Changelog

Last updated: 2026-03-12

All notable changes to this project will be documented in this file.

Versioning: Calendar-based (vYYYY.MM.DD). Each month collects dated entries; at month-end they form that month's release.

v2026.03.12 -- March 2026

Added — AgentOne Workflow Enhancements

• 2026-03-12 -- Expanded AgentOne workflow templates from 4 to 20: Customer Satisfaction Survey, Onboarding Kickoff, Churn Prevention Escalation, Upsell Opportunity Detector, Competitor Mention Tracker, Quote Request Pipeline, Compliance Call Audit, Agent Performance Review, No-Show Rebooking, Escalation to Human Agent, Daily Call Digest, Patient Triage Notes, Prescription Refill Handler, Consultation Intake Summary, CRM Sync Pipeline, Slack Alert Pipeline

• 2026-03-12 -- Added "New Blank Workflow" button — users can now create workflows from scratch without a template

• 2026-03-12 -- Replaced expandable How to Use section with button-triggered dialog containing 5 in-depth sections with real-world examples, AgentOne Chat leverage guide, and step-by-step instructions

• 2026-03-12 -- Gamified How to Use dialog: 25 XP per section, progress bar, completion badges, localStorage persistence, toast notifications on earn

Fixed — Edge Function Configuration

• 2026-03-12 -- Registered 55 missing edge functions in supabase/config.toml with verify_jwt = false (functions use manual getUser() auth pattern)

• 2026-03-12 -- Resolved duplicate topup-checkout entry in config

Changed — Documentation Sync

• 2026-03-12 -- Synced all badge counts across README.md, FEATURES.md, TESTS.md, UNIQUEFEATURES.md, CHANGELOG.md: 884 tests, ~322 features, 50 differentiators

• 2026-03-12 -- Updated all "Last Updated" timestamps to 2026-03-12

v2026.03.11 -- March 2026

Slot Monetization & White-Label Portal Enhancements

• 2026-03-11 -- Rebuilt Appointment Slot Monetization with DB-backed premium_slots table: per-agent, per-service granularity, full CRUD, RLS policies, and gamified How to Use guide

• 2026-03-11 -- Added price_multiplier column to appointments table for accurate invoicing of premium slots

• 2026-03-11 -- Added slot_monetization_enabled to organization settings for org-level toggle

• 2026-03-11 -- Added Company Logo upload and Company Slogan input to White-Label Portal creation form (previously only in edit view)

• 2026-03-11 -- Updated SlotMonetization tests to match new DB-backed architecture (2 tests)

Robust CRM Enhancements — Client Health, Timeline & Retention Intelligence

• 2026-03-11 -- Client Health Score System: Added health_score (0-100), health_status (healthy/at_risk/critical), and churn_risk columns to client_records and crm_contacts tables

• 2026-03-11 -- Client Tiers: New tier column (vip/priority/standard/at_risk) for segmenting customers by engagement value

• 2026-03-11 -- Unified Client Timeline: New client_interactions table logs all touchpoints (calls, appointments, emails, notes, documents) with ClientTimeline component in detail panel

• 2026-03-11 -- Smart Follow-Up Reminders: New client_follow_ups table with ClientFollowUps component — track pending tasks, mark complete/dismiss/snooze, auto-create for at-risk clients

• 2026-03-11 -- Sentiment Trend Tracking: Added sentiment_trend column (positive/neutral/negative) with SentimentTrendBadge visual indicator

• 2026-03-11 -- How to Use Guide: Gamified 8-step guide (75 XP) explaining Health Scores, Timeline, Tiers, and Follow-ups with industry-specific examples

• 2026-03-11 -- Learning Center: Added "Client Management & CRM" Phase 13 module with deep-dive guidance on all CRM features (+50 XP)

• 2026-03-11 -- New Components: ClientHealthBadge, SentimentTrendBadge, ClientTimeline, ClientFollowUps, and client-health.ts calculation utility

• 2026-03-11 -- Enhanced Metrics: Dashboard shows "At-Risk Clients" and "Avg Health" summary cards; Superadmin CRM shows avg health score and churn risk counts

• 2026-03-11 -- Tier Filtering: Added tier filter to both Dashboard Clients and CRM Contacts tables with VIP/Priority/Standard/At-Risk options

• 2026-03-11 -- UI Updates: ClientDetailPanel now has Timeline and Follow-Ups tabs; CRMContactsTable displays health/tier columns

• 2026-03-11 -- Tests: Added 3 new DashboardClients tests (How to Use button, At-Risk Clients metric, Avg Health metric) — total 876 tests

v2026.03.10 -- March 2026

Security Hardening — Full Codebase Audit

• 2026-03-10 -- Added DOMPurify sanitization to all dangerouslySetInnerHTML usage (NewsletterDashboard) to prevent XSS attacks

• 2026-03-10 -- Removed SMTP credentials from localStorage — now uses sessionStorage for non-sensitive fields only; passwords are never persisted client-side

• 2026-03-10 -- Upgraded vite-plugin-pwa to 0.21.1 to resolve serialize-javascript high-severity vulnerability

• 2026-03-10 -- Added Terser production build config to strip console.log, console.warn, console.debug (keeps console.error for monitoring)

• 2026-03-10 -- Fixed all empty catch {} blocks across AdminProfile, DemoAudioPlayer, VideoRoomManager with descriptive error logging

• 2026-03-10 -- Audited all Security Definer database views — confirmed site_config_public, plans_public, video_rooms_public are intentionally definer; all _safe views use security_invoker=on

• 2026-03-10 -- Legacy localStorage SMTP data is now auto-cleaned on CRM Tickets page load

Added — Push Notifications (Native Browser)

• 2026-03-10 -- Native browser push notification system using Browser Notification API + Supabase Realtime (no external VAPID dependencies)

• 2026-03-10 -- useBrowserNotifications hook: permission management, localStorage persistence, auto-close after 6s

• 2026-03-10 -- PushNotificationToggle component with Active/Blocked status badges

• 2026-03-10 -- Push toggle added to User Dashboard Settings (Profile section) and Superadmin Notification Prefs

• 2026-03-10 -- Admin Push Composer: compose and send notifications to All Users, All Admin Staff, Specific Organization, or Single User

• 2026-03-10 -- NotificationBell triggers native browser notifications on new realtime events

Added — Pricing Plans Price Lock Display

• 2026-03-10 -- Landing page pricing cards now display Price Lock-In badge (🔒 icon) showing lock duration (e.g., "Price locked for 2 years")

Fixed — Plan Edit Dialog Scrolling

• 2026-03-10 -- Replaced Radix ScrollArea with native overflow-y-auto in Plan Edit dialog for reliable scrolling

• 2026-03-10 -- Dialog content constrained to max-h-[90vh] with pinned header/footer

Fixed — Organization Deletion S3 Cleanup

• 2026-03-10 -- delete-organization edge function now performs actual S3/IDrive E2 cleanup: lists all objects under org-{uuid}/ prefix via ListObjectsV2 and deletes them in batches via DeleteObjects (previously only logged orphaned objects)

• 2026-03-10 -- Uses native AWS SigV4 signing (no SDK dependency) with pagination support for orgs with >1000 objects

• 2026-03-10 -- Deletion response now includes s3_objects_deleted count for audit trail

• 2026-03-10 -- Updated Danger Zone UI warning to mention cloud storage file purging

Added — CRM Ticket & SMTP Improvements

• 2026-03-10 -- Rewrote delete-user-data edge function: now fully deletes auth user + profile row (was previously blanking profile as "[Deleted User]"), purges S3/IDrive E2 data, cleans up Vapi resources, and cascade-deletes the org if user was sole member

• 2026-03-10 -- delete-organization response now shows S3 objects purged count in toast notification

• 2026-03-10 -- SMTP test email: added dedicated "Test Email Address" input field to SMTP dialog (previously sent to SMTP username, causing errors)

• 2026-03-10 -- Rewrote test-smtp edge function: replaced denomailer with raw TCP SMTP client to fix email validation errors ("TO Email is not valid!") and support both implicit TLS (port 465) and STARTTLS (port 587)

• 2026-03-10 -- Fixed hCaptcha on /submit-ticket page: replaced hardcoded test site key with HCaptchaRuntimeWidget using real credentials

• 2026-03-10 -- Created and deployed verify-hcaptcha edge function for server-side captcha validation with graceful fallback

• 2026-03-10 -- Fixed CRM Tickets button visibility: explicit borders and colors for dark backgrounds

• 2026-03-10 -- Guided Tour arrows updated to light green (hsl(142, 71%, 45%)) for visibility

• 2026-03-10 -- Dashboard overview: removed "(30D)" suffix from Total Calls and Missed Calls card labels

Tests

• 2026-03-10 -- Added SubmitTicket.test.tsx (6 tests): page title, form fields, submit button, hCaptcha runtime widget, priority selector, security notice

• 2026-03-10 -- Added CRMTicketsSmtp.test.tsx (5 tests): SMTP Settings button, dialog open, test email input, test connection button, save button

• 2026-03-10 -- Total: 875 tests across 100 frontend + 7 edge function test files

Added — Compliance Audits (Vanta-Inspired)

• 2026-03-10 -- New Compliance Audits system with 3 database tables (compliance_frameworks, compliance_artifacts, compliance_audit_results) and RLS policies

• 2026-03-10 -- Superadmin "Compliance" tab in Admin panel: framework cards, artifact CRUD, org compliance overview

• 2026-03-10 -- User dashboard Compliance Audits page (/dashboard/compliance-audits): animated score ring, framework tabs, auto-check engine, evidence submission

• 2026-03-10 -- Seeded 5 frameworks (SOC 2, HIPAA, GDPR, PCI-DSS, ISO 27001) with 42 pre-built artifacts including auto-check mappings

• 2026-03-10 -- 6 auto-check types: RLS active, MFA enabled, encryption at rest, call recording consent, GDPR configured, data retention policy

• 2026-03-10 -- How to Use emerald guide with 4-step onboarding instructions

• 2026-03-10 -- Added Compliance Audits step to 18-step Guided Tour

• 2026-03-10 -- Added Phase 12 (Compliance Audits) to Learning Center with 3 new learning steps (+40 XP)

Added — Gamified How to Use Guides

• 2026-03-10 -- Created reusable GamifiedGuideDialog component with XP tracking, step completion persistence (localStorage), progress bars, and Carbon Cash rewards tie-in

• 2026-03-10 -- Gamified "How to Use" dialogs on 7 dashboard pages: Compliance Audits (75 XP), Process Intelligence (90 XP), Live Calls (60 XP), Embed Widgets (60 XP), Webhooks (65 XP), AI Voice Agents (65 XP), Convo+ (50 XP)

• 2026-03-10 -- Each guide includes "How to Leverage for Your Organization" with industry-specific examples (Healthcare, Real Estate, E-Commerce, Legal, etc.)

