Amigo API

Start Mode and Context for Text Conversations

Text conversations now support a start_mode parameter that controls whether the agent or the user speaks first, and a context parameter that injects caller or patient context into the agent's prompt for a conversation or turn.

What changed:

• start_mode on create conversation - The create conversation endpoint (POST /conversations) now accepts a start_mode field with two possible values: user_first (default) and agent_first. When set to agent_first, the platform produces the agent's opening message during conversation creation and returns it in the turns array of the response. When set to user_first (or omitted), the conversation is created with no initial turns and the agent waits for the user to send the first message.

• context on create conversation - The create conversation endpoint now accepts an optional context string (up to 5,000 characters). This text is injected into the agent's prompt as caller or patient context for the conversation. Useful for passing appointment details, patient identifiers, or other situational information that the agent should know before the conversation begins.

• viewport_width and viewport_height on create conversation - The create conversation endpoint now accepts optional viewport_width (range 20-500) and viewport_height (range 5-500) integer fields. When provided alongside start_mode: agent_first, the agent uses these dimensions to format its opening message. These dimensions are also forwarded to subsequent turns in the conversation.

• context on conversation turns - The create turn endpoint (POST /conversations/{id}/turns) and the streaming turn endpoint now accept an optional context string (up to 5,000 characters). This lets you inject or update context on a per-turn basis.

• context on WebSocket sessions - The WebSocket session endpoint now accepts a context query parameter (up to 5,000 characters). The context is applied when the session connects and the agent produces its opening message.

• auto_greet replaced by start_mode - The previously removed auto_greet parameter is fully superseded by start_mode. The agent_first start mode provides equivalent functionality with more explicit semantics. The create conversation response now includes greeting turns in the turns array when start_mode is agent_first, rather than always returning an empty array.

Who is affected:

Platform API users who create text conversations or interact via WebSocket sessions. No action is required for existing integrations - the default start_mode is user_first, which preserves previous behavior. To have the agent speak first, set start_mode to agent_first in your create conversation request.

No breaking changes.

Viewport Dimensions for Text Channels

Text-based conversations now support optional viewport dimensions that tell the agent how wide (and optionally how tall) the user's display surface is, measured in characters. The agent uses this information to tailor response formatting - for example, producing shorter lines for narrow SMS screens and wider layouts for web or email.

What changed:

• viewport_width and viewport_height on conversation turns - The create turn endpoint (POST /conversations/{id}/turns) now accepts two optional integer fields: viewport_width (range 20-500) and viewport_height (range 5-500). When provided, the agent formats its responses to fit within the specified character dimensions. When omitted, the platform applies sensible defaults based on the channel (e.g., narrower for SMS, wider for web and email).

• viewport_width and viewport_height on WebSocket sessions - The WebSocket session endpoint now accepts viewport_width and viewport_height as query parameters. Values outside the allowed ranges are silently ignored. The viewport dimensions are fixed for the lifetime of the session - they are set at connection time and apply to every turn.

• Channel-specific defaults - Each text channel now carries a default viewport width that reflects typical display characteristics. SMS defaults to 40 characters, WhatsApp to 45, and email and web to 80. These defaults apply when no explicit viewport dimensions are provided.

Who is affected:

Platform API users who interact with text-based channels (SMS, WhatsApp, email, web, WebSocket sessions). No action is required - existing integrations continue to work with the channel-specific defaults. To take advantage of viewport-aware formatting, pass viewport_width and optionally viewport_height in your turn requests or WebSocket connection parameters.

No breaking changes.

Remove auto_greet from Conversation Creation

The auto_greet parameter has been removed from the create conversation endpoint. The agent greeting is now handled automatically by the context graph welcome state, so callers no longer need to control whether a greeting is produced at conversation creation time.

What changed:

• auto_greet parameter removed from POST /conversations - The auto_greet boolean field is no longer accepted in the create conversation request body. Previously, this parameter controlled whether the platform produced an agent greeting turn when creating a conversation. The context graph welcome state now manages greeting behavior, making this parameter unnecessary.

• Create conversation response always returns an empty turns array - The turns array in the create conversation response is now always empty. Agent greetings are delivered through the context graph welcome state rather than being included inline in the creation response.

Who is affected:

All Platform API users who create conversations via the API. If your integration passes auto_greet in the request body, remove it. The field is no longer recognized. If your integration relied on the create conversation response containing greeting turns, update your flow to receive the greeting through the normal conversation interaction path instead.

Breaking changes:

• auto_greet has been removed from the create conversation request schema. Requests that include this field may be rejected.

• The turns array in the create conversation response no longer contains greeting turns.

Greeting Ready Before Call Connects

Inbound voice calls now wait for the agent greeting to be fully prepared before connecting the caller. Previously, greeting preparation ran in the background while the call connected, which could cause a brief delay before the caller heard the agent speak. Now the caller hears their phone's normal ring-back tone for a few seconds while the greeting loads, and the agent is ready to speak the moment the call connects.

What changed:

• Greeting is prepared during ring time - The agent engine now finishes loading the greeting before returning the call connection response. The caller's phone rings normally during this preparation (typically 2-3 seconds). When the call connects, the greeting plays immediately with no dead air or loading delay.

• No change to caller experience - Callers hear standard ring-back tone from their phone while the greeting prepares. This is indistinguishable from a normal phone call that takes a moment to answer. The previous behavior occasionally produced a connected call with a brief silence before the greeting played.

Who is affected:

All Platform API users with inbound voice use cases. No configuration changes are required. Callers may notice that calls ring slightly longer before connecting, but the agent greeting plays immediately once the call is answered.

No breaking changes.

Voice Routing Uses Per-Use-Case Telephony Application

All voice call routing - inbound webhooks, outbound dispatch, and mid-call credential resolution - now reads the telephony application identifier from the use case rather than from the setup. This completes the migration started in v0.9.517, where each voice use case received its own dedicated telephony application at creation time.

What changed:

• Inbound voice routing reads telephony application from the use case - When an inbound call arrives on a use-case-scoped webhook, the agent engine now resolves the telephony application identifier from the use case record. Previously, this was read from the setup. If a voice use case is missing its telephony application identifier (e.g., a use case created before v0.9.517 that has not been backfilled), the inbound call returns fallback audio instead of connecting to the agent.

• Outbound voice dispatch reads telephony application from the use case - Outbound calls initiated via a use case now resolve the telephony application identifier from the use case. If the use case has no telephony application configured, the dispatch fails with a 502 error and a message indicating that the use case needs a telephony application configured in the channel setup.

• Mid-call credential resolution reads telephony application from the use case - When the agent engine resolves credentials for an active voice session (e.g., for conference management or call transfers), it now reads the telephony application identifier from the use case associated with the session.

• twiml_app_sid removed from setup response schema - The twiml_app_sid field is no longer present on setup responses from GET /v1/twilio-setup/{id} or any endpoint that returns setup objects. This field was deprecated in v0.9.517 when telephony applications moved to the use case level. Consumers should read twiml_app_sid from the use case response instead.

Who is affected:

All Platform API users with voice use cases. Existing use cases created in v0.9.517 or later already have a per-use-case telephony application and require no action. Use cases created before v0.9.517 must be backfilled with a telephony application before inbound or outbound voice routing will work. Contact support if you have pre-v0.9.517 use cases that have not been migrated.

Breaking changes:

• twiml_app_sid has been removed from setup response payloads. Read it from the use case response instead.

Region and Environment on Use Cases

Use cases now require a deployment region and environment at creation time. These fields pin the use case to a specific regional deployment of the voice agent engine, ensuring that all voice traffic for the use case routes to the intended region and stage. Each voice use case also receives its own dedicated telephony application resource scoped to that region, replacing the previous shared-per-setup application.

What changed:

• environment and region required on use case creation - Both POST /v1/use-case (Twilio channel) and POST /v1/use-case (email channel) now require environment and region fields. environment accepts staging or production. region accepts us-east-1, ap-southeast-2, eu-central-1, or ca-central-1. These fields are immutable after creation - to change region or environment, delete the use case and create a new one.

• Per-use-case telephony application - Voice use cases (inbound_voice and outbound_voice) now receive a dedicated telephony application at creation time. The application's voice endpoint is configured to route to the agent engine deployment matching the use case's region and environment. Ringless voicemail use cases do not receive a telephony application because they use a separate delivery path with no agent leg. The telephony application is automatically cleaned up when the use case is deleted.

• twiml_app_sid on use case responses - GET /v1/use-case/{id}, GET /v1/use-cases, and the create response now include a twiml_app_sid field. This is the identifier of the per-use-case telephony application for voice channels, or null for ringless voicemail use cases.

• environment and region on use case responses - All use case response payloads now include the environment and region fields.

• twiml_app_sid removed from setup responses - The GET /v1/twilio-setup/{id} response no longer includes a twiml_app_sid field. Telephony applications are now scoped per use case, not per setup. Consumers that previously read the application SID from the setup response should read it from the use case response instead.

• Setup creation no longer creates a telephony application - POST /v1/twilio-setup no longer provisions a shared telephony application. The application is created per use case at use case creation time instead.

• Phone number assignment uses use case region - When assigning a phone number to an inbound voice use case, the phone number's voice endpoint is now configured using the use case's region and environment rather than a single global endpoint.

Who is affected:

All Platform API users creating use cases. Existing use cases are unaffected. Consumers reading twiml_app_sid from setup responses must migrate to reading it from use case responses.

Breaking changes:

• environment and region are now required fields on use case creation requests.

• twiml_app_sid has been removed from the setup response schema.

Greeting Uses Full Tool Pipeline

The agent greeting now runs through the same tool execution pipeline used for all other conversation turns. Previously, greetings were generated through a simplified path that bypassed tool execution. The greeting now has access to skills, platform functions, and other tools during the initial message, enabling richer and more context-aware opening interactions.

What changed:

• Full tool access during greeting - The agent's opening greeting now executes through the standard reasoning pipeline with full tool access. This means the greeting can invoke skills, query platform functions, and use any other tools configured on the agent. Previously, the greeting was generated without tool access, limiting it to static or prompt-only content.

• Tool call events emitted for greeting - Because the greeting now uses the full pipeline, any tool calls made during greeting generation are emitted as tool call events on the session, consistent with how tool calls are reported during subsequent turns.

Who is affected:

All Platform API voice and text session users. No API or integration changes are required. Agents with tools configured may produce richer greetings that incorporate live data from skills or platform functions. Agents without tools configured will see no behavioral difference.

No breaking changes.

Greeting Cache and Faster Cold-Start

The voice agent engine now caches generated greeting text so that subsequent calls to the same service reuse a cached greeting instead of regenerating it. Combined with tighter timeouts on the pre-warm path, this reduces time-to-first-speech on cold-start calls.

What changed:

• Greeting text caching - When the platform generates a greeting during pre-warm, the result is stored in a short-lived cache keyed by workspace, service, and caller context. If a second call arrives before the cache expires, the greeting is served from cache (sub-millisecond) instead of calling the language model again (seconds). Anonymous and household greetings use a longer cache lifetime because they are identical across calls. Known-caller personalized greetings use a shorter lifetime to stay fresh as caller data changes.

• Cold-init cache lookup - When a call connects to a pod that did not perform the pre-warm, the engine checks the greeting cache before falling back to language model generation. In most cases the pre-warm pod has already written the greeting, so the connecting pod reads it instantly.

• Reduced pre-warm timeout - The pre-warm window now fails fast if it has not completed promptly, letting the cold-init path start sooner rather than consuming the full ring window. The greeting generation timeout within pre-warm has also been tightened.

Who is affected:

All Platform API voice agent users. No API or integration changes are required. Callers should experience shorter silence before the agent begins speaking, especially on the first call after a period of inactivity or when the call lands on a different pod than the one that handled the pre-warm.

No breaking changes.

Persistent WebSocket Text Sessions

Text session WebSocket connections now use a persistent end-to-end WebSocket architecture instead of proxying each turn through an intermediate streaming protocol. The agent engine keeps the conversation session alive across turns, so subsequent messages reuse the warm session rather than reinitializing on every turn.

What changed:

• End-to-end WebSocket session - The platform API's /connect WebSocket endpoint now establishes a persistent WebSocket connection to the agent engine for the duration of the session. Previously, each user message triggered a separate streaming request that initialized a new session context. The new architecture initializes the session once on connect and reuses it for all subsequent turns, significantly reducing per-turn latency.

• Bidirectional bridge - The platform API acts as a bidirectional WebSocket bridge between the client and the agent engine. Client frames are forwarded upstream and agent frames are forwarded downstream without intermediate protocol translation. Frame size limits are enforced in both directions.

• Idle timeout behavior unchanged - Sessions still close after a period of inactivity. The client receives an idle timeout error event before the connection closes, consistent with existing behavior.

• Same client-facing protocol - The WebSocket frame protocol is unchanged. Clients still send user_text frames and receive message, tool_call, done, and error events. No client-side changes are required.

Who is affected:

Platform API users with WebSocket text session integrations. The change is transparent - existing clients work without modification. Users should observe lower latency on the second and subsequent turns within a session because the agent no longer reinitializes on every message.

SDK users connecting via sessionConnectUrl benefit automatically.

No breaking changes.

Voice Media Gateway Removed

The standalone voice media gateway service has been removed. Audio transport, speech-to-text, and text-to-speech processing are handled directly by the agent engine, eliminating the separate media-plane service and the internal relay protocol between the two.

What changed:

• Media gateway service removed - The dedicated service that handled audio transport, speech recognition, and text-to-speech synthesis as a separate deployment has been removed. All voice audio processing now runs within the agent engine service, simplifying the voice architecture.

• Internal relay protocol removed - The bidirectional message protocol used for communication between the media gateway and the agent engine has been removed. This was an internal implementation detail and had no effect on external APIs or client integrations.

• Internal media session endpoint removed - The internal endpoint previously used by the media gateway to relay voice session data to the agent engine has been removed. This endpoint was not part of the public API.

Who is affected:

No customer-facing changes. This is an internal architecture simplification. Voice calls continue to work through the same telephony flow and public API endpoints. No client-side or integration changes are required.

No breaking changes.

Workspace Region and Environment Now Required

Workspace creation now requires an explicit environment value and derives region automatically from the regional API endpoint that handles the request. These fields no longer have defaults - callers must commit to an environment, and the platform determines the region.

What changed:

• environment is required on workspace creation - The environment field (production, staging, or development) no longer defaults to staging. You must provide it explicitly when creating a workspace. Requests without environment are rejected.

• region removed from create request body - The workspace region is now set automatically based on the regional API endpoint you call. Each region has its own ingress host, and a workspace cannot migrate between regions after creation. The region field is no longer accepted in the create workspace request body.

• environment and region are always present on workspace responses - Both fields are guaranteed to be non-null on all workspace objects returned by the API. Previously, these fields could be absent or null for workspaces created before they were tracked as dedicated fields.

• Multi-region deployment - The agent engine now deploys across four regions (US East, Asia Pacific Southeast, EU Central, and Canada Central), matching the platform API's regional footprint.

Who is affected:

Platform API users who create workspaces. If your integration passes region in the create workspace request body, remove it - the region is now determined by which regional endpoint you call. If your integration omits environment, you must now provide it explicitly.

Clients that read environment or region from workspace responses and handle null values can simplify their logic - both fields are now always present.

Breaking changes:

• environment is now a required field on POST /v1/me/workspaces (previously defaulted to staging)

• region is no longer accepted in the create workspace request body (previously accepted with a default)

Voice Media Gateway Session Loop and TTS Integration

The voice media gateway now runs a full session loop that handles real-time audio transport, speech-to-text, text-to-speech playback, and bidirectional communication with the agent engine. This completes the media-plane split where all audio processing runs in the media gateway while reasoning and conversation logic remain in the agent engine.

What changed:

• Media stream endpoint active - The media gateway now accepts inbound voice connections and runs a complete audio session. Previously, the endpoint was stubbed out. The gateway performs a transport handshake, validates session metadata against expected state, and establishes the audio pipeline.

• Session loop with concurrent pipelines - Each voice session runs concurrent pipelines for receiving caller audio, streaming it to speech recognition, relaying transcripts to the agent engine, and dispatching agent engine commands back to the caller. The session enforces a maximum call duration and handles graceful cleanup when any pipeline exits or fails.

• Speech-to-text integration - The gateway streams caller audio to a speech recognition service for real-time transcription. Turn detection (start of speech, end of speech) drives the conversation flow. Transcripts are relayed to the agent engine as they complete. The STT integration supports dynamic reconfiguration mid-call (key terms, language hints, detection thresholds) in response to agent engine commands.

• Text-to-speech playback - Agent responses are synthesized to audio using a persistent streaming connection to a TTS service. The gateway uses an actor-based architecture with dedicated send and receive loops to avoid contention on the connection. Each utterance is tracked as a separate context, enabling independent lifecycle management.

• Agent engine command dispatch - The session processes commands from the agent engine including utterance playback, speaker interruption (barge-in), speaker stop, speaker drain, STT reconfiguration, and session termination. Each command type is dispatched to the appropriate local subsystem.

• Circuit breakers for external services - Connections to speech recognition and TTS services are protected by circuit breakers that track failure rates within a sliding window and temporarily halt requests when failure thresholds are exceeded. This prevents cascading failures when an upstream service degrades.

• Capacity management - The gateway enforces a per-pod session limit. When at capacity, new connections are rejected immediately with a capacity metric emitted, preventing overload from degrading active sessions.

Who is affected:

Platform API users with voice agents. This is an infrastructure improvement that enables the media-plane architecture. No client-side or integration changes are required. Voice calls continue to work through the same telephony flow - the media gateway now handles the audio pipeline that was previously co-located with the agent engine.

No breaking changes.

Unified WebSocket Session Proxy with Terminal Frame Guard

The WebSocket text session now uses a single unified streaming proxy for both the initial auto-greeting and user message turns. A terminal frame guard ensures that every turn delivers a final done or error event to the client, even when the upstream response stream closes without emitting one.

What changed:

• Unified streaming for greetings and user messages - The auto-greeting sent when a WebSocket session connects now uses the same streaming proxy path as regular user messages. Previously, greetings used a separate batch interaction path (introduced in v0.9.508) while user messages used the streaming path. Both now flow through a single proxy, simplifying the protocol and making greeting delivery consistent with the rest of the session.

• Terminal frame guard - Every turn - whether greeting or user message - is now guaranteed to deliver a terminal frame (done or error) to the client. If the upstream response stream closes without emitting a terminal event, the proxy synthesizes a done frame automatically. This prevents clients from hanging indefinitely when transport-layer buffering swallows the final event on short responses.

• No protocol changes - The WebSocket event format is unchanged. Clients receive the same message, tool_call, done, and error events as before. The only behavioral difference is improved reliability: turns that previously could stall without a terminal event now always complete.

