Skip to main content

bugAgent Changelog

Product updates, new features, and improvements.

Subscribe via RSS

Daily: Ship to prod: v12.97 — refinement judge rubric v2 + strict-intent grading fix (TEST-BA-131)

31 commits — Bug fixes: - fix(automations): center detail rail and clarify AI action

Refine with AI: stricter script judging and intent-aware certification

The refinement judge now scores scripts per-criterion with a hard-fail taxonomy, and strict-intent mode is enforced at certification grading.

Daily: Ship to prod: v12.95 — resolve MCP report user names

3 commits — Bug fixes: - Fix MCP report user name resolution

Analytics: stat-card trends now compare against the previous period

The Avg Quality Score, Open Bugs, and Automation Pass Rate cards showed a real change vs the previous period instead of a permanent "0%".

Mobile test recorder: automatic login capture

Pick a login profile and just log in while recording — the username and password fields are now detected and protected automatically. No more Mark buttons.

Mobile login capture: smarter, safer credential handling

Login fields are detected automatically during mobile recording, and passwords are never stored in plaintext — even outside the guided login capture.

Mobile runs now self-heal broken locators

When a recorded label can't be found on the device, the runner ties it to the live screen's stable id and retries — recordings survive the trip from recorder to real device.

Daily: deps(mcp-server): bump adm-zip from 0.5.18 to 0.6.0 in /mcp-server

27 commits — Bug fixes: - fix: keep report details within responsive viewports

Self-healing tests, front and center

Your web and mobile automations self-heal broken locators — now documented across the site, API reference, and MCP tools.

Daily: Ship to prod: v12.66 — market self-healing across homepage, docs, API & MCP

23 commits — New features: - Add Gherkin .feature export for mobile automations (QMS/compliance)

Export mobile tests as Gherkin .feature files

On a mobile automation, download its steps as a human-readable Gherkin (.feature) BDD spec — handy for compliance and QMS documentation.

Tighter privacy for AI mobile test refinement

Values typed on the test device during an AI refinement are now redacted from the cloud device provider's session logs, and the refinement chat is rate-limited to keep runs bounded.

Refine with AI: pin per-step checks when you start a refinement

When you refine a mobile test with AI, you can now attach an expected result to any recorded step — the agent verifies each one while certifying the script.

Daily: Ship to prod: v12.63 — GuardKit closure (maskCommands always + atomic message cap, BA-133)

33 commits — New features: - Add per-step expectation capture to the Refine entry modal (TEST-BA-140)

More reliable device cleanup when cancelling AI mobile-test refinement

Cancelling a refinement while its test device is still starting up now releases the device immediately, instead of leaving it briefly reserved until an idle timeout.

Login Profiles for mobile testing

Save reusable login credentials once, then run your mobile tests as any role — no re-recording.

Daily: Ship to prod: v11.98 — fix generateAccessReview wrong columns (team_members.created_at, api_keys.prefix)

49 commits — Bug fixes: - fix(compliance): service-auth path for headless access-review (OFI-022)

Daily: Ship to prod: v11.83 — mobile credential vault P2 (playback injection)

25 commits — Bug fixes: - Fix BA-147 linked ticket row highlighting - Fix BA-135 web automation back link layout

Secure login profiles for mobile automation (foundation)

You can now store named username/password login profiles per project — encrypted and write-only — as the foundation for using real credentials in mobile tests.

Daily: Ship to prod: v11.60 — Maestro + Playwright importer dialects

52 commits — Bug fixes: - Fix chat notifications and extension capture regressions - Fix BA-116 orphan sweep pagination

Import Maestro and Playwright test scripts

The mobile script importer now understands Maestro YAML flows and Playwright (mobile-web) scripts, on top of Appium-Python and WebdriverIO.

More reliable field resolution in mobile refinement

Input fields that have no stable ID now resolve by their own on-screen label instead of falling back to a positional guess.

Mobile refinement now checks your per-step expectations

Refine-with-AI certification verifies each step_expectation against a screenshot taken at that step, and can block certification under strict intent.

Daily: Ship to prod: v11.21 — BA-133 F4: mask secrets in agent output (post-output GuardKit scan)

44 commits — Bug fixes: - Fix BA-147 link modal suggestions - Fix project move ticket numbering

Refine with AI: cancelling is now instant, and stuck runs recover on their own

Cancelling a refinement now stops it within seconds — even in the middle of a device run — and a run that gets orphaned by an infrastructure blip now recovers automatically instead of hanging.

Refine with AI: live status narration

The Refine-with-AI builder now shows a plain-language status banner the whole way through — so you can always tell whether it is queued, working, waiting on you, or stuck.

Daily: BA-142 phase 1: tighter reaper for stuck refinement device runs

13 commits — Bug fixes: - Fix BA ticket batch 491 483 482 416

Secrets in Refine with AI chat are now auto-masked

API keys, tokens, and passwords pasted into a refinement chat are detected and masked before the message is stored or sent to the agent.

Daily: Ship to prod: v11.05 — BA-133 GuardKit F1 secret masking

33 commits — Bug fixes: - Fix batch of BA regression tickets - fix legacy dashboard bug regressions

Refine with AI certifies against your goal

When you refine a recorded mobile tour, you can now tell the agent what the tour should achieve — and it certifies the script against that goal, not just that the steps run.

Daily: Ship to prod: v10.92 — deterministic run-triage classifier (TEST-BA-130 Slice C)

53 commits — Bug fixes: - Fix old BA ticket batch - Fix BA-112 BA-135 BA-103 retest polish

Sturdier locators under the hood for Refine with AI

The mobile refinement engine now ranks multiple element-locator strategies per step and screens drafts for brittle selectors before spending a device run.

Refine with AI: live builder for mobile test automation

A new builder page turns a recorded mobile flow into a certified automation with an AI agent — watch it work in real time and steer it as it goes.

Daily: Ship to prod: v10.67 — reserve device budget for certification (TEST-BA-131)

53 commits — Improvements: - Ship to prod: v10.67 — reserve device budget for certification (TEST-BA-131) - TEST-BA-131: reserve device budget for certification (fixes cert starvation)

v10.66 — Refine with AI: on-device refinement and certification

The Refine with AI engine can now drive real devices: it explores your app live, compiles a reliable script, proves it with repeated real-device runs, and certifies the result — all under a durable worker that survives restarts.

v10.55 — Durable mobile refinement worker (foundation)

The Refine with AI engine gains its durable execution core: refinement jobs now survive deploys and restarts, every agent tool call is exactly-once, and stuck jobs are detected and reported automatically.

Foundations for Refine with AI: refinement jobs, audit-grade event log, script versions

New data layer and APIs for the upcoming Refine with AI capability: refinement jobs with strict budgets, a tamper-resistant event log designed for regulated audit trails, and immutable script version history.

Mobile test runs now execute on dedicated automation infrastructure

Mobile Appium runs moved from the web app to the automation runner service — starting a run responds instantly, runs survive app deploys, and interrupted runs are cleanly marked instead of hanging.

Mobile recording: device selection honored + richer recording data

Recording sessions now launch on the device you pick instead of a default emulator, and each recording keeps the structured screen data (element ids, labels, positions) that powers upcoming AI-assisted test refinement.

Mobile test automation: self-healing BrowserStack app uploads

Mobile runs no longer fail when BrowserStack deletes an uploaded app build after its 30-day retention — bugAgent re-uploads your app automatically from stored binaries.

Daily: Ship to prod: v10.24 — recording artifacts persistence + device-selection fix (TEST-BA-125) (#921)

47 commits — Bug fixes: - Fix old bug report batch

Daily: Force Google OAuth account chooser

43 commits — New features: - Add accessibility (pa11y/axe) checks: marketing CI job + dashboard smoke scan

Daily: compliance: add 2026-06-29 review entry (top, full day record) + remove erroneous duplicate backfills

45 commits — Bug fixes: - Fix empty report environment editing

Daily: Ship to prod: v10.02 — Astro 6→7 + @astrojs/node 10→11

8 commits — Improvements: - Ship to prod: v10.02 — Astro 6→7 + @astrojs/node 10→11 - Ship to prod: v10.01 — kanban live-update + bug-report status default 'new'

Daily: compliance: SOC 2 weekly checkpoint 2026-06-26 (CTRL-MON-001) (#869)

5 commits — Bug fixes: - Fix mobile project scoping regressions - Fix new user signup notifications

Daily: ci: grant actions:read so compliance-evidence reports real R2 export status

71 commits — Bug fixes: - Fix stuck performance runs after rapid starts

OKF/OQA knowledge sync moves to an hourly cadence

Automatic mirroring of a project's OKF/OQA knowledge bundle to its connected GitHub repo now runs on a steady hourly schedule.

Continuous knowledge sync to GitHub

Your project's QA knowledge now pushes to your connected GitHub repo automatically on every change.

Daily: Ship to prod: v9.88 — Knowledge sync repo/branch dropdowns + create-branch

24 commits — New features: - Add pure OKF/OQA export mapping core (dashboard/lib)

Daily: Ship to prod: v9.7 — PostHog LLM analytics () across all Anthropic calls

14 commits — Bug fixes: - Fix security scan queue state and run timezones - Fix activity feed terminal run status

Daily: Ship to prod: v9.63 — trust page ISO 9001 roadmap card

13 commits — Bug fixes: - Fix report detail optional widget null guards

Daily: chore: add fable mode Claude skill

5 commits — Bug fixes: - fix: use bookmark icon for saved chat rail

Daily: Ship to prod: v9.61 — show learn-more links and failing elements in perf results (TEST-468)

35 commits — Bug fixes: - Fix TEST-BA-030 linked ticket IDs - Fix security scan and bug modal regressions

Performance reports now show failing elements and learn-more links

Lighthouse audit results in Performance Test Results now include links to documentation and lists of failing DOM elements / affected resources.

Team Chat DMs warn sender when @mentioning a non-participant

Selecting an @mention for someone not in a DM now shows an inline orange warning so the sender knows that person won't receive a notification.

DM @mention now warns when recipient is not in the conversation

Tagging a non-participant in a Direct Message shows an inline warning so the sender knows the message won't notify them.

Daily: deps(runner): bump browserstack-node-sdk in /runner

21 commits — Bug fixes: - Fix modal environment capture - Fix Create Bug source tracking

Daily: Ship to prod: v9.55 — open Create Bug in the global modal

19 commits — Bug fixes: - fix: open create bug in modal - Fix TEST-BA-072 copy link title sync

Daily: deps(dashboard): bump @anthropic-ai/sdk in /dashboard

12 commits — Bug fixes: - Fix reopened retest issues - Fix dashboard cursors and report title copy link

Daily: Ship to prod: v9.49 — allow duplicate workspace names on create

60 commits — Bug fixes: - Fix report link and export project filters - Fix agent queue scoping and Claude model IDs

Daily: Ship to prod: v9.45 — human email signups no longer flagged is_agent

18 commits — Bug fixes: - fix: tolerate pending automation metadata migration - fix: tolerate pending automation metadata migration

Daily: Ship to prod: v9.43 — esbuild 0.28.1 patch (mcp-server/runner/agent)

21 commits — New features: - Add local UI smoke flows

v9.41 — formatted comments, richer exports, and project-safe security scans

Bug-report comments now render Markdown and your timezone inline, CSV exports include linked tickets and more fields, there's a new "Unresolved" resolution, security scans stay in your active project, you can paste screenshots throughout the report dialog, plus saved-view and Team Chat fixes.

v9.28–v9.29 — sturdier scans and schedules, plan lineup corrections

Orphaned security scans now self-heal, workspace-level mobile schedules appear everywhere they should, CSV exports use the new ticket ID format, several UX fixes — and Team Chat becomes an Enterprise feature with the pricing page corrected.

Daily: Ship to prod: v9.31 — comment editor sizing, geo-snap dropdown clip, template append, short-ID resolver

53 commits — Improvements: - Ship to prod: v9.31 — comment editor sizing, geo-snap dropdown clip, template append, short-ID resolver - Bug Reports: append template to existing text instead of ignoring it (TEST-2

v9.27 — live scan status, inline screenshots when editing, and run attribution

Security scan pages now update in real time, screenshots can be pasted directly while editing a bug report, runs across Performance, Security, and Geo-Snap show who created and ran them, plus CSV export and UI fixes.

v9.04 — chat mention deep-links, Geo-Snap accessibility, fresh-setup repairs

Mention notifications now name the channel's project and link straight to the right channel; Geo-Snap preview buttons gained tooltips and screen-reader labels; developer setup from a clean machine now works first try.

Daily: deps(runner): Bump @types/node from 25.9.2 to 25.9.3 in /runner

34 commits — Improvements: - deps(runner): Bump @types/node from 25.9.2 to 25.9.3 in /runner - deps(runner): Bump browserstack-node-sdk in /runner

Daily: Ship to prod: v9.02 — fix Create Workspace/Project modal trapped in sidebar

2 commits — Improvements: - Ship to prod: v9.02 — fix Create Workspace/Project modal trapped in sidebar

Fixed: Create Workspace/Project dialogs on narrow screens

The Create Workspace and Create Project dialogs now open correctly on narrow windows, tablets, and mobile instead of blacking out the left panel.

Dependency security patch (v9.01)

Patched a critical advisory in a development-only build dependency and expanded CI dependency-audit coverage to every workspace.

Daily: Ship to prod: v9.01 — patch shell-quote critical (CVE-2026-9277)

50 commits — Bug fixes: - Fix workspace invite landing for existing users — use ?returnTo= so login redirects back to invite page

Mobile, performance & security MCP tools now work end-to-end

A batch of MCP tools were calling backend services that were never deployed, so they errored on every call. They now run against the real backends.

Bug report links on test results now persist

Linking a bug report to a failed test case now sticks across later edits and page reloads, so it reliably appears in CSV and JSON run exports.

Direct messages from a new contact appear instantly

A first-ever direct message now shows up in the receiver's Team Chat rail automatically, even if they were already on another channel when it arrived.

Automate Mobile runs are now project-scoped

Mobile test runs and the New Script app picker now respect the active project instead of showing data from across the whole workspace.

Pasted screenshots now appear inline in bug descriptions

Copy-pasting a screenshot into the Report a Bug composer now inserts the image inline in the description instead of creating an attachment chip.

Paste images and markdown formatting in comments

Bug report comments now support pasting screenshots directly into the text area and using markdown syntax for bold, italic, bullet lists, and more.

Fix: Workspace invite landing for existing users

Invited users who already had a bugAgent account were landing on their old workspace instead of the invited workspace after logging in.

Fix: Security scan no longer fails with 403 when target URL has leading/trailing spaces

A leading space in a stored scan target URL caused the domain-verification helper to produce an unparseable URL string, resulting in a 403 "Domain not verified" error for every run attempt. The helper now trims whitespace before parsing, and the scan-creation API trims URLs on save.

Fix: Exploratory AI no longer files false-positive bugs for working pages

The Exploratory AI runner was generating Playwright scripts that tried to interact with elements on the wrong page (e.g. clicking "Create Account" while still on /login), causing 60-second timeouts and misleading bug reports. Scripts now always navigate explicitly to the page containing each element before interacting with it.

Test run notes now save correctly when navigating between cases

Notes typed for a test case were silently lost when clicking the Next arrow. Also fixed: the Team Chat composer and Send button were hidden below the viewport on standard screen sizes.

Daily: Ship to prod: v8.90 — fix notes lost on Next in test runs (TEST-592) + chat composer off-screen (TEST-617)

24 commits — Improvements: - Ship to prod: v8.90 — fix notes lost on Next in test runs (TEST-592) + chat composer off-screen (TEST-617) - deps(runner): bump browserstack-node-sdk in /runner

AI assistant error messages improved

The AI chat panel now shows a clear "temporarily busy" message when the AI service is overloaded, instead of the generic "Unable to generate a response." Also fixed an internal bug where the AI was always told the team had 0 bug reports in its context.

v8.87 — Bug fixes: session note deduplication + sequential run names

Fixed two reliability issues: session notes no longer get created twice when Save is clicked, and test runs now get sequential names (Run #1, #2, …) instead of random numbers.

