This release focuses on making a few high-impact actions safer and more dependable, especially when they run in the background or involve larger batches of data.
You will see more consistent behavior around auto-titles, exports, and account deletion, plus clearer messaging when requests are rate-limited.
New capabilities
Workflow-powered chat title generation is now supported end to end. Title generation can run in an authorized workflow context, and the app now saves generated titles via a dedicated mutation that is designed for generated names.
The sidebar title regeneration flow now gives clearer guidance when a title cannot be generated, including a specific prompt to connect an OpenRouter key when that provider is selected.
New workflow endpoints are now available for common operations that can take longer or need stricter controls. This includes chat export, account deletion, and a cleanup workflow for batch record cleanup.
Security and reliability updates
Stricter authorization and safer request handling were added across workflow endpoints and related server helpers. Workflow calls no longer forward session cookies or Convex tokens to third-party workflow infrastructure, and auth references are short-lived and consumed once.
Rate limiting was expanded in a few sensitive areas, including OpenRouter key updates and models fetching, to reduce abuse and provide more predictable behavior under load.
Cleanup safeguards were tightened to prevent accidental oversized operations. Cleanup runs are token-gated, use constant-time comparisons, and enforce strict bounds for retention and batch sizes.
Title safety was improved by stripping HTML tags when sanitizing titles, helping prevent unwanted markup from showing up in chat names.