Fourteen SystemsFourteen Systems

Changelog

Each release is tagged and versioned. Format follows Added, Changed, Fixed, and Upgrade Notes.

v1.1.0

February 23, 2026

Added

  • 21-endpoint REST API (auth, org, members, invitations, projects, API keys, billing, audit)
  • OpenAPI 3.1 specification served at /api/v1/openapi.json
  • API discovery endpoint at /api/v1 with capabilities, auth format, and rate limit info
  • GET /api/v1/me returns membership with role and expanded permissions
  • Shared response envelope — { data } for success, { error } with code, message, and requestId for failures
  • CORS support with configurable allowed origins
  • Per-endpoint rate limiting with Retry-After and X-RateLimit headers
  • Pagination with page, pageSize, total, and totalPages metadata

Changed

  • Permission names standardized: member.changeRole → member.update, apiKey.revoke → apiKey.delete, audit.export → audit.read
  • Audit actions expanded from 22 to 24 (added resource.read, resource.delete)
  • Request IDs are now always server-generated (no longer trust client X-Request-Id header)

Fixed

  • Bare catch blocks in project and invitation DELETE routes now check Prisma P2025 error code
  • Audit route validates action filter against runtime Set instead of unchecked type cast
  • Audit route validates date query params with isNaN check before use
  • GET /api/v1/members now requires member.list permission

v1.0.0

February 23, 2026

Added

  • Multi-tenant auth with magic link, OAuth, and session management
  • Two-factor authentication (TOTP) with QR setup, backup codes, and per-user toggle
  • Typed RBAC — 3 roles, 13 permission gates, server-side enforced
  • Entitlement-driven billing — Stripe subscriptions, plan switching, proration, and hard limits
  • Real-time usage metering with color-coded progress bars on dashboard and billing pages
  • Audit logging — 22-action taxonomy with date-range filters and export
  • API key management — create, list, revoke with SHA-256 hashed storage and rate limiting
  • Background jobs (Inngest) — billing reconciliation, audit purge, data export, webhook retry
  • Idempotent Stripe webhook handler with state machine and deduplication
  • Feature gating across routes, navigation, and server actions (9 toggleable features)
  • Notification preferences — per-user email toggles for billing, invites, and updates
  • Data export — GDPR-style one-click export via background job
  • Admin panel with user search, status filter, and Zod-validated actions
  • Workspace settings — org name, URL slug, with unsaved-changes guard
  • Onboarding checklist with server-backed completion actions
  • Email system — 4 branded templates, dev preview server, graceful degradation
  • Doctor script — validates env, database, Stripe, and Prisma health
  • Setup wizard — interactive .env generation, Prisma setup, and optional seed
  • CLI installer (create-saascorex)
  • E2E test suite (Playwright) with CI integration
  • 5 deployment guides (Vercel, Docker, Railway, Fly.io, self-hosted)