All updates
frontend
backend
auth
devops

Public changelog pages: subdomain routing, Linear theme, and password protection

  • Public-facing changelog surface — subdomain routing, Linear feed, and visibility gateUsers can now view project changelogs at [slug].suprlogs.app (or the local path fallback in development). The release included a server-rendered changelog list and SEO-friendly entry pages, a Linear-inspired feed with inline expansion and tag filtering, and an optional password gate for private changelogs.

New Features

  • Added server-rendered public changelog pages: a project list page and individual SEO entry pages with full OG/Twitter metadata and canonical links.frontend
  • Added an interactive Linear-style changelog feed with tag filtering and inline entry expansion that updates the address bar without reloading.frontend
  • Added a password-protected visibility option for private changelogs with an unlock flow that sets an HttpOnly session cookie on success.auth

API

  • Added public REST endpoints GET /v1/changelog/:slug and GET /v1/changelog/:slug/entries/:id that return published entries with no authentication required.backend
  • Added POST /api/changelog/[slug]/unlock to verify passwords and set a 24-hour HttpOnly cookie for private changelog access.backend
  • Updated PATCH /api/projects/[slug]/settings to accept a plain-text visibility_password which is hashed server-side before saving.backend

Improvements

  • Extended Next.js middleware to detect *.suprlogs.app hosts and transparently rewrite requests to the matching /changelog/[slug] routes so one deployment serves both admin and public sites.frontend
  • Added utilities: buildChangelogUrl() for correct canonical subdomain vs. local URLs and groupEntriesByMonth() for date grouping in feeds.frontend
  • Rendered structured LLM-generated sections where available and used react-markdown as a fallback for manually edited entries to improve display consistency.frontend
  • Updated project settings UI to optionally set a visibility password when choosing private visibility and linked the public URL to the subdomain preview.frontend

Security

  • Hashed visibility passwords with bcrypt before storage and verified passwords with bcrypt during unlock to avoid storing plain-text secrets.auth

Documentation

  • Added NEXT_PUBLIC_CHANGELOG_DOMAIN to environment files, README and turbo.json and documented the production wildcard domain and local fallback behavior.devops

Testing

  • Added 14 tests covering date-grouping and middleware subdomain/routing logic; all web tests passed.backend