v4.0

Release Notes

Anonymous Sessions

New Features

• Unauthenticated users are presented with a warning that they will lose access to the thread before navigating away.
• Authenticated users are presented with a warning that they won't be able to edit the current thread before navigating away.
• Threads authenticated users create in an Anonymous Session now appear in their Recent threads list.
• Threads in the Thread Archive display "Anonymous Session User” for threads created by an unauthenticated user through Anonymous Sessions.
• When deleting a thread, Anonymous Session users are redirected to the shared assistant and can start a new conversation.

Resolved Issues

• Fixed: Authenticated users are unable to access Anonymous Sessions when they lack permissions to view the Group associated with the shared assistant.
• Fixed: Authenticated users are not added as participants to threads they created through Anonymous Sessions.
• Fixed: When an authenticated user accesses an Anonymous Session, only their user permissions, and not anonymous link or session permissions are checked against the endpoint dependencies.
• Fixed: Authenticated users may encounter a permissions issue while trying to view Anonymous Sessions threads if they do not have permissions to view the Group associated with the shared assistant.
• Fixed: Files uploaded by unauthenticated users before the first message is sent cannot be deleted before the message is sent.

Known Issues

• Thread exports for threads created in Anonymous Sessions by authenticated users will show two User IDs. One User ID corresponds to the user; the second User ID corresponds to the Anonymous Session share link.
• Authenticated users cannot edit threads they create in Anonymous Sessions after they navigate away from the Anonymous Session page.
• The Chat input field is missing for authenticated users viewing threads they created in Anonymous Sessions.

Deprecations

• In the Manage Shared Links table, columns Created and Disabled have been consolidated in the new Last Updated column.
• In the Manage Shared Links table, the Share Token column has been removed.

Notes

• Navigation warnings won’t display when navigating away when PingPong is served in an <iframe>.
• Authenticated users will see the Group name "Anonymous Session” in their Recent threads list for Groups they do not have permissions to view.

Files

New Features

• The Files table now tracks the share link and session token that was used to upload the file in Anonymous Sessions.
• Deleting an Anonymous Session record will cascade delete all associated files. Anonymous Session records are deleted by cascade when an associated Thread record is deleted.

Resolved Issues

• Fixed: Creating and deleting files may generate incorrect permission grants and revocations.
• Fixed: When an authenticated user uploads a file in an Anonymous Session, the user is not granted the Owner permission.
• Fixed: When a file is deleted from a single group, all its owner permissions are revoked.
• Fixed: If a file deletion fails, user and group permissions are not restored.
• Fixed: When multiple files are deleted from a group, owner permissions are removed for all files even if they are used by other groups.
• Fixed: Files that cannot be deleted remain in their ‘deleting' state in the Thread UI after failing.

Known Issues

• The permission for the associated meta user of the shared link to delete a user file is not removed after the thread and Anonymous Session token are created. The associated meta user of the shared link does not have permissions to view the file.

Logging In & Navigation

New Features

• The code supporting permission checks has been refactored and unified between API endpoint requests and websocket connections for Voice mode threads.
• The new permission check logic will now check both user cookie and Anonymous Session token permissions against the endpoint requirements.

Resolved Issues

• Fixed: Users may be unable to access API endpoints requiring an Anonymous Session shared link when providing both a shared link and an Anonymous Session token.
• Fixed: Anonymous Session shared links and tokens may be ignored for authenticated users.

Sidebar

New Features

• When PingPong is served in an <iframe>, the Sidebar is always collapsed.
• For Anonymous Session pages served in an <iframe>, the Sidebar is hidden.
• Before creating a thread in an Anonymous Session, users can 'Login to save this chat’. Users will receive a login link with a redirect to the assistant shared.
• After creating a thread in an Anonymous Session, users will see a 'Start a new chat’ option, which redirects them to the a new Anonymous Session with the shared assistant.

Resolved Issues

• Fixed: Authenticated users cannot view threads they created in Anonymous Sessions.

Threads

Resolved Issues

• Fixed: Values for using image descriptions, using LaTeX, and the assistant interaction mode may persist when navigating to other threads where the user does not have permission to view the new associated assistant.

Web

Updates

• Updated Educational Access page with new support email: support@pingpong-hks.atlassian.net.
• Updated Educational Access page copy to reinforce that instructors admitted to the study agree that they and their students will not use other generative AI teaching tools — like ChatGPT — for the duration of the study.
• Updated application link to point to the new anchor URL: https://pingpong.hks.harvard.edu/application.

Deployment Information

Schema Upgrade	Migration Script	Permissions Update	Task Definition Update	Configuration Update
No	No	YES	No	No

Deployment Details

• Permissions Update:
  • Authenticated users can be anonymous_party in a thread.
  • Add permission for anonymous_links to delete a user file, so that files uploaded before a thread has been created can be deleted before sending the first message.

Related PRs

• docs/ Update Email Address for Edu Access by @ekassos in #918
• feat/ Anonymous Sessions Upgrades by @ekassos in #919

Full Changelog: 718-srv322-web186...720-srv323-web188