v0.36.0
โจ New- Tines Cases integration
- RunReveal integration
- New Audit Logging UI / UX
- Detection agents now display query hit counts for better visibility
- Minor detection agent improvements
- SumoLogic environment mapping enhancements
- Agent builder UI improvements
- Fixed custom Databricks & MCP server logos display
- Fixed title truncation and button labels in UI
- Fixed structured outputs rendering in chat
- Fixed diff generation for prompt suggestions
v0.35.0
โจ New- Suggested Detections Tab: Cotool now automatically suggests good detection rule candidates to improve coverage in your environment
- RunReveal integration for log analysis and detection authoring
- MCP Resources support for attaching context from MCP servers to chats
- Enhanced Slack tooling: Slack now supports file attachments alongside sent messages (screenshots, charts, pdfs, etc.)
- Code42 integration improvements
- More reliable evaluations
- Fixed share option appearing incorrectly on agent pages
v0.34.0
๐ฌ Slack Improvements ๐ฌ- Replying to Cotool in a thread will continue the existing agent run
- You can now DM Cotool and it will create a private chat which can be continued in ๐งต
- The full details are here. You will have to reauth the Slack integration to use the DM feature.
- PagerDuty integration (also is supported as a Detection Agent Destination)
- API key authentication support for custom MCP servers
- Slack threads with Agents are now re-entrant
- GPT-5.2 is now the default model for new chats
- Enhanced sandbox code execution display in chat event drawer
- Improved email parsing for triggers with better decoding and formatting
- Fixed Slack integration issues for large organizations
- Fixed trigger save errors when configuring agent triggers
- Fixed miscellaneous alert display issues
v0.33.0
โจ New- Chat sharing for collaboration on agent conversations
- Slack as a detection output destination
- Slack confirmations allowing agents to request user approval before taking actions
- GPT-5.2 model support
- Enhanced agent template capabilities with tool associations
- Increased frontend timeout values for long-running operations
- Fixed Scanner tool definition backwards compatibility issue
v0.32.0
โจ New- Sumo Logic integration
- Enhanced Scanner indexing with improved detection suggestions
- In-agent Scanner validation for detection authoring
- Admin controls to disable login methods (Google, password, SAML)
- Fixed GitHub create PR tool
- Fixed Formal integration
v0.31.0
โจ New- Tags for agents and detections with sortable, filterable tables
- Custom scheduling cadence for detection agents
- Google Admin integration for detection authoring
- Agent run infrastructure is more durable
- Detection agents can now use other agents as tools
- Improved reasoning token streaming and updated reasoning UI behavior
- Detection authoring experience improvements
- Chat interruption handling with improved UI feedback
- Agent details full screen button now has a tooltip
- Schedule status chips for detection agents
- Improved detection and agent list pages with better table controls
- Various visual UI and UX fixes
- Fixed missing fields in detection builder
- Fixed memories CSV export error
v0.30.0
โจ New- Agent templates for quick setup and common use cases
- Output destinations for detection agents
- Toggle to enable or disable detection agents
- Unsaved changes warning now appears across all pages
- Fixed streaming state not updating correctly in chat
- Fixed execution plan display in chat message timeline
v0.29.0
โจ New- ๐ Our Agentic Detections Platform is out in Beta ๐: Our detection platform allows for users to specify complex detections which go beyond rule-based detections to catch complex threats in their environment.
- Check out the detections tab in Cotool to see detection suggestions for your environment!
- TheHive: Create case from alert capability
- Improved Splunk querying capabilities
- Enhanced datetime handling utilities
- Fixed Jira 204 response handling
- Fixed detection authoring for Scanner
v0.28.0
โจ New- Slack integration now supports targeting groups and channels in addition to individual users
- Enhanced Splunk query validation with parser that identifies invalid fields
- Added listApps tool and improved detection tools for Splunk integration
- Improved subagent tools display and UX in chat interface
- Added updatedAt filter to TheHive listCases and updated listAlerts
- Fixed Unix timestamp conversion in datetime utilities
- Fixed table component rendering issues
- Fixed trigger email rename functionality
- Fixed agent run deletion from chat page
v0.27.1
๐ Improvements- Enhanced theHive integration with improved filtering capabilities
- Fixed persistent context compression notice remaining visible across chat navigation
- Fixed navigation bug after deleting a chat
- Fixed memory handling for code42 integration
- Agent triggers are now automatically deleted when their parent agent is deleted
v0.27.0
โจ New- Claude Opus 4.5 model now available for agent conversations
- Improved structured output schema handling with dedicated JSON schema types
- Added comprehensive documentation for structured outputs
- Refreshed tool environment map UI for better usability
- Improved pie chart component consistency
- Fixed login page styling issues
- Fixed โshow raw outputโ button in tool result drawer
- Fixed automatic saving and scrolling in schema builder JSON mode
- Fixed Crowdstrike integration errors
v0.26.0
โจ New- Structured outputs for agents: Define JSON schemas to receive structured responses from agent runs
- GPT 5.1 model support
- Formal integration for infrastructure access management
- URLScan now prefers private scans by default for enhanced privacy
- Improved retry configuration for better reliability
- Restored tool call ordering for consistent execution
- Enhanced timeout logging for background jobs
- Reduced MITRE map file size for improved performance
- Fixed prompt suggestions type handling and checkpoints
