Cortex Code Desktop v1.19.0 release notes¶
v1.19.0 improves token efficiency, adds chat threads and several dbt enhancements, refines skills and MCP plugins, and includes a set of security fixes.
What’s new¶
-
Token efficiency (tool search and offload): Tool search is now on for everyone, keeping your most-used tools loaded up front and discovering the rest on demand. The
readtool is more token-efficient, and largegrep,glob, andbashresults are offloaded to disk instead of filling your context, reducing token use per session. -
Chat threads: Cortex Code now sends only the new delta each turn instead of re-uploading the full conversation history.
-
dbt environment variable support: Set a named environment and per-run variable overrides directly from the managed-mode dbt execution row. Rolling out gradually through a server-side flag.
-
dbt Python interpreter picker: Pick your Python interpreter from the dbt panel, with login-shell activation so pyenv-, conda-, or uv-managed
dbtandpythonare found when Cortex Code spawns commands. -
Faster dbt managed sync: File sync now runs in parallel, and
dbt_packages/no longer re-downloads after every command. -
MCP plugin improvements: Plugin manifests can reference MCP configs by file path, OS environment variables expand correctly in server configs, and a single malformed URL entry no longer wipes out the Connectors panel.
-
Skills and catalog improvements: Cortex Code Desktop now ships desktop-specific skill variants, a manifest controls exactly which bundled skills are included, and catalog import URLs no longer require a version suffix.
-
Product name update: The product is now referred to as CoCo across the app UI.
Security fixes¶
- Workspace trust enforcement: Automatic tasks and workspace-defined MCP servers now honor the real folder trust setting in Agent view, so nothing auto-runs from an untrusted workspace.
- Managed policy on command hooks: Enterprise managed policies now apply to command hooks, so a deny-by-default policy can’t be bypassed by a hook that runs on session start.
- Agent browser hardening: The agent browser blocks non-HTTP(S)
window.openschemes.
Reliability and fixes¶
- Build app button: In Agent view, it now opens a visible conversation instead of a hidden pane.
- MCP auth prompts: “Open in External Browser” no longer cancels the authorization flow.
- Session titles: No longer dominated by hook context; your first real message wins.
- Files panel: The file-tree toggle chip stays visible when you navigate back to an empty state.
- License wording cleanup.