Changelog

Get the (almost) daily changelog
August 8, 2025

New: Smarter Conditions & Security Filters

  1. New Condition & Filter Types: You can now use the following new condition and filter types to build more robust rejection plans and security filter plans:
  • MessageTarget: Target specific messages by role and position for conditions using Assistant.hooks.do[type=tool].tool.rejectionPlan.conditions[type=regex].target.
  • GroupCondition: Combine multiple conditions using AND/OR logic, with support for recursive nesting using Assistant.hooks.do[type=tool].tool.rejectionPlan.conditions[type=group].
  • RegexCondition: Flexible pattern matching, with full support for JavaScript regex and negation using Assistant.hooks.do[type=tool].tool.rejectionPlan.conditions[type=regex].
  • LiquidCondition: Use Liquid templates for complex, context-aware logic using Assistant.hooks.do[type=tool].tool.rejectionPlan.conditions[type=liquid].
  • Security Filters: New filter types for RCE, XSS, SSRF, SQL injection, prompt injection, and regex-based filtering using Assistant.compliancePlan.securityFilterPlan.filters.
  1. Tool Rejection Plans: You can now use Assistant.hooks.do[type=tool].tool.rejectionPlan in all tool calls to prevent accidental tool execution, enforce confirmation steps, and build more robust conversation flows. This helps you to define complex logic for when a tool call should be rejected, enhancing both safety and call experience. Rejection plans can be built using regex conditions, Liquid templates, or logical groups (AND/OR). For example, you can prevent an endCall tool from executing unless the user says goodbye, or block a transfer if the user is actually asking a question.

Example:

1{
2  "conditions": [
3    {
4      "type": "regex",
5      "regex": "(?i)\\b(bye|goodbye|farewell|see you later|take care)\\b",
6      "target": { "position": -1, "role": "user" },
7      "negate": true
8    }
9  ]
10}
  1. Security Filter Plans for Transcripts and Messages: You can now use Assistant.compliancePlan.securityFilterPlan to define how transcripts and messages are filtered against threats like SQL injection, XSS, prompt injection, and more. Choose between sanitize, reject, or replace when threats are detected, and specify custom replacement text. User messages and transcript objects now include:
  • isFiltered: Indicates if content was filtered for security.
  • detectedThreats: Lists detected threats.
  • originalMessage / originalTranscript: Preserves original content if filtering occurred.