• 2026-03-10 -- XP earned across all guides redeemable for Carbon Cash Rewards in the Store

Changed — Navigation & Transfer Sync

• 2026-03-10 -- Renamed "Integrations" to "Webhooks" in sidebar More menu for clarity

• 2026-03-10 -- Updated Guided Tour "More Features" description to reference Webhooks instead of Integrations

• 2026-03-10 -- Fixed transfer phone number sync: agent editor now syncs transfer_number to organization_settings AND updates Vapi assistant's transferCall tool destinations on save

Tests

• 2026-03-10 -- Added DashboardComplianceAudits.test.tsx (5 tests): page title, How to Use button/guide, Run Full Audit button, guide steps

• 2026-03-10 -- Updated DashboardSidebar.test.tsx (10 tests, +1 new): added Webhooks visibility test in More popover

• 2026-03-10 -- Total: 864 tests across 98 frontend + 7 edge function test files

v2026.03.09 -- March 2026

Changed — Navigation & Campaign Security

• 2026-03-09 -- Moved Clients button below AI Voice Agents in sidebar navigation

• 2026-03-09 -- Removed CSV import from Outbound Campaigns to prevent spam/blacklisting; replaced with consent-based contact picker from existing client records

• 2026-03-09 -- Added Process Intelligence and Outbound Campaigns modules to Learning Center

• 2026-03-09 -- Updated Guided Tour from 15 to 17 steps with Process Intelligence, Campaigns, and Climate Saved steps

Added — Process Intelligence (4 Features)

• 2026-03-09 -- Business Context Manager: structured business rules engine for policies, authority limits, and KPI targets that govern AI agent behavior

• 2026-03-09 -- Process Map Visualizer: visual workflow diagram showing lead-to-conversion pipeline with bottleneck highlighting

• 2026-03-09 -- Operational Readiness Score: composite 0–100 score measuring org preparation for full AI automation

• 2026-03-09 -- SLA Monitor with Breach Tracking: configurable response time thresholds, compliance percentage tracking, and breach history

Added — Omnichannel & Developer Platform (5 Features)

• 2026-03-09 -- SMS & WhatsApp Messaging: omnichannel AI messaging with threaded conversations, real-time updates, and manual override

• 2026-03-09 -- Outbound Campaign Dialer: bulk outbound calling with CSV lead upload, sequential dialing, pause/resume, and per-lead outcome tracking

• 2026-03-09 -- Embeddable Webchat Widget: AI chat bubble for any website with agent assignment, color customization, embed code generation, and conversation management

• 2026-03-09 -- Webhook Integration System: developer webhook endpoints with event type selection, HMAC payload signing, test ping, and delivery log monitoring

• 2026-03-09 -- Live Transcript Streaming: real-time call transcript monitoring with speaker-labeled chunks via Supabase Realtime, auto-scroll, and supervisor coaching integration

Added — Infrastructure

• 2026-03-09 -- Centralized site URL: created _shared/constants.ts with SITE_URL constant, updated 9 edge functions to import from shared constant instead of hardcoding

• 2026-03-09 -- Updated dispatch_email_from_notification DB function to dynamically read site URL from site_config table

Tests

• 2026-03-09 -- Added DashboardProcessContext.test.tsx (5 tests): no-org fallback, page title, tabs render, process map, readiness score

• 2026-03-09 -- Added DashboardMessages.test.tsx (5 tests): no-org fallback, router context, container render, crash safety, fallback text

• 2026-03-09 -- Added DashboardCampaigns.test.tsx (5 tests): no-org fallback, router context, crash safety, fallback text, container render

• 2026-03-09 -- Added DashboardWebchat.test.tsx (5 tests): page title, create widget button, How to Use guide, tabs, description text

• 2026-03-09 -- Added DashboardIntegrations.test.tsx (5 tests): page title, How to Use guide, description text, endpoints tab, logs tab

• 2026-03-09 -- Added DashboardLiveCalls.test.tsx (5 tests): page title, description text, How to Use guide, call list area, transcript panel

• 2026-03-09 -- Total: 852 tests across 97 frontend + 7 edge function test files

Changed — Documentation

• 2026-03-09 -- UNIQUEFEATURES.md: added A45–A48 (4 new differentiators), updated feature census to ~316, updated moat to 48

• 2026-03-09 -- Synced badges across all .md docs: tests→852, shipped features→~316

• 2026-03-09 -- Learning guide: added Phase 11 — Process Intelligence (4 guide steps, 50 XP)

• 2026-03-09 -- TESTS.md: added 1 new page test file entry, updated counts

v2026.03.08 -- March 2026

Changed — Visual Flow Builder Integration

• 2026-03-08 -- Moved Visual Call Flow Builder from standalone Dashboard card into the Agent Editor form (inside "AI Behavior & Instructions" section); selecting a template auto-generates special_instructions; expanded to 36 industry-specific templates

• 2026-03-08 -- Removed VisualFlowBuilder from Dashboard analytics grid (now agent-editor-only)

Added — Dashboard Intelligence Suite (24 Features, 7 Phases)

• 2026-03-08 -- Phase 1 — Dashboard Analytics: Call Cost Calculator, Revenue Attribution per Agent, Smart Time-Slot Suggestions (heatmap), Agent Performance Leaderboard

• 2026-03-08 -- Phase 2 — Post-Call Intelligence: Call Quality Score (1-5 auto-rating), AI Call Sentiment Heatmap (calendar view), Smart Call Summary Digest (email config)

• 2026-03-08 -- Phase 3 — Call Flow Enhancements: Missed-Call Auto-Callback Queue, Caller Intent Pre-Routing, Voice Greeting Scheduler, AI-Powered Competitive Pricing Alerts

• 2026-03-08 -- Phase 4 — Advanced Intelligence: Post-Call NPS Auto-Survey, Voicemail-to-Action Pipeline, Voice Agent Compliance Auto-Flagging, Auto-Generated FAQ from Calls

• 2026-03-08 -- Phase 5 — Supervisor & Predictive: Live Call Whisper Mode (real-time supervisor coaching), Smart No-Show Predictor (appointment risk scoring), Multilingual Auto-Detect & Live Switch

• 2026-03-08 -- Phase 6 — Monetization & Optimization: White-Label Client Portal (branded config), Appointment Slot Monetization (premium pricing), Voice Agent A/B Testing (variant comparison)

• 2026-03-08 -- Phase 7 — Predictive Intelligence: Client Risk Scoring / Churn Prediction, Visual Call Flow Builder (decision tree), Proactive Engagement Triggers (rule-based follow-ups)

• 2026-03-08 -- Analytics Learning Guide: gamified 24-step interactive guide with 310 XP across 7 phases, localStorage persistence, and progress tracking

Security — RLS & Policy Hardening (8 fixes, 3 migrations)

• 2026-03-08 -- Video Rooms PII: removed anon SELECT on base table; anonymous join now uses get_video_room_join_data() RPC excluding created_for_email/created_for_name

• 2026-03-08 -- Plans secret_slug exposure: anon SELECT restricted to is_public = true; created plans_public safe view excluding secret_slug and allowed_discount_codes

• 2026-03-08 -- Newsletter purchases: fixed INSERT policy from permanent WITH CHECK (false) to WITH CHECK (is_service_role())

• 2026-03-08 -- Affiliate referrals: tightened service_role INSERT with explicit is_service_role() guard

• 2026-03-08 -- Video sessions: anon INSERT now validates room_id + participant_name + active room exists

• 2026-03-08 -- Convo workspaces BYOK key: base table SELECT restricted to org admins only (matching agent_one_workspaces pattern); regular members use convo_workspaces_safe view

• 2026-03-08 -- Staff invitations privilege escalation: restricted INSERT/UPDATE/DELETE to is_system_admin() only (previously any is_admin_staff() could create invitations with elevated roles)

• 2026-03-08 -- Staff role templates: write operations restricted to is_system_admin(); read allowed for all admin staff

Changed — Documentation

• 2026-03-08 -- UNIQUEFEATURES.md: renamed Section A from "Already Built Differentiators" to "Already Built – Competitive Moat"; merged all 24 shipped B-items into Section A (A16–A39); updated Priority Matrix with 39-feature consolidated table; kept Sections B, C, D as reference breakdowns

• 2026-03-08 -- FEATURES.md: added 24 new Dashboard & Analytics entries

• 2026-03-08 -- TESTS.md: added 24 new dashboard test file entries, updated counts (168→282 dashboard tests, 16→40 test files)

• 2026-03-08 -- Synced badges across all .md docs: README, FEATURES, TESTS, CHANGELOG, CRM, CONTRIBUTING, AgentVerifier, BiasProtections, Guardrails, HITL — dates updated, shipped features badge shows ~307

Tests

• 2026-03-08 -- Fixed ClientRiskScoring.test.tsx: resolved "multiple elements" error by using getAllByText for /Critical/ pattern

• 2026-03-08 -- Fixed LiveWhisperMode.test.tsx: resolved "multiple elements" error by using getAllByText for /LIVE/ pattern

• 2026-03-08 -- Added 24 new dashboard component test files (114 new tests): MissedCallCallback (5), VoicemailPipeline (5), LiveWhisperMode (5), PostCallNPSSurvey (6), NoShowPredictor (5), RevenueAttribution (5), MultilingualDetect (5), CallerIntentRouting (5), WhiteLabelPortal (4), CompetitivePricingAlerts (5), ComplianceFlagging (5), SlotMonetization (4), SentimentHeatmap (6), AgentABTesting (5), CallDigestConfig (6), ClientRiskScoring (4), VisualFlowBuilder (5), ProactiveEngagement (5), CallQualityScore (5), TimeSlotHeatmap (4), AgentLeaderboard (4), AutoGeneratedFAQ (6), VoiceGreetingScheduler (6), CallCostCalculator (5)

• 2026-03-08 -- Total: 822 tests across 91 frontend + 7 edge function test files

v2026.03.06 -- March 2026

Security

• 2026-03-06 -- S3 Tenant Isolation Hardened: end-to-end audit of all org data storage; fixed AgentOne s3_run_path to use org-{uuid}/ prefix, standardized snapshot-org-stats to org-{uuid}/stats/, fixed redundant path in AdminOrgStats, updated delete-organization cleanup references to unified org-{uuid}/ convention

• 2026-03-06 -- Password Policy Hardened: minimum password length increased from 8 to 12 characters across all authentication flows (signup, reset password, profile change, invitation acceptance) and Zod passwordSchema validation

• 2026-03-06 -- Rate Limiting: added IP-based rate limiting (10 req/hour) to rewards-redeem edge function

• 2026-03-06 -- Affiliate Token Leakage Fix: affiliate-dashboard-data no longer returns access_token in lookup responses; switched to email-link login flow

• 2026-03-06 -- Password Tips UI: updated all password hint text from "8 characters" to "12 characters" in SecuritySettings, AdminProfile, and ResetPassword