@mention & +ticket links, smarter agent queue

Type @ to mention teammates or + to link tickets anywhere you write — comments, session notes. The agent queue now picks up awaiting-triage and confirmed tickets and sorts by priority within each severity band.

Notes toolbar now formats all selected lines

Bullet List, Numbered List, Blockquote, and Heading toolbar buttons now apply to every line in a multi-line selection, not just the first.

Fix: notification panel now says "No notifications"

The bell panel empty state label is now consistent with the panel header.

Fix: kanban board horizontal scroll restored

Two-finger trackpad scrolling on the bug reports kanban board is working again.

Chat save button now shows bookmark icon

The "Save for later" button on chat messages now correctly shows a bookmark ribbon instead of a heart.

Activity feed section filters

The section pills on the Activity Feed are now interactive multi-select filters.

Team Chat DM unread dot now updates in real-time

The orange unread indicator on a Direct Message now lights up instantly when someone sends you a message — no browser refresh needed.

Daily: Ship to prod: v8.84 — fix notification panel empty state label (TEST-554)

18 commits — New features: - Add outputSchema to all MCP tools via registerTool wrapper — v8.80

Smithery integration & MCP output schemas

bugAgent MCP is now listed on the Smithery registry with full tool discovery and typed output schemas on all 111 tools.

MCP Server: Smithery & third-party client compatibility

Fixed MCP server rejecting connections from Smithery and clients that send only Accept: application/json. Also opened CORS for the /mcp endpoint and corrected OAuth discovery URLs.

Footer social links fixed

GitHub icon now links to the TestLauncher org; Discord invite updated to the current URL.

Daily: Allow unauthenticated initialize/tools/list on MCP endpoint

57 commits — New features: - Add root route to mcp-server — returns branded JSON instead of 404

Browser warns before discarding a comment draft

Typing a comment on a bug report and then refreshing or navigating away now triggers the browser's native "Leave page?" confirmation, preventing accidental draft loss.

Fixed MCP bug reports landing with no project

Calling create_bug_report via MCP without specifying a project now correctly falls back to the default project instead of producing an invisible report.

Fixed mobile app download opening a 404 tab

Downloading an app from the Automate Mobile detail page silently succeeded but also opened a 404 tab. The dead second click listener has been removed.

Thread replies now support message editing

Hovering over your own thread reply in Team Chat now shows the edit pencil icon. Editing, saving, and cancelling all work the same as in the main channel feed.

Astro 6.4.4 upgrade

Dashboard upgraded from Astro 6.2.2 to 6.4.4 and @astrojs/node from 10.0.6 to 10.1.3, resolving a stale Vite cache issue in local dev and unblocking future dependency updates.

v8.62 — Editable project Short ID prefix

Managers and admins can now customise a project's ticket prefix (e.g. BA → BANT) from Settings, and a DB-level unique index now prevents duplicate prefixes within a workspace.

v8.61 — Short ID in all create-report responses

Bug reports created via the MCP server or the dashboard API now return the canonical short ID (e.g. TEST-BA-023) in the response, consistent with quick-submit and AI-create flows.

v8.59 — Fix chat typing indicator crash on reconnect

Closes a race where the typing broadcast called .send() on an invalidated channel during realtime teardown.

v8.58 — Type filter default and score spinner on new reports

Reports page type filter now defaults to "All Types" instead of "—", and newly filed reports show the quality score spinner immediately instead of a blank cell.

v8.57 — Extension project picker, realtime row IDs, and chat reconnect reliability

Three post-v8.56 bug fixes: extension project picker robustness, realtime report rows now show correct per-project IDs, and chat page no longer errors on realtime reconnect.

Per-project ticket IDs (TEST-BU-001 format)

Bug reports now carry a per-project sequential counter in addition to the workspace counter. New IDs look like TEST-BU-001 — workspace prefix, project prefix, project-scoped number. Old IDs (TEST-123) are fully preserved.

Fix: bug reports created from Notes or Exploratory AI findings are now always visible

Bug reports converted from a note with no project, or promoted from an Exploratory AI finding on an unprojectted exploration, were silently assigned null project_id and never appeared in any project view. Both are now routed to the team's default project.

Keyboard escape hatch in script editors; project context in bug report IDs

Playwright script editors now let you exit with Escape after Tab-indenting, resolving the keyboard trap. Bug report IDs now show the active project name underneath so workspace-scoped numbering is immediately clear.

Test run exports now show tester names and bug report IDs

CSV exports from test runs now populate the Tester column correctly when exported in the same session as executing the run, and include a new Bug Report ID column.

Fix: Quality score breakdown now shows whole numbers

The score breakdown tooltip now displays values like 8/10 instead of 0.8/10.

Fix: Jira/GitHub/Slack connect buttons now open in a new tab

OAuth connection flows no longer replace your current page.

Fix: Add Test Case now stays in the correct project

Clicking "+ Add Test Case" on the test cases page no longer switches you to a different project.

Daily: Ship to prod: v8.56 — per-project ticket IDs (TEST-BU-001 format)

48 commits — Bug fixes: - Fix TEST-578: quality score breakdown multiply by 10 before display - Fix TEST-579: OAuth connect buttons open in new tab

Security: dependency hardening (v8.48)

Patched a bundled web framework dependency to clear several moderate-severity advisories. No user-facing behavior changes.

Cleaner ticket header — copy-link is now icon-only

The "Copy link" button on bug ticket pages is now an icon-only button, preventing it from shifting position when ticket titles are long.

Bug Reports filters now respected by realtime updates

New bug reports filed by other team members no longer appear in your filtered Bug Reports list when they don't match your active filters.

Bug report FAB is now draggable

The floating bug report button can now be dragged to any position on screen, preventing it from overlapping UI elements like the chat send button.

Chat realtime stability fix

Fixed a race condition that caused "cannot add postgres_changes callbacks after subscribe()" errors in team chat.

Daily: Add /pricing-sheet — 1-page professional pricing document for warm leads (v8.36)

99 commits — New features: - Add /pricing-sheet — 1-page professional pricing document for warm leads (v8.36) - Add brand.ts color system + update CLAUDE.md — neon green replaces amber

Start free — no trial required

The Start Free button now drops you straight onto the Free plan: no 7-day trial, no credit card. Team's 7-day trial is unchanged.

New Service plan + OQA Graph-RAG Engine add-on

A fully-managed testing plan run by our team, plus a new Graph-RAG knowledge-engine add-on — now on the pricing page.

Name your own workspace + dashboard fixes

New accounts can name their own workspace at signup; usage meters count correctly on unlimited plans; and Free tier now shows Scheduled in the sidebar.

Team Chat: share any file + a smarter unread badge

Attach documents, PDFs, and logs in chat (not just media); the unread badge now clears as you read and points to the right conversation; and the AI Assistant is more reliable about actually creating notes.

Mobile runs & code reviews no longer get stuck

Interrupted mobile test runs and code reviews are now automatically resolved instead of showing "Running" or "Analyzing" indefinitely.

Performance runs no longer get stuck on "Running"

Interrupted performance tests are now automatically marked as failed instead of showing "Running" indefinitely.

Daily: Free tier: show 'Scheduled' in the sidebar + tier-aware empty-state (TEST-495)

99 commits — Improvements: - Free tier: show 'Scheduled' in the sidebar + tier-aware empty-state (TEST-495) - Count real usage for unlimited plans on Performance & Security (TEST-496)

Team Chat unread badge + reliable AI notes

A live unread badge on Team Chat for DMs and mentions, and AI-created session notes now land in your current project.

Dashboard polish: clearer unlimited usage + Kanban headers stay visible

Unlimited plans now read "unlimited" on the usage meters, and Bug Reports Kanban column headers stay visible while you scroll.

Team Chat: timestamps now show in your timezone

Fixed message timestamps that could display in UTC instead of your local time.

Team Chat: pin messages & save your own

Pin important messages to a channel for the whole team, and save messages privately to your own list.

Team Chat: inline YouTube, clickable links & reliable attachments

Paste a YouTube link to watch it inline, links in messages are now clickable, and image/video attachments upload reliably.

New: Team Chat (Team & Enterprise)

Real-time team chat is now built into bugAgent — project-scoped channels, threads, direct messages, reactions, @mentions, image & video sharing, presence, typing indicators, message editing, and full-text search.

Activity feed: scheduled & automated runs now show up

Scheduled runs (web, mobile, security, exploration) now post to the real-time Activity Feed when they kick off — not just when they finish — so automated activity is fully visible alongside everything your team does manually.

Activity feed: category icons, live progress bars & 24-hour history

The real-time Team Activity Feed got a visual overhaul — every event now carries a colour-coded category icon and an animated progress bar, mobile test runs stream in, the feed opens to the last 24 hours, and lines show the person's first name.

New: Real-time Activity Feed (Team & Enterprise)

A live, wall-monitor-friendly feed of your workspace's QA activity — bugs, automations, tests, and scans as they happen.

Refreshed plans: Free, Team & Enterprise

Simpler three-tier pricing, a 7-day Team trial, and more generous storage.

Daily: Activity feed: start events for performance/security/exploration/test runs

67 commits — Bug fixes: - Fix pricing tooltip stacking: lift hovered card above neighbours

Simplified Team plan

One flat Team price with everything included — no separate add-ons to manage.

Trials now move to Free automatically when they end

When a 14-day Team trial ends, the workspace automatically switches to the Free plan.

Geo-Snap is now a Team plan feature

Geo-Snap (multi-country screenshots) is included with Team and Enterprise, up to 5 countries per capture.

Cleaner workspace navigation

The sidebar now shows only the tools enabled for your workspace.

Enterprise: custom per-workspace tool selection

Enterprise workspaces can now be provisioned with a tailored set of tools and custom monthly quotas.

Simpler pricing: Free, Team, and Enterprise

We've streamlined our plans — the Pro tier is retired, and everything it offered is now included in Team.

Daily: Phase 2a: per-workspace tool entitlements foundation

19 commits — Improvements: - Phase 2a: per-workspace tool entitlements foundation - Retire the Pro plan tier (pricing Phase 1: Free / Team / Enterprise)

Preview tab now works on shared notes (read-only)

When viewing a shared session note you do not own, clicking the Preview tab now renders the markdown content correctly.

Preview tab now works for Session Report notes

The Edit/Preview tab pair now appears for notes in Session Report format, allowing rendered markdown preview of your session notes.

Performance test configurations now open on click

Clicking a performance test card in the Performance Testing page now navigates to a full configuration detail page, showing test settings and run history.

Daily: deps(dashboard): bump @sentry/astro in /dashboard

4 commits — Improvements: - deps(dashboard): bump @sentry/astro in /dashboard - deps(dashboard): bump @anthropic-ai/sdk in /dashboard

Daily: docs: expand hourly queue pick-up statuses to new/triage/confirmed

22 commits — Improvements: - docs: expand hourly queue pick-up statuses to new/triage/confirmed - Ship to prod: v6.14 — Close linked tickets via browser Supabase client, not API fetch

Close linked tickets when closing a report

When closing a bug report, you can now select which linked open tickets to close at the same time — with the same resolution and root cause applied automatically.

Close linked tickets when closing a report

When closing a bug report, a modal now asks which linked open tickets to also close — applying the same resolution and root cause.

Daily: Ship to prod: v6.09 — Close-linked modal: call saveSection directly, not btn.click()

102 commits — Improvements: - Ship to prod: v6.09 — Close-linked modal: call saveSection directly, not btn.click() - Ship to prod: v6.08 — Fix close-linked modal: no reload, no Chrome popup, live panel update

Change Log now captures all ticket activity

Status changes, field edits, and comments made by agents or via the API now appear in the bug report Change Log.

Linked Tickets polish + Activity filter fix

Linked Tickets section header now matches other card headers; empty-state text replaced with a tooltip. Activity page filter dropdowns no longer truncate in Chrome.

Fixed broken save on Session Notes with folders

Saving a session note with a folder assigned was silently failing due to a JavaScript syntax error.

Fixed crash on Time Tracking page

Resolved a JavaScript error that prevented the Time Tracking page from loading.

Fix: 500 error opening any bug report

A variable ordering bug caused every bug report detail page to crash with a 500. Fixed in v5.95.

Marketing site now detects logged-in state

The bugagent.com header now swaps "Log in" to "Open App" for users who are already authenticated.

Drag-and-drop attachments now supported in Session Notes

You can now drag files directly onto the attachments area of a Session Note, just like on bug report pages.

Fix performance run unarchive restoring wrong status

Unarchiving a performance run now restores its original status instead of always setting it to completed.

Silent-500 DB errors now surface in Sentry (reports, automations, misc)

25 API routes across reports, automations, and misc clusters now emit grouped Sentry issues and Railway logs when a DB call fails, instead of returning a silent 500.

Auto-scroll and toast on automation run completion

When an automation finishes, the result row now scrolls into view automatically and a toast confirms the outcome above the fold — no manual scrolling required.

Performance pages now respect your Account Settings timezone

Performance test run timestamps on the detail and list pages now display in the timezone set in your Account Settings, instead of always showing UTC (which appeared as Iceland time for US-based users).

reporter_user_id filter for list_bug_reports MCP tool

The AI Assistant can now query bug reports by a specific reporter. Pass reporter_user_id (a UUID from list_team_members) to list_bug_reports to get that person's reports accurately — resolving the contradictory responses the AI previously gave when asked "show me reports by [name]".

Quality scores now applied to MCP-created bug reports

Bug reports submitted via the MCP create_bug_report tool now receive quality scores automatically. A Score button on the report detail page lets you score existing unscored reports on demand.

Multi-tenant Agent Queue

The Agent Queue is now available to all paid workspaces — no longer limited to the internal TestLauncher dogfood team.

Poll back-off — no more alert floods during outages

Run-progress pollers now pause and back off after 3 consecutive server errors, preventing Slack alert floods during upstream blips.

Agent orchestrator skeleton

The autonomous bug-fix agent is now wired up — it polls the queue, claims tickets, and dispatches Claude subagents to work them end-to-end.

Draft status for bug reports

Save a partial bug report as a Draft — it stays in your queue, not the agent's.

Bug Report Activity Feed

New Activity page under Bug Reports shows recently created, updated, and closed reports across any time window — with CSV export.

Authenticated Performance Testing

New Performance Tests can now audit authenticated pages using session credentials.

Clearer error message for top-level await in automation scripts

Playwright JS automation scripts that use top-level await now show a plain-language explanation instead of a cryptic Node.js internal error.

+ New Script button restored on Automate Mobile

You can now create a blank YAML or Appium script directly from the Automate Mobile automations tab, without needing to record a test first.

Edit/Preview tabs on new session note page

The markdown Edit/Preview toggle is now available when creating a new session note, matching the behaviour on existing notes.

Device & Environment edit fields now fill available row space

The OS, Browser, Device, and URL inputs in the Device & Environment edit mode no longer have a fixed width cap — they now flex to fill the full row width after their label.

Kanban board: Shift+wheel scrolls horizontally without clicking first

Hovering over the Kanban board and using Shift+scroll wheel now scrolls the board horizontally — no need to scroll down to the scrollbar and click it first.

Unsaved changes guard on bug report detail page

Navigating away from a bug report while an inline edit is open now prompts with three choices: save changes and leave, leave without saving, or stay on the page.

Time-entry description limit, note title extraction, accessibility copy

Enforces a 500-character cap on time-entry descriptions with a live counter, fixes note title extraction to skip structural section labels, and corrects the axe-core rule count on the Accessibility Statement page.

