What's new.

Watcher email delivery (the 24-day silent failure)

• ·get_user_email_by_id RPC checked auth.uid() ∈ shared-org before returning an email. Server-side callers under the service role have auth.uid() = NULL → check fails → returns NULL → emails silently skipped.
• ·Fix: short-circuit the org-match check when auth.uid() IS NULL (trust service-role context). External callers still go through the same anti-phishing guard they had before.
• ·Same shape as a separate trigger-vs-service-role trap from May 4 — both now documented as one pattern: any SECURITY DEFINER function or PG trigger that touches auth.uid() needs an explicit handling of the system-call case.

Project pages reflect descendant activity

• ·cascadeAncestorTimestamps: every deploy walks parent_project_id up the chain and bumps each ancestor's updated_at, so the "Latest prototype" date on container projects reflects what actually happened.
• ·Domain-match guard: external_url cascades up only when the new URL shares a host with the ancestor's existing URL — preserves hand-set vanity URLs that point to a different domain than the deploy target.
• ·Share page "What's New" banner queries deploy_versions across the prototype + its descendants and picks the most recent by created_at, instead of only reading the share-target's own deploy history (which often froze months ago).
• ·Feedback pulse in deploy notifications now reads from the descendant with the highest feedback_summary_count, not just the canonical share row. Matches where stakeholders are actually leaving feedback in dedupe-stacked hierarchies.

Archived prototypes no longer leak through reads

• ·RLS policy projects_hide_archived_from_users: restrictive SELECT filter that hides archived rows from non-superadmin sessions. Admin client (service role) bypasses, so restore flows and cleanup tools still see them.
• ·Detail page redirects archived URLs to the active sibling under the same parent (or notFound() if there's none). Stale bookmarks and breadcrumbs land users on current data instead of month-old content.
• ·Per-path filters added to: MCP list_prototypes, /dashboard/my-work, /dashboard/prototypes, /s/[slug] share resolver, folder thumbnail aggregation, the resolveProjectByIdOrSlug utility (archive-aware by default; admin callers opt-in to include archived).

Deploy notification labels stopped freezing

• ·The version counter in notification titles was reading a child-projects row count that froze the moment dedupe started reusing children, so every deploy was labeled with the same version forever (commonly stuck at v14 for prototypes that had been deploying daily for weeks).
• ·Now reads max(deploy_versions.version_number) — the actual authoritative sequence — and adds 1. Matches what saveDeployVersion writes seconds later in the same request.
• ·Existing notification rows with frozen labels were backfilled to their real version numbers by joining each row against the deploy_versions row written within 30 seconds.

Watcher fan-out covers the full ancestor chain

• ·notifyFollowers used .eq("project_id", canonicalAncestor) for the follower lookup — followers attached to the actual deploy target, or to any intermediate version-row in a 3+ level chain, were silently dropped from the fan-out.
• ·New followerProjectIds param accepts the union of every project_id in the parent chain; user_ids are deduped so the same person can't get N notifications for one deploy.
• ·Combined with the cascade fix above, every watcher across an entire dedupe-stacked hierarchy gets one notification per deploy.

Share-page "What's New" no longer renders AI confessions

• ·Added-file deploys passed only file paths (no content snippets) to the changelog generator, so the model legitimately had nothing to summarize and returned meta-commentary like "I'd need to see the actual diff content."
• ·Now ships 25-line content snippets for added files alongside the existing modified-file before/after snippets.
• ·System prompt instructs the model to never explain limitations or ask for more info — output 2-3 bullets or the literal sentinel __NO_SUMMARY__.
• ·Server-side bailout detector regex (normalized to handle curly apostrophes too, since AI output frequently uses U+2019) catches any explanation-shaped response and maps it to null — share page renders nothing rather than confusion.
• ·Existing rows containing the meta-commentary were cleared from deploy_versions.changelog so already-affected share pages clean up without waiting for the next deploy.

Stop two-machine drift between local clones

• ·When VibeSharing imports a GitHub repo, it copies the code to a new repo under its hosting org and stops reading the original. Users editing on two machines often had one clone pointing at the personal repo and one at the VS copy — pushes diverged silently.
• ·Small amber note on the prototype's GitHub section explains "VibeSharing hosts this repo; pushes here deploy; your original isn't synced." Only renders when the repo is in the VS hosting org.
• ·CLI 0.2.0 adds `npx vibesharing link [--prototype id] [--yes]`: fetches the prototype's canonical git_repo_url, reads local `origin`, normalizes both (handles https vs git@), prompts to apply `git remote set-url`. Skip the confirm with --yes.
• ·MCP 0.12.5 deploy responses now include a "Local sync check" hint with the canonical repo URL and the exact set-url command, so AI clients can run the check against the working directory and offer the fix without leaving the conversation.

