search
Try It!myAgents+Smarter AISupportRoadmap
Page cover

boltChangelog

🟒 Smarter AI 🟒

hashtag
AI Voice+

Tests Vitestarrow-up-right Languages BYOK Providers

Last updated: 02-19-2026

All notable changes to this project will be documented in this file.

Versioning: Calendar-based (vYYYY.MM.DD). Each month collects dated entries; at month-end they form that month's release.

hashtag
v2026.02.19 -- February 2026

hashtag
Added

  • 2026-02-19 -- Hybrid SSO (OIDC): sso-authorize and sso-callback edge functions for organization-level OIDC identity provider integration; admin SSOSettings UI with provider management; login domain detection with automatic SSO redirect banner

  • 2026-02-19 -- SSO Gamified Setup Guide: interactive 5-step How to Use dialog in SSOSettings with XP tracking, progress bar, localStorage persistence, and confetti celebration on completion

hashtag
Security

  • 2026-02-19 -- SSO Security Hardening: HMAC-SHA256 signed state parameter with 10-minute TTL (CSRF protection); redirect_uri validation against allowed origins whitelist; domain format regex validation; scalable user lookup via profiles table instead of listUsers(); defense-in-depth organization re-derivation from email domain in callback; existing user org linkage on SSO login; UNIQUE partial index on organizations.sso_domain to prevent domain collisions

hashtag
Tests

  • 2026-02-19 -- Added SSOSettings.test.tsx (20 tests): card rendering, form inputs, How to Use dialog, 5-step guide display, XP counter, progress bar, step completion toggle, localStorage persistence, pro tip, advanced section, loading state

  • 2026-02-19 -- Enhanced useConfetti.test.ts (4β†’8 tests): added multiple trigger-complete cycles, idempotent trigger, idempotent complete, useCallback memoization stability

  • 2026-02-19 -- Total: 815 tests across 90 frontend + 6 edge function test files

hashtag
v2026.02.18 -- February 2026

hashtag
Fixed

  • 2026-02-18 -- Top-Up Checkout Amount Mismatch: cart displayed combined one-time + recurring total but Stripe checkout only charged one-time items; unified all items through a single Stripe checkout session (subscription mode when recurring items present); all topup_purchases now created as pending until Stripe confirmation

  • 2026-02-18 -- Top-Up Premature Activation: recurring top-ups were being applied to account immediately before payment; removed superadmin bypass that skipped Stripe for recurring items; all top-ups now require completed Stripe checkout

  • 2026-02-18 -- Billing Card Cents Display: top-up purchase amounts in Settings β†’ Billing were shown in raw cents instead of formatted dollars; added /100 conversion with toFixed(2)

hashtag
Added

  • 2026-02-18 -- BYOK Provider Expansion: added 18 AI providers (50+ models) to AgentOne workspace Create and Edit dialogs β€” Google, OpenAI, Anthropic, Meta Llama, Mistral, DeepSeek, Requesty.ai, OpenRouter, Hugging Face, Ollama, Cohere, Groq, Perplexity, Together AI, Fireworks AI, xAI, AWS Bedrock, Azure OpenAI; grouped <optgroup> selectors in Create dialog, labeled sections in Edit dialog

  • 2026-02-18 -- 37-Language Expansion: added 15 new languages (Bengali, Thai, Vietnamese, Indonesian, Ukrainian, Czech, Romanian, Hungarian, Greek, Malay, Tamil, Filipino, Croatian, Bulgarian, Slovak) across AI Voice Agents, Convo+, and AgentOne; updated voice-config.ts with native names, BCP-47 codes, and localized greetings; synced useTextToSpeech.ts LANG_MAP; updated Convo+ workspace create/edit dialogs, chat interface, and progress dashboard LANG_LABELS

  • 2026-02-18 -- Landing Page Language Sync: updated FeaturesSection, ConvoLanding, FAQSection, and HowItWorksVisuals to reflect "37+ languages" with complete language chips

  • 2026-02-18 -- DashboardConvo LANG_LABELS: synced to full 37-language set matching other Convo+ components

  • 2026-02-18 -- PayPal Payouts API: paypal-payout edge function for real-money affiliate payouts via PayPal Payouts API; synchronous status update (no webhooks needed); "Pay Now" button sends funds and marks paid on success

  • 2026-02-18 -- Affiliate Dashboard Confetti: first-login confetti celebration with canvas-confetti; welcome banner auto-dismisses after 8s; tracked via localStorage per affiliate ID

  • 2026-02-18 -- Affiliates Menu Item: "Affiliates Earn 30%!" link added to sidebar More popover and mobile BottomNav More sheet; opens /affiliates in new tab with gradient highlight

  • 2026-02-18 -- Mobile PWA Admin Layout: added safe-area-inset-top padding to sticky mobile header for iPhone notch/Dynamic Island clearance; increased nav tab touch targets to 40px min-height with larger text and icons

hashtag
Tests

  • 2026-02-18 -- Updated CreateWorkspaceDialog.test.tsx (+2 tests): BYOK grouped providers rendering (18 providers visible), optgroup count validation

  • 2026-02-18 -- Added voice-config.test.ts (29 tests): SUPPORTED_LANGUAGES count (37), uniqueness, original + new language coverage, property completeness; ELEVENLABS_VOICES count (18), uniqueness, gender balance, recommended voices; DEFAULT_GREETINGS coverage for all 37 languages with placeholder validation; getLanguageByCode lookups; getVoiceById lookups; getRecommendedVoice gender filtering; getDefaultVoiceId validity; getVoicesByGender filtering; getDefaultGreeting substitution + fallbacks; migrateOldVoiceId legacy migrations

  • 2026-02-18 -- Added BottomNav.test.tsx (8 tests): 5 nav items rendering, More sheet opening, Affiliates link with new-tab attributes, Data Chat button, Docs link, active route highlighting, all more menu items

  • 2026-02-18 -- Added DashboardSidebar.test.tsx (9 tests): primary nav items, More button, overflow items in popover, Affiliates link with new-tab attributes, Docs link, Settings, Data Chat button, active route highlighting

  • 2026-02-18 -- Added AffiliateDashboard.test.tsx (8 tests): redirect without token, dashboard data rendering, stats cards, first-login confetti trigger (localStorage flag), no confetti on subsequent logins, referral link copy button, approved status badge, empty referrals message

  • 2026-02-18 -- Added useAdminAccess.test.ts (7 tests): loading state, unauthenticated block, allowed access, denied access, edge function error, server error, device fingerprint transmission

  • 2026-02-18 -- Updated AdminRoute.test.tsx (3β†’5 tests): added useAdminAccess mock; split loading into staff-loading and access-loading; added blocked-access 404 masking test

  • 2026-02-18 -- Total: 791 tests across 89 frontend + 6 edge function test files

hashtag
Tests

  • 2026-02-18 -- Updated CreateWorkspaceDialog.test.tsx (+2 tests): BYOK grouped providers rendering (18 providers visible), optgroup count validation

  • 2026-02-18 -- Added voice-config.test.ts (29 tests): SUPPORTED_LANGUAGES count (37), uniqueness, original + new language coverage, property completeness; ELEVENLABS_VOICES count (18), uniqueness, gender balance, recommended voices; DEFAULT_GREETINGS coverage for all 37 languages with placeholder validation; getLanguageByCode lookups; getVoiceById lookups; getRecommendedVoice gender filtering; getDefaultVoiceId validity; getVoicesByGender filtering; getDefaultGreeting substitution + fallbacks; migrateOldVoiceId legacy migrations

  • 2026-02-18 -- Added BottomNav.test.tsx (8 tests): 5 nav items rendering, More sheet opening, Affiliates link with new-tab attributes, Data Chat button, Docs link, active route highlighting, all more menu items

  • 2026-02-18 -- Added DashboardSidebar.test.tsx (9 tests): primary nav items, More button, overflow items in popover, Affiliates link with new-tab attributes, Docs link, Settings, Data Chat button, active route highlighting

  • 2026-02-18 -- Added AffiliateDashboard.test.tsx (8 tests): redirect without token, dashboard data rendering, stats cards, first-login confetti trigger (localStorage flag), no confetti on subsequent logins, referral link copy button, approved status badge, empty referrals message

