Release Notes

💰 Better Pricing, More Value:

• Significant price reductions across all tiers based on improved operational efficiency
• Substantially increased request allowances to better serve growing applications
• All existing customers automatically benefit from new pricing
• No action required - changes apply immediately to your account

📉 New Pricing (AUD):

• Starter: $69 → $25/month (-64%) • 8K → 10K requests/month (+25%)
• Growth: $169 → $119/month (-30%) • 20K → 50K requests/month (+150%)
• Pro: $449 → $239/month (-47%) • 50K → 100K requests/month (+100%)
• Enterprise: $1,500+ → $1,199+/month (-20%) • 200K+ → 500K+ requests/month (+150%)

🎯 What This Means for You:

• More competitive pricing against Auth0, Clerk, and enterprise identity solutions
• Better value for high-volume applications with significantly increased request allowances
• Predictable, transparent pricing as your usage grows
• Lower barrier to entry for startups and growing businesses

🎉 Beta Launch:

• Provenix is now in public beta and accepting early adopters
• All core features battle-tested and production-ready
• Free tier: 1,000 requests/month (no credit card required)
• Early adopter perks: Locked-in pricing for 12 months, roadmap influence

🔔 Subscription Cancellation Visibility:

• Dashboard now shows accurate "Canceling" status for subscriptions pending cancellation
• Displays "Cancels [date]" instead of misleading "Renews [date]"
• Audit logs track cancellation and reactivation events
• Full transparency when users cancel via Stripe Customer Portal

📚 Documentation Consolidation:

• Created MASTER-GUIDE.md - single source of truth for testing and operations
• Comprehensive changelog with all features documented
• Archived 10 obsolete docs into clean repository structure

🔐 Password Reset Functionality:

• Complete forgot password flow with email-based reset
• Secure token generation (SHA-256 hashed, 1-hour expiry)
• Professional HTML email templates via Resend
• Frontend pages: /forgot-password and /reset-password
• Password requirements enforced on backend and frontend

🐛 Critical Bug Fixes:

• Fixed JWT authentication for billing endpoints (was incorrectly using API keys)
• Fixed Stripe webhook signature verification
• Fixed subscription tier limits display in dashboard
• Fixed Next.js 15 useSearchParams hydration errors (wrapped in Suspense)

🎨 Branding Consistency:

• Replaced generic icons with branded Provenix logo in homepage animations
• Updated verification badges to use actual widget image
• Added gradient text highlighting to hero section
• Consistent visual identity across all customer touchpoints

🎨 Improved Pricing Display:

• Cleaner currency formatting following industry standards
• Clear, professional pricing presentation
• Zero ambiguity for international customers

⚡ Optimized Rate Limits:

• Right-sized tier volumes for better performance
• Improved hourly, daily, and monthly limit structure
• Backend and frontend limits now fully synchronized
• Enhanced usage tracking across all tiers

🏢 Enterprise Tier:

• Added dedicated Enterprise tier for high-volume customers
• Custom SLA agreements available
• Dedicated support and onboarding assistance
• White-label options for large organizations

📚 Documentation:

• Updated setup guides and technical documentation
• Comprehensive pricing validation reports
• Improved README with current architecture details

✅ SDK Reliability FIXED:

• SDK 500 errors completely resolved
• Refactored Prisma queries to eliminate connection pooling issues
• Replaced findFirst()/findMany() with findUnique()/direct queries
• Verified with 10/10 successful requests in production
• SDK now 100% reliable for beta users

🛡️ Monthly Usage Limits:

• Free tier: 100 requests/month hard cap
• Paid tier: 10,000 requests/month hard cap
• Prevents runaway API costs during beta testing
• Calendar month boundaries for billing periods
• Enhanced 429 responses with tier, upgrade URL, reset timestamp

⚠️ 90% Warning System:

• Dashboard shows red progress bar at 90%+ usage
• Orange warning at 70%+ usage
• Clear upgrade CTAs when approaching limits
• Red banner with upgrade link for users at risk

📦 Widget Update:

• Published @provenix/widget v0.1.1-preview to NPM
• Updated URLs and fixed integration issues

🏗️ Architecture:

• Removed duplicate rate limiting from auth middleware
• Better separation of concerns: auth verifies identity, separate middleware enforces limits
• Consistent 429 response format across all endpoints

🎉 NPM Package Publishing:

• Published @provenix/sdk to NPM (v0.1.0-preview)
• Published @provenix/widget to NPM (v0.1.0-preview)
• Published @provenix/shared to NPM (v0.1.0-preview)
• Widget now available via unpkg CDN
• Complete developer self-serve onboarding enabled
• Documentation updated with real package names and CDN URLs

✅ End-to-End Testing:

• Comprehensive test suite created
• NPM package installation verified
• Widget CDN confirmed functional
• API health validated (sign/verify endpoints)
• Authentication working correctly
• Interactive widget test page generated

🎨 Professional Branding:

• Professional logo integration (light + dark mode variants)
• Theme-aware logo switching in navigation
• Logo size optimised for visibility (40% larger on mobile)
• Transparent backgrounds for seamless integration
• Interactive widget theme comparison slider in docs

🔒 Audit Trail System:

• Comprehensive security event logging (auth, API keys, security events)
• Database-backed audit log storage with indexed queries
• IP address and user agent tracking for forensics
• Severity levels (info, warning, critical)
• Dashboard UI for viewing audit history (/dashboard/audit-logs)
• RESTful API endpoint (/api/v1/audit-logs) with filtering

Enhanced Rate Limiting:

• IP-based rate limiting (30 req/hour) for auth endpoints to prevent brute force attacks
• Tier-based rate limiting for API keys (100/hr free, 400/hr starter, 1,000/hr growth, 2,500/hr pro, 100,000/hr enterprise)
• Both hourly and daily limits enforced
• Rate limit info exposed via X-RateLimit-* response headers
• Automatic cleanup of expired entries to prevent memory leaks

Mobile Responsive Fixes:

• Verification code inputs now properly sized on mobile devices
• Password requirements grid stacks vertically on small screens
• Dashboard create key form stacks vertically on mobile
• Navigation padding reduced for better mobile experience

Stripe Billing:

• Test mode fully configured with webhooks
• Comprehensive setup and testing documentation
• Ready for end-to-end checkout testing

SDK & Widget:

• Fixed ESM import issues (explicit .js extensions)
• SDK tested with standalone test script
• Widget tested with sample HTML page
• Verified sign, verify, and tamper detection functionality

Email Verification System:

• 6-digit code verification for new signups (10-minute expiry)
• Resend integration with beautiful HTML email templates
• Verification page with auto-focus and paste support
• Password requirements enforced (8 chars, uppercase, number, special char)
• Graceful email fallback (logs to console if sending fails)

New Endpoints:

• /api/v1/auth/verify-email - Verify code and issue JWT
• /api/v1/auth/resend-verification - Resend verification code

Real-Time Usage Tracking:

• New /api/v1/usage endpoint with JWT authentication
• Dashboard now displays actual usage data instead of mock data
• Usage limits based on subscription tier (Free/Paid)
• First API call celebration triggers on real usage