Note and bug-report titles no longer inherit template section headings

Auto-generated titles now skip structural labels like **Summary** and use the actual content written below them.

Time entry descriptions capped at 500 characters

Time Tracking and bug-report Log Time fields now enforce a 500-character limit with a live counter and backend validation.

Internal: Fix 3 latent bugs found in TypeScript audit

Triage of 1700+ astro check errors uncovered three genuine runtime risks. All three are fixed; the rest are type-debt tracked separately.

Time logged on bug reports now tracks correctly

Time entries logged from within a bug report are now linked back to that report, and the total time_spent_seconds on each bug report reflects all associated time.

Performance tests now time out gracefully instead of hanging

Fixed a bug where performance tests could run indefinitely and show a misleading "Completed" status with empty results. Tests now fail cleanly with a clear error message after 10 minutes.

Note Folders — organise testing notes into sections

Notes now have a folder system. Create named sections like "Onboarding" or "Release Notes", file notes into them, and browse by folder from the new sidebar.

Bug Reports filter persistence fixed for reporter and assignee

Reporter and Assigned To filters now survive multiple navigation round trips — previously the second return from another page silently reset the reporter dropdown.

Performance Test Configuration cards now clickable

Clicking a performance test configuration now opens its detail page, matching Security scan card behavior.

Paste screenshots directly into bug reports

Press Ctrl+V / Cmd+V to attach a screenshot to a bug report — no file picker needed.

Bug Report Priority field

Bug reports now have a Priority field — set fix urgency (Urgent / High / Normal / Low) independently of technical severity.

Automate Web editor improvements

AI language-translation constraints, unsaved-edit awareness, and Tab-key indentation in the script editor.

Automate Web: pre-auth AI guidance and quieter config-error reporting

AI now recommends the built-in Pre-Auth feature for login workflows; config-error run failures no longer auto-create noise bug reports.

Attachment downloads now work correctly

Clicking the Download button on bug report attachments now saves the file instead of navigating away from the app.

HTML comments stripped from bugagent.com in production

All HTML comments are now removed from the website build output, eliminating false-positive security scanner hits on structural section labels.

Bug type dropdowns now show all 19 types

The bug type filter on the Reports list and the type selector on individual report pages were both missing types and unsorted. Both now derive from the canonical source and are sorted alphabetically.

Daily: Ship to prod: v5.48 — Fix Performance Test Configuration click (TEST-122)

64 commits — Improvements: - Ship to prod: v5.48 — Fix Performance Test Configuration click (TEST-122) - Ship to prod: v5.47 — Paste-to-attach screenshots in bug reports (TEST-108)

Mobile automation: "Failed to start run" error after a previous run ends

Fixed a bug where clicking Run Now on a mobile automation would show "Failed to start run" if a previous run had already completed (passed or failed).

Create Automation: confirmation button replaces auto-open tab

The extension now shows a "View Automation →" button after creating an automation instead of immediately opening a new tab, giving users a moment to see the confirmation before navigating.

Create Bug: Device & Environment is now opt-in

The Create Bug form no longer auto-fills your viewport and browser info. A new "Include env" toggle lets you opt in when you're reporting a bug from the same device where you saw it.

Geo-Snap: Download now saves the file instead of navigating away

Fixed the Download button in the Geo-Snap screenshot viewer navigating the current tab to the raw image URL instead of downloading the file.

Word and Excel files now appear in all file pickers

Fixed Word (.doc/.docx) and Excel (.xls/.xlsx) files being hidden in the file picker on the bug report detail page and both Notes pages.

Chrome Extension v1.7.16 — network error capture fixed for all sites

Fixed a Manifest V3 host-permissions gap that caused the extension to silently miss navigation-level 4xx/5xx errors on arbitrary sites.

Automate Mobile — apps and automations now scoped per project

Fixed cross-project data bleed: new uploads and automations are now project-specific. Legacy workspace-level items remain visible with a "workspace" badge.

Exploratory AI — manual "Create Bug" now works

Fixed a missing endpoint that caused the Create Bug button in the Exploratory AI Findings tab to always return 404.

Exploration Recent Runs now scoped to active project

Fixed a data-isolation bug where the Recent Runs table on the Explorations page showed runs from all workspace projects regardless of which project was selected.

Compliance evidence workflow fixed

The daily compliance-evidence GitHub Actions job has been running green again after a 3-day outage. Root cause: the v5.24 PR-into-main approach relied on auto-merge, which requires the CI test check to run — but GitHub blocks workflow runs triggered by GITHUB_TOKEN-created PRs. The workflow now commits directly to the develop branch (no PR required) and the ship flow drops the --ff-only constraint so occasional compliance commits on develop do not break the sync.

Exploratory AI: long card titles now wrap correctly

Exploration names that were too long for one line now wrap to a second line inside the card instead of overflowing.

Security & Performance: Recent Runs now auto-update

Target URL, Status, Score, Findings, and Date columns on the Security and Performance pages update automatically — no manual page refresh needed.

Daily: Ship to prod: v5.30 — fix: copy-link button no longer triggers title edit-mode

20 commits — Bug fixes: - Fix statusColors-undefined ReferenceError on report detail page

Copy link button no longer opens the title editor

A polish fix to yesterday's Copy link button on bug-report detail pages — clicking it used to also flip the title into edit mode as a side effect. Now it just copies.

Copy a bug report's link to your clipboard

A new "Copy link" button sits next to the title on every bug-report detail page. Click it and you get a rich hyperlink on your clipboard — paste it into Slack, Teams, Notion, or Google Docs and you'll see a clickable TEST-NNN chip followed by the title. Pasting into a plain destination (a terminal, a code comment) lands the same content with the full URL appended so the link is still reachable.

v5.28 — Bug-report links now mirror to Jira

Link two bug reports in bugAgent (duplicate-of, parent-of, related-to, depends-on) and the link is mirrored to Jira automatically when both reports have a Jira issue attached. Deleting the link in bugAgent removes the Jira link too.

"Add link" on bug reports now opens as a popup modal

A polish fix to yesterday's Linked Tickets feature — the "Add link" picker now opens as a true popup overlay instead of rendering inline at the bottom of the Linked Tickets card. The search and create flow itself is unchanged.

Link bug reports together: duplicates, parents, related, and depends-on

You can now explicitly link bug reports to one another — marking a ticket as a duplicate, recording a parent / subtask relationship, flagging a related issue, or noting a "depends-on" prerequisite. Available from the bug-report detail page and from the MCP server.

Chrome extension: attach files up to 100 MB, with visible errors when something does not fit

The browser extension previously dropped any attachment larger than 10 MB silently — only a console warning, no on-screen feedback. Common video screen-recordings tipped over that 10 MB ceiling and looked like the extension was broken. The cap is now 100 MB, and anything still too large now shows a clear inline error naming the file and the limit instead of disappearing.

Daily: Ship to prod: v5.25 — TEST-393: fix Type column overlap in Bug Reports list

4 commits — Improvements: - Ship to prod: v5.25 — TEST-393: fix Type column overlap in Bug Reports list - chore: add weekly DNSBL/URI blacklist check script

Bug Reports list view: Type column no longer overlaps Severity

Fixed a visual bug on the Bug Reports list where long type names ("Data Integrity", "Feature Request", "Tech Debt", etc.) overflowed their column and visibly collided with the Severity badge. While we were there, the seven type categories that previously rendered as raw kebab-case strings (feature-request, enhancement, technical-debt, documentation, devops, ux-improvement, integration) now render as properly-cased pills with their own color.

Weekly domain blacklist monitoring

bugagent.com is now scanned weekly against the major DNS-based blacklists so any deliverability or reputation issue is caught early.

Daily: chore(compliance): preserve 2026-05-23 daily evidence report on main

23 commits — Improvements: - chore(compliance): preserve 2026-05-23 daily evidence report on main - trigger: re-run CI on PR #392

v5.24 — Daily compliance evidence now lands on main via auto-merging PRs

The daily automated compliance-evidence report — patch and dependency status, backup verification, and logging/monitoring health — now lands on the main branch via auto-merging pull requests, so the in-repo audit trail is visible alongside the rest of our shipped compliance work.

Trust Center now surfaces Singapore sectoral overlays

The Trust Center and public docs now show the Singapore sectoral overlays we already operate to: MAS TRM alignment for SG-regulated financial institutions, the Healthcare Services Act 2020 sectoral addendum (we are not HCSA-licensed and do not integrate with NEHR or HealthHub), the Spam Control Act 2007 posture, and a standing CAIQ-style security questionnaire with a 5-business-day completion SLA.

v5.22 — Singapore vendor-compliance pack (MAS TRM, security questionnaire)

New compliance documents and a standing security questionnaire make it faster for Singapore enterprise customers — especially MAS-regulated financial institutions and healthcare-sector buyers — to complete vendor due diligence without a bespoke turnaround.

v5.20 / v5.21 — Singapore PDPA Data Protection Officer designated and published

Jason Hamilton is now bugAgent's named Singapore PDPA Data Protection Officer, and the business contact (dpo@bugagent.com) is published in the public privacy policy — satisfying PDPA s.11(3) and s.11(5) for Singapore-based customers.

Daily: Save the Singapore / SEA compliance program plan in-repo

26 commits — Improvements: - Save the Singapore / SEA compliance program plan in-repo - Close pentest-wording flag in cybersecurity-act-compliance.md

v5.19 — Compliance program for Singapore & Southeast Asia

bugAgent is extending its compliance program for the Singapore and SEA market — PDPA alignment, a CSA Cyber Trust certification roadmap, and a new Regional Compliance section on the Trust Center.

Dependency security hardening

Patched moderate-severity advisories in third-party dependencies across the platform; all production dependency trees now report zero known vulnerabilities.

Lighthouse audits restored for performance tests

Web performance tests now reliably run their full Lighthouse audit again, so reports include Performance, Accessibility, Best Practices and SEO scores alongside Core Web Vitals.

Performance runs now finalise after a partial audit

Performance runs where only one of the Lighthouse or k6 load-test audits completed now finalise correctly instead of failing to save.

v5.15 — Chrome extension captures page-load (4xx/5xx) errors

The CoPilot extension's "Include failed requests" diagnostic now captures the HTTP status of the page itself — so a bug filed on a page that returned a 404 or 500 finally shows that failure in network-errors.txt.

Daily: Ship to prod: v5.14 — Enterprise on-prem bullet + Open Query Agent footer link

46 commits — Improvements: - Ship to prod: v5.14 — Enterprise on-prem bullet + Open Query Agent footer link - Ship to prod: v5.13 — homepage: Cloud or On-Premise feature card

v5.13 — Cloud or On-Premise on the homepage

New Features card promotes that bugAgent runs on a managed cloud or installs inside your own VPC / air-gapped network / compliance perimeter — same product, same MCP-native API, just hosted where your security and data-sovereignty requirements need it.

v5.11 — QA Brain feature and homepage iPhone polish

New QA Brain feature card explains how bugAgent connects to every tool you already use to build a vendor-neutral knowledge base your AI agents can reuse. Also fixed two missing icons (Code Review, Exploratory AI) that showed as dark squares, and cleaned up a redundant Live label on the homepage.

v5.10 — Attach Word and Excel files to bug reports

You can now attach .doc/.docx/.xls/.xlsx files to bug reports from both the Chrome extension and the dashboard — previously they were either hidden in the file picker or rejected with an "Unsupported file type" error.

v5.09 — Chrome extension: Submit button now hides after a successful report

Bug reports submitted from the bugAgent CoPilot Chrome extension no longer let you accidentally re-submit the same report — the form properly collapses to just the success card and the "File Another" button.

Status page now updates every 3 minutes (and reports the truth)

status.bugagent.com moved to Better Stack — checks run every 3 minutes (the old setup was throttled by its provider to roughly hourly), and previously-misconfigured Supabase monitors are correctly reporting again.

Daily: Ship to prod: v5.06 — Chrome extension showcase + landing page

30 commits — Bug fixes: - fix(extension): surface bug-report attachment upload failures (TEST-345)

v5.04 — DOM-snapshot attachments from the Chrome extension now save

Bug reports submitted via the bugAgent CoPilot extension with the DOM snapshot toggle on will now include the snapshot file, instead of dropping it silently.

v5.03 — Project data no longer leaks across Security, Code Review, and Agent Queue

Three project-scoped pages now properly limit their data to the project you are viewing, fixing leakage that was most visible when comparing two projects side-by-side.

v5.02 — Bug report Source field shows the real submission channel

The Source field on a bug report now correctly reflects how the report was filed, instead of mislabelling extension and Quick Submit reports as "Human".

v5.01 — Chrome extension attachments now save

Fixed a bug where screenshots, files, and diagnostic data submitted via the CoPilot Chrome extension could be silently dropped from the bug report.

Bug reports and notes keep your line breaks

Line breaks you type into a bug report or note are now preserved when it renders — no more run-on text.

More reliable error monitoring for the Chrome extension

Failed actions in the CoPilot extension are now always captured in our monitoring, so regressions get caught and fixed faster.

Chrome extension submits bug reports without a dashboard login

The CoPilot extension now authenticates on its own — you no longer need to be signed into the dashboard in the same browser.

New MCP tool: read a bug report's comment thread

The MCP server can now list every comment on a bug report — author, content, and threaded replies — in one call.

Daily: Ship to prod: v4.98 — list_comments MCP tool

37 commits — Improvements: - Ship to prod: v4.98 — list_comments MCP tool - docs: compact CLAUDE.md and add review-ticket skill

Security: dependency updates

Routine security maintenance — patched a moderate-severity dependency advisory in the MCP server.

Daily: Ship to prod: v4.87 — TEST-315 fix project switch on Add Suite + sibling redirects

2 commits — Improvements: - Ship to prod: v4.87 — TEST-315 fix project switch on Add Suite + sibling redirects

Project context stays put when creating suites and runs

Creating a test suite, starting a run, or adding cases no longer risks switching you into a different project.

Daily: docs: note Layer C decommission in the Supabase-clients section

30 commits — Bug fixes: - fix(extension): treat mid-body fetch drops as expected network blips

Dependency maintenance + security patch (v4.84)

Merged seven Dependabot updates and patched a high-severity transitive dependency.

v4.81 — Layer B / Layer C interlock: compute-region guard in pickReadRegion

Fixes a latency regression from v4.76-v4.80 where SEA-user reads were routed cross-Pacific to the Singapore replica even though Railway compute was still in us-east4. The replica routing now engages only when compute and replica are colocated (Layer C state). Until Layer C lands, all reads route to primary — same effect as flag-off, but with the wiring in place to activate automatically when the Singapore pod ships.

v4.80 — Full SEA coverage: test-cases, test-runs, and notes APIs now route through the Singapore read replica

Largest Layer B coverage push to date. Every high-volume authed list endpoint in the dashboard now routes SEA reads to the Singapore replica; every corresponding write endpoint sets the 5-second read-after-write cookie pin for write-then-list freshness.

v4.79 — Agent Queue page now routes through Layer B read replica

The /dashboard/agent-queue page now uses getReadClient + withTimeout — joining /dashboard/reports as the second page routed through the Singapore read replica for SEA users. All three of its Supabase queries gain per-query timeouts as well.

v4.78 — Hotfix: withTimeout helper broke on Supabase query builders (S1)

v4.77 inadvertently broke /dashboard/reports and /dashboard/test-cases because the new withTimeout helper called .finally() on its input, which is undefined on Supabase's PostgrestFilterBuilder (a thenable, not a real Promise). One-line fix wraps the input in Promise.resolve() so .finally works on any awaitable. Two regression tests added.

v4.77 — Per-query SSR timeouts on hot dashboard pages

A slow Supabase query no longer hangs an SSR render until Cloudflare 524s. Each awaited query on /dashboard/reports, /dashboard/automations, /dashboard/test-cases now has a budget; on expiry the value falls through to null and the page renders gracefully degraded with a structured log line for diagnosis.

v4.75 — SEA expansion Layer B groundwork (flag-OFF foundation)

Lays the dormant foundation for the Singapore read-replica routing: pure region-routing helpers, read-after-write cookie helpers, new service-client API. Defaults OFF — zero production behavior change. Activation is a future env-var flip + per-page migration after Pro plan upgrade and replica provisioning.