Tests

• 2026-03-06 -- Updated validations.test.ts (27→28 tests): added 12-char password acceptance test, updated rejection test for new minimum

• 2026-03-06 -- Updated ResetPassword.test.tsx: password strength and match tests aligned with 12-char minimum

• 2026-03-06 -- Updated SecuritySettings.test.tsx: password tips text updated to 12 characters

• 2026-03-06 -- Fixed HCaptchaRuntime.test.tsx (5 tests): resolved build-time env var interference; tests now handle both runtime and build-time sitekey paths

• 2026-03-06 -- Added rewards-redeem/index.test.ts (2 tests): CORS preflight handling, JSON response on POST

• 2026-03-06 -- Total: 821 tests across 91 frontend + 7 edge function test files

v2026.03.05 -- March 2026

Changed

• 2026-03-05 -- Guided Tour Update: added "Clients" step (now 15 steps total) to match sidebar reorganization; updated "More Features" description to include Settings, Content Moderation, and remove Clients

• 2026-03-05 -- Sidebar Navigation: Clients moved to primary sidebar below All Calls; "Moderation" renamed to "Content Moderation"

• 2026-03-05 -- Calls Page: added Video Calls quick-access button

• 2026-03-05 -- Competition Info: added "How to Use" instructional popup

Tests

• 2026-03-05 -- Enhanced GuidedTour.test.tsx (3→7 tests): step navigation, skip/close with localStorage, completed tour suppression, back button disabled state

• 2026-03-05 -- Total: 820 tests across 90 frontend + 6 edge function test files

v2026.03.04 -- March 2026

Added

• 2026-03-04 -- Independent Manual + Unlimited Video Rooms: plans now support BOTH a manual room count AND an unlimited auto-gen toggle simultaneously; manual rooms are always enforced, unlimited controls auto-generated client sessions independently

• 2026-03-04 -- Call Archive Tab: new "Call Archive" tab in Dashboard → Video Rooms showing all ended sessions (both manual and client) with search, type/payment filters, recording downloads, transcript downloads, CSV export, and summary stats

• 2026-03-04 -- Video Session Recording/Transcript Columns: video_sessions table extended with recording_url, transcript, and transcript_s3_url columns

• 2026-03-04 -- Unlimited Video Rooms Plan Toggle: superadmin plan editor now includes an "Unlimited Auto-Gen Rooms" switch; renamed existing field from "Video Rooms" to "Manual Video Rooms" for clarity

• 2026-03-04 -- Video Chat Appointments Toggle: AI Voice Agent editor replaces manual room management with a centralized "Enable Video Chat Appointments" switch persisted to ai_agents.video_chat_enabled

• 2026-03-04 -- Automated Video Room Flow: voice agents automatically collect client details (name, email, time), system auto-generates a unique private room with appointment, sends join link email, and cleans up after 2 hours

• 2026-03-04 -- Video Consultation Templates: all 36+ agent templates now include standardized video consultation instruction blocks with call recording consent

• 2026-03-04 -- Email Sender Consistency: all edge function emails now sent from AI Voice+ <[email protected]>

Fixed

• 2026-03-04 -- VideoRoomManager room limit: manual room limits now always enforced; unlimited toggle only affects auto-generated client sessions

• 2026-03-04 -- Landing page pricing: video rooms now display as separate line items ("X Manual Video Rooms" + "Unlimited Auto-Gen Video Calls")

Tests

• 2026-03-04 -- Total: 816 tests across 90 frontend + 6 edge function test files (+1 new pricing test for dual manual+unlimited display)

v2026.03.02 -- March 2026

Fixed

• 2026-03-02 -- AgentOne Dashboard: wired edit & delete actions on Recent Workspaces cards (previously no-op); integrated EditAgentOneWorkspaceDialog with cache invalidation

• 2026-03-02 -- AgentOne Workspace Detail: added Settings button to workspace header for inline editing and deletion with navigation on delete

Tests

• 2026-03-02 -- Total: 815 tests across 90 frontend + 6 edge function test files (no new tests — bug-fix release)

v2026.02.19 -- February 2026

Added

• 2026-02-19 -- Hybrid SSO (OIDC): sso-authorize and sso-callback edge functions for organization-level OIDC identity provider integration; admin SSOSettings UI with provider management; login domain detection with automatic SSO redirect banner

• 2026-02-19 -- SSO Gamified Setup Guide: interactive 5-step How to Use dialog in SSOSettings with XP tracking, progress bar, localStorage persistence, and confetti celebration on completion

Security

• 2026-02-19 -- SSO Security Hardening: HMAC-SHA256 signed state parameter with 10-minute TTL (CSRF protection); redirect_uri validation against allowed origins whitelist; domain format regex validation; scalable user lookup via profiles table instead of listUsers(); defense-in-depth organization re-derivation from email domain in callback; existing user org linkage on SSO login; UNIQUE partial index on organizations.sso_domain to prevent domain collisions

Tests

• 2026-02-19 -- Added SSOSettings.test.tsx (20 tests): card rendering, form inputs, How to Use dialog, 5-step guide display, XP counter, progress bar, step completion toggle, localStorage persistence, pro tip, advanced section, loading state

• 2026-02-19 -- Enhanced useConfetti.test.ts (4→8 tests): added multiple trigger-complete cycles, idempotent trigger, idempotent complete, useCallback memoization stability

• 2026-02-19 -- Total: 815 tests across 90 frontend + 6 edge function test files

v2026.02.18 -- February 2026

Fixed

• 2026-02-18 -- Top-Up Checkout Amount Mismatch: cart displayed combined one-time + recurring total but Stripe checkout only charged one-time items; unified all items through a single Stripe checkout session (subscription mode when recurring items present); all topup_purchases now created as pending until Stripe confirmation

• 2026-02-18 -- Top-Up Premature Activation: recurring top-ups were being applied to account immediately before payment; removed superadmin bypass that skipped Stripe for recurring items; all top-ups now require completed Stripe checkout

• 2026-02-18 -- Billing Card Cents Display: top-up purchase amounts in Settings → Billing were shown in raw cents instead of formatted dollars; added /100 conversion with toFixed(2)

Added

• 2026-02-18 -- BYOK Provider Expansion: added 18 AI providers (50+ models) to AgentOne workspace Create and Edit dialogs — Google, OpenAI, Anthropic, Meta Llama, Mistral, DeepSeek, Requesty.ai, OpenRouter, Hugging Face, Ollama, Cohere, Groq, Perplexity, Together AI, Fireworks AI, xAI, AWS Bedrock, Azure OpenAI; grouped <optgroup> selectors in Create dialog, labeled sections in Edit dialog

• 2026-02-18 -- 37-Language Expansion: added 15 new languages (Bengali, Thai, Vietnamese, Indonesian, Ukrainian, Czech, Romanian, Hungarian, Greek, Malay, Tamil, Filipino, Croatian, Bulgarian, Slovak) across AI Voice Agents, Convo+, and AgentOne; updated voice-config.ts with native names, BCP-47 codes, and localized greetings; synced useTextToSpeech.ts LANG_MAP; updated Convo+ workspace create/edit dialogs, chat interface, and progress dashboard LANG_LABELS

• 2026-02-18 -- Landing Page Language Sync: updated FeaturesSection, ConvoLanding, FAQSection, and HowItWorksVisuals to reflect "37+ languages" with complete language chips

• 2026-02-18 -- DashboardConvo LANG_LABELS: synced to full 37-language set matching other Convo+ components

• 2026-02-18 -- PayPal Payouts API: paypal-payout edge function for real-money affiliate payouts via PayPal Payouts API; synchronous status update (no webhooks needed); "Pay Now" button sends funds and marks paid on success

• 2026-02-18 -- Affiliate Dashboard Confetti: first-login confetti celebration with canvas-confetti; welcome banner auto-dismisses after 8s; tracked via localStorage per affiliate ID

• 2026-02-18 -- Affiliates Menu Item: "Affiliates Earn 30%!" link added to sidebar More popover and mobile BottomNav More sheet; opens /affiliates in new tab with gradient highlight

• 2026-02-18 -- Mobile PWA Admin Layout: added safe-area-inset-top padding to sticky mobile header for iPhone notch/Dynamic Island clearance; increased nav tab touch targets to 40px min-height with larger text and icons

Tests

• 2026-02-18 -- Updated CreateWorkspaceDialog.test.tsx (+2 tests): BYOK grouped providers rendering (18 providers visible), optgroup count validation

• 2026-02-18 -- Added voice-config.test.ts (29 tests): SUPPORTED_LANGUAGES count (37), uniqueness, original + new language coverage, property completeness; ELEVENLABS_VOICES count (18), uniqueness, gender balance, recommended voices; DEFAULT_GREETINGS coverage for all 37 languages with placeholder validation; getLanguageByCode lookups; getVoiceById lookups; getRecommendedVoice gender filtering; getDefaultVoiceId validity; getVoicesByGender filtering; getDefaultGreeting substitution + fallbacks; migrateOldVoiceId legacy migrations

• 2026-02-18 -- Added BottomNav.test.tsx (8 tests): 5 nav items rendering, More sheet opening, Affiliates link with new-tab attributes, Data Chat button, Docs link, active route highlighting, all more menu items

• 2026-02-18 -- Added DashboardSidebar.test.tsx (9 tests): primary nav items, More button, overflow items in popover, Affiliates link with new-tab attributes, Docs link, Settings, Data Chat button, active route highlighting

• 2026-02-18 -- Added AffiliateDashboard.test.tsx (8 tests): redirect without token, dashboard data rendering, stats cards, first-login confetti trigger (localStorage flag), no confetti on subsequent logins, referral link copy button, approved status badge, empty referrals message

• 2026-02-18 -- Added useAdminAccess.test.ts (7 tests): loading state, unauthenticated block, allowed access, denied access, edge function error, server error, device fingerprint transmission

• 2026-02-18 -- Updated AdminRoute.test.tsx (3→5 tests): added useAdminAccess mock; split loading into staff-loading and access-loading; added blocked-access 404 masking test

• 2026-02-18 -- Total: 791 tests across 89 frontend + 6 edge function test files

v2026.02.17 -- February 2026

Fixed

• 2026-02-17 -- Newsletter Popup Readability: replaced wall-of-text inline expansion with formatted Dialog popup; formatNewsletterContent engine converts raw text into structured HTML with headings, bullet lists, paragraphs, and video embeds; prose typography classes for consistent reading experience

• 2026-02-17 -- Mobile More Drawer: added Blog and Newsletter buttons to BottomNav "More" drawer for mobile accessibility

• 2026-02-17 -- Site Stats Input Visibility: added text-foreground to Site Name and Domain inputs so typed text is visible on dark backgrounds

• 2026-02-17 -- Site Stats Button Visibility: added explicit text-foreground border-border to outline buttons (Copy Script, Refresh, date range selectors) for dark theme contrast

