Changelog
What we ship, when. Updated on every release.
v0.11.0
- Two-factor authentication is now required on every account. Compatible with any authenticator app — set up on first sign-in.
- Major security pass: closed 5 of 7 Critical, 4 of 9 High, and 14 additional findings from a hostile self-audit. Full status in SECURITY_AUDIT.md.
- Server-side token verification now checks revocation immediately — “Revoke other sessions” takes effect at the next request, not 1 hour later.
- Stripe checkout binds customers by verified user id only; eliminates billing-portal-by-email-collision risk.
- /api/subscribe rate-limited at 5/min/IP to prevent provider-cost abuse.
- Production builds fail fast if Firebase env vars are missing — no more silent dev-mode fallthroughs.
- 1136 unit tests passing (was 856 due to a pre-existing localStorage shim bug — fixed); 26/26 authenticated E2E green.
- VAT tracker stayed on the previous quarter past midnight on quarter boundaries.
- Stale dev-mode bypass could leak into production builds in two non-auth code paths — both now hard-gated.
v0.10.0
- AI Privacy Mode: Cloud (Gemini), Local (Ollama), or Local-only — server-enforced.
- Optional password-protected vault with PBKDF2 + 30-min auto-lock.
- AI usage analytics dashboard in Settings.
- 7-post blog at /blog covering FIRE, Sharia-compliant investing, expat finance.
- Comparison pages: vs Mint, vs YNAB, vs Personal Capital.
- Free Zakat calculator + UAE tax guide landing pages.
- CSV / PDF data export from Settings → Data Rights.
- Code-split dashboard widgets and AI advisor — ~30-40% smaller initial bundle.
- AI flow cache + transaction summarizer — estimated 60-80% token reduction.
- Sentry/PostHog scrub layer; AI input sanitization against prompt injection.
- TypeScript at maximum strictness; 260 unit tests passing.
v0.9.0
- Reliability: error boundaries, status page, feedback widget.
- Observability: Sentry + PostHog with DNT-respecting, PII-scrubbing capture.
- Feature flag system with localStorage overrides.
- Changelog popover with unread badge.
v0.8.0
- AI Advisor powered by Claude for personalized guidance.
- Voice input across quick-add flows.
- Command palette and global search upgrades.
v0.7.0
- Plaid + Lean connections for US and MENA account aggregation.
- Webhook-driven transaction sync and background price updates.
v0.6.0
- Zakat calculator with Nisab thresholds and multi-asset support.
- Expat mode: multi-currency net worth, tax-residency guidance.
- FX rate caching and freshness indicator in header.
v0.5.0
- FIRE variants: Lean, Fat, Coast, Barista projections.
- Retirement and RMD simulators, Monte Carlo scenario planning.
- Tax-loss harvesting and year-end tax tool.
v0.4.0
- Estate, insurance, and family modules.
- Couples mode for shared financial planning.
- Giving + Goals tracking.
v0.3.0
- Portfolio, crypto, and property tracking.
- Debt and cash management with payoff calculators.
- Benchmarks and performance reports.
v0.2.0
- Dashboard, net worth, income/expenses.
- Budget envelopes and alerts.
- PWA install, offline shell.
v0.1.0
- Initial release: Firebase auth, settings, onboarding tour.