Changelog

Release history and notable updates

Sourced from documentation/changelog.md.

Changelog

This file is the release history source going forward.

[Unreleased] - 2026-02-27

  • Added a new sitewide legal agreement system with tailored Terms of Service and Privacy Policy pages, explicit AI/LLM disclosures, and reusable acceptance tracking.
  • Updated registration to require acceptance of the current Terms of Service and Privacy Policy before account creation.
  • Added a dedicated legal agreements acceptance page plus profile status surfaces so existing users can review and accept updated documents after sign-in.
  • Enforced current legal acceptance before payment, subscription, credit-pack, and App Builder purchase flows can start checkout.
  • Added a self-service account deletion flow on the editable profile page with two staged confirmations, typed email/username verification, and active-subscription safety blocking.
  • Expanded the main /profile page into a full account settings hub for profile details, password updates, 2FA management, and account deletion.
  • Refactored reusable account-settings and 2FA cards so profile and security pages share the same settings logic instead of maintaining separate implementations.
  • Expanded delete-account confirmation matching to accept Discord name in addition to email or username, with shared helper messaging across the UI and API.
  • Fixed the /legal/agreements deploy build path by moving useSearchParams() behind a Suspense boundary so static prerendering completes successfully.
  • Added unit tests covering site legal acceptance helpers, safe legal redirect handling, and account deletion confirmation matching.
  • Added production-aware database manager mode detection with a dedicated production view that disables directional sync actions by default.
  • Added runtime MongoDB status summaries to database manager APIs, including environment/view mode, configured DB name, masked URI details, and runtime overview collection counts.
  • Added read-only runtime endpoint support for the database explorer so production admins can inspect live site data without enabling sync writes.
  • Improved local-to-production push verification messaging to show source runtime DB, post-run runtime DB, and target sync DB names after live push.
  • Added optional environment override DB_MANAGER_FORCE_VIEW_MODE to explicitly force local/production database manager UI mode.
  • Added unit tests for runtime database view mode resolution and runtime overview behavior (testing/unit/lib/database-sync/runtime-database.test.ts).
  • Added a new persistent site notification system with live socket popups, unread/read tracking, and a global notification center UI.
  • Added notification preference APIs and profile controls for toggling live site notifications and notification sounds.
  • Added admin live notifications for new user registrations, new app project requests, and new consultation requests.
  • Added user live notifications for project contacts/progress updates, project approval decisions, and request submission confirmations.
  • Added project-linked chat room orchestration and a new dashboard workspace section for active project conversations.
  • Added priority ping flow in chat, including configurable credit cost (CHAT_PRIORITY_PING_COST) and admin alerting.
  • Enforced verified-account chat access across chat APIs, socket chat handlers, and chat UI entry points; guest chat now returns disabled status.
  • Improved socket connection sharing to avoid duplicate client socket connections across multiple components.
  • Added unit tests for chat-access eligibility logic and included coverage mapping for the new module.
  • Added new env knobs for realtime behavior: SITE_NOTIFICATIONS_DEFAULT_ENABLED and CHAT_PRIORITY_PING_COST.
  • Added channel-level notification preferences (default-on) for system/account/app-builder/project/consultation/DM/mention/priority categories.
  • Added chat DM and @mention live notification delivery with anti-noise safeguards (active-room suppression + short throttle window).
  • Added app-builder activity notifications for new project draft creation and project-room provisioning in draft flow.
  • Improved mobile chat UX by fixing room list overlay behavior and reducing panel overload when switching rooms/friends/DM views.
  • Added unit tests for notification channel mapping/merge helpers and chat notification parsing/throttle helpers.
  • Fixed floating chat launcher eligibility checks and restored reliable rendering for verified users.
  • Moved the floating chat bubble/window placement to bottom-left for faster access.
  • Added notification dismiss support (per-notification) and read-receipt visibility (Unread vs Read <timestamp>).
  • Added scalable project-chat assignment APIs so admins/managers can manage project room participants.
  • Replaced floating chat bubble usage with dashboard-driven chat entry and moved user chat access to an explicit dashboard button.
  • Removed the dedicated sign-out button from the MonyAdmin dashboard header to reduce overlap with fixed notification controls.
  • Reworked chat UI toward a project-first, Discord-like channel layout (project channels first, compact dark theme, embedded chat view).
  • Added moderation flow for chat message deletion (owner or chat.moderate) with realtime message:deleted events.
  • Added anti-spam message rate limiting for chat/API sends (CHAT_RATE_LIMIT_WINDOW_MS, CHAT_RATE_LIMIT_MAX_MESSAGES).
  • Added message length and retention pruning controls to reduce storage bloat (CHAT_MESSAGE_MAX_LENGTH, CHAT_ROOM_MESSAGE_RETENTION_LIMIT, CHAT_ROOM_PRUNE_INTERVAL_MS).
  • Added a new MonyAdmin Runtime Configuration section with DB overrides that use .env.local values as baseline defaults.
  • Wired runtime configuration values into chat priority ping cost, chat rate limits, chat message retention limits, upload size limits, and App Builder credit defaults.
  • Added admin runtime configuration API endpoints (/api/admin/settings/runtime-config) for load/update/reset operations.
  • Moved dashboard chat entry to an explicit top-right Dashboard action button (with admin action below it) for reliable visibility on desktop and mobile.
  • Added unit tests for runtime config resolution and updated chat rate-limit tests for async runtime-config-backed limits.
  • Restored the floating auth quick-actions Chat button and positioned it between Dashboard and Admin actions.
