Skip to main content

🚀 arnold™ 0.7.1

🔗 Simplified Connection Management

A new dedicated Connections tab has been added to Arnold Portal, providing a centralized location for managing SAP and application integration connections — including OAuth configuration, callbacks, and connection validation.

Why it matters

  • Simplifies administration and onboarding with a single place to manage all connections
  • Reduces time spent configuring and validating integrations
  • Improves visibility into connection health and OAuth settings
  • Helps organizations scale AI initiatives more efficiently

🧪 Enhanced MCP Tool Testing

The MCP Tool Tester in Arnold Portal has been improved with a cleaner tool selection experience, making it faster to validate and troubleshoot AI integrations.

Why it matters

  • Tool selection now uses a dropdown instead of a full list, reducing clutter and improving usability
  • Accelerates testing and deployment of MCP tools
  • Improves visibility into tool behavior before production rollout
  • Helps teams deliver AI-powered experiences with greater confidence

🔐 Security Improvements

This release includes critical security enhancements to protect your data and integrations.

Why it matters

  • Inactive users are now properly denied access to Arnold Portal and all MCP endpoints
  • PDF download requests now require valid OAuth credentials — if credentials are missing, users receive a clear prompt to authorize in the portal rather than a silent failure
  • Your integrations are better protected against unauthorized access

📄 Document Download Reliability

PDF document downloads have been refactored to behave consistently and provide clear feedback when a document is unavailable.

Why it matters

  • PDFs are now always fetched before determining how to deliver them (inline or via URL), ensuring consistent behavior regardless of the configured download mode
  • A clear error is returned when a document cannot be found, eliminating silent failures that could mask configuration issues
  • Improves troubleshooting and reduces support burden

🛠️ Admin & Integration Enhancements

The portal includes several improvements for administrators and integrators.

Why it matters

  • An OAuth authorization server metadata link now appears next to Client Credentials, giving administrators quick access to endpoint details needed for manual client registration and configuration
  • All MCP tools are now explicitly marked as read-only or write operations, helping AI agents and integration clients distinguish safe queries from operations that modify data
  • System information can now be retrieved using user-level credentials alongside tenant credentials, improving flexibility in mixed-credential environments
  • The Test Connection button is now only enabled when the appropriate credentials are configured, reducing confusion during setup
  • Inactive clients are no longer shown on the Dashboard, keeping the admin view accurate and uncluttered
  • Client creation validation now correctly checks the user's original input before trimming, ensuring names are validated as entered

Enhancements

  • VC-UI read-only mode support for variant materials Added support for automatically loading VC-UI in read-only mode when SAP indicates a variant context, plus the Force Read Only AppSetting to force read-only mode under display settings when needed.

Bug Fixes

  • VC reset button visibility consistency Fixed VC item behavior so the Reset button is consistently available.

Get it here: v9.6.12

🚀 arnold™ 0.7.0 Has Arrived

This release is all about giving organizations more control, faster adoption, and greater flexibility when connecting AI to SAP.

Whether you're launching your first AI agent or scaling enterprise-wide, arnold™ 0.7.0 helps you move faster while keeping your business data secure and governed.

🇪🇺 Now Available in Europe

Deploy Where Your Business Operates

arnold™ is now available in a dedicated European region, giving organizations more choice in how and where they deploy enterprise AI.

Why customers love it:

  • Support regional data residency requirements
  • Align with corporate governance policies
  • Bring AI closer to your users and business operations

Result: More deployment options. More flexibility. More confidence.

🛠️ Build Your Own MCP Tools

Turn Your Business Expertise Into AI Skills

Every company works differently. Now your AI can too. Custom MCP Tools allow organizations to create their own SAP-powered capabilities directly within the arnold™ Portal—without waiting for product releases or custom development projects.

Why customers love it:

  • Tailor AI to your unique business processes
  • Expose only the SAP data you choose
  • Control exactly what users see and what AI can access

Result: Your business. Your rules. Your AI.

⚡ Dynamic Client Registration (DCR)

From Setup to Productivity in Minutes

Connecting AI agents to arnold™ just got dramatically easier. Dynamic Client Registration enables supported AI platforms to automatically discover and register with arnold™, eliminating manual configuration steps.

Why customers love it:

  • Faster onboarding
  • Less administration
  • Reduced setup complexity

Result: Spend less time configuring and more time delivering value.

🧪 MCP Tool Tester

Test Before Your AI Does

Introducing the MCP Tool Tester—a dedicated testing experience built directly into the arnold™ Portal. Validate tool inputs, SAP connectivity, and responses before exposing them to AI agents.

Why customers love it:

  • Catch issues before users do
  • Accelerate troubleshooting
  • Validate custom tools with confidence

Result: Faster deployments and fewer surprises.

Ready for Enterprise AI at Scale

arnold™ 0.7.0 makes it easier than ever to connect AI agents to real-time SAP processes while maintaining the governance, flexibility, and control enterprises expect.

Build faster. Deploy smarter. Govern confidently.

New Features & Improvements

  • Customer Override Pattern
    You can now add apps with custom behavior without modifying core Cloud UI files.
    This is implemented with a phantom/fallback component model for safer upgrades.

    info

    For step-by-step customization instructions, see the Cloud UI Customizations Guide.