Daily: Ship to prod: v4.74 — TEST-291 unique Run # suggestion on Create Test Run

56 commits — Improvements: - Ship to prod: v4.74 — TEST-291 unique Run # suggestion on Create Test Run - Ship to prod: v4.73 — TEST-290 fix project switch + attachment race during Start Run

v4.74 — Create Test Run pre-fill no longer collides on Run #6

Opening Create Test Run on a suite with ≥5 runs used to always suggest `Run #6`, causing duplicate run names to pile up. Pre-fill is now computed across all runs in the suite, not just the paged display window.

v4.73 — Test run project context preserved on Start Run + attachment upload race fixed

Two S1-blocking bugs that combined on the test-run flow: (1) Start Run silently flipped the active project to the team default mid-flow, and (2) attaching a screenshot to a failed case during run execution returned 400 "No files provided" due to a FileList race. Both fixed in one ship.

v4.68 — Explicit Cache-Control on every dashboard response (SEA expansion Layer A, code half)

Code-side of TEST-227. Authed dashboard pages now ship with explicit `Cache-Control: private, no-store` and a tight allow-list of public read endpoints opts in to short edge cache. Sets up Cloudflare aggressive-cache rules without any per-user cache leak risk.

Daily: Ship to prod: v4.68 — TEST-227 SEA expansion Layer A (code half): explicit Cache-Control on every dashboard response

38 commits — Improvements: - Ship to prod: v4.68 — TEST-227 SEA expansion Layer A (code half): explicit Cache-Control on every dashboard response - Ship to prod: v4.67 — pin ffmpeg=7:6.1.1-3ubuntu5 in runner D

v4.54 — Safari: text selection now works in test step fields

On Safari, click-dragging inside an Action / Expected textarea on the test-case detail page used to drag the whole step row around instead of selecting text. Fix: only the .step-grip handle is draggable now; the textareas can be selected normally.

v4.53 — Archive Run button no longer appears on already-archived runs

Opening an archived test run used to still show a clickable Archive Run button that fired a no-op write. Now hidden. The API also short-circuits archive-on-archived to an idempotent no-op so script / MCP callers can't trigger the same wasted write.

v4.52 — Unified bug-report assignment-email pipeline (DB-trigger driven)

Bug-report assignment emails now fire from a database trigger, so every entry point — dashboard, MCP `update_bug_report`, raw SQL — hits the same email-send path. Closes the v4.42 gap where MCP-driven assignments (the agent loop's retest hand-off) silently skipped email.

v4.42 — Email-notify on bug-report assignment + per-user opt-outs

Bug reports now email you when they're assigned to you, with retest-handoff wording when status=retesting. Two new toggles in Account Settings → Notifications let you mute the bug-report and test-case assignment emails individually (both default on). One stale amber in the usage-warning email is gone too.

v4.32 — AI chat: bold + code + URL renders cleanly

When the AI assistant emitted a URL wrapped in bold+code (e.g. **`https://app.bugagent.com/dashboard/reports/TEST-259`**), the previous renderer left literal ** and backticks visible around an otherwise clickable link. v4.32 fixes the pairing so the URL renders as bold, monospaced, and clickable with no stray markdown characters.

v4.31 — AI chat link hrefs are clean again — no more 404s on clickable tickets

A v4.30 regression where markdown chars in the AI's emitted URLs leaked HTML tags into the rendered href (causing /dashboard/reports/TEST-259</code></strong> 404s on click) is fixed by tokenizing the rendering pipeline so URL strings never see the inline-formatting regex.

v4.30 — AI assistant links are now clickable and open in a new tab

The dashboard AI assistant now renders Markdown links and bare URLs as proper clickable anchors that open in a new tab. Previously the link syntax showed up as literal text, so even though v4.28/v4.29 built correct short-ID URLs, you couldn't actually click them.

v4.29 — AI assistant: ask by severity (s1-s4) and get working short-ID links in prose

Two bugs caught after v4.28 testing: the AI's severity filter was using retired pre-migration-135 values (always returned zero rows), and prose-rendered bug-report URLs still used UUIDs because the prompt context only carried UUIDs.

v4.28 — AI assistant now builds short-ID bug-report URLs from every page

Asking the dashboard AI assistant for a bug report from analytics, test cases, agent queue, or any non-reports page now gives you working short-ID links like /dashboard/reports/TEST-259. Previously the chat fell back to UUID URLs everywhere except the reports list page.

v4.24 — Indexes added for every unindexed foreign key

Migration 151 adds 109 covering indexes to close the gap on every public-schema foreign key that previously lacked one. Cascading deletes and team-scoped joins should be noticeably faster.

Daily: Ship to prod: v4.24 — add indexes for every unindexed foreign key

36 commits — Improvements: - Ship to prod: v4.24 — add indexes for every unindexed foreign key - Ship to prod: v4.23 — agent_priority_queue view: SECURITY INVOKER + revoke anon

v4.23 — Tightened the agent priority queue view (no more anonymous queue snooping)

A Postgres view that powered the internal agent priority queue was readable by unauthenticated callers holding the public anon key. Migration 150 swaps it to security-invoker mode and revokes the anonymous role. No code changes, no breakage to legitimate callers.

v4.22 — Server-side .mov transcoding now covers every upload path

Extends the v4.21 ffmpeg pipeline to notes, quick-submit, AI-drafted reports, and the MCP server. Every .mov uploaded through bugAgent — regardless of which surface it comes from — now gets a real .mp4 produced server-side.

v4.21 — Server-side ffmpeg transcoding for .mov uploads

Every .mov uploaded to a bug report is now automatically transcoded to a real .mp4 server-side. Playback no longer depends on browser quirks.

v4.20 — Attachment cleanup picks up transcoded files + fixes three orphan leaks

Foundation for the upcoming server-side ffmpeg transcode pipeline: every code path that deletes attachments now removes both the original file and its transcoded counterpart. Audit also caught and fixed three pre-existing orphan-leak bugs.

v4.19 — .mov video attachments now play in Chrome / Firefox / Edge

macOS screen recordings (saved as .mov / video/quicktime) used to render as a blank video player outside Safari. They now play in every major browser via a dual-source declaration, with a graceful download fallback for unsupported codecs.

v4.18 — Deleting the last test step now persists

TEST-271 fix. The "X" button on the only remaining test step in a test case now writes the deletion to the database. Previously the row cleared in the UI but reverted on reload.

v4.17 — Comments thread auto-collapses; newest comment shown first

Follow-up to v4.16. The COMMENTS / PROMPTS thread on every bug-report page now collapses by default (click heading to expand) and sorts newest-first. The composer stays visible whether collapsed or expanded.

v4.16 — Bug-report comments moved to main column, with popup + clamp controls

The Comments thread moved out of the right sidebar to the main column directly under Description. Long comments now auto-clamp with Show more / Show less, and a new Open in popup option opens a focused modal for full-width reading.

v4.15 — Mobile BrowserStack runs honor the picker's OS version

TEST-65 re-fix. Pixel 9 (and any other modern flagship) now reaches BrowserStack with the OS version you picked in the dropdown instead of falling back to Android 14.

v4.14 — MCP Connector redirect URI is now required

The Redirect URIs field on the MCP Connectors card no longer pre-fills claude.ai's callback. It's a placeholder + required field, matching the multi-tenant intent of the credentials.

v4.13 — Platform-agnostic MCP connector credentials

OAuth client_id/client_secret for the bugAgent MCP server are now described as host-agnostic across the dashboard settings UI and the public docs. Claude.ai is shown as one example among any OAuth-aware MCP host.

Daily: Ship to prod: v4.12 — public-docs catch-up for the Claude.ai connector flow (v4.11 follow-up)

16 commits — Improvements: - Ship to prod: v4.12 — public-docs catch-up for the Claude.ai connector flow (v4.11 follow-up) - Ship to prod: v4.11 — generate Claude connector OAuth credentials from the dashboard

v4.12 — Public docs caught up to the v4.11 Claude.ai connector flow

The homepage, docs page, and API reference all mentioned "six connection options" and pointed at an old settings URL. All three now show the new Claude.ai (web) walkthrough alongside the existing API-key-based clients.

v4.11 — Generate Claude connector credentials right from the dashboard

Need a client_id + client_secret to add bugAgent as an MCP connector in claude.ai? Settings → Developers → Claude Connectors now generates both with one click.

v4.01 — "Create Bug" sidebar shortcut now opens the composer cleanly even when collapsed by default

If you had the bug-report composer set to collapsed and clicked "Create Bug" in the sidebar, the composer briefly flashed expanded then closed and never opened. Two stacked bugs; both fixed.

v4.00 — Heading sizes h4–h6 in bug-report descriptions now follow the descending scale

Writing #### or ##### in a bug-report description used to render bigger than #. Explicit sizing for every heading level fixes the inverted hierarchy.

v3.99 — Similar Issues collapsed by default + sidebar sub-items hidden until parent active

The bug-report detail page's Similar Issues card is now collapsed by default (matches the Change Log toggle). The sidebar only shows sub-items like "Create Bug", "Agent Queue", and "Probes" when their parent group is the active section.

v3.98 — Markdown lists in bug-report descriptions actually show their numbers / bullets

Hotfix on top of v3.97. The markdown-it swap rendered descriptions correctly into the DOM but the list-marker CSS got eaten by the global reset because the dynamically-injected elements didn't carry Astro's scope hash.

v3.97 — Bug-report Markdown rendering swapped to a real parser (markdown-it + DOMPurify)

Bug-report descriptions now go through the markdown-it CommonMark parser, sanitized by DOMPurify. Code fences, nested lists, auto-linked URLs, and more all render correctly.

v3.96 — Bug-report descriptions now render Markdown

Headings, bold, lists, code spans, blockquotes, and links in a bug report's description now render as formatted text instead of raw `##` and `**` characters.

v3.95 — Three small queue fixes: accessibility link, session-note toolbar, AI Assistant scope

Easy-to-fix queue batch — added an Accessibility Statement link to the in-app header dropdown, fixed the session-note markdown toolbar so it appears on first load, and stopped the AI Assistant from suggesting unreachable setup files.

v3.94 — Bug-report list rows: title finally vertically centers when neighboring cells wrap

Third (and decisive) patch in the row-alignment chain. With display:flex stripped from the title cell, the title now centers consistently with every other cell regardless of which one goes multi-line.

v3.93 — Table rows stay aligned even when one cell wraps to multiple lines

Even short titles like "bug 1" used to look misaligned with the row's bottom border whenever a neighboring cell wrapped. Every table cell now vertically centers its content, so row alignment stays clean regardless of which cell goes multi-line.

v3.92 — Rapid-submit rows on the Bug Reports list now match SSR rows

A freshly rapid-submitted bug report no longer renders taller than its neighbors because of long names wrapping in the Reported By / Assigned To columns.

Daily: Ship to prod: v3.95 — TEST-41 / TEST-56 / TEST-98 small queue fixes

51 commits — Improvements: - Ship to prod: v3.95 — TEST-41 / TEST-56 / TEST-98 small queue fixes - Ship to prod: v3.94 — drop display:flex from .title-cell so vertical-align: middle finally takes effect

v3.91 — Test case attachments, reference URLs, and text-template content flow into runs and filed bugs

The full author-supplied context for a test case — attachments, URLs, and free-form text instructions — now appears during a run and carries over when you file a bug report from a failed case.

v3.81 — Run attachments carry over when you file a bug from a failed test

Click "Create Bug Report" on a failed case in a run and the screenshots you already attached come along — no re-uploading.

v3.80 — Tester notes on test runs are no longer silently dropped

The Notes textarea on each case in the run carousel now persists what you type — previously the column it was meant to write to didn't exist.

v3.70 — Test case Name is no longer required up-front

You can now click +Add test case, fill in a step or description, and click Save without typing a name first — we derive a sensible default for you.

v3.69 — Test case step fields wrap correctly on the detail page

Long Action / Expected Result text in test step rows now wraps across multiple lines instead of being clipped at ~50 characters.

v3.68 — Attach screenshots to failed test cases mid-run

Testers can now attach screenshots and recordings to a failed test case directly inside the run carousel — no more "file a bug just to capture evidence."

v3.58 — Test case color picker no longer clipped off-screen

The Change Color popup on the Test Cases list now stays inside the viewport regardless of how wide your screen is.

Daily: Ship to prod: v3.47 — security: bump hono 4.12.16→4.12.18, fast-uri 3.1.0→3.1.2

17 commits — Improvements: - Ship to prod: v3.47 — security: bump hono 4.12.16→4.12.18, fast-uri 3.1.0→3.1.2 - deps(runner): bump lighthouse from 13.2.0 to 13.3.0 in /runner

Daily: Ship to prod: v3.45 — TEST-212 PR 3 / 3: attachments + URLs (storage bucket, validation, upload + delete endpoints, UI on create + edit)

50 commits — Improvements: - Ship to prod: v3.45 — TEST-212 PR 3 / 3: attachments + URLs (storage bucket, validation, upload + delete endpoints, UI on create + edit) - Ship to prod: v3.44 — TEST-212 PR 2 / 3:

v3.41 — Impact Score badge relabeled "Reporters" (was "Affected Users")

The Impact Score badge on the bug-report detail page used to read "{N} similar · {M} users" with a tooltip calling that "Affected Users". Both phrasings implied "end-users of your product who hit the bug" — but the underlying SQL counts distinct team members who filed similar reports in the last 30 days, not end-user impact. Especially confusing for multi-tenant customers. Pure label change; the math is untouched.

v3.37 — Railway us-west2 → us-east4 (Phase 1 of SEA expansion)

All three Railway services (Dashboard, MCP Server, Automation Runner) now run in us-east4 (Virginia, GCP) — same metro as Supabase us-east-1 (Virginia, AWS). Removes ~70ms cross-coast RTT from every Supabase call; an authed dashboard page used to spend 350–700ms on pure DB-network before Postgres ran a query.

v3.36 — sending a team invite no longer waits 2 seconds for the email to leave Resend

Clicking "Send Invite" on /dashboard/settings/team used to block the page redirect on a sequential await sendEmail() to Resend. The email send is now fire-and-forget on the same pattern documented for assignment emails — the invitation row is created on the critical path, the email lands in the background, and the user sees the redirect ~100ms later instead of after a 500ms–2s lag.

v3.35 — Slack alerts no longer cry "wolf" when a CoPilot user is offline or signed out

The chrome extension's resource-sync poll fires every 15 seconds. Pre-fix, two recurring failures — the user being offline and the user not being signed in — surfaced through /api/errors/capture and woke #engineering several times an hour. Both are expected user-state conditions, not bugs. They're now silently dropped by a new expected-errors filter; genuine 4xx-not-401 / 5xx / unexpected throws still alert.

