CloudAgencyOps
Start free trial

Changelog

What shipped, dated.

Reverse-chronological. Each entry: date · version · category tag · body. RSS feed at /changelog/rss.xml.

  1. ·v0.23.0
    Feature

    Engineered Teal + Signal Lime brand tokens land

    Synthesized brand identity from 3 parallel AI brand-research outputs. Engineered Teal #0D9488 primary + Signal Lime #A3E635 accent + near-black #0A0A0B dark surfaces. 6px radius. Dark-mode-first with light-mode toggle. All 282 tests still pass.

  2. ·v0.22.5
    Feature

    Per-client cost CSV export

    New `/api/clients/[id]/cost-csv` route. Companion to the PDF report — same data the client's bookkeeper drops into a spreadsheet. Defaults to current UTC month; `?period=YYYY-MM` for arbitrary. RFC 4180 escaping, CRLF line endings, sorted (account, service) for stable diff. Cross-tenant scoped before any data leaves.

  3. ·v0.22.4
    Feature

    Composite client-health badge on dashboard

    Synthesizes five already-displayed signals (retainer utilization, projected utilization, sync freshness, sync error state, MoM anomaly) into a single green / amber / red dot per client. Severity rules: destructive on active sync error or >100% util; warning on 75-100% util / projected >100% / never-synced / 24h+ stale / MoM anomaly; success otherwise.

  4. ·v0.22.3
    Feature

    Audit-trail PDF template + month-over-month anomaly banner

    Third PDF report template alongside exec / detailed. Period-over-period comparison + top movers (services with biggest abs delta, ranked) + recent CloudTrail events + per-account sync metadata. Dashboard MoM banner flags clients already >=25% above prior month.

  5. ·v0.22.2
    Feature

    Runbook viewer: Mermaid diagrams + code syntax highlighting

    rehype-highlight for fenced code blocks (server-rendered, zero client JS). Mermaid via dynamic-import (~600KB chunk loaded ONLY when a runbook contains a ```mermaid block); rendered as data-URL `<img>` to sidestep innerHTML / XSS-via-SVG-JS surface.

  6. ·v0.22.1
    IntegrationSecurity

    Crons moved to GitHub Actions

    Vercel Hobby plan restricts crons to daily-or-less-frequent. The hourly sync-costs cron was rejected at deploy time. Moved both crons (`sync-costs` hourly + `sync-access` daily) to GitHub Actions workflows that POST to the same endpoints with the existing CAO_CRON_SECRET Bearer auth. Keeps hourly granularity. Free tier.

  7. ·v0.21.0
    Security

    Session JWT audience-locked + transitive npm vulnerabilities resolved

    Session JWT now carries `aud: cao:session` and `jwtVerify` enforces the audience claim. Defense against accidental cross-product session sharing if CAO_SESSION_SECRET ever lands on two products. esbuild + postcss force-resolved via pnpm-workspace.yaml overrides. Two confidence-≥80 issues from the code-review subagent fixed same-turn.