whitelabel.dev

/ changelog

what shipped, when

latest may 19, 2026

tl;dr — the public release log. terse, dated, lowercase. material updates land here within a day; small polish work might batch into the weekly entry.

/2026-05-19 trust + agents fleet + readiness

  • trust page at whitelabel.dev/trust — security posture, compliance status, 8 subprocessors, vulnerability disclosure on one procurement-ready url.
  • security.txt (rfc 9116) at /.well-known/security.txt — machine-readable security contact.
  • health endpoint at app.whitelabel.dev/api/health — json status + per-dep latency for supabase + anthropic. wired into status.whitelabel.dev's 5-min monitor cron.
  • gdpr account exportGET /api/account-export dumps every row you own across the schema. complements the existing right-to-erasure endpoint.
  • agent fleet l3 → l5 hierarchy — account manager delegates to workspace manager via a new delegate_to_workspace tool; cross-workspace member lookup; per-user encrypted anthropic keys end-to-end (kills the [STUB] outputs).
  • multi-member workspaces phase 6 polish — admin ui, role dots on every team tile, presence, cancel pending invites, inline edit.
  • readiness docs — pii inventory, permissions matrix, runbook, testing, contributing, style guide. closes 7 open ❌ on the internal audit.
  • cross-user data leak fixed — sign-out wipes all per-user local cache across web / extension / mobile; user-change detection on every sign-in path.

/2026-05-17 realtime + multi-member workspaces

  • supabase realtime on 10 tables — workspace state, conversations, messages, team members, wave messages, user settings, plus members + invites. cross-device sync within ~300 ms.
  • multi-member workspaces phases 1–5workspace_members schema, additive rls, token-based invites with 14-day expiry, admin ui on web + mobile + extension, email delivery via resend, realtime propagation of role changes.
  • workspace data versioning (cas) — server-side compare-and-swap stops double-write races between devices.
  • sentry on all surfaces — web, extension, mobile under one whitelabeldev org.
  • tier-1 restore drill — confirmed daily backups are real + healthy. point-in-time recovery (pitr) deliberately deferred until before the first enterprise sla conversation.

/2026-04 mobile + agents repo + shop scaffolding

  • whitelabel mobile app — expo sdk 54, full feature parity with the extension's new-tab page (ai chat, conversations, workspaces, notifications, realtime sync).
  • whitelabel-agents repo — worker daemon, agent_jobs table, claim_agent_job() rpc with for update skip locked, dispatch endpoints, realtime status on /admin/fleet.
  • whitelabel-shop repo + vercel deploy — 9 hero skus cataloged. checkout + print-on-demand land in v0.5.
  • private status pagestatus.whitelabel.dev. 6 monitors, 5-min cron, flip-to-public criteria documented.

/2026-03 sync foundation

  • supabase as single source of truth — local stores explicit caches, push/pull sync with rate limits.
  • row-level security everywhere — every user-data table.
  • vault for ai api keys — libsodium-encrypted; plaintext never in a regular column.
  • audit log — append-only; users can read their own entries.
  • right-to-erasure endpointPOST /api/account-wipe for gdpr article 17.

what's next

tracked in our internal github org. the short list:

  • mfa on supabase auth
  • cross-tenant leak e2e test in ci — defense-in-depth on the may incident
  • audit-log → external sink for tamper-evident soc 2 prep
  • marketing showcase pages — finish the ~40 nav destinations still anchoring to #contact
  • agent threads persistence — refresh /admin/fleet without losing manager history
  • shop v0.5 — printful integration + stripe checkout
  • soc 2 type i prep — q3-q4 2026 target