PrototypeViewer toolbar simplification

• ·Five labeled actions (Demo link, Open demo, Drop pins, Hide comments, Hide toolbar) reorganized into two semantic groups: a "Prototype:" affordance trio (copy URL / open in new tab) on the left, and Drop pins next to its native context — the feedback panel — on the right.
• ·Feedback panel now owns its own collapse via a button in its header (Safari-bookmarks pattern); the toolbar no longer carries panel-visibility controls.
• ·Replaces a 2×2×2 grid of independent toggles (panel-on/off × pins-on/off × toolbar-on/off) that produced eight states most of which nobody actually used.

Schema and code-quality guardrails

• ·ESLint rule local/no-silent-fallback flags catch blocks that return a non-null fallback without logging or rethrowing — the exact pattern behind the May email-routing incident and now (separately) behind the watcher-email incident. Currently set to warn; 12 existing hits remain for individual review.
• ·org-credentials lookup now throws on non-PGRST116 ("no rows") errors instead of silently falling back to system defaults. Schema drift surfaces at the next deploy attempt instead of after weeks of wrong-provider deploys.

Live demo on the Templates page

• ·New TemplateDemo component: two-pane block with a terminal on the left and a preview pane on the right
• ·Cycle: idle → prompt types char-by-char (~28ms/char) → brief pause → 'deploying' shimmer with staggered tool-call lines → preview screenshot fades in → 4s hold → restart
• ·Featured template = first active row with a preview_url, falls back to first active
• ·Respects prefers-reduced-motion (jumps straight to the complete state, no animation)
• ·The previous bases+variants explainer block was removed; the inheritance pattern now surfaces through the editor's 'Allow other templates to extend this' checkbox + tooltip, only when relevant

Smart slug resolver

• ·Shared resolveTemplate(db, orgId, input, columns) helper in lib/templates resolves by UUID → exact slug → slug prefix → name (case-insensitive, hyphens-to-spaces variant tried)
• ·Among multiple prefix or name matches, the most-recently-updated active row wins
• ·Used by both the deploy path (getTemplateFilesFromDb) and the API GET endpoint (so the dashboard, MCP get_template, and direct deploys all benefit)
• ·ilike wildcards (%, _) in user input are rejected so a misuse can't fan out to a broad match

Template card attribution

• ·Migration: prototype_templates.last_updated_by UUID FK to auth.users; existing rows backfilled from created_by
• ·PATCH endpoint stamps last_updated_by alongside updated_at on every edit
• ·GET endpoints enrich rows with creator and last_updated_by_user objects (display_name + avatar_url) via a single user_profiles join in code
• ·Card renders 16px avatar (or initials-on-circle fallback) + name + relative time per author
• ·'Updated by' row hides when updated_at == created_at — keeps freshly-created templates uncluttered

Color preview parser

• ·Parses --custom-property declarations across every rule block, not just :root — covers themes that scope overrides under .scope-class or [data-theme="..."]
• ·Recursively resolves var(--name) and var(--name, fallback) references with bounded depth as a cycle guard
• ·Each of seven swatches (Base/Surface/Action/Text/Success/Error/Brand) has a candidate-name list covering several token-naming conventions; first one that resolves to a non-var value wins
• ·Tooltip on each swatch shows which variable was chosen + the resolved value, so the parser's pick is debuggable at a glance

Quiet polish

• ·'Use with: template: ...' line now shows for every active template — bases were hiding theirs even when they were standalone-deployable
• ·'Base' badge replaced with 'Has variants' (derived from 'any other template extends this'); the storage flag remains for editor filtering only
• ·Editor checkbox copy: 'This is a base template' → 'Allow other templates to extend this' (with tooltip explaining what the flag actually controls)

Share page deep linking

• ·Inner iframe path mirrors to ?path= in the parent URL bar via history.replaceState — works for any prototype with the VS SDK injected, no per-prototype config
• ·Share page reads ?path= on first load and tells the iframe to navigate there once the SDK announces ready (with an onLoad fallback for the timing-race case)
• ·Trivial root paths don't pollute the URL; subsequent navigation rewrites in place rather than churning history

Prototype viewer toolbar

• ·Demo link / Open demo append ?vs-bypass=1 to the prototype URL; the SDK reads it and skips the auto-redirect to /s/{slug}, persisting the bypass in sessionStorage so links inside the prototype keep the chrome-free experience
• ·Pin mode renamed to Drop pins, MapPin icon, tooltip explains it as the anchor-a-comment-to-a-spot affordance distinct from the panel's free-form input
• ·Comments toggle gains a label (Hide comments / Show comments), no more icon-vs-text collision next to Hide toolbar
• ·Hide toolbar gains a chevron icon to match the rest
• ·Drop the chunky <Button>-component pink fill on Pin mode in favor of the same toolbar height as siblings; pink only when active

