WRNexus
Changelog

What’s new

Every shipped release of WRNexus, in reverse chronological order. Follow the blog for the engineering write-ups behind the headlines.

  1. v1.0.0 Foundation

    First general-availability release. Identity, workspaces, MFA, billing, and the staff console all ship together as one platform.

    New
    • Unified backend powering SSO, account, billing, and admin surfaces
    • WebAuthn / passkey verification on the login path (registration flow lands in v1.1)
    • Customer-Portal-backed Stripe billing with idempotent webhook handlers
    • Workspace invites, role-based access, and instant context switching
    • /changelog, /customers, /integrations, /security, and /careers marketing pages
    Improved
    • Marketing site now ships a 404 page, blog index, sitemap, and Open Graph defaults
    • Session cookies hardened to `__Secure-` prefix with strict domain scoping in production
    • Audit log surface in admin console with structured filtering by user / action / time
    Security
    • Argon2id password hashing with optional HaveIBeenPwned k-anonymity lookup
    • AES-GCM encryption at rest for TOTP secrets and stored OAuth refresh tokens
    • Rate limiting on every auth endpoint via Redis-backed sliding window
  2. v0.9.0 Release candidate

    Last release before GA. Final pass on the staff console, billing reconciliation, and end-to-end tests.

    New
    • Staff impersonation flow with cookie-scoped audit trail
    • Per-workspace feature flag overrides and admin CRUD UI
    Improved
    • Playwright suite expanded to 9 specs covering auth, account, and admin flows
    • Email templates moved to a single Jinja2 directory shared across the auth flows
    Fixed
    • Magic-link consume occasionally pivoted to the MFA challenge with a stale challenge id
    • Workspace switch did not re-issue the session cookie on Safari ITP browsers
  3. v0.8.0 Workspaces

    Public beta opens. Personal workspaces become first-class, with invite flows and Stripe billing wired end-to-end.

    New
    • Personal + team workspaces with seat-based billing
    • Member invite emails with single-use, 7-day TTL tokens
    • Account API keys with one-time reveal and revocation
    Improved
    • TOTP enrollment now shows recovery codes in a downloadable grid
    • Login error copy maps every backend error code to an actionable message
  4. v0.7.0 Magic & MFA

    Passwordless and second-factor auth ship together. WRNexus is now usable without ever touching a password.

    New
    • Magic-link login with 15-minute, single-use tokens
    • TOTP authenticator enrollment + verification
    • Recovery codes issued at enrollment, hashed at rest

Want the long version?

Subscribe to the blog for engineering deep dives behind every release.

Read the blog Try the new release