All releases
v2.38.0
April 24, 2026
Minor release
In this release
New9
Improved50
Fixed17
Security2
Internal7
Total85

Release Title

This release includes 15 updates focused on bug fixes & stability.

Highlights
Discord slash commands

Description: You can now run /usage to view your tier and linked email, and /balance to see your current dollar balance formatted as $X.XX. These commands are only visible to linked accounts.

Discord OAuth provider

Discord OAuth provider.

Short title

Description...

New Features

9

Discord slash commands

Description: You can now run /usage to view your tier and linked email, and /balance to see your current dollar balance formatted as $X.XX. These commands are only visible to linked accounts.

Discord OAuth provider

Discord OAuth provider.

Discord linking UI

Discord linking UI.

Short title

Description...

Discord slash commands

Description...

Discord OAuth provider

Description...

Discord linking UI

Description...

Add blog-performance UI page + nav entry

Add blog-performance UI page + nav entry .

Harmonize BYOS data processor role and strengthen respons...

Harmonize BYOS data processor role and strengthen respons....

Improvements

50

fix(api): add input validation for discord_id, provider allowlists (, ) – likely a fix, maybe impr

fix(api): add input validation for discord_id, provider allowlists (, ) – likely a fix, maybe impr.

fix(auth): guard against Discord users with unverified email – bug fix.

fix(auth): guard against Discord users with unverified email – bug fix..

fix(auth): clear account_link_state cookie after linking completes – bug fix.

fix(auth): clear account_link_state cookie after linking completes – bug fix..

fix(auth): set account_link_state cookie as HttpOnly + Secure – security improvement? It's about

fix(auth): set account_link_state cookie as HttpOnly + Secure – security improvement? It's about .

feat(sentinel): add /usage and /balance slash commands for linked users – new feature.

feat(sentinel): add /usage and /balance slash commands for linked users – new feature..

feat(auth): add Discord to connected accounts linking UI – new feature.

feat(auth): add Discord to connected accounts linking UI – new feature..

feat(auth): add Discord OAuth provider to NextAuth – new feature.

feat(auth): add Discord OAuth provider to NextAuth – new feature..

fix(scraper): reject hostless URLs in batch schema and worker pre-flight – bug fix.

fix(scraper): reject hostless URLs in batch schema and worker pre-flight – bug fix..

(Note: there are internal commits not needed.)

(Note: there are internal commits not needed.).

Input validation for discord_id and provider allowlists – improves reliability, maybe "Validate Disc

Input validation for discord_id and provider allowlists – improves reliability, maybe "Validate Disc.

Guard against unverified email causing 422 – improves auth flow.

Guard against unverified email causing 422 – improves auth flow..

Clear account_link_state cookie after linking – improves user experience.

Clear account_link_state cookie after linking – improves user experience..

Set cookie HttpOnly + Secure – security improvement.

Set cookie HttpOnly + Secure – security improvement..

Add /usage and /balance slash commands – new feature.

Add /usage and /balance slash commands – new feature..

Add Discord to connected accounts linking UI – new feature.

Add Discord to connected accounts linking UI – new feature..

Add Discord OAuth provider to NextAuth – new feature.

Add Discord OAuth provider to NextAuth – new feature..

Reject hostless URLs in batch schema – improves scraper reliability.

Reject hostless URLs in batch schema – improves scraper reliability..

New slash commands (/usage, /balance) – likely Features.

New slash commands (/usage, /balance) – likely Features..

Add Discord to connected accounts linking UI – maybe Features or Improvements? It's a new UI feature

Add Discord to connected accounts linking UI – maybe Features or Improvements? It's a new UI feature.

Add Discord OAuth provider – maybe Features (or Improvements?). Probably Features.

Add Discord OAuth provider – maybe Features (or Improvements?). Probably Features..

Input validation for discord_id and provider allowlists – could be Improvements (enhancement) or Fix

Input validation for discord_id and provider allowlists – could be Improvements (enhancement) or Fix.

Guard against unverified email – fix? Could be "Fixed Discord email handling". Type:fix.

Guard against unverified email – fix? Could be "Fixed Discord email handling". Type:fix..

Clear account_link_state cookie after linking – fix? Could be "Reset link state cookie". Type:fix.

Clear account_link_state cookie after linking – fix? Could be "Reset link state cookie". Type:fix..

Set cookie HttpOnly + Secure – security improvement. Could be "Secure cookie flags for link state".

Set cookie HttpOnly + Secure – security improvement. Could be "Secure cookie flags for link state". .

Reject hostless URLs in batch schema – fix? Could be "Reject hostless URLs in batch requests". Type:

Reject hostless URLs in batch schema – fix? Could be "Reject hostless URLs in batch requests". Type:.

Validate Discord ID and provider filters

Validate Discord ID and provider filters.

