Changelog — AssurePort

Every shipping change to the AssurePort platform. We follow semantic versioning. Subscribe via RSS or watch the security.txt for vulnerability disclosure timelines.

v1.1.0 Current

2026-05-10

New features

Public Free Threat Intel Toolkit — DNS, reverse DNS, HTTP security headers grader (A+→F), TLS certificate transparency search, tech-stack detector. No login. Rate-limited 30 calls / hour / IP.
Public feedback form — anonymous or identified, forwards to operator inbox via Resend, persists in feedback_messages for triage.
Billing dashboard in console — subscription summary, last 30 days usage breakdown, immutable ledger (50 most recent transactions).
Activity log in console — tenant-scoped audit trail (auth events, member changes, scans, charges) with action color-coded pills.
System status page — five live probes (Worker, Runner, Console, Marketing, Intel), auto-reloads every 30 seconds.
Six-engine catalog — Web / Mobile / GitHub live, REST/GraphQL API beta, Network/Real-IP Q2, AWS/Azure/GCP cloud misconfig Q3.
Auto-emailed scan-complete report with PDF attached (Chromium-rendered, branded cover, A4 print-ready, ~500 KB) plus markdown sibling.
llms.txt + security.txt + JSON-LD structured data for ChatGPT / Perplexity / Gemini citations.

Improvements

Pricing v2 — flat per-scan model (Starter $99 / Pro $299 / Business $799), 75-90% gross margin verified on production scan ($9.48 actual / $99 reservation).
Cookie domain set to .assureport.com — session shared across app, api, apex, www.
Marketing site rewritten with 6-engine attack-surface section, FAQ accordion (8 schema.org Q&A), three-tier pricing cards.
Resend attachment support — base64-encoded PDF rides along with the scan-complete email.

Fixes

Email deduplication: pipeline_complete emit was firing twice (pipeline.ts + server.ts) — operator received two mails. Now we only act on the canonical post-upload event.
Polar / Resend secret push — cmd /c "type" piping eliminates trailing CRLF / BOM that PowerShell's native pipe injects.
Fly machine no longer auto-stops mid-scan (auto_stop_machines = "off", min_machines_running = 1) — pipelines complete without VM restart.
Deferred reservation charge bug — pipeline_complete handler now applies charge + release ledger entries automatically.

Security

RFC 9116 /.well-known/security.txt published with vulnerability disclosure contact.
Public intel toolkit input sanitization — blocks lookups against .local, .internal, RFC 1918 ranges, 169.254.0.0/16 (cloud metadata), multicast.

v1.0.0 Initial production launch

2026-05-09

New features

Multi-tenant Cloudflare backend — Workers (Hono), D1 weur, R2 jurisdiction=eu, Vectorize 1536-dim, Queues, KV, AI Gateway.
Three production scan engines — 13-agent Web (Sonnet 4.6), 7-agent GitHub SAST, 6-agent Mobile APK.
Magic-link authentication with auto tenant onboarding (signup → tenant + organization + user + membership + free plan + 100 starter credits).
TOTP 2FA enrollment flow (RFC 6238 Web Crypto, recovery codes, login challenge gate).
Tenant invitations with Resend EU email delivery and immediate session minting on accept.
Members management — role-based access control, last-owner protection, suspend / reactivate / remove.
Polar.sh integration — Standard Webhooks v1 signature verification, three live products (Starter $99 / Pro $299/mo / Business $799/mo).
Cyberpunk-themed console UI (app.assureport.com) — auth overlay, scan modal with live timeline polling.
Marketing landing page (assureport.com), branded scan reports.
Fly.io scan runner (Frankfurt EU) with HMAC-signed Worker dispatch.
Domain Control Verification — DNS TXT, HTTP file, meta tag (any one passes via Cloudflare 1.1.1.1 DoH).
Rules of Engagement gate — Haiku 4.5 PDF validation with score threshold ≥ 0.85.
Append-only credit ledger with reservation/charge/refund semantics.
Scheduled cleanup cron (03:00 UTC daily) — magic-link tokens, expired sessions, old webhook events, stale TOTP challenges, expired invitations.