Smart Order Capture
Changelog

What we shipped,
version by version.

We publish here when we ship. No marketing copy — just what changed and why.

RSS feed·Read the blog

  1. Single-domain dev, brand wordmark, real changelog

    Everything now lives at one URL during local development — the marketing site, the API, the admin app, and the docs all share http://localhost:3000.

    • Improvement
      Web app reverse-proxies /api/* to the API and /admin/* to the admin app so everything is same-origin during development.
    • Improvement
      Admin app now mounts at /admin with a real Next.js basePath; internal links and asset URLs are prefixed automatically.
    • New
      Brand wordmark (dark + light variants) shipped via a shared <Logo> component and used across nav, footer, sidebars, and auth panels.
    • New
      Favicon (auto-generated `<link rel="icon">` + apple-touch-icon) ships in both the web and admin apps.
    • New
      Public changelog page at /changelog (this one) with tagged entries and version anchors.
    • Fix
      Footer cleanup: dropped Press and Status links; removed the lingering "all systems operational" badge that referenced a status page we never shipped.

  2. Wix-style redesign, top to bottom

    Complete visual overhaul of the marketing site, signed-in app, and admin to the Wix design language. Pill buttons, generous whitespace, one accent per surface, verb-first headlines.

    • New
      Design tokens (HSL palette, 6-color accent system, soft shadows, motion timings) shipped in @soc/config/tailwind and consumed by every app.
    • New
      Marketing nav with three-column hover mega-menus, mobile drawer, sticky 72px white bar.
    • New
      Mega-footer with deep sitemap covering product, docs, use cases, company, and every legal document.
    • New
      Comprehensive documentation section at /docs — quickstart, install, pair-device, concepts, builder, runs, full triggers and actions reference, DSL reference, denylist, troubleshooting, FAQ.
    • New
      Blog at /blog with category filter chips, featured post layout, prev/next navigation, and 5 substantive launch posts.
    • New
      About page (/about) covering principles, what we won't build, and the team.
    • New
      Full legal pack: ToS, Privacy, AUP, Cookie, Refund, DMCA, Sub-processors, Security, plus a /.well-known/security.txt.
    • Improvement
      Admin pages restyled: dashboard tiles, user table with badge variants, segmented filter pills on abuse triage, moderation queue with denylist-violation rings.
    • Improvement
      App sidebar redesigned with icon pill nav items, active state in Wix Blue, help card pinned at the bottom.

  3. Workflow DSL expansion — variables, branches, loops

    The workflow engine grew first-class control flow. Workflows can now declare run-scoped variables with defaults, branch on expression results, and loop bodies either a fixed number of times or until a predicate is true.

    • New
      New nodes: control.if, control.loop (count + until modes), action.setVariable.
    • New
      Expression evaluator with arithmetic, string ops, comparison, logical, and regex match operators.
    • New
      Template substitution: every user-authored string field is run through {{var}} substitution before dispatch.
    • Improvement
      Run trace now carries the final variable scope, so debugging "why did this branch take this path" is one click in the dashboard.
    • Improvement
      Hard cap on trace events (5000) prevents pathological runs from filling storage.
    • Fix
      Cron matcher honors Vixie's DOM/DOW intersection quirk (when both fields are restricted, match if either matches).

  4. Marketplace v1, webhooks, and admin operations

    Template marketplace went live with human review, paid templates via Stripe Connect, and a dedicated moderation queue in the admin.

    • New
      Template marketplace: publish, install, rate, browse by category. 70/30 split on paid templates.
    • New
      Outbound webhooks with HMAC signing, automatic retry with backoff, and auto-disable after 10 consecutive failures.
    • New
      Admin ops surface: ban/unban users, force email verification, impersonation with audit log, denylist editing, rate-limit overrides.
    • New
      Announcements: broadcast push messages with audience filters; published via the admin UI.
    • New
      Feature flags stored in Postgres, hot-reloaded via NOTIFY, evaluated against the user's plan and account age.
    • Security
      Audit log made append-only via Postgres trigger; UPDATE/DELETE on audit_log now raise a database error.
    • Security
      Step-up TOTP elevation for destructive admin paths (impersonate, refund, soft-delete, denylist edits).

  5. Android client v1 — engine, triggers, distribution

    The Kotlin client shipped. Workflows execute locally with full parity to the TypeScript reference interpreter. CI golden-tests every fixture against both runtimes.

    • New
      AccessibilityService-backed engine running the full DSL: 15 triggers, 20 actions, branching, looping.
    • New
      Dual-channel distribution: Google Play (gated behind in-app accessibility disclosure) and direct APK from smartordercapture.com.
    • New
      In-app updater on the direct channel polls the release manifest in DigitalOcean Spaces and prompts users on new versions.
    • New
      FCM push from the API triggers a workflow pull when a definition changes; sync latency under 5 seconds end-to-end.
    • Security
      On-device denylist enforcement. A compiled-in Set of Android package names refuses to be the target of any UI action.
    • Improvement
      Fastlane lanes for Play internal track, beta promotion, production rollout, and direct-APK upload to Spaces.

  6. Auth, billing, devices

    • New
      Better-Auth with email/password, Google OAuth, passkeys. Email verification + password reset wired into the queued email worker.
    • New
      Stripe checkout for Pro ($9/mo) and Team ($29/seat/mo). Customer portal handles cancellations and card updates.
    • New
      QR-code device pairing with HMAC-signed, 5-minute tokens. No password re-entry on the phone.
    • New
      SSE-backed dashboard: device heartbeats and run updates land in real time without polling.
    • Security
      HIBP pwned-password check on signup and password reset. Passwords with ≥1 breach hit are refused.

  7. Visual builder

    • New
      React Flow-based canvas with node palette, inspector, live preview, and version history.
    • New
      Client-side validation via @soc/shared's Zod schema; offending nodes get a red ring and inline error.
    • New
      Run preview executes the workflow through the TS simulator adapter and renders the trace in real time.
    • Improvement
      Save triggers an automatic FCM push so paired phones pick up the new version without manual sync.

  8. API + worker

    • New
      Fastify + tRPC server with workflows, devices, runs, billing, abuse, templates routers.
    • New
      pg-boss workers for email delivery and marketplace moderation. No Redis dependency — queues live in Postgres.
    • New
      Per-user rate limiting on authenticated tRPC procedures, in addition to per-IP Fastify limiter.
    • New
      Spaces-signed PUT URLs for screenshot uploads; 30-day lifecycle on screenshot keys.

  9. Monorepo scaffold

    • New
      pnpm workspaces + Turborepo. 5 apps (web, api, admin, worker, docs) and 5 shared packages (shared, db, workflow-engine, ui, config).
    • New
      Drizzle schema for 22 tables: users, sessions, workflows, runs, devices, templates, subscriptions, audit log, abuse reports, and platform-ops tables.
    • New
      Workflow DSL: 15 triggers, 20 actions, fully versioned, Zod-validated, mirrored to Kotlin via scripts/ts-to-kotlin.ts.
    • New
      Reference TypeScript interpreter with simulator adapter; CI runs golden-fixture tests on every PR.

Don't want to check back?

Subscribe to the RSS feed, or get release notes by email when we ship.