Workspaces, Auth Hardening, and Promo Codes
Introducing workspace activity logs and audit trails, major authentication security hardening with rate limiting and brute-force protection, and promo code deep-links for frictionless onboarding.
Your workspace settings now include an Activity tab showing a full audit trail of team actions — invitations, role changes, and configuration updates. Stay informed about everything happening in your workspace.
View workspace usage statistics at a glance with the new stats card. You can also resend invitations, leave workspaces, and set custom avatar URLs directly from settings.
Added per-IP and per-email rate limiting to login, OAuth, and verification endpoints. Verification codes are now hashed before storage, and brute-force protection with progressive lockout is active on all auth routes.
New Features
4Workspace activity and audit logs
Your workspace settings now include an Activity tab showing a full audit trail of team actions — invitations, role changes, and configuration updates. Stay informed about everything happening in your workspace.
Workspace stats and team management
View workspace usage statistics at a glance with the new stats card. You can also resend invitations, leave workspaces, and set custom avatar URLs directly from settings.
Promo code deep-links
Share promo codes via URL — signed-out users are guided through signup with the code pre-filled, and the deposit page automatically applies it. No more copy-pasting promo codes.
Transparent welcome bonus explanation
New users who receive a reduced welcome bonus now see a clear modal explaining why, with an option to unlock the full bonus. No more confusion about varying signup credit amounts.
Improvements
2Improved deposit experience with promos
When a promo code is active, the deposit page now shows the discount clearly and pre-fills the code from URL parameters. The apply button no longer triggers errors from browser event objects.
General bug fixes and improvements
Plus 20 internal improvements including homepage visual polish, SEO structured data enhancements, and blog reliability fixes.
Bug Fixes
2Workspace switching reliability
Fixed several issues with workspace switching — balance now refreshes correctly, dialogs close properly before secondary operations, and tab state no longer resets unexpectedly when switching contexts.
Dashboard table readability
API Keys and Playground tables no longer truncate columns on smaller screens. Content is fully visible without horizontal scrolling cutting off important data.
Security
3Comprehensive auth security hardening
Added per-IP and per-email rate limiting to login, OAuth, and verification endpoints. Verification codes are now hashed before storage, and brute-force protection with progressive lockout is active on all auth routes.
OAuth key rotation on token exchange
API keys are now rotated on each OAuth token exchange instead of re-exposing the same key. Localhost redirect URIs are blocked in production, and re-verification emails are sent after email changes.
Session revocation now invalidates JWT
Revoking a session now properly invalidates the associated JWT token, preventing continued access with stale credentials.
Plus 20 internal changes for stability and performance.