Quiet fixes

• ·Email-preference toggles (Settings → Email) finally persist — the org_members.email_on_feedback / email_on_deploy / email_on_context columns were declared in the schema file but never migrated into prod, so toggles silently failed and everyone got every email regardless. Defaults match the prior fallback so no behavioral change for anyone who hadn't tried to opt out (and couldn't).
• ·CI workflow no longer disables itself: the schema-drift job's `if: secrets.X != ''` condition was rejected by GitHub Actions for security reasons, killing the whole workflow with 'No jobs were run'. Drift check now skips politely when staging credentials aren't wired up
• ·Admin Credentials page surfaces github_team_slug — the last per-tenant config field that previously required SQL editor access

Version history

• ·Per-deploy immutable permalinks stored on every deployment row — Netlify deploys now resolve via [deploy-id]--site.netlify.app, not the always-latest branch alias
• ·92 historical deployments backfilled to per-deploy URLs by matching commit_sha or vercel_deployment_id, with timestamp-proximity fallback
• ·Per-version changelog: AI-generated 2–3 bullet summary on every deploy via Haiku, prefers explicit summary when the deployer provides one, stored on deploy_versions.changelog (not overwritten by next deploy)
• ·47 historical versions backfilled with parent changelog or non-generic commit messages
• ·Versions panel: clear 'View' button on each row (was a tiny external-link icon nobody noticed), changelog rendered under the meta line
• ·version_label is the row's headline when set (falls back to commit_message)

Pin management (multi-page)

• ·Overlay only renders pins for the iframe's current page — no more pins from /home appearing at random coordinates on /meetings
• ·Pins-on-other-pages tray (bottom-right) shows page paths and counts; clicking a page navigates the iframe via a new vs:navigate SDK message
• ·Selecting a pin from the panel auto-navigates the iframe to its page and the pin renders in place
• ·Comments section in the panel groups rows by page_path with monospace headers; per-page indexing matches overlay pin numbers
• ·Active page sorts to the top so reviewers see what's on screen first
• ·Legacy pins with no page_path bucket under 'Page unknown' instead of painting at wrong coordinates on every page

Feedback panel

• ·Three sections: 'From {deployer}' (manual topics), 'Comments' (pin + free-form), 'Suggested by AI' (auto topics, collapsed by default)
• ·Filter chips' active state surfaces in the Comments header so it's clear what they filter
• ·Wider comment reader: tooltip 200px → 340px, shows full content (was truncated at 50 chars), text-sm so it's actually readable, scrolls when long
• ·Send button on the comment composer no longer gets pushed off the panel right edge (input min-w-0 + button flex-shrink-0)
• ·Assignee picker uses fixed-position popover anchored to the trigger's bounding rect — escapes the panel's overflow clipping that was truncating member names

Prototype viewer

• ·Toolbar consolidated: Copy URL and Open in new tab are now icon-only (text labels were redundant noise next to Pin Mode); dev-only A/B style toggle removed; comments-panel toggle icon-only so it doesn't collide with 'Hide Toolbar'
• ·Live URL navigation through the SDK lets the parent viewer ask the iframe to switch pages without reloading the surrounding chrome

Naming + notifications

• ·Re-deploys no longer append ' v8' to the prototype name — child rows inherit parent's name verbatim, version number lives in deploy_versions.version_number where it belongs
• ·58 historical child rows renamed to drop auto-appended ' v<N>' suffix — projects list no longer shows 'My Prototype v6 v1..v8' sprawl
• ·Deploy notifications now read 'My Prototype (v8) deployed' instead of the run-on 'My Prototype v8 deployed'

MCP 0.12.3 + 0.12.4

• ·validate_project flags lockfile entries pinned to non-registry tarball URLs — catches the integrity-mismatch landmine before deploy (when a package's tarball lives at a mutable URL and gets republished, every consumer's lockfile breaks)
• ·New version_label param on deploy_prototype, deploy_files, and import_repo — short title for the version row's headline
• ·Soft guardrail on re-deploys: when version_label is missing, the tool nudges the AI to ask the user next time (no hard block — keeps fast iteration loops fluid)
• ·/api/track now accepts deploy-token Bearer auth so MCP-originated events get user-attributed