Added

• 2026-02-17 -- Superadmin "How to Use This Dashboard" guide: colorful 16-section dialog accessible from Overview quick-action bar, covering all admin modules with gradient icons, category badges, and ⌘K tip

Security

• 2026-02-17 -- Maintenance Notice RLS Fix: replaced overly restrictive SELECT policy (only is_enabled = true) with split policies — authenticated users see all notices (admin management), anon sees only enabled notices (public banners)

Tests

• 2026-02-17 -- Added AdminMaintenance.test.tsx (11 tests): heading, Live/Disabled badges, message textarea, button inputs, gradient picker, preview, save button, disabled save on empty, loading state, enable toggle

• 2026-02-17 -- Updated AgentSkills.test.tsx (9 tests, +1 new): "See Flow" button for A2A diagram

• 2026-02-17 -- Total: 725 tests across 84 frontend + 6 edge function test files

v2026.02.16 -- February 2026

Added

• 2026-02-16 -- AI Content Generate Structured Output: ai-content-generate edge function returns structured JSON (title, excerpt, category, tags, content) via tool calling; AdminBlog and AdminNewsletter auto-fill all fields and embed cover images as Markdown

• 2026-02-16 -- Affiliate Landing Section: new AffiliateSection component above FAQs on landing page with "Earn 30% Commission" messaging, benefit cards, and signup CTA; content editable via Superadmin Site Config

• 2026-02-16 -- Affiliate Site Config Editor: new "Affiliate Section (Landing Page)" accordion in LandingSectionEditor with headline, description, and button text fields; backed by 3 new site_config columns

• 2026-02-16 -- Secure Affiliate Dashboard: new affiliate-dashboard-data edge function for server-side affiliate data access; token stored in sessionStorage instead of URL

• 2026-02-16 -- Error Boundary: global ErrorBoundary component wrapping App.tsx catches render crashes with branded fallback UI

• 2026-02-16 -- Branded 404 Page: redesigned NotFound.tsx with theme-consistent styling and navigation links

• 2026-02-16 -- Newsletter Subscription Price in Dollars: newsletter_subscription_price_cents column renamed to newsletter_subscription_price (numeric, dollars) in site_config; Admin UI and newsletter-checkout edge function updated to read/write dollar values directly

• 2026-02-16 -- Scheduled Auto-Publish System: new scheduled-publish edge function with pg_cron job running every minute to auto-publish scheduled blog posts and auto-send scheduled newsletters at their published_at / scheduled_at times

• 2026-02-16 -- Affiliate Page Text Customization: superadmins can edit headings, subtitles, and commission text for affiliate login, registration, and dashboard pages via Site Config; new affiliate_login_heading, affiliate_register_title, affiliate_register_commission_text, affiliate_dashboard_welcome columns in site_config

• 2026-02-16 -- Affiliate Page Branding: affiliate login and registration pages now display site logo and include the standard DashboardFooter

• 2026-02-16 -- Viral Content Studio: AI-powered viral video script generator with duration picker (10s/30s/60s/2min/5min), elite scriptwriting prompt, and auto-editor flow

Fixed

• 2026-02-16 -- Top-Up Checkout 100x Overcharge Bug: topup-checkout edge function was multiplying price_cents by 100 again (Stripe expects cents, DB already stores cents); removed the extra * 100 multiplication for both recurring and one-time items

• 2026-02-16 -- Top-Up Duplicate Insert: removed duplicate topup_purchases insert call in topup-checkout edge function

• 2026-02-16 -- Affiliate "Mark Paid" Button Visibility: updated button styling from invisible variant="outline" to text-foreground border-foreground/30 for readable contrast on dark backgrounds

• 2026-02-16 -- Navbar Sign In / Dashboard Button Spacing: added ml-2 margin to CTA button container; added isLoading guard to prevent flashing between states during auth resolution

• 2026-02-16 -- Viral Content Studio Visibility: fixed dark-theme contrast issues on labels, inputs, selects, and buttons

Security

• 2026-02-16 -- RLS Hardening: affiliates, affiliate_referrals, affiliate_payouts SELECT policies set to USING (false) — data accessed via edge function only; newsletter_edition_purchases INSERT restricted to service role

• 2026-02-16 -- site_config_public view updated to include affiliate section columns

Tests

• 2026-02-16 -- Fixed CustomScriptInjector.test.tsx (8 tests, was 9): removed 2 obsolete mobile-gating tests, added 1 all-viewports injection test (scripts now inject on all viewports)

• 2026-02-16 -- Added scheduled-publish/index.test.ts (2 tests): 200 response with success payload, CORS OPTIONS handling

• 2026-02-16 -- Fixed AgentAppsDropdown.test.tsx: updated test to match component behavior (always renders Apps+ button)

• 2026-02-16 -- Refactored NotificationBell.test.tsx (9 tests): variant-based filtering (user/admin), dismiss mutations, admin styling, realtime context-matching

• 2026-02-16 -- Total: 713 tests across 82 frontend + 6 edge function test files

v2026.02.15 -- February 2026

Added

• 2026-02-15 -- Analytics Consolidation: deleted redundant DashboardAnalytics page; removed Analytics tab from superadmin panel; AI Usage card merged into Overview section

• 2026-02-15 -- Superadmin Overview Enhancements: Quick Action buttons, System Health card, New Signups widget, Top Performing Organizations leaderboard, Platform Growth sparklines

• 2026-02-15 -- Announcement Gradient Backgrounds: 7 beautiful gradient presets (Ocean Blue, Sunset, Purple Haze, Emerald, Rose Gold, Midnight, Default) selectable when creating/editing announcements; gradients render on toast notifications and feature badges

• 2026-02-15 -- Poll Announcements: new "Poll" category in announcements with 4 interactive vote types (5 Stars, Sentiment Faces, Thumbs Up/Down, NPS 1–10); poll type picker UI, validation, and Poll badge on announcement list items

• 2026-02-15 -- Webhook Delivery Logs: webhook_delivery_logs table with collapsible delivery history per webhook showing status codes and timing

• 2026-02-15 -- Audit Log System: audit_logs table with Activity Log tab in Settings; filterable by action type with scrollable timeline

• 2026-02-15 -- Bulk Actions on Calls: select-all checkbox, per-call checkboxes, floating "Export Selected" bar

• 2026-02-15 -- Bulk Actions on Clients: select-all header checkbox, per-row checkboxes, floating action bar with Export and Delete (with confirmation dialog)

• 2026-02-15 -- UNIQUEFEATURES.md: roadmap of 14 innovative future features

• 2026-02-15 -- Avatar Upload Fix: added storage RLS policies allowing authenticated users to upload/update their own avatar in the avatars/{uid}/ path

• 2026-02-15 -- Recurring Top-ups Architecture: non-minute top-ups (agents, users, phone numbers, storage) now become recurring monthly subscription add-ons; minutes remain one-time. New recurring_topups table, billing_mode column on topup_packages, cancel-recurring-topup edge function, and "Monthly Add-ons" section in Billing with per-item cancel buttons

• 2026-02-15 -- GDPR Approval Branded Email: superadmin approval of data export requests now sends a branded notification email from AI Voice+ <[email protected]> to the requesting user with download instructions and 7-day expiry notice

Fixed

• 2026-02-15 -- Guided Tour +Add Visibility: tour card now positions below header/nav targets instead of to the right, with upward-pointing arrow; target element gets pointer-events: auto and elevated z-index so it remains visible and clickable through the overlay

• 2026-02-15 -- AgentOne Chat Mobile Responsiveness: header uses flex-wrap with icon-only buttons on mobile; sidebar becomes full-width overlay on small screens; input area has compact spacing

• 2026-02-15 -- Rewards "Apply to Subscription" Feedback: clicking with insufficient points now shows a destructive toast explaining the minimum required instead of silently doing nothing

• 2026-02-15 -- GDPR Data Export Trigger Fix: trg_notify_admin_gdpr no longer references non-existent requester_email column; now looks up email from auth.users via user_id

• 2026-02-15 -- Mobile Change Plan Dialog: added max-h-[85vh] overflow-y-auto to the upgrade dialog so plans are scrollable and selectable on mobile devices

• 2026-02-15 -- Top-Up Dialog Billing Mode Labels: packages now display "monthly" or "one-time" badges with per-month pricing suffix for recurring items

• 2026-02-15 -- Quick Add Shortcuts: added "Resources" (→ Settings > Billing) and "MCP Server" (→ Settings > Integrations) items to the + Add dropdown in the dashboard header

• 2026-02-15 -- Guided Tour Quick Add Step: new first tour step highlighting the + Add button with description of all available shortcuts; tour now dynamically elevates header or sidebar containers for proper visibility

• 2026-02-15 -- Mobile Settings Responsiveness: all Settings tab detail pages made responsive for mobile PWA view — card headers, list items, and button rows now stack vertically on small screens using flex-col → sm:flex-row pattern across DashboardSettings, APIKeyManagement, MCPServersIntegration, ICalSyncIntegration, TeamMembersList, and BillingCard; TabsList now horizontally scrollable

• 2026-02-15 -- Business Settings Mobile Fix: BusinessHoursEditor day rows stack vertically with mobile/desktop switch toggles; ServicesEditor uses single-column grid on mobile; address fields use responsive grid breakpoint

• 2026-02-15 -- Mobile Data Chat: "Data Chat" button added to BottomNav "More" drawer with gradient styling matching desktop sidebar

• 2026-02-15 -- Agent Apps Menu Reorder: move up/down arrow buttons on each app item in Superadmin → Site Config → Agent Apps Menu for drag-free reordering

• 2026-02-15 -- Transferred Calls Page: dedicated /dashboard/transferred-calls page with search, CSV export, and S3 archival; sidebar "More" menu entry; clickable Transferred card on dashboard

• 2026-02-15 -- E-Sig Document Editor: "View Doc" button opens full-screen monospace editor for raw document content; new content column on esig_documents

• 2026-02-15 -- Client Portal Fix: get_portal_invoice_data SECURITY DEFINER function bypasses RLS for unauthenticated portal visitors; portal buttons hidden for draft invoices

• 2026-02-15 -- Competitors Page Visibility Fix: added text-foreground classes to buttons, tabs, and badges in AdminCompetition for dark-mode visibility

• 2026-02-15 -- Mobile Nav Reorder: BottomNav reordered to Home → Calls → More → AgentOne → Settings; More button now centered

• 2026-02-15 -- Mobile Logo: app logo added to mobile top bar linking to landing page

• 2026-02-15 -- Custom Script Desktop-Only: CustomScriptInjector now only injects widgets on desktop (≥768px); scripts are removed on mobile viewports

• 2026-02-15 -- Dashboard Card Links: AgentOne "Workspaces" card links to /dashboard/agentone/workspaces; Convo+ "Spaces" card links to /dashboard/convo/spaces

