diff --git a/hermes-k8s.yaml b/hermes-k8s.yaml
index 7bce795..1131c31 100644
--- a/hermes-k8s.yaml
+++ b/hermes-k8s.yaml
@@ -22,7 +22,7 @@ spec:
         fsGroup: 1000
       containers:
         - name: hermes-mcp
-          image: localhost:32000/hermes-mcp@sha256:d98ef6d2fde25c11233f614f839b09958bfb772c9a5b26fe8374cf6ffd5417a2
+          image: localhost:32000/hermes-mcp@sha256:6685df4c86cceeaeb645c9ccee32f9396915a7c30e57f685945056c92516723d
           imagePullPolicy: Always
           securityContext:
             allowPrivilegeEscalation: false
diff --git a/src/oauth.ts b/src/oauth.ts
index 50dd53a..369491a 100644
--- a/src/oauth.ts
+++ b/src/oauth.ts
@@ -181,10 +181,14 @@ export async function createAuthCode(
   return code;
 }
 
+const CHATGPT_CALLBACK_RE = /^https:\/\/chat\.openai\.com\/aip\/g-[a-f0-9]+\/oauth\/callback$/;
+
 export function isValidRedirectUri(uri: string, registeredUris: string[]): boolean {
   for (const registered of registeredUris) {
     if (registered === uri) return true;
     if (registered === 'http://localhost:*' && /^http:\/\/localhost:\d+(\/|$)/.test(uri)) return true;
+    // Allow any ChatGPT GPT callback — GPT ID changes every time the GPT is saved
+    if (registered === 'https://chat.openai.com/aip/*/oauth/callback' && CHATGPT_CALLBACK_RE.test(uri)) return true;
   }
   return false;
 }