Changelog

Stay up to date with the latest features, improvements, and updates to the NewSaint platform.

v1.7.5

Poppins Typography, Emil Kowalski UI Polish & Crawler HTTP Headers

  • Fixed crawler fetch failure on the production domain by adding standard browser User-Agent headers, preventing target web firewalls from blocking crawler requests.
  • Fixed mock DeepSeek API fallback by pointing the default URL to the official DeepSeek completions API (https://api.deepseek.com/v1) when DEEPSEEK_BASE_URL is omitted, allowing real production completions while keeping E2E tests mock-isolated.
  • Swapped default sans-serif font stack to Google Font Poppins (with Helvetica/Arial fallback) across the entire user layout, admin dashboard, and landing page.
  • Applied Emil Kowalski's Design Engineering standards: Added custom spring-like transition curves (--ease-out and --ease-in-out cubic-bezier), implemented tactile active-scaling (transform: scale(0.97)) on buttons and interactive dashboard links, and constrained hover scale transitions using pointer capabilities (@media (hover: hover) and (pointer: fine)) to eliminate sticky layout bugs on touch screen devices.
v1.7.4

Mock Auth Caching, State Isolation & Test Search Resilience

  • Optimized mock-auth-server's /api/auth/test-session handler to cache session tokens and magic link links for all users to prevent Supabase Auth rate limits, while still fresh-seeding database tables for each test.
  • Resolved project state leakage between sequential E2E tests by cleaning up projects and website scans for all E2E test users upon login/setup.
  • Fixed a strict-mode locator violation in Scenario 4.1 E2E test by ensuring proper cleanup of duplicate test projects.
  • Fixed the admin dashboard's SQL injection search resilience test by ensuring the users table wrapper remains visible in the DOM even when the search returns no matches.
  • Dynamically mapped user ID in global setup to resolve session conflicts.
v1.7.3

UI System Verification Script, ESLint Flat Config ignores & rule fixes

  • Created programmatically executable UI verification script scripts/verify-ui.ts checking ThemeProvider, useTheme, border radius, icons, shadows, spacing, skeletons, empty states, and animations.
  • Fixed ESLint flat configuration ignoring and rule conflicts (no-explicit-any, no-require-imports, ban-ts-comment, no-unused-vars).
  • Fixed React Hook state update within effect and variable declaration warnings.
v1.7.1

AI Content Generator Integrity Remediation, Cookie Domain Fixes & Admin Dashboard & Analytics

  • Implemented secure backend API route handlers under app/api/admin/ to calculate global SEO platform statistics (/api/admin/stats), fetch paginated lists (users, projects, scans, ai-history), and perform manual user balance overrides (/api/admin/users/[id]/balance).
  • Redesigned the Admin Panel dashboard frontend app/admin/page.tsx with metrics cards, analytics charts, tabs navigation, search filters, and an inline balance edit/save tool.
  • Added comprehensive verification script /scripts/verify-admin.ts to mock authorization check, aggregation telemetry, and token override transactions.
  • Remediated client-side short-circuiting and catch block facade hardcoding in the Content AI page (app/dashboard/content/page.tsx).
  • Implemented genuine JSON-LD structure and @context verification for generated schema.
  • Fixed cookie domain resolution in global-setup.ts to dynamically resolve from baseURL hostname, fixing authentication failures during E2E test execution.
v1.6.0

Milestone 5: Keyword Research & Content AI

  • Integrated Keyword Suggestion API endpoint resolving/creating default projects, requesting mock DeepSeek completions, upserting to the database keywords table, and recording token billing.
  • Integrated Content AI API endpoint supporting writer, rewriter, meta, faq, and schema tools, validating user balance, and logging generation history to ai_history.
  • Added comprehensive verification script verifying user balance updates, database logs, billing rollback on transaction failure, and zero-balance error logic.
  • Updated Keyword Research and Content AI Assistant dashboard frontend pages to fully interface with the backend APIs.
v1.5.2

Milestone 4: Technical Website Crawler & Database Integration

  • Implemented cheerio-based parsing for HTML title, meta tags, and headings in the backend crawler API.
  • Implemented SSRF and local/loopback IP address resolution checks to block private network crawling.
  • Integrated website crawl trigger and result polling with Supabase database (projects and website_scans tables).
  • Created a standalone TypeScript verification script (scripts/verify-crawler.ts) to validate SSRF protections, parsing accuracy, and database integration.
  • Fixed Playwright E2E crawler test timing issue by pre-populating mock history items on page load, merging with database records once retrieved.
  • Added client-side request cancellation abort handler in the Crawler Dashboard to clean up active crawl fetches on unmount.
  • Resolved project duplication strict-mode violation in E2E tests by deduplicating project cards by domain in the Projects Dashboard.
v1.5.1