  • Improved chat resiliency by adding REST fallbacks for room message loading/sending when socket connection is unavailable, preventing stuck loading states.
  • Fixed channel switching regression where the initial room could override manual room changes in chat.
  • Fixed embedded chat channel switching so the initial route room no longer overrides manual channel selection.
  • Added per-channel online presence: channel list online badges plus a dedicated active-channel presence panel.
  • Added room presence API (/api/chat/rooms/[id]/presence) and project-room online count enrichment for scalable channel presence data.
  • Added live project-channel online badges driven by room participant IDs and current socket presence.
  • Fixed channel online-count math to deduplicate repeated presence IDs so badge totals stay accurate.
  • Removed read-rate limiting on message history fetches to avoid blocked channel navigation and improve chat reliability.
  • Hardened message loading with request cancellation so fast room switches cannot render stale history.
  • Refined the embedded chat workspace to be more integrated and mobile-friendly with adaptive panes (channels, friends, DMs, and people).
  • Hardened room-presence API handling for invalid room IDs and mixed online user IDs to prevent presence fetch failures.
  • Updated channel presence panel to degrade gracefully when presence calls fail, while keeping live online count from socket state.
  • Improved message list behavior by switching to container-level autoscroll (prevents page jump on room open/switch).
  • Added avatar-image fallback rendering for chat messages and presence cards to avoid broken-image placeholders.
  • Updated channel badges to show activity status (live, recent, idle) instead of raw zero-only counts.
  • Added a full People directory for chat with searchable member listing, presence state, and in-panel friend request actions.
  • Expanded friends API responses to include incoming/outgoing pending requests and wired in-chat accept flow.
  • Reworked DMs into a selectable direct-message conversation list so DM navigation behaves like channel selection.
  • Added role-aware chat identity badges (Admin/Manager/Moderator, subscription tier, active project count, custom roles) with color accents for member names.
  • Surfaced identity badges consistently across messages, People, Friends, and DM conversation lists.
  • Added chat safety tooling: user block/unblock controls plus report submission from chat surfaces.
  • Added internal moderation pipeline for reports (/api/chat/reports) with MonyAdmin review queue and staff notification dispatch.
  • Blocked DM message sends when either participant has blocked the other to enforce moderation boundaries.
  • Refined chat UI layout to eliminate overlap in member cards (wrapped role badges, compact project labels, and action rows that stack cleanly).
  • Improved chat workspace responsiveness with tuned desktop sidepane widths and true full-height mobile drawers for channels/friends/DMs/people.
  • Polished chat visual hierarchy with upgraded header controls, improved spacing/contrast, and mobile-friendly message input/button behavior.
  • Added right-side safe spacing on /chat so fixed quick-action controls do not crowd the main chat workspace.
  • Added expandable tag displays in both People and Friends tabs so dense role/tier/project/user tags stay readable while preserving layout space.
  • Added staff moderation controls in chat People tab for admins/managers/moderators to manage custom user tags and moderation settings.
  • Added chat moderation user API (/api/chat/moderation/users/[id]) supporting tag updates, soft chat bans, hard account bans, IP bans, and device bans.
  • Added persistent security-ban model/service for IP/device enforcement and wired checks into chat eligibility and sign-in flows.
  • Updated registration flow to record client IP/device fingerprint and deny registration for actively banned networks/devices.
  • Fixed Google OAuth redirect_uri_mismatch regression by prioritizing explicit AUTH_URL/NEXTAUTH_URL in local auth URL resolution before request-derived origins.
  • Fixed Auth.js ClientFetchError: Failed to fetch on local alternate hosts/ports by removing forced cross-origin /api/auth/* redirects and restoring request-origin priority for local auth URL resolution.
  • Restored local auth env baseline to localhost:3000 while keeping request-origin auth URL resolution for dynamic local host/port usage (including 3001 fallback scenarios).
  • Aligned runtime auth environment updates to set both AUTH_URL and NEXTAUTH_URL per request in the auth route for consistent local OAuth callback generation.
  • Switched Google OAuth start on login/register to native form POST (CSRF + callback URL) instead of fetch-based signIn redirect to improve PKCE cookie persistence in strict/private browser modes.
  • Added local-only production DB safeguards for sync/explorer endpoints (with optional override via DB_SYNC_ALLOW_REMOTE_PRODUCTION_ACCESS).
  • Added admin tunnel controls on /MonyAdmin/database to start/restart/stop the production Mongo SSH tunnel using existing PowerShell scripts.
  • Added a one-click validated pull workflow (Production -> Local) alongside existing local-first push controls.
  • Added a unified admin server-log viewer (database-sync, deploy, auth, mail-delivery) with tail and clear actions.
  • Added persistent database-sync.log capture for sync runs and DB management failures to improve incident debugging.
  • Expanded admin server-log tooling with separate local/production sections, per-log-type panels, searchable tails, and per-type clear actions.
  • Improved DB sync preflight loopback error details to include resolved host/port context and explicit SSH tunnel fix values (127.0.0.1:37017 + MONGODB_SYNC_ALLOW_LOOPBACK_PRODUCTION=true).
  • Added Mongo security/stability status API (/api/database/security/status) plus an admin hardening panel for production readiness checks.
  • Increased chat people-directory limits and enabled direct DM initiation from People cards for all visible users (not only existing friends).
  • Added a feature-flagged Chat link to top navigation so chat entry is consistent with other enabled sections.
  • Added new env examples for Mongo stability tuning and split log directories (SERVER_LOG_LOCAL_DIR, SERVER_LOG_PRODUCTION_DIR).