Who is affected:

Platform API users with WebSocket text sessions. This is a reliability improvement with no client-side changes required. Clients that implemented their own timeout-based workarounds for missing terminal events can simplify their logic, though existing workarounds remain compatible.

No breaking changes.

Removed Direct Stream Endpoint and Legacy Configuration

The /direct-stream WebSocket endpoint and several legacy configuration options have been removed from the voice agent engine. These were internal testing artifacts that are no longer used.

What changed:

• /direct-stream endpoint removed - The direct audio WebSocket endpoint, previously used for local voice-to-voice testing without a telephony provider, has been removed. This endpoint was already disabled in staging and production environments. All voice testing should use the standard telephony-backed endpoints or the Developer Console playground.

• Legacy configuration options removed - Four configuration options that were no longer referenced by any active code path have been removed:

  • Voice agent configuration for static system prompt injection via environment config

  • Companion skills feature flag (companion skills are now always eligible for activation via the platform feature flag system)

  • Async task execution feature flag (async task execution eligibility is now controlled entirely by the platform feature flag system)

• Simplified system prompt resolution - When no context graph engine is loaded, the voice agent now uses the default system prompt directly instead of attempting to parse it from a configuration string. This does not change behavior for any production deployment, since production sessions always load a context graph engine.

Who is affected:

No production impact. The removed endpoint was disabled in staging and production. The removed configuration options were either unused or have been superseded by platform-level feature flags. No client-side or integration changes are required.

No breaking changes.

WebSocket Greeting Delivery Fix

The auto-greeting sent when a WebSocket text session connects now uses the batch interaction path instead of the streaming path. This fixes an issue where short greeting responses could stall and never deliver their final event to the client due to transport-layer buffering.

What changed:

• Greeting uses batch interaction - When a WebSocket session connects, the agent greeting is now retrieved as a complete response rather than streamed token by token. The greeting is a single deterministic response with no tool calls, so streaming provided no benefit and introduced reliability issues on short responses.

• Consistent done event - The done event is now always sent after the greeting completes, regardless of whether the greeting produced messages or encountered an error. Previously, the done event could be skipped if the streaming path failed to emit a terminal chunk.

• Simplified greeting frame format - Greeting messages are delivered as message events with role and text fields, consistent with the structure used elsewhere in the session protocol.

Who is affected:

Platform API users with WebSocket text sessions. Clients that previously experienced stalled or missing greetings on short agent responses should see reliable delivery. No client-side changes are required - the event format is compatible with the existing protocol.

No breaking changes.

WebSocket Sessions for Persistent Text Conversations

Text sessions now support a persistent WebSocket connection mode. Instead of making a separate HTTP request for each conversation turn, clients open a single WebSocket connection and exchange messages with streamed agent responses for the lifetime of the session. This reduces per-turn latency from the HTTP round-trip overhead to a few seconds after the initial handshake.

What changed:

• New /sessions/connect WebSocket endpoint - Opens a persistent connection for text conversations. The endpoint accepts service_id, entity_id, and optional tool_events query parameters. Authentication uses the Sec-WebSocket-Protocol header with the format auth, <api_key_or_jwt>, supporting both API keys and JWT access tokens.

• Streamed turn events - After each user message, the server streams turn events over the WebSocket in real time. These are the same event types used in the streaming HTTP text session path, so existing event-handling logic works without modification. Tool execution events are included when tool_events=true.

• Auto-greeting on connect - When the connection is established, the server automatically sends the agent's greeting as a stream of turn events, so the client receives the first agent message without sending a user message.

• Automatic thread resolution - The platform resolves or creates a conversation thread for each unique entity and service combination. Reconnecting with the same entity and service resumes the existing conversation, preserving history across sessions.

• Structured error events - Errors during a turn (upstream failures, timeouts, invalid input) are sent as error events with a code and retryable flag. The connection stays open after non-fatal errors, so the session remains usable.

• Idle timeout - Connections that receive no messages within the idle window are closed with an error event. Clients can reconnect to continue the conversation.

• Custom close codes - Pre-acceptance validation failures (bad parameters, auth failure, resource not found, service unavailable) use typed close codes (4000, 4001, 4004, 4503) so clients can programmatically determine the failure reason.

Who is affected:

Platform API users building text-based agent integrations. The existing HTTP text session endpoints continue to work unchanged. The WebSocket mode is a new option for applications that benefit from lower latency and persistent connections, such as chat interfaces and SDK integrations.

No breaking changes.

Voice Media Gateway Audio and Playback Engine

The voice media gateway now includes a complete audio playback engine and transport layer, continuing the media layer separation introduced in v0.9.502. The gateway can independently manage audio output to callers - including speech synthesis streaming, silence detection, barge-in handling, and call drain - without depending on the agent reasoning engine for audio-level concerns.

What changed:

• Audio playback engine - The media gateway now has its own speech output pipeline. It dequeues utterances from a priority queue, streams synthesized audio to the caller one utterance at a time, and tracks estimated client playback position. This means audio delivery is managed entirely within the media layer, decoupled from agent reasoning.

• Barge-in support - When a caller speaks over the agent, the gateway interrupts the current utterance and discards queued speech. The interruption is immediate at the next audio chunk boundary, and the gateway tracks what the caller actually heard before the interruption for accurate conversation history.

• Silence monitoring - The gateway monitors caller silence after agent responses. If the caller remains quiet, the gateway can prompt with check-in messages at configurable intervals with increasing delays between attempts. After a maximum number of unanswered check-ins, the gateway initiates a graceful call ending with a goodbye message.

• Transport abstraction - Audio input and output now flow through a transport abstraction that handles codec conversion at the boundary. The pipeline works with canonical audio formats internally, and transports convert to and from their native format. This makes it straightforward to support additional telephony providers and audio protocols in the future.

• Playback-aware call termination - When ending a call, the gateway waits for queued speech to finish playing to the caller before disconnecting. A transport-level acknowledgment mechanism confirms that audio reached the caller, replacing the previous estimate-based approach. If the acknowledgment does not arrive within a timeout, the gateway falls back to a grace period before disconnecting.

• Priority-based utterance queue - Speech output is managed through a priority queue where urgent responses (such as tool results the caller is waiting for) take precedence over lower-priority items like filler phrases or silence check-ins. The queue supports targeted removal and bulk drain operations for barge-in scenarios.

Who is affected:

All Platform API users running voice agent sessions. Call behavior is unchanged from the caller's perspective - this is an infrastructure improvement that enables the media gateway to handle audio concerns independently. No API changes, no new endpoints, and no action required.

No breaking changes.

Internal Media Relay for Voice Pipeline

The voice pipeline now includes a relay layer that connects the media layer to the agent engine using a bidirectional session protocol. This is the next phase of the media layer split introduced in v0.9.502, wiring the two layers together so that voice sessions flow through the separated architecture.

What changed:

• Bidirectional session relay - The media layer now opens a persistent session connection to the agent engine for each active call. Session lifecycle, speech transcripts, playback status, and tool execution signals flow from the media layer to the engine. Utterance requests, playback controls, and session termination commands flow back. This replaces the previous monolithic path where audio processing and reasoning ran in the same process.

• Session handshake - Each relay session begins with a structured handshake that carries call metadata, workspace context, and service identity. The agent engine validates the handshake before accepting the session, ensuring that only properly identified sessions are processed.

• Automatic reconnection - If the relay connection drops mid-session, the media layer attempts to re-establish the connection with exponential backoff. If reconnection fails after multiple attempts, the session degrades gracefully rather than terminating abruptly.

• Connection security - The relay endpoint only accepts connections from within the platform's internal network boundary. Connections from outside the trust boundary are rejected before the session handshake begins.

Who is affected:

All Platform API users running voice agent sessions. Call behavior is unchanged from the caller's perspective - this is an infrastructure improvement that enables independent scaling of audio processing and agent reasoning. No API changes, no new endpoints, and no action required.

No breaking changes.

Service-Level Template Cache for Session Init

The agent engine now caches service-level configuration across sessions, so that repeat calls to the same service skip redundant configuration fetches. This reduces session initialization latency - particularly for text greeting flows - by reusing previously loaded configuration, skills, integration definitions, and workspace settings.

What changed:

• Service template caching - When the agent engine initializes a session, it now checks an in-process cache for the service's configuration, skills, integration definitions, and workspace settings. On a cache hit, session initialization only needs to resolve caller context and session credentials, skipping the configuration fetch phase entirely. The cache is keyed by workspace, service, and version set, with time-based expiration and bounded capacity.

• Deferred tool cache warming - Tool cache warming is now deferred until the caller actually needs it. Voice sessions and standard text turns warm the tool cache before processing. Auto-greet text sessions skip tool warming entirely because the greeting does not invoke tools, reducing first-message latency for text channels.

• Faster text greeting latency - The combination of service template caching and deferred tool warming significantly reduces the time to deliver the first greeting in text sessions, especially for services that have already handled a recent session on the same engine instance.

Who is affected:

All Platform API users running voice or text agent sessions. Session behavior is unchanged - this is a latency improvement only. No API changes, no new endpoints, and no action required.

No breaking changes.

Config Cache Invalidation on Save

Saving a service configuration, context graph version, or version set now immediately invalidates cached configuration so that the voice agent engine picks up changes without waiting for the cache to expire.

What changed:

• Immediate config propagation - Previously, after saving a service config, context graph version, or version set, the voice agent engine could serve stale configuration until the cache TTL expired. Now, saving any of these resources immediately invalidates the relevant cached entries so the next agent session loads fresh configuration.

• Scoped invalidation - When a service configuration or version set is updated, only the cache entries for that specific service are invalidated. When a context graph version is created, all cached service configurations in the workspace are invalidated, because context graphs can be shared across multiple services.

Who is affected:

All Platform API users who update service configurations, context graph versions, or version sets. Configuration changes now take effect immediately for new agent sessions instead of being delayed. No API changes, no new endpoints, and no action required.

No breaking changes.

Voice Media Layer Split

The voice subsystem now separates audio processing from agent reasoning into two independently deployable layers. This is the first phase of a multi-phase architecture change that improves scalability, deployment safety, and audio processing performance.

What changed:

• Separate media layer - Telephony connections, speech-to-text, and text-to-speech processing now run in a dedicated media layer that scales independently from the agent engine. This allows audio-intensive workloads to scale based on concurrent call volume without affecting reasoning capacity, and vice versa.

• Typed relay protocol - The media layer and agent engine communicate over a structured protocol with typed messages in each direction. Messages from the media layer include session lifecycle events, speech transcripts with timing metadata, and playback completion status. Messages from the agent engine include utterance requests, playback controls, speech recognition configuration, and session termination commands.

• Graceful rolling deployments - During deployments, the media layer stops accepting new call sessions while allowing in-flight calls to complete naturally. Health probes now distinguish between liveness (the process is running) and readiness (the service is accepting new calls), enabling the load balancer to drain traffic without dropping active calls. Active sessions are tracked with concurrency limits to prevent overload.

• Session concurrency management - The media layer enforces a configurable limit on concurrent call sessions per instance. When the limit is reached, new sessions are rejected and routed to other available instances. During shutdown, new sessions are rejected immediately while existing sessions are given time to complete.

Who is affected:

All voice agent users. The separation is transparent to API consumers - call behavior, audio quality, and all existing endpoints remain unchanged. No configuration changes are required.

No breaking changes.

Client Config API

A new endpoint returns client-safe configuration values for a workspace. This is useful for embedding platform-provided keys (such as mapping service API keys) in browser-side code without exposing backend secrets.

What changed:

• New endpoint: GET /v1/{workspace_id}/config/client - Returns client-safe configuration for the authenticated workspace. Currently exposes google_maps_api_key when configured. The endpoint requires workspace authentication and is rate-limited.

• Response model - Returns a JSON object with optional fields for client-safe keys. Fields are null when the corresponding key is not configured or is set to a placeholder value.

Who is affected:

Frontend applications that need platform-managed API keys for client-side services (e.g., map rendering). No action is required for existing integrations.

No breaking changes.

Voice Agent Cold Start Improvements

Voice agent session initialization is now faster on cold starts. Service configuration is cached so that subsequent session starts on any pod avoid redundant round trips to the configuration service.

What changed:

• Configuration caching - Service configuration is now cached with a short TTL during voice session initialization. When a session starts on a pod that does not have the configuration in memory, the cache is checked first, avoiding the full configuration fetch. This reduces cold start latency by several seconds in common deployment scenarios.

• Non-critical task isolation - Heartbeat, event subscriptions, and surface event listeners within a voice session are now isolated so that a failure in one of these non-critical tasks does not crash the entire session. Failures are logged and monitored but no longer cause unexpected disconnects.

• Pre-warm timeout increase - The best-effort engine pre-warm window has been extended to accommodate the additional caching step, improving the success rate of pre-warm attempts.

Who is affected:

All voice agent users benefit from improved cold start performance and session stability. No configuration changes are required.

No breaking changes.

Unified Credential Management

All platform services now share a single credential provider for authenticating to the data layer and file storage APIs. Previously, each service maintained its own independent authentication cache, which could result in redundant token exchanges and slightly different refresh behaviors across services.

What changed:

• Single shared credential per pod - Each service now constructs one credential provider at startup and threads it into every component that needs authenticated access to the data layer, file storage, or SQL execution APIs. This replaces the previous pattern where each component (file storage clients, SQL clients, database engines, branch clients) independently managed its own token cache and refresh logic.

• Consistent token caching - Bearer tokens and database credentials are now cached per service principal and per endpoint, with automatic refresh before expiry. The previous behavior where different components could refresh at slightly different times - occasionally causing a brief spike in token exchange calls - is eliminated.

• No behavioral changes - All authentication flows, API capabilities, and service behavior remain the same. File uploads, SQL execution, database connections, and branch operations continue to work identically. No configuration changes are required.

• Environment variable consolidation - Services that connect to the data layer now read authentication configuration from a consistent set of environment variables. Services that were previously reading these variables from different env mixins now use a single shared configuration source. All existing environment variables continue to work - no renaming or removal occurred.

Who is affected:

No action is required. This is an internal infrastructure improvement. All APIs, authentication flows, and service capabilities are unchanged.

No breaking changes.

Emotion Detection Provider Consolidation

Emotion detection now uses a single internal provider for all workspaces. The previous multi-provider configuration has been removed, simplifying setup and eliminating the need for external emotion detection API keys.

What changed:

• Single emotion provider - Emotion detection is now handled exclusively by the platform's built-in emotion engine. The previous option to select between external and internal emotion providers has been removed. Workspaces that had emotion detection enabled continue to work without any configuration changes.

• Simplified configuration - The emotion_provider and external emotion API key environment variables have been removed. Emotion detection is controlled solely by the workspace-level emotion_detection_enabled voice setting and the voice_agent.emotion_detection feature flag, as before.

• No behavioral changes - Emotion signals, compound emotion resolution, and speaker normalization continue to work the same way. The emotion data model, signal format, and downstream analytics are unchanged.

Who is affected:

No action is required. Workspaces with emotion detection enabled will continue to receive emotion signals. Workspaces that previously relied on an external emotion detection API key can remove that key from their environment - it is no longer read.

No breaking changes.

Multi-Region Deployment

The Platform API now runs in four regions: US East, Australia, Europe, and Canada. Each regional deployment routes AI service calls to the nearest available endpoint, reducing round-trip latency for voice and enrichment workloads.

What changed:

• Four production regions - The Platform API is now deployed in US East, Australia (Sydney), Europe (Frankfurt), and Canada (Montreal). Each region operates as an independent deployment with its own compute and configuration.

• Regional AI routing - AI-backed services (enrichment, form auto-correction, and OCR) now route to the AI endpoint closest to the serving region. Previously, all regions routed to a single US-based AI endpoint. Regional routing reduces latency for customers outside the US.

• No API changes - The API surface, authentication, and request/response schemas are unchanged. Clients connect to the same base URL and are routed to the nearest region automatically.

Who is affected:

All Platform API customers benefit from reduced latency if their traffic originates near one of the new regions. No client-side changes are required.

No breaking changes.

Per-Session World Tool Cache

The agent engine now caches read-only world tool results on a per-session basis, so preloaded tool lookups return instantly when the agent calls them during engagement. This reduces latency for conversations that rely on entity data fetched during session setup.

What changed:

• Per-session tool result caching - When a session starts, the engine warms a local cache by executing any preloaded tool calls defined in the current action state. The results are stored in a session-scoped cache keyed on tool name and parameters. When the agent invokes the same tool with the same parameters during the conversation, the cached result is returned instantly without re-executing the underlying query.

• Read-only tools only - Only stateless, read-only entity lookups are eligible for caching. Tools that depend on mutable session state (such as slot-based or EHR-context tools) are excluded from the cache and always execute live.

• Cache lifetime - The cache lives for the duration of a single conversation session. It is not shared across sessions, not persisted, and not accessible outside the session that created it. Each session gets its own isolated cache instance.

• Preload warming - Preloaded tools defined in the action state are now warmed individually and concurrently during session setup. Each tool has an independent timeout. If a single tool fails to warm, the failure is logged and the remaining tools continue. The cache is populated with whatever succeeds, and tools that failed to warm will execute normally when called during engagement.

• Observability - Cache hit and miss counts are emitted as gauges after preload warming completes, giving visibility into how effectively the cache is being utilized per session.

Who is affected:

Teams using preloaded world tools in their action states. Preloaded lookups that previously re-executed on every agent call now return from cache, reducing per-call latency. No configuration changes are required - caching is automatic for eligible tools.

No breaking changes.

Simulation Entity Binding

Simulation sessions, bridge runs, and forked sessions now support binding to a specific world entity for caller context resolution. This lets you pin simulations to a known test patient so the agent resolves identity the same way it would on a production call for that patient.

What changed:

• Entity ID on simulation sessions - The create-session endpoint now accepts an optional entity_id field (UUID). When provided and the entity exists in the workspace, the session resolves caller context directly from that entity rather than falling back to phone-based lookup. If the entity does not exist (stale, deleted, or wrong workspace), the session falls back to phone lookup against caller_id with no error - the simulation is survivable. Malformed UUIDs are rejected with HTTP 422 before the request reaches the agent engine.

• Entity ID on bridge runs - The bridge endpoint now accepts an optional entity_id field. The value is forwarded to every scenario session created during the bridge run and inherited by any forks. This lets you pin an entire regression suite to a specific test patient.

• Entity persistence across forks - When a simulation session is forked, the entity binding from the parent session is automatically inherited by all child branches. This ensures forked conversations maintain the same patient context as the original session.

• Resolution precedence - Entity match takes priority over phone-based lookup. When entity_id resolves to a matching entity, caller_id is not used for identity resolution. The supplied caller_id is still recorded on the session and surfaced in greeting metadata regardless of which resolution path wins.

