# Changelog

Last updated: March 24, 2026.

[![Tests](https://camo.githubusercontent.com/26641b5a70dea0526ad84e92b8d1dea013f3682c187ef1cac1ac09685e2c31e2/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f74657374732d39373725323070617373696e672d627269676874677265656e)](https://camo.githubusercontent.com/26641b5a70dea0526ad84e92b8d1dea013f3682c187ef1cac1ac09685e2c31e2/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f74657374732d39373725323070617373696e672d627269676874677265656e) [![Vitest](https://camo.githubusercontent.com/75fde65290dbfc7dd2b52c4aa25a9f069d8f342dd65f96e40ddf31bab03b69bc/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f746573746564253230776974682d7669746573742d364539463138)](https://camo.githubusercontent.com/75fde65290dbfc7dd2b52c4aa25a9f069d8f342dd65f96e40ddf31bab03b69bc/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f746573746564253230776974682d7669746573742d364539463138) [![Languages](https://camo.githubusercontent.com/526cf55b8be703ab2d413b92d1ccf65a837f02413ed34f9f3015fc0e07161bf8/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c616e6775616765732d33372d626c7565)](https://camo.githubusercontent.com/526cf55b8be703ab2d413b92d1ccf65a837f02413ed34f9f3015fc0e07161bf8/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c616e6775616765732d33372d626c7565) [![BYOK Providers](https://camo.githubusercontent.com/991e44d30e63e00f5d26eb53658c85234ebfbfad6a72f2854fddb9ebd5ba80d3/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f42594f4b25323070726f7669646572732d31382d6f72616e6765)](https://camo.githubusercontent.com/991e44d30e63e00f5d26eb53658c85234ebfbfad6a72f2854fddb9ebd5ba80d3/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f42594f4b25323070726f7669646572732d31382d6f72616e6765) [![Security](https://camo.githubusercontent.com/9848248df8f878d8a375f7a0993b27219c2ed5c209d9a2442e6001064201a7cc/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f73656375726974792d68617264656e65642d637269746963616c)](https://camo.githubusercontent.com/9848248df8f878d8a375f7a0993b27219c2ed5c209d9a2442e6001064201a7cc/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f73656375726974792d68617264656e65642d637269746963616c)

![Moat](https://docs.lisaiceland.com/~gitbook/image?url=https%3A%2F%2Fcamo.githubusercontent.com%2Fcf9284fb15978bad5057ded6dd214f81c456978e71e1a84894a7c1c0203e94db%2F68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f6d70657469746976652532306d6f61742d3530253230646966666572656e746961746f72732d707572706c65\&width=300\&dpr=3\&quality=100\&sign=f6cd6274\&sv=2) [![Shipped](https://camo.githubusercontent.com/c6d47a185d7feee3e89913188f3f3f27c0dcd3c37348c167e7c76818d565e5d4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7368697070656425323066656174757265732d7e3332352d677265656e)](https://camo.githubusercontent.com/c6d47a185d7feee3e89913188f3f3f27c0dcd3c37348c167e7c76818d565e5d4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7368697070656425323066656174757265732d7e3332352d677265656e)

***

All notable changes to this project will be documented in this file.

**Versioning**: Calendar-based (`vYYYY.MM.DD`). Each month collects dated entries; at month-end they form that month's release.

***

### **v2026.03.24 -- March 2026**

#### **Fixed — Custom Script Widget Lifecycle Events**

* **2026-03-24** -- Fixed ALL third-party widgets not rendering due to missed `DOMContentLoaded`/`load` lifecycle events
* **2026-03-24** -- `CustomScriptInjector` now re-dispatches `readystatechange`, `DOMContentLoaded`, `load`, and `lovable:custom-scripts-ready` events after all scripts are injected
* **2026-03-24** -- Added test coverage for lifecycle event re-dispatching (11 tests passing)

***

### **v2026.03.23 -- March 2026**

#### **Security**

* **2026-03-23** -- Recreated `site_config_public` view with `security_invoker = on` to fix SECURITY DEFINER vulnerability
* **2026-03-23** -- Added explicit deny-all RLS policies to `auth_rate_limits`, `client_portal_otps`, `client_portal_sessions`

#### **Fixed — Mobile Landing Site Double Scroll**

* **2026-03-23** -- Locked `html/body/#root` and made `.site-renderer-root` the sole scroll container with `height: 100dvh`
* **2026-03-23** -- Added CSS rules (3 levels deep) to force `overflow: visible !important` and `height: auto !important` on inner wrappers
* **2026-03-23** -- Added recursive JS `stripScrollStyles()` (up to 8 levels) using `getComputedStyle` to neutralize scroll containers at runtime
* **2026-03-23** -- Imperative style lock on `html`, `body`, `#root` in `enhanceGeneratedSite()` — no site regeneration required

#### **Added — Global AI Usage Gating**

* **2026-03-23** -- Created `ai_free_usage` table and RPCs for tracking 5 free AI prompts per organization
* **2026-03-23** -- Added shared `ai-quota.ts` utility for edge functions with system admin and BYOK exemptions
* **2026-03-23** -- Updated 8 AI edge functions with quota checks (returns `402 free_quota_exceeded`)
* **2026-03-23** -- Added `BYOKRequiredDialog` component for prompting users to add API keys
* **2026-03-23** -- Added AI usage limit notice to AgentOne and Convo+ How to Use sections

#### **Added — Command Palette & Site Stats**

* **2026-03-23** -- Added \~25 missing navigation items to Command Palette for user and admin routes
* **2026-03-23** -- Added high-contrast tooltip styles and Users by Country summary card to Site Stats

***

### **v2026.03.20 -- March 2026**

#### **Security — Prompt Injection Hardening**

* **2026-03-20** -- Hardened all 7 AI edge functions (`webchat-message`, `ai-content-generate`, `ai-form-builder`, `ai-video-script`, `agent-one-chat`, `convo-chat`, `chat-with-data`) against prompt injection attacks
* **2026-03-20** -- Added input sanitization, injection pattern scanning (wrap-not-block strategy), and safety preambles to all AI endpoints
* **2026-03-20** -- Added IP-based rate limiting (20 req/5min) to public `webchat-message` endpoint
* **2026-03-20** -- Added JWT authentication verification to `ai-content-generate`, `ai-form-builder`, `ai-video-script`
* **2026-03-20** -- Added HTML output sanitization to `generate-website` (strips `<script>`, event handlers, `javascript:` URIs) to prevent stored XSS
* **2026-03-20** -- Refined injection detection patterns to eliminate false positives on benign prompts (roleplay, creative writing, multimodal uploads, language practice)
* **2026-03-20** -- Softened AI moderation classifier in `agent-one-chat`, `convo-chat`, `chat-with-data` to default "NO" for ambiguous cases

#### **Fixed — CSS-Driven Mobile Menu**

* **2026-03-20** -- Switched generated site header from JS-based to CSS-driven visibility using `data-lovable-open` attributes and media queries
* **2026-03-20** -- Fixed desktop nav items being hidden when resizing from mobile to desktop

#### **Updated — Docs & Badges**

* **2026-03-20** -- Added "Prompt Injection — mitigated" badge to README and CHANGELOG
* **2026-03-20** -- Updated README security section with prompt injection mitigation and AI output sanitization details
* **2026-03-20** -- Synced test counts and dates across README, TESTS and CHANGELOG

***

### **v2026.03.19 -- March 2026**

#### **Added — Generated Landing Site Enhancements**

* **2026-03-19** -- Runtime sticky header + hamburger menu enhancement utility (`generated-site-enhancements.ts`) for all generated landing sites
* **2026-03-19** -- Broadened CTA/button detection in content editor — now catches `rounded`, `bg-*`, `px-*`, inline-styled, and standalone `<a>` elements
* **2026-03-19** -- "Open in new tab" toggle switch for all editable links, buttons, and menu items in the content editor

#### **Added — Guided Tour & Learning Center**

* **2026-03-19** -- Added "Landing Sites" step to the 22-step Guided Tour
* **2026-03-19** -- Expanded Learning Center from 13 to 18 deep-dive modules (Landing Sites, Embed Widgets, Automation Workflows, Compliance & Audit, White-Label Portal)
* **2026-03-19** -- Enriched all existing Learning Center modules with 6–9 detailed bullet points each

#### **Changed — Documentation & Test Sync**

* **2026-03-19** -- Added generated-site-enhancements.test.ts — 16 tests passing
* **2026-03-19** -- Updated GuidedTour.test.tsx — 7 tests passing, 22-step count verified
* **2026-03-19** -- Synced all badge counts across all docs files (977 tests, 126 files)
* **2026-03-19** -- Updated Lovable sync trigger timestamp for GitHub push

***

### **v2026.03.17 -- March 2026**

#### **Fixed — Critical Rendering Regressions**

* **2026-03-17** -- Fixed pricing section not rendering for unauthenticated/incognito users — added public `SELECT` RLS policies on `plans` and `site_config` tables
* **2026-03-17** -- Fixed CRM email inbox body not visible in dark mode — emails now render inside sandboxed `<iframe>` with isolated white-background stylesheet via `buildEmailPreviewDocument` utility
* **2026-03-17** -- Fixed documentation portal (`/docs/home`) blank renders — added `normalizePageContent` parser to handle both Markdown and Tiptap JSON data shapes
* **2026-03-17** -- Fixed docs portal "blinking" on realtime refresh — refactored loading state to prevent background refreshes from clearing UI

#### **Added — SPA Deep-Link Redirect**

* **2026-03-17** -- Created `public/404.html` with `sessionStorage`-based redirect for custom domain deep-linking on mobile browsers
* **2026-03-17** -- Created `SpaRedirectHandler` component to pick up stored path and navigate on app initialization

#### **Added — Email Security (Sanitization)**

* **2026-03-17** -- Created `emailPreview.ts` utility with DOMPurify-based HTML sanitization, XSS-safe plain text escaping, and isolated preview document builder
* **2026-03-17** -- Emails rendered in sandboxed iframe (`allow-popups allow-popups-to-escape-sandbox`) preventing script execution

#### **Tests**

* **2026-03-17** -- Added `emailPreview.test.ts` (10 tests): sanitization of scripts/event handlers, document wrapping, plain text fallback, XSS escaping, style inclusion
* **2026-03-17** -- Added `SpaRedirectHandler.test.tsx` (5 tests): null render, redirect on stored path, non-root skip, no-path skip, invalid path rejection
* **2026-03-17** -- Updated badge counts: 961 tests across 125 frontend + 7 edge function test files

#### **Changed — Documentation & Test Sync**

* **2026-03-17** -- Synced all badge counts and "Last Updated" timestamps across [CHANGELOG.md](http://changelog.md), [TESTS.md](http://tests.md)
* **2026-03-17** -- Updated Lovable sync trigger timestamp for GitHub push

***

### **v2026.03.16 -- March 2026**

#### **Changed — Documentation Portal UX**

* **2026-03-16** -- `/docs` now redirects to `/docs/home` automatically so visitors always land on the home page
* **2026-03-16** -- Docs sidebar groups start collapsed by default instead of fully expanded on page load

#### **Changed — Documentation & Test Sync**

* **2026-03-16** -- Ran full test suite — all 950 tests passing (5 CRM SMTP tests verified in CI)
* **2026-03-16** -- Synced all badge counts and "Last Updated" timestamps across all docs
* **2026-03-16** -- Updated Lovable sync trigger timestamp for GitHub push

***

### **v2026.03.14 -- March 2026**

#### **Added — Documentation Admin Enhancements**

* **2026-03-14** -- "Move to..." dropdown: re-parent existing pages and links under different parent pages or move to root level via a popover UI triggered by folder icon on hover
* **2026-03-14** -- HTML5 drag-and-drop reordering: snappy drag-and-drop in the docs sidebar tree with above/below/inside positioning, visual drop indicators (3px line with dot), and optimistic UI updates (no page refresh)
* **2026-03-14** -- Drag handle with GripVertical icon on each sidebar row for intuitive grab interaction

#### **Fixed — Rich Text Editor Improvements**

* **2026-03-14** -- Fixed blog editor slash command menu: commands were visually disabled/unclickable inside modal dialogs — switched from `createPortal` to container-relative positioning with `onMouseDown` execution
* **2026-03-14** -- Restored bubble formatting menu (bold, italic, etc.) on text selection in blog and docs editors
* **2026-03-14** -- Fixed docs editor bubble menu z-index (9999→99999) so it appears above page content instead of behind it
* **2026-03-14** -- Added `overflow: visible` on `.docs-editor` containers to prevent clipping of floating toolbars
* **2026-03-14** -- Enabled inline multi-image layouts: images can now be dragged side-by-side on the same line in the docs editor
* **2026-03-14** -- Fixed heading sizes (H1/H2/H3) and ordered/unordered list formatting visibility in docs editor live preview

