2.0rc0

⚠️ Security Advisory

IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.

Key Improvements

• Complete overhaul with OpenAI Realtime API support for streaming audio chat interactions by @willydouhard (#1401, #1406, #1410)
• New interactive DataFrame display functionality with auto-fit content by @desertproject and @hayescode (#1373, #1467)
• Enhanced security measures and development tooling by @dokterbob (#1431, #1414)

Breaking Changes

OpenAI Realtime API Integration

• Replaced AudioChunk with InputAudioChunk and OutputAudioChunk
• Changed default audio sampling rate from 44100 to 24000
• Removed several audio configuration options (min_decibels, initial_silence_timeout, silence_timeout, chunk_duration, max_duration)
• Removed RecordScreen component

Other Changes

New Features

• Implemented realtime audio streaming with new components by @willydouhard (#1401, #1406, #1410):
  • Added AudioPresence for visual feedback
  • Introduced WavRecorder and WavStreamPlayer classes
  • Added audio interruption functionality
  • New on_audio_start callback
• Added interactive DataFrame display using MUI Data Grid with auto-fit content by @desertproject and @hayescode (#1373, #1467)
• Enhanced image interaction with popup view and download capabilities by @fgalind1 (#1402)
• Made websocket connections optional in react-client by @sandangel (#1379)
• Added current URL to message payload in copilot mode by @fgalind1 (#1403)
• Enabled empty chat input when submitting attachments by @EcoleKeine (#1261)
• Added support for regional language variants like es-419 by @erauld (#1399)

Technical Improvements

• Factored storage clients into separate modules by @ndricca (#1363)
• Implemented comprehensive linting with ruff by @dokterbob (#1495)
• Added mypy daemon for faster type-checking by @dokterbob (#1495)
• Enhanced GitHub Actions with additional linting by @dokterbob (#1445)
• Enabled direct installation from GitHub by @dokterbob (#1423)
• Various build script improvements by @dokterbob (#1462)

Migration Guide

OpenAI Realtime API Migration

If you're using audio features, you'll need to update your code to use the new realtime audio system:

1. Update imports and types:

- from chainlit.types import AudioChunk
+ from chainlit.types import InputAudioChunk, OutputAudioChunk

2. Update your audio callbacks:

@cl.on_audio_start
async def on_audio_start():
    # New callback to initialize audio session
    # Return True to enable audio connection
    return True

@cl.on_audio_chunk
async def on_audio_chunk(chunk: cl.InputAudioChunk):
    # Process incoming audio chunks
    # chunk.data contains the raw audio data
    pass

@cl.on_audio_end
async def on_audio_end():
    # Clean up audio session
    pass

3. For streaming audio back to the client:

await cl.context.emitter.send_audio_chunk(
    cl.OutputAudioChunk(
        mimeType="pcm16",
        data=audio_data,
        track=track_id
    )
)

See our documentation for a complete implementation example.

New Contributors

• @fgalind1 made their first contribution with URL and image interaction improvements (#1403)
• @erauld made their first contribution with regional language support (#1399)
• @ndricca made their first contribution with storage client modularization (#1363)
• @desertproject made their first contribution with interactive DataFrame display (#1373)
• @EcoleKeine made their first contribution with attachments handling improvements (#1261)
• @sandangel made their first contribution with optional websocket connections (#1379)

Full Changelog: 1.3.1...2.0rc0

1.3.2

⚠️ Security Advisory

IMPORTANT: The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until a comprehensive fix is implemented in an upcoming release.

Breaking Changes

This release drops support for FastAPI versions before 0.115.3 and Starlette versions before 0.41.2 due to a severe security vulnerability (CVE-2024-47874). We strongly encourage all downstream dependencies to upgrade as well.

While this is technically a breaking change in a patch release, we are prioritizing security over strict semantic versioning in this case. We strongly encourage all users to upgrade to this version immediately for the latest security improvements.

Security Updates

• Critical dependency updates to address CVE-2024-47874 (#1493):
  • Upgraded fastapi to 0.115.3
  • Upgraded starlette to 0.41.2
  • Upgraded werkzeug to 3.0.6

Bug Fixes

• Fixed incorrect message ordering in UI by @pmercier (#1501):
  • Messages now display in the correct chronological order
  • Resolved race conditions in message display logic
  • Improved message state management

Contributors

• @dokterbob
• @pmercier made their first contribution in #1501

Full Changelog: 1.3.1...1.3.2

2.0.dev2

Important Security Notice

This development release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. As this is a development release, it should not be used in production environments.