• Updated caller_id handling - Empty and whitespace-only caller_id values are now explicitly normalized to the simulation sentinel, matching the behavior of voice test calls. Previously, certain empty-string edge cases could bypass normalization.

New fields on create-session request:

New fields on bridge request:

Who is affected:

Teams running simulations that require specific patient context. Previously, patient resolution in simulations relied on caller_id phone matching. You can now pass an entity UUID directly for deterministic resolution. Existing simulations without entity_id continue to work unchanged.

No breaking changes.

Decoupled Engage Model and Greeting Cache Improvements

The agent engine now uses separate model configurations for navigation and engagement, and the greeting cache has been extended to cover personalized known-caller greetings.

What changed:

• Separate navigation and engage models - Navigation (state routing) and engagement (tool-calling and response generation) now resolve their model independently. Each can be configured via version set preferences or environment defaults. This lets you optimize navigation for deterministic routing and engagement for response quality, latency, or cost without coupling the two.

• New engage model preference in version sets - Version set llm_model_preferences now supports an engage key alongside the existing nav key. When set, engagement sessions (text, simulation, and voice) use the specified model for response generation and tool calling. When unset, the platform default engage model is used.

• Known-caller greeting caching - Personalized greetings for known callers are now cached using a context-hashed key, avoiding redundant generation on rapid redials and pod-affinity misses. The cache uses a shorter TTL than anonymous or household greetings to limit stale greeting risk. Anonymous and household greetings continue to use workspace-scoped caching.

• Eager TTS connection - The voice pipeline now establishes the text-to-speech WebSocket connection during session setup rather than waiting for the first utterance. If the pre-connect times out, the system falls back to lazy connection on first use with no impact on the call.

• Broader model compatibility - The engine now centralizes model-family compatibility checks so that models requiring specific parameter handling (such as omitting temperature) are detected consistently across navigation and engagement paths.

Who is affected:

Workspaces using version set llm_model_preferences for the nav key can now also set an engage key to control the engagement model independently. Existing configurations without an engage preference continue to work unchanged - the platform default is used. Known-caller greeting behavior improves automatically with no configuration required.

No breaking changes.

State-Level Tool Preload

Action states in context graphs now support a preload field - a list of tool calls that execute deterministically when the agent enters the state, before any LLM turn. This lets you assemble known data requirements on state entry without relying on the LLM to decide which tools to call.

What changed:

• New preload field on action states - Each action state can now include a preload array of up to 20 tool call specifications. When the agent enters the state, all preloads execute in parallel and their results are injected into the conversation context so the LLM sees them as pre-loaded data on its first turn.

• Template variable support - Preload parameters support {caller_mrn} and {entity_id} template variables, resolved from the caller's identity context. This lets you fetch patient-specific data (e.g., upcoming appointments, medication lists) without LLM involvement.

• Failure isolation - If a preload tool call fails or times out, the failure is logged but does not block the conversation. The LLM turn proceeds with whatever data was successfully loaded.

New fields on action state:

Preload spec object:

Example:

Who is affected:

This is a purely additive change. Existing action states without preload behave identically to before. No migration required.

Data Query Fix and Entity Sort Support

The data query endpoint now correctly handles workspace filtering across all table types, and the entity listing endpoint supports server-side sorting.

What changed:

• Fixed workspace filtering for synced tables - Data queries against tables backed by synced data sources previously failed with a type mismatch error when filtering by workspace. This has been fixed. All table types now work correctly with workspace isolation.

• New sortable columns on data query - The data query table registry for entities now includes name, phone, email, and status as queryable columns. These columns can be selected and filtered in data queries alongside existing columns.

• Entity listing now supports sorting - The entity listing endpoint accepts a new order query parameter for server-side sorting. The parameter uses PostgREST-style syntax (e.g. last_event_at.desc, display_name.asc). Multiple sort clauses can be comma-separated, up to a maximum of 3.

New query parameter on entity listing:

Allowed sort columns: confidence, display_name, entity_type, event_count, last_event_at, name, projected_at, source

Sort syntax:

• column.asc - ascending (default if direction omitted)

• column.desc - descending

• column1.desc,column2.asc - multiple sort clauses

Unrecognized column names return a 422 error with the list of allowed columns.

Who is affected:

The workspace filtering fix resolves errors for workspaces querying synced entity data. The sort parameter is purely additive - existing calls without order behave identically to before.

Request Transform for Integration Endpoints

Integration endpoint configurations now support an optional request_transform that reshapes the outbound request body before it is sent to the external service. This complements the existing response-side pipeline (response_filter, result_key, result_template) with a symmetric request-side capability.

What changed:

• New request_transform field on endpoint configs - Each endpoint in an integration configuration can now include a request_transform object. The transform is applied after path parameter substitution and auth header resolution, immediately before the HTTP call is made.

• Wrap caller params - The wrap_params_key field nests the caller-supplied parameters under a specified key. This is useful when an external API expects request data inside an envelope (e.g. {"data": {...}}) rather than at the top level.

• Inject static fields - The inject field merges static key-value pairs into the top-level request body. Injected values support the {endpoint_name} placeholder, which is replaced at call time with the resolved endpoint name. Injected fields take precedence over caller-supplied params on key conflict, ensuring the integration contract is enforced.

• Ordering guarantee - When both wrap_params_key and inject are used, wrapping happens first. Injected fields are placed at the top level alongside the wrapper key, not inside the wrapped sub-object.

• Method restriction - Request transforms are only valid on POST, PUT, and PATCH endpoints. The API rejects endpoint configurations that set request_transform on GET or DELETE endpoints.

New fields on endpoint config:

Who is affected:

This is a purely additive change. Existing integration configurations without request_transform behave identically to before. No migration required.

Channel Manager Client Required

The channel management dependency is now required for both the agent engine and Platform API services. Previously, the telephony channel management integration was optional and services could start without it, falling back to legacy resolution paths. It is now a mandatory startup dependency - the platform will fail fast at startup if the channel management connection is not configured.

What changed:

• Channel management is no longer optional - The agent engine and Platform API both require a valid channel management connection at startup. Previously, missing configuration caused the services to start in a degraded mode where inbound and outbound call routing fell back to legacy paths. This silent degradation made it difficult to diagnose routing failures in production.

• Fail-fast startup validation - If the channel management connection is not configured, the service exits immediately with a clear error instead of starting in a partially functional state. This ensures misconfigurations are caught during deployment rather than at runtime when a call arrives.

• Removed legacy fallback guards - Inbound call routing via use case and outbound call dispatch no longer check whether channel management is available before proceeding. Since the dependency is guaranteed at startup, these runtime guards were redundant. The inbound webhook path previously returned a fallback response when channel management was unavailable; it now assumes the dependency is present.

• Simplified credential resolution - Session credential lookups no longer skip channel management checks. The credential resolution path assumes channel management is always available, removing a conditional branch that could silently produce incomplete session configurations.

Who is affected:

Self-hosted and custom deployment configurations that previously omitted the channel management connection. These deployments must now provide the channel management configuration before the service will start. Standard managed deployments are unaffected - the configuration has been present in all managed environments.

No breaking changes to API contracts. All existing endpoints, request formats, and response shapes are unchanged.

Twilio Access Token Minting

The channel management service now provisions a dedicated signing key during telephony setup and exposes an endpoint for minting short-lived access tokens. This enables browser-based voice capabilities through the platform's operator interface without exposing signing credentials to downstream services.

What changed:

• Signing key provisioned at setup time - When a new telephony setup is created, the platform now provisions a dedicated signing key on the subaccount and stores both halves securely. This key is used exclusively for minting access tokens and is never exposed to other services. The signing key is created as part of the existing setup flow - no additional API call is required.

• Access token mint endpoint - A new endpoint mints short-lived access tokens scoped to a specific telephony setup. The token is signed server-side using the provisioned signing key, so the key material never leaves the channel management boundary. Tokens are voice-scoped and can be passed directly to browser-based voice SDKs. The caller specifies an identity string, the application to authorize outbound dialing against, and an optional TTL (default 1 hour, maximum 4 hours). The response includes the signed token, the echoed identity, and a wall-clock expiry timestamp that clients can use to schedule pre-expiry refresh.

• Setup ID allocated deterministically - The telephony setup ID is now allocated at the start of the setup flow rather than at the end. This ensures the signing key can be stored at a deterministic path before the setup row is persisted, preventing orphaned credentials if a later step fails.

New endpoint:

Request body:

Response (200):

Error responses:

Who is affected:

Platform users building browser-based operator voice experiences. The access token endpoint is consumed by the operator interface to establish voice connections. Existing telephony setups created before this release do not yet have signing keys provisioned - calling the mint endpoint for those setups returns a 503 until a backfill is applied.

No breaking changes. The setup creation flow is backward-compatible - the additional signing key provisioning step is transparent to callers.

LLM Model Preferences and Default Model Upgrade

The agent engine now supports per-version-set model preferences for navigation and engagement, and the platform default model has been upgraded for improved accuracy.

What changed:

• Per-version-set model override - Version sets can now include an llm_model_preferences map that overrides the default model used for context graph navigation and conversational engagement. When a version set specifies a nav preference with a model name, that model is used for the session instead of the platform default. This lets you pin specific agent versions to specific models, enabling controlled rollouts and A/B testing of model upgrades without changing global configuration.

• Default model upgrade - The platform default model for navigation and engagement has been upgraded. The new default reduces hallucinations by 52% on medical and financial content compared to the previous generation, with no change in per-token latency. Existing deployments that do not set explicit model preferences in their version sets will automatically use the new default.

• Consistent model resolution across channels - The resolved model preference is now consistently applied across voice sessions, text sessions, and simulation runs. Previously, model selection was determined solely by the environment default. Now the resolution order is: version set override, then environment default.

Who is affected:

All platform users. Workspaces without explicit llm_model_preferences in their version sets will see the upgraded default model take effect automatically. If you need to pin a specific model version, configure llm_model_preferences in your version set.

No breaking changes. The upgrade is backward-compatible - existing version sets without model preferences continue to work and will use the new default.

iMessage Phone Number Management and Setup Narrowing

The iMessage channel now supports adding additional phone lines to an existing setup and listing all phone lines with status filtering. The setup GET endpoint has been narrowed to return only live lines, giving callers the operationally relevant view by default.

What changed:

• Add phone number to existing setup - A new endpoint lets you add additional phone lines to an already-provisioned iMessage setup. Each setup starts with one line at creation time; this endpoint provisions a second, third, or subsequent line on the same subaccount. You can optionally request a preferred 3-digit area code, though availability is not guaranteed. New lines start in a pending state and are assigned a phone number asynchronously through the existing line assignment process.

• List phone numbers with status filtering - A new endpoint returns every phone line under a setup, with a repeatable status query parameter to filter by line state. Three statuses are supported: pending (line requested but not yet assigned a number), assigned (line has a number and is available for sending), and blocked (line has been permanently flagged). Defaults to returning all three statuses. Returns 404 if the setup ID does not exist, so callers can distinguish "no lines" from "bad setup ID".

• Setup GET returns only live lines - GET /v1/sendblue-setup/{setup_id} now returns only lines that are assigned and not blocked. Pending and blocked lines are excluded from the phone_numbers array. Use the dedicated phone number list endpoint with a status filter to see pending or blocked lines.

• Setup list counts only live lines - GET /v1/sendblue-setup now reports phone_number_count as the number of assigned, non-blocked lines. This matches the narrowed view from the setup GET endpoint.

New endpoints:

Add phone number request body:

Add phone number response (201):

Returns a phone number record with the line in pending state (phone_number is null, line_request_id is set).

List phone numbers query parameters:

List phone numbers response:

Updated endpoints:

iMessage Line Blocking and Ticket-Based Line Assignment

The iMessage channel now handles blocked lines and uses ticket-based polling for deterministic phone line assignment. These changes improve line health tracking and make line provisioning resilient to webhook delivery gaps.

What changed:

• Line blocking - When the upstream iMessage provider flags a phone line as blocked (carrier action, abuse, or suspension), the platform records the block timestamp on the affected phone line record. Blocked lines are permanently excluded from the send path - the platform filters them out when selecting lines for outbound messages. There is no unblock capability because the upstream provider does not support it. The block status is visible on phone line records returned by the setup endpoints.

• Blocked line field on phone line records - Phone line records returned by GET /v1/sendblue-setup/{setup_id} and GET /v1/sendblue-setup now include a blocked_at timestamp field. This field is null when the line is healthy and set to the time the block was recorded when the line has been flagged. Once set, this field is never cleared.

• Ticket-based line assignment - The line_assigned webhook handler now uses ticket polling to determine which pending phone line received an assigned number. Instead of matching by payload contents alone, the handler polls each pending line's provisioning ticket with the upstream provider and fills in the phone number only when the ticket reports a fulfilled status. This makes assignment deterministic even when webhook payloads lack explicit ticket-to-number mapping.

• Resilient to webhook gaps - Because assignment is driven by ticket status rather than webhook payload order, re-delivered or delayed webhooks produce the same result. Pending lines that were already assigned in a previous delivery are skipped. Lines with tickets still in progress are re-polled on the next webhook delivery.

• Line blocked webhook - POST /v1/webhook/sendblue/event now handles line_blocked events in addition to line_assigned events. When the upstream provider reports blocked lines, matching phone line records are stamped with a block timestamp. Re-deliveries preserve the original block timestamp.

Updated endpoints:

New fields on phone line records:

SMS Channel Removed

SMS has been removed as a messaging channel. The platform no longer supports creating, receiving, or managing SMS-based text sessions. WhatsApp and web remain as supported text channels.

What changed:

• SMS session creation removed - The POST /v1/{workspace_id}/sessions/start endpoint no longer accepts sms as a channel_kind. The only supported value is web. Requests specifying sms will receive a validation error.

• Outbound SMS removed - The internal outbound SMS capability has been removed. Phone-based outbound text sessions are no longer supported. Outbound communication continues to be available through voice calls and other supported channels.

• SMS-specific fields removed from session start - The following fields have been removed from the start session request body: phone_to, surface_id, and idempotency_key. These fields were only used for phone-based text channels (SMS and WhatsApp). The greeting field remains available for web sessions.

• SMS-specific fields removed from session start response - The phone_to and phone_from fields have been removed from the start session response.

• SMS webhooks removed - Inbound SMS webhook and SMS delivery status callback endpoints are no longer available. These endpoints were used by the upstream telephony provider to deliver inbound messages and delivery receipts.

Who is affected:

• Integrations that created SMS text sessions via the session start endpoint. Migrate to web text sessions or WhatsApp.

• Workflows that relied on outbound SMS for patient communication. Use voice calls, WhatsApp, or other supported channels instead.

• Any automation that referenced sms as a channel kind in API requests. Update to use web or remove those code paths.

Breaking changes:

• channel_kind: "sms" is no longer accepted by the session start endpoint.

• phone_to, surface_id, and idempotency_key request fields have been removed from the session start endpoint.

• phone_to and phone_from response fields have been removed from the session start response.

• SMS inbound and status webhook endpoints no longer exist.

iMessage Channel Setup and Line Provisioning

The platform now supports iMessage as a messaging channel. A new set of endpoints lets you provision iMessage subaccounts, track phone line assignments, and receive webhook notifications when lines are placed.

What changed:

• iMessage subaccount provisioning - POST /v1/sendblue-setup creates a new iMessage subaccount for a business identity. The platform provisions the subaccount with the upstream iMessage provider, registers webhook endpoints, and securely stores per-subaccount credentials. The response includes the subaccount identifier, an operator-facing label, and the initial phone line status.

• Phone line lifecycle - Each subaccount is assigned a phone line during provisioning. If a line is available immediately, the setup response includes the assigned phone number. If the line requires carrier placement, the setup is created in a pending state and the phone number is populated automatically when the upstream provider assigns it. The line_assigned webhook event triggers this transition.

• Read and list setups - GET /v1/sendblue-setup/{setup_id} returns a single subaccount setup with its phone lines. GET /v1/sendblue-setup lists all setups with phone line counts. Phone lines include their assignment status - either an E.164 phone number when assigned, or a pending indicator when the line is awaiting placement.

• Webhook for line assignment - POST /v1/webhook/sendblue/event receives line assignment notifications from the upstream provider. When a pending line is assigned a phone number, the webhook updates the corresponding phone line record. Re-deliveries of the same event are handled idempotently. Webhook authentication uses a per-subaccount secret verified on every delivery. Both unknown-account and signature-mismatch responses return an identical error to prevent account enumeration.

New endpoints:

Setup response fields:

Phone number fields:

Create request body:

Who is affected:

• Platform operators who want to add iMessage as a communication channel. This is a new capability with no impact on existing channels.

• Webhook consumers who need to handle line assignment events for iMessage setups.

No breaking changes.

Tool Call Truncation Metadata and Text Session Reasoning Traces

Tool call responses in call traces and conversation turns now include truncation metadata when a tool response exceeds the platform's trace size limit. Text session conversation turns now persist reasoning details - tool calls, state transitions, and timing - that were previously only available for voice sessions.

What changed:

• Tool call truncation metadata on call traces - The call trace API now returns three additional fields on each tool call entry: output_truncated (boolean indicating whether the response was clipped), output_original_length (character count of the full response before clipping), and output_truncated_to (character count after clipping). These fields appear only when the tool response exceeded the trace size limit. When a response is not truncated, output_truncated is false and the length fields are null.

• Text session reasoning traces - Conversation turns produced by text sessions now include the same reasoning trace fields available on voice call turns: trigger (what initiated the agent turn), agent_action (whether the agent responded or completed the conversation), tool_calls (list of tools invoked during the turn with input, output, truncation metadata, duration, and success status), and state_transitions (list of context graph state changes with previous state, next state, and navigation timing). Previously, text session turns persisted only the message content and role.

• New completion reason: STT fatal error - Voice calls that terminate due to an unrecoverable speech-to-text failure now report error as the completion reason instead of being left without a reason. This aligns STT failures with other error-class terminations in call analytics.

Who is affected:

• API consumers reading call traces who need to know whether a tool response was truncated. The three new fields are additive and default to non-truncated values, so existing integrations are unaffected.

• Developers building analytics or debugging tools for text sessions. Reasoning traces are now available on text conversation turns without any configuration changes.

• Dashboards or reports that filter on completion reasons. Calls that previously had no completion reason for STT failures now report error.

No breaking changes.

Workspace Query Tools in Context Graphs

Context graphs can now reference workspace query tools by identifier, enabling per-state tool gating for workspace-defined query tools. Previously, context graph states could only gate skills (by slug) and built-in tools. Workspace query tools were available globally but could not be scoped to specific conversation states.

What changed:

• Workspace query tools as state-gated tools - Context graph states can now include workspace query tool identifiers in their tool specifications. The agent engine resolves these identifiers at session initialization and restricts tool availability to the states where they are referenced, just like skills and built-in tools.