#### **Changed — Documentation & Test Sync**

* **2026-03-14** -- Synced all badge counts across all docs: 950 tests, \~325 features, 130 test files
* **2026-03-14** -- Removed all badge hyperlinks across all .md files — badges are now plain images
* **2026-03-14** -- Updated all "Last Updated" timestamps to 2026-03-14

***

### v2026.03.12 -- March 2026

#### Added — AgentOne Workflow Enhancements

* **2026-03-12** -- Expanded AgentOne workflow templates from 4 to 20: Customer Satisfaction Survey, Onboarding Kickoff, Churn Prevention Escalation, Upsell Opportunity Detector, Competitor Mention Tracker, Quote Request Pipeline, Compliance Call Audit, Agent Performance Review, No-Show Rebooking, Escalation to Human Agent, Daily Call Digest, Patient Triage Notes, Prescription Refill Handler, Consultation Intake Summary, CRM Sync Pipeline, Slack Alert Pipeline
* **2026-03-12** -- Added "New Blank Workflow" button — users can now create workflows from scratch without a template
* **2026-03-12** -- Replaced expandable How to Use section with button-triggered dialog containing 5 in-depth sections with real-world examples, AgentOne Chat leverage guide, and step-by-step instructions
* **2026-03-12** -- Gamified How to Use dialog: 25 XP per section, progress bar, completion badges, localStorage persistence, toast notifications on earn

#### Fixed — Edge Function Configuration

* **2026-03-12** -- Registered 55 missing edge functions in `supabase/config.toml` with `verify_jwt = false` (functions use manual `getUser()` auth pattern)
* **2026-03-12** -- Resolved duplicate `topup-checkout` entry in config

#### Changed — Documentation Sync

* **2026-03-12** -- Synced all badge counts across README.md, FEATURES.md, TESTS.md, UNIQUEFEATURES.md, CHANGELOG.md: 884 tests, \~322 features, 50 differentiators
* **2026-03-12** -- Updated all "Last Updated" timestamps to 2026-03-12

***

### v2026.03.11 -- March 2026

#### Slot Monetization & White-Label Portal Enhancements

* **2026-03-11** -- Rebuilt Appointment Slot Monetization with DB-backed `premium_slots` table: per-agent, per-service granularity, full CRUD, RLS policies, and gamified How to Use guide
* **2026-03-11** -- Added `price_multiplier` column to appointments table for accurate invoicing of premium slots
* **2026-03-11** -- Added `slot_monetization_enabled` to organization settings for org-level toggle
* **2026-03-11** -- Added Company Logo upload and Company Slogan input to White-Label Portal creation form (previously only in edit view)
* **2026-03-11** -- Updated SlotMonetization tests to match new DB-backed architecture (2 tests)

#### Robust CRM Enhancements — Client Health, Timeline & Retention Intelligence

* **2026-03-11** -- **Client Health Score System**: Added `health_score` (0-100), `health_status` (healthy/at\_risk/critical), and `churn_risk` columns to `client_records` and `crm_contacts` tables
* **2026-03-11** -- **Client Tiers**: New `tier` column (vip/priority/standard/at\_risk) for segmenting customers by engagement value
* **2026-03-11** -- **Unified Client Timeline**: New `client_interactions` table logs all touchpoints (calls, appointments, emails, notes, documents) with `ClientTimeline` component in detail panel
* **2026-03-11** -- **Smart Follow-Up Reminders**: New `client_follow_ups` table with `ClientFollowUps` component — track pending tasks, mark complete/dismiss/snooze, auto-create for at-risk clients
* **2026-03-11** -- **Sentiment Trend Tracking**: Added `sentiment_trend` column (positive/neutral/negative) with `SentimentTrendBadge` visual indicator
* **2026-03-11** -- **How to Use Guide**: Gamified 8-step guide (75 XP) explaining Health Scores, Timeline, Tiers, and Follow-ups with industry-specific examples
* **2026-03-11** -- **Learning Center**: Added "Client Management & CRM" Phase 13 module with deep-dive guidance on all CRM features (+50 XP)
* **2026-03-11** -- **New Components**: `ClientHealthBadge`, `SentimentTrendBadge`, `ClientTimeline`, `ClientFollowUps`, and `client-health.ts` calculation utility
* **2026-03-11** -- **Enhanced Metrics**: Dashboard shows "At-Risk Clients" and "Avg Health" summary cards; Superadmin CRM shows avg health score and churn risk counts
* **2026-03-11** -- **Tier Filtering**: Added tier filter to both Dashboard Clients and CRM Contacts tables with VIP/Priority/Standard/At-Risk options
* **2026-03-11** -- **UI Updates**: `ClientDetailPanel` now has Timeline and Follow-Ups tabs; `CRMContactsTable` displays health/tier columns
* **2026-03-11** -- **Tests**: Added 3 new `DashboardClients` tests (How to Use button, At-Risk Clients metric, Avg Health metric) — total 876 tests

***

### v2026.03.10 -- March 2026

#### Security Hardening — Full Codebase Audit

* **2026-03-10** -- Added DOMPurify sanitization to all `dangerouslySetInnerHTML` usage (NewsletterDashboard) to prevent XSS attacks
* **2026-03-10** -- Removed SMTP credentials from `localStorage` — now uses `sessionStorage` for non-sensitive fields only; passwords are never persisted client-side
* **2026-03-10** -- Upgraded `vite-plugin-pwa` to 0.21.1 to resolve `serialize-javascript` high-severity vulnerability
* **2026-03-10** -- Added Terser production build config to strip `console.log`, `console.warn`, `console.debug` (keeps `console.error` for monitoring)
* **2026-03-10** -- Fixed all empty `catch {}` blocks across AdminProfile, DemoAudioPlayer, VideoRoomManager with descriptive error logging
* **2026-03-10** -- Audited all Security Definer database views — confirmed `site_config_public`, `plans_public`, `video_rooms_public` are intentionally definer; all `_safe` views use `security_invoker=on`
* **2026-03-10** -- Legacy `localStorage` SMTP data is now auto-cleaned on CRM Tickets page load

#### Added — Push Notifications (Native Browser)

* **2026-03-10** -- Native browser push notification system using Browser Notification API + Supabase Realtime (no external VAPID dependencies)
* **2026-03-10** -- `useBrowserNotifications` hook: permission management, localStorage persistence, auto-close after 6s
* **2026-03-10** -- `PushNotificationToggle` component with Active/Blocked status badges
* **2026-03-10** -- Push toggle added to User Dashboard Settings (Profile section) and Superadmin Notification Prefs
* **2026-03-10** -- Admin Push Composer: compose and send notifications to All Users, All Admin Staff, Specific Organization, or Single User
* **2026-03-10** -- NotificationBell triggers native browser notifications on new realtime events

#### Added — Pricing Plans Price Lock Display

* **2026-03-10** -- Landing page pricing cards now display Price Lock-In badge (🔒 icon) showing lock duration (e.g., "Price locked for 2 years")

#### Fixed — Plan Edit Dialog Scrolling

* **2026-03-10** -- Replaced Radix ScrollArea with native `overflow-y-auto` in Plan Edit dialog for reliable scrolling
* **2026-03-10** -- Dialog content constrained to `max-h-[90vh]` with pinned header/footer

#### Fixed — Organization Deletion S3 Cleanup

* **2026-03-10** -- `delete-organization` edge function now performs actual S3/IDrive E2 cleanup: lists all objects under `org-{uuid}/` prefix via `ListObjectsV2` and deletes them in batches via `DeleteObjects` (previously only logged orphaned objects)
* **2026-03-10** -- Uses native AWS SigV4 signing (no SDK dependency) with pagination support for orgs with >1000 objects
* **2026-03-10** -- Deletion response now includes `s3_objects_deleted` count for audit trail
* **2026-03-10** -- Updated Danger Zone UI warning to mention cloud storage file purging

#### Added — CRM Ticket & SMTP Improvements

* **2026-03-10** -- Rewrote `delete-user-data` edge function: now fully deletes auth user + profile row (was previously blanking profile as "\[Deleted User]"), purges S3/IDrive E2 data, cleans up Vapi resources, and cascade-deletes the org if user was sole member
* **2026-03-10** -- `delete-organization` response now shows S3 objects purged count in toast notification
* **2026-03-10** -- SMTP test email: added dedicated "Test Email Address" input field to SMTP dialog (previously sent to SMTP username, causing errors)
* **2026-03-10** -- Rewrote `test-smtp` edge function: replaced `denomailer` with raw TCP SMTP client to fix email validation errors ("TO Email is not valid!") and support both implicit TLS (port 465) and STARTTLS (port 587)
* **2026-03-10** -- Fixed hCaptcha on `/submit-ticket` page: replaced hardcoded test site key with `HCaptchaRuntimeWidget` using real credentials
* **2026-03-10** -- Created and deployed `verify-hcaptcha` edge function for server-side captcha validation with graceful fallback
* **2026-03-10** -- Fixed CRM Tickets button visibility: explicit borders and colors for dark backgrounds
* **2026-03-10** -- Guided Tour arrows updated to light green (`hsl(142, 71%, 45%)`) for visibility
* **2026-03-10** -- Dashboard overview: removed "(30D)" suffix from Total Calls and Missed Calls card labels

#### Tests

* **2026-03-10** -- Added `SubmitTicket.test.tsx` (6 tests): page title, form fields, submit button, hCaptcha runtime widget, priority selector, security notice
* **2026-03-10** -- Added `CRMTicketsSmtp.test.tsx` (5 tests): SMTP Settings button, dialog open, test email input, test connection button, save button
* **2026-03-10** -- Total: 875 tests across 100 frontend + 7 edge function test files

#### Added — Compliance Audits (Vanta-Inspired)

* **2026-03-10** -- New Compliance Audits system with 3 database tables (`compliance_frameworks`, `compliance_artifacts`, `compliance_audit_results`) and RLS policies
* **2026-03-10** -- Superadmin "Compliance" tab in Admin panel: framework cards, artifact CRUD, org compliance overview
* **2026-03-10** -- User dashboard Compliance Audits page (`/dashboard/compliance-audits`): animated score ring, framework tabs, auto-check engine, evidence submission
* **2026-03-10** -- Seeded 5 frameworks (SOC 2, HIPAA, GDPR, PCI-DSS, ISO 27001) with 42 pre-built artifacts including auto-check mappings
* **2026-03-10** -- 6 auto-check types: RLS active, MFA enabled, encryption at rest, call recording consent, GDPR configured, data retention policy
* **2026-03-10** -- How to Use emerald guide with 4-step onboarding instructions
* **2026-03-10** -- Added Compliance Audits step to 18-step Guided Tour
* **2026-03-10** -- Added Phase 12 (Compliance Audits) to Learning Center with 3 new learning steps (+40 XP)

#### Added — Gamified How to Use Guides

* **2026-03-10** -- Created reusable `GamifiedGuideDialog` component with XP tracking, step completion persistence (localStorage), progress bars, and Carbon Cash rewards tie-in
* **2026-03-10** -- Gamified "How to Use" dialogs on 7 dashboard pages: Compliance Audits (75 XP), Process Intelligence (90 XP), Live Calls (60 XP), Embed Widgets (60 XP), Webhooks (65 XP), AI Voice Agents (65 XP), Convo+ (50 XP)
* **2026-03-10** -- Each guide includes "How to Leverage for Your Organization" with industry-specific examples (Healthcare, Real Estate, E-Commerce, Legal, etc.)
* **2026-03-10** -- XP earned across all guides redeemable for Carbon Cash Rewards in the Store

#### Changed — Navigation & Transfer Sync

* **2026-03-10** -- Renamed "Integrations" to "Webhooks" in sidebar More menu for clarity
* **2026-03-10** -- Updated Guided Tour "More Features" description to reference Webhooks instead of Integrations
* **2026-03-10** -- Fixed transfer phone number sync: agent editor now syncs transfer\_number to organization\_settings AND updates Vapi assistant's transferCall tool destinations on save

#### Tests

* **2026-03-10** -- Added `DashboardComplianceAudits.test.tsx` (5 tests): page title, How to Use button/guide, Run Full Audit button, guide steps
* **2026-03-10** -- Updated `DashboardSidebar.test.tsx` (10 tests, +1 new): added Webhooks visibility test in More popover
* **2026-03-10** -- Total: 864 tests across 98 frontend + 7 edge function test files

***

### v2026.03.09 -- March 2026

#### Changed — Navigation & Campaign Security

* **2026-03-09** -- Moved Clients button below AI Voice Agents in sidebar navigation
* **2026-03-09** -- Removed CSV import from Outbound Campaigns to prevent spam/blacklisting; replaced with consent-based contact picker from existing client records
* **2026-03-09** -- Added Process Intelligence and Outbound Campaigns modules to Learning Center
* **2026-03-09** -- Updated Guided Tour from 15 to 17 steps with Process Intelligence, Campaigns, and Climate Saved steps

