We respect your privacy.

We use strictly necessary cookies to keep you signed in and to protect against CSRF. With your permission we also use a small amount of first-party analytics to improve the product. We do not sell your data and we do not use third-party advertising trackers. See our cookie policy and privacy policy.

Crawlmind

Public

Changelog

What's shipped, what's changed, and the operator-impacting notes for each release. Follow our status page for incident updates.

Changelog

All notable changes to the AI Visibility Audit Platform are documented

here. Format follows Keep a Changelog;

versioning follows SemVer.

[Unreleased]

Added

  • Status page at https://status.<domain> with public components for

API, Dashboard, Crawler, AI enrichment, Reports, Webhooks, and SSO.

  • Polished marketing landing on / with hero, feature grid, and one

primary CTA, plus a public /changelog driven by this file.

[0.8.0] - 2026-05-09 — Production hardening & launch readiness

Added

  • Terraform-driven AWS topology (VPC, RDS Multi-AZ, ElastiCache, S3,

KMS, ECR, IAM, ECS) for dev, staging, and prod.

  • Cloudflare WAF + ALB edge with wildcard TLS for app subdomains and

per-domain SAN issuance for verified custom domains.

  • GitHub Actions CI/CD: PR matrix (lint, typecheck, unit, e2e, migrate

diff), tag-driven prod promote, PR preview environments, OIDC.

  • Observability stack: pino structured logs, Prometheus /metrics,

Grafana dashboards, OpenTelemetry traces, Sentry errors with PII

scrubbing.

  • SLO + alert routing to PagerDuty/Slack with per-alert runbook URLs.
  • Strict CSP + HSTS + secure-cookie hardening on api and web.
  • KMS-backed SECRET_STORE mechanism with rotation runbooks.
  • Supply-chain hardening: Dependabot, npm audit blocking step,

CycloneDX SBOM, Trivy image scan, Gitleaks, process.env lint.

  • Pen-test prep: nightly ZAP baseline, IDOR/SSRF/CSRF/JWT/file-upload

checks, findings tracker.

  • Legal pages: Privacy, Terms, DPA, Sub-processors, Cookies, Security

rendered as Nuxt pages with a global cookie consent banner that

syncs to the user profile.

  • GDPR endpoints: user + organization data export, account deletion

with sole-owner check + grace period, soft-deletion of organizations.

  • Database backups: 7-day PITR + 30-day daily snapshots + nightly

cross-region copy via AWS Backup; monthly automated restore drill.

  • Read replica routing for analytics and admin reads via

PrismaReadService; advisory-lock guard at API boot to prevent

rolling-deploy migration races.

  • k6 load test suite under tests/load/ covering browse, API burst,

crawl storm, webhook fanout, and admin snapshot.

  • In-app first-run wizard at /orgs/:orgId/onboarding and lifecycle

email worker (trial day-3, day-7-ending, dormant 30d, upgrade

suggestion) preference-gated under PRODUCT_ANNOUNCEMENT.

Changed

  • softDelete on Organization now records an ORG_DELETE_REQUEST

audit log entry with a snapshot of the org name + slug.

  • Analytics + admin snapshot reads route to the read replica when

DATABASE_REPLICA_URL is configured.

Security

  • All API responses now ship strict CSP, HSTS, X-Frame-Options,

Permissions-Policy, and Referrer-Policy headers.

  • Secrets are loaded from AWS Secrets Manager / SSM at boot rather

than from .env files in production containers.

[0.7.0] - 2026-04-21 — Enterprise platform

Added

  • White-label branding (custom domain, logo, color, email-from name).
  • Public REST API with hashed API keys, scope-based authorization,

per-key rate limits, and OpenAPI documentation at /docs.

  • Outbound webhooks with HMAC signatures, per-endpoint secret rotation,

retry/backoff, and circuit breaker.

  • SAML 2.0 single sign-on with IdP-initiated and SP-initiated flows.
  • Platform admin console for org search, snapshot, impersonation, and

feature-flag/quota override management.

  • Longitudinal analytics endpoints for scores, issues, and usage.

[0.6.0] - 2026-03-25 — Billing, reports, email, dashboard

Added

  • Stripe-backed subscription billing with grandfathering snapshots,

trial windows, and the customer portal.

  • PDF and HTML report generation with shareable, optionally

password-protected, time-limited share links.

  • Pluggable mailer (console, resend, smtp, memory, none) with

templates for welcome, verify, reset, invitation, crawl-completed,

weekly digest, quota warning, report ready, share created, and

webhook disabled.

  • Sellable customer dashboard with usage gauges, AI-spend visualization,

and project / website management.

[0.5.0] - 2026-02-27 — AI enrichment + Playwright rendering

Added

  • Per-page AI enrichment (summary, readability, entity clarity) with

spend caps and per-org budgets.

  • Playwright-rendered crawls for SPA-heavy sites with a dedicated

worker pool.

[0.4.0] - 2026-01-30 — Crawl pipeline + analyzers

[0.3.0] - 2025-12-23 — Auth, RBAC, organizations

[0.2.0] - 2025-11-25 — Database schema + queue scaffolding

[0.1.0] - 2025-10-30 — Project bootstrap