Security

• 2026-02-15 -- Sensitive data exposure fix: all client-side reads of organization_settings switched to organization_settings_safe view (excludes vapi_api_key, google_calendar_refresh_token); agent_one_workspaces base table SELECT policy restricted to org admins only (general reads use agent_one_workspaces_safe view)

• 2026-02-15 -- CRM Contact Form hardening: added IP rate limiting (5/15min), server-side input sanitization (HTML stripping, control char removal, length limits), hCaptcha verification, email format validation, and masked error messages to crm-contact-form edge function

• 2026-02-15 -- Contact page hCaptcha: added HCaptchaWidget to the public Contact form (client + server verification) alongside existing honeypot

• 2026-02-15 -- HCaptcha Runtime Fetch: updated HCaptcha component to fetch site key at runtime from hcaptcha-sitekey edge function when build-time env var is unavailable; consolidated duplicate HCaptcha components into single HCaptchaRuntime.tsx

Fixed

• 2026-02-15 -- Settings tabs mobile overflow: card headers with side-by-side title + buttons now stack vertically on mobile

• 2026-02-15 -- Business Hours Editor: fixed day rows overflowing on mobile (fixed-width inputs replaced with flex-grow)

• 2026-02-15 -- Services Editor: fixed 2-column grid forcing cramped layout on mobile

• 2026-02-15 -- Competitors page: outline buttons and tab triggers invisible on dark admin background

• 2026-02-15 -- Client Portal: "Invoice not found" error due to RLS blocking unauthenticated portal token queries

• 2026-02-15 -- Footer gap: excessive empty space above footer on all pages fixed with mt-auto on DashboardFooter

• 2026-02-15 -- Convo+ chat: top navigation bar hidden on mobile fixed by adjusting chat container height

Tests

• 2026-02-15 -- Updated QuickAddDropdown.test.tsx (10 tests, +3 new): Resources navigation to billing, MCP Server navigation to integrations, data-tour attribute on trigger button

• 2026-02-15 -- Updated GuidedTour.test.tsx (3 tests, updated): first step now verifies "Quick Add" title, step count updated from 12 to 13

• 2026-02-15 -- Added BusinessSettings.test.tsx (6 tests): loading state, accordion sections, form fields, save indicator, timezone, responsive address grid

• 2026-02-15 -- Added BusinessHoursEditor.test.tsx (5 tests): 7-day rendering, closed state, time inputs, switch toggles, responsive layout classes

• 2026-02-15 -- Added ServicesEditor.test.tsx (6 tests): empty state, service items, labels, add interaction, delete buttons, responsive grid

• 2026-02-15 -- Updated AgentAppsMenuEditor.test.tsx (10 tests, +3 new): move up, move down, boundary disable guards

• 2026-02-15 -- Updated GuidedTour "More Features" description to include Transferred Calls and BAA | e-Sig Docs

• 2026-02-15 -- Updated CustomScriptInjector.test.tsx (9 tests, +2 new): mobile gating, desktop-to-mobile cleanup

• 2026-02-15 -- Updated ConvoDashboardMetrics.test.tsx (3 tests): added BrowserRouter wrapper for Link component, clickable Spaces link test

• 2026-02-15 -- Updated Contact.test.tsx (10 tests): updated mock from HCaptcha to HCaptchaRuntime

• 2026-02-15 -- Updated validations.test.ts (27 tests, +10 new): contactFormSchema validation — valid data, missing name, invalid email, short message, name/message length limits, optional phone/company, phone/company length limits

• 2026-02-15 -- Added HCaptchaRuntime.test.tsx (5 tests): runtime sitekey fetch, captcha rendering, onNotConfigured callbacks, loading state, error handling

• 2026-02-15 -- Fixed AnalyticsSavingsCards.test.tsx (7 tests): added BrowserRouter wrapper for Link component

• 2026-02-15 -- Updated DashboardClimateSaved.test.tsx (11 tests, +2 new): Climate Impact & Carbon Cash learning section, link to rewards page

• 2026-02-15 -- Updated DashboardRewards.test.tsx (7 tests, +2 new): How Rewards & Climate Connect learning section, link to climate dashboard

• 2026-02-15 -- Added AdminAnnouncements.test.tsx (11 tests): heading, add button, create dialog, category select, poll type picker visibility, poll badge on list items, active/inactive badges, empty state, title/message fields

• 2026-02-15 -- Total: 715 tests across 83 frontend + 5 edge function test files

v2026.02.14 -- February 2026

Added

• 2026-02-14 -- Comprehensive Notification System: 17 database triggers across 12 tables generate real-time notifications for both user and superadmin dashboards. Two helper functions (notify_org_members, notify_admin_staff) insert notifications for all org members or all admin staff respectively. NotificationBell updated with Sonner toast on realtime INSERT, individual green "Mark Read" button per notification, extended Lucide icon map (13 types), and glowing red dot unread indicator. Bell added to Admin panel mobile and desktop headers. crm-contact-form edge function now calls notify_admin_staff RPC on new leads.

• 2026-02-14 -- CRM Contact Form Edge Function: created dedicated crm-contact-form edge function for inserting contact page submissions directly into crm_contacts as leads (previously incorrectly routed to auth-signup which had no handler)

• 2026-02-14 -- CRM Expansion: 8 new CRM sub-tabs (Forecast, Segments, Campaigns, Tickets, Automations, Quotes, Projects, Integrations) with full CRUD, plus RBAC staff permission gating on Admin sidebar

• 2026-02-14 -- Security Hardening: expanded injection patterns (10 total), PII patterns (5 total incl. email/phone/UK NINO), blocked voice phrases, fail-closed moderation and rate limiting, output moderation for convo-chat, injection audit logging, MCP server race condition fix (per-request context), chat-with-data full safety pipeline, error masking across 8 edge functions, S3 key decryption via RPC, HTML escaping in email templates, admin-ai-insights input validation

• 2026-02-14 -- Documentation: created BiasProtections.md, Guardrails.md, AgentVerifier.md

• 2026-02-14 -- Superadmin Command Palette: search split into "App Items" and "Superadmin Items" (20 admin tabs) with onAdminTab callback for tab switching without page reloads

• 2026-02-14 -- AgentOne Chat TTS: green Volume2/VolumeX button in chat input bar, per-message speak buttons on assistant messages, auto-speak on new responses via browser Speech Synthesis API

• 2026-02-14 -- Larger prompt inputs: replaced <Input> with auto-resizing <textarea> in AgentOne workspace and Convo+ chat interfaces (Enter sends, Shift+Enter newline)

• 2026-02-14 -- Quick Add (+) deep linking: all 5 items now navigate with ?action=create query param; target pages auto-open creation dialogs after data loads using pendingCreate pattern to avoid race conditions

Fixed

• 2026-02-14 -- CRM Contact Form: fixed contact page submissions not reaching crm_contacts table — created dedicated crm-contact-form edge function (was incorrectly calling auth-signup which ignored the crm_contact_from_form action)

• 2026-02-14 -- AdminRoute test: updated mock from deprecated useSystemAdmin to useAdminStaff hook after RBAC refactor

• 2026-02-14 -- Command Palette search: fixed AgentOne navigation path (/dashboard/agent-one → /dashboard/agentone), Climate Saved path (/dashboard/climate-saved → /dashboard/climate), removed AI Assistant Settings and AI Settings from search items

Tests

• 2026-02-14 -- Added Contact.test.tsx (9 tests): form rendering, validation errors, contact_requests insert, crm-contact-form edge function invocation, thank you screen, honeypot field

• 2026-02-14 -- Fixed AdminRoute.test.tsx (3 tests): updated to mock useAdminStaff instead of removed useSystemAdmin

• 2026-02-14 -- Added CommandPalette.test.tsx (10 tests): Cmd+K open, Navigation vs App Items heading, Superadmin Items visibility, admin tab items, onAdminTab callback

• 2026-02-14 -- Updated QuickAddDropdown.test.tsx (7 tests, +5 new): navigation paths with ?action=create for all 5 items (calendar, agents, convo, agentone, clients)

• 2026-02-14 -- Fixed DashboardClients.test.tsx: added MemoryRouter wrapper (required after useSearchParams addition)

• 2026-02-14 -- Updated CommandPalette.test.tsx (11 tests, +1 new): AI Assistant Settings removal verification

• 2026-02-14 -- Updated NotificationBell.test.tsx (12 tests, rewritten): Lucide icons instead of emojis, individual Mark Read buttons, red dot indicator, realtime Sonner toast firing, mark read mutation

• 2026-02-14 -- Total: 659 tests across 78 frontend + 5 edge function test files

• 2026-02-14 -- Guided Tour: reordered steps to match updated sidebar layout (Dashboard → Calendar → AI Voice Agents → Convo+ → AgentOne → All Calls → Climate Saved → Apps+ → More → Docs → Settings → Tour), removed standalone Analytics step (now 12 steps); fixed duplicate badges in README

v2026.02.13 -- February 2026

Added

• 2026-02-13 -- Top Up Extra Resources: redesigned TopUpDialog with multi-item cart (quantity steppers, cart summary, proceed to checkout), topup-checkout edge function updated to accept array of items with multiple Stripe line items, top-up purchases displayed on Billing page

• 2026-02-13 -- Top Up DB columns: topup_agents, topup_phone_numbers, topup_users, topup_storage_gb on subscriptions table; Dashboard and ResourceUsageCards now sum base plan + top-up values for all 5 resource types

• 2026-02-13 -- Convo+ Dashboard Metrics: 6 metric cards (Spaces, Messages, Tokens Used, Total XP, Words Learned, Learners) matching AgentOne dashboard pattern

• 2026-02-13 -- Quick Add (+) dropdown in dashboard header with shortcuts: New Appointment, Create Agent, Convo Space, AgentOne Space, Client

• 2026-02-13 -- BillingCard "Top Up" button renamed to "Top Up Extra Resources"

• 2026-02-13 -- Convo+ safety hardening: 10-layer security pipeline matching AgentOne — IP rate limiting (30/15min), input validation, sanitization, prompt injection scanning, content moderation via AI gateway, PII redaction on input and output, safety preamble, per-org daily quota (100 msgs/day) via convo_usage table, audit logging to ai_usage_logs, org membership verification

• 2026-02-13 -- Guided Tour updated to 13 steps: added Climate Saved step with Leaf icon; updated More Features description to highlight Rewards/Carbon Cash

• 2026-02-13 -- App name badge in sidebar now links to landing page (/) instead of /dashboard

• 2026-02-13 -- Full PWA support: installable app with service worker, offline caching, manifest, PWA icons, and /install page with platform-specific instructions

• 2026-02-13 -- ImpactRewardsCards: reusable CO₂ Saved and Carbon Cash cards added to Overview and Analytics dashboards with live data from call_logs and rewards_balances

• 2026-02-13 -- Climate Saved dashboard now pulls actual call duration data from call_logs table (was only using subscription/rewards data)

• 2026-02-13 -- Hero section desktop layout: increased container padding for better breathing room at lg+ breakpoints