#### Added — Process Intelligence (4 Features)

* **2026-03-09** -- Business Context Manager: structured business rules engine for policies, authority limits, and KPI targets that govern AI agent behavior
* **2026-03-09** -- Process Map Visualizer: visual workflow diagram showing lead-to-conversion pipeline with bottleneck highlighting
* **2026-03-09** -- Operational Readiness Score: composite 0–100 score measuring org preparation for full AI automation
* **2026-03-09** -- SLA Monitor with Breach Tracking: configurable response time thresholds, compliance percentage tracking, and breach history

#### Added — Omnichannel & Developer Platform (5 Features)

* **2026-03-09** -- SMS & WhatsApp Messaging: omnichannel AI messaging with threaded conversations, real-time updates, and manual override
* **2026-03-09** -- Outbound Campaign Dialer: bulk outbound calling with CSV lead upload, sequential dialing, pause/resume, and per-lead outcome tracking
* **2026-03-09** -- Embeddable Webchat Widget: AI chat bubble for any website with agent assignment, color customization, embed code generation, and conversation management
* **2026-03-09** -- Webhook Integration System: developer webhook endpoints with event type selection, HMAC payload signing, test ping, and delivery log monitoring
* **2026-03-09** -- Live Transcript Streaming: real-time call transcript monitoring with speaker-labeled chunks via Supabase Realtime, auto-scroll, and supervisor coaching integration

#### Added — Infrastructure

* **2026-03-09** -- Centralized site URL: created `_shared/constants.ts` with `SITE_URL` constant, updated 9 edge functions to import from shared constant instead of hardcoding
* **2026-03-09** -- Updated `dispatch_email_from_notification` DB function to dynamically read site URL from `site_config` table

#### Tests

* **2026-03-09** -- Added `DashboardProcessContext.test.tsx` (5 tests): no-org fallback, page title, tabs render, process map, readiness score
* **2026-03-09** -- Added `DashboardMessages.test.tsx` (5 tests): no-org fallback, router context, container render, crash safety, fallback text
* **2026-03-09** -- Added `DashboardCampaigns.test.tsx` (5 tests): no-org fallback, router context, crash safety, fallback text, container render
* **2026-03-09** -- Added `DashboardWebchat.test.tsx` (5 tests): page title, create widget button, How to Use guide, tabs, description text
* **2026-03-09** -- Added `DashboardIntegrations.test.tsx` (5 tests): page title, How to Use guide, description text, endpoints tab, logs tab
* **2026-03-09** -- Added `DashboardLiveCalls.test.tsx` (5 tests): page title, description text, How to Use guide, call list area, transcript panel
* **2026-03-09** -- Total: 852 tests across 97 frontend + 7 edge function test files

#### Changed — Documentation

* **2026-03-09** -- UNIQUEFEATURES.md: added A45–A48 (4 new differentiators), updated feature census to \~316, updated moat to 48
* **2026-03-09** -- Synced badges across all .md docs: tests→852, shipped features→\~316
* **2026-03-09** -- Learning guide: added Phase 11 — Process Intelligence (4 guide steps, 50 XP)
* **2026-03-09** -- TESTS.md: added 1 new page test file entry, updated counts

***

### v2026.03.08 -- March 2026

#### Changed — Visual Flow Builder Integration

* **2026-03-08** -- Moved Visual Call Flow Builder from standalone Dashboard card into the Agent Editor form (inside "AI Behavior & Instructions" section); selecting a template auto-generates special\_instructions; expanded to 36 industry-specific templates
* **2026-03-08** -- Removed VisualFlowBuilder from Dashboard analytics grid (now agent-editor-only)

#### Added — Dashboard Intelligence Suite (24 Features, 7 Phases)

* **2026-03-08** -- Phase 1 — Dashboard Analytics: Call Cost Calculator, Revenue Attribution per Agent, Smart Time-Slot Suggestions (heatmap), Agent Performance Leaderboard
* **2026-03-08** -- Phase 2 — Post-Call Intelligence: Call Quality Score (1-5 auto-rating), AI Call Sentiment Heatmap (calendar view), Smart Call Summary Digest (email config)
* **2026-03-08** -- Phase 3 — Call Flow Enhancements: Missed-Call Auto-Callback Queue, Caller Intent Pre-Routing, Voice Greeting Scheduler, AI-Powered Competitive Pricing Alerts
* **2026-03-08** -- Phase 4 — Advanced Intelligence: Post-Call NPS Auto-Survey, Voicemail-to-Action Pipeline, Voice Agent Compliance Auto-Flagging, Auto-Generated FAQ from Calls
* **2026-03-08** -- Phase 5 — Supervisor & Predictive: Live Call Whisper Mode (real-time supervisor coaching), Smart No-Show Predictor (appointment risk scoring), Multilingual Auto-Detect & Live Switch
* **2026-03-08** -- Phase 6 — Monetization & Optimization: White-Label Client Portal (branded config), Appointment Slot Monetization (premium pricing), Voice Agent A/B Testing (variant comparison)
* **2026-03-08** -- Phase 7 — Predictive Intelligence: Client Risk Scoring / Churn Prediction, Visual Call Flow Builder (decision tree), Proactive Engagement Triggers (rule-based follow-ups)
* **2026-03-08** -- Analytics Learning Guide: gamified 24-step interactive guide with 310 XP across 7 phases, localStorage persistence, and progress tracking

#### Security — RLS & Policy Hardening (8 fixes, 3 migrations)

* **2026-03-08** -- Video Rooms PII: removed anon SELECT on base table; anonymous join now uses `get_video_room_join_data()` RPC excluding `created_for_email`/`created_for_name`
* **2026-03-08** -- Plans secret\_slug exposure: anon SELECT restricted to `is_public = true`; created `plans_public` safe view excluding `secret_slug` and `allowed_discount_codes`
* **2026-03-08** -- Newsletter purchases: fixed INSERT policy from permanent `WITH CHECK (false)` to `WITH CHECK (is_service_role())`
* **2026-03-08** -- Affiliate referrals: tightened service\_role INSERT with explicit `is_service_role()` guard
* **2026-03-08** -- Video sessions: anon INSERT now validates `room_id` + `participant_name` + active room exists
* **2026-03-08** -- Convo workspaces BYOK key: base table SELECT restricted to org admins only (matching `agent_one_workspaces` pattern); regular members use `convo_workspaces_safe` view
* **2026-03-08** -- Staff invitations privilege escalation: restricted INSERT/UPDATE/DELETE to `is_system_admin()` only (previously any `is_admin_staff()` could create invitations with elevated roles)
* **2026-03-08** -- Staff role templates: write operations restricted to `is_system_admin()`; read allowed for all admin staff

#### Changed — Documentation

* **2026-03-08** -- UNIQUEFEATURES.md: renamed Section A from "Already Built Differentiators" to "Already Built – Competitive Moat"; merged all 24 shipped B-items into Section A (A16–A39); updated Priority Matrix with 39-feature consolidated table; kept Sections B, C, D as reference breakdowns
* **2026-03-08** -- FEATURES.md: added 24 new Dashboard & Analytics entries
* **2026-03-08** -- TESTS.md: added 24 new dashboard test file entries, updated counts (168→282 dashboard tests, 16→40 test files)
* **2026-03-08** -- Synced badges across all .md docs: README, FEATURES, TESTS, CHANGELOG, CRM, CONTRIBUTING, AgentVerifier, BiasProtections, Guardrails, HITL — dates updated, shipped features badge shows \~307

#### Tests

* **2026-03-08** -- Fixed `ClientRiskScoring.test.tsx`: resolved "multiple elements" error by using `getAllByText` for `/Critical/` pattern
* **2026-03-08** -- Fixed `LiveWhisperMode.test.tsx`: resolved "multiple elements" error by using `getAllByText` for `/LIVE/` pattern
* **2026-03-08** -- Added 24 new dashboard component test files (114 new tests): MissedCallCallback (5), VoicemailPipeline (5), LiveWhisperMode (5), PostCallNPSSurvey (6), NoShowPredictor (5), RevenueAttribution (5), MultilingualDetect (5), CallerIntentRouting (5), WhiteLabelPortal (4), CompetitivePricingAlerts (5), ComplianceFlagging (5), SlotMonetization (4), SentimentHeatmap (6), AgentABTesting (5), CallDigestConfig (6), ClientRiskScoring (4), VisualFlowBuilder (5), ProactiveEngagement (5), CallQualityScore (5), TimeSlotHeatmap (4), AgentLeaderboard (4), AutoGeneratedFAQ (6), VoiceGreetingScheduler (6), CallCostCalculator (5)
* **2026-03-08** -- Total: 822 tests across 91 frontend + 7 edge function test files

***

### v2026.03.06 -- March 2026

#### Security

* **2026-03-06** -- S3 Tenant Isolation Hardened: end-to-end audit of all org data storage; fixed AgentOne `s3_run_path` to use `org-{uuid}/` prefix, standardized `snapshot-org-stats` to `org-{uuid}/stats/`, fixed redundant path in AdminOrgStats, updated `delete-organization` cleanup references to unified `org-{uuid}/` convention
* **2026-03-06** -- Password Policy Hardened: minimum password length increased from 8 to 12 characters across all authentication flows (signup, reset password, profile change, invitation acceptance) and Zod `passwordSchema` validation
* **2026-03-06** -- Rate Limiting: added IP-based rate limiting (10 req/hour) to `rewards-redeem` edge function
* **2026-03-06** -- Affiliate Token Leakage Fix: `affiliate-dashboard-data` no longer returns `access_token` in lookup responses; switched to email-link login flow
* **2026-03-06** -- Password Tips UI: updated all password hint text from "8 characters" to "12 characters" in SecuritySettings, AdminProfile, and ResetPassword

#### Tests

* **2026-03-06** -- Updated `validations.test.ts` (27→28 tests): added 12-char password acceptance test, updated rejection test for new minimum
* **2026-03-06** -- Updated `ResetPassword.test.tsx`: password strength and match tests aligned with 12-char minimum
* **2026-03-06** -- Updated `SecuritySettings.test.tsx`: password tips text updated to 12 characters
* **2026-03-06** -- Fixed `HCaptchaRuntime.test.tsx` (5 tests): resolved build-time env var interference; tests now handle both runtime and build-time sitekey paths
* **2026-03-06** -- Added `rewards-redeem/index.test.ts` (2 tests): CORS preflight handling, JSON response on POST
* **2026-03-06** -- Total: 821 tests across 91 frontend + 7 edge function test files

***

### v2026.03.05 -- March 2026

#### Changed

* **2026-03-05** -- Guided Tour Update: added "Clients" step (now 15 steps total) to match sidebar reorganization; updated "More Features" description to include Settings, Content Moderation, and remove Clients
* **2026-03-05** -- Sidebar Navigation: Clients moved to primary sidebar below All Calls; "Moderation" renamed to "Content Moderation"
* **2026-03-05** -- Calls Page: added Video Calls quick-access button
* **2026-03-05** -- Competition Info: added "How to Use" instructional popup

#### Tests

* **2026-03-05** -- Enhanced `GuidedTour.test.tsx` (3→7 tests): step navigation, skip/close with localStorage, completed tour suppression, back button disabled state
* **2026-03-05** -- Total: 820 tests across 90 frontend + 6 edge function test files

***

### v2026.03.04 -- March 2026

#### Added

* **2026-03-04** -- Independent Manual + Unlimited Video Rooms: plans now support BOTH a manual room count AND an unlimited auto-gen toggle simultaneously; manual rooms are always enforced, unlimited controls auto-generated client sessions independently
* **2026-03-04** -- Call Archive Tab: new "Call Archive" tab in Dashboard → Video Rooms showing all ended sessions (both manual and client) with search, type/payment filters, recording downloads, transcript downloads, CSV export, and summary stats
* **2026-03-04** -- Video Session Recording/Transcript Columns: `video_sessions` table extended with `recording_url`, `transcript`, and `transcript_s3_url` columns
* **2026-03-04** -- Unlimited Video Rooms Plan Toggle: superadmin plan editor now includes an "Unlimited Auto-Gen Rooms" switch; renamed existing field from "Video Rooms" to "Manual Video Rooms" for clarity
* **2026-03-04** -- Video Chat Appointments Toggle: AI Voice Agent editor replaces manual room management with a centralized "Enable Video Chat Appointments" switch persisted to `ai_agents.video_chat_enabled`
* **2026-03-04** -- Automated Video Room Flow: voice agents automatically collect client details (name, email, time), system auto-generates a unique private room with appointment, sends join link email, and cleans up after 2 hours
* **2026-03-04** -- Video Consultation Templates: all 36+ agent templates now include standardized video consultation instruction blocks with call recording consent
* **2026-03-04** -- Email Sender Consistency: all edge function emails now sent from `AI Voice+ <notifications@lisaiceland.com>`

#### Fixed

* **2026-03-04** -- VideoRoomManager room limit: manual room limits now always enforced; unlimited toggle only affects auto-generated client sessions
* **2026-03-04** -- Landing page pricing: video rooms now display as separate line items ("X Manual Video Rooms" + "Unlimited Auto-Gen Video Calls")

