Skip to main content

Changelog

This page mirrors the project root CHANGELOG.md.

[0.10.6] - 2026-04-29

Fixed

  • Improve SSE behind Cloudflare Proxy

[0.10.5] - 2026-04-28

Added

  • Orchestrator container health check

Changed

  • The tool images are pulled / built (in development) during the orchestrator launch
  • Removed compose profiles and tool services from the Coolify compose file
  • The mail container now uses @wraps.dev/email-check, instead of building it from source
  • Changed web's healthcheck from curl (extra dependency) to bun fetch
  • Revert COPY --chmod Dockerfile optmizations to enable development builds with dockerode

Fixed

  • Could not pull tool containers in a Coolify environment

[0.10.4] - 2026-04-27

Fixed

  • Docker health checks

[0.10.3] - 2026-04-27

Incident

  • Readme must match package version and package version must be different for tag workflow to run

[0.10.2] - 2026-04-27

Fixed

  • Mail image was not tagged correctly

[0.10.1] - 2026-04-24

Added

  • Job queue tasks automatic cleanup with configurable retention (default 1 year)
  • The orchestrator automatically removes orphaned tool containers during startup (only containers with version >=0.10.1)
  • Scan durations (total + per tool) visible in the dashboard
  • Optional docker-compose-caddy.yaml reverse proxy deployment guide
  • Job share link (shares/copies the jobs/[id]/pdf page url)

Changed

  • In the dashboard, the tools now have a centralised icon component
  • Production optimizations on all docker containers. Shaved off ~4GB of unneeded dependencies
  • Optimize Security scan run time, configurable via new environment variables
  • Expanded environment variable documentation

Fixed

  • The orchestrator wouldn't pass tool specific (probe/stress/security) environment variables to tool containers

[0.10.0] - 2026-04-23

Added

  • Mail audit tool

Changed

  • SEO tool no longer includes the official seomator npm package, since we build it from scratch (lighter docker container)
  • seomator & wraps load from my forks instead of the original for consistency

[0.9.2] - 2026-04-22

Changed

  • database initialization happens in web app init instead of request handle
  • web app healthcheck includes database check
  • optimize github workflow images build

Fixed

  • orchestrator enters a restart loop until the first web request is made

[0.9.1] - 2026-04-21

Fixed

  • derived state in notification pages

[0.9.0] - 2026-04-21

Added

  • Apprise Notifications

Fixed

  • tools development builds

[0.8.0] - 2026-04-20

Added

  • Job Scheduling (cron)
  • Automatic delete of website_validations when all related websites are deleted

Changed

  • enhance the long notification template header

[0.7.0] - 2026-04-19

Added

  • Contribution guide
  • ARCHITECTURE.md for AI (or human) coding agents
  • Ability for the superuser to edit user groups

Changed

  • Use nodemailer for system notifications (password reset / user invites), instead of apprise

Fixed

  • ghcr image deployment
  • user group edge cases
  • non-admin users could not edit their account
  • config had wrong package.json path

[0.6.2] - 2026-04-17

Added

  • CI/CD Github workflows

Changed

  • Distinguish dev and production environments and builds
  • COPY shared files into containers instead of binding them from root
  • Updated the main dashboard colors with the ones from the logo
  • Websocket database connections fail after 5 attempts with 1s timeout each
  • The database schema is imported, if needed, by the web app during start instead of a standalone container

[0.6.1] - 2026-04-15

Added

  • Interactive API documentation for website
  • Publish docs to github pages workflow

Changed

  • Add response schemas to API endpoints swagger docs
  • Gatekeep /auth/signup when AUTH_SIGNUP_ENABLED is false

[0.6.0] - 2026-04-15

Added

  • "dev" docker compose profile
  • Diff compare scan results (1 tool type at a time), dashboard only
  • Logo & Favicon generated by Nano Banana 2

Changed

  • The SEO tool changed from cli to typescript implementation
  • Detailed Website verifications stored in database
  • Allow null values (unknown) for domain results boolean values