• Validation updated - The context graph validation endpoint now validates workspace query tool references. If a tool identifier does not match a known skill slug, built-in tool, platform function, or workspace query tool, validation returns an error. The error message has been updated from "No skill found with slug" to "No skill or workspace tool found for" to reflect the broader set of supported tool types.

• No changes to workspace query tool registration - Workspace query tools are still defined and managed through the existing workspace query tools API. This change only affects how context graphs reference them.

Who is affected:

• Workspace administrators building context graphs who want fine-grained control over when workspace query tools are available during a conversation. Previously, workspace query tools were available in every state once registered.

• No changes needed for workspaces that do not use context graphs or do not need per-state tool gating for workspace query tools.

No breaking changes.

Per-Service Call Forwarding Configuration

Call forwarding configuration has moved from phone numbers to services. Forwarding destinations are now defined on the service's voice configuration rather than on individual phone numbers. This simplifies forwarding setup and aligns it with the rest of the per-service voice pipeline configuration.

What changed:

• Forwarding is now per-service - Call forwarding destinations are configured on the service's voice configuration object (voice_config.forwarding) instead of on individual phone numbers. Each service can define a single forwarding destination with a phone number, transfer behavior (AI drops off or stays on), and warm vs. cold transfer mode.

• New forwarding field on voice configuration - The service voice configuration now includes an optional forwarding object with three fields:

  • forward_to (string, required) - E.164 destination phone number

  • should_disconnect (boolean, default true) - Whether the AI drops off after transfer

  • warm_transfer (boolean, default true) - Whether the agent briefs the human before connecting the caller. Set to false for IVR, voicemail, or emergency destinations.

• Per-phone forwarding deprecated - The forwarding configuration on phone number resources is deprecated. The fields are still accepted for one release for backward compatibility but are no longer read by the voice agent at session time. A deprecation warning is logged when per-phone forwarding fields are set. These fields will be removed in a future release.

• Internal forwarding resolution endpoint removed - The internal endpoint previously used by the voice agent to resolve per-phone forwarding at session start has been removed. Forwarding configuration is now read directly from the service configuration, eliminating a network round-trip during session initialization.

• Escalation policy forwarding updated - The forward escalation action now resolves its target from the service's voice configuration forwarding destination. Previously, it resolved from the inbound phone number's forwarding configuration.

• Forward call tool behavior unchanged - The forward_call tool remains gated by voice_config.forward_call_enabled. When enabled without a static forwarding destination, the LLM must supply the phone number explicitly. When a static destination is configured via voice_config.forwarding, it serves as the fallback when the LLM does not provide an explicit number.

Migration:

• Move any forwarding configuration from phone numbers to the corresponding service's voice configuration. Set voice_config.forwarding with the same forward_to number and transfer settings.

• If you use escalation policies with the forward action, ensure the target service has voice_config.forwarding configured. The escalation forward action no longer reads from phone number configuration.

• Per-phone forwarding fields will continue to be accepted temporarily but have no effect on call routing. Remove them when convenient.

Who is affected:

• API consumers who configure call forwarding on phone number resources. These configurations are no longer used by the voice agent.

• Workspaces using escalation policies with the forward action. The forwarding target must now be set on the service's voice configuration.

• No changes needed if you do not use call forwarding or if you already configure forwarding through service-level settings.

Breaking changes:

• Per-phone forwarding configuration is no longer read at session time. Forwarding must be configured on the service's voice configuration to take effect.

• The internal forwarding resolution endpoint has been removed.

Channel Type and Outreach Rule Cleanup

The surface delivery channel options have been simplified to reflect the email-and-web-only delivery model introduced in recent releases. Outreach rules and gap scanner settings now default to email instead of SMS, and unsupported channel values are rejected earlier in the pipeline.

What changed:

• Channel type restricted to email and web - The set of allowed channel values for surfaces and outreach rules is now limited to email and web. Previously, legacy values such as sms, whatsapp, imessage, and voice were still accepted by the channel type enum even though surface delivery only supported email and web. These legacy values are no longer valid for new resources.

• Outreach rule default channel changed to email - Gap scanner requirements and outreach rules now default to email when no channel is specified. Previously, the default was sms. Existing outreach rules that explicitly specify a channel are not affected.

• Unsupported channels skipped during scanning - When the gap scanner encounters an outreach rule with a channel other than email or web, it now skips the rule with a warning instead of attempting to create a surface that would fail validation. This prevents errors when legacy outreach rules reference channels that are no longer supported for surface delivery.

• SMS auto-delivery removed from gap scanner - The gap scanner no longer triggers outbound text message delivery for surfaces. Auto-delivery is now limited to scheduling outbound voice calls. Surface delivery for email and web channels is handled by the surface delivery pipeline.

• Quiet hours description updated - Quiet hours configuration is no longer described as SMS-specific. The quiet hours window applies to all outbound outreach regardless of channel.

Migration:

• If you have outreach rules or gap scanner requirements that specify sms, whatsapp, imessage, or voice as the channel, update them to email or web. Rules with unsupported channels will be skipped during scanning.

• If you relied on the default channel being sms for gap scanner requirements created without an explicit channel, note that new requirements will default to email.

• No changes are needed if your outreach rules already use email or web channels.

Who is affected:

• API consumers creating surfaces or outreach rules with channel values other than email or web. These requests will now return validation errors.

• Workspace administrators with legacy outreach rules configured for SMS or other non-email/web channels. These rules will be skipped during gap scanning with a warning logged.

Breaking changes:

• Channel values sms, whatsapp, imessage, and voice are no longer accepted when creating new surfaces or outreach rules.

• The default channel for gap scanner requirements changed from sms to email.

• SMS-based auto-delivery from the gap scanner has been removed.

Surface Email Delivery Through Channel Manager

Surface email delivery now routes through the platform's centralized email delivery service instead of a direct third-party transport. This unifies email sending with the same sender identity, DNS verification, and suppression management used by all other platform email channels.

What changed:

• Unified email delivery path - When a surface is delivered to an email address, the platform now sends the email through the same delivery infrastructure used by other email channels (use case bindings, workspace-level sender identity, DNS verification). Previously, surface emails were sent through a separate transport that bypassed workspace email configuration.

• Sender identity from workspace configuration - Surface emails are now sent from the workspace's configured email sender identity rather than a platform-wide default address. This means surface emails match the sender domain and DKIM signatures of all other emails sent from the workspace.

• Updated delivery metadata - The delivery response and event payloads now include the platform email identifier and the underlying message identifier from the email provider. The delivery_provider field in the response is now ses instead of gmail. The from_address field is no longer included in delivery metadata - the sender is determined by the workspace's email configuration.

• Error mapping - Delivery failures now return more specific error codes. If the surface's email use case is not configured or not found, the endpoint returns 422 Unprocessable Entity. If the workspace's email DNS verification is not complete, the endpoint returns 503 Service Unavailable. Previously, all email failures returned a generic 502 Bad Gateway.

• Removed platform-level email credentials - The platform no longer requires separate email service credentials at the platform level. Email delivery is fully managed through workspace-level channel configuration.

• HTML email body - Surface delivery emails are now sent as HTML rather than plain text. The email contains a clickable link to the surface form. The subject line and messaging are unchanged.

Migration:

• If you consume the delivery response or delivery events, update your code to handle the new metadata fields (delivery_provider changing from gmail to ses, new channel_manager_email_id and ses_message_id fields, removal of from_address).

• If you relied on the message_id field in delivery events, note that it now contains the email provider's message identifier rather than the previous transport's message identifier.

• No changes are needed to the delivery request itself. The endpoint signature is unchanged.

Who is affected:

• API consumers that deliver surfaces via email and parse the delivery response metadata. Update field references as described above.

• Workspace administrators should ensure their email channel setup (sender identity, DNS verification) is complete before delivering surfaces via email. Surfaces delivered before DNS verification is complete will return a 503 error.

• Voice agent sessions that trigger surface delivery are not affected - the platform handles email routing automatically.

Breaking changes:

• The delivery_provider value in delivery responses changes from gmail to ses.

• The from_address field is no longer present in delivery metadata.

• The message_id field in delivery events now contains a different identifier format.

• Email delivery failures may return different HTTP status codes (422 or 503) instead of the previous 502.

Email Use Case Binding on Surface Creation

Surfaces created with channel email now require a use case identifier that links the surface to a configured email delivery binding. This lets the platform route email delivery through the correct transport configuration without requiring callers to manage delivery details separately.

What changed:

• use_case_id field on surface creation - The create surface request now accepts an optional use_case_id field (UUID). When the channel is email, this field is required and must reference a valid email use case binding in the workspace. When the channel is web, the field is ignored. The field appears in both the create response and the get/list surface responses.

• Validation against use case bindings - When use_case_id is provided with an email channel, the platform validates that the use case exists in the workspace and that its bound channel matches the surface channel. If the use case is not found or the channel does not match, the request returns a 422 Unprocessable Entity error.

• Channel restriction - Only email and web channels are now accepted on surface creation. Other channel values (legacy types such as sms or voice) return a validation error. Existing surfaces with legacy channel values are not affected.

• Agent engine auto-resolution - When the voice agent creates surfaces during a conversation (either through tool calls or state machine transitions), the platform automatically resolves the email use case from the session's service configuration. If the service has an email use case binding, the surface defaults to email delivery. If not, the surface falls back to web delivery. The agent does not need to specify the use case - the platform infers it from the session context.

Migration:

• If you create surfaces with channel: "email" via the API, include use_case_id in your request body. The value must be a UUID referencing a use case that is bound to an email channel in your workspace.

• If you create surfaces with channel: "web", no changes are needed. The use_case_id field is optional and ignored for web surfaces.

• If you create surfaces with legacy channel types (sms, voice), switch to email or web. Legacy channel values are no longer accepted on new surface creation.

Who is affected:

• API consumers creating email surfaces directly. Add use_case_id to your create requests.

• Voice agent sessions that create surfaces are not affected - the platform resolves the use case automatically from the service configuration.

Breaking changes:

• Surface creation with channel: "email" now requires use_case_id. Requests without it return a validation error.

• Surface creation with channel values other than email or web now returns a validation error.

SMS Surface Delivery Removed

SMS delivery for surfaces has been removed from the platform. Phone-number-shaped delivery addresses now return a 422 error instead of attempting SMS delivery. Email and web delivery continue to work as before.

What changed:

• SMS delivery path removed - The surface delivery endpoint no longer sends surfaces via SMS. Previously, passing a phone number as the delivery address would send an SMS containing a link to the surface. This path has been removed because it had zero production usage across all regions.

• Phone numbers return 422 - Delivery requests with a phone-number-shaped address now return a 422 Unprocessable Entity error with a message indicating that phone surfaces are no longer supported. Use email or web delivery instead.

• vCard endpoint removed - The public endpoint that served vCard contact cards for workspace phone numbers has been removed. This endpoint was used to help patients save the sending number so that iOS would render SMS links as tappable. With SMS delivery removed, this endpoint is no longer needed.

• Simplified platform configuration - The platform no longer initializes SMS delivery infrastructure at startup. This reduces startup dependencies and simplifies the platform's runtime configuration.

Migration:

• If you previously delivered surfaces via SMS by passing a phone number as the channel address, switch to email delivery (pass an email address) or web delivery (use the surface URL directly).

• If you used the vCard endpoint to distribute contact cards, this endpoint is no longer available. Remove any references to it from your integration.

Who is affected:

• API consumers that pass phone numbers as the channel address in surface delivery requests. These requests will now receive a 422 error. Switch to email or web delivery.

• Integrations that referenced the vCard endpoint. Remove these references.

Breaking changes:

• Surface delivery with a phone number address now returns 422 instead of sending an SMS.

• The vCard endpoint has been removed and returns 404.

Phone Number Provisioning Simplification

The phone number provisioning endpoint no longer accepts an optional use case assignment during purchase. Use case assignment is now exclusively handled by the dedicated use case assignment endpoint, which owns all channel-specific side effects.

What changed:

• Removed use case parameter from provisioning - The phone number provisioning request no longer accepts an optional use case identifier. Previously, you could pass a use case ID to assign the number to a use case at purchase time. This parameter has been removed. To assign a use case to a provisioned phone number, use the existing use case assignment endpoint after provisioning.

• Simplified error responses - The 404 response no longer covers missing use cases - it applies only when the telephony setup is not found. The 422 response no longer references use case channel mismatches - it applies only to country/number type and address requirement validation.

• No capability pre-validation against use case - The provisioning endpoint previously validated that the purchased number's capabilities (e.g. voice) matched the requested use case's channel requirements. This validation now happens at use case assignment time instead.

Migration:

If you previously passed a use case identifier when provisioning a phone number, update your integration to use a two-step flow:

1. Provision the phone number (without a use case).

2. Assign the use case to the provisioned number using the use case assignment endpoint.

Who is affected:

• API consumers that pass a use case identifier in the phone number provisioning request body. Remove this field from your request payload. The field is no longer accepted.

• API consumers that relied on the provisioning response to include assigned use case IDs. The response no longer includes use case assignments from provisioning. Query the use case assignment after making the separate assignment call.

Breaking changes:

• The use case identifier field has been removed from the phone number provisioning request body. Requests that include this field may receive a validation error.

• The provisioning response no longer returns use case assignments made during purchase.

SMS Delivery Provider Simplification

SMS delivery for surfaces now uses a single telephony provider instead of a dual-provider setup with automatic fallback. The secondary SMS provider has been removed from the platform.

What changed:

• Single SMS delivery path - Surface delivery via SMS now routes exclusively through the primary telephony provider. The previous behavior, which attempted delivery through a secondary provider first and fell back to the primary provider on failure, has been removed.

• Simplified vCard contact resolution - The vCard endpoint for SMS contact cards now always resolves the sender phone number from the workspace's configured telephony number. The previous override that used a separate provider-specific sender number has been removed.

• Removed secondary SMS provider configuration - The secondary SMS provider credentials and sender phone number configuration are no longer read or used by the platform. Workspaces that had these configured require no migration - SMS delivery continues through the primary telephony provider.

Who is affected:

• No action required for most API consumers. SMS delivery continues to work through the primary telephony provider.

• Workspaces that relied on the secondary SMS provider for delivery will now use the primary telephony provider exclusively. Verify that the workspace has a valid primary telephony number configured.

Breaking changes:

• None. The API request and response shapes for surface delivery are unchanged.

Causal Ledger v1 Endpoints Removed

The Causal Ledger v1 HTTP endpoints have been removed from the Platform API. These endpoints provided descriptive SPR (Standardized Prevalence Ratio) driver attribution and were deprecated in favor of a forthcoming causal attribution pipeline.

What changed:

• Removed GET /v1/{workspace_id}/causal/drivers - This endpoint returned ranked SPR drivers for a given outcome, with support for filtering by feature family and arity. It is no longer available. Requests to this endpoint will return a 404.

• Removed Causal Ledger tag from the API - The "Causal Ledger" tag and all associated request/response schemas have been removed from the OpenAPI specification.

Who is affected:

• API consumers that query the causal drivers endpoint should remove these calls. There is no replacement endpoint at this time. A future causal attribution API will be introduced separately.

Breaking changes:

• GET /v1/{workspace_id}/causal/drivers has been removed and will return 404.

Unified Call Source Values

The call source value used for simulation-originated calls has been standardized to simulation across all API responses. Previously, simulation calls could appear with an inconsistent source label depending on the code path, which caused errors when listing calls that included simulation results.

What changed:

• Consistent simulation source value - All simulation-originated calls now return source: "simulation" in both call list summaries and call detail responses. The previous value simulated is no longer returned by the API.

• Updated allowed values - The source field on call responses now accepts one of: real, simulation, playground, or scribe. The previous value simulated has been removed from the allowed set.

• Fixed 500 error on call listing - A server error that occurred when listing calls containing simulation results has been resolved. The error was caused by the inconsistent source value failing response validation.

Who is affected:

• API consumers that filter or match on the call source field value simulated should update to use simulation instead.

• No changes are required for consumers that do not inspect the source field.

Breaking changes:

• The source field on call list and call detail responses no longer returns simulated. The value is now simulation.

Entity Read Path Migration

All entity read operations now use the optimized read-path data store exclusively. This eliminates the dual-path routing that previously fell back to the primary data store for certain query patterns, resulting in more consistent query performance and simpler filtering behavior.

What changed:

• Single read path for all entity queries - Entity listing, search, detail, and count operations now route through a single optimized read path. The previous dual-path behavior, where queries using semantic search, tag filters, or state containment filters fell back to the primary data store, has been removed. All entity reads now use the same data source.

• Removed query parameters - The semantic and tags query parameters have been removed from the entity listing endpoint. Semantic search over entity embeddings and tag-based filtering are no longer available through this endpoint. Callers passing these parameters will receive an error.

• Removed search_entities_by_state capability - State containment filtering (querying entities by nested state field values) is no longer available. Callers that previously searched for entities by phone number or email via state containment should use the dedicated phone and email filter parameters on the entity listing endpoint instead.

• New phone and email filter parameters - The entity listing and search endpoints now accept optional phone and email parameters for direct field-level filtering. These replace the previous pattern of filtering by nested state fields.

• Escalation and safety fields temporarily unavailable on call detail - Call detail responses no longer include escalation, safety, or human_segments data derived from entity state. These fields will return null or empty values until a dedicated projection provides them. Call intelligence data (quality scores, completion reasons, conversation summaries) remains fully available.

• Dashboard escalation and operator status endpoints return empty results - The active escalation calls and operator availability status dashboard endpoints now return empty results. These will be restored once the underlying data projections are updated to support the new read path.

• Semantic search endpoint returns empty results - The research query semantic search capability now returns empty results. Entity semantic search via embeddings is not supported on the optimized read path.

• Data query table name change - The queryable table name for entity data has changed from world.entities to world.entities_synced_v3 in the data query API. The available columns have been updated to reflect the optimized read path schema: canonical_id is replaced by mrn, state is no longer a queryable column, and created_at/updated_at are replaced by last_event_at and projected_at. The tags and embedding columns are no longer available.

• Operator listing filter change - Operator listing now filters by source origin rather than role-based state filtering. The behavioral result is equivalent for operators created through the platform, but operators created through other channels may not appear in the operator list until they are re-synced.

Who is affected:

• Callers using the semantic or tags query parameters on entity listing will need to remove these parameters. Semantic search and tag filtering are no longer supported.

• Callers using state containment queries to find entities by phone or email should migrate to the new phone and email filter parameters.

• Dashboard integrations that depend on escalation call counts or operator availability status will see empty results until the underlying projections are updated.

• Data query API consumers referencing the old table name or removed columns will need to update their queries.

• Call detail consumers should not depend on escalation, safety, or human_segments fields from entity state until these are restored through a dedicated data source.

Breaking changes:

• semantic query parameter removed from entity listing endpoint.