• 2026-02-13 -- Climate Saved dashboard: environmental impact metrics (CO₂, trees, energy, car miles) with transparent "How It's Calculated" accordion showing formulas and EPA/IEA sources

• 2026-02-13 -- Admin Webhooks: CRUD for webhook endpoints with event selection, test ping, and active/inactive toggle (superadmin only)

• 2026-02-13 -- Bulk Discount Code generation: batch-create up to 100 codes with CSV download

• 2026-02-13 -- Bulk Discount Codes UX overhaul: batch summary rows with ... dropdown for View Codes and Export CSV

• 2026-02-13 -- Admin Data Archival: automatic S3/Supabase storage archival for bulk-generated discount code CSVs with IDrive E2 fallback

• 2026-02-13 -- Agent save-before-test: disabled test call button for unsaved agents with "Save Agent" prompt

• 2026-02-13 -- Confetti celebrations on first login (with has_seen_welcome profile flag)

• 2026-02-13 -- Rewards "How It Works" accordion explaining earning rates, milestones, and redemption rules

• 2026-02-13 -- "How to Use" instructional accordions added to AI Voice Agents, Convo+, and AgentOne pages

• 2026-02-13 -- Superadmin unlimited access fix: DashboardAgents now uses useSubscriptionGuard with ∞ badge for superadmins

• 2026-02-13 -- Dashboard consolidated: merged Analytics charts, tally cards (Clients, Appointments, Calls, Consents, Top-Ups), and resource usage cards (Minutes, Users, Storage) into main Dashboard; Analytics route redirects to /dashboard; sidebar prefix-match highlighting fix for Convo+/AgentOne sub-routes

• 2026-02-13 -- Data Chat expanded: 12 user + 12 admin suggested questions covering patterns, conversion, churn risk, MRR growth, peak hours, and more

Fixed

• 2026-02-13 -- 2FA issuer branding: authenticator apps now display "AI Voice+" instead of the default domain name when enrolling TOTP factors

• 2026-02-13 -- MFA login "missing sub claim" error: fixed race condition where stale-session cleanup in AuthProvider could sign out a freshly authenticated user before MFA challenge completed; added staleCheckCancelled flag and session-alive guard before mfa.challenge()

Security

• 2026-02-13 -- Webhook secrets now encrypted at rest via encrypt_webhook_secret_trigger (defense in depth, matching org settings pattern)

• 2026-02-13 -- Script security hardened: eval() and new Function() now always blocked even with trusted URLs; CustomScriptInjector uses DOMParser instead of innerHTML; regex lastIndex state reset prevents false negatives

Tests

• 2026-02-13 -- Added HeroSection.test.tsx (4 tests): headline, CTA buttons, trust indicators, trusted-by badge

• 2026-02-13 -- Added Install.test.tsx (3 tests): title, benefit cards, instructions section

• 2026-02-13 -- Added ImpactRewardsCards.test.tsx (4 tests): CO2 card, rewards card, loading skeletons, detail page links

• 2026-02-13 -- Added ConfettiOverlay.test.tsx (5 tests): render states, pointer-events-none, onComplete callback, cleanup

• 2026-02-13 -- Added useConfetti.test.ts (4 tests): API shape, initial state, activate, deactivate

• 2026-02-13 -- Added DashboardClimateSaved.test.tsx (9 tests): title, metrics, milestone, accordion formulas

• 2026-02-13 -- Added TopUpDialog.test.tsx (4 tests): dialog title, description, empty state, closed state

• 2026-02-13 -- Added ConvoDashboardMetrics.test.tsx (3 tests): skeleton loaders, null orgId handling

• 2026-02-13 -- Added QuickAddDropdown.test.tsx (2 tests): render Add button, 5 menu items on click

• 2026-02-13 -- Added GuidedTour.test.tsx (3 tests): step count, Climate Saved inclusion, step dots

• 2026-02-13 -- Added convo-chat/safety.test.ts (6 tests): UUID validation, message length, injection detection, sanitization, PII redaction, field validation

• 2026-02-13 -- Added AdminWebhooks.test.tsx (8 tests): title, buttons, URL display, event badges, empty state

• 2026-02-13 -- Added AdminDiscountCodes.test.tsx (8 tests): title, buttons, code display, active badge, empty state, batch summary, dropdown

• 2026-02-13 -- Added admin-data-archive.test.ts (5 tests): S3 archival, Supabase fallback, MIME types, folder paths

• 2026-02-13 -- Updated script-security.test.ts (+1 test): eval/Function never-downgrade with trusted URLs

• 2026-02-13 -- Updated useAuth.test.tsx (12 tests, +3 new): MFA factor detection, MFA skip for unverified factors, stale session cleanup on mount; updated mock to include getUser and mfa.listFactors

• 2026-02-13 -- Total: 642 tests across 86 frontend + 5 edge function test files

v2026.02.12 -- February 2026

Added

• 2026-02-12 -- Dashboard sidebar reordered: Dashboard → Calendar → AI Voice Agents → Convo+ → AgentOne → All Calls → Analytics

• 2026-02-12 -- AgentOne Dashboard: replaced marketing splash page with a metrics-driven dashboard at /dashboard/agentone/dashboard featuring 6 metric cards (workspaces, runs, messages, tokens, memories, tools), 30-day usage trend chart (messages/tokens toggle), recent runs feed with workspace name and status, top 6 workspace grid with quick-create action. AgentOne landing page restored as the entry point

• 2026-02-12 -- Convo+ landing page "Go to Workspaces" button now navigates directly to the Progress Tracking dashboard tab

• 2026-02-12 -- Convo+ language support expanded to 22+ languages (added NL-BE, ES-MX, TR, HI, TH, EL) across landing page, workspace create and edit dialogs

Fixed

• 2026-02-12 -- 2FA banner "Set Up 2FA" button now correctly navigates to Settings → Security tab (was going to Profile tab due to query param mismatch)

Changed

• 2026-02-12 -- Renamed sidebar "Agent Apps" dropdown label to "Apps+"

• 2026-02-12 -- Renamed sidebar "Docs" link label to "Docs | ...more"

• 2026-02-12 -- Convo+ TTS switched from ElevenLabs API to browser-native Speech Synthesis API (zero cost, smart voice selection preferring Neural/Enhanced voices, language-matched via BCP-47). ElevenLabs remains active for voice agents only

Tests

• 2026-02-12 -- Added TwoFactorBanner.test.tsx (3 tests): render, security tab navigation, dismiss

• 2026-02-12 -- Updated AgentAppsDropdown.test.tsx to match new "Apps+" label

• 2026-02-12 -- Added DashboardConsents.test.tsx (8 tests): title, metrics, search, empty state

• 2026-02-12 -- Added DashboardClients.test.tsx (11 tests): title, metrics, buttons, empty state, export disabled

• 2026-02-12 -- Added AgentEditorForm.test.tsx (10 tests): cards, validation, cancel handler, create button

• 2026-02-12 -- Added useTextToSpeech.test.ts (17 tests): API shape, speak/stop, cooldown, truncation, locale mapping, voice selection (cloud/neural preference, language matching), cleanup

• 2026-02-12 -- Added AgentOneDashboardMetrics.test.tsx (3 tests): skeleton loaders, metric labels, zero values

• 2026-02-12 -- Added AgentOneDashboardUsageChart.test.tsx (3 tests): title, toggle buttons, empty state

• 2026-02-12 -- Added AgentOneDashboardRecentRuns.test.tsx (2 tests): title, empty state

• 2026-02-12 -- Added DashboardConvo.test.tsx (5 tests): title, tabs, default tab, progress tab via URL param, description

v2026.02.11 -- February 2026

Added

• 2026-02-11 -- Role Permissions Matrix in Settings → Team: collapsible table showing what each role (Viewer, Manager, Admin) can access per feature, with highlighted column for selected role

• 2026-02-11 -- Renamed "Editor" role to "Manager" across invite dialog and member detail sheet to match database enum

Changed

• 2026-02-11 -- Viewer role no longer implies transcript access; transcripts require Manager or above

• 2026-02-11 -- Improved role descriptions in invite dialog and member sheet with specific feature callouts

v2026.02.11 -- February 2026 (Baseline)

Everything shipped up to this date, consolidated as the initial baseline release.

Added

• BYOK Routing + Safety Guardrails for AgentOne: Complete security and BYOK implementation for the agent-one-chat edge function

  • BYOK Provider Routing: Workspaces with a custom API key now route requests directly to OpenAI or Google Gemini APIs based on model prefix, with provider error normalization (429/401/402/502)

  • Encrypted BYOK Key Storage: byok_api_key column on agent_one_workspaces with encrypt_workspace_byok_trigger for PGP encryption at rest

  • get_decrypted_workspace_key: Security definer function (service_role only) for server-side key decryption

  • IP Rate Limiting: 30 messages per 15 minutes per IP via shared rate-limit.ts utility

  • Input Validation: 10K character cap, UUID format checks, null byte/control character stripping

  • Prompt Injection Defense: 6 regex patterns detect and safely wrap injection attempts

  • Content Moderation: AI-powered input screening via Lovable AI gateway (gemini-2.5-flash-lite), always uses platform key

  • System Prompt Hardening: Non-negotiable safety preamble prepended to every conversation

  • PII Redaction: Real-time streaming output scan for credit card numbers and SSNs, replaced with [REDACTED]

  • Per-Org Daily Quotas: agent_one_usage table with increment_agent_one_usage RPC for atomic 100 msgs/day tracking

  • Audit Logging: Every request logged to ai_usage_logs with user, org, feature, model, and token count

  • Frontend BYOK Wiring: DashboardAgentOne.tsx createMutation now stores byok_api_key and sets ai_provider = "byok"

  • Client-side Safety Utilities: src/lib/agent-one-safety.ts mirrors server guardrails for pre-validation

• AgentOne Workspaces: Full agentic AI workspace system with multimodal streaming chat, persistent memory, and MCP data integration

  • 5 new database tables: agent_one_workspaces, agent_one_runs, agent_one_messages, agent_one_memory, agent_one_tools with org-level RLS

  • 3 edge functions: agent-one-chat (streaming AI with live org data tools), agent-one-workspace (lifecycle), agent-one-memory (CRUD)

  • Gemini 3 Flash (Free) as default model; BYOK mode for custom API keys and models (GPT-5, Claude, etc.)

