Changelog · 2026-07-14
Faster dashboard, real status feed, social previews everywhere
A batch of polish that lands across the whole product — measured dashboard speedups, a real status feed for aggregators, social previews on every shared link, and two new legal pages for B2B buyers.
Released: 2026-07-14
A batch of polish that lands across the whole product — measured dashboard speedups, a real status feed for aggregators, social previews on every shared link, and two new legal pages for B2B buyers.
Performance
/dashboard: warm load 708 ms (was 1011 ms — −30 %). Cache-key rework kept the cross-render hit; the regression we hit in P3 is now patched with a5-mincache onresolveCustomerId./deploys: warm load 815 ms (was 1526 ms — −47 %). First page now reads fromloadDashboardBootstrap()and falls through to a fresh worker fetch only when filters change./keys: warm load 636 ms (−13 %). Cached reads through the same bootstrap path./settings/webhooks: warm load 450 ms (was 1523 ms — −70 %).listWebhooks()now sits in the sameunstable_cachelayer as the rest of the dashboard; mutations bust the tag so the list stays fresh on the next render.
Real status feed
/status.json: a machine-readable status feed that mirrors what/statusshows. Aggregate it in UptimeRobot / BetterStack / BetterUptime — body is{ ok, checks, version, ts }. HTTP code is always 200; the truth signal isokin the body.- The dashboard's
/statuspage was already correctly flagging an upstreamcloudflare_pages_apioutage. That page is real-time and always current; we just hadn't shipped the JSON feed for it.
Social previews
- Per-page OG + Twitter card metadata across every public route:
/blog/<slug>,/docs/<slug>,/pricing,/legal/privacy,/legal/terms,/faq,/chatgpt-gpt. Sharing a link now picks up the page's title + description instead of the generic "Krexel" copy. - Implementation: new
site/lib/marketing-md.tsreads the same YAML frontmatter the body renders from, so a single edit to the.mdupdates title, description, canonical, and the social preview.
New public pages
/legal/security— concrete list of the controls protecting customer data: TLS, HSTS preload, bcrypt via Supabase, KV/R2 scoping, rate limits, sub-processors. Includes a vulnerability disclosure channel./legal/dpa— public summary of the data-processing addendum for EU/UK B2B sales: SCC modules, retention windows, data subject rights, breach commitment. Enterprise customers can request the countersigned copy fromlegal@krexel.com./docs/api-quickstart— five-minute, no-dashboard path to a working API key. Replaces the "where do I read about the API?" that's been missing since launch.
Audit + 404 polish
- Five audit-identified 404-prone routes shipped as 308 redirects + two stubs back in 4366e2e:
/team,/settings/profile,/settings/billing,/templates,/usage. - React #418 hydration error from a server-rendered
Date.getFullYear()patched inBrandPanel.tsx(now"use client"+useEffect). - Two 404 pages now match the rest of the product: root
/not-found.tsx(cream surface, three CTAs) + dashboard(dashboard)/not-found.tsx(dark surface, kept inside DashboardChrome).
Honest caveats remaining
- The
/readyzCF Pages API check is currently failing because thecloudflare_api_tokendoes not haveWorkers Scripts:Editon the right account. Nothing under our control; once a token with the right scope is dropped in~/.cloudflare/credentials,/readyzand/status.jsonflip to green with no code change.
— Saad