- Fixed socket connection stability issues
- Fixed sending messages from the side panel
- Fixed various agent loop bugs
v0.25.0
โจ New- Role Based Access Control is now live!!! See the documentation for how to get started
- Enhanced Splunk query refinement and tool prompts
- Context counter now displays warning when approaching limits
- Detection documentation published
- Splunk timeout configuration now available in frontend
- Webhook details now displayed when editing
- Fixed JSON repair handling for empty objects and nullable fields
- Fixed icon display issues in documentation
v0.24.0
โจ New- Integration enable/disable feature: You can now enable or disable integrations from the tools details page without removing credentials
- Enhanced Splunk search with pagination, automatic query timeout (with query cancelation) after 2 minutes
- Removed Splunk wildcards on index parameter and prefix wildcards to prevent performance degradation
- Made endTime parameter required for SentinelOne PowerQuery
v0.23.0
โจ New- Built-in Managed Investigation Agent with Intel Feed exposure checking
- Planning mode selector in agent creation UI
- Filter built-in agents from agent builder UI
- User email now included in application logs
- Google Drive auth now displays authenticated user
- Delete user button added to accounts page
- Cron-triggered agent run titles are now static
- Fixed SentinelOne and agent system prompt issues
- Streamlined Google Drive authentication flow
- Fixed type errors in agent loop
- Removed
anytype usage for better type safety - Agent loop no longer throws unhandled errors
- Fixed missing tools in agent execution loop
v0.22.0
โจ New- Elasticsearch integration with MITRE mapping
- Sublime Security MDM documentation tool
- Account listing functionality
- theHive comment function requirements clarified
- Visual feedback when saving settings
- Fixed ephemeral authentication failure issue
v0.21.0
โจ New- Confluence documentation integration
- Agent performance metrics in logs and lists
- Scanner environment job with dedicated UI
- Added support for observables in theHive
- API documentation improvements
- Fixed 400 error responses
- Removed LRU cache from tool credentials
- Fixed insights page default graph and tab
- Fixed documentation generation
v0.20.0
โจ New- Mintlify documentation site
- MITRE rule mapping optimization
- Chat access permissions simplified
- Fixed memory tool association bug in UI
- Fixed missing chat retrieval bug
v0.19.0
โจ New- Scanner environment job and UI
- Consolidated and deduped prompt suggestions
- Updated Linear webhook configuration
- Fixed document search authentication issues
- Fixed chat repository issues
- Fixed token counter for LLM judge
v0.18.0
โจ New- AI-powered agent suggestions feature
- Evaluation scores in agent run detail headers
- Context manager applied to LLM judge evaluations
- Fixed API documentation rendering
- Fixed possible recursive agent reference issue
v0.17.0
โจ New- Task planning in chat and agents
- Extended agent execution loop retry policy
- Wiz integration with projectId filtering
- Improved model selector UI
- Fixed context error when generating agents from chat
- Fixed Document Parser 404 responses
- Multiple database query fixes
v0.16.0
๐ Improvements- Linear status detection for better model understanding
- More aggressive context window management
v0.15.0
โจ New- LLM judge scoring in agent details UI
- Context manager implementation
- User deletion capability for admins
- Fixed visual bugs in agent evaluation UI
- Fixed chat interruption error display
- Fixed Splunk and Hive schemas for Gemini/OpenAI
- Fixed time conversion tool for OpenAI
v0.14.0
โจ New- Organization insights dashboard with metrics
- Slack message writing guidance
- Fixed time conversion tool schema for Gemini
v0.13.0
๐ Improvements- Token counter improvements
- Fixed webhook trigger errors
- Fixed 404 error handling
- Fixed null/undefined content checks
v0.12.0
โจ New- Tool cache versioning
- Jira tool updates
- Reasoning token saving for Anthropic models
- Fixed agent follow-up in agent details
v0.11.0
โจ New- Agent details page redesign
- Stop chat during tool call execution
- Token counter and context window improvements
- Agent linking to sub-agents
- Fixed critical error display
- Fixed Document Parser image parsing
- Fixed deleted chat error
v0.10.0
โจ New- Chat title updates now stream in real-time
- Error classification and handling improvements
- Token counting accuracy
- Fixed SentinelOne 504 errors
- Fixed Linear tool null pointer exception
- Fixed thumbs feedback icon in light mode
v0.9.0
โจ New- Material Security integration
- Sentry error tracking improvements
- Scanner query timeout extended
- Splunk tool descriptions
- Fixed sliding context window implementation
v0.8.0
โจ New- Intel Feed integration
- Sentry error tracking
- Memory tool improvements
- Splunk mapping with retry logic
- Fixed SentinelOne issues
- Fixed object generation flakiness
- Fixed memory bugs
v0.7.0
โจ New- Email trigger functionality
- SentinelOne MITRE mapping
- Splunk mapping optimizations
- Fixed email trigger issues
v0.6.0
โจ New- Time conversion tool
- Detection authoring capabilities
- Fixed agent system prompt bug
- Fixed tool schema parsing
v0.5.0
โจ New- Scheduled job execution
- Slack attachment parsing
- IP lookup tool error handling
- Fixed detection counts
- Fixed Splunk issues
- Fixed browser-use error rendering
v0.4.0
โจ New- Memory management in UI
- Splunk exploration capabilities
- SentinelOne tool enhancements
- Fixed chat migration issues
- Tool call loop error handling improved
- Fixed Scanner implementation
v0.3.0
โจ New- SAML login audit logging
- Scanner integration with MITRE mapping
- Splunk integration with MITRE mapping
- SentinelOne PowerQuery functionality
- Auto-provision access for SAML logins
- Agent description notice improvements
v0.2.0
โจ New- SAML authentication support
- Hive integration
- Splunk integration
- Increased Claude Sonnet context window
- Fixed Hive authentication