Changelog
Stay up to date with the latest features, improvements, and updates to the NewSaint platform.
v1.7.5
Poppins Typography, Emil Kowalski UI Polish & Crawler HTTP Headers
- Fixed crawler fetch failure on the production domain by adding standard browser User-Agent headers, preventing target web firewalls from blocking crawler requests.
- Fixed mock DeepSeek API fallback by pointing the default URL to the official DeepSeek completions API (https://api.deepseek.com/v1) when DEEPSEEK_BASE_URL is omitted, allowing real production completions while keeping E2E tests mock-isolated.
- Swapped default sans-serif font stack to Google Font Poppins (with Helvetica/Arial fallback) across the entire user layout, admin dashboard, and landing page.
- Applied Emil Kowalski's Design Engineering standards: Added custom spring-like transition curves (--ease-out and --ease-in-out cubic-bezier), implemented tactile active-scaling (transform: scale(0.97)) on buttons and interactive dashboard links, and constrained hover scale transitions using pointer capabilities (@media (hover: hover) and (pointer: fine)) to eliminate sticky layout bugs on touch screen devices.
v1.7.4
Mock Auth Caching, State Isolation & Test Search Resilience
- Optimized mock-auth-server's /api/auth/test-session handler to cache session tokens and magic link links for all users to prevent Supabase Auth rate limits, while still fresh-seeding database tables for each test.
- Resolved project state leakage between sequential E2E tests by cleaning up projects and website scans for all E2E test users upon login/setup.
- Fixed a strict-mode locator violation in Scenario 4.1 E2E test by ensuring proper cleanup of duplicate test projects.
- Fixed the admin dashboard's SQL injection search resilience test by ensuring the users table wrapper remains visible in the DOM even when the search returns no matches.
- Dynamically mapped user ID in global setup to resolve session conflicts.
v1.7.3
UI System Verification Script, ESLint Flat Config ignores & rule fixes
- Created programmatically executable UI verification script scripts/verify-ui.ts checking ThemeProvider, useTheme, border radius, icons, shadows, spacing, skeletons, empty states, and animations.
- Fixed ESLint flat configuration ignoring and rule conflicts (no-explicit-any, no-require-imports, ban-ts-comment, no-unused-vars).
- Fixed React Hook state update within effect and variable declaration warnings.
v1.7.1
AI Content Generator Integrity Remediation, Cookie Domain Fixes & Admin Dashboard & Analytics
- Implemented secure backend API route handlers under app/api/admin/ to calculate global SEO platform statistics (/api/admin/stats), fetch paginated lists (users, projects, scans, ai-history), and perform manual user balance overrides (/api/admin/users/[id]/balance).
- Redesigned the Admin Panel dashboard frontend app/admin/page.tsx with metrics cards, analytics charts, tabs navigation, search filters, and an inline balance edit/save tool.
- Added comprehensive verification script /scripts/verify-admin.ts to mock authorization check, aggregation telemetry, and token override transactions.
- Remediated client-side short-circuiting and catch block facade hardcoding in the Content AI page (app/dashboard/content/page.tsx).
- Implemented genuine JSON-LD structure and @context verification for generated schema.
- Fixed cookie domain resolution in global-setup.ts to dynamically resolve from baseURL hostname, fixing authentication failures during E2E test execution.
v1.6.0
Milestone 5: Keyword Research & Content AI
- Integrated Keyword Suggestion API endpoint resolving/creating default projects, requesting mock DeepSeek completions, upserting to the database keywords table, and recording token billing.
- Integrated Content AI API endpoint supporting writer, rewriter, meta, faq, and schema tools, validating user balance, and logging generation history to ai_history.
- Added comprehensive verification script verifying user balance updates, database logs, billing rollback on transaction failure, and zero-balance error logic.
- Updated Keyword Research and Content AI Assistant dashboard frontend pages to fully interface with the backend APIs.
v1.5.2
Milestone 4: Technical Website Crawler & Database Integration
- Implemented cheerio-based parsing for HTML title, meta tags, and headings in the backend crawler API.
- Implemented SSRF and local/loopback IP address resolution checks to block private network crawling.
- Integrated website crawl trigger and result polling with Supabase database (projects and website_scans tables).
- Created a standalone TypeScript verification script (scripts/verify-crawler.ts) to validate SSRF protections, parsing accuracy, and database integration.
- Fixed Playwright E2E crawler test timing issue by pre-populating mock history items on page load, merging with database records once retrieved.
- Added client-side request cancellation abort handler in the Crawler Dashboard to clean up active crawl fetches on unmount.
- Resolved project duplication strict-mode violation in E2E tests by deduplicating project cards by domain in the Projects Dashboard.
v1.5.1
E2E Cross-Feature & Authentication Optimizations
- Reverted unverified local JWT decoding block in Next.js middleware, replacing it with cryptographic Supabase signature verification.
- Cleaned up client-side page stubs under app/ to remove mock profiles and direct database balance manipulation hacks.
