Skip to main content

v1.12.0 — May 2026

New — Read-only dashboard surface

Four new endpoints under /api/v1/incidents give programmatic access to the same data a moderator sees in the Tuteliq dashboard, scoped per API key:
  • GET /api/v1/incidents — paginated, filterable listing (category, severity, status, source, platform, external_id, customer_id, time-window). Cursor-based pagination. Optional include_summary=true decrypts the summary text per row (extra credit per row).
  • GET /api/v1/incidents/:id — full incident detail. Server-encrypted fields decrypted server-side; BYOK fields returned as hybrid envelopes for client-side decryption with the customer’s RSA private key.
  • GET /api/v1/incidents/overview — KPI snapshot over a time window (total, requires-review queue size, 24h/7d/30d totals, counts by category/severity/source/status, top 5 platforms).
  • GET /api/v1/incidents/trends — time-bucketed counts with per-bucket severity breakdown. Buckets: hour, day (default), week.
Available via @tuteliq/sdk 2.12+ (listIncidents, getIncident, getIncidentsOverview, getIncidentTrends) and @tuteliq/mcp 3.15.4+ (the four matching tools render as interactive dashboard widgets in MCP hosts).

Updated — detect_grooming 50-turn ceiling

Multi-turn detect_grooming calls have a documented ceiling of ~50 turns per request. Earlier this month a regression dropped the effective ceiling below 20 turns (the output-token budget was clipping the JSON response mid-message_analysis array, causing a parse failure that surfaced as analysis_status: "engine_error"). Fixed via an adaptive output budget that scales with conversation length (base + N × per-turn, capped at the model’s safe output ceiling). The graceful engine_error envelope still exists — beyond the ceiling, callers receive recommended_action: "flag_for_moderator" rather than a silent pass. For conversations beyond ~30 turns we recommend chunked sliding windows of 10–15 turns with continuation_token carrying trajectory state across calls. See Grooming detection for the tactic taxonomy and the long-conversation pattern.

Updated — meeting_request as a first-class grooming tactic

detect_grooming now returns meeting_request as a distinct flag (previously subsumed under boundary_pushing). Meeting attempts convert online risk into physical-safety risk and warrant a different operational response — most platforms route them directly to law-enforcement-aware workflows. The full six-tactic taxonomy is documented at Grooming detection.

New — Composable safety primitives

Documented cross_endpoint_modifier and vulnerability_profile on detect_vulnerability_exploitation. Both fields have been returning real data for months but were undocumented — they let agents amplify sibling detectors’ verdicts when a target is identified as vulnerable, and route to vulnerability-dimension-specific intervention workflows. See Composable safety primitives for the worked TypeScript + Python examples.

Fixed — Account observability endpoints

/account/consent and /account/audit-logs now respond reliably for accounts with larger or filtered datasets. Both endpoints are part of the GDPR / SOC 2 observability surface and should be considered stable for compliance workflows.

Fixed — Response key consistency across usage and pricing endpoints

/usage/monthly, /usage/history, and /pricing/details now return snake_case keys consistent with the rest of the API. SDK consumers no longer need to alias field names; existing snake_case-aware code works directly.

v1.11.0 — May 2026

Updated — Credit costs

Per-endpoint credit costs for text-detection endpoints have been updated. See Pricing & Credits for the full table. /analyse/multi now uses a 1 base + 1 per endpoint formula instead of summing per-endpoint costs (e.g. 3 endpoints = 4 credits, 7 endpoints = 8 credits). Server-side execution is parallel via Promise.allSettled, so the price reflects the actual wall-clock cost rather than the sum of individual calls.

v1.10.0 — May 2026

New — Prescreen lexicon for SDK-side filtering

Public endpoint GET /v1/prescreen/lexicon returns Tuteliq’s curated set of high-precision phrase patterns mapped to category flags. SDKs fetch it on startup, cache by version, and run it client-side against content before making an API call. Two wins:
  • Clearly-benign content never leaves the device (greetings, thanks, small talk → SDK skips the API call entirely)
  • Positive matches are attached as structured hints on the request via the new prescreen_flags field, giving the server a strong prior
v1 covers grooming, distress-signals, bullying, coercive-control, and self-harm crisis indicators in English. Multilingual coverage rolling out in subsequent lexicon versions. See the new Prescreen Lexicon page for the matching contract and SDK behaviour.

