Changelog
Release notes
App and API release notes for Oprag document Q&A — dashboard, REST API, security,
and enterprise capabilities. Documentation releases are included when shipped.
Newest first. API reference at /docs, workflow guides at
/guides.
- Documentation Eleven workflow guides at /guides/ — REST integration, validation checklists, help-center embeds, B2B tenant isolation, agency delivery, internal KB search, ticket deflection, and build-vs-buy
- Documentation Guides organized by topic with category filters, shareable ?category= URLs, sticky per-article Table of Contents, related-guide links, and reading-time estimates
- Documentation Long-form guide format with comparison tables, architecture flow diagrams, and API code samples aligned to the live /v1/chat contract
- Documentation Public /changelog/ with versioned release notes grouped by API, Dashboard, Security, Enterprise, and Documentation
- Documentation /docs/ API reference updated — project settings fields, document lifecycle routes, test prompts, deploy/readiness endpoints, and citation response shapes
- Documentation MCP tool reference documented for agent-driven project, document, chat, and key management against the same REST routes
- API Standalone RAG service at /v1/rag on api.dev.oprag.ai — separate Lambda from dashboard and embed paths, service-key authenticated
- API POST /v1/rag/ingest and POST /v1/rag/ingest/batch — queue up to 50 documents per batch; GET /v1/rag/jobs/:jobId polls ingest status to indexed
- API S3 ingest from tenant-scoped keys (documents/{tenantId}/{projectId}/…) with bucket validation and path-traversal rejection
- API Local extraction for PDF, DOCX, and plain text before chunking — no client-side parsing required
- API POST /v1/rag/search — semantic or HYBRID mode combining pgvector cosine similarity with Postgres full-text ts_rank
- API Optional rerank: true overfetches Aurora candidates and reorders by semantic score, keyword rank, and query-term overlap
- API POST /v1/rag/chat — grounded answers from retrieved chunks via Bedrock Nova with cited source payloads
- API POST /v1/rag/chat/stream — SSE events: status → sources → token → done for responsive UI while retrieval and generation run
- API Multi-turn chat via history[] — follow-up questions stay grounded in the same retrieved corpus
- API GET /v1/rag/config/defaults — expose chunking presets and retrieval defaults for integrators
- API Indexing ops: GET .../indexing/stats, POST .../retry-failed, GET .../consistency (S3 vs index), POST .../reindex, DELETE document and bulk project purge
- API GET /v1/rag/documents/:documentId/stats — per-document chunk counts and indexing state
- Security Service-key auth fail-closed in production — Bearer or X-Rag-Service-Key required on all routes except /health
- Security Ingest scoped to DOCUMENTS_BUCKET with enforced tenant/project S3 prefix — cross-tenant object keys rejected at validation
- Enterprise Aurora Postgres + pgvector storage with Bedrock Titan embeddings — retrieval index isolated from main DynamoDB project metadata
- Enterprise HYBRID retrieval and service-side rerank for higher-precision enterprise corpora without client-managed vector DB ops
- Dashboard Project overview screen — document counts, 7-day conversation volume, unresolved review queue, active key count, and last key usage timestamp
- Dashboard Deploy readiness checklist — uploaded docs, indexed status, allowed origins, and test-chat completion before go-live
- Dashboard Analytics page — date-range filters, daily conversation series, API vs dashboard traffic split, top cited documents, and weak-answer counts
- Dashboard Conversation inbox — workspace-wide thread list with review status, thumbs-down ratings, full message history, and mark reviewed/unresolved
- Dashboard Activity feed with severity levels and one-click retry actions when document sync or indexing fails
- Dashboard API keys page — filter by project, environment (live/test), and status; surface usage count and last-used timestamp per key
- Dashboard Billing page — plan limits vs usage for projects, seats, messages this month, and storage MB with period start date
- Dashboard Saved test prompts and one-click test runs — re-run golden questions after corpus changes without manual API calls
- Dashboard Multi-project workspaces on Starter — isolated documents, keys, and widget config per project
