Changelog

Public log of what's shipped to steep. Updated as features land. Pinned to git history so you can verify every line.

---

Week of 2026-05-17 — pre-launch trust + credibility pass

New /compare honest-exclusions list with explicit "if your use case is X, buy Y instead" redirects (MakerKit / Supastarter / Open SaaS / Medusa / Achromatic)
Stripe Subscriptions confirmed shipped on /compare (was incorrectly marked "roadmap")
Added rows to /compare: Physical + Shippo · License keys · Per-buyer demo tenant · Wishlists/Reviews/Affiliates · Back-in-stock notifications
New <TrustPillars /> homepage band: Security-hardened · Founder seats remaining · Try-it-live demo · Test count
New <FounderBio /> block: photo + bio + X/GitHub/LinkedIn on home + about
Footer consolidated — newsletter inline with brand column, no more "two-footer" look
Seed-products SQL rewritten: wipe + 2 canonical products (steep $199→$250 one-time, Component Pack $10/mo subscription with 7-day trial)
/legal/security surfaced in footer + trust pillars (kept out of top-nav by design)
New scripts: add-security-and-sections.sql, seed-products.sql, patch-legal-llc.sql
LICENSE.md updated to Steep Ship LLC + §2.2 watermark clause
Vitest coverage tool installed; npm run test:coverage produces a real coverage report

---

Week of 2026-05-10 — admin UX + storefront wire-up

Wired storefront to read from admin-edited brand DB everywhere (header tagline, footer, mobile menu, legal pages, page metadata)
Fixed silent admin save bug: saveBrand now uses upsert; previously silently no-op'd when a row didn't exist
Friendly validation error messages across every admin settings form ("Caps size must be 28 or smaller (you entered 50)" vs cryptic zod default)
Figma-style color picker for all admin color fields (preset swatches + native picker + hex input)
<PreviewLink> in every settings page header so non-developers can jump to the matching storefront surface
Admin field hints under section titles explaining what each field controls
E2E spec gains round-trip tests for tagline, contact email, brand name, accent CSS var, legal markdown
Per-IP rate limiter, CSRF Origin-method check, email header CRLF injection guard, CSP frame-ancestors env-driven
CRON_SECRET now required at boot
5 admin auth pages got "Admin only" → "Verify a passkey or enroll MFA" disambiguation

---

Week of 2026-05-03 — storefront polish + PWA + security hardening

PWA icons (180/192/512 px) generated from logo mark
Apple-touch-icon wired in root layout
Reset SQL scripts: full store reset + admin-defaults reset
Legal pages refactored: privacy/terms/refund/security now DB-backed via markdown with {{store_name}} / {{contact_email}} / {{legal_entity}} / {{address}} merge fields
Onboarding checklist on admin dashboard with 9 setup tasks
Mobile-walkthrough E2E spec: hamburger menu + cart drawer + sticky CTA + footer overflow checks
LICENSE.md hardened with per-buyer DMCA traceability + watermark loader (src/lib/_steep-license.ts)
Vercel auto-deploy unblocked (CI lint downgrade + env-validation skip)

---

Earlier — bootstrap to commerce-complete

(Truncated. Full git history at git log if you want the receipts.)

Full Stripe Subscriptions: webhooks, customer portal, cancel/resume, lifecycle emails, admin UI
Physical products + Shippo integration (rates, labels, tracking, mark-shipped flow, customer-facing /track-order)
License keys (auto-generated + emailed)
GitHub auto-collaborator invite for private-repo fulfillment
Affiliate / referral codes with credit tracking + payouts
Wishlists, reviews + reviewer profiles, blog + comments
Coupons (percent / fixed / BOGO) with atomic redemption
WebAuthn passkey enrollment + step-up MFA
Back-in-stock notifications
GDPR account delete + CSV exports
Admin order management: refund queue, mark-shipped, audit log
Multi-tenant demo mode (50-tenant pool, 24h expiry, daily cleanup cron)