Behind the scenes

• ·Org credential drift fixed — getOrgCredentials was SELECTing columns that didn't exist in production, silently falling through to system defaults (Vercel) for all Netlify-configured orgs
• ·lib/deploy-orchestrate captures per-deploy permalinks from pollBuildStatus, separating the version's immutable URL from the parent's always-latest alias
• ·Admin EventAnalytics gains a 'Build issues' section: lockfile-warning hits caught pre-deploy vs. dependency_install_failure events that slipped through
• ·currentPagePath lifted from FeedbackOverlay to PrototypeViewer so panel and overlay can share the same notion of 'where we are'

Onboarding

• ·New onboarding checklist — create prototype, invite team, connect GitHub (instead of collection-first)
• ·Setup page now explains hosting options clearly with links to create Vercel and Netlify tokens
• ·Dashboard primary action is now '+ New Prototype' instead of '+ New Collection'
• ·Build → Deploy → Share diagram replaces the old collection hierarchy explanation

Sharing & Stakeholders

• ·Share emails now link directly to the live prototype — stakeholders see the real thing and leave feedback, never the builder dashboard
• ·Email CTA says 'Review Prototype' and subject says 'wants your feedback' for clearer intent

Deploy Provider

• ·Vercel tokens now persist per-org (were silently dropped before)
• ·GitHub org is now configurable per-org (was hardcoded to system default)
• ·Both credentials and infrastructure pages can read/write all provider settings

Teams

• ·Unified teams UI — admin and member views now use the same component with my teams / other teams, creator info, and join/leave
• ·Bulk invite supports team assignment — include a team column and teams are auto-created

UI Polish

• ·Watching icon changed from bell to eye — clearer meaning
• ·Hover tooltip explains that watching means you get notified on comments and updates

Security

• ·Fixed cross-org project update, feedback bulk update, team member add/remove, and context link operations via admin client
• ·Removed @mention auto-add that could force any user into your org without consent
• ·Notification INSERT policy now restricted to same-org co-members (prevents cross-tenant phishing)
• ·GitHub webhook signature verification is now mandatory
• ·Email verification required for domain-based auto-join
• ·Restricted email-by-ID lookup to same-org users
• ·Added missing UPDATE/DELETE policies for context entries

AI Features

• ·Auto-generated CLAUDE.md on every deploy — prototypes without documentation now get one created from the actual code
• ·Feedback pulse — AI summary of all feedback shown on the prototype detail page and in deploy notification emails
• ·Smart triage on ingest — every feedback item gets auto-tagged with theme (design/usability/feasibility/bug), priority, and whether it's actionable
• ·Auto-generated guided questions grounded in real code, not just the project name

Feedback Experience

• ·Guided questions are now inline-expandable with threaded replies on both the dashboard and share viewer
• ·Topic responses show 'Re: [question]' for context in the comment list
• ·Closing feedback (resolved/won't fix/deferred) now prompts for a resolution note and auto-notifies the original commenter via email
• ·Ping the deployer — click the deployer's name to send them a question, creates a comment thread and sends email
• ·Non-owners can flag AI-generated questions as 'not relevant' with a thumbs-down; owners see flagged counts and can delete directly

Prototype Viewer

• ·Ask tab in the feedback panel — AI Q&A with starter question suggestions, powered by project docs and context
• ·Page-aware pins — pins from other pages fade to 30% opacity so they don't clutter the current view
• ·VibeSharing SDK auto-injected into all deployed prototypes for route tracking and screenshot capture

Builder Onboarding

• ·New empty-state CTA on the dashboard — 'Have a prototype on your machine? Drop it here' with ZIP upload and code paste
• ·Compact banner on Browse view nudges new org joiners to add their first prototype

Analytics & Ops

• ·Feature usage dashboard on both platform stats and org overview — tracks topic responses, chat questions, pings, resolutions, and AI operations
• ·Recent chat questions view — see what stakeholders are actually asking the AI
• ·Fixed inflated MCP usage stats from passive startup calls
• ·Last Deploy column on admin members page
• ·Fixed stale 'Last deployed' timestamp on import_repo deploys

MCP Server (v0.12.2)

• ·Build failures now surfaced clearly in all deploy responses instead of silent 'Deployed!'
• ·Deploy changelogs shown in import_repo response as 'What changed:'
• ·Simplified post-deploy feedback prompt — one direct question instead of a 12-line instruction block

Feedback questions

• ·Pick a focus — interaction, design, feasibility, vision — and the questions skew that way, with the matching ones pinned to the top
• ·Pass in a quick brief and a description of what you built; the questions get specific to your prototype instead of generic checklist stuff
• ·Manual questions you've added by hand stay put when you regenerate
• ·Stakeholders see the result in the Context tab when they open the share page

Fixes

• ·generate_feedback_topics from the MCP no longer fails silently for command-line and IDE users
• ·Refreshed the credentials VibeSharing uses to create prototype repos

Behind the scenes

• ·AI features now route through a single gateway, which makes it easier to add more Claude-powered moments across the product without rewiring each one

