Skip to Content
Changelog

Changelog

All notable changes to Rentalot are documented here.

2026-02-07 — Agent Security Hardening

Defense-in-depth security for the AI agent pipeline.

  • Webhook signature verification for all channels (Telegram, WhatsApp, SMS, Gmail) with timing-safe comparison
  • Tenant isolation: tool context bound via lexical closures, not LLM-controllable parameters
  • Output sanitization: strips external images, HTML tags, and unauthorized links
  • Gemini safety settings on all LLM calls (free, zero-latency provider-level filtering)
  • Inline regex heuristics for prompt injection detection (~15 patterns, no external library)
  • LLM-as-judge classifier for sophisticated injection attacks (runs on flagged messages only)
  • Write tool rate limiting (per-conversation and per-tenant)
  • Structured audit logging for all write tool invocations
  • CSP, CORS, and security headers on all responses
  • Startup validation fails fast on missing security environment variables

2026-02-06 — Dashboard Onboarding & Channel Setup

Guided onboarding flow for new users.

  • Onboarding wizard: “Get started in 3 steps” (add property, connect channel, share link)
  • Channels page with unified connection state for Telegram, WhatsApp, and SMS
  • Per-channel quickstart guides with step-by-step instructions
  • Shareable links and downloadable QR codes for each connected channel
  • “Test your agent” flow to verify channel works end-to-end

2026-02-06 — Channel Integrations

Connect your agent to Telegram, WhatsApp, and SMS.

  • Telegram: paste bot token, auto-register webhook, deep link support
  • WhatsApp: Embedded Signup flow, webhook verification, Cloud API replies
  • SMS: 10DLC brand/campaign registration via Twilio, auto-provision phone number
  • Encrypted channel config storage (AES-256-GCM)

2026-02-05 — Async Message Pipeline

Durable message processing with Inngest.

  • All channel webhooks process messages through Inngest (validate, classify, agent, respond, log)
  • Per-tenant concurrency limits
  • Follow-up sequences migrated from Vercel cron to Inngest scheduled functions
  • Web chat stays synchronous (streaming via useChat)

2026-02-04 — Prompt Architecture

Composable prompt system for the agent.

  • System prompt with guardrails and channel-adaptive tone
  • Email draft, categorization, follow-up, showing confirmation, and reminder prompts
  • Shared fragments for guardrails, tone, and property context

2026-02-04 — Intent-Driven Agent Framework

Smart tool scoping based on classified intent.

  • Intent classifier: 5 categories via generateObject() structured output
  • Tool registry maps each intent to a scoped tool subset
  • Write-capped bookShowing (max 1 per conversation turn)

2026-02-03 — AI Agent & Channel Webhooks

Core agent brain and channel integrations.

  • Agent: generateText() + maxSteps + scoped tools via Vercel AI SDK
  • Tools: listProperties, getPropertyDetails, searchProperties, bookShowing, checkCalendar, getContactHistory
  • Natural language property search via generateObject() filter extraction
  • Conversation history loaded from Postgres

2026-02-02 — Documentation Site

Public docs powered by Nextra.

  • Getting started, channels, properties, agent behavior, showings, API reference, FAQ
  • Dark mode, search, “edit this page” links

2026-02-01 — Dashboard & Property Management

Admin dashboard and property CRUD.

  • Dashboard shell: overview, conversations inbox, showings calendar, property management
  • Property API: POST/GET/PATCH/DELETE /api/v1/properties with API key auth
  • Enriched property schema: amenities, pet policy, parking, lease terms, and more
  • PublicProperty type strips internal fields before agent access

2026-01-30 — Database & Auth

Foundation: database schema and authentication.

  • Postgres via Drizzle ORM + Supabase
  • Better Auth with Google/GitHub social login
  • Shared-table multi-tenancy with userId-scoped queries
  • Seed script with mock data
FAQ