Product

Changelog

What we've shipped recently. Material changes are added here before the marketing site catches up.

v0.6.0May 2026

Stripe Indie plan

  • Platformsubscriptions table tracks plan_key (free/indie), stripe_customer_id, stripe_subscription_id, status, and current_period_end per user.
  • PlatformcheckQuota now reads plan_key from DB — Indie plan gets 50k requests/month vs 1k on Free.
  • PlatformPOST /api/stripe/checkout creates a Checkout Session for monthly or yearly Indie billing.
  • PlatformPOST /api/stripe/webhook handles checkout.session.completed, subscription.updated, and subscription.deleted — auto-upgrades/downgrades plan_key.
  • PricingIndie plan limits: 50k proxy requests, 20 projects, 500MB storage, 100 builds per month.
v0.5.0May 2026

Waitlist, webhook pagination, and schema hardening

  • PlatformWaitlist API (/api/waitlist) with idempotent upsert — duplicate email+source returns success without creating duplicate rows.
  • PlatformWebhook events now paginated server-side (/api/hooks/[projectId]?limit=&cursor=) — no longer capped at 100.
  • Platform"Load more" button in webhook events UI fetches the next page without full reload.
  • DXschema.sql is now fully idempotent: every CREATE POLICY is preceded by DROP POLICY IF EXISTS — safe to re-run on any existing database.
  • FixSupabase schema apply workflow now runs reliably on non-empty databases.
v0.4.0May 2026

Public site overhaul

  • LandingNew landing page with animated terminal, ICP-driven use cases, and code-snippet feature cards.
  • PricingPublic /pricing page with Free, Indie ($15/mo), and Team waitlist plans.
  • PlatformStatic /legal/privacy, /legal/terms, /changelog and /showcase pages.
  • PlatformDynamic OpenGraph image at /opengraph-image so shares look alive in Slack/Twitter.
  • Fix"View Demo" CTA now scrolls to the live preview block instead of pointing nowhere.
v0.3.0May 2026

Monthly usage counters and quota gate

  • PlatformNew usage_counters table + atomic SQL RPC for owner/metric/period_month increments.
  • Platform/api/proxy now does pre-flight quota check; over-limit returns HTTP 402 with usage payload.
  • Platform/hooks/[projectId]/[token] tracks webhook_events as a usage metric (no hard cap).
  • Platform/api/account/usage exposes real proxy_requests counter — dashboard shows it.
  • PlatformHelpers in lib/usage.ts (getCurrentPeriodMonth, getMonthlyUsage, incrementUsage, checkQuota) with unit tests.
v0.2.0May 2026

SSRF hardening for the proxy layer

  • SecurityDNS resolution + private IP check at request time mitigates DNS rebinding.
  • SecurityBlock IPv6 loopback, ULA fc00::/7, link-local fe80::/10, IPv4-mapped (decimal + hex) and cloud metadata (169.254.169.254, metadata.google.internal).
  • SecurityScheme allowlist — only http/https. file://, gopher://, ftp:// rejected.
  • SecurityManual redirect handling: every hop is revalidated, capped by PROXY_LIMITS.maxRedirects.
  • SecurityFetch timeout (15s) and max response size (5MB) with truncation header X-Apiqube-Truncated.
  • Security21 unit tests covering SSRF, redirects, truncation, and timeouts.
v0.1.xApr 2026

Production-ready MVP

  • PlatformAuth/access proxy layer with maintenance gate.
  • PlatformToast notifications, confirmation dialogs, loading skeletons, search/filter across projects/webhooks/dashboard.
  • PlatformSettings page with password change and account deletion.
  • PlatformStorage RLS policies and account/usage endpoint.
  • PlatformCLI rebrand to `apiqube push` with legacy `demoforge` alias.