April 27th updates

Highlights

Quantitative answers in Deep Search

Deep Search can now count, rank, and aggregate across search results, not just find them.

Deep Search has always been good at finding and explaining code. It can now also count, rank, and aggregate it without blowing up the context window.

A new sandboxed scripting tool lets the agent run programmatic aggregations across many searches in a single turn. Questions that don't fit into a single query, e.g. top-N rankings, cross-search joins, distributions across many files, can now be answered end-to-end, with every underlying search still cited so you can verify how the answer was assembled.

With the new tool, Deep Search offers Code Search's depth and exhaustivity combined with agentic reasoning capabilities for computing complex results behind a natural language prompt. When a question calls for exhaustive research, the agent fans out, processes every match across many precise queries, and aggregates them into the answer.

For example, ask Deep Search: "In github.com/kubernetes/kubernetes, who left the most TODO(<username>) comments? Show the top 15." Deep Search iterates through every match, groups by author, and returns a ranked table, instead of just the first page of hits.

The same shape unlocks questions that previously meant exporting search results and scripting against them yourself:

"How far along is the interface{} → any migration in golang/go? Break it down by top-level package."
"In microsoft/vscode, which files have been touched in the most fix/bugfix commits in the last 6 months, and who's been fixing them?"
"List the top 20 internal Go packages in sourcegraph/sourcegraph by number of distinct other internal packages that import them."
"Which files were most frequently modified in the past year and who made changes to them?"
"What's the total of all resources (cpu + mem) across all deployments on k8s in myorg/infra?"

Details

Improvements

Deep Search Make diff search accept array of authors

Diff search can now filter by multiple authors.
Deep Search Add Deep Search scope keyboard shortcut

Added keyboard shortcut (Cmd/Ctrl+Shift+,) to open the scope picker directly from the Deep Search composer.
Deep Search Evaluator tool for code execution

Added a code execution 'evaluator' tool to Deep Search that allows sandboxed Lua scripts to call keyword, regex, commit or diff searches and process results programmatically.
Batch Changes Add commit signing toggle to OAuth credential flow

Added commit signing toggle to OAuth credential configuration flow for batch changes. Users can now enable SSH commit signing when configuring credentials via OAuth (GitHub, GitLab), matching the functionality previously available only in the PAT flow.
Administration Show last event received date for webhooks
Administration SITE_CONFIG, EXTSVC_CONFIG json support

As an alternative to SITE_CONFIG_FILE and EXTSVC_CONFIG_FILE, the entire contents of advanced configuration and external service configuration can now be provided using SITE_CONFIG and EXTSVC_CONFIG respectively.
GitHub Link webhooks to apps correctly and clean up when app deleted

When creating a GitHub App from Sourcegraph, the corresponding webhook handler is now linked to the App, and deleting the App in Sourcegraph deletes the webhook handler as well.
RBAC Add user management admin permissions

Non-site-admin users can now manage users, organizations, roles, and permissions when explicitly granted USER_MANAGEMENT#{READ,WRITE} RBAC permissions.
RBAC Add integration management admin permissions

Added INTEGRATION_MANAGEMENT#{READ,WRITE} RBAC permission to allow non-site-admin users to manage Slack, incoming webhook, and outbound webhook integrations
RBAC Add entitlement admin permissions

Non-site-admin users can now manage entitlements when explicitly granted ENTITLEMENT#{READ,WRITE} RBAC permissions.

Fixes

Deep Search Scope list_repos by search context id

Scoped listRepos to the active search context when a repo-defined search context is selected.
Deep Search Recover from failed conversation creation
Code Search Select suggestions by position

Fixed an issue where multiple suggestion rows could appear selected simultaneously during Query assist refreshes
Code Search Intersect identical rev:at.time revisions across repo patterns
Batch Changes Improve select all of changesets on batch changes preview page

The Select all button now appears consistently and is more responsive while selecting all changesets on the preview page.
Batch Changes Improve select all of changesets on batch changes detail page

Select All on the batch changes changeset details page will now lazy select all changesets.
Authentication Add sign out button to password reset page
GraphQL Restore repository createdAt field

Restored the GraphQL field Repository.createdAt to return the persisted repository timestamp instead of synthetic time.Now() data.
Licensing Fix config watcher to write license state to correct Redis key

Fixed license key changes taking up to an hour to take effect.
RBAC Improve RBAC permission error message formatting

Improved RBAC permission error message formatting for better readability (e.g. "missing READ permission for REPO_MANAGEMENT" instead of "user is missing permission REPO_MANAGEMENT#READ").
Security Upgrade github.com/go-jose/go-jose

Upgraded github.com/go-jose/go-jose to address CVE-2026-34986, a potential denial of service vulnerability in JSON Web Encryption decryption.
UI Polish web app UI components
- Adjusted core navigation popover positioning
- Fixed button shadows in icon variant
- Fixed code insights creation UI layout
- Removed pressed translation CSS rule to prevent layout shifts
- Fixed resizable panel bug when conditionally rendering panels
- Simplified search result UI by removing unnecessary headings
Frontend Handle /-/logout and guard middleware against nil next
Notifications Automatically clear repository sync failure notification

Repository sync failure notifications are automatically cleared after a successful sync
Searcher Count content matches when both path and content match

In non-indexed regex search, when both path and content matching are enabled, searcher now evaluates content even when paths match, ensuring content matches contribute to result counts and aligning counting semantics with indexed search.

Removed

Code Intel Remove squirrel callers from frontend

Hover tooltips, highlights, and basic code navigation in search-based mode are now powered by Syntactic code navigation.