  • Restore v3.x Reset Behavior
    Added a new ResetToInitialValues app setting to restore the reset behavior from v3.x.

Get it here: v9.6.0

Bug Fixes

  • Communication Failure on Initial Load
    Fixed an issue where the embedded UI could fail to communicate with the host application on initial load, resulting in a broken or unresponsive experience.

  • Item Characteristics Mapping
    Fixed an issue in the Variant Configuration UI where item characteristics could display or submit incorrect values.

  • Authentication Session Not Recovering After Expiration
    Fixed an issue where an expired authentication session was not being detected and recovered from automatically, causing requests to fail silently. The application now refreshes the session and retries without requiring user intervention.

    Get it here: v9.5.7

Enhancements

  • Loading Indicator During Item Simulate
    The Variant Configuration UI now displays a loading overlay when an Item Simulate request is in progress, preventing users from making changes while the simulation is processing.

Bug Fixes

  • Item Configuration Errors
    Fixed an issue that caused errors when loading or interacting with item configurations in the Variant Configuration UI.

  • Duplicate Scroll Bars in VC-UI
    Fixed an issue where two independent scroll bars were appearing simultaneously within the Variant Configuration UI. Scrolling behavior is now consistent and consolidated.

  • Mobile Menu Not Displaying Correctly
    Fixed an issue where the VC-UI navigation menu was not rendering properly on smaller screen widths. The menu now displays correctly across mobile-sized viewports.

  • VC Logging Inaccuracies
    Corrected an issue with internal activity logging in the Variant Configuration UI to ensure accurate troubleshooting and session tracking information is captured.

  • VC SAP Session Expiration Handling
    Fixed an issue where an expired SAP session during an active VC session was not being detected and recovered from correctly. The application now handles session expiration gracefully without requiring a manual page reload.

  • VCInitialize Failing on Stale Session Cookie
    Fixed an issue where a stale SAP session cookie from a previous VC session caused VCInitialize to return an HTTP 400 error on first load, resulting in a silent failure. The application now correctly detects and recovers from invalid sessions during initialization.

Get it here: v9.5.0

On April 29, 2026, Aikido Security disclosed an active supply chain attack targeting SAP developers. Four SAP npm packages were compromised with credential-stealing malware — specifically @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt.

enosix applications and systems are not affected.

enosix products are built on Salesforce, TypeScript, React, and LWC. We do not use SAP CAP or MTA Build tooling anywhere in our codebase. We confirmed this with a full scan of all repositories in our GitHub organization — none of the affected packages appear in any form, and no indicators of compromise were found in our code, CI pipelines, or internal npm registry.

If you have questions or concerns, please reach out to the enosix team.

For the full technical write-up of this attack, see the Aikido Security advisory.

[Feature]: This release introduces strict query parameter validation in the API Proxy to prevent query parameter injection into downstream SAP requests. The change addresses an issue where encoded characters (e.g., %26 for &) could be used to pass additional parameters.

Allows only below-listed query parameters, and any additional parameters passed on request are dropped

  • sap-client: Exactly 3 digits
  • sap-sessioncmd: Must be cancel
  • sap-language: Exactly 2 characters
  • link-function: Must be auth-payload
  • saml2: Must be disabled
  • tabs: Letters only
  • key: String or the literal $*$
  • expirationSeconds: Positive integer 1..2147483647
  • cid: Alphanumeric less than or equal to 10 characters

🚀 Introducing arnold™ — Now Available for a Pilot

We’re excited to announce the first public release of arnold™, a powerful new way to access and interact with SAP using AI.

You can now pilot arnold™ through a limited trial in your own environment and experience a completely new way of working with SAP data using AI.

👉 Ready to get started? Reach out to enosix to enable your pilot and see arnold™ in action: https://go.enosix.com/support

🤖 What is arnold™?

arnold™ is an MCP Server (Model Context Protocol) that connects AI agents to SAP, allowing users to interact with SAP data using simple, natural language. Instead of navigating complex SAP screens or using transaction codes, users can simply ask questions—and take action—directly from chat.

With arnold™, you can:

  • 🔍 Retrieve real-time SAP data
  • ✏️ Update existing records
  • ➕ Create new transactions

No SAP GUI. No transaction codes. No delays.

🧠 How It Works (Simple View)

  • Users interact with Agent through AI platforms like Microsoft 365 (Copilot)
  • AI agents translate the request to tools
  • arnold™ provides the right tools to interact with SAP
  • enosix SAP Platform responds in real time
  • Agent presents data to users in easily readable format

☁️ Built for Enterprise — Secure by Design

arnold™ is:

  • Hosted in Microsoft Azure
  • Secured through Microsoft Entra Directory / M365
  • Supports Single Sign-On (SSO) and SAP Principal Propagation

Your SAP data remains secure while becoming more accessible than ever.

Enhancements

  • Override CID on Link API requests. Support has been added to specify a Customizing ID on proxied API requests. Specifying a cid query string parameter will override the x-enosix-cid extension of the Open API Specification for the endpoint.

Bug Fixes

  • Reading CID from Open API Specification. A bug causing API endpoints to ignore the configured x-enosix-cid extension in the Open API Specification.