Changelog

Product updates and releases.

June 4, 2026v1.7.0

GitHub App + Security Patch

GitHub App — Migrated from OAuth tokens to GitHub App installation — 1-click install, no manual webhook setup
Security fix — Patched critical Clerk middleware auth bypass (CVE) — upgrade to @clerk/nextjs 6.39.5
AI/Manual toggle — Clickable toggle on Recent PRs table to override AI detection
Repo filtering — Per-repo commit tracking with new repo column on CommitEvent
Sentry — Error tracking on all critical API routes + webhook handlers
AI detection — Reduced false positives for lint/formatting-only PRs
Cron sync — Daily re-sync catches any webhook misses from GitHub
Backfill perf — Parallel PR backfill (batch of 5) + skipDuplicates for commits
Checkout fixes — Stripe CSP, price resolution, and error handling improvements

May 30, 2026v1.6.0

Dashboard Overhaul + Enterprise UI

App sidebar — Full sidebar navigation for all authenticated pages
Sparkline charts — Inline trend charts in dashboard stat cards + daily metrics API
AI PR Trends — Dedicated page — AI vs non-AI PR mix, trends over time
Contributor leaderboard — Avatars, AI%, invite button, sortable table
Health badges — Enterprise dashboard with filter, insight row, chart
Theme toggle — Dark/light mode switch in sidebar footer
Expandable nav — Sub-items in sidebar (AI Impact, General Metrics under Analytics)
Page width — Standardized all pages to full-width with consistent padding

May 27, 2026v1.5.0

Trust, Branding + Plan Changes

Trust Center — /trust page — security & privacy info for enterprise buyers
SVG logo — New brand logo (white Cost + teal Lens), dark mode variant
OG images — Brand teal, CostLens text logo, works on Twitter/LinkedIn
Trial change — 30-day Business → 14-day Pro trial
Plan gating — API keys and MCP keys require paid plan
Kill switch — Added to Business tier pricing
Pricing update — Pro = GitHub ROI, Business = full token intelligence
Instant mode killed — Removed anonymous SDK usage — all requests require auth
Settings restructure — Account, Workspace, Billing, Reports grouping
Docs accuracy — Cloud Mode removed, MCP/SDK docs clarified

May 14, 2026v1.4.0

Marketplace Distribution + Changelog

MCP.so listing — CostLens discoverable on MCP.so directory
Cursor Marketplace — Plugin submitted with skills + MCP config
Awesome MCP Servers — PR submitted to curated GitHub list
Changelog page — Timeline-style release history with tabs
PDF improvements — Professional styling, correct trend formatting
Footer link — Changelog accessible from site footer

May 13, 2026v1.3.0

GitHub Integration, Proxy, Onboarding

GitHub integration — OAuth, webhooks, PR correlation by branch name
GitHub metrics — PRs merged, review rounds, first-pass rate, time to merge, cost per PR
Proxy mode — Route through CostLens API for kill switch + budget enforcement
Session budgets — Per-session spend limits enforced in proxy
Onboarding flow — Role-based setup for developers and team leaders
Settings reorganization — Grouped nav: General, Developer, Integrations, Team
Model registry — Single source of truth — removed 5 duplicate files
Email notifications — MCP key creation alerts (CLI vs Dashboard source)
Unsubscribe endpoint — HMAC token-based one-click (CAN-SPAM compliant)
Confirmation modals — Delete and pause reports require confirmation
Tests — 103 new unit tests + 9 integration tests (testcontainers)

May 12, 2026v1.2.0

Reporting Engine + Productivity Dashboard

Reporting engine — Create, preview, export (PDF/CSV), schedule, send to recipients
AI Impact section — ROI calculation with configurable baseline and hourly rate
QStash cron — Scheduled report delivery with cryptographic signature verification
Send modal — Recipient tags, add/remove, email validation, delivery confirmation
Productivity dashboard — Sessions, cost vs output chart, period selector (24h/7d/30d)
Dashboard widget — Recent reports on main dashboard
Report settings — Configurable baseline time, hourly rate, currency
Recipient tracking — ReportRecipientLog — tracks non-user opens for growth funnel
Audit trail — Report create/update/delete/send logged

May 10, 2026v1.1.0

Security Hardening + Plan Gating

Plan gating — All API routes enforce plan-based feature access
Model pricing — Updated all models to 2026 (GPT-5.5, Claude Opus 4.7)
Alerts — Cost spike, error rate, Slack kill switch
Audit logging — API key CRUD, account deletion, billing events
Burst protection — In-memory rate limiting, spend velocity caps
API security — All /api/v1/* routes require API or MCP key

May 8, 2026v1.0.0

Productivity Pivot

Repositioning — Engineering team productivity platform with AI ROI measurement
New pricing — Team tiers for engineering organizations
Landing page — Rewritten for productivity + ROI messaging