• tags query parameter removed from entity listing endpoint.

• State containment search (search_entities_by_state) removed.

• Data query table world.entities renamed to world.entities_synced_v3 with updated column set.

• escalation, safety, and human_segments fields on call detail responses are temporarily empty.

Session Initialization Performance Improvement

Agent session startup is now significantly faster. Greeting and context injection messages no longer invoke tool resolution, and independent initialization steps now run concurrently instead of sequentially.

What changed:

• Tool-free greetings and context injection - Greeting and context injection messages now skip tool resolution entirely. These messages operate on patient context that is already fully resolved in the prompt, so tool calls added latency with no informational gain. This eliminates multiple round trips during session startup.

• Parallel session initialization - Independent initialization steps that were previously sequential - including tool registration across multiple sources and clinical data enrichment - now run concurrently. This reduces startup wall-clock time by overlapping independent operations that do not depend on each other.

• Startup latency reduction - Together, these changes reduce typical session initialization time from approximately 18 seconds to approximately 3 seconds. The improvement applies to all session types including voice calls, text conversations, and scribe sessions.

• Partial failure resilience - If any individual initialization step fails during parallel execution, the remaining steps continue to completion. Partial failures are logged for observability but do not block session startup. This improves availability in scenarios where one upstream dependency is temporarily slow or unavailable.

Who is affected:

All users experience faster session startup. No API changes, no behavioral changes to agent responses, and no changes to tool availability during conversations. The agent has the same tools and context available once initialization completes - it simply completes faster.

No breaking changes.

Patient Extension Fields and Observation Interpretation Normalization

The world model now surfaces additional patient-level fields from FHIR Patient extensions, and observation interpretation values are normalized to standard codes for consistent downstream use.

What changed:

• New patient entity fields: occupation and health_summary - Patient entities now expose two additional optional fields projected from FHIR Patient extensions. occupation contains the patient's reported occupation as free text. health_summary contains a longer-form health summary narrative. Both fields are nullable strings and appear on entity detail responses and entity listing results.

• Observation interpretation normalization - Observation entities now normalize free-text interpretation values into standard interpretation codes. Text values like "High", "Critical High", "Low", "Critical Low", "Abnormal", "Suboptimal", and "Poor" are mapped to their standard single-letter equivalents (H, HH, L, LL, A). Text values indicating normal or optimal results are treated as no interpretation flag. Previously, only coded interpretation values were surfaced - free-text interpretation values were ignored.

• Condition clinical status fallback - Condition entities now derive a clinical status from the verification status when no explicit clinical status is present. Conditions with verification status values indicating confirmed, suspected, or future risk are treated as active. Conditions with a historical verification status are treated as inactive. This improves clinical status coverage for data sources that populate verification status but omit clinical status.

Who is affected:

• Teams querying patient entities will see the new occupation and health_summary fields in entity responses. These fields are optional and null for patients without the corresponding data.

• Observation consumers may see interpretation values appear where they were previously null, if the source data used free-text interpretation labels instead of coded values.

• Condition consumers may see clinical status values appear where they were previously null, if the source data populated verification status but not clinical status.

No breaking changes. All new fields are additive and optional. Existing queries and integrations continue to work without modification.

Entity Filtering by FHIR Resource Type and Voiceprint Deprecation

The entity listing endpoint now supports filtering by FHIR resource type, making it easier to retrieve only entities that correspond to a specific FHIR resource (e.g. Patient, Practitioner) without relying on entity type alone. Separately, voiceprint enrollment and verification endpoints have been removed.

What changed:

• fhir_resource_type filter on entity listing - The list entities endpoint now accepts an optional fhir_resource_type query parameter. When provided, results are filtered to entities associated with the specified FHIR resource type (e.g. Patient, Practitioner). This filter can be combined with existing entity type, tag, text search, and other filters. Maximum length is 64 characters.

• FHIR Patient search uses unified entity model - The FHIR Patient search endpoint now queries person entities filtered by FHIR resource type rather than using a separate patient entity type. This aligns patient search with the unified entity model where patients are person entities with a FHIR Patient resource type association. Search behavior, parameters, and response format are unchanged.

• Voiceprint endpoints removed - The voiceprint status and verification endpoints now return HTTP 410 Gone. Voiceprint enrollment status checks and speaker verification are no longer available. Clients calling these endpoints should remove voiceprint-related code paths.

Who is affected:

• Teams using the entity listing endpoint can now filter by FHIR resource type for more precise queries.

• FHIR Patient search consumers see no change in behavior - the same search parameters and response format continue to work.

• Any integration relying on voiceprint enrollment status or speaker verification must be updated to remove those calls.

Breaking changes:

• Voiceprint status and verification endpoints return 410 Gone instead of their previous responses.

FHIR Import Content-Hash Deduplication

FHIR import endpoints now detect and skip identical re-uploads automatically. When a FHIR resource is uploaded with the same content as the most recently ingested version, the platform skips event emission entirely instead of creating a duplicate event. This reduces noise in the event stream and avoids unnecessary downstream processing for unchanged data.

What changed:

• Content-hash deduplication - The FHIR import endpoints (bundle and NDJSON streaming) now compute a content hash for each uploaded resource and compare it against the previously ingested version. If the content is identical, the resource is reported as skipped in the import response rather than emitting a new event. The dedup window extends automatically as long as uploads keep arriving for the same resource.

• New dedup parameter - Both the bundle import endpoint and the NDJSON streaming endpoint accept a new dedup boolean parameter (default: true). Set to false to force event emission regardless of whether the content has changed. This is useful for workflows that need to guarantee an event is emitted on every upload.

• Three-state action reporting - The import response now reports three possible actions per resource instead of two:

  • created - first event for this FHIR resource

  • updated - superseded an existing event (content changed)

  • skipped - identical content already current (dedup hit, no event emitted)

• Supersedes tracking - When a resource is uploaded with changed content, the new event automatically supersedes the previous event for that resource. This provides a clean lineage chain showing how a resource evolved over time.

Who is affected:

• All FHIR import consumers. The default behavior now skips identical re-uploads. If your workflow depends on an event being emitted for every upload regardless of content, set dedup=false.

• Import response consumers should handle the new skipped action value. Previously, all successful imports returned created. Now they may return created, updated, or skipped.

• Downstream event consumers will see fewer duplicate events for unchanged data, which may affect event counts in monitoring dashboards.

No breaking changes. The dedup parameter defaults to true, which changes the default behavior for identical re-uploads from emitting a duplicate event to skipping. If you need the previous behavior, explicitly set dedup=false.

Python and UDTF Platform Functions

Platform functions now support four function types end-to-end: sql, ai, python, and udtf. Previously, python and udtf were reserved values. They are now fully wired for authoring, deployment, execution, and invocation through the agent tool spec.

What changed:

• python function type - Register a Python function body with a def main(...) entrypoint. At deploy time, the platform compiles the body into a managed scalar function in the data warehouse's sandboxed runtime. At invocation, the platform calls the deployed function through the warehouse and returns a single typed value. The returns field must be scalar. A new returns_type field lets you declare the scalar return type (string, integer, number, or boolean).

• udtf function type - Register a Python function body that yields or returns multiple rows. At deploy time, the platform compiles the body into a managed table-valued function in the data warehouse. At invocation, the platform calls the deployed function and returns all rows. The returns field must be table. A new returns_columns field is required, declaring the output schema as a list of {name, type, description} objects.

• body field replaces sql - The function body field is now canonically named body. The previous name sql continues to work as a legacy alias for backward compatibility. New integrations should use body.

• returns_type field - New optional field for python functions to declare the scalar return type. Defaults to string. Must remain string for sql, ai, and udtf function types.

• returns_columns field - New field for udtf functions declaring the output table schema. Each entry specifies a column name, type, and optional description. Required and non-empty for udtf; must be empty for other function types. Maximum 32 columns.

• Deploy-time validation for Python/UDTF - The deploy pipeline validates that the Python body contains a def main(...) with a signature matching parameters[], rejects *args/**kwargs/keyword-only arguments, and (for UDTFs) verifies the body yields or returns an iterable. The body is then compiled into a managed function in the warehouse - if compilation fails, the deploy is rejected and no version is created.

• Warehouse-sandboxed execution - Python and UDTF function bodies execute in the data warehouse's own sandboxed runtime, not in the platform process. This provides OS-level isolation, governance, lineage, and audit. Authored code cannot access platform credentials or other workspaces' data.

Who is affected:

• Teams authoring platform functions can now write Python logic for data transformations, string processing, or multi-row generation that would be awkward in pure SQL.

• Existing sql and ai functions are unaffected. The sql body field alias continues to work.

• The body field rename is backward-compatible - no migration is required for existing YAML files or API payloads using sql.

Breaking changes:

• The returns_type field is validated: setting it to a non-string value on sql, ai, or udtf functions is rejected.

• The returns_columns field is validated: providing it on sql, ai, or python functions is rejected. Omitting it on udtf functions is rejected.

• python functions must use returns: scalar. udtf functions must use returns: table. Mismatches are rejected at deploy time.

Parallel Tool Execution and Patient Lookup Performance

Tool calls within a single conversation turn are now executed in parallel instead of sequentially. This reduces turn latency when the agent invokes multiple tools at once - for example, looking up a patient's medications, appointments, and lab results in a single reasoning step. Results are returned in the same order as the original tool calls, so downstream behavior is unchanged.

Patient-scoped clinical resource lookups now use an optimized matching strategy. The platform matches resources to patients using a pre-indexed patient linkage rather than parsing resource content at query time. This improves lookup speed for clinical tools, particularly in workspaces with large volumes of clinical data. A secondary fallback match continues to cover records that have not yet been linked through the primary path.

What changed:

• Parallel tool execution - When the agent issues multiple tool calls in a single turn, all calls now run concurrently. Previously, tool calls were executed one at a time in sequence. The resolved results maintain the same ordering as the original calls, so downstream processing and callbacks see results in the expected order. Individual tool failures continue to be captured as failed results rather than aborting the entire batch.

• Faster patient-scoped clinical lookups - Clinical resource queries scoped to a patient (medications, observations, conditions, appointments, etc.) now use a pre-computed patient linkage for matching. This eliminates per-row content parsing during queries, significantly reducing latency for patients with large clinical histories. Resources not yet covered by the pre-computed linkage fall back to an ID-based matching strategy, ensuring no data is missed during the transition.

Who is affected:

• All voice agent and text session consumers benefit from reduced turn latency when multiple tools fire in the same turn. No API changes are required.

• Clinical data queries scoped to a patient return the same results faster. No migration is needed.

No breaking changes.

Outbound Call Use Case Routing

Outbound calls now support use-case-based phone number selection. Instead of specifying a caller ID directly, you can pass a use case ID and the platform automatically selects an outbound phone number bound to that use case. This aligns outbound calling with the same use-case routing model used for inbound calls.

What changed:

• use_case_id parameter on outbound call creation - The POST outbound call endpoint now accepts an optional use_case_id field (UUID). When provided, the platform selects an outbound phone number associated with the specified use case. The use_case_id and phone_from fields are mutually exclusive - provide one or the other, not both.

• phone_from is now optional - The phone_from field on outbound call creation is no longer required. You must provide either phone_from (direct caller ID override) or use_case_id (platform-selected number), but not both. If neither is provided, the request is rejected with a validation error.

• Resolved phone number returned in response - The outbound call creation response now includes a phone_from field containing the phone number that was used for the call. When use_case_id is used, this shows which number was selected. When phone_from is provided directly, the same value is echoed back.

• setup_id no longer returned - The setup_id field in the outbound call creation response is now always null. Phone number selection is handled internally by the platform and the setup identifier is no longer surfaced to API consumers. The field remains in the response model for backward compatibility.

• Workspace ownership validation for direct caller ID - When phone_from is provided directly (without use_case_id), the platform validates that the phone number belongs to the calling workspace. When use_case_id is used, workspace ownership is enforced through the use case binding.

Who is affected:

• Consumers using phone_from directly are unaffected - existing calls continue to work.

• Consumers that previously resolved phone numbers manually before calling the outbound endpoint can now pass use_case_id instead, letting the platform handle number selection.

• Consumers reading setup_id from the response should migrate away from this field - it now always returns null.

Breaking changes:

• setup_id in the outbound call response is now always null. If your integration depends on this value, you need to update your logic.

• Sending both phone_from and use_case_id in the same request is rejected with a 422 validation error.

• Sending neither phone_from nor use_case_id is rejected with a 422 validation error.

Clinical Resource Entity Model Revision

Observation and Condition FHIR resources are now standalone entities in the world model instead of being attached to the parent patient timeline. This revision restores Observation and Condition as first-class entities with their own identity, queryable through the standard FHIR resource search and get endpoints. DiagnosticReport is no longer treated as a patient-linked resource type and is excluded from the patient-filterable resource set until a typed read surface is available.

The patient detail read model endpoint (GET /fhir/patients/{patient_id}/detail) has been removed. Consumers that used this endpoint should query individual resource types through the existing FHIR search endpoints instead.

What changed:

• Observation and Condition restored as standalone entities - Observation and Condition resources now resolve to their own entity rows in the world model rather than being attached to the parent patient entity. Each Observation and Condition gets its own entity ID, and patient linkage is derived at projection time from the FHIR subject or patient reference. Agent tools for observation and condition lookups now query these standalone entity rows directly.

• Patient detail endpoint removed - The GET /fhir/patients/{patient_id}/detail endpoint has been removed. This endpoint returned a joined read model combining patient demographics, labs, conditions, medications, appointments, and diagnostic reports in a single response. Consumers should use the individual FHIR search endpoints (GET /fhir/{resource_type}) to retrieve related resources for a patient.

• Observation FHIR reads re-enabled - Observation resources can now be read and searched through the standard FHIR resource endpoints (GET /fhir/Observation, GET /fhir/Observation/{id}). These endpoints were temporarily disabled in a previous release while Observation was served from the patient timeline.

• DiagnosticReport removed from patient-filterable types - DiagnosticReport is no longer included in the set of FHIR resource types that support patient-scoped filtering. It remains writable through FHIR import but does not have a typed read surface yet.

• Patient detail response models removed - The response models for the patient detail endpoint (demographics, labs section, conditions section, medications section, diagnostic reports section, and provenance) have been removed from the API schema.

Who is affected:

• Consumers of GET /fhir/patients/{patient_id}/detail must migrate to individual FHIR search endpoints. This is a breaking change for any integration that depends on the joined patient detail response.

• Consumers reading Observations through FHIR search endpoints benefit from re-enabled reads without any migration.

• Agent tool consumers see updated response shapes for observation and condition lookups - responses now include standalone entity IDs instead of the parent patient entity ID, and event IDs are no longer included.

Breaking changes:

• GET /fhir/patients/{patient_id}/detail has been removed. Returns 404.

• Observation and condition agent tool responses no longer include event_id or skipped_malformed fields. The entity_id field now contains the standalone entity ID for the specific observation or condition rather than the parent patient entity ID.

• DiagnosticReport is no longer filterable by patient reference in FHIR search.

FHIR Import Universal Upsert

FHIR import now always upserts resources regardless of data source type. Previously, only imports from certain source types used upsert behavior - other sources could create duplicate resources when the same data was re-uploaded. Now, every FHIR import - whether from an EHR sync, a file upload, or any other source - supersedes existing records with matching identifiers instead of duplicating them.

This applies to both single-bundle and streaming import paths.

What changed:

• Universal upsert on FHIR import - All FHIR bundle imports now use upsert semantics. When a resource with a matching identifier already exists in the world model, the import overwrites the existing record rather than creating a new one. This was previously limited to EHR sync sources and now applies uniformly to all import sources.

• Re-uploads supersede instead of duplicating - Uploading the same FHIR bundle a second time updates the existing resources in place. The result is idempotent - importing identical data multiple times produces the same world model state as importing it once.

Who is affected:

All Platform API consumers using the FHIR import endpoints. If your workflow previously relied on re-uploads creating separate records (e.g., for version tracking through duplicate entries), those imports now overwrite existing records instead. Use the world model event history to track changes over time.

Breaking changes:

None from an API contract perspective - request and response shapes are unchanged. However, the behavioral change means re-uploads no longer produce duplicate records, which may affect consumers that counted on duplication as a side effect.

Inbound Voice Routing and Use Case Phone Number Pool

Phone number assignment for inbound voice use cases now automatically configures the underlying telephony provider to route incoming calls directly to the correct use case. Previously, assigning a phone number to an inbound voice use case only created the platform-side binding - operators had to manually configure call routing in the telephony provider. The platform now handles this automatically on assign and cleans it up on unassign.

The use case detail endpoint also now returns the phone numbers currently assigned to a use case, giving consumers a single call to resolve both use case configuration and its active phone number pool.

What changed:

• Automatic inbound call routing on phone number assignment - When a phone number is assigned to an inbound voice use case, the platform rewrites the phone number's incoming call webhook to route directly to the use case. Inbound calls to that number are delivered to the agent associated with the use case without manual telephony configuration. If the assignment transaction fails after the webhook is updated, the platform automatically reverts the webhook to its previous value.

• Automatic routing cleanup on phone number unassignment - When a phone number is unassigned from an inbound voice use case, the platform clears the incoming call webhook so the number returns to the provider's default unconfigured state. The same rollback protection applies - if the database transaction fails after the webhook is cleared, the previous webhook URL is restored.

• New GET /twilio-setup/{setup_id}/credentials endpoint - Returns the sub-account authentication token for a telephony setup. The token is fetched live from the provider (not cached) and is used by the voice infrastructure to verify inbound webhook signatures and authenticate call control operations. Returns 404 if the setup does not exist.

• Phone numbers included in use case detail response - GET /use-case/{id} now returns a phone_numbers field containing the E.164 phone numbers currently assigned to the use case. For telephony-backed channels (outbound voice, inbound voice, ringless voicemail), this is the active number pool. For email use cases, the field is always empty. The field is present on all use case response variants for uniform response shape. Order is unspecified.

Who is affected:

All Platform API consumers working with inbound voice use cases. Phone number assignment now has a side effect on the telephony provider - the incoming call webhook is rewritten automatically. Consumers that previously configured webhooks manually should stop doing so to avoid conflicts with the platform-managed routing.

Consumers of GET /use-case/{id} receive a new phone_numbers field. The field is additive and defaults to an empty list.

Breaking changes:

None. All changes are additive. Existing phone number assignments for non-inbound-voice channels are unaffected.

Patient Detail Read Model

A new patient detail endpoint returns a joined, frontend-ready view of a single patient entity and all related clinical resources in one request. Instead of fetching the patient record and then issuing separate calls for labs, conditions, medications, appointments, and diagnostic reports, consumers can now retrieve everything in a single round-trip.

