Updates from 2026

Two things landed today that change how greyout handles team access. Sign in with Google or GitHub instead of email-only, and onboard a whole team automatically by verifying your domain — no invite links to chase.

What's live

• Sign in with Google or GitHub alongside the existing magic-link flow. Pick the provider on the sign-in screen. First-time sign-in creates the account just in time, so a new colleague never sees a register form. Microsoft Entra is wired but disabled while Publisher Verification finishes on Microsoft's side — coming in a follow-up.
• Verified domains under Settings → Verified domains. Add your domain, place the DNS TXT record we hand you at _greyout-verify.<your-domain>, click verify. From that point on, anyone signing in with an email at that domain auto-attaches to your workspace at the role you choose.
• Members under Settings → Members shows everyone with access. Change a role inline from the dropdown. Remove access without leaving the page. The last owner cannot be demoted or removed — built-in safety rail so a workspace never ends up without an admin.
• Permissions under Settings → Permissions lets owners toggle what each role can do, per workspace. Defaults ship sensible — owners run the workspace, members operate monitors and acknowledge incidents, viewers see but cannot change. Override any of it when the team works differently.

What changed for you

If you have ever invited a teammate by sending them a magic link and then remembering to set their role afterwards, that workflow is gone. Set up a verified domain once and every new colleague who signs in is already in your workspace at the right role from their first second.

For solo accounts nothing changes. The magic-link flow continues to work exactly as before and you do not need to set up anything new.

Documentation

• Verified domains
• Members
• Role permissions

Two things landed this week. A new Blocklist monitor that checks whether your domain or sending IPs appear on the major email blocklists, and a fully fleshed-out Report tab for every other check type. The "ships in a future sub-PR" placeholders are gone.

What's live

• Blocklist monitor — Spamhaus ZEN, Barracuda Reputation, SORBS, SpamCop, URIBL and SURBL all queried in parallel every six hours. Listings surface in a dedicated Report with the exact zone that flagged you, what was queried (an IP or a domain), and the response code the blocklist returned. Most DNSBLs encode the listing reason in that response code, so the report tells you not just "you are listed" but "here is why".
• Per-check Report tabs — SSL, DNS, Domain expiry, Security headers, Broken links and Robots/sitemap now each open into a Report tailored to the check. Letter grades for headers. Drift detection with the previous fingerprint inline for DNS. Side-by-side reachability for robots.txt and sitemap.xml. Cert chain rendered as cards. Broken-links table with clickable URLs and status codes.
• Settings tabs on every check — read-only summaries of what each monitor is configured to do, including the cadence, scope, thresholds and baselines. Configurable forms for these settings land in later sub-PRs.

What changed for you

If you had monitors set up on anything other than Uptime, they were collecting data already but the Report tab was a stub. That changes today. Open any SSL, DNS, Domain, Headers, Links, Robots or Blocklist monitor and you see what the probe actually saw — not a placeholder telling you the data is on its way.

Documentation

• Agent MCP integration
• Blocklist monitoring

greyout is now agent-native. Any MCP-aware AI tool — Claude Code, Claude.ai, Cursor, Aider, custom — can connect with a single URL and run real monitoring workflows.

What's live

• https://mcp.greyout.io/mcp — hosted HTTP MCP server (Streamable HTTP transport, JSON-RPC 2.0) with auto-renewing TLS.
• OAuth 2.0 Authorization Server at app.greyout.io with three flows: Authorization Code + PKCE (browser MCP clients), Device Grant (terminal CLIs), Refresh Token (silent rotation).
• Dynamic Client Registration (RFC 7591) — clients self-register without a human in the loop on our side.
• Discovery via standard metadata documents: /.well-known/oauth-protected-resource (RFC 9728) and /.well-known/oauth-authorization-server (RFC 8414).
• Per-device permission management — grant or revoke individual scopes from Settings → Authorized devices without disconnecting the whole device.

What changed for you

The earlier per-token spending cap is gone. greyout's plans are subscription tiers (binary moves between Starter / Pro / Business), so a metered cap was complexity without product value. Billing actions are now gated purely by the billing:authorize scope — granted to a device only if you tick the box on the consent screen (off by default for safety).

Documentation

• How to connect an AI agent to greyout
• OAuth integrator notes

A heavy day — a lot of the redesign lands back-to-back.

Native probes

We replaced the third-party probe stack with our own:

• Native HTTP uptime probe.
• Native SSL certificate probe.
• Native domain expiry probe — no more upstream rate limits.
• The old dependency is gone from the codebase entirely.

Result: simpler architecture, faster probes, every checker is greyout's own code.