What's Changed

• Fixed elements not displaying when using authentication by @hayescode in #1474
• Temporarily reverted file access security improvements from 2.0.dev1 to restore functionality (#1441)

Development Status

Work is underway to implement HTTP-only cookie authentication as a comprehensive security solution. This will be a key feature of upcoming development releases.

Full Changelog: 2.0.dev1...2.0.dev2

1.3.1

Important Security Notice

This hotfix release temporarily reverts recent security improvements to restore element functionality. The element feature currently contains a known security vulnerability that could allow unauthorized file access. We strongly recommend against using elements in production environments until our next release, which will implement a comprehensive fix using HTTP-only cookie authentication.

What's Changed

• Fixed elements not displaying when using authentication by @hayescode in #1474
• Temporarily reverted file access security improvements from 1.3.0 to restore functionality (#1441)

Next Steps

We are actively working on a comprehensive security fix that will be released in the coming weeks.

Full Changelog: 1.3.0...1.3.1

2.0dev1

[2.0.dev1] - 2024-10-22

Features

• Added interactive pandas.DataFrame display component using MUI Data Grid (#1373)
• Optional websocket connection in react-client (#1379)
• Added current URL to message payload (#1403)
• Improved image interaction UX - clicking opens in popup with download option (#1402)
• Added configurable user session timeout (#1032)
• Environment variables OAUTH_<PROVIDER>_PROMPT and OAUTH_PROMPT to
  override oauth prompt parameter.
  Prevent automatic re-login with OAUTH_PROMPT=consent. (#1362, #1456).

Security

• Fixed file access vulnerability in get_file and upload_file endpoints (#1441)
• Added authentication to /project/file endpoint (#1441)
• Addressed security vulnerabilities in frontend dependencies (#1431, #1414)

Fixed

• Dialog boxes no longer extend beyond window (#1446)
• Allow empty chat input when submitting attachments (#1261)
• Fixed tasklist when Chainlit is submounted (#1433)
• Allow spaces in avatar filenames (#1418)
• Step argument input and concurrency issues (#1409)
• Correctly copy display_name to PersistentUser during authentication (#1425)

Development

• Refactored storage clients into separate modules (#1363)
• Support for IETF BCP 47 language tags (#1399)
• Improved GitHub Actions workflows and build process (#1445)
• Allow direct installation from GitHub (#1423)
• Extended package metadata with homepage and documentation links (#1413)
• Various backend fixes and code cleanup (#1432)

1.3.0

Key Improvements

• Enhanced security with critical fixes for file handling and dependency updates (#1441, #1431, #1414)
• Added SQLite database support for storing chat history and user data (#1319)
• Made OAuth login behavior configurable through environment variables - use OAUTH_PROMPT=consent to prevent automatic re-login after logout (#1456)
• Added support for localized languages like Latin American Spanish (es-419) through IETF language tags (#1399)
• Enhanced performance and reliability of cloud storage through LiteralAI 0.0.625 update (#1376)

What's Changed

• Made OAuth login prompts configurable via environment variables (#1456) by @dokterbob
• Fixed UI issue with dialog boxes extending beyond screen (#1446) by @laodanfeng
• Ensured user display names persist correctly after authentication (#1425) by @willydouhard
• Improved file upload and access security (#1441) by @dokterbob
• Fixed task list display when Chainlit is used within another app (#1433) by @dokterbob
• Added support for regional language variants like es-419 (#1399) by @erauld
• Fixed concurrent processing of user inputs (#1409) by @willydouhard
• Fixed avatar filename handling to support spaces (#1418) by @dokterbob
• Fixed database identifier handling in SQLAlchemy (#1395) by @hayescode
• Improved module loading performance (#1382) by @dokterbob
• Various documentation and text improvements (#1347, #1348, #1349) by @EWouters

New Contributors

• @laodanfeng made their first contribution in #1446
• @qvalentin made their first contribution in #1441
• @erauld made their first contribution in #1399

Full Commit Log: 1.2.0...1.3.0, CHANGELOG

2.0.dev0

Developer Preview

This is a developer preview release of Chainlit 2.0. It introduces significant changes and new features, particularly integration with the OpenAI Realtime API . As a dev preview, it may contain bugs and is not recommended for production use.

Major Changes

Realtime Audio Processing

The most significant change in this release is the introduction of realtime audio processing capabilities, as implemented in PR #1401 by @willydouhard. This feature enables real-time voice conversations with AI assistants.