What changed:

• New GET /patients/{patient_id}/detail endpoint - Returns a composite response containing patient demographics, the FHIR Patient resource, record counts by resource type, and pre-built sections for labs (observations), conditions, medications, appointments, and diagnostic reports. Each section includes items, a total count, a has_more flag for pagination, and a degraded flag indicating whether that section experienced a partial fetch failure. Query parameters section_limit (1-100, default 20) and abnormal_limit (1-50, default 10) control how many items are returned per section and how many abnormal lab results are highlighted.

• Labs section with abnormal highlighting - The labs section returns two lists: latest (most recent observations up to section_limit) and abnormal (observations flagged with abnormal interpretation codes, up to abnormal_limit). Abnormal detection uses standard clinical interpretation codes (A, AA, H, HH, L, LL, and others) from the observation resource.

• Unified medication section - Medication statements and medication requests are merged into a single medications section, sorted by effective date. The record_counts field breaks out individual totals for each underlying resource type so consumers can distinguish between the two.

• Demographic detail - The demographics object includes name, phone, email, birth date, gender, MRN, structured address, preferred language, race, ethnicity, marital status, emergency contact, and insurance information. Fields are populated from entity attributes with fallback to demographic state when direct attributes are not available.

• Per-item provenance - Every resource item in the response includes a provenance object with source, source system, data source identifier, confidence score, effective timestamp, ingestion timestamp, and last-updated timestamp. A top-level provenance block carries entity-level provenance for the patient record itself.

• Graceful degradation - If fetching a particular resource type fails, that section is returned empty with degraded: true rather than failing the entire request. The response is always structurally complete.

• DiagnosticReport added to patient-filterable resource types - DiagnosticReport is now included in the set of FHIR resource types that support patient-scoped filtering, alongside Condition, Encounter, MedicationRequest, AllergyIntolerance, Immunization, and Coverage.

• Entity lookups now workspace-scoped - Entity reads across CRM (companies, contacts, deals), operator actions, enrichment, and FHIR patient endpoints now include the workspace in the lookup query rather than fetching globally and checking the workspace after the fact. This is a defense-in-depth change with no behavioral difference for correctly-scoped requests.

Who is affected:

All Platform API consumers building patient-facing UIs. The new endpoint eliminates the need for multiple sequential API calls to assemble a patient detail view. Existing endpoints are unchanged.

Breaking changes:

None. The new endpoint is additive.

Tool Call Duration on Conversation Turns

The conversation turn response now includes execution timing for each tool call, giving callers visibility into how long individual tool executions took without needing to instrument timing independently.

What changed:

• duration_ms added to tool call details - Each tool call object in the POST /conversations/{id}/turns response now includes a duration_ms field (number or null). The value represents the wall-clock execution time of the tool in milliseconds. The field is null on older turns that did not capture timing - all new turns populated through the live pipeline always include it.

• Validation on duration_ms - The field enforces a minimum of 0 and a maximum of 3,600,000 (one hour). Values outside this range from upstream processing are treated as invalid and result in a 502 response rather than surfacing misleading data to callers.

• Streaming events updated - The tool_call_completed streaming event also carries duration_ms with the same semantics, so clients consuming the event stream get timing data in real time.

Who is affected:

All Platform API consumers using POST /conversations/{id}/turns. The new field is additive and nullable - existing integrations that do not read duration_ms are unaffected.

Breaking changes:

None. The new field is optional and defaults to null when not present.

Patient-Linked Clinical Resources and FHIR Data Integrity

Observation, Condition, DiagnosticReport, and Coverage FHIR resources are now attached to the parent Patient timeline instead of being created as standalone entities. Agent tools for observations and conditions now return results from the patient timeline with richer event-level detail. FHIR data ingestion enforces source system identity on all FHIR events, and the Observation read endpoint is temporarily unavailable while the migration completes.

What changed:

• Observations and Conditions moved to patient timeline - Observation, Condition, and DiagnosticReport resources are now linked to the parent Patient entity rather than stored as standalone entities. This means patient timelines and patient-detail views show related clinical resources directly on the patient record. The agent tools for observation and condition lookups now query the patient timeline and return both the patient entity_id and a per-result event_id for traceability.

• Observation and Condition lookup responses updated - The observations_lookup and conditions_lookup agent tools now return entity_id (the patient entity) and event_id (the specific clinical event) in each result item. The event_id is a response reference for traceability - it identifies the specific Observation or Condition event on the patient timeline. A skipped_malformed counter is included in the response to surface data quality issues without silently dropping results.

• Source system required for FHIR events - All FHIR events ingested through connector and EHR sync sources now require a non-empty source system identifier. Events missing this identifier are rejected before reaching the data pipeline. Non-connector API writes that lack an explicit source system default to the normalized source namespace. This prevents malformed patient references from creating unjoinable records.

• Observation FHIR read endpoint temporarily unavailable - The GET and search endpoints for Observation resources return HTTP 501 (Not Implemented) while Observations transition from standalone entity reads to patient timeline reads. Other FHIR resource types are not affected.

• Pipeline data quality enforcement - The data pipeline now enforces that FHIR events carry a valid source system and that Observation events have a non-empty status. Events that fail these checks are dropped before entering the pipeline. Patient-linked resource types (Condition, Coverage, DiagnosticReport, Encounter, MedicationRequest, Observation) are prevented from creating standalone entity rows.

• FHIR data coercion improvements - FHIR payloads in various runtime formats (JSON strings, nested mappings, and other serialization shapes) are now normalized to plain dictionaries at a single boundary before entity resolution. This fixes edge cases where non-dictionary payloads caused resolution failures or silent data loss.

Who is affected:

All Platform API workspaces that use FHIR Observation or Condition resources. Workspaces using the observations_lookup or conditions_lookup agent tools will see the updated response shape with event_id fields. Workspaces reading Observations through the FHIR GET/search endpoints will receive 501 responses until the timeline-backed read surface is available.

Integrations that emit FHIR events through connector or EHR sync sources must ensure a non-empty source system is provided. API-originated FHIR writes without an explicit source system will have one defaulted automatically.

Breaking changes:

• The FHIR GET /Observation/{id} and GET /Observation?... search endpoints now return HTTP 501. Use the observations_lookup agent tool or the patient timeline to access Observation data.

• The observations_lookup response now includes event_id per result and skipped_malformed at the top level. Consumers parsing the response shape should accommodate these new fields.

• The conditions_lookup response now includes event_id per result and skipped_malformed at the top level.

• FHIR events from connector and EHR sync sources that lack a source system identifier are now rejected instead of accepted with an empty value.

Use Case Service Bindings

Use cases are now bound directly to platform services instead of workspaces. This replaces the previous workspace-level binding model with a more precise service-level routing that connects a use case to a specific service within a workspace. Binding a service is now the act of claiming the use case for the workspace - there is no separate workspace-claim step.

What changed:

• Service-level binding replaces workspace binding - Use cases are now bound to a specific platform service rather than a workspace directly. The binding carries the workspace context through the service, so inbound webhook events still resolve to the correct workspace. Outbound dispatch from a service routes through the bound use case for its channel.

• New PUT endpoint for binding - A new PUT /{use_case_id}/service-binding endpoint replaces the previous POST /{use_case_id}/bindings endpoint. The request body accepts a service_id to bind. PUT semantics mean rebinding the same use case to a different service replaces the prior binding. Returns 409 if a different use case already binds the same service and channel pair. Returns 404 if the service or use case is not found or belongs to another workspace.

• New GET endpoint for binding - A new GET /{use_case_id}/service-binding endpoint returns the current service binding for a use case in the workspace, or 404 if unbound. Requires Channel.view permission.

• Updated DELETE endpoint - The unbind endpoint has moved from DELETE /{use_case_id}/bindings to DELETE /{use_case_id}/service-binding. Behavior is the same: soft-delete of the binding row, 404 if not currently bound.

• Richer binding response - The binding response now includes service_id, created_at, and updated_at fields in addition to use_case_id, workspace_id, and channel.

• Channel values updated - The channel discriminator now uses the upstream values directly (inbound_voice, outbound_voice, ringless_voicemail, email) instead of the previously collapsed set (voice, voicemail, email).

• Delete preflight updated - Deleting a use case now checks for active service bindings instead of workspace bindings. The error message reflects this: "Use case is bound to a service; unbind it first."

Who is affected:

All Platform API workspaces using the use case binding endpoints. The previous POST/DELETE /{use_case_id}/bindings endpoints are replaced by PUT/GET/DELETE /{use_case_id}/service-binding. Existing integrations that bind use cases to workspaces need to update to provide a service_id in the binding request.

Breaking changes:

• The POST /{use_case_id}/bindings endpoint is removed. Use PUT /{use_case_id}/service-binding with a service_id body instead.

• The DELETE /{use_case_id}/bindings path has changed to DELETE /{use_case_id}/service-binding.

• The binding response model has changed: new fields service_id, created_at, updated_at; all ID fields are now UUIDs instead of strings.

• Channel values have changed from voice/voicemail/email to inbound_voice/outbound_voice/ringless_voicemail/email.

Skill Tier Realignment for Disabled Autonomous and Browser Skills

Disabled skills that were previously configured as autonomous or browser execution tiers are now automatically realigned to a supported tier. This ensures that re-enabling a skill does not result in unexpected autonomous or browser behavior.

What changed:

• Automatic tier reassignment - Skills that are currently disabled and were set to the autonomous or browser execution tier have been moved to a standard supported tier. When these skills are re-enabled, they will execute at the reassigned tier rather than the previously configured autonomous or browser tier.

• No action required - This change applies automatically to all affected skills across all workspaces. Skills that are currently enabled or set to other execution tiers are not affected.

Who is affected:

All Platform API workspaces that had disabled skills configured with autonomous or browser execution tiers. No manual configuration changes are needed.

No breaking changes.

Graceful Handling of Unsupported Phone Number Types

The phone number search and provisioning endpoints now return empty results instead of errors when a requested number type is not available for a given country.

What changed:

• Search returns empty instead of failing - When searching for available phone numbers, if the requested number type (local, mobile, toll-free, or national) is not enabled for the selected country, the API now returns an empty list instead of an error. Previously, requesting an unsupported number type for a country could result in an unexpected error response. This makes it safe to search across all number types without needing to know in advance which types each country supports.

• Provisioning returns a clear conflict - When attempting to provision a phone number whose number type is not available for the selected country, the API now returns a 409 conflict ("number not available") instead of an unexpected error. This is consistent with the behavior when a specific number is simply not available for purchase.

Who is affected:

All Platform API workspaces using the phone number search or provisioning endpoints. No configuration changes required. Clients that previously handled errors from unsupported number type and country combinations can simplify their error handling.

No breaking changes.

Patient Lookup by Entity ID

The patient lookup tool now accepts a direct entity ID for instant patient resolution, eliminating the need for search-based matching when the entity identifier is already known from conversation context.

What changed:

• Direct entity ID lookup - Patient lookup now supports an optional entity ID parameter. When provided, the tool resolves the patient record directly by ID rather than searching by name, date of birth, phone number, or medical record number. This is the fastest lookup path and is used automatically when the agent already has an entity reference from context graph bindings or prior conversation state.

• Graceful fallback - If the entity ID does not resolve to a valid patient record, the tool falls back to the standard search parameters (identifier, date of birth, name, phone number). Existing lookup behavior is unchanged when no entity ID is provided.

Who is affected:

All Platform API workspaces using the patient lookup tool. No configuration changes required. Agents that already have entity context will automatically use the faster lookup path.

No breaking changes.

Connector Content-Hash Deduplication for Availability and Booking Preferences

The connector framework now applies content-hash deduplication to availability and booking preference polling, eliminating redundant event emission when upstream data has not changed.

What changed:

• Content-hash dedup for availability polling - Each availability poll now checks whether the payload has changed since the last emission before writing an event. If the content hash matches, the record is skipped. This eliminates the amplification previously observed during steady-state polling, where every cycle re-emitted identical records.

• Content-hash dedup for booking preference polling - Booking preference polls now use the same content-hash dedup flow. Unchanged records are suppressed, and the visit-types cache is refreshed regardless of whether the record was emitted, keeping downstream enrichment lookups warm.

• Accurate emission counts - Poll outcome metrics now reflect actual emissions rather than poll attempts. Records suppressed by dedup report zero emissions, giving operators a precise view of data throughput versus polling activity.

Who is affected:

All Platform API workspaces using connectors that poll availability or booking preference endpoints. No configuration changes required. Event consumers see fewer duplicate events. Dedup state is managed automatically.

No breaking changes.

Clinical Detection Loop Prevention

The clinical detection pipeline now prevents self-triggering loops where detection-generated events re-enter the pipeline and produce duplicate results on every refresh cycle.

What changed:

• Source-based filtering - Clinical detection now excludes events that were written by the detection pipeline itself. Previously, every analysis event generated by a detection rule re-entered the pipeline on the next refresh, triggering its own rule again and producing duplicate detections that grew with each cycle.

• Deterministic detection identifiers - Each detection result now carries a stable identifier derived from its type, workspace, entity, and event attributes. This identifier remains consistent across pipeline refreshes, allowing downstream consumers to recognize previously processed detections even when other metadata changes between refreshes.

• Downstream dedup - The detection sync process uses the stable detection identifier to skip detections it has already processed. Detections that have been seen within a configurable window are not re-emitted, preventing duplicate downstream events. The dedup mechanism is fail-open - if the dedup check is unavailable, detections are processed normally rather than dropped.

Who is affected:

All Platform API workspaces using clinical detection. No configuration changes required. Workspaces that previously experienced duplicate analysis events will see a significant reduction in duplicate detections.

No breaking changes.

Restricted Query Execution Role

User-submitted SQL queries and query tool executions now run under a restricted database role that limits operations to the minimum required privileges, adding a defense-in-depth layer beyond row-level security.

What changed:

• Restricted execution role for ad-hoc queries - When a workspace SQL query is executed (via the API, CLI, or Developer Console SQL editor), the platform now switches to a restricted role scoped to the current transaction before running the query. This role can only read from the world model entity table and read, insert, update, or delete rows in workspace custom tables. It cannot create or drop tables, alter schemas, or access platform-internal tables. The restriction is transaction-scoped and resets automatically when the query completes.

• Restricted execution role for query tools - Query tool execution during agent sessions now uses the same restricted role. This ensures that even if a query tool's SQL is broader than intended, the database enforces a hard boundary on what operations are permitted.

• No behavioral changes for valid queries - Queries that read from world model entities or operate on custom tables continue to work identically. Only queries that attempt operations outside these boundaries - such as accessing platform-internal tables or performing schema modifications - are now blocked at the database level rather than relying solely on application-level validation.

Who is affected:

All Platform API workspaces using ad-hoc SQL queries or query tools. No configuration changes required. Queries that were valid before remain valid. Queries that attempted out-of-scope operations will now receive a permission error.

No breaking changes.

Synced Entity Store Schema Alignment

The synced entity store now reads from a schema-aligned data source that mirrors the upstream catalog structure, replacing the previous flat table layout.

What changed:

• Schema-aligned reads - The read path for synced clinical entities now uses a data source whose schema matches the upstream data catalog. Previously, the synced entity store read from a flat table in a shared namespace. The new layout places synced entities in a namespace that mirrors the catalog structure, improving clarity and reducing the risk of naming collisions as the number of synced tables grows.

• No behavioral changes - Entity queries, platform function lookups, and all downstream consumers continue to work identically. The data shape, column types, and query semantics are unchanged. This is a storage-layer alignment only.

Who is affected:

No user-facing changes. All Platform API workspaces using clinical entities, platform functions, or the world model continue to work without modification.

No breaking changes.

Workspace Query Tool Discovery at Session Start

Workspace query tools are now automatically discovered and registered when a session starts, making them available to the agent without any additional configuration.

What changed:

• Automatic tool discovery - When a voice or text session starts, the platform loads all enabled query tools defined for the workspace and registers them as callable tools the agent can invoke during the conversation. Previously, query tools were only manageable through the API but were not available to the agent at runtime.

• Read-only validation at load time - Each query tool's SQL is validated for read-only safety when the session starts. Tools with queries that do not pass validation are skipped and logged, ensuring that only safe read operations are exposed to the agent.

• Row-level security scoping - Query tool execution is scoped to the workspace's data boundary using row-level security. The agent cannot access data outside the workspace, even if the stored query does not explicitly filter by workspace.

• Execution constraints - Query tool execution is time-bounded and result sets are capped to stay within real-time conversation latency requirements. If a query exceeds the execution limit, it returns a structured error rather than blocking the conversation turn.

• Parameterized execution - Query tools accept declared parameters from the agent and bind them safely to the stored query. Undeclared parameters are ignored.

Who is affected:

All Platform API workspaces with enabled query tools. Query tools created through the API or CLI are now automatically available to agents during sessions. No additional configuration is required beyond creating and enabling the query tool.

No breaking changes.

Self-Refreshing Connector Deduplication

Connector deduplication cache entries now self-refresh on every poll cycle where the record content is unchanged, eliminating redundant writes caused by fixed-duration cache expiry.

What changed:

• Self-refreshing cache lifetime - When a connector polls a record and its content matches the cached hash, the cache entry's lifetime is automatically extended. Previously, cache entries expired on a fixed 24-hour schedule regardless of polling activity. This caused unchanged records to re-enter the data pipeline after expiry, producing 7-13x write amplification on clinical data adapters even when the underlying data never changed.

• Extended base cache lifetime - The default cache lifetime has been increased from 24 hours to 30 days. Combined with self-refreshing behavior, this protects against data loss in scenarios where polling is paused for extended periods (e.g., a workspace is suspended for several days and then resumes). The cache entry survives the pause and prevents a full re-sync on restart.

• Input validation on cache keys - The deduplication layer now validates that all key components (workspace, data source, and record identifier) are non-empty before constructing a cache key. Previously, empty components could produce colliding keys across workspaces. Invalid inputs now raise an immediate error with a diagnostic message indicating which components were empty, without exposing the raw values.

• Graceful degradation on cache refresh failure - If the cache lifetime refresh fails due to a transient connection issue, the system continues without error. At worst, the affected record re-enters the pipeline on the next poll cycle, which is safe because downstream projections are idempotent.

Who is affected:

All Platform API workspaces using connectors. This is a behavioral improvement with no API surface changes. Workspaces with high-volume clinical data sources (FHIR adapters, EHR connectors) will see the most significant reduction in redundant writes.

No breaking changes.

Workspace Lakebase - Fork, Query, and Tool Routes

Workspaces now have built-in data exploration capabilities. Three new route groups let you create sandbox database forks, execute validated SQL queries against workspace data, and define reusable query tools that the reasoning engine can call during conversations.

What changed:

• Fork lifecycle - New endpoints to create, inspect, and destroy sandbox forks of the workspace data layer. Forks provide an isolated environment for experimentation with a configurable time-to-live (1 to 30 days). Only one fork can exist per workspace at a time. Creating a fork when one already exists returns a conflict error.