Improved — Continuation tokens now feed conversation trajectory into the LLM

When a continuation_token is supplied, the LLM now receives the derived conversation state (turn count, accumulated categories with max confidence, severity trajectory, last recommended action) as injected context for the new turn. Translation: the model considers escalation patterns across the whole conversation when scoring the new message — without us ever storing the conversation. This closes the gap between v1.9 (token carries state across calls; response shows trajectory) and the full conversation-aware analysis that was previously only available by re-sending conversation_history on every call. Same five endpoints: /safety/grooming, /safety/distress-signals, /safety/bullying, /safety/coercive-control, /safety/vulnerability-exploitation.

v1.9.0 — May 2026

New — Continuation tokens (privacy-first conversation memory)

Five safety endpoints now return a signed, opaque continuation_token in every response. Pass it back on the next call to get conversation-aware analysis without re-sending the conversation history and without Tuteliq ever storing it. The token IS the analysis state — you hold it, we hold the signature.
  • Supported: /safety/grooming, /safety/distress-signals, /safety/bullying, /safety/coercive-control, /safety/vulnerability-exploitation
  • What’s in the token: derived signals only — turn count, accumulated category confidences, severity trajectory, recommended actions
  • What’s NOT in the token: raw text, PII, anything we couldn’t already return in the public API response
  • Properties enforced by construction: per-key binding (cannot be replayed across customers), per-endpoint binding, tamper-evident HMAC, 24h default lifetime, bounded payload size
  • New request fields: continuation_token, reset_conversation, message_id
  • New response fields: continuation_token, continuation_expires_at, state_source (token / fresh / reset)
  • See the new Continuation Tokens page for usage, errors, and best practices
/safety/grooming’s legacy session_id continues to work but is scheduled for deprecation — the continuation token is the privacy-first replacement.

Backwards compatible

  • All existing requests work exactly as before. The new fields are optional.
  • If you send a stale or scope-mismatched token, you get a structured CONTINUATION_TOKEN_* error and can fall back to one call with conversation_history to re-seed.

v1.8.0 — May 2026

Breaking — Endpoint renamed: emotional-distressdistress-signals

POST /v1/safety/emotional-distress is removed. The endpoint is now POST /v1/safety/distress-signals — request and response shapes are unchanged. Calls to the legacy path return HTTP 410 Gone with a JSON body pointing to the new endpoint. Why: EU AI Act Article 5(1)(f) framing. The detector is and always was a content classifier — it identifies linguistic patterns in text that are historically associated with distress. The old name implied emotion recognition, which is prohibited in workplaces and educational institutions outside child-safety contexts. The rename, an updated prompt that explicitly disclaims emotion inference, and a published intended-use scope (safety component for child-safety; not for workplace or general-purpose education monitoring) keep the endpoint inside the Art 5(1)(f) safety exception. Action required:
  • Update integrations to call POST /v1/safety/distress-signals
  • In /analyse/multi, change endpoint ID emotional-distressdistress-signals
  • MCP tool renamed: detect_emotional_distressdetect_distress_signals
  • Settings keys (enabled_endpoints / disabled_endpoints) renamed accordingly
Response shape, categories (LONELINESS, FEELING_UNHEARD, OVERWHELM, etc.), exploitation-risk fields, and the 5-credit cost are unchanged.