  • Workspace listing page (/dashboard/agentone) with create dialog, search, status management

  • Workspace detail page (/dashboard/agentone/:workspaceId) with streaming chat, 6-tab sidebar (Runs, Memory, Tools, Docs, Files, MCP), quick-action buttons

  • MCP Data Integration: Chat can query live call logs, clients, appointments, and agents; results rendered as interactive cards

  • MCP Data Panel: Sidebar tab showing connected MCP servers with one-click context injection

  • Drag-and-drop document upload supporting PDF, TXT, MD, CSV, JSON, and images (PNG/JPG/WEBP)

  • Artifact viewer auto-extracts code blocks and structured data from assistant messages into browsable gallery

  • Custom tools panel with CRUD for prompt templates, code snippets, and workflows

  • Memory viewer with type filtering (fact/instruction/preference/context)

  • Folder-level S3 storage isolation (agent-one/workspace-{id}/) with Supabase Storage fallback

  • Sidebar and BottomNav updated with "AgentOne" menu item

• Call Recording Consent System: Opt-in per-agent consent flow that asks callers for recording consent at the start of every call

  • call_consents table with org-level RLS and append-only policies for regular users

  • require_consent toggle on ai_agents table (default: off)

  • recordConsent Vapi tool injected into assistant when enabled

  • System prompt dynamically prepends consent script when active

  • Consent Log dashboard page (/dashboard/consents) with date, caller, agent, and status filtering

• Identity Verification System: Opt-in per-agent caller verification before sensitive actions

  • identity_verifications table tracking verification attempts, methods, and outcomes

  • require_identity_verification toggle and identity_verification_methods (PIN, DOB, Account Number) on ai_agents

  • verifyIdentity Vapi tool with encrypted PIN lookup via decrypt_sensitive()

  • System prompt dynamically injects verification instructions when active

• Client Records Management: Centralized client database with CRM-like capabilities

  • client_records table with encrypted security PINs via encrypt_client_pin_trigger

  • Auto-upsert from bookAppointment Vapi webhook (creates/updates client on every booking)

  • Full CRUD dashboard page (/dashboard/clients) with search, status filters, add/edit dialogs, and CSV export

• Agent Editor Enhancements: New toggles in Agent Editor for "Require Recording Consent" and "Require Identity Verification" with method selection checkboxes

• Navigation Updates: Added Consent Log and Clients items to sidebar and guided tour

• User Profile Button in Header: Moved Sign Out from sidebar to a profile avatar dropdown in the top-right header bar

  • Shows "Welcome, {first name}" with avatar image next to the notification bell

  • Popover menu with Profile Settings, All Settings, and Sign Out links

  • Appointment indicator (teal dot) on avatar when there are appointments today

  • Missed calls indicator (red dot) on avatar when there are missed calls today

• Team Members Limit per Plan: New users_limit column on plans table

  • Configurable in Admin → Plans edit form

  • Displayed on landing page pricing cards (e.g. "5 Team Members")

  • Synced to Stripe product metadata via stripe-sync-products edge function

  • Team tab in Settings shows usage counter (e.g. "2/5") and disables invite when at limit

• Storage Quota Management: Per-plan storage limits for call transcripts and MCP data with automatic enforcement

  • storage_limit_gb column on plans table — configurable per plan via Admin → Plans

  • storage_used_bytes and storage_limit_gb columns on subscriptions for per-org tracking

  • increment_storage_used() DB function validates quota before allowing S3 uploads (returns allowed: false when full)

  • get_storage_usage() DB function returns usage stats for UI display

  • upload-to-s3 edge function now checks quota and returns HTTP 413 when storage is full

  • StorageUsageCard component in Settings with progress bar, warning/full badges, and contextual alerts

  • UpgradeBanner extended with storage warning (≥90%) and storage full (100%) banners

  • useSubscriptionGuard extended with storageUsedBytes, storageLimitGb, storagePercent, storageWarning, storageFull

  • Admin Plans table includes editable Storage (GB) field

  • Landing page pricing cards now display storage allocation per plan

  • Superadmin bypass for all storage restrictions

• Stripe Live Mode Fix: Cleared test-mode Stripe product/price IDs to allow fresh sync with live keys

• Superadmin Subscriptions Management Page: Comprehensive subscription & transaction oversight for platform operators

  • Search, filter by status/plan, and view detailed subscription info

  • CSV export of all subscription data

  • MRR, active/trialing/canceled counts, and total credit summary cards

• Interactive Admin Metric Cards: All top-level dashboard metric cards now navigate to their respective management tabs (Organizations, Users, Analytics, Subscriptions)

• Call Volume Chart Improvements: Dual-metric grouped bar chart showing both call count and call minutes per day with legend

• Subscription Distribution Chart Fix: Tooltip text now uses themed foreground colors for readability in dark mode

• Call Outcomes Chart Clarification: Added subtitle and help text explaining outcome categories

• Stripe Live Keys: Updated Stripe integration to use live publishable and secret keys

• Call Duration Increased to 7 Minutes: AI voice calls now have a 7-minute (420s) hard limit, up from 4 minutes, with a 6-minute warning prompt

• Agent-to-Agent (A2A) Collaboration: Multi-agent handoff system with transfer rules, shared session context, and agent skills

  • agent_transfer_rules table for defining keyword/intent-based routing between agents

  • agent_sessions table for tracking shared context during call handoffs

  • agent_skills table for tagging agents with capabilities and proficiency levels

  • Transfer Rules UI in Agent Editor for managing handoff conditions

  • Agent Skills UI with 7-level proficiency dropdown (Novice → Master) and primary skill marking

  • A2A workflow explainer added to Agent Skills section

  • Vapi webhook integration for transferToAgent tool and session management

  • System prompt injection of transfer rules into Vapi assistant configuration

• Lovable AI Moderation: Documentation updated to reference Lovable AI Gateway for content moderation instead of OpenAI Moderation API

• MCP Server for AI Assistants: Public MCP (Model Context Protocol) server enabling users to interact with their account from Claude Desktop, Cursor, Windsurf, and other MCP-compatible AI tools

  • 9 tools: list_calls, get_call_detail, list_appointments, create_appointment, cancel_appointment, get_analytics, list_agents, update_agent, get_rewards_balance

  • API key authentication with SHA-256 hashed storage — raw keys never persisted

  • Self-service API key management in Settings → Integrations tab

  • api_keys table with RLS, validate_api_key + touch_api_key_usage DB functions

  • mcp-server edge function using mcp-lite + Hono with StreamableHttpTransport

  • Connection instructions and MCP server URL displayed in the UI

• Cloud Storage Offloading to IDrive E2 (S3): New uploadToCloudStorage utility and upload-to-s3 edge function route uploads to S3-compatible storage with automatic Supabase fallback

  • Call recordings persisted from Vapi to E2 on call completion

  • GDPR data exports stored in E2 gdpr-exports/ folder

  • Organization logos, user avatars, and store product images uploaded via E2

  • Graceful fallback to Supabase site-assets bucket when no S3 bucket is configured

• Appointment Reminder & Auto-Dial System: Multi-stage automated reminder pipeline with pg_cron scheduling

  • appointment-reminders edge function processes 24h, 2h, 15min email reminders and auto-dial at appointment time

  • VAPI outbound calls to clients with appointment context and agent greeting

  • Automatic creation of missing reminders for upcoming appointments

  • appointment_reminders table tracks status (pending/sent/failed/skipped) per reminder

• In-App Notification System: Real-time dashboard alerts for organization admins

  • NotificationBell component with Supabase Realtime subscriptions

  • Unread count badge, mark-all-read, and click-to-navigate

  • Type-specific emoji icons (🤖 agent, ⏰ reminder, 📞 auto-dial)

  • in_app_notifications table with RLS policies

• VAPI Webhook Reminder Integration: Auto-creates reminder records and agent-assigned notifications when appointments are booked via voice agent

• Automatic Appointment Confirmation Emails: Clients now receive a professional confirmation email automatically when an appointment is booked — both via the AI voice agent (VAPI webhook) and through the manual Calendar UI

  • New appointment-confirmation email type in send-email edge function with branded HTML template

  • VAPI webhook bookAppointment tool now accepts email parameter and auto-sends confirmation

  • Manual calendar bookings auto-send confirmation when client email is provided

  • All emails sent from AI Voice+ <[email protected]>

  • confirmation_sent_at timestamp updated on successful send

• Built-in Calendar System: Full appointment management in Dashboard → Calendar

  • Create, edit, and cancel appointments with date picker and 30-minute time slots (8:00–21:30)

  • Real-time conflict detection prevents double-booking

  • Agent integration — assign AI Voice Agents to appointments; agent-booked slots show "AI Booked" badge

  • Email confirmations sent to clients via send-email edge function with "Sent ✓" tracking

  • Calendar provider toggle: choose Built-in Calendar or Google Calendar per organization

  • Visual indicators on calendar dates that have appointments

• Social Links Expansion: Added YouTube and UpScrolled URL fields to Superadmin → Site Config → Social Links and landing page footer

• Guided Tour Expansion: Added Calendar, Rewards, and Store steps to the interactive guided tour

• Carbon Cash Rewards System: Full rewards program where users earn points per minute of AI agent call time, with milestone bonuses, monthly caps, and redemption for subscription credits or store merchandise

• Merch Store: Complete e-commerce system with product categories, variants (size/color/SKU), inventory management, shipping rates, and checkout via Stripe, Carbon Cash points, or mixed payments

• Top-Up Packages: One-time resource purchases (extra minutes, agents, phone numbers) via Stripe checkout without changing subscription plan

• Edge Functions: rewards-credit, rewards-redeem, store-checkout, topup-checkout for backend processing

• Stripe Webhook Extensions: Handles topup and store payment metadata for fulfillment

• VAPI Webhook Integration: Auto-credits Carbon Cash rewards after each call ends

• Superadmin Profile Page: Full profile management page in the admin panel with avatar upload, personal info (auto-saved), address, password change dialog, 2FA setup/disable with QR code, and session information

• Admin Trial Lifecycle Info Panel: Rich informational card on the Plans page showing the full trial timeline (signup → warning → expiry → upgrade), enforcement points (agent limits, VAPI webhook guard, minutes exhaustion), superadmin bypass, and cron job details

• Dashboard Guided Tour: Interactive wizard with speech bubbles that walks new users through every dashboard section. Auto-triggers on first login and can be re-launched via Guided Tour button in the sidebar

• Trial Expiration & Subscription Guardrails: Complete post-trial enforcement system

  • useSubscriptionGuard hook tracks subscription status, trial expiry, minutes usage, and agent limits

  • Upgrade Banner: Contextual warnings for trial expiring (≤3 days), trial expired, minutes exhausted, or subscription canceled

  • Upgrade Wall: Full read-only lockout when trial expires — only Settings and GDPR pages remain accessible

  • Superadmin Bypass: System admins are never locked out of any functionality

  • Agent Limit Enforcement: Redirects to settings when agent creation exceeds plan limit

  • VAPI Webhook Guard: Blocks incoming calls for expired trials, canceled subscriptions, or exhausted minutes (server-side enforcement)

  • Trial Expiration Cron: Daily edge function (trial-expiration-cron) auto-cancels expired trials, deactivates agents, and sends emails

  • Trial Emails via Resend: 3-day warning email + expiration notification sent to org owners/admins

• Sign In / Sign Up Page Customization: All text on the Sign In and Sign Up pages is now editable from Superadmin → Site Config → Landing Page Edits

