v0.1.0

What's new

Added

• Workspace management with fully isolated AI proxies — each workspace has its own model, system prompt, MCP tools, and guardrails
• MCP connection support for both stdio (local process) and HTTP transports with automatic tool discovery
• Slack consumer with Socket Mode — no public URL or webhook required, connects outbound
• API consumer for programmatic access to any workspace
• Conversation lifecycle management: open → cold → closed with configurable timeouts and AI-powered follow-up messages
• AI-powered post-conversation analysis: sentiment scoring, resolution status, knowledge gap detection, compliance flag detection, and fraud indicators
• Cost tracking with per-query token counts and monthly spend aggregated per workspace
• Organisation-level settings and compliance rules that cascade across workspaces
• JWT-based authentication with configurable expiry and HttpOnly session cookies
• Zod input validation on all API routes — no unvalidated input reaches business logic
• Typed database layer with zero any casts throughout
• Migration versioning system with schema version tracking
• GitHub Actions CI pipeline: typecheck, test, and build on every pull request

Security

• Required env vars with no fallback defaults — server refuses to start if JWT_SECRET or DB_PASSWORD are missing
• JWT secret minimum length enforcement (32 chars)
• DOMPurify sanitisation on all rendered HTML
• No secrets in .env.example or docker-compose.yaml

Full changelog: https://supaproxy.cloud/changelog