#### Tests

* **2026-03-04** -- Total: 816 tests across 90 frontend + 6 edge function test files (+1 new pricing test for dual manual+unlimited display)

***

### v2026.03.02 -- March 2026

#### Fixed

* **2026-03-02** -- AgentOne Dashboard: wired edit & delete actions on Recent Workspaces cards (previously no-op); integrated `EditAgentOneWorkspaceDialog` with cache invalidation
* **2026-03-02** -- AgentOne Workspace Detail: added Settings button to workspace header for inline editing and deletion with navigation on delete

#### Tests

* **2026-03-02** -- Total: 815 tests across 90 frontend + 6 edge function test files (no new tests — bug-fix release)

***

### v2026.02.19 -- February 2026

#### Added

* **2026-02-19** -- Hybrid SSO (OIDC): `sso-authorize` and `sso-callback` edge functions for organization-level OIDC identity provider integration; admin SSOSettings UI with provider management; login domain detection with automatic SSO redirect banner
* **2026-02-19** -- SSO Gamified Setup Guide: interactive 5-step How to Use dialog in SSOSettings with XP tracking, progress bar, localStorage persistence, and confetti celebration on completion

#### Security

* **2026-02-19** -- SSO Security Hardening: HMAC-SHA256 signed `state` parameter with 10-minute TTL (CSRF protection); `redirect_uri` validation against allowed origins whitelist; domain format regex validation; scalable user lookup via profiles table instead of `listUsers()`; defense-in-depth organization re-derivation from email domain in callback; existing user org linkage on SSO login; `UNIQUE` partial index on `organizations.sso_domain` to prevent domain collisions

#### Tests

* **2026-02-19** -- Added `SSOSettings.test.tsx` (20 tests): card rendering, form inputs, How to Use dialog, 5-step guide display, XP counter, progress bar, step completion toggle, localStorage persistence, pro tip, advanced section, loading state
* **2026-02-19** -- Enhanced `useConfetti.test.ts` (4→8 tests): added multiple trigger-complete cycles, idempotent trigger, idempotent complete, useCallback memoization stability
* **2026-02-19** -- Total: 815 tests across 90 frontend + 6 edge function test files

***

### v2026.02.18 -- February 2026

#### Fixed

* **2026-02-18** -- Top-Up Checkout Amount Mismatch: cart displayed combined one-time + recurring total but Stripe checkout only charged one-time items; unified all items through a single Stripe checkout session (subscription mode when recurring items present); all `topup_purchases` now created as `pending` until Stripe confirmation
* **2026-02-18** -- Top-Up Premature Activation: recurring top-ups were being applied to account immediately before payment; removed superadmin bypass that skipped Stripe for recurring items; all top-ups now require completed Stripe checkout
* **2026-02-18** -- Billing Card Cents Display: top-up purchase amounts in Settings → Billing were shown in raw cents instead of formatted dollars; added `/100` conversion with `toFixed(2)`

#### Added

* **2026-02-18** -- BYOK Provider Expansion: added 18 AI providers (50+ models) to AgentOne workspace Create and Edit dialogs — Google, OpenAI, Anthropic, Meta Llama, Mistral, DeepSeek, Requesty.ai, OpenRouter, Hugging Face, Ollama, Cohere, Groq, Perplexity, Together AI, Fireworks AI, xAI, AWS Bedrock, Azure OpenAI; grouped `<optgroup>` selectors in Create dialog, labeled sections in Edit dialog
* **2026-02-18** -- 37-Language Expansion: added 15 new languages (Bengali, Thai, Vietnamese, Indonesian, Ukrainian, Czech, Romanian, Hungarian, Greek, Malay, Tamil, Filipino, Croatian, Bulgarian, Slovak) across AI Voice Agents, Convo+, and AgentOne; updated `voice-config.ts` with native names, BCP-47 codes, and localized greetings; synced `useTextToSpeech.ts` LANG\_MAP; updated Convo+ workspace create/edit dialogs, chat interface, and progress dashboard LANG\_LABELS
* **2026-02-18** -- Landing Page Language Sync: updated FeaturesSection, ConvoLanding, FAQSection, and HowItWorksVisuals to reflect "37+ languages" with complete language chips
* **2026-02-18** -- DashboardConvo LANG\_LABELS: synced to full 37-language set matching other Convo+ components
* **2026-02-18** -- PayPal Payouts API: `paypal-payout` edge function for real-money affiliate payouts via PayPal Payouts API; synchronous status update (no webhooks needed); "Pay Now" button sends funds and marks paid on success
* **2026-02-18** -- Affiliate Dashboard Confetti: first-login confetti celebration with `canvas-confetti`; welcome banner auto-dismisses after 8s; tracked via `localStorage` per affiliate ID
* **2026-02-18** -- Affiliates Menu Item: "Affiliates Earn 30%!" link added to sidebar More popover and mobile BottomNav More sheet; opens `/affiliates` in new tab with gradient highlight
* **2026-02-18** -- Mobile PWA Admin Layout: added `safe-area-inset-top` padding to sticky mobile header for iPhone notch/Dynamic Island clearance; increased nav tab touch targets to 40px min-height with larger text and icons

#### Tests

* **2026-02-18** -- Updated `CreateWorkspaceDialog.test.tsx` (+2 tests): BYOK grouped providers rendering (18 providers visible), optgroup count validation
* **2026-02-18** -- Added `voice-config.test.ts` (29 tests): SUPPORTED\_LANGUAGES count (37), uniqueness, original + new language coverage, property completeness; ELEVENLABS\_VOICES count (18), uniqueness, gender balance, recommended voices; DEFAULT\_GREETINGS coverage for all 37 languages with placeholder validation; getLanguageByCode lookups; getVoiceById lookups; getRecommendedVoice gender filtering; getDefaultVoiceId validity; getVoicesByGender filtering; getDefaultGreeting substitution + fallbacks; migrateOldVoiceId legacy migrations
* **2026-02-18** -- Added `BottomNav.test.tsx` (8 tests): 5 nav items rendering, More sheet opening, Affiliates link with new-tab attributes, Data Chat button, Docs link, active route highlighting, all more menu items
* **2026-02-18** -- Added `DashboardSidebar.test.tsx` (9 tests): primary nav items, More button, overflow items in popover, Affiliates link with new-tab attributes, Docs link, Settings, Data Chat button, active route highlighting
* **2026-02-18** -- Added `AffiliateDashboard.test.tsx` (8 tests): redirect without token, dashboard data rendering, stats cards, first-login confetti trigger (localStorage flag), no confetti on subsequent logins, referral link copy button, approved status badge, empty referrals message
* **2026-02-18** -- Added `useAdminAccess.test.ts` (7 tests): loading state, unauthenticated block, allowed access, denied access, edge function error, server error, device fingerprint transmission
* **2026-02-18** -- Updated `AdminRoute.test.tsx` (3→5 tests): added `useAdminAccess` mock; split loading into staff-loading and access-loading; added blocked-access 404 masking test
* **2026-02-18** -- Total: 791 tests across 89 frontend + 6 edge function test files

***

### v2026.02.17 -- February 2026

#### Fixed

* **2026-02-17** -- Newsletter Popup Readability: replaced wall-of-text inline expansion with formatted Dialog popup; `formatNewsletterContent` engine converts raw text into structured HTML with headings, bullet lists, paragraphs, and video embeds; prose typography classes for consistent reading experience
* **2026-02-17** -- Mobile More Drawer: added Blog and Newsletter buttons to BottomNav "More" drawer for mobile accessibility
* **2026-02-17** -- Site Stats Input Visibility: added `text-foreground` to Site Name and Domain inputs so typed text is visible on dark backgrounds
* **2026-02-17** -- Site Stats Button Visibility: added explicit `text-foreground border-border` to outline buttons (Copy Script, Refresh, date range selectors) for dark theme contrast

#### Added

* **2026-02-17** -- Superadmin "How to Use This Dashboard" guide: colorful 16-section dialog accessible from Overview quick-action bar, covering all admin modules with gradient icons, category badges, and ⌘K tip

#### Security

* **2026-02-17** -- Maintenance Notice RLS Fix: replaced overly restrictive `SELECT` policy (only `is_enabled = true`) with split policies — authenticated users see all notices (admin management), anon sees only enabled notices (public banners)

#### Tests

* **2026-02-17** -- Added `AdminMaintenance.test.tsx` (11 tests): heading, Live/Disabled badges, message textarea, button inputs, gradient picker, preview, save button, disabled save on empty, loading state, enable toggle
* **2026-02-17** -- Updated `AgentSkills.test.tsx` (9 tests, +1 new): "See Flow" button for A2A diagram
* **2026-02-17** -- Total: 725 tests across 84 frontend + 6 edge function test files

***

### v2026.02.16 -- February 2026

#### Added

* **2026-02-16** -- AI Content Generate Structured Output: `ai-content-generate` edge function returns structured JSON (title, excerpt, category, tags, content) via tool calling; `AdminBlog` and `AdminNewsletter` auto-fill all fields and embed cover images as Markdown
* **2026-02-16** -- Affiliate Landing Section: new `AffiliateSection` component above FAQs on landing page with "Earn 30% Commission" messaging, benefit cards, and signup CTA; content editable via Superadmin Site Config
* **2026-02-16** -- Affiliate Site Config Editor: new "Affiliate Section (Landing Page)" accordion in LandingSectionEditor with headline, description, and button text fields; backed by 3 new `site_config` columns
* **2026-02-16** -- Secure Affiliate Dashboard: new `affiliate-dashboard-data` edge function for server-side affiliate data access; token stored in `sessionStorage` instead of URL
* **2026-02-16** -- Error Boundary: global `ErrorBoundary` component wrapping App.tsx catches render crashes with branded fallback UI
* **2026-02-16** -- Branded 404 Page: redesigned `NotFound.tsx` with theme-consistent styling and navigation links
* **2026-02-16** -- Newsletter Subscription Price in Dollars: `newsletter_subscription_price_cents` column renamed to `newsletter_subscription_price` (numeric, dollars) in `site_config`; Admin UI and `newsletter-checkout` edge function updated to read/write dollar values directly
* **2026-02-16** -- Scheduled Auto-Publish System: new `scheduled-publish` edge function with `pg_cron` job running every minute to auto-publish scheduled blog posts and auto-send scheduled newsletters at their `published_at` / `scheduled_at` times
* **2026-02-16** -- Affiliate Page Text Customization: superadmins can edit headings, subtitles, and commission text for affiliate login, registration, and dashboard pages via Site Config; new `affiliate_login_heading`, `affiliate_register_title`, `affiliate_register_commission_text`, `affiliate_dashboard_welcome` columns in `site_config`
* **2026-02-16** -- Affiliate Page Branding: affiliate login and registration pages now display site logo and include the standard DashboardFooter
* **2026-02-16** -- Viral Content Studio: AI-powered viral video script generator with duration picker (10s/30s/60s/2min/5min), elite scriptwriting prompt, and auto-editor flow

#### Fixed

* **2026-02-16** -- Top-Up Checkout 100x Overcharge Bug: `topup-checkout` edge function was multiplying `price_cents` by 100 again (Stripe expects cents, DB already stores cents); removed the extra `* 100` multiplication for both recurring and one-time items
* **2026-02-16** -- Top-Up Duplicate Insert: removed duplicate `topup_purchases` insert call in `topup-checkout` edge function
* **2026-02-16** -- Affiliate "Mark Paid" Button Visibility: updated button styling from invisible `variant="outline"` to `text-foreground border-foreground/30` for readable contrast on dark backgrounds
* **2026-02-16** -- Navbar Sign In / Dashboard Button Spacing: added `ml-2` margin to CTA button container; added `isLoading` guard to prevent flashing between states during auth resolution
* **2026-02-16** -- Viral Content Studio Visibility: fixed dark-theme contrast issues on labels, inputs, selects, and buttons

#### Security

* **2026-02-16** -- RLS Hardening: `affiliates`, `affiliate_referrals`, `affiliate_payouts` SELECT policies set to `USING (false)` — data accessed via edge function only; `newsletter_edition_purchases` INSERT restricted to service role
* **2026-02-16** -- `site_config_public` view updated to include affiliate section columns

#### Tests

* **2026-02-16** -- Fixed `CustomScriptInjector.test.tsx` (8 tests, was 9): removed 2 obsolete mobile-gating tests, added 1 all-viewports injection test (scripts now inject on all viewports)
* **2026-02-16** -- Added `scheduled-publish/index.test.ts` (2 tests): 200 response with success payload, CORS OPTIONS handling
* **2026-02-16** -- Fixed `AgentAppsDropdown.test.tsx`: updated test to match component behavior (always renders Apps+ button)
* **2026-02-16** -- Refactored `NotificationBell.test.tsx` (9 tests): variant-based filtering (user/admin), dismiss mutations, admin styling, realtime context-matching
* **2026-02-16** -- Total: 713 tests across 82 frontend + 6 edge function test files

