Skip to content
← Back to homeRELEASE NOTES

Changelog

Every shipped milestone, in reverse chronological order.

Forge — Changelog

Major features and milestones, inferred from git history. Grouped by feature area.

2026-03-27: 3D Graph & Documentation

  • 3D knowledge graph on landing page using React Three Fiber (R3F) + Drei + Three.js
  • Constellation-style visualization with auto-rotating purple-palette nodes and straight edges
  • Full internal documentation refresh (CLAUDE.md, README, architecture, API reference, database schema, roadmap, vault capability audit, changelog)

2026-03-24–26: Post-Audit Hardening

  • 145-bug audit sweep completed (see AUDIT-FIXES-LOG.md) — critical through low severity
  • Data retention policy documentation
  • Worker resilience: memory cleanup, temp paths, stale recovery guard, connection pool sizing
  • Billing edge cases: payment recovery webhook, concurrent subscription protection, Stripe client retry
  • Defense-in-depth: user_id scoping on node_entities, chat_messages, clear-dead, ensure-linked, lite-ingest, profiler
  • Performance: SQL aggregation for costs, RPC orphan detection, parallel linking steps
  • Duplicate filename handling: storage path as source_file, dropped unique constraint

2026-03-23: Security, Reliability & Performance

  • SEO optimization: OpenGraph metadata, JSON-LD structured data (Organization, SoftwareApplication, WebSite, FAQPage), enhanced robots.txt and sitemap.xml
  • Edges user_id column (migration 018) for defense-in-depth user scoping without joins
  • Circuit breaker for external APIs (Anthropic, OpenAI) — 5 failures/60s trips to OPEN, 30s cooldown
  • Stripe webhook idempotency via stripe_webhook_events table (migration 017) with unique constraint deduplication
  • invoice.payment_failed Stripe webhook handler — marks subscriptions past_due with billing-specific 402 responses
  • N+1 query fix in /api/files — batched node/edge queries instead of per-file loops
  • IPv6 SSRF protection on URL imports (loopback, link-local, unique-local, IPv4-mapped ranges)
  • Replaced all silent .catch(() => {}) blocks with Pino structured logging across 15+ files
  • UUID validation on all .or() PostgREST filter interpolations (SQL injection prevention)
  • Rate limiting on service key endpoints (/api/link-node, /api/vault/fix-orphans)
  • search_by_embedding RPC function (migration 016) for RAG context retrieval in chat
  • RAG retriever in chat pipeline — embeds user message, queries similar vault nodes, injects as context
  • Health check endpoint (/api/health) — public, for uptime monitors
  • Retroactive orphan fix endpoint (/api/vault/fix-orphans) — service key internal maintenance
  • Environment variable validation at startup via Zod schema (src/lib/env.ts)
  • Email utility stub (src/lib/email.ts) — placeholder for future provider integration
  • Tiered rate limiting (auth 10/min, data 60/min, service 120/min) replacing flat 8/min
  • Zod input validation and CORS policy on all API routes
  • Chat error recovery with rate limit retry and connection drop handling
  • Response buffering with thinking indicator and contextual hint chips

2026-03-22: Usage Tracking & Polish

  • Rate limiting (8 req/min per user, in-memory) on expensive endpoints
  • Monthly usage tracking via monthly_usage table with plan-based limits
  • Dual-tier file ingestion (full vs lite mode, silent switch)
  • Admin dashboard real-time polling with live update indicator
  • Solar system knowledge graph visualization (dual-mode UI)
  • Hero section revamp with visible graph lines and draggable nodes
  • Landing page honesty pass — removed fake metrics, fixed pricing, added real waitlist
  • Added privacy policy and terms of service pages
  • Enabled strict TypeScript and ESLint checking in production builds
  • Removed dead code, unused imports, and Rocket.new artifacts
  • Various bug fixes (admin panel flash, worker download, MIME mismatch, auth/settings)

2026-03-21: Visual Design Overhaul

  • Complete landing page redesign (Tron CLU theme — orange/amber on dark)
  • Typography overhaul + color palette refinement
  • Extracted 580+ inline styles to Tailwind classes
  • Created shared UI components (Button, Card, HudStat, Input, Skeleton, Toast)
  • Dashboard polish — HUD animations, upload zone styling, skeleton states
  • Vault polish — CSS variables, content previews, card styling
  • Chat polish — terminal styling, blinking cursor, stage progress rail
  • Settings polish — sidebar tabs, shared components, chart restyle
  • Framer Motion animations — scroll reveals, micro-interactions, skeletons
  • Favicons, OG image, PWA manifest generation
  • D3 force-directed knowledge graph visualization
  • URL import for Google Drive + any public HTTP URL
  • Google Drive OAuth integration scaffolded (stub routes, settings UI)
  • Mobile responsiveness across all pages
  • Stripe billing integration (routes built, env vars need real keys)
  • Voice-to-text input in ideation chat (Web Speech API)

2026-03-20: Feature Buildout + Production Launch

Core Features

  • Vault CRUD, entity query, traverse, merge, batch search API routes
  • Vault maintenance routes (health scorecard, summary, hubs, orphans, sweep, rebuild-links)
  • Dense force-directed graph with settings panel and dark theme
  • Google Drive import + mobile responsive overhaul
  • Admin dashboard with plan management, token tracking, cost dashboard
  • Cross-session memory and post-chat profile enrichment
  • Chat insights written back to knowledge graph as nodes and edges
  • Conversation delete functionality (single and bulk)
  • Quick capture endpoint

Production Hardening

  • Production health check audit and fixes (API guards, worker skip logic, Stripe encoding, account error handling)
  • Auth routing, frontend wiring, chat/profiling, and upload bug fixes
  • Worker resilience improvements (slow DB connections, IPv4 resolution, download retries)
  • Railway Docker build fixes
  • Next.js security update (15.5.14)
  • TypeScript errors fixed, vault types widened, plan-aware usage limits, API route hardening

Deployment

  • Full backend + frontend wired (Phase 2 complete)
  • Vercel deployment with auto-deploys from GitHub main
  • Railway worker deployment (Python Docker container)
  • Supabase PostgreSQL with pgvector
  • DNS configuration (Porkbun → Vercel)

2026-03-19: Project Start

  • Initial commit: frontend scaffold from Rocket.new
  • Project documentation (architecture doc, split roadmap)
  • Next.js 15 + Tailwind + TypeScript + Clerk auth setup