Changelog
Product updates and improvements
FeatureImprovement
Pre-Launch Polish
- Added system status page with real-time health monitoring
- Added API reference documentation
- Added developer audit logs with filtering and pagination
- Added privacy policy, terms of service, security, and compliance pages
- Improved pricing alignment across all pages
- Removed unverified compliance claims from landing page
FeatureSDK v0.9.0
Popup & Embedded Sign-In (Phase 19)
- Added popup-based sign-in for embedded authentication
- New compact login theme optimized for popup windows (500x700)
- SDK v0.9.0 with PopupSignIn component for Next.js
- postMessage-based auth code relay for seamless integration
FeatureImprovement
Agent Hardening (Sprint 11)
- Agent kill switch for instant revocation
- Human-in-the-loop (HITL) approval flows
- Just-in-time (JIT) credential provisioning
- Rich Authorization Requests (RAR) support
- Workload Identity Federation (WIF)
- Intent metadata for agent actions
FeatureBreaking ChangeSDK v0.8.0
Google Model Migration
- All apps now redirect to auth.zewstid.com for authentication
- Removed ROPC password grant (all auth via OAuth redirect)
- SDK v0.8.0 with breaking changes (removed createZewstIDHandlers, embedded SignIn)
- Cross-portal SSO via browser session cookies
- Custom identity provider image with SPIs and themes baked in
Fix
Security Fixes
- Fixed rate limiter counter bug in Redis pipeline parsing
- Fixed password reset token race condition with atomic GETDEL
- Fixed webhook SSRF vulnerability with URL validation
- Added role-based access control to admin dashboard
- Fixed MFA cookie bypass with HMAC-signed tokens