Breaking — Removed: per-customer synthetic profile endpoint

GET /v1/safety/synthetic-content/profile/:customer_id is removed. The endpoint and the underlying per-customer aggregation have been deleted; stored aggregates have been purged from cache. Why: EU AI Act Article 5(1)(c) social-scoring concern and GDPR data minimisation. A per-natural-person aggregated synthetic-content score retained across detections resembles social scoring when used across unrelated contexts. Removing both the endpoint and the storage closes the retrieval surface and the stored artefact. Action required: If you were polling the profile endpoint, aggregate detection responses on your side instead. The per-call detection endpoints (/safety/synthetic-content, /image, /audio, /video) continue to return classifications unchanged.

v1.7.0 — May 2026

Emotional Distress Detection (Early Warning)

  • POST /v1/safety/emotional-distress — detects pre-vulnerability emotional distress signals before exploitation begins
  • Based on criminological research: emotional distress is both a consequence AND a driver of vulnerability to child sexual exploitation
  • 12 distress signal categories: loneliness, feeling unheard, overwhelm, low self-worth, trust-seeking, withdrawal, family conflict, identity distress, academic pressure, sleep disturbance, appetite change, emotional numbing
  • Exploitation risk assessment — returns per-type vulnerability scores for grooming, sextortion, trafficking, radicalisation, self-harm, and substance use
  • Vulnerability level scoring — none, low, elevated, high, critical
  • Key risk combinations: loneliness + trust-seeking = HIGH grooming risk; family conflict + withdrawal = HIGH trafficking risk; low self-worth + overwhelm = HIGH sextortion risk
  • 5 credits per call

Tech-Facilitated Gender-Based Violence (TFGBV) Detection

  • POST /v1/safety/tfgbv — detects technology-facilitated gender-based violence, rooted in gender inequalities and power imbalances
  • 13 TFGBV categories: image-based abuse, cyber stalking, online harassment, doxing, impersonation, outing, post-separation abuse, sextortion, digital coercion, sexualised deepfakes, gendered hate speech, reproductive surveillance, economic abuse digital
  • TFGBV amplifier assessment — identifies which technology amplifiers are active: scale, speed, anonymity, permanence, cross-border reach
  • Intersectionality flags — identifies compounding discrimination factors (LGBTQIA+, disability, racial, etc.)
  • Child-specific detection with heightened sensitivity for minors
  • 5 credits per call

Multi-Endpoint Support

  • Both new endpoints available in /analyse/multi — use endpoint IDs emotional-distress and tfgbv
  • MCP tools: detect_emotional_distress and detect_tfgbv

v1.6.1 — April 2026

Credit Pricing Update

All per-endpoint credit costs have been revised to reflect processing complexity more accurately. See Pricing & Credits for the full breakdown. Text & Safety Detections: 5 credits per call (was 1)
  • detectBullying, detectUnsafe, detectSocialEngineering, detectAppFraud, detectRomanceScam, detectMuleRecruitment, detectGamblingHarm, detectCoerciveControl, detectVulnerabilityExploitation, detectRadicalisation
Conversation-Based: 6 credits per 10 messages (was 1)
  • detectGrooming, analyzeEmotions
Analysis & Guidance:
  • getActionPlan: 9 credits (was 2)
  • generateReport: 13 credits (was 3)
Media:
  • analyzeImage: 7 credits (was 3)
  • analyzeVoice: 21 credits base + 15 per extra minute over 60s (was flat 5)
  • analyzeVideo: 95 credits (was 10)
  • Voice stream (per flush): 7 credits (was 1)
  • Video stream (per frame): 7 credits (was 3)
  • detectSyntheticContent: 5 credits (was 2)
Verification:
  • verifyAge (full): 20 credits (was 5)
  • verifyAge (liveness only): 10 credits (new)
  • verifyIdentity: 25 credits (was 10)
Document Analysis:
  • analyzeDocument: minimum 10 credits (was 3)

Age & Identity Verification Improvements

  • Liveness-only mode now charged at 10 credits (reduced from full verification cost)
  • Passport number validation — passport document numbers are no longer incorrectly validated against national ID formats (e.g., Swedish personnummer)
  • Vision AI OCR fallback — when Tesseract OCR fails, document fields (name, DOB, document number) are extracted via vision AI and the confidence score reflects the extraction quality
  • i18n for camera overlay — all liveness challenge text (instructions, blink/smile prompts) now translates correctly when switching languages

