2.0.3

What's Changed

• fix: a tool message should count as the start of a thread by @willydouhard in #1680
• fix: element.update by @willydouhard in #1686
• fix: force poetry-core <2.0 for buildC by @willydouhard in #1689
• fix: don't auth until ready by @willydouhard in #1691
• feat: add translation on copy bottun by @mame7777 in #1657
• fix: bad type conversion by @willydouhard in #1693
• fix: data layer create_element by @ale-delfo in #1700
• chore: bump and changelog by @willydouhard in #1705

New Contributors

• @mame7777 made their first contribution in #1657
• @ale-delfo made their first contribution in #1700

Full Changelog: 2.0.2...2.0.3

2.0.2

What's Changed

• feat: Allow HTML for markdown_description in Welcome Screen by @hayescode in #1660
• fix: update thread batch size to BATCH_SIZE to ensure scroll on large… by @willydouhard in #1666
• fix: make chat settings modal scroll if too tall by @willydouhard in #1667
• fix: gracefully handle thread resume error by @willydouhard in #1671
• fix: only use credentials include for chainlit requestsC by @willydouhard in #1672
• fix: allow AskFileMessage even if spontaneous uploads are disabled by @willydouhard in #1668
• feat: add http_cookie to WebsocketSession and UserSession by @5enxia in #1653
• chore: prepare release by @willydouhard in #1674
• fix: data layers by @desaxce in #1670

New Contributors

• @5enxia made their first contribution in #1653

Full Changelog: 2.0.1...2.0.2

2.0.1

What's Changed

• fix: remove unused endpoint by @willydouhard in #1628
• fix: raw block code by @willydouhard in #1632
• fix: remove numpy by @willydouhard in #1633
• fix: remove time.sleep by @willydouhard in #1634
• fix: text input value should update by @willydouhard in #1643
• fix: attachment should not show if not enabled by @willydouhard in #1644
• feat: add function on window to toggle the copilot by @willydouhard in #1645
• feat: display chat profile icon/description is available instead of t… by @willydouhard in #1646
• fix: actions should trigger first_interaction by @willydouhard in #1647
• chore: debug ci by @willydouhard in #1648
• chore: prepare release by @willydouhard in #1650

Full Changelog: 2.0.0...2.0.1

2.0.0

The Chainlit UI (including the copilot) has been completely re-written with Shadcn/Tailwind. This brings several advantages:

1. The codebase is simpler and more contribution friendly.
2. It enabled the new custom element feature.
3. The theme customisation is more powerful.

Added

• Custom Elements (code your own elements)
• Cmd+k thread search
• Thread rename
• Official PostGres open source data layer
• New @data_layer decorator for configuring custom data layers declaratively

Changed

• Authentication is now based on cookies. Cross Origins are disallowed unless added in allow_origins in the config.toml file
• No longer need to click on resume to resume a thread
• [breaking]: Theme customisation is now handled in public/theme.json instead of config.toml.
• [breaking]: Changed fields on the Action class:
  • The value field has replaced with payload which accepts a Python dict
  • The description field has been renamed tooltip
  • The field icon has been added
  • The collapsed field has been removed.
• [breaking]: Completely revamped audio implementation (#1401, #1410):
  • Replaced AudioChunk with InputAudioChunk and OutputAudioChunk
  • Changed default audio sampling rate from 44100 to 24000
  • Removed several audio configuration options (min_decibels, initial_silence_timeout, silence_timeout, chunk_duration, max_duration)

Fixed

• Autoscaling of Chainlit app behind a load balancer should now work. Don't forget to enable sticky sessions

2.0rc1

What's Changed

• fix: pass headers when connecting sockets by @willydouhard in #1575
• Cookie-based auth by @dokterbob in #1521

Full Changelog: 2.0.dev2...2.0rc1

2.0rc0

⚠️ Security Advisory

IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.

Key Improvements

• Complete overhaul with OpenAI Realtime API support for streaming audio chat interactions by @willydouhard (#1401, #1406, #1410)
• New interactive DataFrame display functionality with auto-fit content by @desertproject and @hayescode (#1373, #1467)
• Enhanced security measures and development tooling by @dokterbob (#1431, #1414)

Breaking Changes

OpenAI Realtime API Integration

• Replaced AudioChunk with InputAudioChunk and OutputAudioChunk
• Changed default audio sampling rate from 44100 to 24000
• Removed several audio configuration options (min_decibels, initial_silence_timeout, silence_timeout, chunk_duration, max_duration)
• Removed RecordScreen component

Other Changes

New Features

• Implemented realtime audio streaming with new components by @willydouhard (#1401, #1406, #1410):
  • Added AudioPresence for visual feedback
  • Introduced WavRecorder and WavStreamPlayer classes
  • Added audio interruption functionality
  • New on_audio_start callback
• Added interactive DataFrame display using MUI Data Grid with auto-fit content by @desertproject and @hayescode (#1373, #1467)
• Enhanced image interaction with popup view and download capabilities by @fgalind1 (#1402)
• Made websocket connections optional in react-client by @sandangel (#1379)
• Added current URL to message payload in copilot mode by @fgalind1 (#1403)
• Enabled empty chat input when submitting attachments by @EcoleKeine (#1261)
• Added support for regional language variants like es-419 by @erauld (#1399)

