Changelog

All notable changes to UseBelha are documented here. We follow Semantic Versioning.

v0.2.0

2025-12-16

SecurityChanged tier checks to fail-closed (503) instead of fail-open

SecurityRemoved API key exposure in Live Voice WebSocket URL - now uses backend proxy

SecurityAdded authentication to Knowledge API (`/api/knowledge`) - requires session or API key

SecurityAdded SSRF protection for HTTP Actions - blocks private IPs, metadata endpoints, internal domains

SecurityAdded rate limiting for chat endpoints (10 req/min demo, 100 req/min authenticated)

FixedUnified database client - eliminated duplicate connections in auth.ts and db.ts

FixedAdded AI response validation before accessing result data

AddedExtracted `getOrgMetadata()` helper for DRY tier checking

AddedTyped AI errors with `AIError` class and error codes

AddedConfigurable `maxToolRounds` via `agent.aiConfig`

AddedKnowledge API now validates agent ownership before operations

AddedRate limit headers (X-RateLimit-Remaining, X-RateLimit-Reset) on chat responses

AddedThis documentation guide (`/guide`)

ChangedLive Voice connects to `/api/live` proxy instead of a direct provider WebSocket

ChangedRemoved unused CallerContext fields (customerId, metadata, webhook/event triggers)

DeprecatedRemoved `/api/live-config` endpoint (was exposing API key)

2024-12-10

AddedInitial release with 13 agent templates across 6 categories

AddedMulti-tenant architecture with organizations and scoped authentication

AddedBuilt-in tools: Web Search, Code Execution, URL Reading, HTTP Actions, File Search

AddedReal-time voice chat with live transcription

AddedInteractive dashboard for testing templates and agents

AddedAPI-first design with OpenAPI documentation at `/api/docs`

AddedDemo mode (`?token=demo`) for unauthenticated testing

AddedOrganization management with API key generation

Planned for future releases:

Have a feature request? Open an issue on GitHub.