***

### v2026.02.15 -- February 2026

#### Added

* **2026-02-15** -- Analytics Consolidation: deleted redundant DashboardAnalytics page; removed Analytics tab from superadmin panel; AI Usage card merged into Overview section
* **2026-02-15** -- Superadmin Overview Enhancements: Quick Action buttons, System Health card, New Signups widget, Top Performing Organizations leaderboard, Platform Growth sparklines
* **2026-02-15** -- Announcement Gradient Backgrounds: 7 beautiful gradient presets (Ocean Blue, Sunset, Purple Haze, Emerald, Rose Gold, Midnight, Default) selectable when creating/editing announcements; gradients render on toast notifications and feature badges
* **2026-02-15** -- Poll Announcements: new "Poll" category in announcements with 4 interactive vote types (5 Stars, Sentiment Faces, Thumbs Up/Down, NPS 1–10); poll type picker UI, validation, and Poll badge on announcement list items
* **2026-02-15** -- Webhook Delivery Logs: `webhook_delivery_logs` table with collapsible delivery history per webhook showing status codes and timing
* **2026-02-15** -- Audit Log System: `audit_logs` table with Activity Log tab in Settings; filterable by action type with scrollable timeline
* **2026-02-15** -- Bulk Actions on Calls: select-all checkbox, per-call checkboxes, floating "Export Selected" bar
* **2026-02-15** -- Bulk Actions on Clients: select-all header checkbox, per-row checkboxes, floating action bar with Export and Delete (with confirmation dialog)
* **2026-02-15** -- UNIQUEFEATURES.md: roadmap of 14 innovative future features
* **2026-02-15** -- Avatar Upload Fix: added storage RLS policies allowing authenticated users to upload/update their own avatar in the `avatars/{uid}/` path
* **2026-02-15** -- Recurring Top-ups Architecture: non-minute top-ups (agents, users, phone numbers, storage) now become recurring monthly subscription add-ons; minutes remain one-time. New `recurring_topups` table, `billing_mode` column on `topup_packages`, `cancel-recurring-topup` edge function, and "Monthly Add-ons" section in Billing with per-item cancel buttons
* **2026-02-15** -- GDPR Approval Branded Email: superadmin approval of data export requests now sends a branded notification email from `AI Voice+ <notifications@lisaiceland.com>` to the requesting user with download instructions and 7-day expiry notice

#### Fixed

* **2026-02-15** -- Guided Tour +Add Visibility: tour card now positions below header/nav targets instead of to the right, with upward-pointing arrow; target element gets `pointer-events: auto` and elevated z-index so it remains visible and clickable through the overlay
* **2026-02-15** -- AgentOne Chat Mobile Responsiveness: header uses flex-wrap with icon-only buttons on mobile; sidebar becomes full-width overlay on small screens; input area has compact spacing
* **2026-02-15** -- Rewards "Apply to Subscription" Feedback: clicking with insufficient points now shows a destructive toast explaining the minimum required instead of silently doing nothing
* **2026-02-15** -- GDPR Data Export Trigger Fix: `trg_notify_admin_gdpr` no longer references non-existent `requester_email` column; now looks up email from `auth.users` via `user_id`
* **2026-02-15** -- Mobile Change Plan Dialog: added `max-h-[85vh] overflow-y-auto` to the upgrade dialog so plans are scrollable and selectable on mobile devices
* **2026-02-15** -- Top-Up Dialog Billing Mode Labels: packages now display "monthly" or "one-time" badges with per-month pricing suffix for recurring items
* **2026-02-15** -- Quick Add Shortcuts: added "Resources" (→ Settings > Billing) and "MCP Server" (→ Settings > Integrations) items to the + Add dropdown in the dashboard header
* **2026-02-15** -- Guided Tour Quick Add Step: new first tour step highlighting the + Add button with description of all available shortcuts; tour now dynamically elevates header or sidebar containers for proper visibility
* **2026-02-15** -- Mobile Settings Responsiveness: all Settings tab detail pages made responsive for mobile PWA view — card headers, list items, and button rows now stack vertically on small screens using `flex-col` → `sm:flex-row` pattern across DashboardSettings, APIKeyManagement, MCPServersIntegration, ICalSyncIntegration, TeamMembersList, and BillingCard; TabsList now horizontally scrollable
* **2026-02-15** -- Business Settings Mobile Fix: BusinessHoursEditor day rows stack vertically with mobile/desktop switch toggles; ServicesEditor uses single-column grid on mobile; address fields use responsive grid breakpoint
* **2026-02-15** -- Mobile Data Chat: "Data Chat" button added to BottomNav "More" drawer with gradient styling matching desktop sidebar
* **2026-02-15** -- Agent Apps Menu Reorder: move up/down arrow buttons on each app item in Superadmin → Site Config → Agent Apps Menu for drag-free reordering
* **2026-02-15** -- Transferred Calls Page: dedicated `/dashboard/transferred-calls` page with search, CSV export, and S3 archival; sidebar "More" menu entry; clickable Transferred card on dashboard
* **2026-02-15** -- E-Sig Document Editor: "View Doc" button opens full-screen monospace editor for raw document content; new `content` column on `esig_documents`
* **2026-02-15** -- Client Portal Fix: `get_portal_invoice_data` SECURITY DEFINER function bypasses RLS for unauthenticated portal visitors; portal buttons hidden for draft invoices
* **2026-02-15** -- Competitors Page Visibility Fix: added `text-foreground` classes to buttons, tabs, and badges in AdminCompetition for dark-mode visibility
* **2026-02-15** -- Mobile Nav Reorder: BottomNav reordered to Home → Calls → More → AgentOne → Settings; More button now centered
* **2026-02-15** -- Mobile Logo: app logo added to mobile top bar linking to landing page
* **2026-02-15** -- Custom Script Desktop-Only: CustomScriptInjector now only injects widgets on desktop (≥768px); scripts are removed on mobile viewports
* **2026-02-15** -- Dashboard Card Links: AgentOne "Workspaces" card links to `/dashboard/agentone/workspaces`; Convo+ "Spaces" card links to `/dashboard/convo/spaces`

#### Security

* **2026-02-15** -- Sensitive data exposure fix: all client-side reads of `organization_settings` switched to `organization_settings_safe` view (excludes `vapi_api_key`, `google_calendar_refresh_token`); `agent_one_workspaces` base table SELECT policy restricted to org admins only (general reads use `agent_one_workspaces_safe` view)
* **2026-02-15** -- CRM Contact Form hardening: added IP rate limiting (5/15min), server-side input sanitization (HTML stripping, control char removal, length limits), hCaptcha verification, email format validation, and masked error messages to `crm-contact-form` edge function
* **2026-02-15** -- Contact page hCaptcha: added HCaptchaWidget to the public Contact form (client + server verification) alongside existing honeypot
* **2026-02-15** -- HCaptcha Runtime Fetch: updated HCaptcha component to fetch site key at runtime from `hcaptcha-sitekey` edge function when build-time env var is unavailable; consolidated duplicate HCaptcha components into single `HCaptchaRuntime.tsx`

#### Fixed

* **2026-02-15** -- Settings tabs mobile overflow: card headers with side-by-side title + buttons now stack vertically on mobile
* **2026-02-15** -- Business Hours Editor: fixed day rows overflowing on mobile (fixed-width inputs replaced with flex-grow)
* **2026-02-15** -- Services Editor: fixed 2-column grid forcing cramped layout on mobile
* **2026-02-15** -- Competitors page: outline buttons and tab triggers invisible on dark admin background
* **2026-02-15** -- Client Portal: "Invoice not found" error due to RLS blocking unauthenticated portal token queries
* **2026-02-15** -- Footer gap: excessive empty space above footer on all pages fixed with `mt-auto` on DashboardFooter
* **2026-02-15** -- Convo+ chat: top navigation bar hidden on mobile fixed by adjusting chat container height

#### Tests

* **2026-02-15** -- Updated `QuickAddDropdown.test.tsx` (10 tests, +3 new): Resources navigation to billing, MCP Server navigation to integrations, data-tour attribute on trigger button
* **2026-02-15** -- Updated `GuidedTour.test.tsx` (3 tests, updated): first step now verifies "Quick Add" title, step count updated from 12 to 13
* **2026-02-15** -- Added `BusinessSettings.test.tsx` (6 tests): loading state, accordion sections, form fields, save indicator, timezone, responsive address grid
* **2026-02-15** -- Added `BusinessHoursEditor.test.tsx` (5 tests): 7-day rendering, closed state, time inputs, switch toggles, responsive layout classes
* **2026-02-15** -- Added `ServicesEditor.test.tsx` (6 tests): empty state, service items, labels, add interaction, delete buttons, responsive grid
* **2026-02-15** -- Updated `AgentAppsMenuEditor.test.tsx` (10 tests, +3 new): move up, move down, boundary disable guards
* **2026-02-15** -- Updated GuidedTour "More Features" description to include Transferred Calls and BAA | e-Sig Docs
* **2026-02-15** -- Updated `CustomScriptInjector.test.tsx` (9 tests, +2 new): mobile gating, desktop-to-mobile cleanup
* **2026-02-15** -- Updated `ConvoDashboardMetrics.test.tsx` (3 tests): added BrowserRouter wrapper for Link component, clickable Spaces link test
* **2026-02-15** -- Updated `Contact.test.tsx` (10 tests): updated mock from `HCaptcha` to `HCaptchaRuntime`
* **2026-02-15** -- Updated `validations.test.ts` (27 tests, +10 new): contactFormSchema validation — valid data, missing name, invalid email, short message, name/message length limits, optional phone/company, phone/company length limits
* **2026-02-15** -- Added `HCaptchaRuntime.test.tsx` (5 tests): runtime sitekey fetch, captcha rendering, onNotConfigured callbacks, loading state, error handling
* **2026-02-15** -- Fixed `AnalyticsSavingsCards.test.tsx` (7 tests): added BrowserRouter wrapper for Link component
* **2026-02-15** -- Updated `DashboardClimateSaved.test.tsx` (11 tests, +2 new): Climate Impact & Carbon Cash learning section, link to rewards page
* **2026-02-15** -- Updated `DashboardRewards.test.tsx` (7 tests, +2 new): How Rewards & Climate Connect learning section, link to climate dashboard
* **2026-02-15** -- Added `AdminAnnouncements.test.tsx` (11 tests): heading, add button, create dialog, category select, poll type picker visibility, poll badge on list items, active/inactive badges, empty state, title/message fields
* **2026-02-15** -- Total: 715 tests across 83 frontend + 5 edge function test files

***

### v2026.02.14 -- February 2026

#### Added

* **2026-02-14** -- Comprehensive Notification System: 17 database triggers across 12 tables generate real-time notifications for both user and superadmin dashboards. Two helper functions (`notify_org_members`, `notify_admin_staff`) insert notifications for all org members or all admin staff respectively. NotificationBell updated with Sonner toast on realtime INSERT, individual green "Mark Read" button per notification, extended Lucide icon map (13 types), and glowing red dot unread indicator. Bell added to Admin panel mobile and desktop headers. `crm-contact-form` edge function now calls `notify_admin_staff` RPC on new leads.
* **2026-02-14** -- CRM Contact Form Edge Function: created dedicated `crm-contact-form` edge function for inserting contact page submissions directly into `crm_contacts` as leads (previously incorrectly routed to `auth-signup` which had no handler)
* **2026-02-14** -- CRM Expansion: 8 new CRM sub-tabs (Forecast, Segments, Campaigns, Tickets, Automations, Quotes, Projects, Integrations) with full CRUD, plus RBAC staff permission gating on Admin sidebar
* **2026-02-14** -- Security Hardening: expanded injection patterns (10 total), PII patterns (5 total incl. email/phone/UK NINO), blocked voice phrases, fail-closed moderation and rate limiting, output moderation for convo-chat, injection audit logging, MCP server race condition fix (per-request context), chat-with-data full safety pipeline, error masking across 8 edge functions, S3 key decryption via RPC, HTML escaping in email templates, admin-ai-insights input validation
* **2026-02-14** -- Documentation: created BiasProtections.md, Guardrails.md, AgentVerifier.md
* **2026-02-14** -- Superadmin Command Palette: search split into "App Items" and "Superadmin Items" (20 admin tabs) with onAdminTab callback for tab switching without page reloads
* **2026-02-14** -- AgentOne Chat TTS: green Volume2/VolumeX button in chat input bar, per-message speak buttons on assistant messages, auto-speak on new responses via browser Speech Synthesis API
* **2026-02-14** -- Larger prompt inputs: replaced `<Input>` with auto-resizing `<textarea>` in AgentOne workspace and Convo+ chat interfaces (Enter sends, Shift+Enter newline)
* **2026-02-14** -- Quick Add (+) deep linking: all 5 items now navigate with `?action=create` query param; target pages auto-open creation dialogs after data loads using `pendingCreate` pattern to avoid race conditions