- API GET /v1/analytics/summary — totals, daily series, top source filenames, unresolved count, and weak-answer metrics with optional projectId filter
- API GET /v1/conversations and GET /v1/conversations/{id} — workspace inbox with messages, sources, and review metadata
- API GET /v1/billing/summary — plan tier, seat/project/message/storage usage against free, pro, and enterprise limits
- API GET /v1/keys — cross-project key audit with environment, status, usageCount, and revokedAt filters
- API Citation metadata on every /v1/chat and project chat response — document name, page number, and sanitized source references
- API Presigned upload URLs for single-file and bulk ingestion; confirm-upload handshake before indexing
- API Document sync (202 Accepted), version history, replace-url, preview-url (5-minute TTL), and delete with S3 + Knowledge Base cleanup
- API Conversation persistence — optional conversationId on /v1/chat; list and retrieve project and workspace conversation threads
- API PATCH workspace conversations — update reviewStatus for QA workflows on embed and API threads
- API POST /v1/projects/{id}/keys — manually issue additional live or test keys without full redeploy
- API Deployment history records — each deploy logs indexing vs live status and linked ingestion outcomes
- Enterprise Enterprise plan tier — 100 projects, 100 seats, 100,000 messages/month, and 100 GB storage limits in billing API
- Enterprise sk_live_ and sk_test_ key prefixes with deploy endpoint issuing integration-ready keys per project
- Security API key list (prefix only), rotate, and revoke from the dashboard — rotate on offboarding without redeploying customer embeds
- Security Cognito JWT on all /v1/ dashboard routes; member vs admin roles enforced on project settings, deploy, and key operations
- Security Project allowed-origins setting — CORS enforcement on public widget and /v1/chat before embed goes live
- API Dual-Lambda routing — embed Lambda for /v1/chat and widget assets; API Lambda for authenticated dashboard — reserved concurrency cap on embed in prod
- API GET /v1/projects/{id}/integration — copy-paste endpoint URL, auth header, and curl example after deploy
- API Workspace-level keys listing across projects for security audits
- Dashboard Team admin — invite users, update roles, remove members, and resend pending invitations
- Dashboard Team page — roster with active/pending status and per-user role editing
- Dashboard Company settings screen — workspace name and defaults via GET/PATCH /v1/companies/settings
- Dashboard Billing summary wired to in-app usage meters — Starter query caps and Pro limits visible before overage
- API GET /v1/dashboard/summary — login landing stats for active projects, documents, and recent workspace events
- API GET /v1/activity — paginated workspace event stream with optional project filter and retryAction payloads
- API PATCH /v1/companies/me — update company profile fields from settings
- Enterprise Company-scoped DynamoDB partitions — documents, keys, and conversations never cross company boundaries at storage
- Dashboard Test chat with inline citation badges — same RetrieveAndGenerate path as POST /v1/chat for pre-launch validation
- Dashboard Widget configuration — accent color, greeting copy, and project binding editable without redeploying backend code
- Dashboard Document manager — upload status (pending, uploaded, indexed), file size, delete, and re-upload in one view
- Dashboard In-document preview — open uploaded PDFs via presigned preview URL without waiting for RAG indexing
- Dashboard Setup steps wizard on project home — guides upload → sync → test → deploy sequence
- Dashboard Integration panel — embed script snippet, chat endpoint URL, and copy-ready curl after deploy
- API GET /v1/projects/{id}/conversations and GET .../conversations/{id} — project-scoped thread history with messages
- API GET /v1/projects/{id}/overview and GET .../deploy-readiness — machine-readable health and launch gate endpoints
- API GET /v1/projects/{id}/widget-config and PATCH .../widget-config — dashboard-managed embed appearance
- API Public GET /v1/widget/{projectId}/config and /widget.js embed script served from widget CDN
- API POST /v1/chat on embed Lambda — API-key auth, per-project question length limits, citation payload for customer UI
