> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fact0.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Changelog

> SDK and API release notes.

# Changelog

## v1.2.2 - 2026-06-23

### Observability Analytics Fix

* **Fixed `GET /v1/me/analytics/errors` 500 error**: Querying model or tool errors returned `INTERNAL: querying model errors` due to PostgreSQL rejecting a `GROUP BY name` that referenced a column alias. Changed both `modelErrQuery` and `toolErrQuery` in `analytics_store.go` to use positional `GROUP BY 1`.

### Dashboard UX

* **Contextual Help Sheet**: Six pages (Observability Hub, Executions, Conversations, Prompt Registry, Audit Logs, Replay) now show a `Help` button in the page toolbar. Clicking it slides in a right-side panel with a tagline, key concepts, a guided tour launcher, and a link to the relevant docs page.
* **Page-local tours**: Each of the six pages now starts a tour scoped to its own steps. Clicking `Tour` on Executions or Observability no longer redirects to the Ingestion Credentials page.
* **Tour preload**: `driver.js` is eagerly imported on hook mount so the first tour click is instant instead of showing a load delay.

***

## SDK Go v1.0.4 - 2026-06-18

### Go SDK (v1.0.4)

* **Resolved go get package resolution**: Changed Go module path in `go.mod` to `github.com/fact0-ai/fact0/sdk/go` to align with monorepo subdirectory layout and support correct Go package resolution via git tags.

***

## SDK v1.0.5 / v1.0.3 - 2026-06-14

### Python SDK (v1.0.5)

* **Fixed event\_id preservation**: Corrected a bug in the synchronous `AuditClient._validate_event` that was unconditionally discarding user-supplied `event_id` parameters, which broke custom idempotency keys.

### Go SDK (v1.0.3)

* **Resolved response body socket leak**: Fixed a file descriptor/socket leak inside `client.go`'s HTTP retry loop by ensuring the HTTP response body is closed immediately on each attempt rather than being deferred until the enclosing function returns.

***

## v1.2.1 - 2026-06-13

### LLM Traces Dashboard Page

* New **LLM Traces** page added to the dashboard (`/dashboard/llm-traces`) and the public demo (`/demo/dashboard/llm-traces`).
* Surfaces model invocation spans with token counts, latency, prompt/completion previews, and model metadata extracted from both native SDK spans and OpenTelemetry GenAI semantic conventions.

### Database-Level Audit Immutability (Migration 023)

* Added PostgreSQL trigger function `audit_events_reject_chain_changes` that enforces immutability on **all** audit event data columns — including `actor_email`, `resource_name`, and `metadata` — in addition to the previously protected hash-chain columns.
* In re-anchor mode (controlled by the `fact0.reanchor_mode` session GUC) only `hash` and `prev_hash` may be recomputed; all data columns remain frozen even during re-anchoring.
* Run `make migrate-up` or apply `023_immutable_audit_columns.up.sql` against your database to activate.

### Share Link Token Reveal UI

* Settings → **Share Links** now shows a one-time **Reveal token** button per link.
* The full bearer token (`shr_ULID_SECRET`) is fetched on demand and displayed in a masked, copy-to-clipboard field — it is never stored in the browser or sent before the user explicitly requests it.

### Bug Fix: JWT Audience Validation Regression

* Reverted an over-strict audience (`aud`) check introduced in the previous commit that incorrectly required an `aud` claim in every JWT. Better Auth's JWT plugin sets only `azp`; the `aud` field is not emitted. All dashboard sessions were returning `401 invalid or expired token` after the bad change. Fixed by restoring the original `azp`-only allowlist check.

### OpenTelemetry Instrumentation

* Added `web/instrumentation.ts` to capture Next.js server-side traces via `@vercel/otel`, routing them to the Fact0 OTLP endpoint for unified trace storage alongside agent telemetry.

### Evidence Pack Public Keys

* Ed25519 public keys are now embedded in the manifest of every exported PDF / ZIP evidence pack, enabling recipients to verify the digital signature offline without contacting the Fact0 API.

***

## SDK v1.0.4 - 2026-06-13

### Python SDK

* **Async telemetry client** (`AsyncTelemetryClient`): fully `asyncio`-compatible telemetry client with an async background worker queue, async execution and span context managers (`async with client.telemetry.execution(...) as ex`), and proper `await` chains throughout.
* **Fixed generic type annotations**: `queue.Queue` and `asyncio.Queue` / `asyncio.Task` declarations now carry explicit type parameters (`Queue[Any]`, `Task[Any]`) to satisfy `mypy --strict`. No runtime behaviour change.
* **Docs**: `sdk/python/async.mdx` updated with async telemetry examples and a FastAPI lifespan pattern.

