What the engineering team is shipping and thinking about.
Explanatory writing from the team building Airtool — product releases, architecture notes, opinions.
JVM classloader topology exposed as navigable observability tree
The JVM classloader topology is now queryable as a navigable catalog tree: a root table for the parent loader and three child detail tables covering loaded classes, classpath URLs, and per-loader resource counts — using…
Read the post →Per-user AI model override role added to platform settings
A new role — ToolUserSettingsAIModelSelect — lets individual users override the AI model configured at department, company, or global scope for Chat, Embeddings, Reranking, and Speech independently, without requiring…
Read the post →JWT security hardened — token invalidation, database allowlist, and key rotation
JWT session security is hardened with three coordinated additions: JTI-based per-token invalidation backed by a persistent audit table, a database-allowlist claim enforced at the REST API and Studio authentication…
Read the post →Meta WhatsApp Cloud API fully integrated into the standard library
The platform's standard library covers the Meta WhatsApp Cloud API across all interaction directions: send template messages, upload media blobs, receive and parse inbound webhook events, and deserialize template…
Read the post →MCP server initialization payload restructured to fit client limits
The MCP server's InitializeHandler instructions are rewritten to stay within the 2 KB client limit: per-table write rules and the filesystem tree move from the initialization payload into individual tool descriptions,…
Read the post →Infinite scroll added to cursor and sub-cursor result sets
Cursor and sub-cursor result sets now support infinite scroll: as the user approaches the end of the loaded page, the next page fetches and appends automatically, removing the manual pagination step for large result…
Read the post →Per-column header colors, icons, and font shrink-to-fit in reports and tables
Column headers in JDBC result sets, pixel-perfect PDF reports, and virtual tables now support per-column background colors and icon decorators configured at the query or schema level. PDF output also gains font…
Read the post →QBE query history logging and cursor hint in toolbar
QBE object queries are now logged per user in a dedicated history table. The active cursor's hint string is surfaced as a subtitle line in the object toolbar so operators can confirm which query variant is running…
Read the post →Export sidebar pre-selects active grid columns on open
The export sidebar now pre-selects only the columns currently visible in the grid, seeded at mount time rather than on first interaction. Hidden columns remain available for manual inclusion; the exported file matches…
Read the post →Microsoft OneDrive and SharePoint added to the standard library
Microsoft OneDrive and SharePoint are now callable from server-side JavaScript and Python via the Microsoft Graph API, using the same credential-resolution and permission-perimeter model as the AWS and WhatsApp clients.…
Read the post →Cache observability promoted to full navigable tree with drill-down and per-user detail
The cache subsystem is fully navigable as a drill-down tree: cache.caches lists every registered cache with hit/miss/eviction stats, per-entry contents are one drill-down away, 21 per-user inner caches are exposed…
Read the post →Have I Been Pwned breach check added to password change flow
Password changes in the user settings panel are now checked against the Have I Been Pwned breach dataset using the k-anonymity range API before the change is committed. Passwords that appear in a known breach set are…
Read the post →GitHub Flavored Markdown table support added to the Markdown renderer
The platform's Markdown renderer now parses and renders GitHub Flavored Markdown tables, including left, right, and center column alignment from the separator row. Documentation pages and AI chat responses that contain…
Read the post →JMX remote monitoring integrated into microservice container management
JMX remote monitoring is built into the platform's microservice container management layer: an interactive CLI tool generates the JVM configuration, SSL support is available, port and hostname are overridable via…
Read the post →Federated cross-database joins available from SQL and server-side scripts
An in-memory federation layer enables SQL joins across tables from multiple connected databases in a single query. Server-side scripts access federated results through a dedicated cross-database query API, with…
Read the post →Seven more AWS services added — SQS, SNS, CloudWatch, Athena, DynamoDB, SES, Secrets Manager
Seven additional AWS services join the standard library: SQS, SNS, CloudWatch, Athena, DynamoDB, SES, and Secrets Manager — all callable from server-side JavaScript and Python, sharing the same facade shape and…
Read the post →Embedding pipeline gains provider-agnostic task types, title propagation, and configurable query-transformer history
The embedding pipeline gains three improvements: a provider-agnostic EmbeddingTaskType enum that maps platform-level intent to each provider's vocabulary, title propagation from document metadata into the embedding…
Read the post →Database export and import with SSE progress streaming added to Studio
Studio adds multi-table Excel export and import from the application bar. Export streams progress over Server-Sent Events with per-table row counts in a live snackbar ; import reports per-table results on completion.…