  • 2026-02-18 -- Total: 782 tests across 88 frontend + 6 edge function test files

hashtag
v2026.02.17 -- February 2026

hashtag
Fixed

  • 2026-02-17 -- Newsletter Popup Readability: replaced wall-of-text inline expansion with formatted Dialog popup; formatNewsletterContent engine converts raw text into structured HTML with headings, bullet lists, paragraphs, and video embeds; prose typography classes for consistent reading experience

  • 2026-02-17 -- Mobile More Drawer: added Blog and Newsletter buttons to BottomNav "More" drawer for mobile accessibility

  • 2026-02-17 -- Site Stats Input Visibility: added text-foreground to Site Name and Domain inputs so typed text is visible on dark backgrounds

  • 2026-02-17 -- Site Stats Button Visibility: added explicit text-foreground border-border to outline buttons (Copy Script, Refresh, date range selectors) for dark theme contrast

hashtag
Added

  • 2026-02-17 -- Superadmin "How to Use This Dashboard" guide: colorful 16-section dialog accessible from Overview quick-action bar, covering all admin modules with gradient icons, category badges, and ⌘K tip

hashtag
Tests

  • 2026-02-17 -- Updated AgentSkills.test.tsx (9 tests, +1 new): "See Flow" button for A2A diagram

  • 2026-02-17 -- Total: 714 tests across 83 frontend + 6 edge function test files

hashtag
v2026.02.16 -- February 2026

hashtag
Added

  • 2026-02-16 -- AI Content Generate Structured Output: ai-content-generate edge function returns structured JSON (title, excerpt, category, tags, content) via tool calling; AdminBlog and AdminNewsletter auto-fill all fields and embed cover images as Markdown

  • 2026-02-16 -- Affiliate Landing Section: new AffiliateSection component above FAQs on landing page with "Earn 30% Commission" messaging, benefit cards, and signup CTA; content editable via Superadmin Site Config

  • 2026-02-16 -- Affiliate Site Config Editor: new "Affiliate Section (Landing Page)" accordion in LandingSectionEditor with headline, description, and button text fields; backed by 3 new site_config columns

  • 2026-02-16 -- Secure Affiliate Dashboard: new affiliate-dashboard-data edge function for server-side affiliate data access; token stored in sessionStorage instead of URL

  • 2026-02-16 -- Error Boundary: global ErrorBoundary component wrapping App.tsx catches render crashes with branded fallback UI

  • 2026-02-16 -- Branded 404 Page: redesigned NotFound.tsx with theme-consistent styling and navigation links

  • 2026-02-16 -- Newsletter Subscription Price in Dollars: newsletter_subscription_price_cents column renamed to newsletter_subscription_price (numeric, dollars) in site_config; Admin UI and newsletter-checkout edge function updated to read/write dollar values directly

  • 2026-02-16 -- Scheduled Auto-Publish System: new scheduled-publish edge function with pg_cron job running every minute to auto-publish scheduled blog posts and auto-send scheduled newsletters at their published_at / scheduled_at times

  • 2026-02-16 -- Affiliate Page Text Customization: superadmins can edit headings, subtitles, and commission text for affiliate login, registration, and dashboard pages via Site Config; new affiliate_login_heading, affiliate_register_title, affiliate_register_commission_text, affiliate_dashboard_welcome columns in site_config

  • 2026-02-16 -- Affiliate Page Branding: affiliate login and registration pages now display site logo and include the standard DashboardFooter

  • 2026-02-16 -- Viral Content Studio: AI-powered viral video script generator with duration picker (10s/30s/60s/2min/5min), elite scriptwriting prompt, and auto-editor flow

hashtag
Fixed

  • 2026-02-16 -- Top-Up Checkout 100x Overcharge Bug: topup-checkout edge function was multiplying price_cents by 100 again (Stripe expects cents, DB already stores cents); removed the extra * 100 multiplication for both recurring and one-time items

  • 2026-02-16 -- Top-Up Duplicate Insert: removed duplicate topup_purchases insert call in topup-checkout edge function

  • 2026-02-16 -- Affiliate "Mark Paid" Button Visibility: updated button styling from invisible variant="outline" to text-foreground border-foreground/30 for readable contrast on dark backgrounds

  • 2026-02-16 -- Navbar Sign In / Dashboard Button Spacing: added ml-2 margin to CTA button container; added isLoading guard to prevent flashing between states during auth resolution

  • 2026-02-16 -- Viral Content Studio Visibility: fixed dark-theme contrast issues on labels, inputs, selects, and buttons

hashtag
Security

  • 2026-02-16 -- RLS Hardening: affiliates, affiliate_referrals, affiliate_payouts SELECT policies set to USING (false) β€” data accessed via edge function only; newsletter_edition_purchases INSERT restricted to service role

  • 2026-02-16 -- site_config_public view updated to include affiliate section columns

hashtag
Tests

  • 2026-02-16 -- Fixed CustomScriptInjector.test.tsx (8 tests, was 9): removed 2 obsolete mobile-gating tests, added 1 all-viewports injection test (scripts now inject on all viewports)

  • 2026-02-16 -- Added scheduled-publish/index.test.ts (2 tests): 200 response with success payload, CORS OPTIONS handling

  • 2026-02-16 -- Fixed AgentAppsDropdown.test.tsx: updated test to match component behavior (always renders Apps+ button)

  • 2026-02-16 -- Refactored NotificationBell.test.tsx (9 tests): variant-based filtering (user/admin), dismiss mutations, admin styling, realtime context-matching

  • 2026-02-16 -- Total: 713 tests across 82 frontend + 6 edge function test files

hashtag
v2026.02.15 -- February 2026

hashtag
Added

  • 2026-02-15 -- Analytics Consolidation: deleted redundant DashboardAnalytics page; removed Analytics tab from superadmin panel; AI Usage card merged into Overview section

  • 2026-02-15 -- Superadmin Overview Enhancements: Quick Action buttons, System Health card, New Signups widget, Top Performing Organizations leaderboard, Platform Growth sparklines

  • 2026-02-15 -- Announcement Gradient Backgrounds: 7 beautiful gradient presets (Ocean Blue, Sunset, Purple Haze, Emerald, Rose Gold, Midnight, Default) selectable when creating/editing announcements; gradients render on toast notifications and feature badges

  • 2026-02-15 -- Poll Announcements: new "Poll" category in announcements with 4 interactive vote types (5 Stars, Sentiment Faces, Thumbs Up/Down, NPS 1–10); poll type picker UI, validation, and Poll badge on announcement list items

  • 2026-02-15 -- Webhook Delivery Logs: webhook_delivery_logs table with collapsible delivery history per webhook showing status codes and timing

  • 2026-02-15 -- Audit Log System: audit_logs table with Activity Log tab in Settings; filterable by action type with scrollable timeline

  • 2026-02-15 -- Bulk Actions on Calls: select-all checkbox, per-call checkboxes, floating "Export Selected" bar

  • 2026-02-15 -- Bulk Actions on Clients: select-all header checkbox, per-row checkboxes, floating action bar with Export and Delete (with confirmation dialog)

  • 2026-02-15 -- UNIQUEFEATURES.md: roadmap of 14 innovative future features

  • 2026-02-15 -- Avatar Upload Fix: added storage RLS policies allowing authenticated users to upload/update their own avatar in the avatars/{uid}/ path

  • 2026-02-15 -- Recurring Top-ups Architecture: non-minute top-ups (agents, users, phone numbers, storage) now become recurring monthly subscription add-ons; minutes remain one-time. New recurring_topups table, billing_mode column on topup_packages, cancel-recurring-topup edge function, and "Monthly Add-ons" section in Billing with per-item cancel buttons

  • 2026-02-15 -- GDPR Approval Branded Email: superadmin approval of data export requests now sends a branded notification email from AI Voice+ <[email protected]> to the requesting user with download instructions and 7-day expiry notice

hashtag
Fixed

  • 2026-02-15 -- Guided Tour +Add Visibility: tour card now positions below header/nav targets instead of to the right, with upward-pointing arrow; target element gets pointer-events: auto and elevated z-index so it remains visible and clickable through the overlay