v1.6.0 — April 2026

Multi-Signal Forensic Synthetic Content Detection

The synthetic content detection pipeline has been completely rebuilt into a multi-signal forensic system that runs up to 6 independent analysis engines in parallel for images and 5 for video — replacing the previous single-model approach. Image Detection — 6-Signal Pipeline:
  • EXIF Metadata Extraction — Detects AI generator signatures in EXIF tags, XMP data, and PNG tEXt chunks (Stable Diffusion parameters). Flags suspicious absence of camera metadata (no camera model + no GPS + high resolution).
  • Pixel Statistics — Shannon entropy, Laplacian edge density, and channel uniformity analysis. GAN images produce distinctive statistical signatures.
  • C2PA Content Credentials — Detects and validates C2PA manifests from DALL-E 3, Adobe Firefly, Google Imagen. When C2PA declares AI generation, the result is forced to confirmed_synthetic with confidence ≥ 0.95.
  • Invisible Watermark Detection — High-frequency energy analysis, periodic pattern detection at known watermark frequencies, LSB distribution analysis, and corner entropy checks.
  • Perceptual Hashing (pHash) — DCT-based 64-bit perceptual hash compared against a Redis-backed database of known synthetic content via Hamming distance. Matches force confirmed_synthetic.
  • Weighted Signal Aggregation — All signals aggregated into a weighted ensemble (vision 30%, metadata 15%, pixel stats 15%, C2PA 15%, watermarks 10%, pHash 15%) with fault isolation via Promise.allSettled.
Audio Detection — Spectral Forensics:
  • Mel Spectrogram Analysis — FFmpeg generates a mel spectrogram image, analyzed by a dedicated vision prompt for frequency band uniformity, harmonic anomalies, missing breath noise, onset/offset patterns, and aliasing artifacts.
  • Quantitative Audio Statistics — RMS mean/peak, dynamic range, silence ratio, flat factor, and DC offset extracted via FFmpeg astats filter.
  • Spectral analysis runs in parallel with transcription. Even speech-free audio can be flagged if spectral patterns indicate synthesis.
Video Detection — Temporal + Lip-Sync:
  • Temporal Consistency Analysis — face-api.js tracks face identity across frames via 128-dimensional descriptor Euclidean distance. Real faces: < 0.4, deepfakes: spikes > 0.6. Landmark stability measured via eye-to-nose ratio variance.
  • Lip-Sync Correlation — Mouth openness from 68-point face landmarks correlated against frame-aligned audio energy. Pearson correlation > 0.5 = authentic, < 0.3 = deepfake. Detects silent mouth movement and voice-without-movement.
  • All 5 video analysis tracks (per-frame vision, temporal consistency, lip-sync, spectral, transcription) run via fault-isolated Promise.allSettled.
Account-Level Profiling:
  • GET /v1/safety/synthetic-content/profile/:customer_id — 30-day rolling window with synthetic count, account score, trend detection (increasing/stable/decreasing), and category distribution.
  • Automatic, zero-cost profiling when customer_id is provided on any detection request.
New Response Fields (additive — no breaking changes):
  • Image: metadata_analysis, provenance, forensic_signals, perceptual_hash, known_synthetic_match
  • Audio: audio_stats, spectral_signals
  • Video: temporal_consistency, lip_sync, audio_stats, spectral_signals

Age & Identity Verification Improvements

  • ICAO 9303 MRZ Validator — Full check digit validation for TD1 (ID cards, 3×30), TD2 (ID cards, 2×36), and TD3 (passports, 2×44) Machine Readable Zones with weighted mod-7 algorithm
  • PDF417 Barcode Reader — Decodes AAMVA-structured data from US/Canadian driver’s licenses via zxing-wasm — extracts name, DOB, expiry, document number, address, and more
  • 45-Country Document Number Validator — Algorithmic check digit verification for CPF (Brazil), personnummer (Sweden), Aadhaar (India), Codice Fiscale (Italy), CURP (Mexico), SSN (US), SIN (Canada), TFN (Australia), and 37 more country-specific document formats
  • Visual Liveness Analyzer — Multi-signal liveness detection: landmark motion analysis, texture analysis (Laplacian variance + moire detection), depth cue analysis (face/background sharpness ratio), and cross-frame consistency checks
  • AI-Powered Document Authenticator — Vision model analyzes document layout, security features, fonts, color consistency, and photo integration against known templates. Detects screen photos, printout recaptures, and digital manipulation.
  • MRZ/OCR/Barcode Cross-Referencing — Compares name, DOB, and document number between MRZ, OCR text, barcode data, front and back sides, flagging any inconsistency as potential tampering