Scheduler split

The scheduler now runs on a dedicated workers host, separately from the web app. They never compete for the same minute of work — alerts dispatch from exactly one place.

Workspace overview

The org-level overview page is now a linear list of projects, sorted by worst-status, scannable in one glance.

Theme toggle

Light + dark themes, with an AA-pass light palette. System / Light / Dark settings stick in a cookie, and the inline boot script means no white flash on a dark-themed user's first paint.

Maintenance windows

Planned maintenance periods (one-off + recurring) — open incidents within a window are automatically suppressed and re-evaluated when it closes.

Monthly reports

Per-workspace monthly digest — settings, on-demand generator, and a scheduled dispatcher that emails each owner on the 1st.

Per-project notifications

Notification channels are now scoped per project rather than workspace-global. Plus per-channel opt-outs and per-project throttling so a noisy day on one project doesn't wake you for the others.

Public status badges

<img src="https://app.greyout.io/badges/<token>/uptime/large.svg"> — embed an at-a-glance status badge anywhere. SVG, no auth, no cookies, regenerable token if the URL leaks.

Incident rules

A new per-type incident catalog with a Settings page. Every check kind (uptime / SSL / DNS / headers / robots / domain) gets its own rule set: when does a sample become an open incident, how long until it closes, what counts as a flap.

• Rule-aware ingest — workers route through apply_to_monitor so changes take effect on the next probe.
• Retroactive recompute — change a threshold, the system re-evaluates recent history without re-running probes.

Project-first redesign

The first slice of a project-first redesign (inspired by Oh Dear) lands today:

• Bundles backfill into proper projects under the hood — no migration on your end.
• New Add Project flow at /projects/new with an in-page plan-limit banner instead of a hard redirect.
• Project overview with an Active / Disabled card grid.

Polish

• Sidebar collapses by default, project actions menu (kebab) with cascade-delete confirmation.
• Breadcrumbs with full clickable path on every page.
• Header horizon: status-driven colour with a subtle ambient sweep — at-a-glance whether everything's green.
• App-shell layout fixes — sticky sidebar, header inside the content column, borders all line up now.

Big day for the dashboard.

Live by default

The Overview now refreshes itself in the background — one update touches every tile (KPIs, activity feed, incidents breakdown). No more F5.

Projects

A first-class Projects concept: group monitors by what they're protecting (a website, a SaaS, a customer environment). New CRUD page, project-scoped detail view, sidebar surface, and a project picker on the monitor-create form.

Monitor bundles

One URL → multiple checks → one tile. Bundle uptime + SSL + headers for the same domain into a single dashboard card so the noise stays low.

Multi-workspace

• Plan-based caps on monitors / workspaces / channels — enforced at create time, surfaced as in-page banners (not redirects).
• Workspace creation flow + a sidebar switcher so you can hop between accounts without logging out.

Smaller wins

• /monitors/new redesigned with category-grouped chips + collapsible advanced section.
• Sidebar groups are now collapsible.
• Auto-dismiss toasts, per-check timeline, window dropdown on detail pages.
• New Incidents overview page + checks/incidents tab on monitor detail.

• Per-check latency captured for headers / links / robots workers — surfaces in the monitor detail timeline.
• Type-aware status labels — security-header issues now read FAIL, expired SSL reads EXPIRED, etc., instead of a generic "down".
• Nightly aggregation job rolls raw samples into daily rows + prunes anything beyond your plan's retention window. Database stays small even on long histories.
• One-command deploy spec for app.greyout.io — push to main and the new revision rolls out automatically.
• Realtime heartbeat sync — incidents reflect on the dashboard within seconds, not on the next polling tick.
• Sessions now live 6h sliding + 30 days remember-me. Less re-login friction.

Six checker types are now running end-to-end:

• HTTP uptime — periodic GET with status + latency capture
• SSL certificate expiry watch
• Domain expiry watch
• DNS record drift detection
• Security headers audit
• Open-port scan
• robots.txt / sitemap.xml diff watcher

Each runs on the standalone scheduler runner so the web app stays light.

Other shipping today

• Monitor create / delete UI — the dashboard has a left-rail sidebar with module breakdown.
• Ingestion endpoints under /api/v1/ingest/* so external probes can post results in.
• Settings → Ingestion tokens page + a CLI for headless rotation.
• Workers host deploy — reverse proxy + container setup for a separate machine that runs the realtime probe stack.

First commit. greyout is a unified monitoring SaaS — one place to track uptime, SSL, DNS, domain expiry, security headers, and scheduled-job heartbeats for every project you ship.

The bones land first: database schema, workspace model, plan tiers, and the application scaffolding everything will hang off in the coming weeks.

More to follow daily.