  • 2026-02-15 -- AgentOne Chat Mobile Responsiveness: header uses flex-wrap with icon-only buttons on mobile; sidebar becomes full-width overlay on small screens; input area has compact spacing

  • 2026-02-15 -- Rewards "Apply to Subscription" Feedback: clicking with insufficient points now shows a destructive toast explaining the minimum required instead of silently doing nothing

  • 2026-02-15 -- GDPR Data Export Trigger Fix: trg_notify_admin_gdpr no longer references non-existent requester_email column; now looks up email from auth.users via user_id

  • 2026-02-15 -- Mobile Change Plan Dialog: added max-h-[85vh] overflow-y-auto to the upgrade dialog so plans are scrollable and selectable on mobile devices

  • 2026-02-15 -- Top-Up Dialog Billing Mode Labels: packages now display "monthly" or "one-time" badges with per-month pricing suffix for recurring items

  • 2026-02-15 -- Quick Add Shortcuts: added "Resources" (β†’ Settings > Billing) and "MCP Server" (β†’ Settings > Integrations) items to the + Add dropdown in the dashboard header

  • 2026-02-15 -- Guided Tour Quick Add Step: new first tour step highlighting the + Add button with description of all available shortcuts; tour now dynamically elevates header or sidebar containers for proper visibility

  • 2026-02-15 -- Mobile Settings Responsiveness: all Settings tab detail pages made responsive for mobile PWA view β€” card headers, list items, and button rows now stack vertically on small screens using flex-col β†’ sm:flex-row pattern across DashboardSettings, APIKeyManagement, MCPServersIntegration, ICalSyncIntegration, TeamMembersList, and BillingCard; TabsList now horizontally scrollable

  • 2026-02-15 -- Business Settings Mobile Fix: BusinessHoursEditor day rows stack vertically with mobile/desktop switch toggles; ServicesEditor uses single-column grid on mobile; address fields use responsive grid breakpoint

  • 2026-02-15 -- Mobile Data Chat: "Data Chat" button added to BottomNav "More" drawer with gradient styling matching desktop sidebar

  • 2026-02-15 -- Agent Apps Menu Reorder: move up/down arrow buttons on each app item in Superadmin β†’ Site Config β†’ Agent Apps Menu for drag-free reordering

  • 2026-02-15 -- Transferred Calls Page: dedicated /dashboard/transferred-calls page with search, CSV export, and S3 archival; sidebar "More" menu entry; clickable Transferred card on dashboard

  • 2026-02-15 -- E-Sig Document Editor: "View Doc" button opens full-screen monospace editor for raw document content; new content column on esig_documents

  • 2026-02-15 -- Client Portal Fix: get_portal_invoice_data SECURITY DEFINER function bypasses RLS for unauthenticated portal visitors; portal buttons hidden for draft invoices

  • 2026-02-15 -- Competitors Page Visibility Fix: added text-foreground classes to buttons, tabs, and badges in AdminCompetition for dark-mode visibility

  • 2026-02-15 -- Mobile Nav Reorder: BottomNav reordered to Home β†’ Calls β†’ More β†’ AgentOne β†’ Settings; More button now centered

  • 2026-02-15 -- Mobile Logo: app logo added to mobile top bar linking to landing page

  • 2026-02-15 -- Custom Script Desktop-Only: CustomScriptInjector now only injects widgets on desktop (β‰₯768px); scripts are removed on mobile viewports

  • 2026-02-15 -- Dashboard Card Links: AgentOne "Workspaces" card links to /dashboard/agentone/workspaces; Convo+ "Spaces" card links to /dashboard/convo/spaces

hashtag
Security

  • 2026-02-15 -- Sensitive data exposure fix: all client-side reads of organization_settings switched to organization_settings_safe view (excludes vapi_api_key, google_calendar_refresh_token); agent_one_workspaces base table SELECT policy restricted to org admins only (general reads use agent_one_workspaces_safe view)

  • 2026-02-15 -- CRM Contact Form hardening: added IP rate limiting (5/15min), server-side input sanitization (HTML stripping, control char removal, length limits), hCaptcha verification, email format validation, and masked error messages to crm-contact-form edge function

  • 2026-02-15 -- Contact page hCaptcha: added HCaptchaWidget to the public Contact form (client + server verification) alongside existing honeypot

  • 2026-02-15 -- HCaptcha Runtime Fetch: updated HCaptcha component to fetch site key at runtime from hcaptcha-sitekey edge function when build-time env var is unavailable; consolidated duplicate HCaptcha components into single HCaptchaRuntime.tsx

hashtag
Fixed

  • 2026-02-15 -- Settings tabs mobile overflow: card headers with side-by-side title + buttons now stack vertically on mobile

  • 2026-02-15 -- Business Hours Editor: fixed day rows overflowing on mobile (fixed-width inputs replaced with flex-grow)

  • 2026-02-15 -- Services Editor: fixed 2-column grid forcing cramped layout on mobile

  • 2026-02-15 -- Competitors page: outline buttons and tab triggers invisible on dark admin background

  • 2026-02-15 -- Client Portal: "Invoice not found" error due to RLS blocking unauthenticated portal token queries

  • 2026-02-15 -- Footer gap: excessive empty space above footer on all pages fixed with mt-auto on DashboardFooter

  • 2026-02-15 -- Convo+ chat: top navigation bar hidden on mobile fixed by adjusting chat container height

hashtag
Tests

  • 2026-02-15 -- Updated QuickAddDropdown.test.tsx (10 tests, +3 new): Resources navigation to billing, MCP Server navigation to integrations, data-tour attribute on trigger button

  • 2026-02-15 -- Updated GuidedTour.test.tsx (3 tests, updated): first step now verifies "Quick Add" title, step count updated from 12 to 13

  • 2026-02-15 -- Added BusinessSettings.test.tsx (6 tests): loading state, accordion sections, form fields, save indicator, timezone, responsive address grid

  • 2026-02-15 -- Added BusinessHoursEditor.test.tsx (5 tests): 7-day rendering, closed state, time inputs, switch toggles, responsive layout classes

  • 2026-02-15 -- Added ServicesEditor.test.tsx (6 tests): empty state, service items, labels, add interaction, delete buttons, responsive grid

  • 2026-02-15 -- Updated AgentAppsMenuEditor.test.tsx (10 tests, +3 new): move up, move down, boundary disable guards

  • 2026-02-15 -- Updated GuidedTour "More Features" description to include Transferred Calls and BAA | e-Sig Docs

  • 2026-02-15 -- Updated CustomScriptInjector.test.tsx (9 tests, +2 new): mobile gating, desktop-to-mobile cleanup

  • 2026-02-15 -- Updated ConvoDashboardMetrics.test.tsx (3 tests): added BrowserRouter wrapper for Link component, clickable Spaces link test

  • 2026-02-15 -- Updated Contact.test.tsx (10 tests): updated mock from HCaptcha to HCaptchaRuntime

  • 2026-02-15 -- Updated validations.test.ts (27 tests, +10 new): contactFormSchema validation β€” valid data, missing name, invalid email, short message, name/message length limits, optional phone/company, phone/company length limits

  • 2026-02-15 -- Added HCaptchaRuntime.test.tsx (5 tests): runtime sitekey fetch, captcha rendering, onNotConfigured callbacks, loading state, error handling

  • 2026-02-15 -- Fixed AnalyticsSavingsCards.test.tsx (7 tests): added BrowserRouter wrapper for Link component

  • 2026-02-15 -- Updated DashboardClimateSaved.test.tsx (11 tests, +2 new): Climate Impact & Carbon Cash learning section, link to rewards page

  • 2026-02-15 -- Updated DashboardRewards.test.tsx (7 tests, +2 new): How Rewards & Climate Connect learning section, link to climate dashboard

  • 2026-02-15 -- Added AdminAnnouncements.test.tsx (11 tests): heading, add button, create dialog, category select, poll type picker visibility, poll badge on list items, active/inactive badges, empty state, title/message fields

  • 2026-02-15 -- Total: 715 tests across 83 frontend + 5 edge function test files

hashtag
v2026.02.14 -- February 2026

hashtag
Added

  • 2026-02-14 -- Comprehensive Notification System: 17 database triggers across 12 tables generate real-time notifications for both user and superadmin dashboards. Two helper functions (notify_org_members, notify_admin_staff) insert notifications for all org members or all admin staff respectively. NotificationBell updated with Sonner toast on realtime INSERT, individual green "Mark Read" button per notification, extended Lucide icon map (13 types), and glowing red dot unread indicator. Bell added to Admin panel mobile and desktop headers. crm-contact-form edge function now calls notify_admin_staff RPC on new leads.

  • 2026-02-14 -- CRM Contact Form Edge Function: created dedicated crm-contact-form edge function for inserting contact page submissions directly into crm_contacts as leads (previously incorrectly routed to auth-signup which had no handler)

  • 2026-02-14 -- CRM Expansion: 8 new CRM sub-tabs (Forecast, Segments, Campaigns, Tickets, Automations, Quotes, Projects, Integrations) with full CRUD, plus RBAC staff permission gating on Admin sidebar

  • 2026-02-14 -- Security Hardening: expanded injection patterns (10 total), PII patterns (5 total incl. email/phone/UK NINO), blocked voice phrases, fail-closed moderation and rate limiting, output moderation for convo-chat, injection audit logging, MCP server race condition fix (per-request context), chat-with-data full safety pipeline, error masking across 8 edge functions, S3 key decryption via RPC, HTML escaping in email templates, admin-ai-insights input validation

  • 2026-02-14 -- Documentation: created BiasProtections.md, Guardrails.md, AgentVerifier.md

  • 2026-02-14 -- Superadmin Command Palette: search split into "App Items" and "Superadmin Items" (20 admin tabs) with onAdminTab callback for tab switching without page reloads

  • 2026-02-14 -- AgentOne Chat TTS: green Volume2/VolumeX button in chat input bar, per-message speak buttons on assistant messages, auto-speak on new responses via browser Speech Synthesis API

  • 2026-02-14 -- Larger prompt inputs: replaced <Input> with auto-resizing <textarea> in AgentOne workspace and Convo+ chat interfaces (Enter sends, Shift+Enter newline)

  • 2026-02-14 -- Quick Add (+) deep linking: all 5 items now navigate with ?action=create query param; target pages auto-open creation dialogs after data loads using pendingCreate pattern to avoid race conditions

hashtag
Fixed

  • 2026-02-14 -- CRM Contact Form: fixed contact page submissions not reaching crm_contacts table β€” created dedicated crm-contact-form edge function (was incorrectly calling auth-signup which ignored the crm_contact_from_form action)

  • 2026-02-14 -- AdminRoute test: updated mock from deprecated useSystemAdmin to useAdminStaff hook after RBAC refactor

  • 2026-02-14 -- Command Palette search: fixed AgentOne navigation path (/dashboard/agent-one β†’ /dashboard/agentone), Climate Saved path (/dashboard/climate-saved β†’ /dashboard/climate), removed AI Assistant Settings and AI Settings from search items

hashtag
Tests

  • 2026-02-14 -- Added Contact.test.tsx (9 tests): form rendering, validation errors, contact_requests insert, crm-contact-form edge function invocation, thank you screen, honeypot field

  • 2026-02-14 -- Fixed AdminRoute.test.tsx (3 tests): updated to mock useAdminStaff instead of removed useSystemAdmin

  • 2026-02-14 -- Added CommandPalette.test.tsx (10 tests): Cmd+K open, Navigation vs App Items heading, Superadmin Items visibility, admin tab items, onAdminTab callback

  • 2026-02-14 -- Updated QuickAddDropdown.test.tsx (7 tests, +5 new): navigation paths with ?action=create for all 5 items (calendar, agents, convo, agentone, clients)

  • 2026-02-14 -- Fixed DashboardClients.test.tsx: added MemoryRouter wrapper (required after useSearchParams addition)

  • 2026-02-14 -- Updated CommandPalette.test.tsx (11 tests, +1 new): AI Assistant Settings removal verification

  • 2026-02-14 -- Updated NotificationBell.test.tsx (12 tests, rewritten): Lucide icons instead of emojis, individual Mark Read buttons, red dot indicator, realtime Sonner toast firing, mark read mutation

  • 2026-02-14 -- Total: 659 tests across 78 frontend + 5 edge function test files

  • 2026-02-14 -- Guided Tour: reordered steps to match updated sidebar layout (Dashboard β†’ Calendar β†’ AI Voice Agents β†’ Convo+ β†’ AgentOne β†’ All Calls β†’ Climate Saved β†’ Apps+ β†’ More β†’ Docs β†’ Settings β†’ Tour), removed standalone Analytics step (now 12 steps); fixed duplicate badges in README

hashtag
v2026.02.13 -- February 2026

hashtag
Added

  • 2026-02-13 -- Top Up Extra Resources: redesigned TopUpDialog with multi-item cart (quantity steppers, cart summary, proceed to checkout), topup-checkout edge function updated to accept array of items with multiple Stripe line items, top-up purchases displayed on Billing page

  • 2026-02-13 -- Top Up DB columns: topup_agents, topup_phone_numbers, topup_users, topup_storage_gb on subscriptions table; Dashboard and ResourceUsageCards now sum base plan + top-up values for all 5 resource types

  • 2026-02-13 -- Convo+ Dashboard Metrics: 6 metric cards (Spaces, Messages, Tokens Used, Total XP, Words Learned, Learners) matching AgentOne dashboard pattern

  • 2026-02-13 -- Quick Add (+) dropdown in dashboard header with shortcuts: New Appointment, Create Agent, Convo Space, AgentOne Space, Client

  • 2026-02-13 -- BillingCard "Top Up" button renamed to "Top Up Extra Resources"

  • 2026-02-13 -- Convo+ safety hardening: 10-layer security pipeline matching AgentOne β€” IP rate limiting (30/15min), input validation, sanitization, prompt injection scanning, content moderation via AI gateway, PII redaction on input and output, safety preamble, per-org daily quota (100 msgs/day) via convo_usage table, audit logging to ai_usage_logs, org membership verification

  • 2026-02-13 -- Guided Tour updated to 13 steps: added Climate Saved step with Leaf icon; updated More Features description to highlight Rewards/Carbon Cash

  • 2026-02-13 -- App name badge in sidebar now links to landing page (/) instead of /dashboard

  • 2026-02-13 -- Full PWA support: installable app with service worker, offline caching, manifest, PWA icons, and /install page with platform-specific instructions

  • 2026-02-13 -- ImpactRewardsCards: reusable COβ‚‚ Saved and Carbon Cash cards added to Overview and Analytics dashboards with live data from call_logs and rewards_balances

  • 2026-02-13 -- Climate Saved dashboard now pulls actual call duration data from call_logs table (was only using subscription/rewards data)

  • 2026-02-13 -- Hero section desktop layout: increased container padding for better breathing room at lg+ breakpoints

  • 2026-02-13 -- Climate Saved dashboard: environmental impact metrics (COβ‚‚, trees, energy, car miles) with transparent "How It's Calculated" accordion showing formulas and EPA/IEA sources

  • 2026-02-13 -- Admin Webhooks: CRUD for webhook endpoints with event selection, test ping, and active/inactive toggle (superadmin only)

  • 2026-02-13 -- Bulk Discount Code generation: batch-create up to 100 codes with CSV download

  • 2026-02-13 -- Bulk Discount Codes UX overhaul: batch summary rows with ... dropdown for View Codes and Export CSV

  • 2026-02-13 -- Admin Data Archival: automatic S3/Supabase storage archival for bulk-generated discount code CSVs with IDrive E2 fallback

  • 2026-02-13 -- Agent save-before-test: disabled test call button for unsaved agents with "Save Agent" prompt

  • 2026-02-13 -- Confetti celebrations on first login (with has_seen_welcome profile flag)

  • 2026-02-13 -- Rewards "How It Works" accordion explaining earning rates, milestones, and redemption rules

  • 2026-02-13 -- "How to Use" instructional accordions added to AI Voice Agents, Convo+, and AgentOne pages

  • 2026-02-13 -- Superadmin unlimited access fix: DashboardAgents now uses useSubscriptionGuard with ∞ badge for superadmins

  • 2026-02-13 -- Dashboard consolidated: merged Analytics charts, tally cards (Clients, Appointments, Calls, Consents, Top-Ups), and resource usage cards (Minutes, Users, Storage) into main Dashboard; Analytics route redirects to /dashboard; sidebar prefix-match highlighting fix for Convo+/AgentOne sub-routes

  • 2026-02-13 -- Data Chat expanded: 12 user + 12 admin suggested questions covering patterns, conversion, churn risk, MRR growth, peak hours, and more

hashtag
Fixed

  • 2026-02-13 -- 2FA issuer branding: authenticator apps now display "AI Voice+" instead of the default domain name when enrolling TOTP factors

  • 2026-02-13 -- MFA login "missing sub claim" error: fixed race condition where stale-session cleanup in AuthProvider could sign out a freshly authenticated user before MFA challenge completed; added staleCheckCancelled flag and session-alive guard before mfa.challenge()

hashtag
Security

  • 2026-02-13 -- Webhook secrets now encrypted at rest via encrypt_webhook_secret_trigger (defense in depth, matching org settings pattern)

  • 2026-02-13 -- Script security hardened: eval() and new Function() now always blocked even with trusted URLs; CustomScriptInjector uses DOMParser instead of innerHTML; regex lastIndex state reset prevents false negatives

hashtag
Tests

  • 2026-02-13 -- Added HeroSection.test.tsx (4 tests): headline, CTA buttons, trust indicators, trusted-by badge

  • 2026-02-13 -- Added Install.test.tsx (3 tests): title, benefit cards, instructions section

  • 2026-02-13 -- Added ImpactRewardsCards.test.tsx (4 tests): CO2 card, rewards card, loading skeletons, detail page links

  • 2026-02-13 -- Added ConfettiOverlay.test.tsx (5 tests): render states, pointer-events-none, onComplete callback, cleanup

  • 2026-02-13 -- Added useConfetti.test.ts (4 tests): API shape, initial state, activate, deactivate

  • 2026-02-13 -- Added DashboardClimateSaved.test.tsx (9 tests): title, metrics, milestone, accordion formulas

  • 2026-02-13 -- Added TopUpDialog.test.tsx (4 tests): dialog title, description, empty state, closed state

  • 2026-02-13 -- Added ConvoDashboardMetrics.test.tsx (3 tests): skeleton loaders, null orgId handling

  • 2026-02-13 -- Added QuickAddDropdown.test.tsx (2 tests): render Add button, 5 menu items on click

  • 2026-02-13 -- Added GuidedTour.test.tsx (3 tests): step count, Climate Saved inclusion, step dots

  • 2026-02-13 -- Added convo-chat/safety.test.ts (6 tests): UUID validation, message length, injection detection, sanitization, PII redaction, field validation

  • 2026-02-13 -- Added AdminWebhooks.test.tsx (8 tests): title, buttons, URL display, event badges, empty state

  • 2026-02-13 -- Added AdminDiscountCodes.test.tsx (8 tests): title, buttons, code display, active badge, empty state, batch summary, dropdown

  • 2026-02-13 -- Added admin-data-archive.test.ts (5 tests): S3 archival, Supabase fallback, MIME types, folder paths

  • 2026-02-13 -- Updated script-security.test.ts (+1 test): eval/Function never-downgrade with trusted URLs

  • 2026-02-13 -- Updated useAuth.test.tsx (12 tests, +3 new): MFA factor detection, MFA skip for unverified factors, stale session cleanup on mount; updated mock to include getUser and mfa.listFactors

  • 2026-02-13 -- Total: 642 tests across 86 frontend + 5 edge function test files

hashtag
v2026.02.12 -- February 2026

hashtag
Added

  • 2026-02-12 -- Dashboard sidebar reordered: Dashboard β†’ Calendar β†’ AI Voice Agents β†’ Convo+ β†’ AgentOne β†’ All Calls β†’ Analytics

  • 2026-02-12 -- AgentOne Dashboard: replaced marketing splash page with a metrics-driven dashboard at /dashboard/agentone/dashboard featuring 6 metric cards (workspaces, runs, messages, tokens, memories, tools), 30-day usage trend chart (messages/tokens toggle), recent runs feed with workspace name and status, top 6 workspace grid with quick-create action. AgentOne landing page restored as the entry point

  • 2026-02-12 -- Convo+ landing page "Go to Workspaces" button now navigates directly to the Progress Tracking dashboard tab

  • 2026-02-12 -- Convo+ language support expanded to 22+ languages (added NL-BE, ES-MX, TR, HI, TH, EL) across landing page, workspace create and edit dialogs

hashtag
Fixed

  • 2026-02-12 -- 2FA banner "Set Up 2FA" button now correctly navigates to Settings β†’ Security tab (was going to Profile tab due to query param mismatch)

hashtag
Changed

  • 2026-02-12 -- Renamed sidebar "Agent Apps" dropdown label to "Apps+"

  • 2026-02-12 -- Renamed sidebar "Docs" link label to "Docs | ...more"

  • 2026-02-12 -- Convo+ TTS switched from ElevenLabs API to browser-native Speech Synthesis API (zero cost, smart voice selection preferring Neural/Enhanced voices, language-matched via BCP-47). ElevenLabs remains active for voice agents only

hashtag
Tests

  • 2026-02-12 -- Added TwoFactorBanner.test.tsx (3 tests): render, security tab navigation, dismiss

  • 2026-02-12 -- Updated AgentAppsDropdown.test.tsx to match new "Apps+" label

  • 2026-02-12 -- Added DashboardConsents.test.tsx (8 tests): title, metrics, search, empty state

  • 2026-02-12 -- Added DashboardClients.test.tsx (11 tests): title, metrics, buttons, empty state, export disabled

  • 2026-02-12 -- Added AgentEditorForm.test.tsx (10 tests): cards, validation, cancel handler, create button

  • 2026-02-12 -- Added useTextToSpeech.test.ts (17 tests): API shape, speak/stop, cooldown, truncation, locale mapping, voice selection (cloud/neural preference, language matching), cleanup

  • 2026-02-12 -- Added AgentOneDashboardMetrics.test.tsx (3 tests): skeleton loaders, metric labels, zero values

  • 2026-02-12 -- Added AgentOneDashboardUsageChart.test.tsx (3 tests): title, toggle buttons, empty state

  • 2026-02-12 -- Added AgentOneDashboardRecentRuns.test.tsx (2 tests): title, empty state

  • 2026-02-12 -- Added DashboardConvo.test.tsx (5 tests): title, tabs, default tab, progress tab via URL param, description

hashtag
v2026.02.11 -- February 2026

hashtag
Added

  • 2026-02-11 -- Role Permissions Matrix in Settings β†’ Team: collapsible table showing what each role (Viewer, Manager, Admin) can access per feature, with highlighted column for selected role

  • 2026-02-11 -- Renamed "Editor" role to "Manager" across invite dialog and member detail sheet to match database enum

hashtag
Changed

  • 2026-02-11 -- Viewer role no longer implies transcript access; transcripts require Manager or above

  • 2026-02-11 -- Improved role descriptions in invite dialog and member sheet with specific feature callouts

hashtag
v2026.02.11 -- February 2026 (Baseline RC)

Everything shipped up to this date, consolidated as the initial baseline release.

hashtag
Added

  • BYOK Routing + Safety Guardrails for AgentOne: Complete security and BYOK implementation for the agent-one-chat edge function

    • BYOK Provider Routing: Workspaces with a custom API key now route requests directly to OpenAI or Google Gemini APIs based on model prefix, with provider error normalization (429/401/402/502)

    • Encrypted BYOK Key Storage: byok_api_key column on agent_one_workspaces with encrypt_workspace_byok_trigger for PGP encryption at rest

    • get_decrypted_workspace_key: Security definer function (service_role only) for server-side key decryption

    • IP Rate Limiting: 30 messages per 15 minutes per IP via shared rate-limit.ts utility

    • Input Validation: 10K character cap, UUID format checks, null byte/control character stripping

    • Prompt Injection Defense: 6 regex patterns detect and safely wrap injection attempts

    • Content Moderation: AI-powered input screening via Lovable AI gateway (gemini-2.5-flash-lite), always uses platform key

    • System Prompt Hardening: Non-negotiable safety preamble prepended to every conversation

    • PII Redaction: Real-time streaming output scan for credit card numbers and SSNs, replaced with [REDACTED]

    • Per-Org Daily Quotas: agent_one_usage table with increment_agent_one_usage RPC for atomic 100 msgs/day tracking

    • Audit Logging: Every request logged to ai_usage_logs with user, org, feature, model, and token count

    • Frontend BYOK Wiring: DashboardAgentOne.tsx createMutation now stores byok_api_key and sets ai_provider = "byok"

    • Client-side Safety Utilities: src/lib/agent-one-safety.ts mirrors server guardrails for pre-validation

  • AgentOne Workspaces: Full agentic AI workspace system with multimodal streaming chat, persistent memory, and MCP data integration

    • 5 new database tables: agent_one_workspaces, agent_one_runs, agent_one_messages, agent_one_memory, agent_one_tools with org-level RLS

    • 3 edge functions: agent-one-chat (streaming AI with live org data tools), agent-one-workspace (lifecycle), agent-one-memory (CRUD)

    • Gemini 3 Flash (Free) as default model; BYOK mode for custom API keys and models (GPT-5, Claude, etc.)