#### Fixed

* **2026-02-14** -- CRM Contact Form: fixed contact page submissions not reaching `crm_contacts` table — created dedicated `crm-contact-form` edge function (was incorrectly calling `auth-signup` which ignored the `crm_contact_from_form` action)
* **2026-02-14** -- AdminRoute test: updated mock from deprecated `useSystemAdmin` to `useAdminStaff` hook after RBAC refactor
* **2026-02-14** -- Command Palette search: fixed AgentOne navigation path (`/dashboard/agent-one` → `/dashboard/agentone`), Climate Saved path (`/dashboard/climate-saved` → `/dashboard/climate`), removed AI Assistant Settings and AI Settings from search items

#### Tests

* **2026-02-14** -- Added `Contact.test.tsx` (9 tests): form rendering, validation errors, contact\_requests insert, crm-contact-form edge function invocation, thank you screen, honeypot field
* **2026-02-14** -- Fixed `AdminRoute.test.tsx` (3 tests): updated to mock `useAdminStaff` instead of removed `useSystemAdmin`
* **2026-02-14** -- Added `CommandPalette.test.tsx` (10 tests): Cmd+K open, Navigation vs App Items heading, Superadmin Items visibility, admin tab items, onAdminTab callback
* **2026-02-14** -- Updated `QuickAddDropdown.test.tsx` (7 tests, +5 new): navigation paths with ?action=create for all 5 items (calendar, agents, convo, agentone, clients)
* **2026-02-14** -- Fixed `DashboardClients.test.tsx`: added MemoryRouter wrapper (required after useSearchParams addition)
* **2026-02-14** -- Updated `CommandPalette.test.tsx` (11 tests, +1 new): AI Assistant Settings removal verification
* **2026-02-14** -- Updated `NotificationBell.test.tsx` (12 tests, rewritten): Lucide icons instead of emojis, individual Mark Read buttons, red dot indicator, realtime Sonner toast firing, mark read mutation
* **2026-02-14** -- Total: 659 tests across 78 frontend + 5 edge function test files
* **2026-02-14** -- Guided Tour: reordered steps to match updated sidebar layout (Dashboard → Calendar → AI Voice Agents → Convo+ → AgentOne → All Calls → Climate Saved → Apps+ → More → Docs → Settings → Tour), removed standalone Analytics step (now 12 steps); fixed duplicate badges in README

***

### v2026.02.13 -- February 2026

#### Added

* **2026-02-13** -- Top Up Extra Resources: redesigned TopUpDialog with multi-item cart (quantity steppers, cart summary, proceed to checkout), `topup-checkout` edge function updated to accept array of items with multiple Stripe line items, top-up purchases displayed on Billing page
* **2026-02-13** -- Top Up DB columns: `topup_agents`, `topup_phone_numbers`, `topup_users`, `topup_storage_gb` on subscriptions table; Dashboard and ResourceUsageCards now sum base plan + top-up values for all 5 resource types
* **2026-02-13** -- Convo+ Dashboard Metrics: 6 metric cards (Spaces, Messages, Tokens Used, Total XP, Words Learned, Learners) matching AgentOne dashboard pattern
* **2026-02-13** -- Quick Add (+) dropdown in dashboard header with shortcuts: New Appointment, Create Agent, Convo Space, AgentOne Space, Client
* **2026-02-13** -- BillingCard "Top Up" button renamed to "Top Up Extra Resources"
* **2026-02-13** -- Convo+ safety hardening: 10-layer security pipeline matching AgentOne — IP rate limiting (30/15min), input validation, sanitization, prompt injection scanning, content moderation via AI gateway, PII redaction on input and output, safety preamble, per-org daily quota (100 msgs/day) via `convo_usage` table, audit logging to `ai_usage_logs`, org membership verification
* **2026-02-13** -- Guided Tour updated to 13 steps: added Climate Saved step with Leaf icon; updated More Features description to highlight Rewards/Carbon Cash
* **2026-02-13** -- App name badge in sidebar now links to landing page (/) instead of /dashboard
* **2026-02-13** -- Full PWA support: installable app with service worker, offline caching, manifest, PWA icons, and `/install` page with platform-specific instructions
* **2026-02-13** -- ImpactRewardsCards: reusable CO₂ Saved and Carbon Cash cards added to Overview and Analytics dashboards with live data from call\_logs and rewards\_balances
* **2026-02-13** -- Climate Saved dashboard now pulls actual call duration data from call\_logs table (was only using subscription/rewards data)
* **2026-02-13** -- Hero section desktop layout: increased container padding for better breathing room at lg+ breakpoints
* **2026-02-13** -- Climate Saved dashboard: environmental impact metrics (CO₂, trees, energy, car miles) with transparent "How It's Calculated" accordion showing formulas and EPA/IEA sources
* **2026-02-13** -- Admin Webhooks: CRUD for webhook endpoints with event selection, test ping, and active/inactive toggle (superadmin only)
* **2026-02-13** -- Bulk Discount Code generation: batch-create up to 100 codes with CSV download
* **2026-02-13** -- Bulk Discount Codes UX overhaul: batch summary rows with `...` dropdown for View Codes and Export CSV
* **2026-02-13** -- Admin Data Archival: automatic S3/Supabase storage archival for bulk-generated discount code CSVs with IDrive E2 fallback
* **2026-02-13** -- Agent save-before-test: disabled test call button for unsaved agents with "Save Agent" prompt
* **2026-02-13** -- Confetti celebrations on first login (with `has_seen_welcome` profile flag)
* **2026-02-13** -- Rewards "How It Works" accordion explaining earning rates, milestones, and redemption rules
* **2026-02-13** -- "How to Use" instructional accordions added to AI Voice Agents, Convo+, and AgentOne pages
* **2026-02-13** -- Superadmin unlimited access fix: DashboardAgents now uses `useSubscriptionGuard` with ∞ badge for superadmins
* **2026-02-13** -- Dashboard consolidated: merged Analytics charts, tally cards (Clients, Appointments, Calls, Consents, Top-Ups), and resource usage cards (Minutes, Users, Storage) into main Dashboard; Analytics route redirects to `/dashboard`; sidebar prefix-match highlighting fix for Convo+/AgentOne sub-routes
* **2026-02-13** -- Data Chat expanded: 12 user + 12 admin suggested questions covering patterns, conversion, churn risk, MRR growth, peak hours, and more

#### Fixed

* **2026-02-13** -- 2FA issuer branding: authenticator apps now display "AI Voice+" instead of the default domain name when enrolling TOTP factors
* **2026-02-13** -- MFA login "missing sub claim" error: fixed race condition where stale-session cleanup in AuthProvider could sign out a freshly authenticated user before MFA challenge completed; added `staleCheckCancelled` flag and session-alive guard before `mfa.challenge()`

#### Security

* **2026-02-13** -- Webhook secrets now encrypted at rest via `encrypt_webhook_secret_trigger` (defense in depth, matching org settings pattern)
* **2026-02-13** -- Script security hardened: eval() and new Function() now always blocked even with trusted URLs; CustomScriptInjector uses DOMParser instead of innerHTML; regex lastIndex state reset prevents false negatives

#### Tests

* **2026-02-13** -- Added `HeroSection.test.tsx` (4 tests): headline, CTA buttons, trust indicators, trusted-by badge
* **2026-02-13** -- Added `Install.test.tsx` (3 tests): title, benefit cards, instructions section
* **2026-02-13** -- Added `ImpactRewardsCards.test.tsx` (4 tests): CO2 card, rewards card, loading skeletons, detail page links
* **2026-02-13** -- Added `ConfettiOverlay.test.tsx` (5 tests): render states, pointer-events-none, onComplete callback, cleanup
* **2026-02-13** -- Added `useConfetti.test.ts` (4 tests): API shape, initial state, activate, deactivate
* **2026-02-13** -- Added `DashboardClimateSaved.test.tsx` (9 tests): title, metrics, milestone, accordion formulas
* **2026-02-13** -- Added `TopUpDialog.test.tsx` (4 tests): dialog title, description, empty state, closed state
* **2026-02-13** -- Added `ConvoDashboardMetrics.test.tsx` (3 tests): skeleton loaders, null orgId handling
* **2026-02-13** -- Added `QuickAddDropdown.test.tsx` (2 tests): render Add button, 5 menu items on click
* **2026-02-13** -- Added `GuidedTour.test.tsx` (3 tests): step count, Climate Saved inclusion, step dots
* **2026-02-13** -- Added `convo-chat/safety.test.ts` (6 tests): UUID validation, message length, injection detection, sanitization, PII redaction, field validation
* **2026-02-13** -- Added `AdminWebhooks.test.tsx` (8 tests): title, buttons, URL display, event badges, empty state
* **2026-02-13** -- Added `AdminDiscountCodes.test.tsx` (8 tests): title, buttons, code display, active badge, empty state, batch summary, dropdown
* **2026-02-13** -- Added `admin-data-archive.test.ts` (5 tests): S3 archival, Supabase fallback, MIME types, folder paths
* **2026-02-13** -- Updated `script-security.test.ts` (+1 test): eval/Function never-downgrade with trusted URLs
* **2026-02-13** -- Updated `useAuth.test.tsx` (12 tests, +3 new): MFA factor detection, MFA skip for unverified factors, stale session cleanup on mount; updated mock to include `getUser` and `mfa.listFactors`
* **2026-02-13** -- Total: 642 tests across 86 frontend + 5 edge function test files

***

### v2026.02.12 -- February 2026

#### Added

* **2026-02-12** -- Dashboard sidebar reordered: Dashboard → Calendar → AI Voice Agents → Convo+ → AgentOne → All Calls → Analytics
* **2026-02-12** -- AgentOne Dashboard: replaced marketing splash page with a metrics-driven dashboard at `/dashboard/agentone/dashboard` featuring 6 metric cards (workspaces, runs, messages, tokens, memories, tools), 30-day usage trend chart (messages/tokens toggle), recent runs feed with workspace name and status, top 6 workspace grid with quick-create action. AgentOne landing page restored as the entry point
* **2026-02-12** -- Convo+ landing page "Go to Workspaces" button now navigates directly to the Progress Tracking dashboard tab
* **2026-02-12** -- Convo+ language support expanded to 22+ languages (added NL-BE, ES-MX, TR, HI, TH, EL) across landing page, workspace create and edit dialogs

#### Fixed

* **2026-02-12** -- 2FA banner "Set Up 2FA" button now correctly navigates to Settings → Security tab (was going to Profile tab due to query param mismatch)

#### Changed

* **2026-02-12** -- Renamed sidebar "Agent Apps" dropdown label to "Apps+"
* **2026-02-12** -- Renamed sidebar "Docs" link label to "Docs | ...more"
* **2026-02-12** -- Convo+ TTS switched from ElevenLabs API to browser-native Speech Synthesis API (zero cost, smart voice selection preferring Neural/Enhanced voices, language-matched via BCP-47). ElevenLabs remains active for voice agents only

#### Tests

* **2026-02-12** -- Added `TwoFactorBanner.test.tsx` (3 tests): render, security tab navigation, dismiss
* **2026-02-12** -- Updated `AgentAppsDropdown.test.tsx` to match new "Apps+" label
* **2026-02-12** -- Added `DashboardConsents.test.tsx` (8 tests): title, metrics, search, empty state
* **2026-02-12** -- Added `DashboardClients.test.tsx` (11 tests): title, metrics, buttons, empty state, export disabled
* **2026-02-12** -- Added `AgentEditorForm.test.tsx` (10 tests): cards, validation, cancel handler, create button
* **2026-02-12** -- Added `useTextToSpeech.test.ts` (17 tests): API shape, speak/stop, cooldown, truncation, locale mapping, voice selection (cloud/neural preference, language matching), cleanup
* **2026-02-12** -- Added `AgentOneDashboardMetrics.test.tsx` (3 tests): skeleton loaders, metric labels, zero values
* **2026-02-12** -- Added `AgentOneDashboardUsageChart.test.tsx` (3 tests): title, toggle buttons, empty state
* **2026-02-12** -- Added `AgentOneDashboardRecentRuns.test.tsx` (2 tests): title, empty state
* **2026-02-12** -- Added `DashboardConvo.test.tsx` (5 tests): title, tabs, default tab, progress tab via URL param, description

***

### v2026.02.11 -- February 2026

#### Added

* **2026-02-11** -- Role Permissions Matrix in Settings → Team: collapsible table showing what each role (Viewer, Manager, Admin) can access per feature, with highlighted column for selected role
* **2026-02-11** -- Renamed "Editor" role to "Manager" across invite dialog and member detail sheet to match database enum

#### Changed

* **2026-02-11** -- Viewer role no longer implies transcript access; transcripts require Manager or above
* **2026-02-11** -- Improved role descriptions in invite dialog and member sheet with specific feature callouts

***

### v2026.02.11 -- February 2026 (Baseline)

Everything shipped up to this date, consolidated as the initial baseline release.

