Changelog

A chronological record of everything we ship. Follow along as we build and improve Otoq.

v1.4.0

Security Hardening & API Rate Limiting

  • SecurityAdded timing-safe HMAC comparison for webhook signature verification
  • SecurityHardened XSS sanitization — entity decode before tag stripping prevents bypass
  • SecurityFixed cron endpoint auth bypass when CRON_SECRET is unset
  • SecurityHealth endpoint now requires auth for full diagnostics; public response is minimal
  • FeatureAPI rate limiting with sliding window (100 req/min per key) via Upstash Redis
  • FeatureRate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) on all /api/v1/* responses
  • ImprovementCSV exports now escape formula injection characters (=, +, -, @, tab, CR)
  • ImprovementAI chat errors return classified user-safe messages instead of raw internals
v1.3.0

Shopify Integration & Knowledge Base

  • FeatureShopify OAuth integration — sync products as knowledge base context
  • FeatureFile upload for knowledge base: PDF, DOCX, TXT, Markdown, and CSV support
  • FeatureRAG-powered responses with source citations from uploaded documents
  • ImprovementChunking algorithm with overlap for better context retrieval
  • FixFixed conversation window trimming to respect token limits
v1.2.0

Analytics Dashboard & Sentiment Analysis

  • FeatureReal-time analytics dashboard with conversation metrics, lead counts, and sentiment breakdown
  • FeatureAutomatic sentiment analysis on every conversation
  • FeatureWeekly email digest with performance summary
  • ImprovementImproved agent response quality with better system prompt engineering
v1.1.0

API Keys & Developer Experience

  • FeaturePublic REST API (v1) with API key authentication and plan-gated access
  • FeatureAPI key management in dashboard settings — create, revoke, regenerate
  • FeatureComprehensive /docs page with guides, API reference, and examples
  • ImprovementAPI keys stored as SHA-256 hashes — plaintext never persisted
  • FixFixed webhook retry logic for failed delivery attempts
v1.0.0

Initial Launch

  • FeatureAI-powered customer support agents with customizable personalities
  • FeatureEmbeddable chat widget with real-time streaming responses
  • FeatureLead capture with automatic scoring
  • FeatureLemonSqueezy billing with Free, Pro, and Business plans
  • FeatureGDPR-compliant cookie consent and PostHog analytics
  • FeatureSentry error monitoring (client, server, edge)

Want to stay updated? Follow our blog for detailed release notes and product updates.