Force Read Only AppSetting to force read-only mode under display settings when needed.Get it here: v9.6.12
This release is all about giving organizations more control, faster adoption, and greater flexibility when connecting AI to SAP.
Whether you're launching your first AI agent or scaling enterprise-wide, arnold™ 0.7.0 helps you move faster while keeping your business data secure and governed.
arnold™ is now available in a dedicated European region, giving organizations more choice in how and where they deploy enterprise AI.
Every company works differently. Now your AI can too. Custom MCP Tools allow organizations to create their own SAP-powered capabilities directly within the arnold™ Portal—without waiting for product releases or custom development projects.
From Setup to Productivity in Minutes
Connecting AI agents to arnold™ just got dramatically easier. Dynamic Client Registration enables supported AI platforms to automatically discover and register with arnold™, eliminating manual configuration steps.
Test Before Your AI Does
Introducing the MCP Tool Tester—a dedicated testing experience built directly into the arnold™ Portal. Validate tool inputs, SAP connectivity, and responses before exposing them to AI agents.
arnold™ 0.7.0 makes it easier than ever to connect AI agents to real-time SAP processes while maintaining the governance, flexibility, and control enterprises expect.
Build faster. Deploy smarter. Govern confidently.
Customer Override Pattern
You can now add apps with custom behavior without modifying core Cloud UI files.
This is implemented with a phantom/fallback component model for safer upgrades.
For step-by-step customization instructions, see the Cloud UI Customizations Guide.
Restore v3.x Reset Behavior
Added a new ResetToInitialValues app setting to restore the reset behavior from v3.x.
Get it here: v9.6.0
Communication Failure on Initial Load
Fixed an issue where the embedded UI could fail to communicate with the host application on initial load, resulting in a broken or unresponsive experience.
Item Characteristics Mapping
Fixed an issue in the Variant Configuration UI where item characteristics could display or submit incorrect values.
Authentication Session Not Recovering After Expiration
Fixed an issue where an expired authentication session was not being detected and recovered from automatically, causing requests to fail silently. The application now refreshes the session and retries without requiring user intervention.
Get it here: v9.5.7
Item Configuration Errors
Fixed an issue that caused errors when loading or interacting with item configurations in the Variant Configuration UI.
Duplicate Scroll Bars in VC-UI
Fixed an issue where two independent scroll bars were appearing simultaneously within the Variant Configuration UI. Scrolling behavior is now consistent and consolidated.
Mobile Menu Not Displaying Correctly
Fixed an issue where the VC-UI navigation menu was not rendering properly on smaller screen widths. The menu now displays correctly across mobile-sized viewports.
VC Logging Inaccuracies
Corrected an issue with internal activity logging in the Variant Configuration UI to ensure accurate troubleshooting and session tracking information is captured.
VC SAP Session Expiration Handling
Fixed an issue where an expired SAP session during an active VC session was not being detected and recovered from correctly. The application now handles session expiration gracefully without requiring a manual page reload.
VCInitialize Failing on Stale Session Cookie
Fixed an issue where a stale SAP session cookie from a previous VC session caused VCInitialize to return an HTTP 400 error on first load, resulting in a silent failure. The application now correctly detects and recovers from invalid sessions during initialization.
Get it here: v9.5.0
On April 29, 2026, Aikido Security disclosed an active supply chain attack targeting SAP developers. Four SAP npm packages were compromised with credential-stealing malware — specifically @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt.
enosix products are built on Salesforce, TypeScript, React, and LWC. We do not use SAP CAP or MTA Build tooling anywhere in our codebase. We confirmed this with a full scan of all repositories in our GitHub organization — none of the affected packages appear in any form, and no indicators of compromise were found in our code, CI pipelines, or internal npm registry.
If you have questions or concerns, please reach out to the enosix team.
For the full technical write-up of this attack, see the Aikido Security advisory.
[Feature]: This release introduces strict query parameter validation in the API Proxy to prevent query parameter injection into downstream SAP requests. The change addresses an issue where encoded characters (e.g., %26 for &) could be used to pass additional parameters.
Allows only below-listed query parameters, and any additional parameters passed on request are dropped
We’re excited to announce the first public release of arnold™, a powerful new way to access and interact with SAP using AI.
You can now pilot arnold™ through a limited trial in your own environment and experience a completely new way of working with SAP data using AI.
👉 Ready to get started? Reach out to enosix to enable your pilot and see arnold™ in action: https://go.enosix.com/support
arnold™ is an MCP Server (Model Context Protocol) that connects AI agents to SAP, allowing users to interact with SAP data using simple, natural language. Instead of navigating complex SAP screens or using transaction codes, users can simply ask questions—and take action—directly from chat.
With arnold™, you can:
No SAP GUI. No transaction codes. No delays.
arnold™ is:
Your SAP data remains secure while becoming more accessible than ever.
cid query string parameter will override the x-enosix-cid extension of the Open API Specification for the endpoint.x-enosix-cid extension in the Open API Specification.Ability to pass CID as Query Param.
Added support for passing cid as a query parameter to the SAP backend. The following validation rules have been added for the cid parameter: