Every release, update, and fix - most recent first.
v0.8.0
Alpha
NewCustom sensitivity preset in /settings - alongside the High / Standard / Low presets, users can now dial in their own threshold (60-99), name weight (10-50), and phonetic weight (10-50) via sliders; the Custom card is auto-selected whenever saved values diverge from any named preset
FixRetrospective notification script no longer times out on large backlogs - diffs are now claimed (marked processed=true) before scoring rather than after, preventing the entire backlog from re-queuing on every timeout; batch size is configurable via RETROSPECTIVE_BATCH_SIZE env var (default 500)
FixNetlify function timeout now correctly set to 26 s via netlify.toml [functions] timeout = 26 - the previous release documented this fix but did not apply it to the config file; also removed the Vercel-specific maxDuration export from the check route which was a no-op on Netlify
Fixpackage-lock.json regenerated with --legacy-peer-deps to resolve eslint-config-next peer conflict that was causing npm ci to fail in GitHub Actions ingest and purge workflows
v0.7.0
Alpha
NewBatch screening page (/batch) - upload a CSV of up to 500 names with optional reference, DOB, and nationality columns; jobs are processed in the background via a Netlify Background Function; live progress polling every 5 seconds; download results as CSV when complete
NewPOST /api/dashboard/batch and GET /api/dashboard/batch/[jobId]/download - new authenticated endpoints for creating batch jobs and streaming completed results as CSV; checks credit balance before queuing (bypassed for licensed tenants)
NewNotification mark-read endpoints - POST /api/dashboard/notifications/[id]/read and POST /api/dashboard/notifications/read-all; fixes the notification bell which was calling these routes before they existed
NewCloudflare Turnstile bot protection on the signup form - widget loads dynamically and is verified server-side via POST /api/auth/turnstile-verify; gracefully skips verification when NEXT_PUBLIC_TURNSTILE_SITE_KEY is not set
FixGitHub Actions ingest and purge workflows switched from npm ci to npm install --legacy-peer-deps to resolve peer dependency conflicts that were causing the workflows to fail before running any ingestion logic
v0.6.0
Alpha
FixAdmin panel now renders inside the dashboard chrome (sidebar and top bar) rather than as a standalone page, giving super-admin users a consistent navigation experience
NewPending signups tab added to the admin panel - lists Neon Auth accounts that have signed up but not yet completed onboarding, sourced directly from the neon_auth.users_sync table
FixSanctions list status badges on the dashboard now display a visible tooltip with the full status description on hover (Current, Up to date, Outdated, No data definitions) - previously only a native browser title tooltip was shown, which was too subtle
FixNetlify function timeout extended to 26 s via netlify.toml [functions] timeout setting - the Vercel-specific maxDuration hint in route files is ignored on Netlify and was leaving the 10 s default in place, causing high-cardinality /checks searches to return a 502 instead of results
NewSitemap added at /sitemap.xml (Next.js App Router MetadataRoute.Sitemap) covering homepage, changelog, privacy policy, terms, and sign-in
Newrobots.txt added at /robots.txt - allows crawling of public pages, disallows all dashboard and API routes, and references the sitemap
ChangeHomepage SEO updated - page title and meta description now include regulated-industry keywords (sanctions screening for banking/financial services, online gambling, remote gambling); new "Built for regulated industries" section added covering banking and financial services, online gambling and remote gaming, and professional services with keyword-rich copy
v0.5.0
Alpha
NewPer-tenant scoring weights (P2.4) - tenants can now adjust the Jaro-Winkler name weight (default 30), phonetic overlap weight (default 30), and hit threshold (default 85) independently; alias coverage weight is derived automatically as the remainder up to 70
NewScoring weights UI in /settings - sliders with live preview of alias coverage remainder and validation that name + phonetic weights do not exceed 65; Save and Reset to defaults buttons
NewPATCH /api/dashboard/tenant/scoring-config - new authenticated endpoint to persist scoring config with server-side validation; clears config (reverts to defaults) when all values are null
NewScoringConfig type exported from lib/matching/scoring.ts; scoreMatch() now accepts an optional third argument so every check call - API v1 and dashboard - respects the tenant's custom weights
NewWeekly purge cron (.github/workflows/purge.yml) - runs every Sunday at 03:00 UTC, honours per-tenant retention_days, supports DRY_RUN input and manual workflow_dispatch trigger
FixP3.2: Fixed SQL injection risk and broken query in notify-retrospective.ts - replaced sql.raw() + literal ? placeholders with properly parameterised sql`${t}` interpolation for the && array overlap operator; removed redundant nested await that fetched all tenant IDs on every loop iteration
New/hits page - Active Hits review queue is now fully functional; shows all pending sanctions matches (hits and possible matches) for the tenant with submitted name, matched sanctions name, list source, confidence score, and check date
NewPer-row review actions on /hits - "Confirm hit" marks a result as confirmed_hit and retains it in the audit trail; "Mark false positive" dismisses the match; both actions call the new PATCH /api/dashboard/check-results/[id] endpoint and remove the row optimistically
NewFilter tabs on /hits - All / Hits / Possible matches tabs let analysts focus on the severity tier they need to review; counts update live as rows are resolved
NewPATCH /api/dashboard/check-results/[id] - new authenticated endpoint accepts { reviewStatus, reviewNotes }; verifies the result belongs to the calling tenant before applying the update
FixResend FROM address now configurable - falls back to onboarding@resend.dev when RESEND_FROM_ADDRESS is not set, unblocking email delivery without needing a verified custom domain on the Resend free plan
v0.3.1
Alpha
FixSign-in unverified email flow restored - new custom SigninForm component replaces the Neon Auth AuthView black-box; 403 responses are now intercepted and the user is automatically redirected to /auth/verify-email?email=... instead of hitting a dead-end generic error
FixNew wizard logo deployed (609x722 portrait) - the updated logo was placed in the working tree but had not been committed to the repository; this release includes it
FixLogo sizing corrected in sidebar and onboarding - the portrait logo was being constrained by h-8 w-8 classes designed for a square asset; changed to h-9 w-auto so the full portrait dimensions are respected
FixChecks page inputs now display with correct dark text - explicit text-gray-900 classes added to all form inputs and selects to prevent white-on-white rendering in some browser configurations
FixChecks page JSON error handling hardened - the fetch call now checks Content-Type before attempting JSON.parse; non-JSON server errors (e.g. HTML 500 pages) now show a readable error message instead of throwing "Unexpected token I"
NewAdmin panel link added to sidebar - the /admin route is now accessible directly from the dashboard navigation for super-admin accounts; the link is hidden for all other users
NewChangelog link added to sidebar bottom navigation - accessible without leaving the dashboard
v0.3.0
Alpha
NewDashboard statistics now display live data - checks today, checks this month, active hits awaiting review, and credit balance are all pulled from the database in real time
NewSuper-admin panel at /admin (access controlled via SUPER_ADMIN_EMAIL environment variable) - lists all tenant accounts with status, registration date, credits, and check counts; supports suspend/unsuspend, delete, and manual credit top-up
NewEmail OTP verification flow - new /auth/verify-email page captures the 6-digit code sent by Neon Auth and completes account verification
New/onboarding page - post-signup company setup flow captures company name, country, use case, and monthly volume before provisioning the tenant account
New/terms page - Terms of Service (England and Wales governing law, credit billing terms, permitted use policy, liability limitation)
New/billing page - shows live credit balance, lifetime spend estimate, and the last 30 billable API checks with result status; includes low-balance warning and buy-credits CTA
NewResend email integration - lib/email utility with sendEmail() and sendRetrospectiveHitEmail() helpers; requires RESEND_API_KEY environment variable
Newscripts/notify-retrospective.ts - processes unhandled list_diffs additions after each ingestion run, re-scores historic clear checks against newly-listed entities, and emails tenant admins when threshold is exceeded
Newscripts/purge-old-records.ts - deletes checks older than each tenant's retention threshold (minimum 365 days floor); processes in batches of 500 with dry-run mode support
FixDashboard /checks endpoint fixed - high-cardinality name searches (e.g. "kim jong un") caused a Netlify function timeout due to 4N database queries in a loop; now uses 4 bulk queries and in-memory scoring, capped at 500 candidates
FixSidebar logo now displays correctly - logo.png was tracked in git but not committed; included in this release
FixAccount suspension flow - suspended tenants are redirected to /auth/suspended rather than hitting a blank page or auth error
ChangeMiddleware now protects all dashboard routes (/checks, /hits, /batch, /notifications, /billing, /support, /settings, /admin) in addition to /dashboard
ChangeSignup callbackURL updated to /onboarding so new users are routed through company setup rather than landing directly on the dashboard with a blank tenant
v0.2.0
Alpha
FixCorrected hit threshold from 80 to 85 in the scoring engine — results were being classified as confirmed hits at too low a confidence level
FixOrganisation entities were structurally capped at a score of 70/100 due to inapplicable corroboration bonuses; base score is now rescaled proportionally (0-70 to 0-100) so a confirmed hit (score 85+) is achievable through name matching alone
FixEntity type was hardcoded as "individual" in the check API response regardless of the actual list entry — now correctly reflects "individual" or "organisation" from the source record
FixOrganisation candidates were not being filtered when entityType was set to "individual" and vice versa; the check endpoint now respects the entityType filter
NewSupport page (behind dashboard login) with FAQs, full API reference, scoring methodology explainer, and a live sanctions list update log showing daily ingestion history
NewSeparate /auth/signup registration page — previously the sign-up link redirected back to sign-in
NewChangelog and Privacy Policy pages accessible from the homepage footer
FixSign-in page right panel showed white text on a white background; auth panel now correctly resets to dark text
ChangeHomepage updated with dual API code examples demonstrating individual and corporate screening side by side
ChangeTypography updated to Montserrat (headings) and Inter (body) across the entire site