- API GET /config client bootstrap — feature flags and API base URL for app.oprag.ai SPA
- Security Knowledge Base tenant metadata filters on every retrieval — queries scoped to companyId and projectId at the vector layer
- Enterprise Conversation review statuses (unreviewed, unresolved) and bad ratings — flag weak embed answers before widening rollout
- Enterprise Per-project question length cap (default 1,000 chars) enforced on dashboard chat and public /v1/chat
- Dashboard Company signup and /v1/companies/me profile — workspace name, plan tier, and member roster in one place
- Dashboard Onboarding flow — create company, first project, and initial document upload from a guided wizard
- Dashboard Projects list — status badges, document counts, last deploy time, and quick navigation to chat, docs, and deploy tabs
- Dashboard Project settings UI — custom system prompt, Bedrock model selection, max question length, retrieval top-K, and indexing options (admin only)
- Dashboard Workspace settings — default conversation retention and workspace-wide preferences
- Dashboard Dashboard summary cards — active projects, document totals, and recent activity at login
- API PATCH /v1/projects/{id} for name, description, allowed origins, system prompt, model, question cap, and retrieval settings
- API Project archive (DELETE) with soft-delete semantics — retire customer tenants without immediate data purge
- Enterprise Starter plan — 500 queries/month with full REST API; Pro — 20,000 queries/month; upgrade from billing in dashboard
- Security requireProjectAccess checks on every project-scoped handler — member for read/chat/upload, admin for deploy and keys
- API Bedrock Knowledge Base ingestion per project — sync triggers indexing; status tracked on project lastSyncAt / lastSyncStatus
- API POST /v1/projects/{id}/deploy — auto-ingest pending documents and issue first API key in one step
- API POST /v1/projects/{id}/chat for authenticated dashboard queries with citation extraction and answer sanitization
- API Answer cleaning pipeline — strip Bedrock tool syntax, normalize refusals when docs lack coverage, sanitize citation payloads for clients
- API Page numbers extracted from Bedrock KB metadata (x-amz-bedrock-kb-document-page-number) in every citation object
- Dashboard Drag-and-drop upload with presigned S3 flow — progress, confirm, and sync actions from document tab
- Dashboard Deploy panel — surfaces blocking issues (unindexed files, missing origins) before marking project live
- Dashboard Sync button triggers 202 ingestion job — project lastSyncAt and lastSyncStatus update in UI after Bedrock ingest
- Security Documents stored in tenant-scoped S3 prefixes; Bedrock RetrieveAndGenerate runs in Oprag's AWS — not in customer accounts
- Enterprise Separate projects per customer or environment — independent corpora, keys, and widget configs under one company account
- Dashboard React app at app.oprag.ai — Cognito sign-up, login, email confirmation, and password recovery flows
- Dashboard Project detail tabs — documents, test chat, deploy, keys, settings, and widget config in one shell
- API HTTP API at api.{env}.oprag.ai — /health liveness and /config bootstrap for the SPA
- API Dedicated DynamoDB conversations table — message history persisted separately from main project metadata
- API Project and document CRUD foundation — create project, list documents, upload-url stub before RAG module wiring
- API Structured JSON error responses with consistent status codes across all /v1/ handlers
- API CORS preflight handling on /v1/ dashboard routes and public widget endpoints
- Security X-Oprag-Key header authentication for public chat — keys validated against hashed records; only prefix shown after creation
- API First POST /v1/chat with X-Oprag-Key authentication and JSON question/answer contract
- API POST /v1/companies signup — create workspace and owner account in one request
- Dashboard Project creation flow and in-dashboard test chat for early design partners
- Dashboard Manual document upload to project-scoped S3 storage before automated indexing pipeline
- Enterprise Free Starter workspace — one project and two seats to evaluate cited answers before upgrading
- Documentation Initial /docs/ route table and auth examples for integrator evaluation