    • Workspace listing page (/dashboard/agentone) with create dialog, search, status management

    • Workspace detail page (/dashboard/agentone/:workspaceId) with streaming chat, 6-tab sidebar (Runs, Memory, Tools, Docs, Files, MCP), quick-action buttons

    • MCP Data Integration: Chat can query live call logs, clients, appointments, and agents; results rendered as interactive cards

    • MCP Data Panel: Sidebar tab showing connected MCP servers with one-click context injection

    • Drag-and-drop document upload supporting PDF, TXT, MD, CSV, JSON, and images (PNG/JPG/WEBP)

    • Artifact viewer auto-extracts code blocks and structured data from assistant messages into browsable gallery

    • Custom tools panel with CRUD for prompt templates, code snippets, and workflows

    • Memory viewer with type filtering (fact/instruction/preference/context)

    • Folder-level S3 storage isolation (agent-one/workspace-{id}/) with Supabase Storage fallback

    • Sidebar and BottomNav updated with "AgentOne" menu item

  • Call Recording Consent System: Opt-in per-agent consent flow that asks callers for recording consent at the start of every call

    • call_consents table with org-level RLS and append-only policies for regular users

    • require_consent toggle on ai_agents table (default: off)

    • recordConsent Vapi tool injected into assistant when enabled

    • System prompt dynamically prepends consent script when active

    • Consent Log dashboard page (/dashboard/consents) with date, caller, agent, and status filtering

  • Identity Verification System: Opt-in per-agent caller verification before sensitive actions

    • identity_verifications table tracking verification attempts, methods, and outcomes

    • require_identity_verification toggle and identity_verification_methods (PIN, DOB, Account Number) on ai_agents

    • verifyIdentity Vapi tool with encrypted PIN lookup via decrypt_sensitive()

    • System prompt dynamically injects verification instructions when active

  • Client Records Management: Centralized client database with CRM-like capabilities

    • client_records table with encrypted security PINs via encrypt_client_pin_trigger

    • Auto-upsert from bookAppointment Vapi webhook (creates/updates client on every booking)

    • Full CRUD dashboard page (/dashboard/clients) with search, status filters, add/edit dialogs, and CSV export

  • Agent Editor Enhancements: New toggles in Agent Editor for "Require Recording Consent" and "Require Identity Verification" with method selection checkboxes

  • Navigation Updates: Added Consent Log and Clients items to sidebar and guided tour

  • User Profile Button in Header: Moved Sign Out from sidebar to a profile avatar dropdown in the top-right header bar

    • Shows "Welcome, {first name}" with avatar image next to the notification bell

    • Popover menu with Profile Settings, All Settings, and Sign Out links

    • Appointment indicator (teal dot) on avatar when there are appointments today

    • Missed calls indicator (red dot) on avatar when there are missed calls today

  • Team Members Limit per Plan: New users_limit column on plans table

    • Configurable in Admin β†’ Plans edit form

    • Displayed on landing page pricing cards (e.g. "5 Team Members")

    • Synced to Stripe product metadata via stripe-sync-products edge function

    • Team tab in Settings shows usage counter (e.g. "2/5") and disables invite when at limit

  • Storage Quota Management: Per-plan storage limits for call transcripts and MCP data with automatic enforcement

    • storage_limit_gb column on plans table β€” configurable per plan via Admin β†’ Plans

    • storage_used_bytes and storage_limit_gb columns on subscriptions for per-org tracking

    • increment_storage_used() DB function validates quota before allowing S3 uploads (returns allowed: false when full)

    • get_storage_usage() DB function returns usage stats for UI display

    • upload-to-s3 edge function now checks quota and returns HTTP 413 when storage is full

    • StorageUsageCard component in Settings with progress bar, warning/full badges, and contextual alerts

    • UpgradeBanner extended with storage warning (β‰₯90%) and storage full (100%) banners

    • useSubscriptionGuard extended with storageUsedBytes, storageLimitGb, storagePercent, storageWarning, storageFull

    • Admin Plans table includes editable Storage (GB) field

    • Landing page pricing cards now display storage allocation per plan

    • Superadmin bypass for all storage restrictions

  • Stripe Live Mode Fix: Cleared test-mode Stripe product/price IDs to allow fresh sync with live keys

  • Superadmin Subscriptions Management Page: Comprehensive subscription & transaction oversight for platform operators

    • Search, filter by status/plan, and view detailed subscription info

    • CSV export of all subscription data

    • MRR, active/trialing/canceled counts, and total credit summary cards

  • Interactive Admin Metric Cards: All top-level dashboard metric cards now navigate to their respective management tabs (Organizations, Users, Analytics, Subscriptions)

  • Call Volume Chart Improvements: Dual-metric grouped bar chart showing both call count and call minutes per day with legend

  • Subscription Distribution Chart Fix: Tooltip text now uses themed foreground colors for readability in dark mode

  • Call Outcomes Chart Clarification: Added subtitle and help text explaining outcome categories

  • Stripe Live Keys: Updated Stripe integration to use live publishable and secret keys

  • Call Duration Increased to 7 Minutes: AI voice calls now have a 7-minute (420s) hard limit, up from 4 minutes, with a 6-minute warning prompt

  • Agent-to-Agent (A2A) Collaboration: Multi-agent handoff system with transfer rules, shared session context, and agent skills

    • agent_transfer_rules table for defining keyword/intent-based routing between agents

    • agent_sessions table for tracking shared context during call handoffs

    • agent_skills table for tagging agents with capabilities and proficiency levels

    • Transfer Rules UI in Agent Editor for managing handoff conditions

    • Agent Skills UI with 7-level proficiency dropdown (Novice β†’ Master) and primary skill marking

    • A2A workflow explainer added to Agent Skills section

    • Vapi webhook integration for transferToAgent tool and session management

    • System prompt injection of transfer rules into Vapi assistant configuration

  • Default AI Moderation: Documentation updated to reference our default AI Gateway for content moderation instead of OpenAI Moderation API

  • MCP Server for AI Assistants: Public MCP (Model Context Protocol) server enabling users to interact with their account from Claude Desktop, Cursor, Windsurf, and other MCP-compatible AI tools

    • 9 tools: list_calls, get_call_detail, list_appointments, create_appointment, cancel_appointment, get_analytics, list_agents, update_agent, get_rewards_balance

    • API key authentication with SHA-256 hashed storage β€” raw keys never persisted

    • Self-service API key management in Settings β†’ Integrations tab

    • api_keys table with RLS, validate_api_key + touch_api_key_usage DB functions

    • mcp-server edge function using mcp-lite + Hono with StreamableHttpTransport

    • Connection instructions and MCP server URL displayed in the UI

  • Cloud Storage Offloading to IDrive E2 (S3): New uploadToCloudStorage utility and upload-to-s3 edge function route uploads to S3-compatible storage with automatic Supabase fallback