v1.5.0 — March 2026

Document Analysis

  • POST /v1/safety/document — Upload a PDF (max 50 MB, 100 pages) for multi-endpoint safety analysis with per-page detection results
  • Supports 8 detection endpoints: unsafe, bullying, grooming, social-engineering, coercive-control, radicalisation, romance-scam, mule-recruitment
  • SHA-256 document hashing for chain-of-custody verification in compliance audits
  • Zero-retention processing — no document data stored after response
  • Bounded concurrency (3 pages at a time) with text chunking for long pages

Dynamic Credit Pricing for Documents

  • Document analysis uses per-page, per-endpoint pricing: max(10, pages_analyzed × endpoint_count) (minimum updated in v1.6.1)
  • Each page-endpoint combination costs 1 credit
  • Minimum charge of 10 credits covers extraction overhead
  • Examples: 5 pages × 3 endpoints = 15 credits; 20 pages × 8 endpoints = 160 credits

Model Refinements

  • TCO Regulation classification — Radicalisation responses now include EU Regulation 2021/784 Art. 2(7) content classification
  • Self-harm CONTAGION sub-category — Detects suicide pacts, method sharing, cluster effects, and gateway escalation
  • PII/Doxxing detection — New PII_DOXXING category for doxxing threats and digital footprint weaponisation
  • Legacy response normalization — Bullying, grooming, and unsafe endpoints now include a normalized block with a unified response shape matching newer endpoints

v1.4.4 — March 2026

New Features

  • country context field — Pass an ISO 3166-1 alpha-2 country code (e.g., "GB", "US", "SE") in the context object to receive geo-localised crisis helpline data in detection responses. Falls back to user profile country if omitted.
  • Improved action escalation for minors — All detection endpoints now enforce a minimum flag_for_review action when harm is detected and the subject is a minor. Criminal indicators (SEXTORTION, TRAFFICKING, CSAM, DEBT_BONDAGE, FORCED_CRIMINALITY, HONOUR_ESCALATION) targeting minors automatically escalate to immediate_intervention.
  • Graduated risk scoring — Risk scores now use the full 0.0–1.0 range with graduated bands instead of clustering around a single value.
  • Evidence tactic normalization — Evidence tactic fields are now always returned in SCREAMING_SNAKE_CASE format (e.g., "EMOTIONAL_MANIPULATION" instead of "Emotional Manipulation").

SDK Releases

  • @tuteliq/sdk v2.5.0 — adds country context field, graduated risk scoring, tactic normalization
  • @tuteliq/mcp v3.7.0 — adds country context field, minor action escalation, tactic normalization

v1.4.3 — March 2026

Bug Fixes & Improvements

  • support_threshold now works correctly across all 11 detection endpoints — setting "critical" correctly suppresses crisis helplines for High severity results. Previously the parameter was accepted without error but had no effect on the response.
  • sender_trust: "verified" fully suppresses AUTH_IMPERSONATION — verified senders no longer trigger impersonation detection. Routine urgency (schedules, deadlines, appointments) is also suppressed. Only genuinely malicious elements (credential theft, phishing links, financial demands) will flag a verified sender.
  • Empty categories field in detect_unsafe fixed — stronger prompt enforcement and code-level fallback extraction ensure the categories array is populated when the rationale references specific harms.
  • MCP session recovery — stale MCP sessions (after Cloud Run deployment or instance recycling) now recover transparently without requiring the client to reconnect.