Check out a screen grab of the demo on Twitter X.

For a practical implementation of this new feature, check out our cookbook entry on creating a realtime assistant.

Breaking Changes in Audio Implementation

• Replaced AudioChunk type with InputAudioChunk and OutputAudioChunk
• Changed default audio sampling rate from 44100 to 24000
• Removed several audio configuration options (min_decibels, initial_silence_timeout, silence_timeout, chunk_duration, max_duration)
• Introduced new on_audio_start callback
• Modified on_audio_end callback to no longer accept file elements as arguments

New Features

• Audio connection signaling with on and off states
• AudioPresence component for visual representation of audio state
• WavRecorder and WavStreamPlayer classes for improved audio handling
• startConversation and endConversation methods in useAudio hook
• Audio interruption functionality

Other Changes

• Updated useChatInteract hook with startAudioStream method
• Modified useChatSession to handle new audio streaming functionality
• Refactored UI components to reflect new audio implementation
• Added new wavtools directory with various audio processing utilities
• Implemented new AudioWorklet processors for more efficient audio handling

Removed

• RecordScreen component
• Several audio-related configuration options from config.toml

For a complete list of changes, please refer to the full changelog.

We encourage developers to test this preview release and provide feedback. Please report any issues or suggestions on our GitHub repository.

1.3.0rc0

Feedback and testing

This is a release candidate (rc0) for version 1.3.0.
We encourage thorough testing, especially of the LiteralAI integration and history features.

Feedback is highly appreciated to ensure stability for the final 1.3.0 release, specifically on the LiteralAI integration and SQLAlchemy/SQLite.

Key Features and Improvements

• Added SQLite support to the SQLAlchemy integration (#1319)
• Implemented extensive test coverage for LiteralDataLayer and SQLAlchemyDataLayer (#1376, #1346)
• Refactored the LiteralDataLayer for improved performance and consistency (#1376)
• Added get_element() method to SQLAlchemyDataLayer (#1346)
• Enhanced OAuth logout process to prevent automatic re-login (#1362)

What's Changed

• Bump LiteralAI to 0.0.625, refactor LiteralDataLayer by @dokterbob in #1376
• Prevent automatic oauth login after logout by @ModEnter in #1362
• Update README.md by @willydouhard in 1d3ffd4
• Don't run code during import, don't import LiteralDataLayer by default by @dokterbob in #1382
• Update readme by @constantinidan in #1351
• Python fixes by @EWouters in #1353
• Get rid of context from SQL Alchemy data layer, fix SQLite support by @DanielAvdar in #1319
• Add get_element() and test infra for sql_alchemy.py by @hayescode in #1346
• YAML fixes, restrict GH Actions perms by @EWouters in #1349
• Markdownlint fixes by @EWouters in #1348
• Small text fixes by @EWouters in #1347

New Contributors

• @ModEnter made their first contribution in #1362
• @constantinidan made their first contribution in #1351
• @DanielAvdar made their first contribution in #1319
• @hayescode made their first contribution in #1346

Full Changelog: 1.2.0...1.3.0rc0

1.2.0rc0

Add experimental assistant feature

1.2.0

Security

• Fixed critical vulnerabilities allowing arbitrary file read access (#1326)
• Improved path traversal protection in various endpoints (#1326)

Added

• Hebrew translation JSON (#1322)
• Translation files for Indian languages (#1321)
• Support for displaying function calls as tools in Chain of Thought for LlamaIndexCallbackHandler (#1285)
• Improved feedback UI with refined type handling (#1325)

Changed

• Upgraded cryptography from 43.0.0 to 43.0.1 in backend dependencies (#1298)
• Improved GitHub Actions workflow (#1301)
• Enhanced data layer cleanup for better performance (#1288)
• Factored out callbacks with extensive test coverage (#1292)
• Adopted strict adherence to Semantic Versioning (SemVer)

Fixed

• Websocket connection issues when submounting Chainlit (#1337)
• Show_input functionality on chat resume for SQLAlchemy (#1221)
• Negative feedback class incorrectness (#1332)
• Interaction issues with Chat Profile Description Popover (#1276)
• Centered steps within assistant messages (#1324)
• Minor spelling errors (#1341)

Development

• Added documentation for release engineering process (#1293)
• Implemented testing for FastAPI version matrix (#1306)
• Removed wait statements from E2E tests for improved performance (#1270)
• Bumped dataclasses to latest version (#1291)
• Ensured environment loading before other imports (#1328)