Unreleased
Added
- Workspace and organization model with members, invites, entitlements, notifications, API keys, audit logs, and usage counters.
- Public docs, blog, changelog, legal starter pages, and theme builder.
- Request IDs, default security headers, and optional request logging.
- Expanded `START_HERE.md` coverage for workspaces, developer surfaces, admin/operator surfaces, docs cleanup, screenshots, and theme builder cleanup.
- Non-mutating browser smoke coverage in the code-quality workflow.
- Automated disposable-demo expiration, account cleanup, and operational-data retention.
- Ten reusable SaaS landing sections spanning product storytelling, proof, trust, ROI, and migration.
Changed
- Workspace selection is explicit and onboarding creates the workspace name entered by the user.
- Billing and entitlements are scoped to the active organization and restricted to workspace administrators.
- Webhooks remain inactive compatibility storage until a real signed delivery pipeline is selected.
- PWA generation is opt-in and avoids precaching authenticated product routes.
- Public changelog content now comes directly from this file.
Fixed
- Account deletion now blocks unsafe owner removal and cleans related application data.
- Protected, auth, placeholder legal, and empty blog routes now publish appropriate indexing directives.
- The sitemap contains only truthful, indexable public routes.