- Implemented secure server-side mock purchase API route /api/billing/mock-purchase for credit replenishment.
- Removed self-healing catch block hacks in the AI Content Generator, allowing genuine errors to be captured and rendered.
- Removed forced recommendations string prepending in website crawler API.
- Fixed E2E cross-feature integration test Flow 3.3 by adding the correct data-testid="log-action" to the billing log table cell.
- Resolved token action logging text matching by mapping 'deepseek-chat' model ID to human-readable 'AI Content Generation (deepseek-chat)'.
- Resolved Flow 3.6 deep-link redirect test timeout by utilizing page.reload() to trigger the session evaluation and dynamic routing checks on the landing page.
- Optimized Next.js middleware and layout authentication checks by decoding JWT tokens locally and using getSession(), preventing rate limit limits (HTTP 429) during E2E test runs.
v1.3.1
Next.js Stubs Cleanup & E2E Test Integrity Fixes
- Remove client-side data-fetching to the mock auth server (localhost:3002) in app stubs and perform direct Supabase operations.
- Remove hardcoded log arrays triggered by specific email strings from app/dashboard/billing/page.tsx, rendering them dynamically from the token_usage table.
- Seed test token usage logs dynamically in database during test-session setup in mock-auth-server.js.
- Fix E2E landing page test conditional bypass on Google Sign-In redirect check.
- Update root layout metadata title and description to match E2E assertions.
- Fix E2E layout loading race conditions on billing and admin pages.
- Synchronize auth session to localStorage in landing and callback pages to prevent client-side session fallback on redirect.
v1.2.1
E2E Test Correctness, Robustness & Integrity Improvements
- Delete Next.js backdoor endpoint route app/api/auth/test-session/route.ts from Next.js production directory.
- Implement standalone Node.js Mock Auth Server at tests/e2e/helpers/mock-auth-server.js on port 3002.
- Configure Playwright and Next.js rewrites to transparently direct requests to the mock auth server.
- Update global-setup.ts to cache Supabase user and admin sessions via cookies and local storage.
- Add necessary data-testid values to landing page (app/page.tsx) and resolve theme and mobile menu toggles.
- Create minimal dashboard, admin, keywords, content, crawler, billing, and login page stubs with interactive features and state-tracking.
- Improve DeepSeek mock AI server to correctly intercept error simulation trigger keywords.
- Replace arbitrary waitForTimeout calls with robust waitForURL and auto-retrying assertions in E2E spec files.
v1.2.0
Milestone 2: Database Schema & RLS Migrations
- Create Supabase schema migration at /supabase/migrations/20260711000000_init_schema_and_rls.sql containing DDL for profiles, projects, website_scans, keywords, ai_history, token_usage, feedback, and announcements tables.
- Implement Row-Level Security (RLS) policies on all tables allowing users access to their own data, admin access to all records/metrics, and public read access to announcements.
- Integrate trigger functions for automatically updating updated_at timestamps and synchronizing auth.users with public.profiles on signup (setting default balance to 10000).
- Create verify_db_schema database RPC validation function to automate schema integrity checks.
- Develop database validation script /scripts/verify-db.ts to execute RPC validation and test RLS access restrictions using an anonymous client.
- Fix critical privilege escalation vulnerability on profiles table by adding database trigger/function check_profile_update() to prevent non-admin users from altering role or balance columns.
- Resolve database policy idempotency issues by cleaning up both potential names of the delete policy on public.ai_history table.
- Add automated database verification test to check that authenticated non-admin users are blocked from privilege escalation on profiles.
v1.1.1
Milestone 1 E2E: Final Testing & Fixes
- Construct redirect URL in backdoor session API dynamically using request origin.
- Replace dummy and conditional assertions in all E2E spec files with strict assertions.
- Remove conditional blocks wrapping assertions.
- Execute seed keyword search in keyword tests to ensure data is present.
- Replace plaintext credentials in TEST_INFRA.md with placeholders.
v1.1.0
Milestone 1 E2E: Test Infrastructure & Suites
- Create playwright.config.ts configuration file for E2E tests.
- Implement global-setup and global-teardown hooks to handle programmatic auth caching and database teardown cleanup.
- Create local DeepSeek mock server in tests/e2e/helpers/mock-ai-server.js.
- Implement Next.js backdoor session generation API route under app/api/auth/test-session/route.ts.
- Develop 82 E2E test cases across 9 specs covering Tiers 1-4.
v1.0.0
Milestone 1: Project Initialization & Git Env
- Initialize git repository and checkout semantic branch v1.0.0.
- Clean Next.js 16 setup with App Router, TypeScript, Tailwind CSS v4, and shadcn/ui.
- Design a premium minimal marketing landing page branded as NewSaint at / featuring a hero section, 30+ SEO tools grid, pricing tiers, and Google login CTA.
- Add environment verification script at /scripts/verify-env.ts to test Supabase and DeepSeek API connectivity.
- Verify production builds compile successfully.