    • Call recordings persisted from Vapi to E2 on call completion

    • GDPR data exports stored in E2 gdpr-exports/ folder

    • Organization logos, user avatars, and store product images uploaded via E2

    • Graceful fallback to Supabase site-assets bucket when no S3 bucket is configured

  • Appointment Reminder & Auto-Dial System: Multi-stage automated reminder pipeline with pg_cron scheduling

    • appointment-reminders edge function processes 24h, 2h, 15min email reminders and auto-dial at appointment time

    • VAPI outbound calls to clients with appointment context and agent greeting

    • Automatic creation of missing reminders for upcoming appointments

    • appointment_reminders table tracks status (pending/sent/failed/skipped) per reminder

  • In-App Notification System: Real-time dashboard alerts for organization admins

    • NotificationBell component with Supabase Realtime subscriptions

    • Unread count badge, mark-all-read, and click-to-navigate

    • Type-specific emoji icons (πŸ€– agent, ⏰ reminder, πŸ“ž auto-dial)

    • in_app_notifications table with RLS policies

  • Voice AI Webhook Reminder Integration: Auto-creates reminder records and agent-assigned notifications when appointments are booked via voice agent

  • Automatic Appointment Confirmation Emails: Clients now receive a professional confirmation email automatically when an appointment is booked β€” both via the AI voice agent (VAPI webhook) and through the manual Calendar UI

    • New appointment-confirmation email type in send-email edge function with branded HTML template

    • Voice AI webhook bookAppointment tool now accepts email parameter and auto-sends confirmation

    • Manual calendar bookings auto-send confirmation when client email is provided

    • All emails sent from AI Voice+ <[email protected]>

    • confirmation_sent_at timestamp updated on successful send

  • Built-in Calendar System: Full appointment management in Dashboard β†’ Calendar

    • Create, edit, and cancel appointments with date picker and 30-minute time slots (8:00–21:30)

    • Real-time conflict detection prevents double-booking

    • Agent integration β€” assign AI Voice Agents to appointments; agent-booked slots show "AI Booked" badge

    • Email confirmations sent to clients via send-email edge function with "Sent βœ“" tracking

    • Calendar provider toggle: choose Built-in Calendar or Google Calendar per organization

    • Visual indicators on calendar dates that have appointments

  • Social Links Expansion: Added YouTube and UpScrolled URL fields to Superadmin β†’ Site Config β†’ Social Links and landing page footer

  • Guided Tour Expansion: Added Calendar, Rewards, and Store steps to the interactive guided tour

  • Carbon Cash Rewards System: Full rewards program where users earn points per minute of AI agent call time, with milestone bonuses, monthly caps, and redemption for subscription credits or store merchandise

  • Merch Store: Complete e-commerce system with product categories, variants (size/color/SKU), inventory management, shipping rates, and checkout via Stripe, Carbon Cash points, or mixed payments

  • Top-Up Packages: One-time resource purchases (extra minutes, agents, phone numbers) via Stripe checkout without changing subscription plan

  • Edge Functions: rewards-credit, rewards-redeem, store-checkout, topup-checkout for backend processing

  • Stripe Webhook Extensions: Handles topup and store payment metadata for fulfillment

  • VAPI Webhook Integration: Auto-credits Carbon Cash rewards after each call ends

  • Superadmin Profile Page: Full profile management page in the admin panel with avatar upload, personal info (auto-saved), address, password change dialog, 2FA setup/disable with QR code, and session information

  • Admin Trial Lifecycle Info Panel: Rich informational card on the Plans page showing the full trial timeline (signup β†’ warning β†’ expiry β†’ upgrade), enforcement points (agent limits, VAPI webhook guard, minutes exhaustion), superadmin bypass, and cron job details

  • Dashboard Guided Tour: Interactive wizard with speech bubbles that walks new users through every dashboard section. Auto-triggers on first login and can be re-launched via Guided Tour button in the sidebar

  • Trial Expiration & Subscription Guardrails: Complete post-trial enforcement system

    • useSubscriptionGuard hook tracks subscription status, trial expiry, minutes usage, and agent limits

    • Upgrade Banner: Contextual warnings for trial expiring (≀3 days), trial expired, minutes exhausted, or subscription canceled

    • Upgrade Wall: Full read-only lockout when trial expires β€” only Settings and GDPR pages remain accessible

    • Superadmin Bypass: System admins are never locked out of any functionality

    • Agent Limit Enforcement: Redirects to settings when agent creation exceeds plan limit

    • VAPI Webhook Guard: Blocks incoming calls for expired trials, canceled subscriptions, or exhausted minutes (server-side enforcement)

    • Trial Expiration Cron: Daily edge function (trial-expiration-cron) auto-cancels expired trials, deactivates agents, and sends emails

    • Trial Emails via Resend: 3-day warning email + expiration notification sent to org owners/admins

  • Sign In / Sign Up Page Customization: All text on the Sign In and Sign Up pages is now editable from Superadmin β†’ Site Config β†’ Landing Page Edits

  • AI Agents Limit per Plan: Plans now include agents_limit field in the edit form, Stripe product metadata, and landing page pricing features

  • User Announcements Page: New /dashboard/announcements route where users can view all announcements from superadmins with accordion-style list, read/unread badges, and filtering

  • Admin Back to App Button: Moved "Back to App" navigation from sidebar footer to desktop header

  • Browser Calls Dashboard: New /dashboard/browser-calls page with advanced filtering, search, transcript viewing, and batch CSV/TXT export capabilities

  • S3/MinIO Integration: Admin can configure S3-compatible storage (MinIO) for call transcripts with test connection functionality

  • AI Agent Learning Section: New collapsible accordion in agent editor with capability documentation and instruction templates

  • 27 Industry-Specific Templates: Pre-built AI agent templates for Medical, Dental, Pharmacy, Optometry, Mental Health, Pediatric, Salon, Spa, Med Spa, Restaurant, Hotel, Legal, Accounting, Real Estate, Insurance, Automotive, Fitness, Veterinary, Photography, Travel, Education, Dry Cleaning, Moving, HVAC/Plumbing, Electrical, Landscaping, and General Contractor

  • Call Guardrails: 4-minute call limit with 3-minute warning prompt for trial users

  • 5-Minute Call Limit Plan: Documented graceful call termination strategy with Vapi maxDurationSeconds, 4-minute warnings, and plan-based limits

  • Multi-Agent (A2A) Collaboration Roadmap: Complete architecture for agent-to-agent handoffs with shared context, transfer rules, and orchestration

  • Abuse Protection System Plan: Multi-layer security including real-time content moderation, blocked caller lists, rate limiting, and safety incident tracking

  • Plan Discount Percentage: New annual_discount_percent field for dynamic "Save X%" badges on landing page

  • Discount Code Restrictions: Plans can now specify which discount codes are allowed via allowed_discount_codes array

  • Multiple AI Voice Agents: New ai_agents table, /dashboard/agents page, agent limit per plan

  • Missed Calls Page: New /dashboard/missed-calls route with filtered view and CSV export

  • Call Transcript Popup: TranscriptModal component for viewing call transcripts from call cards

  • Analytics Savings Cards: Missed Calls, Transferred Calls, and Est. Savings calculations on Analytics page

  • Sidebar Navigation Updates: AI Voice Agents, Docs | ...more, Data Privacy reordering, mobile bottom nav

  • Comprehensive Timezone Support: 100+ IANA timezones grouped by region with GMT offsets

  • MCP Servers Integration: MCP server management UI in Settings β†’ Integrations with add/view/remove

  • Branded Password Reset Emails: Custom request-password-reset edge function using admin.generateLink with branded templates

  • Password Reset Flow: /forgot-password and /reset-password pages with hCaptcha and strength validation

  • Trusted URLs for Custom Scripts: Domain-based trust list for bypassing security warnings on known-safe scripts

  • Testimonials Management: Admin CRUD for customer testimonials with publish/feature toggles, database-connected landing page

  • Agent Apps Menu: Admin-configurable external app links dropdown in dashboard sidebar

  • Comprehensive Deployment Documentation: Deploy guides for Netlify, Vercel, VPS, and Windows Server

  • GDPR Compliance System: User data export requests, admin approval workflow, automated JSON generation, signed download URLs

  • FAQ Management for Superadmins: Create, edit, delete, publish/unpublish FAQs with category organization

