Release updates, feature highlights, and what our AI agents have been building
What changed: - Plan review gate is now enabled by default for all projects - Agent-written PRs merge autonomously without human approval - Cross-intelligence agent now ingests live signals (Hacker Ne...
March 3, 2026 - Sentry Error Tracking: Runtime errors across client, server, and edge runtimes are now automatically captured and reported. Includes tunnel routing to bypass ad-blockers and source ...
{"date":"March 3, 2026","title":"Release v0.1.54: Customer Feedback, Billing & Analytics, Rollback Foundation","url":"blog/v0.1.54-release.md"}...
What shipped: - Public ingest API at POST /api/analytics/ingest — accepts single events or batches up to 100, strips PII automatically, derives country from request headers - Two new database tables f...
March 2, 2026 v0.1.51 integrates the Vercel AI SDK for real-time AI conversations directly in the jugg.ai dashboard. - AI Assistant page at /dashboard/assistant — full-height chat interface with s...
- New uptime monitoring system with per-minute polling across all endpoints - SLA dashboard at /dashboard/uptime showing 30-day stats, response times, and incident tracking - Smart hysteresis logic th...
- Added Cache-Control: private, max-age=30, stale-while-revalidate=60 headers to whitelisted tRPC query responses - Defined CACHEABLEPROCEDURES whitelist (20+ safe read-only procedures: project.list, ...
- Added dark mode color variants (dark:text--400) to confidence score indicators in the revenue tab - Green, yellow, and red confidence scores now have proper contrast on dark backgrounds - Styling no...
- Entire product table rows are now clickable, navigating directly to the product detail page - Added hover highlight (hover:bg-muted/50) for visual feedback - Product name links preserved for right-c...
Agent job cards in the pipeline detail page now show a unique colored left-border accent per agent type. Each of the 12 supported agent types (research, design, implementation, testing, release, marke...
The notification settings panel now uses the app-wide <EmptyState> component instead of a custom inline empty state. This brings visual consistency across the platform. UI improvements: - Bell icon i...
We've redesigned the landing page footer to give users more entry points without scrolling back up. - Expanded footer from a single row into a 3-column grid - Brand column: Jugg logo, tagline, and s...
The onboarding wizard had a full-width step indicator that took up 40px of vertical space for just two steps ("Create Product" → "Done"). We replaced it with a compact Step 1 of 1 pill badge embedded ...
What changed: - BreadcrumbHeader now shows an animated skeleton shimmer for UUID segments during tRPC name resolution, instead of flashing truncated IDs like abc12345… - The pendingResolution flag tra...
What changed: - The four stat cards on the dashboard overview are now clickable - Each card navigates to its section: Products, Pipelines, Releases, and Observability - Added visual feedback: shadow l...
- Inline hint message — amber alert below provider buttons explains why they're disabled when terms haven't been accepted - Shake animation — checkbox label jiggles when a user clicks a disabled butto...
- Full drag-and-drop support — reorder features by dragging the grip handle instead of clicking arrow buttons - Optimistic updates — new order appears instantly; single bulk database update on drop - ...
During a pipeline run, the real-time logs sit at the bottom of a long page — past the overview, approval gates, features panel, and stage timing. Users had to manually scroll past everything to reach ...
- Added HeroPipelineDemo client component to landing page hero section - Renders an animated macOS-style terminal showing the jugg.ai pipeline cycling through all 6 stages - Each stage displays an ico...
February 26, 2026 - ⌘K command palette now searchable — Features, pipeline runs, releases, and pull requests are now keyboard-discoverable alongside pages and projects - Debounced search input — 20...
What changed The sidebar credit balance widget now proactively warns users when their balance drops below 500 credits (£5.00). When triggered, the component: - Switches to an amber visual state with...
Date: February 26, 2026 - Added Sheet-based hamburger menu to MarketingNav for mobile viewports (< 640px) - Desktop navigation remains unchanged at larger breakpoints - Mobile menu includes all nav...
v0.1.32 fixes a race condition in the feature.reorder mutation that could produce ordering inconsistencies under concurrent operations. - Wrapped sortOrder swap in db.transaction() for atomic execu...
- Fixed the scroll-collapse bug: expanding a log row and scrolling away no longer collapses it on scroll back - Eliminated unnecessary re-renders when new log entries arrive — unrelated rows now stay ...
Added three missing indexes to the dunningactions table: - idxdunningactionsscheduled on (scheduledAt, status) — supports billing cron queries that pick up pending actions - idxdunningactionscustomer...