Documentation

  • Added support_threshold behaviour reference to API docs, Node SDK, and MCP README
  • Added sender_trust effect on scoring to all documentation
  • Added analyse_multi accepted endpoint values to MCP README and API docs
  • Added complete context field reference across all packages

SDK Releases

  • @tuteliq/sdk v2.4.0 — adds confidence to AnalyzeResult, optional risk_level to UnsafeResult
  • @tuteliq/mcp v3.5.0 — wires support_threshold through all detection MCP tools, shows confidence and support in analyze tool

v1.4.2 — March 2026

Full EU Language Coverage

  • Added 13 new languages: Romanian (ro), Greek (el), Czech (cs), Hungarian (hu), Bulgarian (bg), Croatian (hr), Slovak (sk), Lithuanian (lt), Latvian (lv), Estonian (et), Slovenian (sl), Maltese (mt), Irish (ga)
  • Tuteliq now supports 27 languages — all 24 EU official languages + Ukrainian, Norwegian, and Turkish
  • Enhanced all language entries with grooming indicators, self-harm coded vocabulary, filter evasion techniques, and youth slang coverage
  • All new languages are in Beta status

v1.4.1 — March 2026

Language Support Expansion

  • Added 4 new languages: Dutch (nl), Polish (pl), Italian (it), Turkish (tr)
  • Tuteliq now supports 14 languages with auto-detection and culture-aware analysis
  • Each language includes culturally-specific safety guidelines, slur databases, and prompt calibration
  • All new languages are in Beta status

v1.4.0 — March 2026

Age Verification (Beta)

  • POST /v1/verification/age — verify user age through document analysis and biometric age estimation
  • Supports government-issued ID documents (passport, driving licence, national ID)
  • Biometric age estimation from selfie photo
  • Returns verified, estimated_age, age_range, confidence, and document_type
  • 20 credits per verification (updated in v1.6.1)
  • Available on Pro tier and above

Identity Verification (Beta)

  • POST /v1/verification/identity — confirm user identity with document verification and liveness detection
  • Document authenticity checks (MRZ validation, hologram detection, tamper analysis)
  • Liveness detection to prevent spoofing (photo-of-photo, screen replay, mask attacks)
  • Face matching between document photo and selfie
  • Returns verified, match_score, liveness_passed, document_authenticated, and flags
  • 25 credits per verification (updated in v1.6.1)
  • Available on Business tier and above

Tier Access

  • Age Verification requires Pro tier ($99/mo) or above
  • Identity Verification requires Business tier ($349/mo) or above
  • Both features are in Beta — endpoints and response schemas may evolve

v1.3.0 — February 2026

Fraud Detection Endpoints

  • POST /v1/fraud/social-engineering — detect social engineering tactics: pretexting, impersonation, urgency manipulation, authority exploitation
  • POST /v1/fraud/app-fraud — identify fraudulent app promotion, fake reviews, malicious download links, and clone app distribution
  • POST /v1/fraud/romance-scam — detect romance scam patterns: love-bombing, financial requests, identity fabrication, isolation tactics
  • POST /v1/fraud/mule-recruitment — flag money mule recruitment: easy money offers, account sharing requests, laundering language

Safety Extended Endpoints

  • POST /v1/safety/gambling-harm — detect gambling harm: underage gambling promotion, addiction patterns, predatory odds, bet pressure
  • POST /v1/safety/coercive-control — identify coercive control: isolation tactics, financial control, monitoring/surveillance, threat patterns
  • POST /v1/safety/vulnerability-exploitation — detect exploitation of vulnerable individuals with cross-endpoint vulnerability modifier and vulnerability profile scoring
  • POST /v1/safety/radicalisation — flag radicalisation indicators: extremist rhetoric, us-vs-them framing, recruitment patterns, dehumanisation

Multi-Endpoint Analysis

  • POST /v1/analyse/multi — fan-out a single text to up to 10 detection endpoints in parallel
  • Automatic vulnerability modifier: when vulnerability-exploitation is included, its cross-endpoint modifier adjusts severity scores across all other results
  • Aggregated response with summary.highest_severity, summary.total_credits_used, and per-endpoint breakdown
  • Supports both legacy (bullying, grooming, unsafe) and new detection endpoints