October 2025v0.1.0

Platform Launch

Core platform — Next.js 15, Prisma, Supabase, Clerk Auth, Stripe
Dashboard — Usage analytics, cost tracking, provider stats
Stripe billing — Checkout, webhooks, plan upgrades
Team management — Invites, roles (Owner/Admin/Member)
GDPR compliance — Data export, account deletion, consent management
Monitoring — Error tracking, session replay, performance

GitHub App + Security Patch

GitHub App — Migrated from OAuth tokens to GitHub App installation — 1-click install, no manual webhook setup

Security fix — Patched critical Clerk middleware auth bypass (CVE) — upgrade to @clerk/nextjs 6.39.5

AI/Manual toggle — Clickable toggle on Recent PRs table to override AI detection

Repo filtering — Per-repo commit tracking with new repo column on CommitEvent

Sentry — Error tracking on all critical API routes + webhook handlers

AI detection — Reduced false positives for lint/formatting-only PRs

Cron sync — Daily re-sync catches any webhook misses from GitHub

Backfill perf — Parallel PR backfill (batch of 5) + skipDuplicates for commits

Checkout fixes — Stripe CSP, price resolution, and error handling improvements

Dashboard Overhaul + Enterprise UI

App sidebar — Full sidebar navigation for all authenticated pages

Sparkline charts — Inline trend charts in dashboard stat cards + daily metrics API

AI PR Trends — Dedicated page — AI vs non-AI PR mix, trends over time

Contributor leaderboard — Avatars, AI%, invite button, sortable table

Health badges — Enterprise dashboard with filter, insight row, chart

Theme toggle — Dark/light mode switch in sidebar footer

Expandable nav — Sub-items in sidebar (AI Impact, General Metrics under Analytics)

Page width — Standardized all pages to full-width with consistent padding

Trust, Branding + Plan Changes

Trust Center — /trust page — security & privacy info for enterprise buyers

SVG logo — New brand logo (white Cost + teal Lens), dark mode variant

OG images — Brand teal, CostLens text logo, works on Twitter/LinkedIn

Trial change — 30-day Business → 14-day Pro trial

Plan gating — API keys and MCP keys require paid plan

Kill switch — Added to Business tier pricing

Pricing update — Pro = GitHub ROI, Business = full token intelligence

Instant mode killed — Removed anonymous SDK usage — all requests require auth

Settings restructure — Account, Workspace, Billing, Reports grouping

Docs accuracy — Cloud Mode removed, MCP/SDK docs clarified

Marketplace Distribution + Changelog

MCP.so listing — CostLens discoverable on MCP.so directory

Cursor Marketplace — Plugin submitted with skills + MCP config

Awesome MCP Servers — PR submitted to curated GitHub list

Changelog page — Timeline-style release history with tabs

PDF improvements — Professional styling, correct trend formatting

Footer link — Changelog accessible from site footer

GitHub Integration, Proxy, Onboarding

GitHub integration — OAuth, webhooks, PR correlation by branch name

GitHub metrics — PRs merged, review rounds, first-pass rate, time to merge, cost per PR

Proxy mode — Route through CostLens API for kill switch + budget enforcement

Session budgets — Per-session spend limits enforced in proxy

Onboarding flow — Role-based setup for developers and team leaders

Settings reorganization — Grouped nav: General, Developer, Integrations, Team

Model registry — Single source of truth — removed 5 duplicate files

Email notifications — MCP key creation alerts (CLI vs Dashboard source)

Unsubscribe endpoint — HMAC token-based one-click (CAN-SPAM compliant)

Confirmation modals — Delete and pause reports require confirmation

Tests — 103 new unit tests + 9 integration tests (testcontainers)

Reporting Engine + Productivity Dashboard

Reporting engine — Create, preview, export (PDF/CSV), schedule, send to recipients

AI Impact section — ROI calculation with configurable baseline and hourly rate

QStash cron — Scheduled report delivery with cryptographic signature verification

Send modal — Recipient tags, add/remove, email validation, delivery confirmation

Productivity dashboard — Sessions, cost vs output chart, period selector (24h/7d/30d)

Dashboard widget — Recent reports on main dashboard

Report settings — Configurable baseline time, hourly rate, currency

Recipient tracking — ReportRecipientLog — tracks non-user opens for growth funnel

Audit trail — Report create/update/delete/send logged

Security Hardening + Plan Gating

Plan gating — All API routes enforce plan-based feature access

Model pricing — Updated all models to 2026 (GPT-5.5, Claude Opus 4.7)

Alerts — Cost spike, error rate, Slack kill switch

Audit logging — API key CRUD, account deletion, billing events

Burst protection — In-memory rate limiting, spend velocity caps

API security — All /api/v1/* routes require API or MCP key

Platform Launch

Core platform — Next.js 15, Prisma, Supabase, Clerk Auth, Stripe

Dashboard — Usage analytics, cost tracking, provider stats

Stripe billing — Checkout, webhooks, plan upgrades

Team management — Invites, roles (Owner/Admin/Member)

GDPR compliance — Data export, account deletion, consent management

Monitoring — Error tracking, session replay, performance