Daily: Ship to prod: v3.35 — drop expected user-state errors from extension telemetry / Slack (TEST-254)

43 commits — Improvements: - Ship to prod: v3.35 — drop expected user-state errors from extension telemetry / Slack (TEST-254) - Ship to prod: v3.34 — bound runner heal-retry evaluates so BrowserStack socket-i

v3.34 — automations no longer hang on BrowserStack 'Socket idle' for 90+ seconds

The runner's heal-and-retry wrapper used to fire raw page.evaluate fallbacks without a per-call timeout. On BrowserStack each evaluate is double-wrapped by the BS SDK's instrumentation, and a single slow inner evaluate could stall until the WebSocket idle threshold severed the entire session. Each fallback now has a 5-second ceiling and connection-level errors fail fast instead of churning through more retries.

v3.33 — Quick Submit no longer erases your typed description when you click a template

In the Chrome extension's Quick Submit panel, clicking any of the bug-type template buttons (Functional, UI, Performance, Security) used to wholesale-replace whatever description you had already typed. The new merger keeps every character you've written and slots structured content into matching template sections — re-clicking is idempotent.

v3.32 — Bug Reports pagination styling no longer breaks after search/filter

On the Bug Reports list, searching or changing a filter dropdown was rebuilding the pagination from JS using different class names than the SSR component. The result was an unstyled "12Next »" mess jammed to the left. Both render paths now share one markup helper, and the styles are global so they apply to whichever path emits them.

v3.31 — readActiveProjectSlug helper retires the cookie-direct read

Eleven dashboard pages were reading the active_project cookie directly instead of the URL-resolved slug, so a sidebar project switch could leave them rendering data for the previous project. One shared helper now backs every page that resolves an active project.

v3.26 — Delete Exploration now actually deletes

The Delete Exploration button in the danger zone now does what its copy has always promised: permanently removes the exploration plus all of its schedules, runs, findings, and storage. Was a soft-archive; now it lives up to the warning.

v3.25 — Explorations now covered by the weekly orphan-sweep

The weekly orphan-sweep cron now also cleans up storage left behind from deleted exploration runs. Closes the last remaining gap in the storage-cleanup project that ran today.

v3.24 — Session-replay TTL is now actually enforced

Session replays have always had a 30-day TTL written on every row, but no code path enforced it. A new daily cleanup cron now retires expired replays — including their screenshot and video files in storage — and the per-session delete also cascades to storage now.

v3.23 — Mobile app deletes also clean up the simulator build

Deleting a mobile app from the dashboard now removes both the main APK / IPA and the simulator build from storage. Pre-fix only the main file was deleted, leaving 50-100 MB simulator builds behind on every per-app delete.

v3.22 — Recurring orphan-attachment sweep cron

A weekly cron now sweeps orphaned attachments in Supabase Storage as a belt-and-suspenders catch for any edge case the per-delete cleanup misses. Closes the storage-orphan saga that started with disk pressure earlier today.

v3.21 — Reclaimed 262 MB of orphan attachment storage (TEST-237)

After the v3.19 forward-fix to cascade attachment cleanup on bug-report and note deletion, a one-shot sweep cleared 28 pre-existing orphan files: 24 bug-attachment orphans (mostly duplicated audio recordings from a Zoom call uploaded three times) and 4 obsolete APK builds. Project storage dropped from 1.45 GB to 1.19 GB.

v3.19 — Bug report and note deletes now clean up their attachments

Closed a long-standing leak: deleting a bug report or note now also removes its uploaded screenshots, videos, audio recordings, and other attachments from storage. Pre-fix the row went away but the files lingered, accumulating about 334 MB of orphan storage on prod since launch.

v3.18 — CoPilot Recent Reports now scoped to the active project

The Recent Reports section in the CoPilot side panel now shows only reports for the currently-selected project, and refreshes when you switch projects. Previously it leaked reports across every project in the workspace.

v3.16 — CoPilot Page Links auto-refresh on tab navigation

Page Links in the CoPilot side panel now updates automatically when you navigate to a new page or switch browser tabs. Previously only the first page's links were ever loaded — every subsequent navigation kept the stale set.

v3.15 — CoPilot Resources polish + .log/.md attachment support (s4 cleanup batch)

Bundled four small CoPilot quality-of-life fixes into one release: chevron disclosure indicators on Recording rows, Export buttons on the Playwright script and Action log, and backend support for .log/.md attachments that browsers report as application/octet-stream.

v3.05 — Bug Reports composer template now matches the Chrome extension

Aligned the dashboard's "Report a bug" template to use the same Markdown heading style and section names as CoPilot. The shared structure (Steps to Reproduce / Expected Behavior / Actual Behavior / Additional Context) is now identical across both surfaces.

v3.04 — CoPilot Resources tab count badge no longer shows stale numbers

Switching workspaces or projects in the CoPilot side panel now clears the Resources tab count badge correctly when the new scope has zero resources. Previously the badge could leak the previous scope's count.

v3.03 — Deleting a test suite now removes its runs too

Aligned test-suite deletion behavior with what the danger-zone copy promised: deleting a suite now permanently removes its associated test runs and per-case results, not just the suite itself.

v3.02 — Test case + suite title fields now strip formatting on paste

Pasting text from external sources (Gmail, Gemini chat, Google search results) into a test case or suite title no longer carries the source dark color, font, link styling, or transforms with it. The dashboard renders the pasted text in its normal title color.

v3.01 — CoPilot recordings now show the right action count in the dashboard

Fixed a contract gap where the Chrome extension created an automation with the right Playwright script but no action log, so the dashboard always rendered "0 recorded actions" regardless of how many actions you actually recorded.

v3.00 — Chrome extension polish bundle (CoPilot v1.6.0)

Four CoPilot quick-wins shipped together: extension version surfaced in created automations, Device + Page Title + Viewport now render in the dashboard environment section, attachment file types match between extension and app, URL field wraps cleanly in the side panel.

Daily: Ship to prod: v3.16 — TEST-235 CoPilot Page Links auto-refreshes on tab navigation

66 commits — Improvements: - Ship to prod: v3.16 — TEST-235 CoPilot Page Links auto-refreshes on tab navigation - Ship to prod: v3.15 — TEST-82/138/139/140 s4 cleanup batch (CoPilot UI polish + .log/.md attach

v2.99 — Project context preserved across Bug Reports search and filters

Fixed a pair of coupled bugs that caused multi-project workspaces to lose their active project after a keyword search, and the sidebar dropdown to lag behind the URL when switching projects.

v2.98 — Bug Reports pagination no longer disappears after clearing filters

On long Bug Reports lists, clicking Clear (or changing a filter dropdown) used to leave the bottom pagination control stale or missing. Now it updates correctly every time. Same component family as the v2.96 and v2.97 fixes — the Bug Reports list polish trilogy is now complete.

v2.97 — Bug Reports search "Clear" link is now visible right when you'd expect it

Typing a search and hitting Enter on the Bug Reports list used to show the right results but no way to clear them. The Clear link now appears the moment any filter is active, including while you're still typing in the search box.

v2.96 — Bug Reports list filters persist across page nav and refresh

Filters and sort on the Bug Reports list now survive clicking Next/Prev or refreshing the page. Previously, the list would silently revert to "All" data even when the dropdown still showed the filter selection.

v2.95 — Useful middleware error logging

When the dashboard middleware fails to fetch a user profile or workspace memberships from Supabase, the failure now logs the full structured error context instead of an unhelpful ":undefined" stub. Internal observability fix only — no customer-facing UI change.

v2.94 — Performance run durations now show real numbers

A long-standing data-quality bug where every "Run took X seconds" UI silently rendered blank or zero is fixed. Per-test duration aggregations are now meaningful instead of computed against null data.

CoPilot Chrome extension v1.5.0 — better selectors, DOM snapshots, full-page screenshots

Three capture-quality improvements for the bugAgent CoPilot Chrome extension. Element picker now uses Playwright-grade selectors, DOM snapshots can be attached to bug reports, and the Screenshot button gets a Full Page mode.

CoPilot Chrome extension v1.4.0 — wider capture, prod observability, durable recordings, refreshed icon

Four post-launch improvements to the bugAgent CoPilot Chrome extension. Console capture is broader, recordings now survive long pauses, the severity dropdown matches the dashboard, and we'll now see extension-side failures in our alerting. Icon also got a refresh to match the homepage style.

v2.93 — Two-tab project independence is now bulletproof

Switching projects in one tab no longer affects what other tabs are showing. Each tab keeps its own active project, even after browser refreshes or address-bar navigation.

v2.92 — multi-tab 503 fix

Two-part fix triggered by a multi-tab post-mortem: dashboard now runs on 2 replicas (single-replica + concurrent SSR could starve under heavy multi-tab use), and middleware no longer clobbers active_team / active_project cookies on URL-driven navigation.

Daily: compliance: close OFI-009 and dedupe orphaned OFI block in improvement log

51 commits — Improvements: - compliance: close OFI-009 and dedupe orphaned OFI block in improvement log - compliance: capture v2.90 + v2.91 ships and close NC-023/NC-024/OFI-017

Daily: Ship to prod: v2.82 — TEST-198 perf cluster: adopt dbErrorResponse

8 commits — Improvements: - Ship to prod: v2.82 — TEST-198 perf cluster: adopt dbErrorResponse - Ship to prod: v2.81 — TEST-187 dbErrorResponse helper + use in /api/automations/runs GET

v2.82 — Better error visibility on performance test endpoints

When something fails on the database side of any performance-test endpoint, the failure is now captured to our Sentry alerting with full context. No customer-facing UI change — clients still get the same opaque 500 with no internal details leaked.

v2.81 — Better error visibility on automation runs

When the dashboard can't fetch your automation runs because of a database hiccup, the failure is now surfaced to our Sentry alerting instead of being silently dropped. No customer-facing UI change.

v2.80 — Cleaner sidebar for non-TestLauncher workspaces

Tidied an internal-only feature link that was leaking into customer dashboards. No customer-facing functionality changed; the menu just stops showing a feature you can't use yet.

Daily: deps(mcp-server): bump @sentry/node in /mcp-server

10 commits — Improvements: - deps(mcp-server): bump @sentry/node in /mcp-server - deps(mcp-server): bump zod from 4.3.6 to 4.4.1 in /mcp-server

v2.79 — Quieter MCP OAuth logs

The MCP server now logs Supabase OAuth token-exchange failures at warn instead of error. User-side OAuth hiccups (expired PKCE codes, mid-flow browser refreshes, parallel auth attempts) no longer generate Sentry pages.

v2.79 — Sentry noise cleanup: OAuth log downgrade + nightly-scan triage

Reduced Sentry signal-to-noise ratio. Downgraded a Supabase OAuth token-exchange log from error to warn so user-side auth failures stop generating events; resolved one stale issue and set three others to ignore (forever for browser-extension noise, until-escalating for probe-detection signals).

Daily: Ship to prod: v2.78 — TEST-177 atomic claim_bug MCP tool + claimed_at lease + reaper cron

67 commits — Improvements: - Ship to prod: v2.78 — TEST-177 atomic claim_bug MCP tool + claimed_at lease + reaper cron - Ship to prod: v2.77 — TEST-173 Agent Queue dashboard panel + pick_next_bug MCP tool

v2.78 — atomic claim_bug MCP tool + lease/reaper enables multi-agent operation

Foundation for multi-agent operation. New claim_bug MCP tool atomically transitions a ticket from new to in-progress; a 30-min lease + 5-min reaper cron returns abandoned claims to the queue. Multi-agent capability is now unlocked — you can run multiple Claude Code sessions against the bugAgent MCP server and they'll pick non-overlapping tickets.

v2.77 — Agent Queue dashboard panel + pick_next_bug MCP tool

Two consumer surfaces for the existing agent_priority_queue SQL view (shipped in v2.69). A new /dashboard/agent-queue page shows what the agent loop will pick up next; a new pick_next_bug MCP tool lets agents query the same priority order programmatically. Both are read-only — atomic claim semantics arrive in a follow-up.

v2.75 + v2.76 — Semgrep workflow no longer emails on every PR

Three-layer fix unblocks the Semgrep SAST workflow that had been failing on every PR for weeks. CLI flag, missing permission, and GHAS-disabled state all addressed.

v2.74 — bug-reports pagination no longer disappears after kanban view round trip

The view toggle on /dashboard/reports correctly hid pagination when switching to kanban. The reverse direction was never restoring the display attribute, so after one round trip pagination stayed invisible until the user refreshed the page. Single-line fix in dashboard/public/js/kanban.js switchToList().

v2.73 — tests-or-explain CI gate enforces TDD discipline mechanically

A new GitHub Actions workflow fails any PR touching dashboard/src/** without a matching test diff or an explicit "No test added —" opt-out in the PR body or a commit message. CLAUDE.md's TDD rule is now machine-enforced rather than policy-only.

v2.72 — PR-only merges to main + branch protection enforced

Direct pushes to main are blocked. Every change now goes through a pull request and must have the `test` (Vitest) status check passing before it can merge. Admins keep an emergency-hotfix bypass; reviewer requirement is deferred until the team grows.

v2.71 — MCP wire schema widened: 19 bug types + resolution + root_cause

create_bug_report and update_bug_report now accept the full 19-value type enum the dashboard uses. update_bug_report and list_bug_reports gained resolution + root_cause fields, closing the gap that forced every agent close to fall back to raw SQL.

v2.70 — bug-reports search now matches by short ID (PREFIX-NNN)

The search box on /dashboard/reports now recognizes the short-ID format (TEST-24, test-024) and bare positive integers (24) as exact ticket-number lookups, in addition to the existing title + description text search.

v2.69 — bug-reports list page 2+ no longer inflates total count

Polling and Realtime INSERT paths in the Bug Reports list view were prepending the latest 10 reports onto whatever page the user was on, inflating page 2+ tbody by ~10 rows and the "X total reports" widget by the same amount a few seconds after initial render. Both paths now no-op on non-first pages.

v2.68 — CoPilot Resources tab scoped to current workspace + project

Fixed a render-layer leak in the bugAgent CoPilot Chrome extension where the Resources tab showed every workspace's recordings to anyone in any workspace. Sync was already workspace-aware; the fix completes the scoping at render time. Extension version 1.3.1 — rebuild + reload required to pick up.

v2.67 — bug-report severity normalized to formal QA codes (s1-s4)

Single canonical severity vocabulary across the dashboard, MCP, and public docs. Storage migrated; a write-side trigger keeps it normalized regardless of input shape. Wire format still accepts the legacy aliases for backward compatibility.

v2.57 — web sessions persist across browser restart + MCP status enum aligned

Two fixes shipped together: bugAgent now keeps you signed in across browser restart (matching every peer product surveyed), and the MCP server's update_bug_report / list_bug_reports tools now use the dashboard's canonical eight-value status enum.

v2.38 — Real daily backup verification for compliance

Backup verification on the compliance dashboard now actually checks the database vendor's backup state through their API instead of just attesting that backups happen. A daily cron fires the check at 04:00 UTC for every workspace that has the integration configured, so the audit trail builds itself.

v2.17 — AI Assistant streams its replies

The AI Assistant now starts replying within about half a second instead of waiting for the entire answer to finish before showing anything. Words appear as Claude generates them, the same way Claude.ai and ChatGPT work.

v2.06 — Bell icon updates instantly

New messages now appear in the bell icon as soon as they're created instead of after the next poll. The bell still works exactly the same — clicking, marking as read, deleting — it just refreshes itself in real time now.

v1.96 — Faster bug report detail page

Opening a bug report should feel noticeably snappier — the same dozen database lookups now run in parallel instead of one after another.

v1.95 — Faster analytics dashboard

The analytics dashboard endpoint is now noticeably quicker — most of the time it spent waiting on the database has been eliminated by issuing queries in parallel.

v1.93 — Schema cleanup

Internal cleanup that brings local development environments back in line with production and fixes a silently-broken analytics RPC.

v1.91 — RLS policy rewrite for faster team-scoped queries

Postgres now evaluates RLS auth checks once per query instead of once per scanned row. The benefit is small at today's scale and grows with data volume.

v1.81 — Faster authed pages and APIs

Authenticated requests are now ~400ms faster across the board thanks to a short-TTL middleware cache for resolved profile and team membership data.