• Query execution - A new endpoint executes SQL queries against the workspace data layer with built-in validation and a 30-second execution timeout. Results are capped at 1,000 rows. The SQL validator enforces safety rules: multi-statement queries are rejected, privilege escalation is blocked, and write operations on the shared data layer are restricted to the custom schema. DDL operations are not permitted on the shared data layer.

• Query tools (CRUD) - Five new endpoints for managing reusable query tools: create, list, update, delete, and test. Query tools are parameterized SQL templates that agents can invoke mid-conversation to retrieve data. Each tool's SQL is validated on creation and update. The test endpoint executes a tool with sample parameters and returns results, verifying that the query works before it is used in production. Undeclared parameters are rejected during testing.

• Workspace data layer endpoint - Workspaces now track a data layer connection endpoint, enabling fork routing and query execution against the correct data source.

New endpoints:

Who is affected:

All Platform API workspaces. These are new additive endpoints. No existing behavior is changed.

No breaking changes.

Modular FHIR Extension Registry and Vitals Columns

The entity data pipeline now supports a config-driven extension registry that automatically promotes FHIR extensions into typed, queryable columns on the entity snapshot. The first extensions wired through this registry add patient vitals - height, weight, and BMI - to the demographics projection.

What changed:

• Extension registry - A new declarative registry maps FHIR extension URLs to typed columns on entity projections. Adding a new extension column requires only a configuration entry specifying the extension URL, target column name, value type (string, decimal, boolean, or integer), and destination projection. No code changes are needed. The registry currently supports string, decimal, boolean, and integer extraction patterns.

• Patient vitals columns - Three new columns are now available on the entity snapshot for patients: height (cm), weight (kg), and BMI. These values are extracted from FHIR extensions emitted by connected clinical data sources that follow the standard extension value conventions. The columns are nullable and populated automatically on the next pipeline run.

• Decimal and boolean extension extraction - The projection engine now supports extracting numeric (decimal) and boolean values from FHIR extensions, in addition to the existing string extraction. Decimal values are cast to floating-point numbers for direct comparison and filtering. Boolean values are extracted natively without string conversion.

• Entity snapshot updated - The entity snapshot includes the new vitals columns, so platform functions, agent tools, and downstream analytics consumers can access patient vitals directly from the projected entity view.

Who is affected:

All Platform API workspaces with patient demographic data. New columns are nullable and populated on the next data pipeline run. Existing integrations are unaffected.

No breaking changes.

FHIR Query Performance - Typed Column Reads

FHIR resource queries now read exclusively from typed, indexed columns instead of parsing stored resource payloads at query time. This completes another phase of the structured data migration for FHIR reads, improving query performance and consistency across all FHIR resource endpoints.

What changed:

• Practitioner identification uses typed columns only - Practitioner vs. Patient disambiguation for person-type entities now relies entirely on typed NPI and specialty columns. Previously, the query could also fall back to inspecting the stored resource payload. Removing that fallback path simplifies the query plan and ensures consistent behavior across all workspaces.

• Patient-scoped resource filtering uses typed columns - Queries that filter clinical resources by patient reference (Appointments, Conditions, Observations, Medication Statements, and other clinical types) now use dedicated typed columns for the patient relationship. Appointment queries match on the typed patient reference column, while all other clinical resource types match on the typed linked patient identifier column. This replaces the previous approach of parsing nested references from stored resource payloads at query time.

• Unified patient filter path - Clinical resource types that previously required separate filter logic for subject, patient, and beneficiary reference styles are now handled through a single typed column. This simplifies the query path and ensures consistent performance regardless of how the source system structured the patient reference.

Who is affected:

All Platform API workspaces using FHIR resource queries. No configuration changes required. Query behavior is unchanged - the same filters return the same results, but queries execute against indexed columns instead of parsing stored payloads.

No breaking changes.

Typed Columns for Clinical Entity Details

Clinical entities in the world model now expose key clinical details as typed, queryable columns instead of requiring consumers to parse the raw FHIR resource. This is the first phase of structured clinical data extraction, covering observations, medications, allergies, clinical notes, and family history.

What changed:

• Observation detail columns - Observation entities now include dedicated columns for numeric value, unit, interpretation code, reference range low, reference range high, and category. Numeric values are stored as floating-point numbers, enabling direct comparison and range-based filtering without parsing the resource payload.

• Medication statement detail columns - Medication statement entities now surface dosage instructions and clinical notes as text columns. Previously, this information was only accessible by parsing the full resource.

• Allergy intolerance detail columns - Allergy entities now expose reaction description and severity as dedicated columns. Reaction text falls back gracefully between coded and free-text representations.

• Clinical note detail columns - DocumentReference entities now include note type and note date as typed columns, extracted from the resource type and date fields.

• Family history detail columns - Family history entities now expose the relationship descriptor as a typed column, with fallback between text and coded representations.

• Resource type discriminator - All clinical entities now carry a resource type field, making it possible to filter and route entities by clinical type without inspecting the resource payload.

• Entity snapshot updated - The entity snapshot includes all new typed columns, so platform functions, agent tools, and downstream analytics consumers can access clinical details directly from the projected entity view.

Who is affected:

All Platform API workspaces with clinical data. New columns are nullable and populated on the next data pipeline run. Existing integrations are unaffected - the full FHIR resource blob remains available alongside the new typed columns.

No breaking changes.

Patient-Scoped Resource Identity and Clinical Status Resilience

Two data-integrity improvements in this release: clinical resource identifiers are now globally unique across patients, and clinical status extraction is more resilient when source data uses varying formats.

What changed:

• Patient-scoped resource identifiers - Clinical resource IDs (observations, medications, conditions, family history, questionnaire responses, and clinical notes) ingested from external data sources are now prefixed with the patient identifier before entity resolution. Previously, resource IDs were only unique within a single patient's record. If two patients shared the same raw resource ID, the platform's entity resolution would collapse them into a single entity, silently dropping one patient's data. Resource IDs are now globally unique across patients within a workspace, producing distinct entity IDs and preventing cross-patient data loss.

• Deduplicated source records before clinical resource expansion - The ingestion pipeline now deduplicates source records per patient before expanding clinical resource arrays. Previously, duplicate source rows (e.g. from re-uploads with the same modification time) could multiply into N duplicate clinical resource events per resource. Deduplication now happens at the patient level before array expansion, preventing duplicate events from propagating into downstream data stores.

• Resilient clinical status extraction - Entity projections for conditions, observations, medication statements, and related clinical types now fall back gracefully when clinical status is provided in different formats. If the structured coded representation is not present, the platform extracts status from the text representation instead. This prevents clinical status from appearing blank on entities ingested from sources that use simpler status formats.

• Condition clinical status enrichment - Condition resources now include a structured coded clinical status alongside the text representation. This aligns condition data with the FHIR clinical status coding convention, improving interoperability with downstream systems that expect coded status values.

• Agent clinical data lookups use projected status - When the agent retrieves observations, medication statements, clinical notes, or questionnaire responses during a conversation, the lookup now falls back to the entity's projected clinical status if the FHIR resource does not contain an inline status field. This ensures that status information is always available to the agent regardless of how the source system encoded it.

Who is affected:

All Platform API workspaces that ingest clinical data from external sources. Existing entities with colliding resource IDs across patients will be resolved to separate entities on the next data sync. No configuration changes required.

No breaking changes.

Explicit Use Case Binding and Unbinding

Use case lifecycle now separates creation from workspace ownership. Creating a use case no longer automatically associates it with the calling workspace. Instead, two new endpoints let you explicitly bind and unbind use cases, giving you full control over which workspace receives inbound events for a given use case.

What changed:

• Bind use case endpoint - A new POST /v1/{workspace}/use-cases/{use_case_id}/bindings endpoint claims a use case for a workspace. Inbound webhook events (email delivery notifications, SMS status callbacks, voice events) for that use case will resolve to this workspace. The endpoint is idempotent for the same workspace. If the use case is already bound to a different workspace, the request returns 409 Conflict. If a previous binding was removed, the new bind revives it and points it at the calling workspace. Requires Channel create permission.

• Unbind use case endpoint - A new DELETE /v1/{workspace}/use-cases/{use_case_id}/bindings endpoint releases a use case from a workspace. After unbinding, inbound events for that use case no longer resolve to any workspace until it is re-bound. Returns 404 if the use case is not currently bound to the calling workspace. Requires Channel delete permission.

• Create no longer auto-binds - The create use case endpoint (POST /v1/{workspace}/use-cases) now only creates the use case upstream. It does not automatically bind the use case to the calling workspace. Callers must explicitly POST to the bindings endpoint after creation to associate the use case with their workspace.

• Delete requires unbinding first - The delete use case endpoint (DELETE /v1/{workspace}/use-cases/{use_case_id}) now returns 409 Conflict if the use case is still bound to any workspace. You must unbind the use case before deleting it. This prevents orphaned bindings that would route inbound events to a workspace for a use case that no longer exists upstream.

• Inbound event resolution updated - The internal webhook event resolver now uses the use case identifier directly to determine which workspace should receive an event, replacing the previous provider-specific setup identifier lookup. This simplifies the resolution path and aligns it with the explicit binding model.

Binding response schema:

Who is affected:

All Platform API workspaces that create use cases. If your integration relies on use cases being automatically associated with the workspace at creation time, you must add an explicit bind call after creation. Existing use cases that were auto-bound before this release are unaffected - their bindings remain active.

Breaking changes:

• Creating a use case no longer binds it to the workspace. Callers must explicitly bind after creation.

• Deleting a use case now fails with 409 if it is still bound. Callers must unbind before deleting.

Transport Close Details and Simulation Case Library Endpoints

Two improvements in this release: voice call records now capture structured transport close details, and two new endpoints let you browse and inspect durable simulation cases.

What changed:

• Transport close details on call records - When a voice call ends, the platform now records structured details about how the transport layer closed. This includes the close source (client-initiated, network disconnect, or protocol error), any close code provided by the caller's client, and a sanitized close reason when available. These details appear on call intelligence records, call-ended events, and post-call analysis data. This gives you precise visibility into whether a call ended because the caller hung up, the network dropped, or the client sent an explicit stop signal - information that was previously only available as a single completion reason string.

• Post-call analysis merge - Post-call analysis results are now merged additively into existing call analysis data rather than replacing it. If transport close details were already recorded during call teardown, subsequent analysis results are combined with them instead of overwriting. This ensures that infrastructure-measured close details are always preserved alongside LLM-generated analysis.

• List simulation cases endpoint - A new GET /simulations/cases endpoint returns a paginated list of durable simulation cases for a workspace. You can filter by service ID and by tags (up to 20). This supports case library browsing in dashboards and CI pipelines that need to discover available test cases programmatically.

• Get simulation case endpoint - A new GET /simulations/cases/{case_id} endpoint returns a single simulation case by ID. The response includes the full case definition: persona, scenario instructions, initial message, temperament, fixtures, constraints, target specification, assertions, tags, and provenance.

Who is affected:

All Platform API workspaces. Transport close details are recorded automatically with no configuration changes. The new simulation case endpoints require the service view permission. Existing integrations are not affected.

No breaking changes to any API endpoints or response schemas.

Entity Binding for Simulation Sessions

Simulation session creation now accepts an optional entity ID, allowing you to bind a specific patient entity to a simulation session. This gives simulated conversations access to the same patient context resolution that production calls use, so you can test agent behavior against real entity data in your workspace.

What changed:

• Entity ID on session creation - The simulation session creation endpoint now accepts an optional entity_id parameter (UUID). When provided, the session resolves patient context from the specified entity, giving the agent access to the entity's clinical data, demographics, and linked records during the simulation. This applies to both simulation run sessions and standalone test conversations.

• Workspace-scoped resolution - Entity IDs are resolved within the scope of the workspace that owns the simulation. An entity ID from a different workspace resolves to nothing, ensuring no cross-tenant data exposure.

• No impact on existing sessions - The entity_id parameter is optional and defaults to none. Existing simulation sessions that do not specify an entity ID continue to work exactly as before.

Who is affected:

All Platform API workspaces using simulations. This is an additive change. Existing integrations are not affected.

No breaking changes to any API endpoints or response schemas.

Surface Status Returns Submitted Data

The check_surface_status tool now returns the data a patient submitted when a surface is completed, along with additional lifecycle timestamps. Previously, checking surface status returned the lifecycle state but not the actual submission payload, requiring a separate lookup to retrieve what the patient entered.

What changed:

• Submitted data included on completion - When a surface reaches the completed status, the status response now includes the full submitted data payload. This lets agents immediately act on patient-provided information - confirming answers, extracting clinical details, or branching conversation logic - without an additional API call.

• Lifecycle timestamps - The status response now includes delivery, open, and submission timestamps in addition to the creation timestamp that was already present. These timestamps give agents and downstream analytics precise visibility into how long each stage of the surface lifecycle took.

• Tool description updated - The check_surface_status tool description now documents that submitted data is returned when the surface is completed, so agents can reason about the availability of submission data based on the lifecycle status.

Who is affected:

All Platform API workspaces using surfaces. The additional fields are additive. Existing integrations that consume surface status responses will continue to work without changes. Agents that previously made separate calls to retrieve submitted data can now read it directly from the status response.

No breaking changes to any API endpoints or response schemas.

Snapshot-Diff Sync for Reference Data

Connector sync for slow-changing reference data (payers, facilities, visit types, fee schedules, staff) now uses snapshot-diff semantics instead of emitting every record on every poll cycle. The connector compares each poll response against the prior snapshot and emits only items that were created or updated since the last sync.

What changed:

• Snapshot-diff for lookup-table endpoints - Reference data endpoints that return the full current roster on every poll cycle now diff against the previously seen snapshot. Only new and changed items are emitted as events. Unchanged items are skipped entirely, reducing redundant processing for data that changes infrequently.

• Deletion detection - Items present in the prior snapshot but absent from the current response are detected and tracked. In this initial release, removals are logged and counted but not emitted as events. Removal-event emission will land per resource type as downstream projections gain explicit removal handling.

• Fail-open on state unavailability - If the persisted snapshot is unavailable (first sync, state loss, or infrastructure error), the connector treats all items as updates. This matches the previous behavior where every record was emitted every cycle, ensuring no data is silently dropped.

• Atomic state transitions - The snapshot pointer is updated only after all created and updated events have been successfully delivered. If event delivery fails or times out, the snapshot is not advanced, and the next poll cycle re-emits the current items. This guarantees at-least-once delivery without requiring downstream idempotency beyond what already exists.

• Bounded state lifecycle - Snapshot state for each workspace, data source, and resource type is retained with a long expiration window and refreshed on every successful sync. State for deleted or inactive workspaces is automatically cleaned up.

Who is affected:

All Platform API workspaces with connected EHR integrations that sync reference data. The change is transparent - no configuration changes are required. Workspaces will see significantly fewer redundant events for reference data endpoints, reducing downstream processing volume.

No breaking changes to any API endpoints or response schemas.

Get Use Case by ID

The channel manager now exposes an endpoint to fetch a single use case by its identifier, complementing the existing list endpoint. This enables callers to retrieve authoritative use case details - including channel type, setup binding, and configuration - without filtering a full list response.

What changed:

• New GET endpoint for individual use cases - A new endpoint accepts a use case ID and returns the full use case resource, including its channel-specific binding (email or voice). If the use case does not exist or has been soft-deleted, the endpoint returns 404. This gives callers a clear distinction between "use case not found" and "service unreachable," enabling proper error handling (404 vs 502) in upstream workflows.

• Response matches list endpoint shape - The response structure for the new endpoint is identical to individual items returned by the list endpoint. Email use cases include setup ID, configuration set name, sender address, email type, tier, unsubscribe eligibility, and cold inbound acceptance. Voice use cases include setup ID and channel type (outbound voice, inbound voice, or ringless voicemail).

• List endpoint query improvements - The existing list use cases endpoint now uses more efficient query construction internally. No changes to request parameters, response shape, or filtering behavior.

• Client library updated - The platform client library includes a new method for fetching a single use case by ID. The method returns the use case resource on success, returns nothing when the use case is not found (404), and raises on transport or server errors.

Who is affected:

All Platform API consumers working with use cases. The new endpoint is additive. No breaking changes to existing endpoints or response schemas.

SES Setup Shared Across Workspaces

SES email channel setups are now shared platform-wide rather than scoped to individual workspaces. A single setup can serve use cases bound to multiple workspaces, removing the previous restriction that tied each setup to the workspace that created it.

What changed:

• Setups are no longer workspace-scoped - The SES setup endpoints still include the workspace segment in the URL for backward compatibility, but the workspace is no longer used to filter or restrict access. Any caller with the appropriate channel permission can list, view, create, or delete any SES setup on the platform.

• List endpoint returns all setups - The list SES setups endpoint now returns every setup on the platform, not just those created by the current workspace. Results are paginated and sorted deterministically.

• Delete no longer soft-deletes a workspace binding - Deleting an SES setup tears down the upstream tenant and identity directly. The previous soft-delete of a workspace-level ownership record has been removed. The endpoint still returns 409 if the setup has active use cases.

• Cross-workspace visibility - GET and verify endpoints return setup details regardless of which workspace created the setup. Previously, requesting a setup created by a different workspace returned 404.

Who is affected:

All Platform API consumers using the SES email channel setup endpoints. Callers that previously relied on workspace-level isolation of setups should be aware that all setups are now visible platform-wide. Permission checks (Channel.create, Channel.view, Channel.delete) still apply.

No breaking changes to request or response schemas. The workspace segment in the URL is retained for compatibility but is functionally inert for these endpoints.

Text Session Entity Binding and Streaming Tool Call Identifiers

Text sessions now correctly bind entity context at conversation start, and SSE streaming events for tool execution include a stable call identifier for correlating tool start and tool end events.

What changed:

• Entity context binding on text sessions - Text conversations (both batch and streaming) now bind the workspace context at session start, ensuring that entity lookups and patient resolution work correctly throughout the conversation. Previously, text sessions could fail to resolve entity data when the workspace context was not established early enough in the request lifecycle.

• Tool call identifier on SSE events - The tool_start and tool_end Server-Sent Events emitted during streaming text interactions now include a call_id field. This identifier is stable across the start and end events for the same tool invocation, allowing clients to correlate which tool completion corresponds to which tool invocation when multiple tools execute in parallel or sequence.

• Observations lookup returns coding metadata and identifiers - The observations lookup tool now returns additional fields: code_system (the terminology system for the observation code), code_value (the coded value within that system), and identifiers (the list of business identifiers associated with the observation). These fields give agents and downstream consumers richer context for interpreting clinical observations.

• Entity reads use synced projection for all lookup paths - Patient lookup by phone and patient lookup by ID now both read from the synced entity projection, consistent with the change introduced in v0.9.435 for other entity lookup tools. This completes the migration of all entity read paths to the synced store.