Templates

• ·Base templates own structural tokens — spacing, radius, shadows, typography, layout instructions
• ·Variants extend a base and only define color overrides
• ·Merge happens transparently — deploy and AI tools always get the combined result
• ·Reference screenshots uploaded per template for AI visual guidance
• ·Templates page moved to main nav — accessible to all org members
• ·New MCP tool: get_template — fetches full CSS, design instructions, and reference screenshot before coding starts
• ·MCP welcome message for new users — introduces VibeSharing and available templates on first tool call
• ·Template nudges on deploy — if you deploy without a template and your org has them, you get a reminder

Roles

• ·Four roles: member, admin, infra_admin, account_owner
• ·Removed designer and editor roles — members can now do all creative work
• ·Account Owner: full org control, one per org
• ·Admin: people management, settings, branding, analytics
• ·Infra Admin: deployment config and credentials only
• ·Member: prototypes, folders, teams, and templates

Account & Profile

• ·Activity stats on account page — see your prototype count, feedback given, and MCP calls
• ·Google sign-in click tracking — measure drop-off from the OAuth consent screen

Admin Console

• ·Wider content area for the members table
• ·Removed Join/Create Organization from the org switcher — cleaner dropdown

MCP v0.12

• ·get_template tool — pull design system into your project before writing code
• ·Updated MCP instructions — responds to natural language like "share this" or "publish this"
• ·Welcome message for first-time users with template suggestions
• ·Post-deploy nudge when templates are available but not used

Teams

• ·Create and manage teams from the admin console (People > Teams)
• ·Many-to-many — a person can be on multiple teams
• ·Search-to-add members when building a team, with external email detection
• ·@team:TeamName mentions in feedback notify all team members
• ·Teams appear in the @mention typeahead with a distinct icon so you can tell "Tami" from "Tami's Platform Team"
• ·Description editor now supports @mentions for people and teams

Watching & sharing

• ·Sharing a project with someone automatically makes them a watcher
• ·Sharing cascades to all child prototypes — no more watching the project but missing individual prototypes
• ·New prototypes added to a watched project inherit all watchers
• ·Unified "Watching" list in the activity tab — no more confusing split between "Shared With" and "Watching"
• ·Watcher count shows everyone, not just you
• ·Anonymous share page views deduplicated by IP

Send Feedback

• ·New "Send Feedback" button in the dashboard header with comment bubble icon
• ·Three submission types: Help / Question, Bug Report, Feature Request — each with contextual placeholders
• ·Submissions stored in a central inbox for workspace admins
• ·Configurable email routing — admins choose exactly who gets notified (or no one, inbox-only)
• ·Status tracking: open, in progress, resolved, closed

Admin console

• ·New full-screen admin experience with persistent left nav — replaces the old settings tabs
• ·All settings consolidated: Members, Teams, Join Links, Templates, Deployment, Credentials, Legal, Branding
• ·Inbox for support requests and feature suggestions with filters and status management
• ·MCP usage breakdown — per-member call counts, top endpoints, calls-per-day chart
• ·Compliance section: legal documents, member acceptance tracking, audit log viewer with CSV export
• ·Cleanup page for platform maintenance tasks (superadmin)
• ·"Manage Organization" and "Sign out" moved into the org dropdown for a cleaner header

Context & descriptions

• ·Project context documents now use the deploy summary instead of dumping raw CLAUDE.md
• ·Prototype descriptions auto-update from deploy summaries — no more "This is a Next.js 14 App Router project" boilerplate
• ·Duplicate context entries skipped when content hasn't changed

Authentication

• ·Google OAuth login on both sign-in and sign-up pages
• ·Automatic user profile creation for OAuth signups

Security & compliance

• ·Audit logs table with fire-and-forget logging for key user actions
• ·Compliance policies page with access control, data handling, and incident response sections
• ·Cross-linked from privacy policy and FAQ

Legal & compliance

• ·Terms of Service, Privacy Policy, and Data Processing Agreement pages with drafted content
• ·Versioned acceptance tracking — bump a version to trigger re-acceptance for all users
• ·Signup flow requires ToS + Privacy checkbox with inline key terms summary
• ·Dashboard blocks access until terms are accepted (re-acceptance modal)
• ·Settings > Legal page for admins — DPA acceptance, member audit table showing who accepted what

Onboarding

• ·Org creation is now two steps: name/slug then hosting provider selection
• ·Four hosting options: VibeSharing Hosted, Your Vercel, Your Netlify, Something else
• ·Inline API token entry for Vercel/Netlify during setup (optional, configurable later)