• AI Agents Limit per Plan: Plans now include agents_limit field in the edit form, Stripe product metadata, and landing page pricing features

• User Announcements Page: New /dashboard/announcements route where users can view all announcements from superadmins with accordion-style list, read/unread badges, and filtering

• Admin Back to App Button: Moved "Back to App" navigation from sidebar footer to desktop header

• Browser Calls Dashboard: New /dashboard/browser-calls page with advanced filtering, search, transcript viewing, and batch CSV/TXT export capabilities

• S3/MinIO Integration: Admin can configure S3-compatible storage (MinIO) for call transcripts with test connection functionality

• AI Agent Learning Section: New collapsible accordion in agent editor with capability documentation and instruction templates

• 27 Industry-Specific Templates: Pre-built AI agent templates for Medical, Dental, Pharmacy, Optometry, Mental Health, Pediatric, Salon, Spa, Med Spa, Restaurant, Hotel, Legal, Accounting, Real Estate, Insurance, Automotive, Fitness, Veterinary, Photography, Travel, Education, Dry Cleaning, Moving, HVAC/Plumbing, Electrical, Landscaping, and General Contractor

• Call Guardrails: 4-minute call limit with 3-minute warning prompt for trial users

• 5-Minute Call Limit Plan: Documented graceful call termination strategy with Vapi maxDurationSeconds, 4-minute warnings, and plan-based limits

• Multi-Agent (A2A) Collaboration Roadmap: Complete architecture for agent-to-agent handoffs with shared context, transfer rules, and orchestration

• Abuse Protection System Plan: Multi-layer security including real-time content moderation, blocked caller lists, rate limiting, and safety incident tracking

• Plan Discount Percentage: New annual_discount_percent field for dynamic "Save X%" badges on landing page

• Discount Code Restrictions: Plans can now specify which discount codes are allowed via allowed_discount_codes array

• Multiple AI Voice Agents: New ai_agents table, /dashboard/agents page, agent limit per plan

• Missed Calls Page: New /dashboard/missed-calls route with filtered view and CSV export

• Call Transcript Popup: TranscriptModal component for viewing call transcripts from call cards

• Analytics Savings Cards: Missed Calls, Transferred Calls, and Est. Savings calculations on Analytics page

• Sidebar Navigation Updates: AI Voice Agents, Docs | ...more, Data Privacy reordering, mobile bottom nav

• Comprehensive Timezone Support: 100+ IANA timezones grouped by region with GMT offsets

• MCP Servers Integration: MCP server management UI in Settings → Integrations with add/view/remove

• Branded Password Reset Emails: Custom request-password-reset edge function using admin.generateLink with branded templates

• Password Reset Flow: /forgot-password and /reset-password pages with hCaptcha and strength validation

• Trusted URLs for Custom Scripts: Domain-based trust list for bypassing security warnings on known-safe scripts

• Testimonials Management: Admin CRUD for customer testimonials with publish/feature toggles, database-connected landing page

• Agent Apps Menu: Admin-configurable external app links dropdown in dashboard sidebar

• Comprehensive Deployment Documentation: Deploy guides for Netlify, Vercel, VPS, and Windows Server

• GDPR Compliance System: User data export requests, admin approval workflow, automated JSON generation, signed download URLs

• FAQ Management for Superadmins: Create, edit, delete, publish/unpublish FAQs with category organization

• Organization Self-Deletion: Org admins can permanently delete their organization with cascading cleanup

• Custom Scripts Management: Third-party JS widgets in Admin Site Config with security validation

• Demo Abuse Prevention: hCaptcha gating, IP rate limiting (3/hour), global daily cap (100), audio duration limits

Changed

• Languages Section on Landing Page: Expanded from 8 emoji flags to all 22 supported language codes displayed as clean monospace text

• Guided Tour: Added Consent Log and Clients steps (now 18 steps total)

• Agent Skills Proficiency: Replaced 0-100% slider with 7-level discrete dropdown (Novice 15 → Master 100)

• Agent Skills Label: Renamed to "Agent Skills (Agent-to-Agent, aka A2A)" for clarity

• Built-in Guardrails: Updated call limit wording from 4 minutes to 7 minutes with 6-minute warning

• Contact Support Button: Now opens external support portal in a new tab instead of opening contact dialog

• Custom Scripts Now Work for All Users: Updated CustomScriptInjector to use public config instead of admin-only config

• Rebranded to AIVoice+: Updated app name across all branding, emails, meta tags, LICENSE, README, and edge functions

Fixed

• create-vapi-assistant Boot Error: Fixed duplicate const settings declaration causing boot failure

• Agent Dropdown Always Visible: Agent dropdown in appointment form now always shown with helpful message when no agents exist

• Select Value Fix: Resolved Radix Select empty-value crash by using "none" sentinel value

• Dashboard Metrics: "Calls Today" and "Average Duration" now correctly include browser calls

• Call Tallying: Increased call fetch limit from 50 to 100 and fixed date filtering

• FAQ disconnect: Admin panel and landing page now fetch from same database source

• Site config exposure: Sensitive fields no longer exposed to non-admin authenticated users

• Agent Apps Menu visibility: Fixed site_config_public view blocking non-admin users

• Email sending failures: Updated invalid RESEND_API_KEY; emails now send successfully

Security

• Encryption at Rest for Sensitive Tokens: Google Calendar refresh tokens and Vapi API keys encrypted using PGP symmetric encryption via pgcrypto

• GDPR Download Expiration Enforcement: Server-side cleanup of expired data exports

• increment_minutes_used Protection: Function restricted to service_role only with input validation

• search-phone-numbers Authentication: Added JWT verification and is_org_admin RPC check

• Plan-Based Discount Controls: Stripe checkout validates discount codes against plan's allowed list

• Invitation token protection: Blocked SELECT on raw invitations; admins use invitations_safe view

• Appointments privacy: created_by column with scoped RLS

• Profiles table protection: Users can only view their own profile

• Site config protection: site_config_public view for safe public access

• Row-Level Security (RLS) on all tables

• Webhook validation with timestamp verification

• hCaptcha bot protection

• Secure secret management

• Email verification flow using PKCE

Tests

• agent-one-safety.test.ts: 30 tests for sanitization, injection scanning, PII redaction, UUID validation, and message length limits

• agent-one-chat/safety.test.ts: 5 Deno edge function tests for CORS, auth, workspace_id validation, UUID format, and oversized message rejection

• DashboardAgentOne.test.tsx: Enhanced from 3 to 5 tests

• CreateWorkspaceDialog.test.tsx: Enhanced from 4 to 7 tests

• StorageUsageCard.test.tsx: 8 tests for storage card rendering, usage display, warning/full states

• UpgradeBanner.test.tsx: 13 tests total including 4 storage-related tests

• cloud-storage.test.ts: 7 tests for S3 upload, Supabase fallback, error handling

• NotificationBell.test.tsx: 9 tests for notification bell rendering

• appointment-reminders/index.test.ts: 3 Deno tests for edge function invocation

• DashboardRewards.test.tsx: 5 tests for rewards page

• DashboardStore.test.tsx: 7 tests for store page

• TopUpDialog.test.tsx: 4 tests for top-up dialog

• AdminRewards.test.tsx: 7 tests for admin rewards configuration

• AdminTopUpPackages.test.tsx: 5 tests for admin top-up packages

• AgentTemplates.test.tsx: 8 tests for template rendering

• AnalyticsSavingsCards.test.tsx: 7 tests for savings calculation

• AIAgentLearningSection.test.tsx: 7 tests for learning section

• AdminS3Buckets.test.tsx: 7 tests for S3 bucket configuration

• DashboardBrowserCalls.test.tsx: 5 tests for browser calls page

• MCPServersIntegration.test.tsx: 14 tests for MCP servers

• send-email tests: 9 tests

• request-password-reset tests: 7 tests

• ForgotPassword.test.tsx: 10 tests

• ResetPassword.test.tsx: 12 tests

• script-security.test.ts: 35 tests for script security

• CustomScriptsEditor.test.tsx: 18 tests for scripts editor

• AdminTestimonials.test.tsx: 6 tests for testimonials

• AgentAppsMenuEditor.test.tsx: 7 tests for agent apps editor

• AgentAppsDropdown.test.tsx: 5 tests for agent apps dropdown

• AdminGDPRRequests.test.tsx: 11 tests for admin GDPR

• DashboardGDPR.test.tsx: 9 tests for user GDPR

• AdminFAQs.test.tsx: 10 tests for FAQ management

• DeleteOrganization.test.tsx: 5 tests for org deletion

• 315+ tests across 33+ files total

Performance

• Code Splitting: Lazy loading for all non-critical routes

• Vendor Chunk Splitting: React, UI, and Chart libraries in separate cacheable chunks

• Resource Hints: DNS prefetch for Supabase and Google Fonts

• Font Optimization: Non-blocking Google Fonts loading

• Image Optimization: Explicit dimensions on logo to prevent CLS

• Build Target: ES2020 reducing legacy polyfills

Documentation

• TESTS.md: Comprehensive test inventory documenting all 333 tests across 35 files

• README.md: Updated test coverage section with full category breakdown

• CONTRIBUTING.md: Contributor guidelines

• FEATURES.md: Full feature documentation

Infrastructure

• Multi-tenant architecture with organization-based data isolation

• User authentication with email verification

• Role-based access control (Owner, Admin, Manager, Viewer)

• System admin roles (Super Admin, Support)

Features (Platform Capabilities)

Voice & Calls

• AI voice receptionist powered by Vapi.ai

• Twilio phone number provisioning and management

• ElevenLabs voice synthesis with 22+ language support

• Call recording and transcript storage

• Real-time call status monitoring

Dashboard

• Live call monitoring and analytics

• Call history with searchable transcripts

• AI-generated insights panel

• Setup checklist for new users

• Activity stream

Business Management

• Business hours configuration with timezone support

• Services management with duration and pricing

• Custom AI greeting and personality settings

• Google Calendar integration for appointments

Team & Collaboration

• Team member invitations with email notifications

• Role-based permissions per organization

• Admin impersonation for support

Billing & Subscriptions

• Stripe integration for payments

• Configurable pricing plans from admin panel

• Usage-based minute tracking

• Discount code system

• Customer portal access

Admin Panel

• Platform-wide metrics (users, orgs, MRR)

• Call volume and outcome charts

• User and organization management

• Plan configuration with Stripe sync

• Site branding configuration

• Email settings management

• AI-powered contact reply system

• Discount code management

• FAQ management

• GDPR request management

Landing Page

• Responsive hero section

• Features showcase

• Dynamic pricing from database

• FAQ section

• Contact form with hCaptcha protection

• Social proof bar

v1.0.0 -- 2026-02-06

Added

• Initial release of AI Voice Receptionist SaaS Template

• Complete multi-tenant platform ready for white-label deployment

• Full documentation in README.md