Cortex Code Desktop v1.19.0 release notes

v1.19.0 improves token efficiency, adds chat threads and several dbt enhancements, refines skills and MCP plugins, and includes a set of security fixes.

What’s new

  • Token efficiency (tool search and offload): Tool search is now on for everyone, keeping your most-used tools loaded up front and discovering the rest on demand. The read tool is more token-efficient, and large grep, glob, and bash results are offloaded to disk instead of filling your context, reducing token use per session.

  • Chat threads: Cortex Code now sends only the new delta each turn instead of re-uploading the full conversation history.

  • dbt environment variable support: Set a named environment and per-run variable overrides directly from the managed-mode dbt execution row. Rolling out gradually through a server-side flag.

  • dbt Python interpreter picker: Pick your Python interpreter from the dbt panel, with login-shell activation so pyenv-, conda-, or uv-managed dbt and python are found when Cortex Code spawns commands.

  • Faster dbt managed sync: File sync now runs in parallel, and dbt_packages/ no longer re-downloads after every command.

  • MCP plugin improvements: Plugin manifests can reference MCP configs by file path, OS environment variables expand correctly in server configs, and a single malformed URL entry no longer wipes out the Connectors panel.

  • Skills and catalog improvements: Cortex Code Desktop now ships desktop-specific skill variants, a manifest controls exactly which bundled skills are included, and catalog import URLs no longer require a version suffix.

  • Product name update: The product is now referred to as CoCo across the app UI.

Security fixes

  • Workspace trust enforcement: Automatic tasks and workspace-defined MCP servers now honor the real folder trust setting in Agent view, so nothing auto-runs from an untrusted workspace.
  • Managed policy on command hooks: Enterprise managed policies now apply to command hooks, so a deny-by-default policy can’t be bypassed by a hook that runs on session start.
  • Agent browser hardening: The agent browser blocks non-HTTP(S) window.open schemes.

Reliability and fixes

  • Build app button: In Agent view, it now opens a visible conversation instead of a hidden pane.
  • MCP auth prompts: “Open in External Browser” no longer cancels the authorization flow.
  • Session titles: No longer dominated by hook context; your first real message wins.
  • Files panel: The file-tree toggle chip stays visible when you navigate back to an empty state.
  • License wording cleanup.