What's new for admins

The notable admin-facing changes in recent EasyCC releases. For the user-facing version, see What's new.

Recent highlights

Approaching v1.0 — admin surface is feature-complete for first release.

Managed configuration — Windows registry + macOS plist, Chrome-style enforced/recommended split, all 17 fields ready
Service-provider bundles — bootstrap.json for partner pre-seed (agents, skills, MCP servers, branding, provider, policy)
Self-hosted update mirrors — point update_endpoint at your server; signature verification stays intact
Update deferral + force-install — max_update_deferral_hours and force_update_after_hours control when users see and must install updates
Machine-wide Windows install — perMachine NSIS for Intune / SCCM / GPO fleet deploys
Silent install flags — --silent-first-run, --autostart-hidden for unattended deploys
OS keychain secret delivery — secret_ref: keychain: URIs with Windows Credential Manager + macOS Keychain support
Phase 2 — Safety scanner policy — 5 lockable fields for the prompt-injection scanner
Phase 2 — Token efficiency policy — Per-field lock on the 5 cost-saving features
MDM templates — Intune Settings Catalog import, Jamf .mobileconfig, Group Policy ADMX/ADML

Initial managed-config support — Windows registry / macOS plist, basic field set
Auto-update integration — minisign-signed manifest + binaries
Telemetry opt-in — off by default, configurable

Feature	Status
Claude permissions overlay (`claude_permissions_allow/ask/deny` managed fields)	v2.1 — awaiting first-class Claude integration surface
Safety audit log forwarding (`safety_audit_file_sink` + IPC export)	v2.1
Safety model pre-cache (`safety_pre_cached_model_path` + installer copy)	v2.1
MCP env-var secrets in bundles	v2.1
Per-Agent and user-scope `claudeSettings` bundle sections	v2.1

Feature	Why deferred
SVG / logo support in branding	Untrusted SVG is an XSS vector; needs a sanitizer
Linux `.deb` / `.rpm` + managed config	Out of v1 product scope
Signed bundles with partner-controlled keys	Requires pubkey override plumbing in `tauri_plugin_updater` that doesn't exist yet
Additional `secret_ref` schemes (`env:`, `oauth:`, `provision:`, `prompt:`)	v1 ships keychain-only; each deferred scheme needs its own design
`bundle_url` remote fetch	Needs ETag caching, signed-bundle trust, offline-fallback story
Flatpak / Snap managed config	Sandbox breaks `/etc` access; needs packaging-specific lookup
Pubkey override for self-hosted mirrors	Lets partners re-sign manifests with their own keys
SIEM-native format adapters (CEF, ECS, syslog)	v2 ships JSONL; SIEM ingesters expected to map fields client-side

For up-to-date roadmap status, see the internal ROADMAP.

We try to avoid breaking changes in admin-facing surfaces. The few we've made:

March 2026: installMode switched from perUser to perMachine. Existing perUser installs continue to work but new installs are machine-wide. Plan for the UAC-prompt implication on standard-user fleets — see Silent install flags.

For breaking change notifications going forward, signed-in admins receive an email when a release includes one.

When you move between versions, a few things to know:

Managed-policy schema — backward compatible; new fields are optional. Older versions ignore unknown fields.
Bundle schema — same; schemaVersion lets future bundles work on older clients with new fields ignored.
ADMX templates — when new policy fields are added, the ADMX is updated. Replace the ADMX in your Central Store; existing values keep working.

For pre-release access for admin testing, pin the release_channel to beta for a pilot ring. See Pin a release channel.

For admin-specific features:

For enterprise customers with a dedicated contact: route through them.

We use admin feedback to prioritize the v2 admin surfaces, especially around SIEM forwarding, signed bundles, and the deferred Phase 2 fields.