Deploy infrastructure

• ·Consolidated 6 deploy routes into shared auth, framework detection, and orchestration modules
• ·Fixed provider resolution bug — deploy_provider column default of ‘vercel’ was overriding org-configured Netlify for all new prototypes
• ·resolveExistingProvider now only trusts hosting project IDs, not the column default
• ·Fork calls orchestrateDeploy directly instead of HTTP self-call to deploy-code
• ·Net -207 lines, provider logic in 1 place instead of 6

Notifications

• ·Deploy emails show deployer’s name instead of “Someone”
• ·New ‘summary’ field on deploy_prototype and deploy_files MCP tools — AI writes a stakeholder-facing description that goes into the email
• ·Falls back to CLAUDE.md first paragraph if no summary provided
• ·Email template renders multi-line content cleanly

Dashboard & collections

• ·Collection names are now inline-editable (click to edit, auto-updates slug)
• ·Move prototype to another project — new menu item in prototype action menu with project picker dialog
• ·infra_admin role now recognized for collection editing permissions

Feedback-driven deploys

• ·Post-deploy MCP response prompts for feedback focus: awareness, design, feasibility, interaction, or full review
• ·New scope_note parameter — tell stakeholders what NOT to focus on (e.g., “ignore visual polish”)
• ·Scope notes display as amber disclaimer banner above guided questions on the share page
• ·Auto-generated share slugs on every deploy — every prototype gets a /s/[slug] share link
• ·Backfilled share slugs for all 144 existing deployed prototypes

Share page & feedback

• ·SDK redirects direct prototype visits to the share page for the full feedback experience
• ·New comment alerts exclude your own comments — no more self-notifications
• ·Last-viewed tracking — visiting a prototype clears the “new comment” badge
• ·Unpin collections directly from the Focused dashboard view

Dashboard

• ·Focused layout is now the default — Classic toggle hidden for one-week test
• ·Two-column layout: pinned collections on the left, watching prototypes on the right
• ·Collections and prototypes sorted by most recently updated
• ·Removed collapse arrows and status dots from watching list for cleaner UI
• ·Nav bar contrast fixed over bright thumbnails (bg-black/80)
• ·Active/press states on all buttons and nav links

Analytics

• ·Lightweight event tracking for 8 key interactions: export, download, share, feedback, source view
• ·Netlify credit monitoring in the diagnose tool — shows remaining credits and warns when low

Deploy reliability

• ·Deploy status API is now provider-aware — checks Netlify or Vercel based on project setting
• ·No more phantom “No Vercel project associated” errors for Netlify-migrated prototypes
• ·Auto-disconnect Vercel projects when deploying to Netlify — prevents ghost builds
• ·Static HTML projects deploy correctly on Netlify — no build command, publish from root
• ·Auto-inject netlify.toml with correct config based on framework detection (Next.js plugin, Vite SPA, static)

Multi-provider architecture

• ·New HostingProvider interface with pluggable Vercel and Netlify implementations
• ·Both deploy-code (MCP/CLI) and import-repo (GitHub import) routes use the provider abstraction
• ·Each project records its deploy provider — status checks and re-imports resolve to the correct platform
• ·Provider-specific SPA routing files auto-added (vercel.json or netlify.toml) based on org setting
• ·Default is still Vercel — no change for existing orgs unless they opt in

Netlify provider

• ·Full lifecycle support: site creation, GitHub repo linking, build triggering, status polling, URL resolution
• ·Tested with Vite + React + MUI v7 prototypes — builds in under 10 seconds
• ·Private .tgz dependencies resolve correctly from Netlify’s build environment
• ·No framework auto-detection override — reads netlify.toml directly, eliminating the Vercel mismatch bug
• ·Sites are publicly accessible by default (no SSO protection to disable)

MCP tools

• ·All tool descriptions and user-facing messages are now provider-agnostic
• ·Deploy name suggestions no longer hardcode .vercel.app URLs
• ·Validation messages reference "the build" instead of "Vercel"

Infrastructure

• ·Netlify button added to provider selector in infrastructure settings
• ·Netlify Personal Access Token configuration with masked display
• ·Database migration: netlify added to deploy_provider enum, netlify_token on orgs, netlify_site_id/name on projects

Enterprise readiness

• ·New infra_admin role — configure deploy infrastructure without full admin access
• ·Infrastructure settings UI — GitHub org, service tokens, deploy provider, AWS config, custom domains
• ·GitHub API URL, org, and Vercel API URL all configurable via env vars for behind-firewall deployment
• ·22 files refactored — zero hardcoded external URLs in API routes
• ·Role hierarchy enforced — only infra_admin can assign/modify infra_admin role