#### Added

* **BYOK Routing + Safety Guardrails for AgentOne**: Complete security and BYOK implementation for the `agent-one-chat` edge function
  * **BYOK Provider Routing**: Workspaces with a custom API key now route requests directly to OpenAI or Google Gemini APIs based on model prefix, with provider error normalization (429/401/402/502)
  * **Encrypted BYOK Key Storage**: `byok_api_key` column on `agent_one_workspaces` with `encrypt_workspace_byok_trigger` for PGP encryption at rest
  * **`get_decrypted_workspace_key`**: Security definer function (service\_role only) for server-side key decryption
  * **IP Rate Limiting**: 30 messages per 15 minutes per IP via shared `rate-limit.ts` utility
  * **Input Validation**: 10K character cap, UUID format checks, null byte/control character stripping
  * **Prompt Injection Defense**: 6 regex patterns detect and safely wrap injection attempts
  * **Content Moderation**: AI-powered input screening via Lovable AI gateway (gemini-2.5-flash-lite), always uses platform key
  * **System Prompt Hardening**: Non-negotiable safety preamble prepended to every conversation
  * **PII Redaction**: Real-time streaming output scan for credit card numbers and SSNs, replaced with `[REDACTED]`
  * **Per-Org Daily Quotas**: `agent_one_usage` table with `increment_agent_one_usage` RPC for atomic 100 msgs/day tracking
  * **Audit Logging**: Every request logged to `ai_usage_logs` with user, org, feature, model, and token count
  * **Frontend BYOK Wiring**: `DashboardAgentOne.tsx` `createMutation` now stores `byok_api_key` and sets `ai_provider = "byok"`
  * **Client-side Safety Utilities**: `src/lib/agent-one-safety.ts` mirrors server guardrails for pre-validation
* **AgentOne Workspaces**: Full agentic AI workspace system with multimodal streaming chat, persistent memory, and MCP data integration
  * 5 new database tables: `agent_one_workspaces`, `agent_one_runs`, `agent_one_messages`, `agent_one_memory`, `agent_one_tools` with org-level RLS
  * 3 edge functions: `agent-one-chat` (streaming AI with live org data tools), `agent-one-workspace` (lifecycle), `agent-one-memory` (CRUD)
  * **Gemini 3 Flash (Free)** as default model; **BYOK mode** for custom API keys and models (GPT-5, Claude, etc.)
  * Workspace listing page (`/dashboard/agentone`) with create dialog, search, status management
  * Workspace detail page (`/dashboard/agentone/:workspaceId`) with streaming chat, 6-tab sidebar (Runs, Memory, Tools, Docs, Files, MCP), quick-action buttons
  * **MCP Data Integration**: Chat can query live call logs, clients, appointments, and agents; results rendered as interactive cards
  * **MCP Data Panel**: Sidebar tab showing connected MCP servers with one-click context injection
  * **Drag-and-drop document upload** supporting PDF, TXT, MD, CSV, JSON, and images (PNG/JPG/WEBP)
  * **Artifact viewer** auto-extracts code blocks and structured data from assistant messages into browsable gallery
  * **Custom tools panel** with CRUD for prompt templates, code snippets, and workflows
  * Memory viewer with type filtering (fact/instruction/preference/context)
  * Folder-level S3 storage isolation (`agent-one/workspace-{id}/`) with Supabase Storage fallback
  * Sidebar and BottomNav updated with "AgentOne" menu item
* **Call Recording Consent System**: Opt-in per-agent consent flow that asks callers for recording consent at the start of every call
  * `call_consents` table with org-level RLS and append-only policies for regular users
  * `require_consent` toggle on `ai_agents` table (default: off)
  * `recordConsent` Vapi tool injected into assistant when enabled
  * System prompt dynamically prepends consent script when active
  * Consent Log dashboard page (`/dashboard/consents`) with date, caller, agent, and status filtering
* **Identity Verification System**: Opt-in per-agent caller verification before sensitive actions
  * `identity_verifications` table tracking verification attempts, methods, and outcomes
  * `require_identity_verification` toggle and `identity_verification_methods` (PIN, DOB, Account Number) on `ai_agents`
  * `verifyIdentity` Vapi tool with encrypted PIN lookup via `decrypt_sensitive()`
  * System prompt dynamically injects verification instructions when active
* **Client Records Management**: Centralized client database with CRM-like capabilities
  * `client_records` table with encrypted security PINs via `encrypt_client_pin_trigger`
  * Auto-upsert from `bookAppointment` Vapi webhook (creates/updates client on every booking)
  * Full CRUD dashboard page (`/dashboard/clients`) with search, status filters, add/edit dialogs, and CSV export
* **Agent Editor Enhancements**: New toggles in Agent Editor for "Require Recording Consent" and "Require Identity Verification" with method selection checkboxes
* **Navigation Updates**: Added Consent Log and Clients items to sidebar and guided tour
* **User Profile Button in Header**: Moved Sign Out from sidebar to a profile avatar dropdown in the top-right header bar
  * Shows "Welcome, {first name}" with avatar image next to the notification bell
  * Popover menu with Profile Settings, All Settings, and Sign Out links
  * Appointment indicator (teal dot) on avatar when there are appointments today
  * Missed calls indicator (red dot) on avatar when there are missed calls today
* **Team Members Limit per Plan**: New `users_limit` column on `plans` table
  * Configurable in Admin → Plans edit form
  * Displayed on landing page pricing cards (e.g. "5 Team Members")
  * Synced to Stripe product metadata via `stripe-sync-products` edge function
  * Team tab in Settings shows usage counter (e.g. "2/5") and disables invite when at limit
* **Storage Quota Management**: Per-plan storage limits for call transcripts and MCP data with automatic enforcement
  * `storage_limit_gb` column on `plans` table — configurable per plan via Admin → Plans
  * `storage_used_bytes` and `storage_limit_gb` columns on `subscriptions` for per-org tracking
  * `increment_storage_used()` DB function validates quota before allowing S3 uploads (returns `allowed: false` when full)
  * `get_storage_usage()` DB function returns usage stats for UI display
  * `upload-to-s3` edge function now checks quota and returns HTTP 413 when storage is full
  * `StorageUsageCard` component in Settings with progress bar, warning/full badges, and contextual alerts
  * `UpgradeBanner` extended with storage warning (≥90%) and storage full (100%) banners
  * `useSubscriptionGuard` extended with `storageUsedBytes`, `storageLimitGb`, `storagePercent`, `storageWarning`, `storageFull`
  * Admin Plans table includes editable Storage (GB) field
  * Landing page pricing cards now display storage allocation per plan
  * Superadmin bypass for all storage restrictions
* **Stripe Live Mode Fix**: Cleared test-mode Stripe product/price IDs to allow fresh sync with live keys
* **Superadmin Subscriptions Management Page**: Comprehensive subscription & transaction oversight for platform operators
  * Search, filter by status/plan, and view detailed subscription info
  * CSV export of all subscription data
  * MRR, active/trialing/canceled counts, and total credit summary cards
* **Interactive Admin Metric Cards**: All top-level dashboard metric cards now navigate to their respective management tabs (Organizations, Users, Analytics, Subscriptions)
* **Call Volume Chart Improvements**: Dual-metric grouped bar chart showing both call count and call minutes per day with legend
* **Subscription Distribution Chart Fix**: Tooltip text now uses themed foreground colors for readability in dark mode
* **Call Outcomes Chart Clarification**: Added subtitle and help text explaining outcome categories
* **Stripe Live Keys**: Updated Stripe integration to use live publishable and secret keys
* **Call Duration Increased to 7 Minutes**: AI voice calls now have a 7-minute (420s) hard limit, up from 4 minutes, with a 6-minute warning prompt
* **Agent-to-Agent (A2A) Collaboration**: Multi-agent handoff system with transfer rules, shared session context, and agent skills
  * `agent_transfer_rules` table for defining keyword/intent-based routing between agents
  * `agent_sessions` table for tracking shared context during call handoffs
  * `agent_skills` table for tagging agents with capabilities and proficiency levels
  * Transfer Rules UI in Agent Editor for managing handoff conditions
  * Agent Skills UI with 7-level proficiency dropdown (Novice → Master) and primary skill marking
  * A2A workflow explainer added to Agent Skills section
  * Vapi webhook integration for `transferToAgent` tool and session management
  * System prompt injection of transfer rules into Vapi assistant configuration
* **Lovable AI Moderation**: Documentation updated to reference Lovable AI Gateway for content moderation instead of OpenAI Moderation API
* **MCP Server for AI Assistants**: Public MCP (Model Context Protocol) server enabling users to interact with their account from Claude Desktop, Cursor, Windsurf, and other MCP-compatible AI tools
  * 9 tools: `list_calls`, `get_call_detail`, `list_appointments`, `create_appointment`, `cancel_appointment`, `get_analytics`, `list_agents`, `update_agent`, `get_rewards_balance`
  * API key authentication with SHA-256 hashed storage — raw keys never persisted
  * Self-service API key management in Settings → Integrations tab
  * `api_keys` table with RLS, `validate_api_key` + `touch_api_key_usage` DB functions
  * `mcp-server` edge function using `mcp-lite` + Hono with `StreamableHttpTransport`
  * Connection instructions and MCP server URL displayed in the UI
* **Cloud Storage Offloading to IDrive E2 (S3)**: New `uploadToCloudStorage` utility and `upload-to-s3` edge function route uploads to S3-compatible storage with automatic Supabase fallback
  * Call recordings persisted from Vapi to E2 on call completion
  * GDPR data exports stored in E2 `gdpr-exports/` folder
  * Organization logos, user avatars, and store product images uploaded via E2
  * Graceful fallback to Supabase `site-assets` bucket when no S3 bucket is configured
* **Appointment Reminder & Auto-Dial System**: Multi-stage automated reminder pipeline with pg\_cron scheduling
  * `appointment-reminders` edge function processes 24h, 2h, 15min email reminders and auto-dial at appointment time
  * VAPI outbound calls to clients with appointment context and agent greeting
  * Automatic creation of missing reminders for upcoming appointments
  * `appointment_reminders` table tracks status (pending/sent/failed/skipped) per reminder
* **In-App Notification System**: Real-time dashboard alerts for organization admins
  * `NotificationBell` component with Supabase Realtime subscriptions
  * Unread count badge, mark-all-read, and click-to-navigate
  * Type-specific emoji icons (🤖 agent, ⏰ reminder, 📞 auto-dial)
  * `in_app_notifications` table with RLS policies
* **VAPI Webhook Reminder Integration**: Auto-creates reminder records and agent-assigned notifications when appointments are booked via voice agent
* **Automatic Appointment Confirmation Emails**: Clients now receive a professional confirmation email automatically when an appointment is booked — both via the AI voice agent (VAPI webhook) and through the manual Calendar UI
  * New `appointment-confirmation` email type in `send-email` edge function with branded HTML template
  * VAPI webhook `bookAppointment` tool now accepts `email` parameter and auto-sends confirmation
  * Manual calendar bookings auto-send confirmation when client email is provided
  * All emails sent from `AI Voice+ <notifications@lisaiceland.com>`
  * `confirmation_sent_at` timestamp updated on successful send
* **Built-in Calendar System**: Full appointment management in Dashboard → Calendar
  * Create, edit, and cancel appointments with date picker and 30-minute time slots (8:00–21:30)
  * Real-time conflict detection prevents double-booking
  * Agent integration — assign AI Voice Agents to appointments; agent-booked slots show "AI Booked" badge
  * Email confirmations sent to clients via `send-email` edge function with "Sent ✓" tracking
  * Calendar provider toggle: choose Built-in Calendar or Google Calendar per organization
  * Visual indicators on calendar dates that have appointments
* **Social Links Expansion**: Added YouTube and UpScrolled URL fields to Superadmin → Site Config → Social Links and landing page footer
* **Guided Tour Expansion**: Added Calendar, Rewards, and Store steps to the interactive guided tour
* **Carbon Cash Rewards System**: Full rewards program where users earn points per minute of AI agent call time, with milestone bonuses, monthly caps, and redemption for subscription credits or store merchandise
* **Merch Store**: Complete e-commerce system with product categories, variants (size/color/SKU), inventory management, shipping rates, and checkout via Stripe, Carbon Cash points, or mixed payments
* **Top-Up Packages**: One-time resource purchases (extra minutes, agents, phone numbers) via Stripe checkout without changing subscription plan
* **Edge Functions**: `rewards-credit`, `rewards-redeem`, `store-checkout`, `topup-checkout` for backend processing
* **Stripe Webhook Extensions**: Handles `topup` and `store` payment metadata for fulfillment
* **VAPI Webhook Integration**: Auto-credits Carbon Cash rewards after each call ends
* **Superadmin Profile Page**: Full profile management page in the admin panel with avatar upload, personal info (auto-saved), address, password change dialog, 2FA setup/disable with QR code, and session information
* **Admin Trial Lifecycle Info Panel**: Rich informational card on the Plans page showing the full trial timeline (signup → warning → expiry → upgrade), enforcement points (agent limits, VAPI webhook guard, minutes exhaustion), superadmin bypass, and cron job details
* **Dashboard Guided Tour**: Interactive wizard with speech bubbles that walks new users through every dashboard section. Auto-triggers on first login and can be re-launched via Guided Tour button in the sidebar
* **Trial Expiration & Subscription Guardrails**: Complete post-trial enforcement system
  * `useSubscriptionGuard` hook tracks subscription status, trial expiry, minutes usage, and agent limits
  * **Upgrade Banner**: Contextual warnings for trial expiring (≤3 days), trial expired, minutes exhausted, or subscription canceled
  * **Upgrade Wall**: Full read-only lockout when trial expires — only Settings and GDPR pages remain accessible
  * **Superadmin Bypass**: System admins are never locked out of any functionality
  * **Agent Limit Enforcement**: Redirects to settings when agent creation exceeds plan limit
  * **VAPI Webhook Guard**: Blocks incoming calls for expired trials, canceled subscriptions, or exhausted minutes (server-side enforcement)
  * **Trial Expiration Cron**: Daily edge function (`trial-expiration-cron`) auto-cancels expired trials, deactivates agents, and sends emails
  * **Trial Emails via Resend**: 3-day warning email + expiration notification sent to org owners/admins
* **Sign In / Sign Up Page Customization**: All text on the Sign In and Sign Up pages is now editable from Superadmin → Site Config → Landing Page Edits
* **AI Agents Limit per Plan**: Plans now include `agents_limit` field in the edit form, Stripe product metadata, and landing page pricing features
* **User Announcements Page**: New `/dashboard/announcements` route where users can view all announcements from superadmins with accordion-style list, read/unread badges, and filtering
* **Admin Back to App Button**: Moved "Back to App" navigation from sidebar footer to desktop header
* **Browser Calls Dashboard**: New `/dashboard/browser-calls` page with advanced filtering, search, transcript viewing, and batch CSV/TXT export capabilities
* **S3/MinIO Integration**: Admin can configure S3-compatible storage (MinIO) for call transcripts with test connection functionality
* **AI Agent Learning Section**: New collapsible accordion in agent editor with capability documentation and instruction templates
* **27 Industry-Specific Templates**: Pre-built AI agent templates for Medical, Dental, Pharmacy, Optometry, Mental Health, Pediatric, Salon, Spa, Med Spa, Restaurant, Hotel, Legal, Accounting, Real Estate, Insurance, Automotive, Fitness, Veterinary, Photography, Travel, Education, Dry Cleaning, Moving, HVAC/Plumbing, Electrical, Landscaping, and General Contractor
* **Call Guardrails**: 4-minute call limit with 3-minute warning prompt for trial users
* **5-Minute Call Limit Plan**: Documented graceful call termination strategy with Vapi maxDurationSeconds, 4-minute warnings, and plan-based limits
* **Multi-Agent (A2A) Collaboration Roadmap**: Complete architecture for agent-to-agent handoffs with shared context, transfer rules, and orchestration
* **Abuse Protection System Plan**: Multi-layer security including real-time content moderation, blocked caller lists, rate limiting, and safety incident tracking
* **Plan Discount Percentage**: New `annual_discount_percent` field for dynamic "Save X%" badges on landing page
* **Discount Code Restrictions**: Plans can now specify which discount codes are allowed via `allowed_discount_codes` array
* **Multiple AI Voice Agents**: New `ai_agents` table, `/dashboard/agents` page, agent limit per plan
* **Missed Calls Page**: New `/dashboard/missed-calls` route with filtered view and CSV export
* **Call Transcript Popup**: `TranscriptModal` component for viewing call transcripts from call cards
* **Analytics Savings Cards**: Missed Calls, Transferred Calls, and Est. Savings calculations on Analytics page
* **Sidebar Navigation Updates**: AI Voice Agents, Docs | ...more, Data Privacy reordering, mobile bottom nav
* **Comprehensive Timezone Support**: 100+ IANA timezones grouped by region with GMT offsets
* **MCP Servers Integration**: MCP server management UI in Settings → Integrations with add/view/remove
* **Branded Password Reset Emails**: Custom `request-password-reset` edge function using admin.generateLink with branded templates
* **Password Reset Flow**: `/forgot-password` and `/reset-password` pages with hCaptcha and strength validation
* **Trusted URLs for Custom Scripts**: Domain-based trust list for bypassing security warnings on known-safe scripts
* **Testimonials Management**: Admin CRUD for customer testimonials with publish/feature toggles, database-connected landing page
* **Agent Apps Menu**: Admin-configurable external app links dropdown in dashboard sidebar
* **Comprehensive Deployment Documentation**: Deploy guides for Netlify, Vercel, VPS, and Windows Server
* **GDPR Compliance System**: User data export requests, admin approval workflow, automated JSON generation, signed download URLs
* **FAQ Management for Superadmins**: Create, edit, delete, publish/unpublish FAQs with category organization
* **Organization Self-Deletion**: Org admins can permanently delete their organization with cascading cleanup
* **Custom Scripts Management**: Third-party JS widgets in Admin Site Config with security validation
* **Demo Abuse Prevention**: hCaptcha gating, IP rate limiting (3/hour), global daily cap (100), audio duration limits