SDK & Tool Support

  • All new endpoints available across all SDKs: Node.js, Python, Swift, Kotlin, Flutter, React Native, .NET, Unity
  • CLI — new detect social-engineering, detect app-fraud, detect romance-scam, detect mule-recruitment, detect gambling-harm, detect coercive-control, detect vulnerability-exploitation, detect radicalisation, and detect multi commands
  • MCP Server — 10 new tools for fraud, extended safety, multi-endpoint analysis, and video analysis

Tier Access

  • New endpoints require Indie tier or above (Starter tier retains access to bullying, grooming, and unsafe only)
  • All new endpoints cost 5 credits per call (updated in v1.6.1); multi-endpoint costs the sum of individual endpoints

v1.2.0 — February 2026

Video Analysis

  • POST /v1/safety/video — upload a video file (mp4, webm, quicktime, avi — max 100MB, 10 min) and receive per-frame vision analysis with flagged timestamps
  • Frame extraction powered by ffmpeg with configurable max_frames (default 10, max 20)
  • Aggregated overall_risk_score and overall_severity across all frames
  • Automatic incident recording and webhook alerts for flagged videos
  • 95 credits per video analysis (updated in v1.6.1)

Video Streaming

  • WebSocket voice streaming now supports video frames alongside audio
  • Send video frames as binary with a 0x01 prefix byte; audio uses 0x00 or no prefix (backward compatible)
  • New frame_analysis server event with per-frame vision results
  • New config options: enable_video, frame_interval_seconds (min 3s, default 5s)
  • session_summary event now includes video_frames_analyzed count
  • 7 credits per video frame analysis (updated in v1.6.1)

Voice Streaming Enhancements

  • Updated authentication: ?api_key= query param or Authorization: Bearer header
  • Tier-based connection limits (1 for Starter, up to unlimited for Enterprise)
  • Subscription-aware credit tracking per flush
  • Heartbeat ping/pong every 30 seconds for stale connection detection

v1.1.0 — February 2026

Multilingual Support

  • 27 languages supported — English (stable), all 24 EU official languages + Ukrainian, Norwegian, Turkish (beta)
  • Layered auto-detection — Trigram analysis (franc) confirmed by LLM-based detection for maximum reliability
  • Culture-aware analysis — Language-specific guidelines for local slang, idioms, and harmful terms injected into classification prompts
  • All safety endpoints now return language, language_status, and detected_language fields in responses
  • No explicit language parameter required — detection is fully automatic

v1.0.0 — February 2026

Initial public release of the Tuteliq API.

Safety Endpoints

  • POST /v1/safety/unsafe — detect harmful content across all nine KOSA categories
  • POST /v1/safety/bullying — dedicated bullying and harassment detection
  • POST /v1/safety/grooming — conversation-level grooming pattern analysis
  • POST /v1/safety/voice — audio file transcription and safety analysis
  • POST /v1/safety/image — image analysis for visual content risks

Analysis & Guidance Endpoints

  • POST /v1/analysis/emotions — emotional well-being analysis from text and conversations
  • POST /v1/guidance/action-plan — age-appropriate guidance and intervention recommendations
  • POST /v1/reports/incident — structured safety report generation

Voice Streaming

  • WSS /v1/safety/voice/stream — real-time voice moderation via WebSocket with configurable severity thresholds

Webhooks

  • POST /v1/webhooks — register webhook endpoints for safety alerts and batch events
  • HMAC-SHA256 signature verification on all webhook deliveries
  • Automatic retry with exponential backoff (3 attempts)

GDPR Compliance

  • DELETE /v1/account/data — right to erasure (Article 17)
  • GET /v1/account/data/export — right to data portability (Article 20)
  • PATCH /v1/account/data — right to rectification (Article 16)
  • Consent management endpoints for granular data processing consent
  • Public transparency endpoints: DPA, sub-processors, retention policy

SDKs & Tools

Platform

  • Credit-based billing with per-endpoint pricing
  • Tier-based rate limiting (Free, Basic, Premium, Enterprise)
  • API key authentication via Bearer token or x-api-key header
  • Full KOSA harm category coverage with age-calibrated severity scoring