Changelog

Recent ships. Newest first.

2026-06-06

Generative engine optimization (GEO) foundation

• Shipped /api/v1/openapi.json — full OpenAPI 3.1 schema for the public API
• Added .well-known/ai-plugin.json and .well-known/mcp.json manifests
• Expanded /llms.txt; added /llms-full.txt for ChatGPT/Claude/Perplexity ingestion
• Added WebSite + SearchAction JSON-LD on root
• New pages: /trust, /roadmap, /investors, /compare/dsers-vs-dropshop-bd

2026-05-15

Security hardening pass

• Owner-scoped write policies on webhook_deliveries and provider_logs
• provider_tokens select policy tightened to TO authenticated
• Webhook delivery: response_body and request_headers stay null by design

2026-05-13

API surface security

• Atomic rate limiting via SECURITY DEFINER (increment_api_key_usage)
• Generic error wrapper (safeError) — no upstream leaks
• HMAC-signed OAuth state tokens with 15-minute TTL

2026-05-12

Google + Apple sign-in, logs panel, FAQ

• Managed Google + Apple OAuth via Lovable Cloud
• Provider logs panel with redacted JSON viewer
• Incremental AliExpress feed sync (payload hashing)
• Searchable feed picker; E2E import-then-order flow
• Public /faq with FAQPage JSON-LD