Fixed

  • Too long SEO results don't crash the SEO tool
  • No need to verify more than 1 websites of the same domain (same-group only)
  • Web missing from the "aio" docker compose profile

[0.5.2] - 2026-04-14

Added

  • Website verification instructions in the Dashboard

Fixed

  • Domain verification worked on unverified domain
  • Websites without a CDN would fail the probe test

[0.5.1] - 2026-04-14

Added

  • Verify functionality in the dashboard
  • Unstuck pending Job Queue Tasks (need to be stuck over 5 minutes)
  • Docusaurus based documentation

Changed

  • Improved the PDF report layout

Fixed

  • Orchestrator wouldn't pick up new Job Queue Tasks without a Whois task
  • Dashboard crash when auth token expires

[0.5.0] - 2026-04-14

Added

  • Web Dashboard
  • Wappalyzer offline database (from last public release)
  • Gotenberg container for PDF generation (only works on production)
  • Ability to change website ownership
  • The Probe tool now also fetches GeoIP data via freeipapi.com (Free Tier)
  • Superuser account

Changed

  • Removed website editing functionality to avoid abuse
  • Improved ACL

Fixed

  • Follow redirects on favicon request (probe tool)

[0.4.1] - 2026-04-10

Added

  • Mandatory Website Verification
    • via DNS TXT record
    • via txt file on web root

Changed

Web

  • all date types now fixed to surrealdb's DateTime

Orchestrator

  • removed network_mode: host from compose file and changed all database address defaults to its hostname (db)
  • tool containers spawned by the orchestrator will join the same network itself is on
  • the job queue items (a.k.a. tasks) don't save the url in target. target is only used for wcag device and whois IP. The url is fetched from websites.url.

Fixed

  • Added authentication instructions to the API Swagger page + minor dark mode fixes

[0.4.0] - 2026-04-08

Added

  • SvelteKit project in /web
    • API with OpenAPI swagger endpoint
    • Auth backend
    • Bun Tests
  • Apprise docker container + pre-work for notifications
  • ACL (admin | editor | viewer) with user invites per website

Changed

  • jobs.user -> job.owner and new jobs.users holds editors / viewers

Fixed

  • Symlinked constants.ts and types.d.ts to wherever needed so that devs can run things without docker as well

[0.3.1] - 2026-04-02

Added

  • Queue retries with bounded backoff (attempts, next_run_at).
  • WCAG multi-device task fanout with per-device screenshots.
  • Domain DNS records in domain_results.records via subfinder.
  • Usage of Cloudflare's DoH endpoint for DNS TXT resolution fallback.
  • Security debug dedupe counters (raw.debug when DEBUG=true).
  • Troubleshooting notes in dev_notes.md.

Changed

  • jobs.wcag now stores an array of WCAG result records.
  • WCAG queue completion now matches task by target device.

Fixed

  • WCAG: install chromium after docker cache invalidation to prevent playwright version mismatch.

[0.3.0] - 2026-04-01

Added

Tools

  • Stress test scanner (Vegeta)

[0.2.0] - 2026-04-01

Added

  • Security scan tool
  • Queued Tasks options passed as environment variables to the containers

Tools

  • Security scanner (nuclei + nikto + wapiti)

Changed

  • Removed the domainTools constant, and implemented domain parsing in the SSL tool's code.

Fixed

  • Limit the WCAG score number to 2 decimals

[0.1.1] - 2026-03-20

Added

Tools

  • Security scanner (nuclei + nikto + wapiti) - WIP

Fixed

  • probe, seo, and whois tools don't fail when there's a database error.

[0.1.0] - 2026-03-20

Added

Tools

  • Domain scanner (rdapper)
  • Probe scanner (httpx)
  • SEO scanner (@seomator/seo-audit)
  • SSL scanner
  • WCAG Checker (@axe-core)
  • Whois scanner

Other

  • Orchestrator (dockerode)
  • Database & Schema (SurrealDB)