Read the post →Six AWS services now callable from server-side scripts — S3, EC2, Lambda, IAM, Pinpoint SMS and CloudFront
Six AWS services — S3, EC2, Lambda, IAM, Pinpoint SMS and CloudFront — are now callable from server-side JavaScript and Python under the cloud namespace. Credentials resolve through the platform store, explicit key…
Read the post →Classloader isolation keeps the AWS SDK off the platform classpath — dependency conflicts resolved at the boundary
A dedicated child URLClassLoader loads the AWS SDK v2 in isolation from the platform classpath. A three-tier delegation model — JS wrapper, gateway interface, SDK implementation — resolves the Netty / Jackson version…
Read the post →HTML-to-PDF via headless browser — W3C WebDriver Print joins the document-processing microservice
The document-processing microservice now renders HTML or URLs to PDF using the W3C WebDriver Print command through a pooled Selenium fleet. Firefox is the default engine, Chromium the fallback ; the endpoint is exposed…
Read the post →Podman and Quadlet rootless deployment — the microservice fleet runs as a systemd-managed rootless container
The microservice fleet ships a Podman + systemd Quadlet management script for rootless container deployment. A persistent service.env survives upgrades, host-side JVM diagnostics (jps, jcmd) work against the running…
Read the post →Per-row CRC staleness detection — silent data drift ruled out across cursor types
Cursor subscriptions compute a per-row CRC at selection time and validate it on every fetch. Forms whose sub-cursors fall out of sync trigger HTTP 409 Conflict with structured error details ; VTABLE and REPORT cursors…
Read the post →Jetty acceptor and selector pools sized to the CPU — HTTP/2 latency tails eliminated
Acceptor and selector thread defaults moved from hardcoded 1/1 to CPU-aware auto-sizing via Jetty's standard heuristics. The change eliminates the HTTP/2 selector-saturation pattern that surfaced on high-concurrency…
Read the post →OpenAI 3072-dimension embeddings supported, with cross-engine HNSW benchmarks
The vector tier supports OpenAI text-embedding-3-large at 3,072 dimensions, with cross-engine HNSW benchmarks comparing Informix and PostgreSQL at one, five and ten thousand rows. Both engines pass the correctness suite…
Read the post →HNSW vector indexing on Informix — semantic search at OLTP scale
A Hierarchical Navigable Small World (HNSW) access method on Informix brings approximate-nearest-neighbour vector search to one of the seven supported OLTP engines, with pgvector-compatible function names and dual file…
Read the post →MCP tool and resource access gated by caller role — the permission perimeter extends into autonomous agents
The MCP server's tool and resource surfaces now enforce per-caller access checks at the SPI level. listTools and canAccess gates extend the platform's role and attribute-level security model into autonomous agent…
Read the post →IBM watsonx joins the multi-provider AI surface with transparent IAM token refresh
IBM watsonx joins OpenAI, Anthropic Claude and Google Vertex as a first-class LLM provider. The client handles IAM token expiry transparently — fresh token fetched within five minutes of the one-hour expiry,…
Read the post →Google Vertex AI embeddings join the multi-provider AI surface
Google Vertex AI embedding models are now addressable from the platform's AI configuration layer alongside OpenAI and Cohere. Endpoint-override support covers on-premises Vertex deployments ; provider choice is…
Read the post →Python runs alongside JavaScript on the server-side scripting surface
Server-side scripts can now be authored in Python via GraalVM's polyglot Python engine, sharing the platform's Ax standard library and security perimeter with JavaScript. The same business logic is expressible in two…
Read the post →AI agents gain structured outputs and parallel tool execution
AI agents now enforce response schemas via OpenAI Structured Outputs in strict mode, guaranteeing reliable JSON parsing and eliminating malformed-output prompt-injection risk. Multi-tool parallel execution runs…
Read the post →S/MIME decryption supports full MIME message format
The cryptography layer's S/MIME decryption parses full MIME messages and extracts inner body content from decrypted payloads. Multi-part signed-and-encrypted email workflows round-trip cleanly ; credential and…
Read the post →Mermaid microservice — UML, flowcharts and sequence diagrams as a platform primitive
A new microservice converts Mermaid DSL to production-grade SVG over HTTP and gRPC — flowcharts, sequence diagrams, state machines and ERDs without a third-party plugin. Server-side rendering enables platform-managed…
Read the post →Streaming XSLT — heap footprint cut for large document workflows
The XSLT processor now operates in streaming mode, eliminating the need to buffer entire document trees in memory. XML-to-JSON conversion jobs on hundred-megabyte documents complete inside a small heap rather than…
Read the post →OCR microservice ships with dual engines and automatic fallback
The OCR microservice now supports Tesseract 5.8 LSTM and an alternate engine with automatic fallback. Accuracy becomes the property of the service rather than any single engine ; legacy OCR pipelines can be re-pointed…
Read the post →Agent API exposes explicit cancel — governance controls for autonomous workflows
AI agents now expose an explicit cancel() at the API level. Combined with the MCP server's role-aware tool access, architects gain fine-grained control over autonomous workflows — pause, cancel or rate-limit at any…
Read the post →PDF reports honour display-order column rearrangement without re-querying