Who is affected:

All Platform API consumers using text sessions (batch or streaming) with entity context. Consumers parsing SSE tool events will see the new call_id field on tool_start and tool_end events. Consumers using the observations lookup tool will see three new fields in the response. All changes are additive.

No breaking changes.

Per-Turn Context Window Policy

The agent engine's context window management now bases compaction decisions on the actual prompt size of each turn rather than cumulative token counts across the session. This eliminates false-positive context pressure signals that previously triggered premature history compaction in longer conversations.

What changed:

• Per-turn prompt measurement - Context window utilization is now calculated from the most recent turn's prompt token count rather than the running total of all tokens sent and received during the session. Cumulative totals grow faster than actual context size (because earlier turns are already represented in history), so the previous approach over-estimated pressure and degraded context quality too early.

• Progressive compaction - When prompt size crosses the warning threshold, the engine switches to summarized history for past conversation states. If prompt size reaches the escalation threshold, the engine applies compact history rendering and caps the number of history entries included in prompts. Compaction only ratchets up during a session - it never relaxes back to a less aggressive level.

• Strategy resolution - Each conversation state can declare its own context strategy via turn policy. The engine now resolves the effective strategy by comparing the engine-level compaction override (set by context pressure) against the per-state turn policy and applying whichever is more aggressive. This ensures that context pressure always takes effect, even when a state's policy would otherwise allow full history.

Who is affected:

All Platform API consumers using voice agents or text sessions with context graphs. No API changes - this is a behavioral improvement to how the engine manages prompt history under context pressure. Agents in longer conversations should see more relevant context retained for longer before compaction kicks in.

No breaking changes.

World Tool Reads from Synced Entity Store

All built-in entity lookup tools now read from a dedicated synced projection of the entity store instead of the primary write table. This improves read consistency and aligns entity lookups with the platform's event-sourced data pipeline.

What changed:

• Entity reads use synced projection - The built-in world tools (patient lookup, observations, conditions, allergies, medication statements, clinical notes, family history, questionnaire responses, intake uploads, persons, conversations, and calls) now read entity data from a continuously updated projection that reflects the latest state derived from the event pipeline. Previously, these tools read from the primary entity table, which could show intermediate states during concurrent writes.

• Write path unchanged - Entity creation, shell entity generation, and field updates continue to write to the same entity store as before. Only the read path used by agent-facing lookup tools has changed.

• No API changes - All tool parameters, response shapes, and filtering behavior remain identical. Agents and API consumers do not need to change anything.

Who is affected:

All Platform API consumers using built-in entity lookup tools during agent conversations. The change is transparent - tool inputs, outputs, and filtering behavior are unchanged. Entity data returned by lookups may reflect updates slightly faster due to the optimized read path.

No breaking changes.

Event-Sourced Operator and Patient State Projection

Operator and patient entity state is now fully projected from events rather than written inline during API operations. This completes the migration to event-sourced state for these entity types, improving consistency and eliminating race conditions during concurrent updates.

What changed:

• Operator state projection - Creating or updating an operator no longer patches entity state inline. Instead, the platform emits events that are processed through the standard data pipeline to project the final entity state. This means operator state (availability, profile, performance counters) is always derived from the authoritative event history rather than ad-hoc writes during API calls.

• Patient entity management - Patient entity creation and deduplication logic has been consolidated into the platform's entity service layer. The voice agent no longer manages patient entities directly. Patient data flows through the same event-sourced pipeline as all other entity types, with deduplication handled by the entity service.

• Patient data in agent context - The patient data made available to agents during conversations has been streamlined. Clinical details (conditions, medications, allergies, appointments, insurance) are no longer embedded in the patient summary. Each clinical data category is accessed through its own dedicated lookup tool (conditions lookup, allergies lookup, medication statements lookup, observations lookup), which query purpose-built data structures with typed fields. This improves query precision and avoids stale embedded data.

Who is affected:

Platform API consumers who create or update operators, or who rely on patient entity state. The API request and response shapes are unchanged. State updates may take a brief moment to propagate through the event pipeline rather than appearing synchronously in the response. Agent tool behavior is unchanged - clinical data tools continue to work as documented.

No breaking changes.

Conditions and Allergies Lookup Tools

Two new built-in tools are now available for agents to retrieve patient clinical data during conversations: conditions lookup and allergies lookup. These join the existing set of typed clinical data retrieval tools (observations, medication statements, clinical notes) and follow the same patterns.

What changed:

• Conditions lookup - Agents can now retrieve a patient's health conditions (diagnoses) mid-conversation. The tool returns condition name, ICD-10 code, code system, clinical status, and onset date. Results can be filtered by clinical status (active, resolved, remission), condition name substring, date range (onset date), and row limit (default 50, max 100). The patient_id parameter is required and accepts platform UUID, canonical ID, MRN, or FHIR Patient ID.

• Allergies lookup - Agents can now retrieve a patient's allergies and intolerances (drug, food, environmental) mid-conversation. The tool returns allergen name, code, clinical status, severity, and manifestation. Results can be filtered by clinical status (active, resolved, inactive), allergen name substring, and row limit (default 50, max 100). The patient_id parameter is required and accepts the same identifier formats as other patient-scoped tools.

Conditions lookup parameters:

Allergies lookup parameters:

Who is affected:

Platform API consumers building agents that need access to patient conditions or allergy data during conversations. These are new tools - no existing tools or responses are changed.

No breaking changes.

A2P 10DLC Brand Registration

The channel setup flow now supports A2P 10DLC brand registration - the carrier-facing authorization required before registering messaging campaigns on local (10DLC) phone numbers in the US. Brand registration is managed through two new endpoints on the Twilio setup resource, with asynchronous status updates delivered via the existing compliance event stream.

What changed:

• New endpoint: submit brand registration - POST /v1/twilio-setup/{setup_id}/bundle/a2p-brand-registration creates or resubmits a brand registration. The request body accepts a brand_type field with two options: standard (full secondary vetting, higher carrier throughput, required for non-profit and government organizations) or low-volume-standard (secondary vetting skipped, lower throughput cap, available for private and public companies only). The endpoint validates prerequisites before submission: the setup's customer profile must be approved, and the setup must have an approved A2P Messaging Profile bundle.

• Create and resubmit via single endpoint - The POST endpoint handles both initial creation and resubmission. If no brand registration exists for the setup, a new one is created. If an existing registration has failed primary vetting (primary_vetting_status is unverified), the same endpoint resubmits it for re-vetting. Resubmission requires the caller to fix upstream profile data before calling - the re-vetting runs against whatever data is currently committed on the upstream bundles. The brand_type cannot be changed on resubmit. Resubmits are capped at 3 per brand; exceeding the limit returns 422.

• New endpoint: get brand registration - GET /v1/twilio-setup/{setup_id}/bundle/a2p-brand-registration returns the current brand registration state for a setup. Returns 404 if no registration exists.

• Two-axis vetting status - Brand registration tracks two independent vetting outcomes. primary_vetting_status reflects identity vetting (pending, verified, or unverified). secondary_vetting_status reflects secondary compliance vetting (pending, verified, failed, or skipped). Low-volume-standard brands always carry skipped for secondary vetting. Each axis is updated independently based on compliance events - one axis never auto-transitions based on the other.

• Structured vetting errors - When primary or secondary vetting fails, the registration carries structured error arrays (primary_vetting_errors and secondary_vetting_errors) with error codes and descriptions from the upstream compliance system. Errors are cleared on successful resubmit.

• Asynchronous status updates - Brand registration status changes are delivered via the same compliance event stream already configured on each setup. The event stream subscription now includes four brand registration event types that update the registration row: identity verified, fully vetted (primary and secondary both verified), identity unverified (with error details), and secondary vetting failed (with error details). No additional setup configuration is required - the subscription is configured automatically when the setup is created.

• Event stream schema versions - The event stream subscription now specifies per-event-type schema versions. The identity-unverified event type uses schema version 3 to include structured error arrays; other brand registration events use schema version 2.

• Tier validation - Non-profit and government organizations are rejected at submission time if low-volume-standard is requested. These organization types require full secondary vetting and must register as standard.

Response fields:

Error responses:

Who is affected:

Platform API consumers managing US 10DLC messaging compliance. This is a new capability - no existing endpoints or responses are changed.

No breaking changes.

Clinical Entities as First-Class Citizens

Clinical resources like conditions, allergies, observations, and medications are now promoted to first-class entities in the world model. Each clinical resource gets its own standalone entity with structured, queryable fields extracted from the underlying clinical data - rather than existing only as nested arrays on a patient record.

What changed:

• Standalone clinical entities - Conditions and allergies now appear as independent entities in the world model with their own entity IDs, in addition to being summarized on the parent patient record. Previously, these resources were only accessible as array fields on the patient entity. Now they can be queried, filtered, and retrieved individually.

• Structured clinical fields on entities - All clinical entity types (observations, medications, conditions, allergies, and others) now carry structured fields extracted from the underlying clinical data: a human-readable code name, the terminology system (e.g. ICD-10, LOINC, RxNorm), the coded value, clinical status, clinically relevant timestamp, measured value with unit (for observations), and a link back to the parent patient entity. These fields are queryable and filterable without parsing the raw clinical resource blob.

• Patient link on clinical entities - Every clinical entity now carries a reference back to the patient it belongs to. This link is derived from the clinical resource's subject or patient reference at projection time, enabling efficient lookups like "show all active conditions for this patient" without joining through intermediate resolution tables.

• New agent tools for conditions and allergies - Two new agent tools are available for retrieving condition and allergy entities during conversations. Both tools accept patient ID, optional status filter, optional text search, and date range filters (conditions only). Results include the coded value, terminology system, clinical status, and onset date. These tools complement the existing observation and medication lookup tools.

• Expanded medication matching - The medications array on patient entities now includes both medication requests and medication statements. Previously, only medication requests were included. This provides a more complete view of a patient's active medications.

• Dual projection for conditions and allergies - Conditions and allergies are projected in two ways: as summary arrays on the parent patient entity (for population-level queries and patient overviews), and as standalone entities (for individual clinical resource queries and agent tool lookups). Both projections are kept in sync automatically.

Who is affected:

All Platform API consumers working with clinical data. The new standalone entities and structured fields are additive - existing patient-level clinical arrays continue to work as before. Agent tool consumers gain two new tools (conditions_lookup and allergies_lookup) that can be registered on agent configurations.

No breaking changes.

Canonical Call Completion Reasons

All call completion reasons returned by the API are now normalized to a canonical set of values. Previously, API responses and real-time events could surface internal labels that were not part of the documented vocabulary. With this release, every completion reason is mapped to a canonical value before it appears in any API response, real-time event, or data export.

What changed:

• Completion reasons normalized at the source - Call completion reasons are now mapped to the canonical vocabulary at the point they are produced, before they reach API responses, real-time events, or data exports. Previously, internal labels could appear in responses and were only normalized at the data storage layer. Now, all downstream consumers see a single, bounded set of values.

• Wider vocabulary type retired - The API response schema for call detail, call list, and call-ended events previously accepted a superset of completion reason values that included internal labels. The schema now accepts only the canonical set: completed, abandoned, escalated, transferred, timeout, error, voicemail, no_answer, caller_hangup, forwarded, terminal_state, warm_transfer_completed, no_inbound_audio, and cancelled.

• Historical data handled gracefully - Call detail and call list responses apply defensive normalization to historical records that may predate this change. Records with unmapped completion reasons return null for the completion_reason field rather than failing the request.

• Real-time events carry canonical values - The call.ended server-sent event now carries only canonical completion reason values. SDK consumers and dashboard integrations that previously needed to handle both canonical and internal labels can simplify their parsing logic.

Who is affected:

Consumers who were handling internal completion reason labels (such as raw timeout or disconnection variants) in API responses or SSE events should update to use only the canonical set listed above. Consumers already using only canonical values are unaffected.

Breaking changes:

• The completion_reason field on call detail, call list, and call-ended event responses no longer returns internal labels. Any client-side logic that matched on non-canonical values will stop matching.

• The response schema enum for completion_reason is narrowed to the canonical set. Clients with strict enum validation that included internal labels should remove those values.

Skill Execution Tier Simplification

The autonomous and browser execution tiers have been removed from the Skills API. Skills that previously used these tiers have been migrated automatically. Going forward, the platform supports three execution tiers: direct, orchestrated, and computer_use.

What changed:

• autonomous execution tier removed - Skills configured with execution_tier: "autonomous" are no longer supported. Existing autonomous-tier skills have been migrated to orchestrated. The autonomous tier previously delegated skill execution to a standalone agent worker with session resumption and checkpoint capabilities. These capabilities are now handled through the orchestrated tier.

• browser execution tier removed - Skills configured with execution_tier: "browser" are no longer supported. Existing browser-tier skills have been migrated to computer_use. The browser tier was a specialized variant of computer use execution - the computer_use tier now covers all desktop and browser automation use cases.

• Browser-specific fields removed - The browser_start_url, browser_allowed_domains, and browser_auth_integration fields have been removed from skill create, update, and response schemas. These fields were only relevant to the browser execution tier. Skills that had these fields set will no longer return them in API responses.

• execution_tier enum narrowed - The execution_tier field on skill create and update requests now accepts only direct, orchestrated, or computer_use. Requests that specify autonomous or browser will receive a 422 validation error.

• Existing skills migrated automatically - A data migration has converted all autonomous-tier skills to orchestrated and all browser-tier skills to computer_use. No manual action is required for existing skill configurations.

Who is affected:

Consumers who create or update skills with execution_tier set to autonomous or browser must update to use orchestrated or computer_use respectively. Consumers who read skill responses and expect browser_start_url, browser_allowed_domains, or browser_auth_integration fields should remove references to these fields. Consumers using only direct, orchestrated, or computer_use tiers are unaffected.

Breaking changes:

• execution_tier values autonomous and browser are no longer accepted on create/update requests (422 error)

• browser_start_url, browser_allowed_domains, and browser_auth_integration fields removed from request and response schemas

• Skill responses no longer include autonomous or browser as possible execution_tier values

Text Session Lifecycle Simplification

Two internal endpoints used during text session lifecycle management have been removed. These endpoints were previously used to coordinate conversation state transitions between internal services during session resume and actor initialization. The behavior they provided is now handled automatically by the implicit reactivation and state-save mechanisms introduced in v0.9.426.

What changed:

• Removed reactivation endpoint - The internal endpoint that explicitly transitioned a dormant text conversation back to active before resuming is no longer available. Since v0.9.426, the platform handles this transition implicitly when the next message arrives, so the explicit round-trip was redundant. Consumers who previously relied on calling a reactivation step before resuming idle text sessions should have already migrated to the implicit behavior introduced in v0.9.426.

• Removed actor-start-failed rollback endpoint - The internal endpoint that rolled back a conversation's state when session initialization failed mid-startup has been removed. Under the implicit transition semantics introduced in v0.9.426, no state mutation occurs before session initialization completes, so there is nothing to roll back on failure. Session cleanup (lease release, channel unregistration) continues to happen automatically.

• No changes to public API behavior - These were internal coordination endpoints not exposed in the public API. Conversation lifecycle, the lifecycle field, implicit reactivation on resume, and all public conversation endpoints continue to work exactly as documented.

Who is affected:

No external consumers are affected. These were internal-only endpoints used for service-to-service coordination. The public conversation API, text session behavior, and lifecycle field semantics are unchanged.

No breaking changes to the public API.

Cold Inbound Email Support

Email use cases can now accept inbound messages that are not replies to a previous outbound email. Previously, the platform operated in a strict thread-only model where every inbound email had to reference one of your outbound messages. With this release, use cases can opt in to receiving cold inbound - messages sent to the use case's sender address by external parties who have never been contacted first.

What changed:

• New accepts_cold_inbound field on email use cases - When creating an email use case, you now provide an accepts_cold_inbound boolean. When set to true, the platform accepts inbound emails addressed to the use case's sender address even when they do not reply to a prior outbound message. When false (the default stance for all existing use cases), the use case remains thread-only and cold inbound is silently dropped. This is a required field - opening a public inbox is an explicit decision, not a default.

• Authentication gates for cold inbound - Cold inbound messages must pass two authentication checks before acceptance. The sender's domain must pass DMARC alignment (only PASS is accepted - FAIL, GRAY, and PROCESSING_FAILED all drop). Additionally, the message must not be flagged as spam (FAIL drops; PASS, GRAY, and PROCESSING_FAILED are accepted). These gates reduce spoofed-sender abuse at the cost of dropping some legitimate non-aligned forwarders.

• in_reply_to_email_id is now nullable - On inbound email responses, the in_reply_to_email_id field is now null for cold inbound messages instead of always referencing a parent outbound email. Threaded replies continue to populate this field as before. Consumers that assumed this field was always present should add a null check.

• accepts_cold_inbound on use case responses - The use case detail and list endpoints now include the accepts_cold_inbound field, reflecting whether each email use case accepts unsolicited inbound messages.

• Webhook callback payload updated - The inbound email received webhook callback now sends in_reply_to_email_id as null for cold inbound messages. Consumers should handle null values in this field.

Who is affected:

All consumers of inbound email endpoints and email use case endpoints. The in_reply_to_email_id field changing from always-present to nullable is a behavioral change - consumers that assume it is non-null should update their handling. The new accepts_cold_inbound field on use case create requests is required for email use cases going forward.

Conversation Lifecycle Predicate and Implicit Reactivation

Conversation responses now include a computed lifecycle field that tells you whether a conversation is actively in use, sitting idle, or permanently closed - without requiring you to interpret raw status values and timestamps yourself. Additionally, text sessions that resume after going idle no longer require an explicit reactivation step; the platform handles the transition automatically when the next message arrives.

What changed:

• New lifecycle field on all conversation responses - Every conversation summary and detail response now includes a lifecycle field with one of three values: active, dormant, or closed. This field is computed at read time from the conversation's status and how recently it was updated, so it always reflects the current state without requiring a separate status-refresh call.

• active - The conversation is not closed and was updated within the idle threshold for its channel. Voice and web conversations use a 5-minute threshold; SMS uses 30 minutes; WhatsApp and email use 60 minutes.

• dormant - The conversation is not closed but has been idle longer than the channel's threshold. The conversation can still be resumed by sending a new message.

• closed - The conversation has been permanently closed. No further interaction is possible.

• Implicit reactivation on resume - When a text session receives a new message after going idle, the platform automatically transitions the conversation back to an active state. Previously, consumers needed to call a separate reactivation endpoint before sending the next message. That extra round-trip is no longer necessary.

• Smarter session save behavior - Text sessions now distinguish between transient request boundaries and genuine dormancy when saving state. Sessions that end due to idle timeouts, duration limits, or disconnections save in a dormant state with compression. Sessions that end because a request completed save in an active state, avoiding unnecessary compression on every turn.