Daily: Track Dependabot alerts in continuous-improvement log

69 commits — Improvements: - Track Dependabot alerts in continuous-improvement log - Ship to prod: v2.39 — drop 23 speculative unused indexes on never-written tables

v1.77 — security hardening: Semgrep SAST, commit-signing audit, R2 immutable audit-log export

Three new automated security controls land + the OWASP ZAP gap is documented honestly rather than silently shipped half-done.

v1.76 — test suite expanded to 129 tests + TDD-for-bugs codified in CLAUDE.md

Test suite jumps from 71 to 129 tests. CLAUDE.md now mandates that every bug-fix commit add a regression test. Compliance evidence updated across all four documents.

v1.75 — Vitest + CI on every PR (71 unit tests, all green)

First automated test suite + CI gate. Every PR and push to develop/main now runs unit tests + a build typecheck before anything can merge or deploy.

v1.72 — cross-workspace deep links no longer redirect to localhost (TEST-156 resolved)

Following a deep link for a bug report (or any detail page) belonging to a different workspace than your active one now reliably lands on the right page. The intermittent redirect to a chrome-error page complaining about https://localhost/... is fixed.

v1.67 — bug-report short-ID deep links resolve across workspaces

A link like `/dashboard/reports/TEST-156` now lands you on the report and switches your active workspace to match — regardless of which workspace you were last viewing — as long as you're a member of the workspace whose prefix is `TEST`.

v1.66 — non-breaking Dependabot security patches (postcss + browserstack-node-sdk)

Patched two medium-severity transitive dependency vulnerabilities (postcss XSS in dashboard + website) without touching any top-level package versions. Major-version Dependabot PRs (Astro 6, @astrojs/node 10, exceljs major, browserstack-node-sdk major) intentionally left open for a focused upgrade pass.

v1.65 — routine dependency bumps

Bumped @supabase/supabase-js to 2.105.0 across dashboard and mcp-server, and @anthropic-ai/sdk to 0.91.1 in dashboard.

v1.58 — mobile recorder uses resource-id over Appetize's typed-value text and layout wrappers

Re-tapping an input field after typing into it now records the field's identifier instead of the typed value. Edge clicks that hit a parent layout container also resolve to the inner element instead of recording the wrapper.

v1.57 — mobile recorder pre-fills its element cache from the live UI tree

First-time edge clicks on a never-tapped input or button now resolve to the right element identifier. The recorder periodically snapshots the device's live UI hierarchy and seeds the cache so element resolution doesn't depend on the user having tapped the field before.

v1.56 — mobile recording rescues coord-only taps via a recent-elements cache

Edge clicks on input fields, and re-taps on blank or near-empty fields, now record as the element you actually meant to tap rather than degrading to "tap at x=312, y=448".

v1.55 — graceful-shutdown handler now covers mobile performance + code reviews

Mobile performance profiling and AI code reviews triggered while a deployment is rolling are no longer left stuck in their "active" state forever. Same SIGTERM-driven recovery as v1.54's mobile-run fix, applied to the other two long-running flows that live in the dashboard process.

Daily: Ship to prod: v1.64 — bounds-area comparison replaces wrapper-name list for override gate

35 commits — Improvements: - Ship to prod: v1.64 — bounds-area comparison replaces wrapper-name list for override gate - mobile recording: bounds-area comparison replaces wrapper-name list as override gate

v1.54 — graceful-shutdown handler stops stranding mobile runs across deploys

Mobile runs in flight when a new deployment rolls out are no longer left at status="running" forever. The process now catches SIGTERM, marks every still-tracked run as "error" with a clear re-run prompt, and exits.

v1.53 — mobile recording waits for explicit move-away, not an idle timer

Slow typing or pausing mid-field (to look at a password manager, sticky note, etc.) no longer splits a username or password into multiple fragmented action events. The recorder now buffers input until an explicit signal that you're done with the field.

v1.52 — keyboard hygiene + workspace auto-switch on deep links

Mobile recording no longer leaks Backspace/Tab control bytes into action scripts, and deep links to resources in another workspace now also switch the active workspace context (sidebar, project picker, quotas) rather than just rendering the page.

Cross-workspace deep links work everywhere now

v1.50 fixed mobile detail-page deep links for multi-workspace users. v1.51 extends the same fix across every other detail page in the dashboard — bug reports, test cases, test runs, security scans, code reviews, performance tests, explorations, and more. A direct link to a resource in any workspace you belong to now opens correctly, regardless of which workspace you have selected at the time.

Mobile deep links now work across workspaces

If you belonged to more than one workspace, opening a direct link to a mobile run, automation, app, or schedule in a workspace other than your active one would return "deleted or you don't have access" — even when you owned that workspace. Detail endpoints now authorize via team membership rather than the active-workspace cookie, so any deep link in any workspace you belong to opens correctly.

Mobile recording fixes: control characters, @ symbol, video readiness

Three fixes to the mobile automation recording flow. Backspace and Delete keypresses no longer end up as literal control characters in the saved actions. Shift-symbol keys (`@`, `#`, `$`, etc.) now record as the actual symbol instead of the unshifted base digit. The run detail page now waits for BrowserStack's video upload to finish before trying to play the recording.

Daily: Ship to prod: v1.48 — Sentry security tags now cover mcp-server too

4 commits — Improvements: - Ship to prod: v1.48 — Sentry security tags now cover mcp-server too - security: extend Sentry security tags to mcp-server

Daily: compliance: log v1.37 dep ship under CTRL-SYS-001 + nightly-scan evidence

4 commits — Improvements: - compliance: log v1.37 dep ship under CTRL-SYS-001 + nightly-scan evidence - compliance: log v1.37 dep ship under CTRL-SYS-001 + capture pending nightly-scan evidence

v1.37 — dependency upgrades (Stripe v22, TypeScript v6)

Routine maintenance: upgraded Stripe SDK to v22 across the dashboard and MCP server, and TypeScript to v6 in the MCP server build. No user-facing behavior change.

Daily: Ship to prod: v1.36 — unbreak OAuth callback (Authenticating hang)

73 commits — Improvements: - Ship to prod: v1.36 — unbreak OAuth callback (Authenticating hang) - auth: fix OAuth callback hang — split inline define:vars from module import

Logout-on-close now works in Safari too

v1.33 flipped Supabase auth cookies to session-scoped, which worked on Chrome and Firefox but was defeated by Safari's default "Reopen All Windows from Last Session" setting — Safari restored the cookies along with the tabs. This release adds a per-tab client-side marker that Safari's restore cannot fake.

Closing the browser now logs you out

Supabase auth cookies are now session-scoped. When you close the tab or quit the browser the cookies are dropped, and your next visit to the dashboard sends you back to the login page. Tabs left open continue to share the same signed-in session — only an actual close kills it.

Auto-classifiers now emit formal QA severity (s1–s4)

Every path that auto-picks a bug severity — the heuristic parser, the Claude Haiku classifier, the AI bug-creation endpoint, failed-automation auto-bugs, and default fallbacks — now writes s1/s2/s3/s4 instead of critical/high/medium/low. The legacy names still work everywhere (API, MCP tool inputs, DB reads, Jira priority map), so nothing breaks for existing integrations. This starts the phase-out of the legacy convention.

v1.12 — Developer Notes debates itself (critical + high bugs)

Critical and high severity bug reports now get a five-step multi-model debate before Developer Notes is written, with a different-model adjudicator making the final call. Every round is visible in a new transcript view.

v0.97 — Developer Notes now debates itself

Developer Notes now runs a three-model chain: Sonnet drafts, a powerful OpenAI model challenges it as a skeptical peer, Sonnet synthesizes the final answer incorporating the critique.

v0.87 — "Where bugs are coming from" trends

New source-dispersion views on the bug reports list and the analytics page. Shared palette so the same color means the same source across both.

v0.77 — Shorter Likely Fix Area + quick-submit bugs now get it too

The Likely Fix Area block is now a glanceable 1-2 sentence summary instead of a paragraph. Bugs filed via the quick-submit path also get one — previously they skipped it.

v0.74 — Developer Notes (automatic, platform-funded, stay fresh)

Renames Claude Analysis to Developer Notes. Auto-generates on every bug — no API key or "Send to Claude" button required. Prompts to regenerate when the description or attachments change.

v0.64 — "Likely Fix Area" on bug reports

New Sonnet-generated section on every bug report pointing at the files or modules most likely to need the fix. Grounded in your connected GitHub repo when available.

v0.51–v0.53 — Version-picker polish + sidebar "Hide"

Small follow-ups on the web automation version picker: neon green highlight, sharper docs, and the sidebar 3-dot "Archive" option renamed to "Hide".

v0.50 — Failed-run bug reports deep-link to the exact script version

Bug reports auto-created from failed web automation runs now link to the precise script version that executed. MCP run_automation and the CI/CD endpoint accept version_index too.

v0.49 — Pick any prior script version and run it

The web automation editor now has a version dropdown covering every saved edit. Run Now executes whichever version you pick, and Run History tags each row with the version that actually ran.

v0.39 — SDK refresh & error backlog cleared

Bumped Supabase, Anthropic, and Sentry SDKs to their latest minor versions, and cleared a batch of long-resolved error-tracking entries. No user-visible product changes.

Chrome extension 1.3.0 — Playwright codegen-grade recorder

The CoPilot recorder now uses a focused port of Playwright's own selector-generation algorithm. Every click captures the best locator the same way `npx playwright codegen` would — with uniqueness validation on every candidate, so strict-mode "multiple elements found" errors disappear at recording time rather than being healed at run time.

Daily: Ship to prod: v0.29 — mouse/tap step-5 + expanded BS iOS compat

52 commits — Improvements: - Ship to prod: v0.29 — mouse/tap step-5 + expanded BS iOS compat - runner: mouse/tap click as step 5 + more BS iOS compat rewrites (v0.29)

v0.22 + Chrome extension 1.1.0 — modal and popup handling

Two-sided fix for the cookie-banner / privacy-modal / custom-element-wrapper case that was defeating automations. Runner learned to force-click overlays; the extension recorder learned to pick the real button inside a wrapper instead of the wrapper itself.

v0.21 — performance pass: faster pages with more users online

Multi-tenant performance work. The dashboard's per-request team-membership check is now O(1) from a middleware-level cache, plus a migration adds targeted indexes on the hottest tables. You should feel it most on dashboards with several users active at once.

v0.11 — versioning convention + real /health version

bugAgent now has a formal build-number scheme so every shipped change is observable. The runner's /health endpoint reports the current product version, replacing a stale hardcoded value.

Chrome extension: scrolls now recorded in Playwright captures

The CoPilot extension's Record tab now captures scroll gestures alongside clicks, fills, and submits. Generated Playwright scripts reproduce the same scroll positions on replay — useful for lazy-loaded feeds, infinite scroll, and reviewing the run video.

Automations: self-healing locators

Every Playwright automation now auto-repairs fragile selectors at run-time. If a click / fill / press times out, the runner asks Claude for a better CSS selector from the live page and retries once — no more flaky failures from class renames or custom-element tag names.

Automations: password-only sign-in + Claude-assisted login fallback

Automations now support password-only front-door gates (no username needed), pre-auth works on BrowserStack including iOS, and when the built-in heuristics can't match your signin page the runner falls back to a Claude-built locator plan.

Pre-auth credentials, richer Live artifacts, Claude script rewrite

Automations can now log in before a test runs (encrypted credentials); Live runs produce a shareable video + Playwright trace that works without a BrowserStack login; Python scripts get a one-click Claude rewrite to the shape bugAgent Live requires.

Daily: Ship to prod: expand BrowserStack device catalog

18 commits — Improvements: - Ship to prod: expand BrowserStack device catalog - automations: expanded Live-run BrowserStack device catalog (~70 options)

Reassign test cases mid-run, with instant alerts

Change who owns a case from inside the run carousel — the new assignee sees the bell alert and email right away.

Daily: Ship to prod: neon green + raw URL on test assignment emails

29 commits — Improvements: - Ship to prod: neon green + raw URL on test assignment emails - emails: neon green CTA + raw URL fallback on test assignment emails

Daily: Ship to prod: rename New Script button to Upload Script

73 commits — New features: - add CLAUDE.md — repo-level instructions for Claude Code

Import test cases from Figma

New Import dropdown in the test-cases toolbar lets you upload a Figma zip export; Claude analyzes each frame and drafts test cases into a folder you pick.

Test Cases: sort preference now persists across navigation

Changing the Cases-tab sort to Oldest now sticks, even when the URL carries unrelated filters like a folder or suite selector.

Shipped to production: test-cases revamp end-to-end

69 commits of test-case management work merged from develop to main. Railway is rolling out now. Highlights: folders, sub-suite runs, carousel review with voice control, analytics Reports tab, PDF export.

Hide Compliance on prod + test-case AI examples in docs

Compliance is hidden from the nav on production builds (still visible in local dev while we iterate). Docs now include AI Assistant example prompts for folders, voice, analytics, and export.

AI assistant + marketing: voice test runs + data export help

The AI Assistant now knows the whole test case surface — folders, sub-suite auto-expansion, the carousel, P/F/B/S shortcuts, voice control, the Reports-tab analytics, and how to help you export your own data. Marketing page updated to match.

Test runs: ? help popover lists every voice command

A small ? button next to the Voice toggle reveals a grouped popover listing all voice commands with examples. Hover or tab to open.

Test runs: P/F/B/S shortcuts + voice control

Keyboard shortcuts now map to action letters (P for Pass, F for Fail, B for Block, S for Skip). New Voice button enables hands-free review with speech commands and dictated notes.

Test-run carousel: stuck spinner fix + arrows moved to topbar

Clicking dots back and forth no longer leaves a stuck "Loading details…" spinner. Prev/Next arrows are now on the same row as "Case N of M", not a separate row below.

Test runs: new carousel review flow with auto-advance

Reviewing a run is now a one-at-a-time carousel with arrow/keyboard nav. Set a result, the carousel auto-advances. When every case has a result the run auto-completes and Export Results appears.

Reports: removed search box, date window drives everything

Reports is now strictly a windowed-analytics view. Pick a date range — every panel refetches, including the PDF export. Dates are inclusive on both ends.

Reports: fix search box returning every run + wire pagination

Typing in the Reports-tab search did nothing — the backend ignored the param. Same for pagination (stuck at page 1). Both are now honored.

MCP: fix agent-created runs + add folder/report tools

Agent-created test runs now contain the right cases (including sub-suite descendants). New MCP tools for folders, report KPIs, and failure analysis. Marketing + API docs updated to match.

Reports PDF: fix WinAnsi encoding error on generate

Clicking Export PDF threw "WinAnsi cannot encode ▲". Swapped unicode arrows and comparison operators for WinAnsi-safe alternatives. The on-screen dashboard keeps the triangular arrows — only the PDF was affected.

Reports: Tier 6 — one-click PDF export

A new "Export PDF" button on the Reports tab downloads a 3-page brand-styled QA report. Same date range, project, and suite filter as what's on screen — share-ready in one click.

Reports: Tier 5 — tester productivity

Per-tester rollup with cases run, pass rate, avg time per case, runs assigned + completed, bugs filed via runs, and a "backlog" flag for testers with assigned-but-not-executed work.

Reports: Tier 3 — coverage report

A new Coverage section answers "what have I NOT been testing?" — workspace coverage %, untouched/never-run counts, a 6-bucket staleness distribution bar, and a per-suite coverage rollup sorted worst-first.

Reports: Tier 2 — suite health table

A sortable per-suite rollup with pass rate, trend arrow, runs, last activity, and open bug count. Worst-pass-rate suites bubble to the top so the most-broken area is the first thing you see.

Reports: KPIs, pass-rate trend, and failure analysis

The Reports tab is no longer just the Runs tab with extra columns. New: 4 KPI cards with deltas vs prior period, a weekly pass-rate trend chart, and a failure-analysis grid showing what to fix this week.

Test cases: removed redundant Done button on case detail

The case detail page already auto-saves on every edit, so the green Done button at the bottom was misleading — and as a bonus footgun it always sent you to the generic listing instead of using the new context-aware Back link.

