Skip to content
GiftWrapt

Changelog

v0.26.0

0.26.0 (2026-05-02)

Features

  • admin: redesign users list with subgrid alignment and richer per-row info (dd12ee6)
  • admin: section permissions matrix legend and add 50-user story (5cd515d)
  • admin: show banner when admins are missing 2FA (5770c8e)
  • auth: use 6-slot OTP input on 2FA challenge (5446c6d)
  • dependents: admin-only CRUD with shadcn confirms (690af28)
  • dependents: non-user gift recipients (pets, babies, anyone managed) (ae4677f)
  • items: unify badge with over-claim and unavailable states (add9c43)
  • lists: nudge owners to pick a primary list (abf8882)
  • lists: surface primary list at top of all-lists view (50acf67)
  • permissions: add restricted access level (a3237d2)
  • settings: disable already-partnered users in partner picker (8668ccd)

Bug Fixes

  • auth: center sign-out spinner (ae5bd32)
  • dependents: show dependent identity on lists for a dependent (de75907)
  • settings: polish profile + 2FA copy and form spacing (a5b2b46)
  • settings: stop infinite refetch loop in passkeys panel (73ba7bf)

v0.25.0

0.25.0 (2026-05-01)

Features

  • auth: foundation + password reset / account recovery (ff5722a)
  • auth: oidc provider with admin CRUD and consent screen (a3d6c7e)
  • auth: passkeys (webauthn) as opt-in sign-in path (6e0f5e8)
  • auth: totp two-factor authentication (97f1d1b)
  • mobile-api: add /me/profile, /me/people, /me/gifts for MCP sidecar (68c1637)
  • mobile-api: land iOS-facing REST surface and isolate impls into _*-impl files (52cf92a)
  • screenshots: add interactive Playwright capture CLI (c31c672)
  • seed: add screenshots fixture seeder (c52b1e4)
  • ui: refine group, settings, comment, and lightbox interactions (a340a64)

Bug Fixes

  • admin: refresh public app-settings after admin toggle (286122d)
  • lists: rework owner and editors avatar stack on list rows (24ade32)

v0.24.0

0.24.0 (2026-04-30)

Features

  • api: add /api/mobile/v1/lists/public, narrow public-lists shape (2126920)
  • auth: add storybook stories for sign-in and sign-out pages (d16c113)
  • items: cap priority tab height at 64px (bc523fe)
  • items: group known vendors and show counts in vendor filter (d06e24e)
  • list-row: show avatar+name tooltip on hover (0c097ba)
  • lists: expose child birthdates on getMyLists (3844127)
  • lists: expose lastGiftedAt for upcoming-birthdays widget (1e32bbe)
  • lists: open settings sheet from row Edit, hide denied users (803a6d4)
  • me: differentiate gift-ideas recipient and list owner (d41fdec)
  • me: show editable gift-ideas lists in Gift Ideas section (7718dcc)
  • mobile-api: add PATCH and DELETE for items on v1 (c661014)
  • mobile-api: add per-user device key management (092c2f8)
  • notes: style links to stand out in light and dark modes (1d305bc)
  • settings: add icons to settings nav links (bc38dce)
  • temp: add /temp/widgets preview for iOS birthdays widget (a8fb619)

Bug Fixes

  • auth: hard-reload after sign-in to dodge cookie/cache races (645d365)
  • auth: raise mobile apiKey plugin rate limit (843f8f4)
  • list-addons: stack header on narrow screens (0f77833)
  • storybook: stub getGiftIdeasRecipients in api mocks (ee8466f)
  • styles: prevent h1 descender clipping under truncate (eb9a19d)

Performance Improvements

  • mobile-api: drop redundant getSession in auth middleware (015c802)

v0.23.0

0.23.0 (2026-04-30)

Features

  • client: detect build-version mismatch after deploy (ed0c5b2)

Bug Fixes

  • auth: purge client caches and retry on sign-in (04f7552)
  • auth: purge client caches on sign-out (8173ca5)
  • forms: disable browser autocomplete on list and item name inputs (96d21eb)
  • items: skip $ prefix when price already has one or is non-numeric (cf13099)

v0.22.0

0.22.0 (2026-04-30)

Features

  • admin: show optional vercel deployment info on debug page (df51548)
  • auth: auto-derive BETTER_AUTH_URL on Vercel production (c7fec7d)
  • items: skip scrape for sublist URLs and lock URL during scrape (ea0699b)
  • lists: animate user avatar on card hover (ff15710)
  • lists: include guardian’s children as gift-ideas recipients (c749d9e)
  • lists: show avatar in gift-ideas recipient select (94619f5)
  • lists: show recipient avatar on gift-ideas rows (4b8313d)
  • purchases: show partner avatar on partner-claimed rows (1e39712)
  • ui: show avatar alongside name in user select options (ec15159)

Bug Fixes

  • items: upgrade http image URLs to https (25c3837)
  • lists: widen gift-ideas recipients to anyone visible to viewer (b967b8c)

v0.21.0

0.21.0 (2026-04-29)

Features

  • admin: add purge-all-lists action on /admin/data (02dd274)
  • admin: show version, commit, and build time on debug page (9b9f8e6)

v0.20.0

0.20.0 (2026-04-29)