Import reliability

• ·Binary files (PNG, JPG, fonts) now included in repo imports — previously silently skipped
• ·New entry_point parameter — specify landing page for static HTML sites with no index.html
• ·Batch file fetching — 10 concurrent requests with rate limit pauses (was sequential, hit GitHub limits on 100+ file repos)
• ·Build output directories (out/, dist/, build/) filtered from imports
• ·Orphaned repo reuse — re-imports succeed when GitHub repo exists but prototype was deleted
• ·Retry resilience — partial failures (repo created, Vercel failed) recover on retry
• ·Default branch detection — tries main, master, then GitHub API for actual default
• ·deploy_files guardrail — 100KB+ payloads redirect to import_repo with clear message
• ·Tool descriptions steer AI toward import_repo for existing repos

MCP tools

• ·deploy_status — live Vercel build state with build output on errors
• ·deploy_prototype now accepts collection_id and parent_project_id for upfront placement
• ·import_repo branch parameter added to remote MCP server
• ·import_repo entry_point parameter for static HTML landing pages

Dashboard

• ·Follow → Watch rename throughout the UI (GitHub mental model)
• ·Action bar collapsed into Share / Watch / ••• overflow menu
• ·Collection thumbnail previews with list/card view toggle
• ·Set as collection thumbnail option in prototype overflow menu
• ·Paste Code auto-detects HTML and routes to static deploy (no Next.js wrapping)
• ·Project edit routed through admin API — owner reassignment now works
• ·infra_admin shown in Admins panel, not Members

Validation & safety

• ·Pre-deploy config conflict detection (duplicate next.config files, output:export conflicts)
• ·Case-sensitivity warnings for file path mismatches (macOS vs Linux)
• ·Branch protection on new repos — blocks force-pushes and branch deletion
• ·Fixed ambiguous PostgREST joins caused by thumbnail_prototype_id FK (broke update_prototype and delete_prototype)

Bug fixes

• ·Fixed display_name column typo (was querying non-existent full_name)
• ·Fixed import-repo retry after partial failure (orphaned GitHub repos)
• ·Fixed dashboard crash from server/client render-prop mismatch
• ·Fixed Edit button in overflow menu (menu closing before modal opened)
• ·Post-push QA hook runs test suite automatically and notifies on failure

Roles & permissions

• ·New 'designer' org role — can create, edit, and delete design system templates
• ·Designers see the Settings gear in nav, auto-redirect to Templates page
• ·Role available in invite form, join codes, and role change dropdown
• ·Teal badge color to distinguish from editor (purple) and admin (blue)
• ·RLS policy updated — designers can manage templates via Supabase row-level security

MCP tools

• ·list_templates — browse your org's design system templates with variable counts and instruction status
• ·quick_prototype — describe what you want, pick a template, and get a deployed prototype. One tool call from idea to live URL
• ·Templates API now supports deploy token auth — MCP tools can list templates without browser session

Claude Code skills (repo maintainers)

• ·/prototype — pick a template, describe intent, get a deployed prototype in one step
• ·/theme — generate templates from Figma URLs, screenshots, or descriptions with full variable coverage
• ·/qa-template — validate template completeness (38 vars), WCAG contrast ratios, format correctness, and design instructions
• ·/diagnose — systematic triage for deploy failures, blank pages, template issues, and permission errors

MCP tools

• ·fork_prototype — clone a prototype into a new one linked to the original
• ·list_versions — browse deploy history with file manifests and commit info
• ·rollback_deploy — restore a previous version by re-pushing its files
• ·delete_prototype — remove prototypes via MCP (creator or admin only)
• ·update_prototype — rename, update descriptions, and fix URLs without creating duplicates
• ·template parameter on deploy_prototype and deploy_files — apply a design system template at deploy time

Design system templates

• ·Admin template management UI — create, edit, toggle, and delete templates from Settings without code changes
• ·Database-driven templates with CSS variable editor and color preview
• ·Templates include light, dark, and product-focused theme variants
• ·Each template gets a slug for use with the template parameter on deploy tools
• ·Org-scoped — each organization manages their own design system templates
• ·deploy_prototype now supports multi-file deploys (files, file_paths) — no more jamming everything into one file

Deploy pipeline

• ·deploy_prototype now creates a Git repo (previously used Vercel direct with no source history)
• ·Every MCP deploy gets version history, forkability, and push-to-deploy
• ·Empty files are stripped before push to prevent broken Vercel builds
• ·Vercel project IDs now reliably stored via admin client (fixes 'no Vercel project associated' errors)

Dashboard

• ·Cleaner prototype detail page — Share and Follow moved to top action bar, description width constrained
• ·Trash button now offers deprioritize (soft archive) or delete permanently
• ·Removed redundant Prototype and Live badges
• ·Mobile-friendly navigation with hamburger menu
• ·Edit Project form no longer blocks saves due to URL validation