Test cases: breadcrumb returns you to the suite you came from

Editing a case from a suite now returns you to that suite via the breadcrumb — not the generic test-cases listing. Label updates to "Back to Suite" too.

Suites: Add Cases modal now shows the folder tree

Adding cases to a suite no longer means scrolling a flat wall of names. The modal mirrors the Cases-tab folder structure with collapsible groups and per-folder counts.

AI Generate: stop dropping cases silently + respect active folder

Approve 3, get 3. AI-generated cases now also land in the folder you're currently viewing — same behavior as the manual "Add test case" button.

Test cases: folder reorder in the sidebar is now visible and easy to hit

Drag-and-drop folder reorder on the Cases sidebar now shows clear visual feedback during the drag, has wider drop zones, and a grab cursor. Order persists per team — same as before, just usable now.

Test runs: Runs tab defaults to All Users + persists the filter

The user filter on the Runs tab now defaults to "All Users" and remembers every choice — including an explicit "All Users" pick — across reloads.

Test runs: fix "Failed to archive" CHECK constraint error

Archiving a test run now works everywhere. The CHECK constraint on test_runs.status was missing 'archived' and 'aborted' on environments that hadn't been hand-patched.

Test runs: clearer error when archive fails

The "Failed to archive" alert now shows the actual reason (team mismatch, network, DB error) instead of a dead-end message. Archive still works the same when it succeeds.

Test runs: parent-suite runs now include sub-suites

Creating a test run from a suite with nested sub-suites now runs every case in every descendant, not just the parent's direct cases. Each result row is labeled with its originating sub-suite.

Test cases: pin feature retired on Suites tab

Removed the "pin suite" button from the Suites tab. Drag-and-drop reorder (sort_order) replaces it — both did the same job, and one way is clearer than two.

Test cases: drag-and-drop folder reordering

Reorder folders in the Cases-tab sidebar by dragging — top 25% to insert before, middle to reparent, bottom 25% to insert after. Cross-parent drops reparent then reorder automatically.

Daily: Bug fixes and improvements

3 commits —

Daily: deps(mcp-server): bump @supabase/supabase-js in /mcp-server

18 commits — Bug fixes: - Fix POST /api/projects 500 — RLS policy blocked manager role inserts

Fix: project creation 500 error for manager-role users

Resolved a 500 error on POST /api/projects that affected team members with the manager role.

Daily: Add collapsible Page Links section with Excel export

92 commits — New features: - Add collapsible Page Links section with Excel export - Add debug logging to extension upload flow

Daily: Extract truncated-title tooltip into shared helper; add to notes cards

51 commits — Bug fixes: - Fix detail page 400s — use report.id (UUID) not URL short-id - Fix bug report image attachments not displaying on local

Daily: chore(assign): remove diagnostic logging after root cause found

10 commits — Bug fixes: - fix(assign): allow unassign + auto-unassign on close - fix(assign): use report's team_id instead of active-team cookie

Daily: Add reported_by + assigned_to filters to kanban board

8 commits — New features: - Add reported_by + assigned_to filters to kanban board - Add Reported by + Assigned to filters and sortable columns

Daily: Logo: all black + align TestLauncher end with Agent end

33 commits — New features: - Add 'by TestLauncher' tagline to light logo variant - Add high-resolution brand assets (SVG + PNG)

Daily: Show reporter name on bug report detail page

38 commits — New features: - Add Content-Security-Policy meta tag to marketing site pages - Add ContactModal popup for Enterprise + Migration CTAs, honeypot on forms

Daily: Remove domain verification requirement from web automations

32 commits — New features: - Add Docs link to sidebar under Support section - Add clear all button to messages dropdown for inbox management

Daily: Clear filters refreshes both list and kanban views

96 commits — New features: - Add voice transcript to AI Assistant session replay context

Daily: Uppercase report IDs on list, kanban, detail

61 commits — New features: - Add image lightbox cycling arrows - Add prev/next cycling to image lightbox on bug report detail page

Daily: Remove app-level HSTS

60 commits — New features: - Add HSTS header at application level for defense-in-depth

Daily: Rename Organization→Workspace + free workspace creation + switch redirect

23 commits — New features: - Add security header configs for Cloudflare Pages / Netlify / Vercel - Add security scan detail page with schedule support

Daily: Show Start Free button in mobile header next to hamburger menu

51 commits — New features: - Add mobile schedule MCP tools + update all schedule docs - Add Slack + email notifications to mobile and exploration completions

Daily: Shared domain verification across all features

30 commits — New features: - Add visual regression detection: Claude Vision compares screenshots between runs - Add Schedule button and modal to Exploratory AI page

Daily: Add 'Autonomously.' in green to homepage tagline

40 commits — New features: - Add 'Autonomously.' in green to homepage tagline - Add green glow animation to logo during code review analysis

Daily: Expose bug report status in MCP server API

114 commits — New features: - Add automated error monitor workflow (GitHub Actions) - Add System Status link to website footer

Daily: Rewrite autonomous agents section with comprehensive platform cycles

41 commits — New features: - Add individual feature nav links in docs sidebar - Add Feature Guide link to docs sidebar navigation

Daily: Patch @astrojs/node 9.1.3 → 9.5.4: fix 4 moderate Dependabot alerts

71 commits — New features: - Add p99 to k6 output: include summaryTrendStats in script options

Daily: Revert @astrojs/node to v9.1.3 — v10 requires newer Astro

117 commits — New features: - Add competitor comparison pages: bugAgent vs Functionize & Mabl - Add error telemetry: client capture, server capture, admin logs, Slack alerts

Daily: Major homepage overhaul — concise copy, QA Wolf-inspired polish

50 commits — Bug fixes: - Fix npm audit vulnerabilities across all packages - Fix downgrade Stripe cancellation — fetch full team data

Daily: Smaller font + spacing in admin modal activity section

172 commits — Bug fixes: - Fix modal flash — show placeholders until API data loads - Fix admin modal activity counts — robust queries + hours tracking

Daily: Add beforeunload warning during mobile app upload

84 commits — New features: - Add beforeunload warning during mobile app upload - Add comprehensive mobile testing documentation and MCP tools

Daily: Add Test Cases docs, MCP tools, reports tab, homepage marketing

60 commits — New features: - Add Test Cases docs, MCP tools, reports tab, homepage marketing - Add complete Test Cases feature: cases, suites, runs, execution

Duplicate Automation Scripts

One-click duplicate creates a copy of any automation script without version history.

Playwright Runner Improvements

Auto-fixes for common Playwright issues, line-by-line pass/fail highlighting, and intensifying run button glow.

Page-Aware AI Assistant

The AI Assistant now knows what page you are viewing and can reference the specific content on screen.

AI Script Optimization Pipeline

Regenerate Script now sends your Playwright code through a 12-point Sonnet 4 optimization checklist.

Script Version History with Undo

Automation scripts now track up to 10 previous versions with one-click undo.

D3 Force-Directed Coverage Mind Map

Replaced the static coverage visualization with an interactive D3.js force-directed graph that auto-spaces nodes, supports drag, zoom, and pan.

Homepage Rebrand: QA Layer Messaging

New hero title, Context Engine section, and quality-of-testing philosophy throughout.

bugAgent Skills + Migration Offer

New Skills ecosystem on homepage with GitHub, Claude, Jira integration cards and free migration offer.

Dev Environment + Repo Migration

Full local development environment with Docker-based Supabase and the repo moved to TestLauncher organization.

Quality Score Documentation

Added Quality Score feature documentation to homepage, docs, API reference, and MCP pages.

Team Booster: Scale your QA team instantly

Added Team Booster feature with scale_team MCP tool, POST /team-booster REST API endpoint, and full documentation across API reference, MCP docs, homepage features, and docs pages.

Claude Analysis via MCP & API + Self-Healing Vision

Added push_to_claude MCP tool and POST /claude/push API endpoint. Updated self-healing docs to describe the full-circle autopilot healing engine.

Claude Integration: Self-Healing Bug Analysis

Connect your Anthropic API key to push bug reports to Claude for root cause analysis and fix suggestions. Self-healing cycle: detect, analyze, fix, verify.

Second-precise timers on bug reports and notes

Built-in timers on bug reports and notes track testing time to the exact second. Start, stop, resume, and click to manually edit. Time transfers automatically when converting notes to bug reports.

AI Assistant: Full QA Command Center

The AI Assistant is now a complete QA command center — create and update reports, add comments and notes, search your backlog, use voice input, attach files, and analyze session replays, all through natural conversation.

Kanban Board View for Bug Reports

Drag-and-drop Kanban board with 8 status columns, real-time Jira bi-directional sync, and persistent list/kanban view toggle.

Notes feature documented on website

Added Notes feature to the homepage, documentation, API reference (6 endpoints), and MCP page (5 tools). Notes supports Markdown, Plain Text, Rich Text, Checklist, and Outline formats with voice-to-text, time tracking, file attachments, and private/shared visibility.

Notes — Testing Memos for Teams

Capture testing observations, ideas, and findings with the new Notes feature.

Analytics Suite

Comprehensive analytics page with 12 chart sections for Pro/Team plans.

Time Tracking Page

Added a dedicated Time Tracking page for Team plan users with daily/weekly summaries, category-based entry tracking, and inline editing.

Time Tracking Tools & Analytics

Added full time tracking support across MCP, API, and analytics dashboard. Team plan feature.

Enhanced Analytics Feature Documentation

Added Analytics Dashboard feature card to homepage and comprehensive Analytics docs section with all 12+ chart types, health score formula, and API access details.

Quality Score Display

Added quality score (1-10) display across dashboard and MCP server

Automation Coverage Mind Map

Dashboard now shows an interactive test coverage visualization instead of recent reports.

Slack Integration + Schedule Notifications

Connect Slack and get notified when scheduled automations fail via Slack or email.

GitHub Integration Docs Added to Website

Updated website homepage and documentation with GitHub integration feature for Playwright automation script sync.

Coverage map in pricing and marketing

Added Automation Coverage Map as a listed feature for Pro and Team pricing tiers.

Gate coverage mind map behind paid plans

The Automation Coverage mind map on the dashboard is now only shown for Pro, Team, and Enterprise plans with at least one active automation.

Rename Schedules nav to Scheduled

Updated sidebar navigation, page titles, and all references from "Schedules" to "Scheduled" across the dashboard for consistency. URL paths remain unchanged.

Rewind — replay last 5 actions in the browser

New Rewind button on the SRT FAB toolbar. Click it to watch a replay of your last 5 actions — the SDK moves a ghost cursor to each element, highlights it, and executes the real action (clicks buttons, fills form fields with character-by-character typing, toggles checkboxes, scrolls). Supports cross-page navigation. Press ESC or click Stop to abort.

Custom password reset emails via Resend

Replaced Supabase built-in password reset emails with custom branded emails sent through Resend. The new flow uses secure tokens with 1-hour expiry, rate limiting, and a dedicated reset page with password confirmation. Email design matches the current slate branding with a security tip callout.

Renamed Session Replay to Session Replay Tools (SRT)

Session Replay has been renamed to Session Replay Tools (SRT) across the entire platform — dashboard, documentation, pricing, API reference, integrations, and AI assistant. The SRT section on bug report detail pages is now hidden for free plan users.

Removed weekly digest and new report email features

Simplified notification preferences to only include usage warnings. Removed the weekly digest and new bug report email toggles from settings, API, and MCP server.

Nightly usage warning emails for free plans

Account owners on free plans approaching the 5,000 bug report limit now receive a nightly email with their current usage, remaining reports, and a link to upgrade. Warnings send at 80%+ usage.

Default Project auto-created for new signups

New users signing up via email or Google OAuth now get a "Default Project" automatically created in their team. This does not apply to invited users.

Manual Jira force sync button

New sync button next to AUTO SYNC badge forces an immediate bi-directional sync of description and comments.

WCAG audit results displayed on bug report detail page

WCAG accessibility audit findings now appear in the Session Replay Tools section of the bug report detail page with impact badges, rule IDs, and remediation links.

AI Assistant now uses all captured FAB data to auto-draft reports

When a session is captured via the FAB, the AI uses every piece of captured data to immediately draft a complete bug report.

Playwright Automation — record, generate, run, schedule

New Automate tool in the FAB records browser actions and generates Playwright test scripts via AI. Run on demand, schedule recurring runs, or integrate into CI/CD pipelines.

GitHub Integration for Automation Scripts

Connect GitHub to automatically sync Playwright automation scripts to your repos.

Jira ADF formatting + sync documentation updates

Bug reports created by AI Assistant now preserve markdown formatting in Jira editor. Sync docs updated with force-sync, last-updated-wins, and media sync.

Severity last-updated-wins + bi-directional media sync

Jira sync now auto-resolves severity conflicts using timestamps and syncs all media/images both directions without duplicates.

Updated verification email branding

Updated email verification templates and pages to use current slate (#94A3B8) branding instead of legacy amber (#F59E0B). Updated logo rendering, button colors, and icon styling across register, send-verification, verify-email, and verify-pending pages.

Email verification for signups

New accounts now require email verification before accessing the dashboard. Verification emails sent via Resend with branded templates, resend button, and automatic detection when verified.

Performance optimizations

Minified SDK (44% smaller), consolidated Jira polling from 3 API calls to 1, added tab visibility detection to pause background polling, reduced font loading overhead, and enabled HTML compression.

Fixed report detail page error

Resolved database column error that could cause failures when loading bug report detail pages with similar reports.

Microphone audio capture in screen recordings

Screen recordings now capture microphone audio via Web Audio API mixing, enabling voice narration during bug recording sessions.

Improved AI chat interface

Removed Submit quick-reply button and refined Yes/No button detection to only appear for direct yes/no questions.

Stack Trace, Network Waterfall, and Performance Metrics in Session Replay

Three new collapsible sections in bug reports: full console log with search, network waterfall for failed/slow requests, and auto-captured performance metrics including FPS, memory, and page load times.

Fix recorder popup size for Chrome permission dialog

Recorder popup now opens large enough (420x550) for Chrome to display its screen sharing permission dialog. Auto-shrinks to compact bar once recording starts.

Cleaner report layout: video player in attachments, no duplication

Removed duplicate Screen Recording and DOM Replay sections from Session Replay card. Video and DOM replay now appear only in Attachments with full-width playable video player.

Popup-based screen recorder survives page refresh

Screen recording now runs in a separate popup window that continues recording even when the main page refreshes or navigates. Also uses displaySurface constraints to guide Chrome picker to the correct surface type.

Fix video upload and session attachments display

Video recordings now upload inline with session data instead of a separate request. Session screenshots, videos, and DOM replay data now reliably show in report attachments.

Recording source picker: Full Desktop or Browser Window

Users can now choose between Full Desktop and Browser Window when recording. Tab capture has been removed since it stopped on page refresh.

Fix video upload CORS, IndexedDB blob persistence, and DOM replay display

Fixed critical CORS preflight issue preventing video uploads. Added IndexedDB blob persistence and DOM replay display in report attachments.

Added FAQ Section to Documentation

New FAQ section on the documentation page with 10 expandable accordion items covering: what bugAgent is, how it works, getting started, team management, multiple projects and organizations, pricing plans, subscription cancellation, supported report types, Jira integration, and data security.

Fixed Screen Recording in Session Replay SDK

Resolved video recording issues: recordings now survive page navigation by preserving the video blob and flushing MediaRecorder data on unload. Chrome users will see their current tab pre-selected in the screen picker. Session replay videos now appear in the Attachments section of bug report details alongside screenshots and uploaded files.

Updated Marketing & Docs for Expanded Report Types

Homepage, documentation, API reference, MCP docs, and Session Replay docs now reflect the full breadth of 19 supported report types — including feature requests, enhancements, technical debt, documentation, DevOps, UX improvements, and integrations — across the AI Assistant, REST API, and MCP server.