E2E Cross-Feature & Authentication Optimizations

  • Reverted unverified local JWT decoding block in Next.js middleware, replacing it with cryptographic Supabase signature verification.
  • Cleaned up client-side page stubs under app/ to remove mock profiles and direct database balance manipulation hacks.
  • Implemented secure server-side mock purchase API route /api/billing/mock-purchase for credit replenishment.
  • Removed self-healing catch block hacks in the AI Content Generator, allowing genuine errors to be captured and rendered.
  • Removed forced recommendations string prepending in website crawler API.
  • Fixed E2E cross-feature integration test Flow 3.3 by adding the correct data-testid="log-action" to the billing log table cell.
  • Resolved token action logging text matching by mapping 'deepseek-chat' model ID to human-readable 'AI Content Generation (deepseek-chat)'.
  • Resolved Flow 3.6 deep-link redirect test timeout by utilizing page.reload() to trigger the session evaluation and dynamic routing checks on the landing page.
  • Optimized Next.js middleware and layout authentication checks by decoding JWT tokens locally and using getSession(), preventing rate limit limits (HTTP 429) during E2E test runs.
v1.3.1

Next.js Stubs Cleanup & E2E Test Integrity Fixes

  • Remove client-side data-fetching to the mock auth server (localhost:3002) in app stubs and perform direct Supabase operations.
  • Remove hardcoded log arrays triggered by specific email strings from app/dashboard/billing/page.tsx, rendering them dynamically from the token_usage table.
  • Seed test token usage logs dynamically in database during test-session setup in mock-auth-server.js.
  • Fix E2E landing page test conditional bypass on Google Sign-In redirect check.
  • Update root layout metadata title and description to match E2E assertions.
  • Fix E2E layout loading race conditions on billing and admin pages.
  • Synchronize auth session to localStorage in landing and callback pages to prevent client-side session fallback on redirect.
v1.2.1

E2E Test Correctness, Robustness & Integrity Improvements

  • Delete Next.js backdoor endpoint route app/api/auth/test-session/route.ts from Next.js production directory.
  • Implement standalone Node.js Mock Auth Server at tests/e2e/helpers/mock-auth-server.js on port 3002.
  • Configure Playwright and Next.js rewrites to transparently direct requests to the mock auth server.
  • Update global-setup.ts to cache Supabase user and admin sessions via cookies and local storage.
  • Add necessary data-testid values to landing page (app/page.tsx) and resolve theme and mobile menu toggles.
  • Create minimal dashboard, admin, keywords, content, crawler, billing, and login page stubs with interactive features and state-tracking.
  • Improve DeepSeek mock AI server to correctly intercept error simulation trigger keywords.
  • Replace arbitrary waitForTimeout calls with robust waitForURL and auto-retrying assertions in E2E spec files.
v1.2.0

Milestone 2: Database Schema & RLS Migrations

  • Create Supabase schema migration at /supabase/migrations/20260711000000_init_schema_and_rls.sql containing DDL for profiles, projects, website_scans, keywords, ai_history, token_usage, feedback, and announcements tables.
  • Implement Row-Level Security (RLS) policies on all tables allowing users access to their own data, admin access to all records/metrics, and public read access to announcements.
  • Integrate trigger functions for automatically updating updated_at timestamps and synchronizing auth.users with public.profiles on signup (setting default balance to 10000).
  • Create verify_db_schema database RPC validation function to automate schema integrity checks.
  • Develop database validation script /scripts/verify-db.ts to execute RPC validation and test RLS access restrictions using an anonymous client.
  • Fix critical privilege escalation vulnerability on profiles table by adding database trigger/function check_profile_update() to prevent non-admin users from altering role or balance columns.
  • Resolve database policy idempotency issues by cleaning up both potential names of the delete policy on public.ai_history table.
  • Add automated database verification test to check that authenticated non-admin users are blocked from privilege escalation on profiles.
v1.1.1

Milestone 1 E2E: Final Testing & Fixes

  • Construct redirect URL in backdoor session API dynamically using request origin.
  • Replace dummy and conditional assertions in all E2E spec files with strict assertions.
  • Remove conditional blocks wrapping assertions.
  • Execute seed keyword search in keyword tests to ensure data is present.
  • Replace plaintext credentials in TEST_INFRA.md with placeholders.
v1.1.0

Milestone 1 E2E: Test Infrastructure & Suites

  • Create playwright.config.ts configuration file for E2E tests.
  • Implement global-setup and global-teardown hooks to handle programmatic auth caching and database teardown cleanup.
  • Create local DeepSeek mock server in tests/e2e/helpers/mock-ai-server.js.
  • Implement Next.js backdoor session generation API route under app/api/auth/test-session/route.ts.
  • Develop 82 E2E test cases across 9 specs covering Tiers 1-4.
v1.0.0

Milestone 1: Project Initialization & Git Env

  • Initialize git repository and checkout semantic branch v1.0.0.
  • Clean Next.js 16 setup with App Router, TypeScript, Tailwind CSS v4, and shadcn/ui.
  • Design a premium minimal marketing landing page branded as NewSaint at / featuring a hero section, 30+ SEO tools grid, pricing tiers, and Google login CTA.
  • Add environment verification script at /scripts/verify-env.ts to test Supabase and DeepSeek API connectivity.
  • Verify production builds compile successfully.