Dashboard loads were issuing redundant database queries. The observability dashboard fires 7+ parallel tRPC calls (getSummary, getAgentBreakdown, getShipVelocity, etc.), and each independently fetched...
What changed: - feature.list now uses cursor-based pagination with a default limit of 50 features per page - Frontend replaced client-side pagination state with useInfiniteQuery(), seeding the first p...
- Landing page converted from fully dynamic server component to static with 1-hour ISR (Incremental Static Regeneration) - Auth-dependent UI (navigation, CTA buttons) extracted into client components ...
- Added GIN trigram index on features.title to accelerate ILIKE prefix queries used by agent activity polling - Parallelized job stats and feature queries in getAgentActivity using Promise.all() - Ena...
February 26, 2026 The auto-generated MCP HTTP server now requires bearer token authentication on all endpoints except the health check. - Bearer token validation on all MCP endpoints except GET /h...
{"preview":"The observability dashboard now runs four key queries with guaranteed O(log n) performance. We added a composite index on agentjobs(startedAt, status) to prevent full table scans as pipeli...
- Replaced 3-second polling with Postgres LISTEN/NOTIFY — Pipeline SSE connections now receive real-time updates via database triggers instead of continuous polling. - 10-second fallback poll — A coar...
- Merged two sequential database queries into one in the costAnalytics endpoint - Combined today's cost sum and 30-day cost sum into a single query using conditional FILTER clauses - No changes to the...
getDashboardTrends previously fired 5 separate COUNT queries via Promise.all on every dashboard load. This release consolidates them to 3 by merging same-table queries with conditional COUNT() FILTER ...
{"content":"# Release v0.1.20: PKCE Downgrade Path Closed\n\nFebruary 26, 2026\n\n## What changed\n\n- 🔒 PKCE security fix: The OIDC token endpoint now strictly requires S256 code challenge method. R...
- Added waitlistjoin tier to rate limits: 5 requests per hour per IP (vs 30/min for general tRPC mutations) - Middleware now detects waitlist.join requests and enforces the hourly limit before the gen...
What changed - Replaced plain string comparison (!==) with crypto.timingSafeEqual() in the GitHub OAuth callback state validation - Added new verifyOAuthState() helper that safely compares CSRF token...
Removed all sql.raw() usage from the reports router in both template-multi and template-enterprise, replacing it with: - sql.identifier() for table, date, and value column references - buildDateTrunc(...
- Fixed critical bug: Google and GitHub OAuth users were incorrectly blocked when MFAREQUIRED=true because these providers don't emit amr (Authentication Methods Reference) claims in their ID tokens -...
The SSE stream endpoint for real-time pipeline monitoring was selecting the entire inputData JSONB column on every poll tick (every 3 seconds per connection), then immediately discarding it after extr...
February 26, 2026 - SQL-level filtering: q (search) and status filters now execute in the database instead of JavaScript, eliminating unnecessary row transfers - Partial SELECT: Removed five heavy ...
Fixed a credential exposure vulnerability in the observability.getJobDetail tRPC endpoint. Agent jobs store credentials like GitHub tokens and API keys in their inputData field — previously, any authe...
- Replaced in-memory rate limiter with Upstash Redis distributed backend - Automatic fallback to in-memory sliding-window when Redis env vars aren't set - checkRateLimit() is now async; returns Promis...
project.getAuthConfig now masks OAuth client secrets before returning them to users with viewer or editor roles. Previously, all authenticated users could see plaintext secrets for Google, GitHub, Mic...
- Replaced in-memory rate limiter with distributed Upstash Redis backend - Added sliding-window algorithm using Redis sorted sets (score = timestamp) - Graceful fallback to in-memory store when Redis ...
v0.1.9 replaces single-key encryption with four dedicated AES-256-GCM keys — one each for OAuth tokens, GitHub PATs, Neon connection strings, and project environment variables. - Added OAUTHENCRYPT...
February 26, 2026 - envVars.set mutation: Fixed missing audit logs on secret updates. Previously, only secret creation was logged — secret rotations left no audit trail. Now both create and update o...
- PKCE is now mandatory — all authorization requests must include a codechallenge - S256-only — the insecure plain PKCE method is rejected; S256 is the only supported method - Removed fallback behavio...
- codechallenge is now required on all OIDC /oidc/authorize requests - Only S256 is accepted as codechallengemethod; plain is explicitly rejected - 17 new unit tests covering enforcement and regressio...
- Replaced sql.raw() with sql.join() in the getLastAutomationRuns query to eliminate manual SQL string escaping - Each source value is now emitted as its own bound parameter instead of being interpola...