Onboarding & accounts

• ·Auto-join by email domain now works for new signups (was blocked by RLS)
• ·Onboarding email rewritten for both builders and stakeholders
• ·GitHub team invite mentioned in welcome email so users know to look for it
• ·All emails now have reply-to set to info@vibesharing.app
• ·share_html auto-registers a visible prototype in the dashboard hierarchy

Admin & analytics

• ·Org analytics dashboard — members, deploys, feedback, MCP usage, and activity charts scoped to your org
• ·Template management UI — create and edit design system templates from Settings
• ·@mention autocomplete in feedback — type @ to tag org members and notify them

Deploy reliability

• ·Shared deploy-post module — all 6 routes (code paste, ZIP, GitHub import, deploy-code, static, import-repo) call the same post-deploy logic
• ·Deploy lock rewritten (read-then-write instead of broken .or() filter)
• ·maxDuration=120 on all deploy routes to prevent Vercel function timeouts
• ·Deploy token auth added to all routes
• ·Auto-redirect for ZIPs missing index.html

MCP tools

• ·diagnose — comprehensive health check with auto-fix for stuck deploy locks
• ·send_support_request — email admin directly from MCP with session context
• ·close_feedback_loop — deploy + auto-resolve feedback items in one step
• ·generate_feedback_topics — auto-generate guided questions after deploy
• ·share_html with auto-bundling — inline CSS, SVGs, and images from local files
• ·Unread feedback surfaced on first tool call of each session

Platform

• ·Full-text search across prototypes, projects, and collections
• ·Source code viewer with syntax highlighting
• ·Export as ticket (Linear, Jira, GitHub Issue)
• ·Context tab with CLAUDE.md content and related resource links
• ·Onboarding email for new org members
• ·Engineering review feedback with accuracy ratings
• ·Documentation hub at /docs with MCP tools reference

Features

• ·Feedback triage with status (open/in_progress/resolved/wont_fix/deferred), priority, and assignee
• ·Feedback briefs — ## Feedback Brief in CLAUDE.md auto-populates stakeholder context
• ·Auto-generated feedback questions categorized by theme (vision, feasibility, design, interaction)
• ·Named deployments — set friendly Vercel URLs (e.g., my-prototype.vercel.app)
• ·resolve_target tool for fuzzy name matching
• ·Collections with nested folder support
• ·Fuzzy search on list_collections and list_prototypes

Features

• ·MCP server published to npm as @vibesharingapp/mcp-server
• ·register_prototype, deploy_prototype, deploy_files, list_prototypes, list_collections tools
• ·get_feedback, sync_context, verify_token tools
• ·GitHub service account creates repos in vibesharing-prototypes org
• ·Vercel project auto-creation linked to GitHub repos
• ·Deploy tokens (vs_*) for CLI and API authentication
• ·Claude Code marketing page at /claude-code
• ·Auto-sync CLAUDE.md as context entry on deploy

Sharing & collaboration

• ·Share modal with org member picklist and batch sharing
• ·Email notifications for prototype shares (via Resend)
• ·Feedback widget embedded in every deployed prototype
• ·Always-on feedback input with optional guided questions
• ·Owner vs. reviewer feedback views
• ·Follower system with notifications on deploy

Dashboard

• ·Activity stream on dashboard sidebar
• ·Live iframe preview for VibeSharing-hosted prototypes
• ·Drag and drop to move projects between folders
• ·Organization logo upload
• ·Full-path breadcrumbs in project cards

Org management

• ·Email invite flow with pending invites and invite links
• ·Multi-org support with org switcher
• ·Role-based access (admin, editor, member)
• ·Onboarding stepper for new signups
• ·Auto-join by email domain

Prototype hosting

• ·ZIP upload deployment to Vercel
• ·GitHub import — deploy from any public repo URL (supports subdirectories)
• ·Code paste deployment — single page.tsx wrapped in Next.js template
• ·Static HTML deployment served from Supabase storage
• ·Source code storage with auto-delete and delete-on-download options

Page redesign

• ·Prototype detail page with live scaled iframe preview
• ·Right-side action rail: collaborate, update, export
• ·Feedback section below preview with guided questions
• ·Browser frame component with URL bar and refresh button

Project hierarchy

• ·Project to Prototype parent-child hierarchy
• ·Nested folder structure with org-level visibility
• ·Collection creation for organizing prototypes
• ·External URL support for prototypes hosted elsewhere

Foundation

• ·Next.js 14 + Supabase + Tailwind stack
• ·Supabase Auth with email/password
• ·Organization and folder-based multi-tenancy with row-level security
• ·Dashboard with project listing and creation
• ·Dark mode UI
• ·Vercel deployment for the platform itself