Features

  • api: add /api/mobile REST surface and bearer auth (7fc3e45)
  • deploy: add one-click deploy buttons for Vercel, Railway, Render, Coolify (cae8091)
  • mobile: isolate mobile API behind Hono gateway with apiKey auth (99013f8)
  • title: move app title from build-time env to runtime config (2099db1)

Bug Fixes

  • deploy: alias @/db to client stub to keep pg out of browser bundle (d5e68bc)
  • deploy: unblock sign-out and rate limits on multi-instance deploys (6a8c6c8)

v0.19.0

0.19.0 (2026-04-29)

Features

  • items: open add-item dialog via /me?url= and /import?url= (6da3143)
  • validation: cap free-text inputs and add admin counters (ea9c814)

v0.18.0

0.18.0 (2026-04-29)

Features

  • addons: refresh off-list gifts section UI (dcd7b03)
  • admin: add storage browser for image objects (ddc9b7b)
  • admin: add user permissions matrix to admin/users (af2ffec)
  • admin: delete user from edit page (97dbd37)
  • admin: show Guardian badge on users with guardianship (b96c6f9)
  • claim: tint gift icon green on claim button hover (1850b5d)
  • cron: cleanup-verification cron to purge expired tokens (4bac914)
  • items: admin toggle to mirror external images into storage on save (3ac1ad1)
  • items: celebrate successful claims with a check-morph flourish (ecf0fd2)
  • items: copy item to your own list (f520b2c)
  • items: move list items into React Query (9b5a106)
  • items: optimistic updates for group assign, delete, and bulk ops (531e21e)
  • items: optimistic updates with row-level saving indicator (98b00a4)
  • items: render internal-list links as in-app navigation badges (7cdb12e)
  • items: use UrlBadge in rows and reorganize storybook (b72fc02)
  • lists: add back-to-parent affordance on internal-list nav (3fe596a)
  • lists: refresh list header avatar and empty-state alignment (39b0e29)
  • notes: autolink bare URLs in rendered markdown notes (7901141)
  • purchases: stack priority icon under type icon in detail row (f04d18c)
  • recent: redesign recent items and comments pages (7376813)
  • recent: widen recent items and comments window to 60 days (dee1fb4)
  • scraping: per-entry timeout overrides + tier-aware progress alert (6dc1b32)
  • storybook: wrap Pages stories in a centered page-frame decorator (2b6fd5f)
  • test: add pglite integration harness and fix user-delete cascade ordering (cc6aca8)

Bug Fixes

  • admin: also skip R2 .emptyFolderPlaceholder in storage list (82ab1ef)
  • admin: cap admin storage walk + refuse bulk-delete when truncated (28984d3)
  • admin: hide S3 folder placeholders and open thumbnails in lightbox (4d4f9d5)
  • auth: cap cookieCache.maxAge at 24h instead of 7d (4191601)
  • auth: drop empty-string fallback for BETTER_AUTH_SECRET (057dde8)
  • auth: refuse INSECURE_COOKIES on HTTPS deployments (4d1e692)
  • auth: use generic sign-in error message (226b45d)
  • backup: require typed confirm + auto pre-wipe snapshot + audit log (9438dc3)
  • cron: fail-closed without CRON_SECRET, timing-safe bearer compare (deb7ca3)
  • deps: cap better-auth override to 1.4.x to avoid 1.6 admin-plugin bundle break (0240607)
  • deps: cap vite override below 8 to avoid rolldown bundler regression (4dc13b6)
  • files: add nosniff and Vary headers to file proxy (865e742)
  • filters: show vendor filter when any vendor is present (d3f1f12)
  • gifts: remove unused getGiftsForItems server function (016d600)
  • health: drop verbose mode from /api/health (3e8ced7)
  • image-picker: hide candidates whose img element fails to load (3573629)
  • items: client-side resize, upload on add, no-image picker option (5821b5d)
  • items: extract *Impl into server-only sibling to unbreak client build (5fbd7a6)
  • lists: refresh listing pages on query-cache invalidation (415be3d)
  • lists: shrink edit-page actions on smallest screens (4afd0a3)
  • lists: structured error for child gift-ideas attempts (6bd2fa8)
  • permissions: unify owner-or-viewer check with canViewListAsAnyone (8bbbd4a)
  • rate-limit auth, scrape, file proxy, comments, claims (b759976)
  • scrape: block SSRF via private-IP check and manual redirect walk (f4c9200)
  • scrape: bump default timeouts to 20s/45s (be8b20a)
  • scrape: harden AI extractor against prompt injection (b2eb5e6)
  • settings: migrate legacy wish-list-scraper type on read (aa6bb86)
  • settings: redact decrypted scraper secrets from public reads (8216f5a)
  • skeletons: drop red bg from loading skeleton (566c7a4)
  • storage: default GARAGE_ADMIN_URL to compose service name (9b3d71b)
  • uploads: validate magic bytes and cap sharp pixel input (c794e5f)
  • urls: lowercase unknown-vendor display names (8fc0508)

v0.17.0

0.17.0 (2026-04-27)

Features

  • scraping: add ScrapFly as a hosted scrape provider (d3372f3)
  • scraping: unify providers under tiered, admin-configurable entries (5a63337)

Bug Fixes

  • admin: widen admin canvas; cap narrow pages at max-w-xl (30ab798)
  • scraping: better signal/noise in scrape UI and result filtering (84bbce7)
  • scraping: drop duplicate cancel, clarify partial state, broaden extractors (7b52030)