Handle unverified Discord email gracefully

Handle unverified Discord email gracefully.

"Discord slash commands" = 3 words? Actually "Discord" (1) "slash" (2) "commands" (3) => 3 words, ok

"Discord slash commands" = 3 words? Actually "Discord" (1) "slash" (2) "commands" (3) => 3 words, ok.

"Discord OAuth provider" = 3 words? "Discord" (1) "OAuth" (2) "provider" (3) => 3 words.

"Discord OAuth provider" = 3 words? "Discord" (1) "OAuth" (2) "provider" (3) => 3 words..

"Discord linking UI" = 3 words.

"Discord linking UI" = 3 words..

"Validate Discord ID and provider filters" = 5 words? Count: Validate(1) Discord(2) ID(3) and(4) pro

"Validate Discord ID and provider filters" = 5 words? Count: Validate(1) Discord(2) ID(3) and(4) pro.

"Handle unverified Discord email" = 4 words? Handle(1) unverified(2) Discord(3) email(4) => 4 words.

"Handle unverified Discord email" = 4 words? Handle(1) unverified(2) Discord(3) email(4) => 4 words..

"Clear link state cookie" = 4 words.

"Clear link state cookie" = 4 words..

"Reject hostless URLs in batch" = 4 words? Reject(1) hostless(2) URLs(3) in(4) batch(5) => 5 words,

"Reject hostless URLs in batch" = 4 words? Reject(1) hostless(2) URLs(3) in(4) batch(5) => 5 words, .

"Secure cookie flags for link state" = 6 words? Secure(1) cookie(2) flags(3) for(4) link(5) state(6)

"Secure cookie flags for link state" = 6 words? Secure(1) cookie(2) flags(3) for(4) link(5) state(6).

Feature entries: icon:Rocket

Feature entries: icon:Rocket.

Improvement entries: icon:Zap

Improvement entries: icon:Zap.

Fix entries: icon:Bug

Fix entries: icon:Bug.

Security entry: icon:Shield

Security entry: icon:Shield.

Slash commands: visualHint:screenshot

Slash commands: visualHint:screenshot.

OAuth provider: maybe code? But code hint is for code examples; not needed. Could omit.

OAuth provider: maybe code? But code hint is for code examples; not needed. Could omit..

Linking UI: screenshot.

Linking UI: screenshot..

Validation: stats? Maybe stats.

Validation: stats? Maybe stats..

Email handling: maybe stats? Could use stats.

Email handling: maybe stats? Could use stats..

Clear cookie: maybe stats? Could omit.

Clear cookie: maybe stats? Could omit..

Reject hostless URLs: maybe code? Could omit.

Reject hostless URLs: maybe code? Could omit..

Secure cookie: maybe stats? Could omit.

Secure cookie: maybe stats? Could omit..

Validate Discord ID and provider filters

Description...

Handle unverified Discord email

Description...

General bug fixes and improvements

Plus 7 internal improvements for better reliability and performance.

Bug Fixes

17

Clear link state cookie after linking

Clear link state cookie after linking.

Reject hostless URLs in batch requests

Reject hostless URLs in batch requests.

Clear link state cookie

Description...

Reject hostless URLs in batch

Description...

Use correct AdminKPIRow cards prop and AdminStatCardProps...

Use correct AdminKPIRow cards prop and AdminStatCardProps....

Remove email from Discord lookup response and usage embed...

Remove email from Discord lookup response and usage embed....

Add in-memory fallback for discord lookup rate limit when...

Add in-memory fallback for discord lookup rate limit when....

Make trust seed marker permanent and clear on invalidate ...

Make trust seed marker permanent and clear on invalidate ....

Defer /usage and /balance before resolve to avoid 3s ti...

Defer /usage and /balance before resolve to avoid 3s ti....

Add URL host validation to ScrapePDFRequest and ScrapeOCR...

Add URL host validation to ScrapePDFRequest and ScrapeOCR....

Make history empty state text mode-aware

Make history empty state text mode-aware .

Migrate Gemini CLI from --allowed-tools to --approval-mod...

Migrate Gemini CLI from --allowed-tools to --approval-mod....

Prevent double-release of domain concurrency slot on inva...

Prevent double-release of domain concurrency slot on inva....

Reject hostless URLs in batch schema and worker pre-fligh...

Reject hostless URLs in batch schema and worker pre-fligh....

Prefer backend response_time_ms over client wall-clock in...

Prefer backend response_time_ms over client wall-clock in....

Remove leading space in min_confidence warning sentence (...

Remove leading space in min_confidence warning sentence (....

Allow input composition during send — keep submit guards ...

Allow input composition during send — keep submit guards ....

Security

2

Secure cookie flags for link state

Secure cookie flags for link state.

Secure cookie flags for link state

Description...

Plus 7 internal changes for stability and performance.