistant tools that return device or alert IDs now serialize big integer values correctly.

This is a milestone release. The headline is MCP Bootstrap, our first end-to-end AI-agent provisioning flow: a connected assistant can create a Breeze tenant, run KYC via Stripe, attach a payment method, and send installer invites — entirely through MCP tools, without a human clicking through the UI. It ships behind a feature flag while we onboard early customers.

To make that work safely, we also shipped a full OAuth 2.1 + DCR + PKCE stack for AI clients. This replaces the previous pattern of pasting API keys into Claude.ai or ChatGPT with a real OAuth handshake, including refresh tokens, grant-wide revocation, and per-grant rate limits. Both Claude.ai and ChatGPT will use this path going forward.

There’s also a brand-new macOS GUI installer app for onboarding Macs the same way you’d install any other native macOS app, and a substantial security audit pass that closed six HIGH findings and roughly twenty MEDIUM findings across OAuth, auth, WebSocket scoping, and dependency CVEs.