***

## v1.2.0 - 2026-05-31

### GDPR-Compliant Full Purge

* Administrative **Hard Delete User** functionality is now fully integrated into the Founder Console.
* Purges all teammate profiles, owned organization workspaces, api credentials, OTel traces/spans/execution DAGs, and compliance-grade audit logs in a single ACID SQL transaction.

### Stripe & SaaS Plan Quotas & Secure Gating

* Hardened multi-tenant subscription enforcements across the Go API and Next.js layers:
  * **Free**: Capped at **1 team seat**, **1 active share link**, **6 Spotlight AI copilot queries/month**, **5 PDF/ZIP evidence exports per month**, and 30-day data retention.
  * **Pro**: Capped at **5 team seats**, **unlimited active share links**, **unlimited Spotlight AI copilot queries**, **50 PDF/ZIP evidence exports per month**, and 1-year data retention.
  * **Team**: Capped at **10 team seats**, **unlimited active share links**, **unlimited Spotlight AI copilot queries**, **200 PDF/ZIP evidence exports per month**, and 7-year data retention.
* **Enhanced Visual Gating Security**: Premium lock screens and glassmorphic blurs are fully deployed on Free tier executions and replays. Sensitive telemetry nodes, spans, and replay frames are physically blocked from server-side fetches on Free accounts, ensuring zero data footprint in browser memory to block DevTools inspection bypasses.

### Spotlight AI Copilot History & Conversations

* **Conversation History Panel**: Integrated a premium glassmorphic history sidebar enabling users to browse and resume all previous chat transcripts persisted in PostgreSQL.
* **Multi-Session Management**: Added "New Chat" and "Session Switching" buttons to header navigation with dynamic real-time JWT refreshing and session synchronization.
* **Dynamic Quota Tracker**: Message counts sync immediately in real-time upon AI completion, and quota exhaustion is clearly parsed into polished Upgrade call-to-actions.

### Transactional Email Upgrades

* Aligned default transactional email template delivery to **`yash@fact0.io`** with automatic, direct reply-routing.

## SDK v1.0.3 - 2026-06-10

### Python SDK

* Relaxed the package dependency version constraint for `requests` from `requests>=2.31,<3` to `requests>=2.28,<3` to avoid environment version conflicts for downstream packages.

***

## SDK v1.0.2 - 2026-05-26

### All SDKs (Python, TypeScript, Go)

* API origin defaults to `https://api.fact0.io` - removed `FACT0_BASE_URL` env var
* Override via `base_url` / `baseUrl` / `BaseURL` in client config (local dev or private deployments)

***

## v1.1.0 - 2026-05-24

### OpenTelemetry Native

Fact0 is now **OpenTelemetry native**. Send traces from any OTel SDK or Collector with zero code changes.

* **OTLP/gRPC receiver** on port `:4317` (IANA-registered default)
* **OTLP/HTTP receiver** at `/v1/otlp/v1/traces`
* **Smart span classification**: GenAI semantic conventions (`gen_ai.*`) → `MODEL_INVOCATION`, tool attributes → `TOOL_CALL`, database/HTTP spans auto-classified
* **GenAI enrichment**: Prompt/completion extraction from span events, token usage, temperature, and model metadata
* **Exception enrichment**: Full stack traces from OTel exception events
* API key authentication via `Authorization` header or OTel `headers` config

### Environment variables

* `FACT0_OTLP_HTTP_ENABLED` - enable OTLP/HTTP receiver (default: `false`)
* `FACT0_OTLP_GRPC_ENABLED` - enable OTLP/gRPC receiver (default: `false`)
* `FACT0_OTLP_GRPC_PORT` - gRPC listener port (default: `4317`)

***

## v1.0.0 - 2026-05-23

### Python (`fact0-sdk`)

* First public release on PyPI as **`fact0-sdk`** (`pip install fact0-sdk`, `import fact0`)
* Unified client with `audit` and `telemetry` modules
* Background batching, async client, dead-letter support, LangChain/FastAPI integrations
* PyPI name is `fact0-sdk` (not `fact0`) - the bare name conflicts with an existing package on PyPI

### TypeScript (`@fact0/sdk`)

* Audit + telemetry HTTP clients for Node.js
* Published to npm at `@fact0/sdk@1.0.0`

### Go (`github.com/fact0-ai/fact0/sdk/go`)

* Native Go client with audit and telemetry modules
* Retries on 429/5xx, configurable timeouts

### Documentation

* Mintlify site at [docs.fact0.io](https://docs.fact0.io)
* OpenAPI 3.1 reference for Audit and Telemetry APIs (production server: `https://api.fact0.io`)

### Environment variables

* `FACT0_API_KEY`; API origin defaults to `https://api.fact0.io` (override via SDK config)