  • Organization Self-Deletion: Org admins can permanently delete their organization with cascading cleanup

  • Custom Scripts Management: Third-party JS widgets in Admin Site Config with security validation

  • Demo Abuse Prevention: hCaptcha gating, IP rate limiting (3/hour), global daily cap (100), audio duration limits

hashtag
Changed

  • Languages Section on Landing Page: Expanded from 8 emoji flags to all 22 supported language codes displayed as clean monospace text

  • Guided Tour: Added Consent Log and Clients steps (now 18 steps total)

  • Agent Skills Proficiency: Replaced 0-100% slider with 7-level discrete dropdown (Novice 15 β†’ Master 100)

  • Agent Skills Label: Renamed to "Agent Skills (Agent-to-Agent, aka A2A)" for clarity

  • Built-in Guardrails: Updated call limit wording from 4 minutes to 7 minutes with 6-minute warning

  • Contact Support Button: Now opens external support portal in a new tab instead of opening contact dialog

  • Custom Scripts Now Work for All Users: Updated CustomScriptInjector to use public config instead of admin-only config

  • Rebranded to AI Voice+: Updated app name across all branding, emails, meta tags, LICENSE, README, and edge functions

hashtag
Fixed

  • create-vapi-assistant Boot Error: Fixed duplicate const settings declaration causing boot failure

  • Agent Dropdown Always Visible: Agent dropdown in appointment form now always shown with helpful message when no agents exist

  • Select Value Fix: Resolved Radix Select empty-value crash by using "none" sentinel value

  • Dashboard Metrics: "Calls Today" and "Average Duration" now correctly include browser calls

  • Call Tallying: Increased call fetch limit from 50 to 100 and fixed date filtering

  • FAQ disconnect: Admin panel and landing page now fetch from same database source

  • Site config exposure: Sensitive fields no longer exposed to non-admin authenticated users

  • Agent Apps Menu visibility: Fixed site_config_public view blocking non-admin users

  • Email sending failures: Updated invalid RESEND_API_KEY; emails now send successfully

hashtag
Security

  • Encryption at Rest for Sensitive Tokens: Google Calendar refresh tokens and Vapi API keys encrypted using PGP symmetric encryption via pgcrypto

  • GDPR Download Expiration Enforcement: Server-side cleanup of expired data exports

  • increment_minutes_used Protection: Function restricted to service_role only with input validation

  • search-phone-numbers Authentication: Added JWT verification and is_org_admin RPC check

  • Plan-Based Discount Controls: Stripe checkout validates discount codes against plan's allowed list

  • Invitation token protection: Blocked SELECT on raw invitations; admins use invitations_safe view

  • Appointments privacy: created_by column with scoped RLS

  • Profiles table protection: Users can only view their own profile

  • Site config protection: site_config_public view for safe public access

  • Row-Level Security (RLS) on all tables

  • Webhook validation with timestamp verification

  • hCaptcha bot protection

  • Secure secret management

  • Email verification flow using PKCE

hashtag
Tests

  • agent-one-safety.test.ts: 30 tests for sanitization, injection scanning, PII redaction, UUID validation, and message length limits

  • agent-one-chat/safety.test.ts: 5 Deno edge function tests for CORS, auth, workspace_id validation, UUID format, and oversized message rejection

  • DashboardAgentOne.test.tsx: Enhanced from 3 to 5 tests

  • CreateWorkspaceDialog.test.tsx: Enhanced from 4 to 7 tests

  • StorageUsageCard.test.tsx: 8 tests for storage card rendering, usage display, warning/full states

  • UpgradeBanner.test.tsx: 13 tests total including 4 storage-related tests

  • cloud-storage.test.ts: 7 tests for S3 upload, Supabase fallback, error handling

  • NotificationBell.test.tsx: 9 tests for notification bell rendering

  • appointment-reminders/index.test.ts: 3 Deno tests for edge function invocation

  • DashboardRewards.test.tsx: 5 tests for rewards page

  • DashboardStore.test.tsx: 7 tests for store page

  • TopUpDialog.test.tsx: 4 tests for top-up dialog

  • AdminRewards.test.tsx: 7 tests for admin rewards configuration

  • AdminTopUpPackages.test.tsx: 5 tests for admin top-up packages

  • AgentTemplates.test.tsx: 8 tests for template rendering

  • AnalyticsSavingsCards.test.tsx: 7 tests for savings calculation

  • AIAgentLearningSection.test.tsx: 7 tests for learning section

  • AdminS3Buckets.test.tsx: 7 tests for S3 bucket configuration

  • DashboardBrowserCalls.test.tsx: 5 tests for browser calls page

  • MCPServersIntegration.test.tsx: 14 tests for MCP servers

  • send-email tests: 9 tests

  • request-password-reset tests: 7 tests

  • ForgotPassword.test.tsx: 10 tests

  • ResetPassword.test.tsx: 12 tests

  • script-security.test.ts: 35 tests for script security

  • CustomScriptsEditor.test.tsx: 18 tests for scripts editor

  • AdminTestimonials.test.tsx: 6 tests for testimonials

  • AgentAppsMenuEditor.test.tsx: 7 tests for agent apps editor

  • AgentAppsDropdown.test.tsx: 5 tests for agent apps dropdown

  • AdminGDPRRequests.test.tsx: 11 tests for admin GDPR

  • DashboardGDPR.test.tsx: 9 tests for user GDPR

  • AdminFAQs.test.tsx: 10 tests for FAQ management

  • DeleteOrganization.test.tsx: 5 tests for org deletion

  • 315+ tests across 33+ files total

hashtag
Performance

  • Code Splitting: Lazy loading for all non-critical routes

  • Vendor Chunk Splitting: React, UI, and Chart libraries in separate cacheable chunks

  • Resource Hints: DNS prefetch for Supabase and Google Fonts

  • Font Optimization: Non-blocking Google Fonts loading

  • Image Optimization: Explicit dimensions on logo to prevent CLS

  • Build Target: ES2020 reducing legacy polyfills

hashtag
Documentation

  • TESTS.md: Comprehensive test inventory documenting all 333 tests across 35 files

  • README.md: Updated test coverage section with full category breakdown

  • CONTRIBUTING.md: Contributor guidelines

  • FEATURES.md: Full feature documentation

hashtag
Infrastructure

  • Multi-tenant architecture with organization-based data isolation

  • User authentication with email verification

  • Role-based access control (Owner, Admin, Manager, Viewer)

  • System admin roles (Super Admin, Support)

hashtag
Features (Platform Capabilities)

Voice & Calls

  • AI voice assistangs aka agents

  • Phone number provisioning and management

  • Voice synthesis with 22+ language support

  • Call recording and transcript storage

  • Real-time call status monitoring

Dashboard

  • Live call monitoring and analytics

  • Call history with searchable transcripts

  • AI-generated insights panel

  • Setup checklist for new users

  • Activity stream

Business Management

  • Business hours configuration with timezone support

  • Services management with duration and pricing

  • Custom AI greeting and personality settings

  • Google Calendar integration for appointments

Team & Collaboration

  • Team member invitations with email notifications

  • Role-based permissions per organization

  • Admin impersonation for support

Billing & Subscriptions

  • Stripe integration for payments

  • Configurable pricing plans from admin panel

  • Usage-based minute tracking

  • Discount code system

  • Customer portal access

Admin Panel

  • Platform-wide metrics (users, orgs, MRR)

  • Call volume and outcome charts

  • User and organization management

  • Plan configuration with Stripe sync

  • Site branding configuration

  • Email settings management

  • AI-powered contact reply system

  • Discount code management

  • FAQ management

  • GDPR request management

Landing Page

  • Responsive hero section

  • Features showcase

  • Dynamic pricing from database

  • FAQ section

  • Contact form with hCaptcha protection

  • Social proof bar

hashtag
v1.0.0 -- 2026-02-06

Added

  • Initial release of AI Voice Receptionist SaaS Template

  • Complete multi-tenant platform ready for white-label deployment

  • Full documentation in README.md

hashtag
v0.79.0 -- 2025-12-31

hashtag
v0.0.0 -- 2024-01-01

Previous(confidential Features)NextTesting

Last updated