#### Changed

* **Languages Section on Landing Page**: Expanded from 8 emoji flags to all 22 supported language codes displayed as clean monospace text
* **Guided Tour**: Added Consent Log and Clients steps (now 18 steps total)
* **Agent Skills Proficiency**: Replaced 0-100% slider with 7-level discrete dropdown (Novice 15 → Master 100)
* **Agent Skills Label**: Renamed to "Agent Skills (Agent-to-Agent, aka A2A)" for clarity
* **Built-in Guardrails**: Updated call limit wording from 4 minutes to 7 minutes with 6-minute warning
* **Contact Support Button**: Now opens external support portal in a new tab instead of opening contact dialog
* **Custom Scripts Now Work for All Users**: Updated CustomScriptInjector to use public config instead of admin-only config
* **Rebranded to AIVoice+**: Updated app name across all branding, emails, meta tags, LICENSE, README, and edge functions

#### Fixed

* **create-vapi-assistant Boot Error**: Fixed duplicate `const settings` declaration causing boot failure
* **Agent Dropdown Always Visible**: Agent dropdown in appointment form now always shown with helpful message when no agents exist
* **Select Value Fix**: Resolved Radix Select empty-value crash by using `"none"` sentinel value
* **Dashboard Metrics**: "Calls Today" and "Average Duration" now correctly include browser calls
* **Call Tallying**: Increased call fetch limit from 50 to 100 and fixed date filtering
* **FAQ disconnect**: Admin panel and landing page now fetch from same database source
* **Site config exposure**: Sensitive fields no longer exposed to non-admin authenticated users
* **Agent Apps Menu visibility**: Fixed `site_config_public` view blocking non-admin users
* **Email sending failures**: Updated invalid RESEND\_API\_KEY; emails now send successfully

#### Security

* **Encryption at Rest for Sensitive Tokens**: Google Calendar refresh tokens and Vapi API keys encrypted using PGP symmetric encryption via `pgcrypto`
* **GDPR Download Expiration Enforcement**: Server-side cleanup of expired data exports
* **increment\_minutes\_used Protection**: Function restricted to service\_role only with input validation
* **search-phone-numbers Authentication**: Added JWT verification and is\_org\_admin RPC check
* **Plan-Based Discount Controls**: Stripe checkout validates discount codes against plan's allowed list
* **Invitation token protection**: Blocked SELECT on raw `invitations`; admins use `invitations_safe` view
* **Appointments privacy**: `created_by` column with scoped RLS
* **Profiles table protection**: Users can only view their own profile
* **Site config protection**: `site_config_public` view for safe public access
* Row-Level Security (RLS) on all tables
* Webhook validation with timestamp verification
* hCaptcha bot protection
* Secure secret management
* Email verification flow using PKCE

#### Tests

* **agent-one-safety.test.ts**: 30 tests for sanitization, injection scanning, PII redaction, UUID validation, and message length limits
* **agent-one-chat/safety.test.ts**: 5 Deno edge function tests for CORS, auth, workspace\_id validation, UUID format, and oversized message rejection
* **DashboardAgentOne.test.tsx**: Enhanced from 3 to 5 tests
* **CreateWorkspaceDialog.test.tsx**: Enhanced from 4 to 7 tests
* **StorageUsageCard.test.tsx**: 8 tests for storage card rendering, usage display, warning/full states
* **UpgradeBanner.test.tsx**: 13 tests total including 4 storage-related tests
* **cloud-storage.test.ts**: 7 tests for S3 upload, Supabase fallback, error handling
* **NotificationBell.test.tsx**: 9 tests for notification bell rendering
* **appointment-reminders/index.test.ts**: 3 Deno tests for edge function invocation
* **DashboardRewards.test.tsx**: 5 tests for rewards page
* **DashboardStore.test.tsx**: 7 tests for store page
* **TopUpDialog.test.tsx**: 4 tests for top-up dialog
* **AdminRewards.test.tsx**: 7 tests for admin rewards configuration
* **AdminTopUpPackages.test.tsx**: 5 tests for admin top-up packages
* **AgentTemplates.test.tsx**: 8 tests for template rendering
* **AnalyticsSavingsCards.test.tsx**: 7 tests for savings calculation
* **AIAgentLearningSection.test.tsx**: 7 tests for learning section
* **AdminS3Buckets.test.tsx**: 7 tests for S3 bucket configuration
* **DashboardBrowserCalls.test.tsx**: 5 tests for browser calls page
* **MCPServersIntegration.test.tsx**: 14 tests for MCP servers
* **send-email tests**: 9 tests
* **request-password-reset tests**: 7 tests
* **ForgotPassword.test.tsx**: 10 tests
* **ResetPassword.test.tsx**: 12 tests
* **script-security.test.ts**: 35 tests for script security
* **CustomScriptsEditor.test.tsx**: 18 tests for scripts editor
* **AdminTestimonials.test.tsx**: 6 tests for testimonials
* **AgentAppsMenuEditor.test.tsx**: 7 tests for agent apps editor
* **AgentAppsDropdown.test.tsx**: 5 tests for agent apps dropdown
* **AdminGDPRRequests.test.tsx**: 11 tests for admin GDPR
* **DashboardGDPR.test.tsx**: 9 tests for user GDPR
* **AdminFAQs.test.tsx**: 10 tests for FAQ management
* **DeleteOrganization.test.tsx**: 5 tests for org deletion
* 315+ tests across 33+ files total

#### Performance

* **Code Splitting**: Lazy loading for all non-critical routes
* **Vendor Chunk Splitting**: React, UI, and Chart libraries in separate cacheable chunks
* **Resource Hints**: DNS prefetch for Supabase and Google Fonts
* **Font Optimization**: Non-blocking Google Fonts loading
* **Image Optimization**: Explicit dimensions on logo to prevent CLS
* **Build Target**: ES2020 reducing legacy polyfills

#### Documentation

* **TESTS.md**: Comprehensive test inventory documenting all 333 tests across 35 files
* **README.md**: Updated test coverage section with full category breakdown
* **CONTRIBUTING.md**: Contributor guidelines
* **FEATURES.md**: Full feature documentation

#### Infrastructure

* Multi-tenant architecture with organization-based data isolation
* User authentication with email verification
* Role-based access control (Owner, Admin, Manager, Viewer)
* System admin roles (Super Admin, Support)

#### Features (Platform Capabilities)

**Voice & Calls**

* AI voice receptionist powered by Vapi.ai
* Twilio phone number provisioning and management
* ElevenLabs voice synthesis with 22+ language support
* Call recording and transcript storage
* Real-time call status monitoring

**Dashboard**

* Live call monitoring and analytics
* Call history with searchable transcripts
* AI-generated insights panel
* Setup checklist for new users
* Activity stream

**Business Management**

* Business hours configuration with timezone support
* Services management with duration and pricing
* Custom AI greeting and personality settings
* Google Calendar integration for appointments

**Team & Collaboration**

* Team member invitations with email notifications
* Role-based permissions per organization
* Admin impersonation for support

**Billing & Subscriptions**

* Stripe integration for payments
* Configurable pricing plans from admin panel
* Usage-based minute tracking
* Discount code system
* Customer portal access

**Admin Panel**

* Platform-wide metrics (users, orgs, MRR)
* Call volume and outcome charts
* User and organization management
* Plan configuration with Stripe sync
* Site branding configuration
* Email settings management
* AI-powered contact reply system
* Discount code management
* FAQ management
* GDPR request management

**Landing Page**

* Responsive hero section
* Features showcase
* Dynamic pricing from database
* FAQ section
* Contact form with hCaptcha protection
* Social proof bar

***

#### v1.0.0 -- 2026-02-06

**Added**

* Initial release of AI Voice Receptionist SaaS Template
* Complete multi-tenant platform ready for white-label deployment
* Full documentation in README.md