What's landed, when, why. Newest first. Major versions get their own entry; small fixes are summarised.
Public pricing page with FAQ. Privacy, terms, and cookies pages are real (no lorem). Sitemap now lists 90+ programmatic SEO targets across tone, look, and lens permutations — Search Console can index them.
Pro users now generate without managing their own keys. /api/generate/{image,video,audio,voice} routes through our infrastructure with per-modality rate limits (200 image / 40 video / 60 audio / 200 voice per hour). Free users continue calling providers directly with their own keys — that path is unchanged.
Films, scenes, blocks, series, seasons, generations, and user profiles are all in Supabase Postgres now. Every owned row carries user_id; RLS policies anchor on the row's own column so a deleted parent never opens a hole. Block.position uses a fractional index to make concurrent re-orders deadlock-free.
Magic link sign-in (passwordless), Google OAuth, and a password fallback for users who want one. Sessions are validated server-side via @supabase/ssr; protected routes redirect anonymous visitors to the landing.
CSP with allowlists for Supabase, Stripe, Vercel, PostHog. HSTS in production, X-Frame-Options DENY, Permissions-Policy denying camera/mic/geo + FLoC + Topics. Zod-validated env loader as the single source of truth for secrets.
Biome (lint + format), Vitest (unit), Playwright (e2e), Husky pre-commit. tsconfig with noUncheckedIndexedAccess + noImplicitOverride enabled. GitHub Actions CI: typecheck → lint → test → build → e2e.
Studio is in private beta. Five-stage pipeline (Setup → Core → Sequence → Timeline → Render), DP-grade cinematography controls, identity anchors across cuts.