Skip to content
← Back to release notes
v0.9.0 beta

Release v0.9.0

February 22, 2026

Eleven capability PRs in a single release train: self-healing playbooks, application whitelisting, central log search, DNS security integration, reliability scoring, new device alerting, IP history tracking, device change tracking, file browser operations, and security posture improvements.

Security & Compliance

  • Application whitelisting and software policy remediation (BE-15): define allowlist/blocklist/audit policies, track compliance status, auto-uninstall violations.
  • Software policy compliance dashboard with per-device status and remediation history.
  • New device alerting (BE-18): alert on newly discovered devices with network baseline tracking and change detection.
  • Discovery panels UI for viewing network baselines and newly observed devices.
  • Security posture query optimization with windowed SQL, DB indexes, and open-port stats from aggregated data.

Visibility & Monitoring

  • IP history tracking (BE-19): every device IP change recorded via heartbeat with timestamp, queryable IP timeline tab.
  • Device change tracking: query APIs for detecting and reviewing configuration changes across the fleet.
  • Reliability scoring (BE-3): per-device uptime, crash, hang, hardware error, and service failure scoring with trend tracking.
  • get_fleet_health AI tool and fleet health API for reliability rollups across the org.
  • Boot performance improvements: stable startup item IDs, idempotent ingestion, and improved enable/disable control.

AI & Automation

  • Self-healing playbooks (BE-12): create and manage playbooks with CRUD API, org isolation, and system permission enforcement.
  • DNS security integration with provider adapters, sync worker, and AI tools for DNS analytics and policy management.
  • Central log search (BE-20): fleet-wide full-text log search, saved queries, trend analysis, and correlation detection.
  • Log correlation worker with pattern detection and cross-device signal analysis.
  • AI tools for event logs registered with SDK schemas, guardrails, risk tiers, and helper allowlists.

Remote Management

  • File browser copy, move, and delete with recursive directory support.
  • Trash/recycle bin management: delete to trash, restore, and purge.
  • Multi-select, context menu, and folder picker dialog in file browser.
  • Drive enumeration replaces hardcoded C:\ on Windows — all drives browsable.
  • Full audit logging for all file browser operations.

Added

  • Self-healing playbooks (BE-12): CRUD API with org isolation and system permission enforcement.
  • Application whitelisting and software policy remediation (BE-15): allowlist/blocklist/audit policies, compliance worker, auto-uninstall, and software policy compliance dashboard.
  • Central log search (BE-20): fleet-wide full-text log search, saved queries, trend analysis, and correlation detection worker with Event Logs UI and AI tools.
  • DNS security integration: provider adapters (Umbrella, Cloudflare, DNSFilter), sync worker, and AI tools for DNS analytics and policy management.
  • Reliability scoring pipeline (BE-3): agent-side metric collection, uptime/crash/hang/hardware scoring, get_fleet_health AI tool, and fleet health API.
  • New device alerting (BE-18): alerts on newly discovered network devices with baseline tracking and discovery panels UI.
  • IP history tracking (BE-19): device_ip_history table with heartbeat-driven IP change recording and IP History tab on device detail.
  • Device change tracking and query APIs.
  • File browser operations: copy, move, delete, trash/restore/purge, multi-select, context menu, drive enumeration, and full audit logging.

Improved

  • Security posture queries with targeted DB indexes, windowed SQL for snapshot retrieval, and open-port posture from aggregated stats.
  • Boot performance ingestion: stable startup item IDs, idempotent upsert, improved enable/disable disambiguation, and service key-name resolution fallback.
  • Policy evaluation and feature configuration resolution reliability across partner/org/site/group/device scopes.

Fixed

  • Security posture score publishing now bounded and concurrent with configurable limits.
  • Multiple multi-tenant data isolation fixes across reliability, log search, and DNS security routes.
  • macOS boot timing fallback and Windows startup-item management edge cases.

v0.9.0 closes an 11-PR development train that shipped across February 21–22. Most of these PRs carry BE- prefixes — Brain Enablement features that give the AI layer data pipelines to reason over.

BE-12 (Self-Healing Playbooks) lands the foundation: create, read, update, and delete playbooks scoped to an org with system permission enforcement. BE-15 (Application Whitelisting) ships the full software policy stack — define allowlist, blocklist, and audit policies, track per-device compliance, and auto-uninstall violations with a configurable grace period. BE-20 (Central Log Search) brings fleet-wide full-text log search with saved queries, trend analysis, and a correlation detection worker.

On the visibility side, BE-19 (IP History) records every device IP change via heartbeat with a full timeline tab. BE-3 (Reliability Scoring) computes per-device scores across uptime, crashes, hangs, hardware errors, and service failures — exposed via a new get_fleet_health AI tool. BE-18 (New Device Alerting) fires when previously unseen devices appear on a network, with baseline tracking and a discovery panel.

The file browser gains copy, move, delete, trash, restore, and purge — plus multi-select, context menu, drive enumeration, and audit logging. DNS security integration adds provider adapters for Umbrella, Cloudflare, and DNSFilter with a sync worker and AI tools for policy management and analytics.