[0.5.3] - 2026-02-26

  • Added first-class SendPulse email provider support (MAIL_PROVIDER=sendpulse) with OAuth client-id/client-secret flow.
  • Added SendPulse fallback routing in the mail pipeline plus delivery logging for SendPulse outcomes.
  • Expanded deploy env override key support and templates for SENDPULSE_* variables.
  • Improved email error normalization for SendPulse configuration/auth failures.

[0.5.2] - 2026-02-25

  • Improved deploy robustness and overall runtime stability.
  • Centralized App Builder pricing logic and strengthened terms enforcement.
  • Refined auth URL resolution and OAuth reliability.
  • Improved local deploy env override: selected keys now sync add/update/remove behavior and include Forward Email/SMTP compatibility plus SendPulse defaults.

[0.4.42] - 2026-02-24

  • Added SSH client workflows.
  • Expanded production database sync management.

[0.4.30] - 2026-02-20

  • Improved database and deployment management workflows.

[0.4.25] - 2026-02-14

  • Refactored deployment flow for safer release handling.
  • Enhanced App Builder flow and resume output behavior.

[0.4.22] - 2026-02-14

  • Added multiple resume export formats and dynamic content handling.
  • Improved email delivery and admin broadcast tooling.
  • Added support ticket workflow improvements.

[0.4.17] - 2026-02-11

  • Enhanced authentication, registration, and 2FA experience.

[0.4.11] - 2026-02-10

  • Added admin email and mailbox management capabilities.

[0.4.9] - 2026-02-09

  • Added MongoDB sync behavior and deploy notification support.

[0.4.5] - 2026-02-09

  • Improved deploy admin permissions, UI behavior, and logging.

[0.4.1] - 2026-02-09

  • Improved deploy admin backend and reliability.

[0.3.42] - 2026-02-09

  • Overhauled local deployment workflow and deploy UI feedback.
  • Improved build/server startup robustness.

[0.3.26] - 2026-02-08

  • Added local runner support with improved deploy job persistence.

[0.3.0] - 2026-02-08

  • Expanded deployment/versioning mechanics.
  • Added multiple App Builder request and consultation workflow improvements.

[0.2.0] - 2026-02-05

  • Added in-house deploy system foundation.
  • Strengthened role-based access and profile/registration flows.
  • Added credit/subscription and impersonation enhancements.

[0.1.0] - 2025-12-09

  • Consolidated early admin/dashboard/content/auth groundwork.

Notes

  • Release versions are sourced from package.json and written to lib/version.ts during npm run prebuild.
  • Keep this file updated for each release bump and user-visible feature change.