Tracecat 1.0.0-beta.39

Highlights

• Internal OIDC issuer for MCP authentication (#2457)

Security

• bump defu to 6.1.5 (#2490)

Integrations

• drop incorrect .data on run_python step results (#2494)

Agents

• autocompact context window at 128k for custom models (#2492)
• bump buffer stdout cap to 5mb (#2495)

Bug fixes

• autocompact context window at 128k for custom models (#2492)
• drop incorrect .data on run_python step results (#2494)
• bump buffer stdout cap to 5mb (#2495)
• assume AWS role on host before sandbox entry (#2453)

Others

• lazy-load sidebar and workflow catalog hooks (#2504)
• Allow continuing existing agent sessions with caller-supplied session_id (#2500)
• Builder oauth preset validation (#2502)
• add refresh token support to internal OIDC flow (#2493)
• Add CopyButton to Agents dashboard to copy tracecat correlation ID (#2491)

Dependencies

• bump defu to 6.1.5 (#2490)

Thank you to all our contributors for making this release possible!
@daryllimyt, @jordan-umusu and @topher-lo

Tracecat 1.0.0-beta.38

• restore aws_role auth for llm_proxy (#2476)
• restore autoHeight for inline AG Grid in case linked rows (#2482)
• add self-hosting security hardening page (#2481)
• add missing signature field to thinking blocks and condit… (#2477)

Enhancements

• Harden nsjail sandboxes with seccomp filtering (#2478)

Bug fixes

• reuse existing cluster on up instead of always creating new (#2485)
• centralize secret validation and make USER_AUTH_SECRET required (#2467)

Documentation

• Make AGENTS guidance agent-agnostic (#2484)
• document JSONPath missing field behavior and clarify operator syntax (#2479)
• clean up bold, convert Notes to paragraphs/Info, organize FAQs (#2475)
• Format FAQ sections as accordions (#2473)
• Refine secrets and variables documentation (#2474)
• add secrets and variables in agents page (#2472)

Thank you to all our contributors for making this release possible!
@daryllimyt, @jordan-umusu, @mintlify[bot], @topher-lo and mintlify[bot]

Tracecat 1.0.0-beta.37

• Fix approval proxy metadata stripping (#2469)
• enforce workspace scoping for tag links (#2206)

Agents

• add reasoning support to llm proxy (#2460)
• strip internal proxy metadata from tool args (#2456)

Bug fixes

• centralize secret validation and make USER_AUTH_SECRET required (#2467)
• add reasoning support to llm proxy (#2460)

Documentation

• add secrets and variables in agents page (#2472)

Thank you to all our contributors for making this release possible!
@daryllimyt, @jordan-umusu and @topher-lo

Tracecat 1.0.0-beta.36

• Add case field kind to udf and drop col uuid / timestamp type (#2434)
• enforce RLS on dynamic workspace schemas (#2212)
• show tiers settings page regardless of multi-tenant mode (#2435)
• Support case closure requirements on fields and dropdowns (#2433)
• Add custom fields long text and url support (#2431)
• add bulk comment, append description, and custom dropdown actions (#2430)
• bump claude-agent-sdk to 0.1.51 (#2428)
• fail immediately when workflow definition is missing (#2423)
• harden GitHub Actions workflows (#2419)
• codex mcp (#2417)
• Remove provider assume-role vars from Fargate (#2416)
• Version sync for beta.35 (#2415)
• Pin github actions shas (#2414)
• Clean up local registry compose wiring (#2404)
• drop unsafe no auth (#2413)
• remove auto-update.sh from production image (#2411)
• support enterprise SSH users in git URLs (#2407)
• enforce entitlements in UI (#2381)
• MCP preset tools and pagination (#2405)
• stop workflow graph layout drift (#2401)
• local registry support (#2337) (#2338)
• skip Claude SDK version check on hot path (#2399)
• wrap long sync repository URLs (#2396)
• consume k8s chart releases from submodule (#2397)
• Add MCP service deployment (#2331)
• merge required OIDC scopes into client registration and aut… (#2391)
• split agent-executor into agent-worker and agent-executor services (#2380)

Security

• pin patched versions for Dependabot security alerts (#2462)

Integrations

• use workspace variable as default CrowdStrike base_url with parameter override (#2437)

Agents

• drop parallel_tool_calls param for custom model providers (#2455)
• clamp max tokens >= 1 (#2450)
• flush session jsonl at turn end (#2442)
• passthrough the agent sdk headers (#2441)
• Tracecat-owned llm proxy (#2424)
• litellm hardening and logging (#2410)

Performance improvements

• reduce chat session CPU usage from tool call re-renders (#2452)

Enhancements

• add Temporal heartbeating to execute_action_activity (#2451)
• simplify cell editing UX and quote DDL column names (#2439)
• Move persistent dedup behind trusted internal API (#2427)
• add backend-explicit secret types and unify to snake_case (#2425)

