LegatoAI Changelog

Product Updates

Smarter code generation — The agent now automatically detects and packages the correct Python dependencies when generating tools, reducing manual setup
Edit-aware execution & export — Code execution and data export now reflect the latest edits made to a tool, ensuring outputs are always in sync with the current state
Thinking widget v2 — Improved in-progress thinking indicator in the chat UI, now settles cleanly when a run ends
Per-question rating — Users can now rate each clarifying question individually, providing more granular feedback
Knowledge Saver — Users can now save and persist knowledge snippets directly from the chat
Agent run error visibility — Chat UI now explicitly surfaces backend run failures and connection errors rather than silently stalling
Tool readiness status — Artifact tools now expose a "ready" status indicator so users can see when a tool is available for use

Security & Performance Patches

Authentication library hardened (better-auth 1.6.2 → 1.6.11) — Resolved multiple upstream security issues including: OAuth authorization-code race conditions, magic-link token replay attacks, device-authorization session binding, OIDC/PKCE spec compliance, invitation email-verification bypass, and an SSRF vulnerability in SSO provider registration
HTTP framework patched (starlette 1.0.0 → 1.0.1) — Fixed a vulnerability where a malformed Host header could affect request URL construction
Async HTTP library updated (aiohttp 3.13.5 → 3.14.0) — Security update
Content Security Policy introduced — A nonce-based CSP header (report-only mode) has been added to the builder app to monitor and prevent XSS vectors ahead of full enforcement

Bug Fixes

Fixed Excel exports not honouring the configured Data Models schema
Fixed dynamic map output types causing LLM validation errors during tool design
Fixed PDF preview failing in production with a MIME-type error due to incorrect Vite worker bundling