Technical Improvements

• Factored storage clients into separate modules by @ndricca (#1363)
• Implemented comprehensive linting with ruff by @dokterbob (#1495)
• Added mypy daemon for faster type-checking by @dokterbob (#1495)
• Enhanced GitHub Actions with additional linting by @dokterbob (#1445)
• Enabled direct installation from GitHub by @dokterbob (#1423)
• Various build script improvements by @dokterbob (#1462)

Migration Guide

OpenAI Realtime API Migration

If you're using audio features, you'll need to update your code to use the new realtime audio system:

1. Update imports and types:

- from chainlit.types import AudioChunk
+ from chainlit.types import InputAudioChunk, OutputAudioChunk

2. Update your audio callbacks:

@cl.on_audio_start
async def on_audio_start():
    # New callback to initialize audio session
    # Return True to enable audio connection
    return True

@cl.on_audio_chunk
async def on_audio_chunk(chunk: cl.InputAudioChunk):
    # Process incoming audio chunks
    # chunk.data contains the raw audio data
    pass

@cl.on_audio_end
async def on_audio_end():
    # Clean up audio session
    pass

3. For streaming audio back to the client:

await cl.context.emitter.send_audio_chunk(
    cl.OutputAudioChunk(
        mimeType="pcm16",
        data=audio_data,
        track=track_id
    )
)

See our documentation for a complete implementation example.

New Contributors

• @fgalind1 made their first contribution with URL and image interaction improvements (#1403)
• @erauld made their first contribution with regional language support (#1399)
• @ndricca made their first contribution with storage client modularization (#1363)
• @desertproject made their first contribution with interactive DataFrame display (#1373)
• @EcoleKeine made their first contribution with attachments handling improvements (#1261)
• @sandangel made their first contribution with optional websocket connections (#1379)

Full Changelog: 1.3.1...2.0rc0

1.3.2

⚠️ Security Advisory

IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.

Breaking Changes

This release drops support for FastAPI versions before 0.115.3 and Starlette versions before 0.41.2 due to a severe security vulnerability (CVE-2024-47874). We strongly encourage all downstream dependencies to upgrade as well.

While this is technically a breaking change in a patch release, we are prioritizing security over strict semantic versioning in this case. We strongly encourage all users to upgrade to this version immediately for the latest security improvements.

Security Updates

• Critical dependency updates to address CVE-2024-47874 (#1493):
  • Upgraded fastapi to 0.115.3
  • Upgraded starlette to 0.41.2
  • Upgraded werkzeug to 3.0.6

Bug Fixes

• Fixed incorrect message ordering in UI by @pmercier (#1501):
  • Messages now display in the correct chronological order
  • Resolved race conditions in message display logic
  • Improved message state management

Contributors

• @dokterbob
• @pmercier made their first contribution in #1501

Full Changelog: 1.3.1...1.3.2

2.0.dev2

Important Security Notice

This development release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. As this is a development release, it should not be used in production environments.

What's Changed

• Fixed elements not displaying when using authentication by @hayescode in #1474
• Temporarily reverted file access security improvements from 2.0.dev1 to restore functionality (#1441)

Development Status

Work is underway to implement HTTP-only cookie authentication as a comprehensive security solution. This will be a key feature of upcoming development releases.

Full Changelog: 2.0.dev1...2.0.dev2

1.3.1

Important Security Notice

This hotfix release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until our next release, which will implement a comprehensive fix using HTTP-only cookie authentication.

What's Changed

• Fixed elements not displaying when using authentication by @hayescode in #1474
• Temporarily reverted file access security improvements from 1.3.0 to restore functionality (#1441)

Next Steps

We are actively working on a comprehensive security fix that will be released in the coming weeks.

Full Changelog: 1.3.0...1.3.1

2.0dev1

[2.0.dev1] - 2024-10-22

Features

• Added interactive pandas.DataFrame display component using MUI Data Grid (#1373)
• Optional websocket connection in react-client (#1379)
• Added current URL to message payload (#1403)
• Improved image interaction UX - clicking opens in popup with download option (#1402)
• Added configurable user session timeout (#1032)
• Environment variables OAUTH_<PROVIDER>_PROMPT and OAUTH_PROMPT to
  override oauth prompt parameter.
  Prevent automatic re-login with OAUTH_PROMPT=consent. (#1362, #1456).

Security

• Fixed file access vulnerability in get_file and upload_file endpoints (#1441)
• Added authentication to /project/file endpoint (#1441)
• Addressed security vulnerabilities in frontend dependencies (#1431, #1414)

Fixed

• Dialog boxes no longer extend beyond window (#1446)
• Allow empty chat input when submitting attachments (#1261)
• Fixed tasklist when Chainlit is submounted (#1433)
• Allow spaces in avatar filenames (#1418)
• Step argument input and concurrency issues (#1409)
• Correctly copy display_name to PersistentUser during authentication (#1425)

Development

• Refactored storage clients into separate modules (#1363)
• Support for IETF BCP 47 language tags (#1399)
• Improved GitHub Actions workflows and build process (#1445)
• Allow direct installation from GitHub (#1423)
• Extended package metadata with homepage and documentation links (#1413)
• Various backend fixes and code cleanup (#1432)