Changelog

A chronological record of everything we ship. Follow along as we build and improve Otoq.

v1.7.0

Enterprise Features: HubSpot, Slack, Team Inbox, and More

  • FeatureHubSpot CRM integration — full bi-directional sync of contacts with conversations logged as HubSpot activities
  • FeatureSlack integration — receive real-time notifications in Slack channels and reply to visitors directly from Slack threads
  • FeatureTeam inbox — assign conversations to specific operators, track online/offline status, and prevent reply collisions with locking
  • FeatureWooCommerce integration — sync products, prices, and inventory from WooCommerce stores as knowledge base entries
  • FeatureTyping indicators — visitors and operators see real-time composing status during conversations
  • FeatureRead receipts — message delivery and read status visible to both visitors and operators
  • FeatureMessage reactions — operators and visitors can react to individual messages with predefined reactions
  • FeatureAI conversation summaries — automatic generation of conversation summaries for quick operator review
  • FeatureBranding removal — white-label the chat widget by removing Powered by Otoq branding (Starter plan and above)
  • FeatureOperator presence tracking — real-time online/offline/away status for all team members
  • FeatureConversation assignments — route conversations to specific operators based on availability and expertise
  • FeatureCollision prevention locks — prevent multiple operators from drafting replies to the same conversation simultaneously
  • FeatureHubSpot OAuth flow — secure one-click connection to HubSpot accounts with automatic token refresh
  • FeatureSlack slash commands — manage conversations and check status directly from Slack with /otoq commands
  • FeatureContact sync — automatic bi-directional syncing of lead data between Otoq and connected CRMs
  • ImprovementUpdated comparison pages with enterprise feature positioning against Tidio, Intercom, Drift, Zendesk, Freshdesk, and LiveChat
  • ImprovementAdded B2B SaaS, E-commerce, and Multi-operator team use case pages with enterprise feature highlights
v1.6.0

Live Operator Improvements & Shopify Sync

  • FeatureReal-time message streaming for live operator replies — responses appear instantly in the customer widget
  • FeatureShopify product catalog sync — one-click import of products, prices, variants, and collections as knowledge base entries
  • FeatureAI-suggested replies — 3 draft responses generated when conversations are handed off to operators
  • FeatureFull-text conversation search with filters by date, sentiment, status, and lead capture
  • FeatureResolution rate tracking, peak hours heatmap, and topic clustering in analytics dashboard
  • Improvement40% faster widget load time through optimized script bundling
  • ImprovementImproved RAG retrieval accuracy with better chunk ranking algorithm
  • ImprovementReduced AI response latency by 300ms on average through streaming optimizations
  • FixFixed widget not appearing on some Shopify themes with strict CSP headers
  • FixFixed conversation list not updating in real-time on the dashboard
  • FixFixed lead export including duplicate entries when conversations spanned multiple sessions
  • FixFixed analytics date picker not respecting user timezone
  • FixFixed agent personality setting not persisting after editing knowledge sources
v1.5.0

Comprehensive Security Hardening

  • SecurityWeb Application Firewall (WAF) — blocks path traversal, SQL injection, XSS, command injection, and scanner bots at the middleware layer
  • SecurityFixed open redirect vulnerability in auth callback with allowlist-based path validation
  • SecuritySSRF protection on webhook dispatcher with private IP blocking
  • SecurityCSRF origin/referer validation on all auth actions including sign-out
  • Security12 security headers including CSP, HSTS, COOP, CORP, and enhanced Permissions-Policy blocking 16 browser APIs
  • SecuritySecurity audit logging for all auth events, rate limits, and attack attempts (SIEM-ready structured JSON)
  • SecurityHoneypot trap endpoints for attacker detection and alerting
  • Securitysecurity.txt for responsible vulnerability disclosure (RFC 9116)
  • FeatureRate limiting on auth, widget, data export, and knowledge upload endpoints with Upstash Redis (production) and in-memory fallback (dev)
  • ImprovementSeparate ADMIN_SECRET for broadcast endpoint — no longer shares CRON_SECRET
  • ImprovementService client used for Shopify token storage — no longer relies on user session cookies
  • FixTiming-safe HMAC comparison on all Shopify webhook signature verifications
  • FixProduction warning when falling back to in-memory rate limiting
v1.4.0

Security Hardening & API Rate Limiting

  • SecurityAdded timing-safe HMAC comparison for webhook signature verification
  • SecurityHardened XSS sanitization — entity decode before tag stripping prevents bypass
  • SecurityFixed cron endpoint auth bypass when CRON_SECRET is unset
  • SecurityHealth endpoint now requires auth for full diagnostics; public response is minimal
  • FeatureAPI rate limiting with sliding window (100 req/min per key) via Upstash Redis
  • FeatureRate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) on all /api/v1/* responses
  • ImprovementCSV exports now escape formula injection characters (=, +, -, @, tab, CR)
  • ImprovementAI chat errors return classified user-safe messages instead of raw internals
v1.3.0

Shopify Integration & Knowledge Base

  • FeatureShopify OAuth integration — sync products as knowledge base context
  • FeatureFile upload for knowledge base: PDF, DOCX, TXT, Markdown, and CSV support
  • FeatureRAG-powered responses with source citations from uploaded documents
  • ImprovementChunking algorithm with overlap for better context retrieval
  • FixFixed conversation window trimming to respect token limits
v1.2.0

Analytics Dashboard & Sentiment Analysis

  • FeatureReal-time analytics dashboard with conversation metrics, lead counts, and sentiment breakdown
  • FeatureAutomatic sentiment analysis on every conversation
  • FeatureWeekly email digest with performance summary
  • ImprovementImproved agent response quality with better system prompt engineering
v1.1.0

API Keys & Developer Experience

  • FeaturePublic REST API (v1) with API key authentication and plan-gated access
  • FeatureAPI key management in dashboard settings — create, revoke, regenerate
  • FeatureComprehensive /docs page with guides, API reference, and examples
  • ImprovementAPI keys stored as SHA-256 hashes — plaintext never persisted
  • FixFixed webhook retry logic for failed delivery attempts
v1.0.0

Initial Launch

  • FeatureAI-powered customer support agents with customizable personalities
  • FeatureEmbeddable chat widget with real-time streaming responses
  • FeatureLead capture with automatic scoring
  • FeatureLemonSqueezy billing with Free, Pro, and Business plans
  • FeatureGDPR-compliant cookie consent and PostHog analytics
  • FeatureSentry error monitoring (client, server, edge)

Want to stay updated? Follow our blog for detailed release notes and product updates.