Bug fixes

• MCP instruction expression brace syntax (#2461)
• drop parallel_tool_calls param for custom model providers (#2455)
• add graceful_shutdown_timeout to Temporal workers (#2449)
• clamp max tokens >= 1 (#2450)
• widen bulk case action dialogs to prevent toolbar overflow (#2448)
• flush session jsonl at turn end (#2442)
• passthrough the agent sdk headers (#2441)
• use backend entitlements for agent preset action locking (#2426)
• litellm hardening and logging (#2410)
• loosen CIMD loopback redirects and required scopes (#2409)
• exclude agent workflows from workflow runs (#2408)
• avoid lazy load on index update (#2398)

Documentation

• add scaling guide and restore cheatsheet pages (#2454)
• Add FAQ guidance for common docs gaps (#2444)
• Registry OAuth/secrets snippet and Custom OAuth guidance (#2436)
• replace broken external links in tool docs and templates (#2432)
• SQL secret and clarify SQL action connection URLs (#2429)
• Update product description (#2420)

Build system

• pin patched versions for Dependabot security alerts (#2462)
• Pin pyasn1 and requests for security fix (#2422)
• frontend security dependency pins (#2421)

Thank you to all our contributors for making this release possible!
@boyazhang314, @chanster, @daryllimyt, @jordan-umusu, @mcm and @topher-lo

Tracecat 1.0.0-beta.35

• correct create/update scope decorators (#2393)
• bump row spacing between workflow nodes (#2390)
• invalidate org-members after RBAC user assignment changes (#2388)
• support disabling SSH host key checks (#2384)
• Reduce verbosity of list_agent_presets (#2387)
• include reply context in comment triggers (#2385)
• move loop actions into workflow menu (#2386)
• support disabled auth (#2379)
• preserve imported runtime metadata (#2382)

Helm version: 0.3.45

Thank you to all our contributors for making this release possible!
@boyazhang314, @daryllimyt, @jordan-umusu and @topher-lo

Tracecat 1.0.0-beta.34

• sanitize default value literals (#2368)
• Revert "fix(agents): stopgap resolution of tracecat registry alias" (#2376)
• Tune EKS sizing for agent executor workloads (#2374)
• handle StreamingBody in boto3 responses (#2359)

Agents

• canonicalize registry mcp server names at runtime boundary (#2377)
• stopgap resolution of tracecat registry alias (#2361)
• truncate Anthropic tool_call IDs for OpenAI compatibility (#2373)

Bug fixes

• loosen rbac scopes for git sync (#2375)
• canonicalize registry mcp server names at runtime boundary (#2377)
• stopgap resolution of tracecat registry alias (#2361)
• preserve proxy identity and scopes across oidc token swap (#2372)
• use SELECT FOR UPDATE to prevent concurrent case update failures (#2371)
• truncate Anthropic tool_call IDs for OpenAI compatibility (#2373)

Dependencies

• bump authlib from 1.6.7 to 1.6.9 (#2369)
• bump pyopenssl from 25.3.0 to 26.0.0 (#2370)

Helm version: 0.3.44

Thank you to all our contributors for making this release possible!
@boyazhang314, @daryllimyt, @dependabot[bot], @jordan-umusu, @topher-lo and dependabot[bot]

Tracecat 1.0.0-beta.33

• Move registry actions into workspace UI (#2367)
• Refine workflow builder run and JSON viewer interactions (#2366)
• Add trigger context event and move builder payload editor (#2364)
• Move workspace settings into modal + Workflow sync -> Git sync (#2353)
• Add workflow and agent duplication (#2362)
• stdio arguments text size (#2363)
• fix(mcp) workflow uploads and restore inline yaml (#2360)
• Drop unused root dependencies (#2357)

Agents

• bump llm proxy timeout and make configurable (#2358)

Bug fixes

• bump llm proxy timeout and make configurable (#2358)
• Improve MCP OAuth compatibility for Codex clients (#2352)

Thank you to all our contributors for making this release possible!
@daryllimyt, @jordan-umusu and @topher-lo

Tracecat 1.0.0-beta.32

• persist and hydrate cases list filters from localStorage (#2293)
• Remove inline workflow YAML (#2339)
• replace gitleaks with betterleaks (#2351)
• Right-size fargate temporal resources (#2350)
• Remove agent preset menu and version selector from chat header (#2349)
• rename org settings from git to custom-registry (files & route) (#2348)
• extend MCP OAuth fallback access token expiry to 24h (#2262)
• Add FN.serialize expression function (#2345)

Enhancements

• create preset agents via mcp (#2344)

Bug fixes

• MCP AWS external ID for Bedrock UDFs (#2355)
• Handle nested MCP email claims in auth identity extraction (#2354)

Helm version: 0.3.42

Thank you to all our contributors for making this release possible!
@daryllimyt, @jordan-umusu and @topher-lo

Tracecat 1.0.0-beta.31

• remove legacy org-scoped builtin registry repo (#2346)
• drop Google OAuth fallback (#2340)
• Cascade workspace membership deletes (#2342)

Bug fixes

• provide oauth metadata (#2323)

Helm version: 0.3.41

Thank you to all our contributors for making this release possible!
@daryllimyt, @jordan-umusu and @topher-lo

Tracecat 1.0.0-beta.30

• refactor: Remove max_length constraint from commit message field in GitCommitInfo schema

Thank you to all our contributors for making this release possible!
@daryllimyt

Helm version: 0.3.40

Full Changelog: 1.0.0-beta.29...1.0.0-beta.30