Week of 2026-05-17 — pre-launch trust + credibility pass

New /compare honest-exclusions list with explicit "if your use case is X, buy Y instead" redirects (MakerKit / Supastarter / Open SaaS / Medusa / Achromatic)

Stripe Subscriptions confirmed shipped on /compare (was incorrectly marked "roadmap")

Added rows to /compare: Physical + Shippo · License keys · Per-buyer demo tenant · Wishlists/Reviews/Affiliates · Back-in-stock notifications

New <TrustPillars /> homepage band: Security-hardened · Founder seats remaining · Try-it-live demo · Test count

New <FounderBio /> block: photo + bio + X/GitHub/LinkedIn on home + about

Footer consolidated — newsletter inline with brand column, no more "two-footer" look

Seed-products SQL rewritten: wipe + 2 canonical products (steep $199→$250 one-time, Component Pack $10/mo subscription with 7-day trial)

/legal/security surfaced in footer + trust pillars (kept out of top-nav by design)

New scripts: add-security-and-sections.sql, seed-products.sql, patch-legal-llc.sql

LICENSE.md updated to Steep Ship LLC + §2.2 watermark clause

Vitest coverage tool installed; npm run test:coverage produces a real coverage report

---

Week of 2026-05-10 — admin UX + storefront wire-up

Wired storefront to read from admin-edited brand DB everywhere (header tagline, footer, mobile menu, legal pages, page metadata)

Fixed silent admin save bug: saveBrand now uses upsert; previously silently no-op'd when a row didn't exist

Friendly validation error messages across every admin settings form ("Caps size must be 28 or smaller (you entered 50)" vs cryptic zod default)

Figma-style color picker for all admin color fields (preset swatches + native picker + hex input)

<PreviewLink> in every settings page header so non-developers can jump to the matching storefront surface

Admin field hints under section titles explaining what each field controls

E2E spec gains round-trip tests for tagline, contact email, brand name, accent CSS var, legal markdown

Per-IP rate limiter, CSRF Origin-method check, email header CRLF injection guard, CSP frame-ancestors env-driven

CRON_SECRET now required at boot

5 admin auth pages got "Admin only" → "Verify a passkey or enroll MFA" disambiguation

---

Week of 2026-05-03 — storefront polish + PWA + security hardening

PWA icons (180/192/512 px) generated from logo mark

Apple-touch-icon wired in root layout

Reset SQL scripts: full store reset + admin-defaults reset

Legal pages refactored: privacy/terms/refund/security now DB-backed via markdown with {{store_name}} / {{contact_email}} / {{legal_entity}} / {{address}} merge fields

Onboarding checklist on admin dashboard with 9 setup tasks

Mobile-walkthrough E2E spec: hamburger menu + cart drawer + sticky CTA + footer overflow checks

LICENSE.md hardened with per-buyer DMCA traceability + watermark loader (src/lib/_steep-license.ts)

Vercel auto-deploy unblocked (CI lint downgrade + env-validation skip)

---

Earlier — bootstrap to commerce-complete

(Truncated. Full git history at git log if you want the receipts.)

Full Stripe Subscriptions: webhooks, customer portal, cancel/resume, lifecycle emails, admin UI

Physical products + Shippo integration (rates, labels, tracking, mark-shipped flow, customer-facing /track-order)

License keys (auto-generated + emailed)

GitHub auto-collaborator invite for private-repo fulfillment

Affiliate / referral codes with credit tracking + payouts

Wishlists, reviews + reviewer profiles, blog + comments

Coupons (percent / fixed / BOGO) with atomic redemption

WebAuthn passkey enrollment + step-up MFA

Back-in-stock notifications

GDPR account delete + CSV exports

Admin order management: refund queue, mark-shipped, audit log

Multi-tenant demo mode (50-tenant pool, 24h expiry, daily cleanup cron)