Expanded Report Types Beyond Bugs

The platform now accepts 7 new report types: feature requests, enhancements, technical debt, documentation, DevOps, UX improvements, and integrations. The AI Assistant, report creation, auto-classification, filtering, and display layers all support the expanded types with new badge styles and classification patterns.

Homepage & Docs Updated with New Features

Updated homepage feature cards, Session Replay documentation, API reference, MCP docs, and developer documentation with DOM replay, screen + voice recording, and FAB toolbar features. All CoTester references renamed to AI Assistant across the entire website.

Integrations Page Enhanced

Expanded the Session Replay section on the dashboard integrations page with a detailed "What gets captured" reference table, screen recording instructions, and FAB toolbar documentation.

Session Cleanup Automation

Orphan session replays not attached to a bug report are automatically cleaned up after 24 hours — both database records and storage files. Hourly cron job.

Screen + Voice Recording

New FAB toolbar with satellite record button. 3-second countdown, then captures screen via getDisplayMedia with optional microphone. Records up to 60 seconds and attaches to bug report.

DOM Replay Recording

Session Replay SDK now records DOM mutations via MutationObserver in a rolling 60-second buffer. DOM snapshot and mutations are stored with the session and displayed on the report detail page.

MCP Server CORS Hardened

Restricted CORS from wildcard to an explicit allowlist of production origins. MCP clients are unaffected as CORS is browser-only.

AI Assistant Rebrand

Renamed all CoTester references across the platform to AI Assistant — sidebar, admin pages, settings, billing, header, and system prompts.

Session Replay setup on Integrations page

The Integrations page now includes a Session Replay section with a full setup guide, copyable script snippet pre-filled with your API key prefix, and configuration options reference.

SDK events persist across page reloads

The Session Replay SDK now saves events to sessionStorage so clicks, errors, and navigation are preserved across page reloads. Previously, form submissions that triggered a page reload would wipe the event buffer clean.

User Journey in Session Replay

Session replay now shows a User Journey section with the last 10 pages visited during the session, displayed as a vertical timeline with page titles, URL paths, and timestamps. Collapsed by default.

Improved SDK click capture

The Session Replay SDK now captures all button clicks including save buttons, form submits, and buttons with nested icon/text elements. A mousedown backup listener ensures clicks are captured even when pages reload.

Improved Duplicate Detection

Duplicate detection now weights title similarity at 70% with a lower matching threshold, catching near-identical titles that were previously missed. All existing reports have been backfilled with similarity data.

Duplicate Detection on homepage and docs

Duplicate Detection is now featured on the homepage and in the developer documentation under AI-Native Features.

Activity count badge fixed

The session replay badge now shows the count of meaningful user activities (clicks, navigations, errors) instead of all raw events including mouse moves and scrolls.

AI Analysis collapsed by default

The AI Analysis section in session replay is now collapsed by default. Click to expand when you want to review the findings.

User Activity Log replaces Event Timeline

The abstract dot timeline in session replay has been replaced with a readable User Activity log showing timestamped clicks, navigations, errors, and warnings.

AI Assistant asks one question at a time

The AI Assistant now asks a single focused question per message instead of multiple questions at once, making conversations more natural.

Screenshot removed from replay section

Session replay screenshots now only appear in the attachments section, avoiding duplication on the bug report detail page.

Duplicate detection for bug reports

New reports are automatically checked against existing reports in the same org and project using trigram embedding similarity. Similar issues appear on the bug detail page between comments and changelog with links, severity, status, and match percentage. No clutter when no duplicates found.

User display preferences for bug reports

New Bug Report Display section in Settings allows users to toggle Suggested Test Case and Suggested Playwright Script sections on bug report detail pages. Both are off by default. Settings are per-user only.

Feedback system added

New Support section in sidebar with Feedback button that opens a popup modal. Users can submit feedback with category (general, bug, feature, improvement). Admin page shows all feedback with name, email, message, and status management.

Session Replay SDK and AI Assistant improvements

SDK now filters out clicks on the bugAgent FAB and submit buttons from recorded events. AI Assistant now receives the page screenshot URL and URL navigation history from session replays for more complete bug report drafting.

Session Replay docs updated

Updated Session Replay documentation to cover new features: page screenshot capture on submit, console.error() and console.warn() interception, 60-second URL navigation history tracking, and updated privacy section to reflect screenshot capture capability.

Impact Score on Bug Reports

Bug report detail page now shows an Impact Score (0-100) combining severity, frequency, and affected user count for objective triage.

Session Replay: Console Errors & URL History

Session Replay SDK now captures console.error() and console.warn() calls, plus a chronological URL navigation history for the last 60 seconds.

Admin: Inline Plan & Admin Controls

Added inline plan dropdown and admin toggle switch to the Admin > All Users page for quick user management.

Session Replay Documentation Page

Added a dedicated /session-replay documentation page with full setup guide, SDK reference, and cross-links from docs hub, header nav, and API reference.

Session Replay SDK & AI Analysis

Capture the last 60 seconds of user activity before a bug report. A lightweight JavaScript SDK records clicks, navigation, console errors, and network failures. CoTester AI analyzes the session data to auto-draft bug reports with repro steps, error analysis, and suggested severity. Available on Pro and Team plans.

Fix website build and deploy

Fixed a build error that prevented the website from deploying to GitHub Pages since March 19.

Admin CoTester Knowledge Base

New admin page for platform-wide testing expertise that enriches every CoTester AI session.

CoTester AI Context-Aware Branding

Updated all website pages to highlight the CoTester AI Assistant as context-aware with voice input, custom instructions, and knowledge document support.

Knowledge Document Uploads for CoTester AI

Upload reference documents (PDFs, markdown, text files) that the CoTester AI Assistant uses as context in every session.

Rewind feature documentation added to SRT page

Added comprehensive Rewind documentation to the Session Replay Tools (SRT) docs including feature highlight, how-it-works guide, supported actions, controls, and element targeting details.

WCAG audit powered by axe-core engine

WCAG Audit tool now uses axe-core v4.10.2 by Deque — the industry-standard accessibility engine with 80+ rules and zero false positives.

Jira-style bug template toggle for report composer

Enable the Template toggle to prefill the bug report textarea with a standard Jira bug template.

Voice-to-text input for bug report composer

Click the microphone icon in the bug report toolbar to dictate your bug report instead of typing.

Delete bug reports from the reports list

Hover over a report title to reveal a trash icon. Click it, confirm, and the report is permanently deleted.

Fix Rewind stopping on click-triggered page navigations

Rewind now continues seamlessly when a replayed click navigates to a new page on the same site.

Rewind persists progress across page navigations

The Rewind progress bar and step statuses now persist seamlessly when replaying actions that navigate to a new page.

Rewind feature added to homepage

Added Rewind as a dedicated feature card on the homepage and as a bullet point in the Enrich platform pillar.

Smarter AI Assistant quick reply buttons

Yes/No buttons now only appear for direct yes/no questions. A new Submit button appears for questions that need typed answers.

Expanded browser console and network capture

SDK now captures all console levels including debug, trace, and assert. Bug report detail page shows all network requests, not just failed ones.

Fix video zero duration on bug reports

Fixed an issue where screen recording videos showed zero duration on bug report pages.

Auto-display new bug reports in real-time

Bug reports list now auto-refreshes every 30 seconds to show new reports from team members or the AI assistant without requiring page reload.

Browser markup annotation tool

New annotate tool on the floating button lets testers draw circles, arrows, and freehand annotations directly on the page before sending to AI.

Fixed video recording upload - videos were 0 duration

Screen recording videos were being uploaded as 7-byte corrupt files due to a base64 parsing bug in the capture API.

Reset button added to SDK toolbar

New Reset button in the floating popup clears all captured session data so testers can start fresh without reloading.

DOM Replay moved to Session Replay section

DOM Replay mutation timeline moved from Attachments into the Session Replay section alongside Stack Trace, Network Waterfall, and Performance Metrics.

Session Replay features always visible

Stack Trace, Network Waterfall, and Performance Metrics sections now always show in Session Replay with empty state messages when no data is captured.

DOM Replay Mutation Timeline & Recording UI Cleanup

Interactive DOM mutation timeline in attachments, removed redundant in-browser recording indicator, updated website marketing.

CoTester AI Custom Instructions

Team admins can now configure persistent custom instructions for the CoTester AI Assistant in organization settings.

Voice Memo Transcription with Whisper

Upgraded CoTester AI Assistant voice input to support long recording sessions (15-20+ minutes) using OpenAI Whisper chunked transcription.

Voice-to-Text in CoTester AI Assistant

Added a voice input button to the CoTester AI Assistant chat panel using the browser-native Web Speech API.

CoTester AI Assistant in Pricing & Billing

Added CoTester AI Assistant as a featured capability across all pricing tiers on the website and dashboard billing page.

CoTester AI Assistant on Homepage

Added CoTester AI Assistant to the Enrich pillar on the homepage Platform Pillars section.

Project switcher in sidebar and streamlined bug report filters

Added a project switcher to the sidebar matching the org switcher design, moved project filtering into the reports filter bar, and added project renaming in settings.

Fix MCP server crash behind reverse proxy

Resolved express-rate-limit crash caused by X-Forwarded-For headers behind Railway reverse proxy.

Custom domain for MCP server

Replaced all hardcoded Railway production URLs with mcp.bugagent.com custom domain across codebase.

Consistent www.bugagent.com URLs

Fixed Google Search Console redirect issue by updating all website URLs to use www.bugagent.com consistently.

Sentry MCP Server & Uptime Monitoring

Configured Sentry MCP server integration, uptime monitors, and secured credentials from git tracking.

Introducing CoTester AI Assistant

The AI chatbot has been rebranded as CoTester AI Assistant across the entire platform and documentation.

Default project checkbox in settings

Added a checkbox in the project settings section to set the active project as the default for new bug reports.

Description field added to Jira sync

Bi-directional Jira sync now includes the description field alongside title, severity, status, and type.

Jira project dropdown selector

Replaced manual project key input with a dropdown fetching available Jira projects from the team connection.

Fix team invitations and update email branding

Fixed invite emails using old gold branding — now uses the new chrome/slate color scheme. Fixed "Invalid Invitation" error when clicking invite links by switching to service role client for fetching and accepting invitations. Added RESEND_API_KEY to production environment for email delivery.

Fix team management page and invite form

Fixed the team settings page showing 0 members and missing the invite form. Root causes: missing foreign key from team_members.user_id to profiles.id (broke PostgREST joins), and a self-referencing RLS policy on profiles that silently failed. Team members, roles, and the invite form now display correctly.

Duplicate bug report button

Added a Duplicate button on the bug report detail page. Creates a copy of the report with [Copy] prefixed to the title, preserving all fields except status (reset to new), resolution (cleared), and media. The duplicate metadata tracks the original report ID.

Fix RLS recursion breaking team data loading

Fixed a critical self-referencing RLS policy on team_members that caused PostgreSQL to silently return zero rows. This broke the middleware team loading, causing the plan switcher to always show Free. Replaced with SECURITY DEFINER helper functions that safely bypass RLS recursion.

Admin Plan Switcher Fix and Uplifting Org Names

Fixed the admin plan dropdown not persisting changes. All organizations now have unique, uplifting random names generated automatically.

Multi-Organization Support, Org Settings, and Downgrade Restrictions

Users can now belong to multiple organizations with a sidebar org switcher. Added organization name settings and billing downgrade restrictions.

Security Fix: RLS Policies for Team Roles

Fixed critical RLS policy issues where team_members INSERT policy referenced deprecated role, and UPDATE/DELETE policies were owner-only. Added email verification on invite acceptance.

Team Management with Roles and Invitations

Full team management system with role-based access control, invite flow with 5-day expiry, owner transfer, and new user onboarding.

Fix invite email branding

Updated invite email template with clean white CTA button, refined typography, and consistent dark theme. Removed party emoji from invite acceptance page for a more compact layout.

Simplified Bug Reports + Internal Notes

Bug reports now store full descriptions without splitting. Added Internal Testing Notes.

Multi-Organization Support

Multi-Organization Support

AI Description Formatter

New AI wand button on bug detail page reformats descriptions into structured bug templates. format_description flag available on MCP create_bug_report and dashboard quick-submit. Jira sync handles pre-formatted descriptions without duplicate sections.

5 New MCP Tools + Setup Guides

Added Jira sync, comments, and team management tools plus easy setup configs

MCP Server Best Practices Update

Tool annotations, pagination metadata, and improved error handling

Bug Reports RLS Fix for Teams

Team members can now update and sync reports created by other team members

Deleted Jira Issue Handling

Graceful handling when linked Jira issues are deleted

Bi-directional Jira Comment Sync

Comments now sync between bugAgent and Jira automatically

Bi-directional Jira Sync

Bug reports now detect and merge changes from Jira automatically

Team-Scoped Jira Integration

Jira connections now belong to the team, not individual users

Sentry Error Monitoring

Added Sentry SDK to dashboard and MCP server

MCP Server Security Hardening

Fixed 14 security and reliability issues across the MCP server

Nightly security scan

Scheduled automated security scan at 3am daily. Combines Sentry issue monitoring with local code security scanning for comprehensive overnight analysis.

Sentry MCP server

Added Sentry MCP server for AI-powered error investigation and debugging directly from Claude Code. Enables querying Sentry issues, events, and Seer AI analysis.

Sentry integration

Added Sentry error monitoring to dashboard and MCP server. Configured @sentry/astro for SSR error capture, @sentry/node for MCP server monitoring, and Sentry release tracking in CI/CD pipeline.

Fix new user signup from invite

Fixed "Database error saving new user" when accepting invites by setting search_path on all SECURITY DEFINER PostgreSQL functions.

Italicize Agent in bugAgent branding across homepage

Updated all visible bugAgent text on the homepage to italicize the "Agent" portion using em tags, consistent with the logo styling. Applied across 10 section components including Hero, Features, How It Works, Pricing, and Footer.

Fix admin users page 500 error on Railway

Fixed server-side environment variable access across all dashboard files. Replaced import.meta.env (build-time only) with process.env fallback for SUPABASE_SERVICE_ROLE_KEY so it resolves correctly at runtime in Docker/Railway deployments. Added graceful error handling for admin pages.

Automated security scanning on every commit

Added an 8-category security scanner that runs as a pre-commit hook and CI gate. Checks for hardcoded secrets, SQL injection, XSS, auth gaps, insecure patterns, dependency vulnerabilities, sensitive file exposure, and RLS/data access scoping.

Dashboard chart upgraded to grouped bar layout

Updated the actual dashboard bug reports chart from a single bar to a grouped 3-bar-per-day layout showing UI (blue), Performance (amber), and Crashes (red) categories with legend, Y-axis labels, gridlines, and detailed hover tooltips.

Homepage repositioned as agentic QA platform

Added three new homepage sections positioning bugAgent as a bug enrichment and QA delegation platform: Platform Pillars, Delegate Testing, and Agent QA Swarm.

API reference page and public changelog

Added a comprehensive API reference page at bugagent.com/api-reference documenting all REST endpoints, and a public changelog page at bugagent.com/changelog with tag filtering, date navigation, and RSS subscription.

14 new MCP tools for autonomous agents

Added full account lifecycle support for autonomous AI agents: registration, login, profile management, project CRUD, API key management, settings, and usage tracking.

REST API parity with MCP tools

Added 12 new REST API endpoints so API key holders can programmatically access all features previously only available through MCP tools.

API key authentication for REST endpoints

REST API endpoints now accept Bearer token authentication using ba_live_ API keys, in addition to session cookies.

Critical security fixes for MCP server

Fixed 3 store functions (listReports, getReport, updateReport) that had no user/team ownership scoping, allowing any authenticated user to access any report via the MCP server.

Changelog system with RSS feed

Added a changelog database, admin API for creating entries, and an RSS feed at /changelog.xml for tracking platform updates.