December 24, 2025

Merry Christmas: new scope for tokens, tb fmt and more

Santa Claus has arrived and brought with him some new features and changes to Tinybird. We hope you have a Merry Christmas! 🎄

New `WORKSPACE:READ_ALL` scope for static tokens

We've introduced a new token scope that provides read access to workspace resources without requiring the overly permissive ADMIN scope, nor requiring to go through a deployment. This new scope is particularly useful for tokens used by external BI tools and SQL clients that connect to Tinybird using the Clickhouse HTTP Interface

tb --cloud token create static your_token --scope WORKSPACE:READ_ALL

Or without the --cloud flag to create it in Tinybird Local (make sure you upgrade your Tinybird Local instance)

You can also use it via the Tokens API.

  • Provides read access to all resources in a workspace
  • Includes datasources, pipes, endpoints, workspace service data sources, and system tables
  • Does not include ORG_DATASOURCES:READ permissions
  • Can be combined with other scopes as needed

You can read more in the Tokens docs.

`tb fmt` command now available in Forward CLI

The Forward CLI now includes a tb fmt command that formats .datasource and .pipe files with opinionated formatting rules. Connection files are not yet supported.

Key features:

  • Applies consistent formatting and may reorder file properties
  • Supports --line-length, --dry-run, --yes, and --diff options
  • Removes # comments (use DESCRIPTION or comment blocks instead)
  • Can be added to git pre-commit hooks for automatic formatting

Read all options in the tb fmt documentation.

Organization admins required to add members when domain is set

When an Organization has a domain configured, only Organization admins can add new members to a Workspace. This change ensures that member management follows the Organization's domain policies and maintains consistent access control across all Workspaces within the Organization.

Improvements and bug fixes

  • [All]: Raised the limits for number of Copy Pipes per Workspace. See Copy Pipe limits for more details.
  • [Classic]: Fixed tokens in existing datasource files not being updated when using tb push -f
  • [MCP]: Fixed text_to_sql and explore_data tools not working when using JWT.
View previous update