The PDF rendering pipeline now respects user-defined column display order. Column widths, header names and body rows reorder visually without re-querying the database ; physical column order remains the fallback when no…
Read the post →JDK 25 adoption and Argon2id password hashing strengthen the security baseline
The runtime is now on Java 25 LTS, with native Argon2id password hashing meeting OWASP 2023 password-storage requirements. The platform sits on a Java foundation supported through the next decade ; credential-compromise…
Read the post →Microservices authentication framework — pluggable enforcement per service
The gRPC microservice mesh gains pluggable authentication with optional per-service enforcement. Organisations enforce service-level policies without redeploying the runtime, addressing federated-architecture compliance…
Read the post →Database Workbench gains SSH tunnel parameters for cloud database connectivity
Database Workbench connections accept SSH tunnel parameters for cloud and network-restricted environments. Tunnel metadata is captured against the server node ; the connection lifecycle handles the tunnel transparently…
Read the post →JDBC Pool V2 benchmarks — 1K, 2K, 3K concurrent pools per JVM, sub-microsecond acquisition
JDBC Pool V2 benchmarked against the platform's classic pool. Thread-local hit serves 70–90 % of acquisitions in 20–50 ns ; shared-pool acquisition runs 135–580 ns ; a single JVM sustains 1,000–3,000 concurrent…
Read the post →JDBC Pool V2 — the new in-house connection-pool architecture that replaces our previous design
A new generation of the platform's JDBC connection pool ships, replacing the in-house design we have iterated on for years. The architecture handles thousands of independent (server × database × user) pools…
Read the post →Monaco editor gains TypeScript-aware Ax API autocompletion
The Monaco editor inside the form surface ships with type definitions for the Ax standard library — IntelliSense, inline parameter hints and refactoring across embedded JavaScript snippets. Configurable diagnostics run…
Read the post →Real-time AI chat over Server-Sent Events — streaming, cancellable, connection-leased
Streaming chat delivers LLM tokens progressively over Server-Sent Events with connection-lease management against exhaustion and mid-stream cancellation. The knowledge-aware assistant integrates document context as a…
Read the post →VirtualThreadExecutor — JEP 444 virtual threads become first-class platform infrastructure
A platform-wide VirtualThreadExecutor lands on the runtime, replacing every newVirtualThreadPerTaskExecutor call-site with a single supervised executor that carries graceful shutdown, structured cancellation and a…
Read the post →Unified tool-result contract for AI agent outputs
The AI agent's tool-result handling consolidates table results, chart visualisations and file attachments under one contract — replacing the fragmentation between SQL-result-set and chart-specific handlers. One…
Read the post →JMX-based observability for the gRPC microservice fleet
The microservice runtime exposes interceptor metrics and manifest metadata through JMX, surfacing operational state to Prometheus, Grafana and the customer's existing JVM monitoring stack. Server-status endpoints become…
Read the post →Microsoft Outlook integration via the modern Graph SDK
The microservice mesh adds first-class Outlook support — email send, thread-based retrieval, attachment handling — through Microsoft Graph with OAuth 2.0 and MSAL bearer-token flows. Outlook joins Google Gmail and…
Read the post →JDK 24 and GraalVM 24.2.1 — the runtime steps to the next Java release
The runtime moves to JDK 24 and GraalVM 24.2.1, with Gradle 8.14 supporting the new toolchain. The upgrade brings stable virtual threads, structured-concurrency previews and the GraalVM JIT improvements that the…
Read the post →Google Calendar event creation with Hangouts Meet conferencing
Calendar event creation through the cloud-connector mesh adds conference URIs and Hangouts Meet integration, with attendee management and pagination tokens. The event model decouples field mapping from JSON…
Read the post →Anthropic Claude 3.7 Sonnet joins the multi-provider AI surface
Anthropic Claude 3.7 Sonnet — including extended-thinking and reasoning-budget support — is now addressable through the platform's unified LLM interface alongside OpenAI and Google Vertex. Message-content handling is…
Read the post →gRPC consolidation of the document-processing services
PDF, XSLT and HTML rendering services unify under a single gRPC architecture with shared error semantics. IP location and self-signed-certificate support join the cluster's secure inter-service path — the foundation…
Read the post →Studio UI ships Chinese and Urdu language packs — seven languages plus RTL
Chinese and Urdu translations join English, Spanish, Catalan, French, German, Italian and Portuguese in the platform UI. RTL framework support remains for Arabic and Hebrew when those packs ship — multinational Asia and…
Read the post →Multi-provider credential management for cloud integrations
A credentials-manager SPI abstracts cloud credential storage across S3, Azure Blob, IBM Cloud and Google Cloud Storage. Enterprises integrate their secret-management policy of choice without rewriting application code ;…
Read the post →Analytical Card v2 — horizontal-layout dashboard primitive
A horizontal-layout analytical card joins the form-editor component palette — flexible node positioning, focus layering, configurable legends. Composable data-responsive designs replace static card layouts ; executive…
Read the post →