patchpen.dev

API keys are now hard‑revoked when a team is downgraded to Free and must be re-issued after re-upgrade, preventing soft-disabled credentials from remaining valid.

Stop revoking Pro features the moment someone clicks Cancel; the team now stays on Pro until the paid period ends and is only downgraded at period‑end.

Add a searchable Admin "Teams & plans" table that shows resolved plan, owner, counts and over‑cap flags and lets admins Make‑Pro or Force‑Free teams via a reason‑required modal backed by a server endpoint that flips a team's plan.

Show a live "what you'd lose" preview when cancelling and render a prominent "Pro until <date>, then Free" banner with Resume and Manage billing buttons so owners keep Pro features through the paid period and can easily undo a cancellation.

Allow owners to resume a pending cancellation while still in the paid period and add a Billing action that opens the Lemon Squeezy customer portal so customers can manage card details and invoices directly.

When a team drops to Free, Pro-only product settings are clamped to Free-allowed values (e.g. multi-repo trimmed, grouping forced to daily, tone reset to neutral, poll interval raised to ≥24h) while the original values are saved so they can be restored after an upgrade.

Members beyond the Free cap are marked revoked (they lose dashboard access) and extra products are made non-public while all data is retained so owners can re-enable or restore on re-upgrade.

Subscriber records are preserved after downgrade, but release email fan‑out is capped to the Free tier limit (oldest confirmed subscribers first) so Free teams can't trigger large email sends.

Clarify in-app and docs messaging that cancelling schedules a downgrade at the period end (you keep Pro until then), explain what is auto‑restored vs preserved vs hard‑revoked, and power the cancel modal's live impact preview with a new API.

Hide the custom domain field in Product Settings, change pricing/docs/UI copy to "coming soon", and make server endpoints return a clear "custom_domain_coming_soon" error until edge routing and TLS are implemented.

On upgrading back to Pro we automatically unrevoke memberships and restore preserved multi-repo attachments and clear any scheduled downgrade markers, while leaving credential and explicit publish choices for the owner to re-enable manually.

Replace blocking alert() dialogs with a top-right, auto-dismissing toast system (success/error/info) and wire it into admin and team pages for non-blocking, styled feedback on actions.

Set document.title per page (Account, Dashboard, Product pages, Settings, etc.) so browser tabs reflect the current screen and make multi-tab usage clearer.

Include a manifest.json, apple-touch-icon, theme-color and description meta so browsers can provide a better installable/app-like experience and show appropriate UI colour and previews.

When a public changelog URL is missing (/c/:slug), render a styled 404 page with helpful copy and a CTA to the public showcase instead of returning plain text.

Subscription confirmation and unsubscribe flows now show contextual, branded confirmation cards with product-aware copy and back-links to the changelog or the showcase.

If a customer's custom domain points to Patchpen but no product matches, visitors now see a neutral, brand‑stripped 404 page (no Patchpen chrome) to avoid exposing platform branding on the customer's domain.

The Contact link on Pro changelog pages now opens a mailto with the subject pre-filled as “Re: <product>” so incoming messages are automatically scoped to the changelog.

Replace the one-line invite error and blank loading states with clearer icons, headlines, explanatory text and CTAs to help users recover from expired invites or sign in.

When a product has no releases, show a friendly card that either offers a 'Generate now' button (if a repo is connected) or an 'Open settings' CTA to connect a repository and start backfilling.

The Test button now routes each webhook test through the same per-service payload builders used for real publishes so Discord/Slack/Teams no longer return 400 during tests. Test responses also return and log the remote error body for easier diagnosis in the dashboard and browser devtools.

Provide a server-rendered status page that checks API, MongoDB, OpenAI, the GitHub App, email, Lemon Squeezy, generation queue and webhook deliveries and is available as HTML or JSON (cached briefly to bound load).

Allow Pro teams to pick a generation tone (neutral, punchy, formal, playful) and optionally supply a custom ordered category list that the generator will use instead of the default buckets.

Provide a GET /api/v1/team/export endpoint that returns a full JSON dump of the team's products, releases (including internal items), subscribers, webhooks, themes and API keys for GDPR portability and backups.

Add a global search in the dashboard hero that finds products and releases, supports keyboard navigation and quick jump-to-product or jump-to-release flows.

Enable a Select mode to check multiple releases and run bulk Approve / Publish / Reject / Delete actions from the product UI to speed maintenance workflows.

Show a derived checklist (create product, connect repo, generate & publish first release, subscribers/webhook and custom domain for Pro) that automatically disappears when steps are completed.

Publish a /showcase gallery that surfaces up to the 30 most-recent public changelogs with logo, name, description and latest version as a marketing reel.

The public /status page now uses user-facing phrases (e.g. 'Operational', 'Minor disruption', 'Disruption in progress'), hides unconfigured/operator-only rows and raw queue/latency/count details, and adds site header/footer so the page matches the marketing site chrome.

Email health now defers to the provider's Statuspage feed rather than calling send/list endpoints that require privileged keys; the public row is vendor-anonymous and falls back to a benign 'Operational'/'Not in use' state so customers see clearer status information.

Outgoing Slack messages now include an action_id on the View changelog button to make the interactive button payload well-formed for Slack integrations.

Surface a discreet “System status” link in the dashboard sidebar and docs footer and add a contextual link from failed generation cards so maintainers can jump to the status page when things fail.

Reduce the default activity feed returned to the dashboard so the overview stays scannable at a glance (limit reduced from 20 to 5).

Emit canonical, Open Graph and Twitter Card tags (and JSON-LD for the newest release) on public changelog pages so links render rich previews, and include an alternate RSS link for Pro pages.

Expose /sitemap.xml that enumerates every public changelog (using verified custom domains when available) to help search engines discover pages.

Replace free-form textareas with a Markdown Write/Preview component (supports inline code, bold, italic and links) when editing public descriptions and private AI context so maintainers can preview content before saving.

Serve a robots.txt that permits crawling of public changelogs while disallowing /api/ and /dashboard/ and points crawlers to the sitemap.

Add an explainer to the Account sign-in methods card noting that Patchpen relies on GitHub's 2FA for code-contributing accounts and how to revoke sessions.

Publish RFC 9116-compliant security.txt at both /security.txt and /.well-known/security.txt with a contact email and a rolling one-year Expires header so security researchers know how to report issues.