Skip to main content

v0.99.1 — First Stable Release

The first fully stable release of Traceable — production infrastructure verified, staging and production environments in complete structural parity, and all pre-launch security requirements met.

What's new

Request deduplication

Duplicate requests are now handled gracefully across account signup, OTP delivery, and scheduled platform jobs. Submitting the same action more than once returns the correct result without creating duplicate records or triggering duplicate emails — critical for reliability in slow-network scenarios.

Strengthened server-side auth checks

Every server action that mutates data now has an automated regression guard verifying that authentication is enforced before any database write. This runs as part of the CI pipeline on every push.

Production infrastructure hardened

Three database migrations landed in production as part of this release:

  • Bulk AI document processing — backend infrastructure for processing multiple compliance documents in a single AI extraction job, improving throughput for operators with large document libraries.
  • GDPR deletion policies — enhanced data deletion rules ensuring that all personal data is correctly removed when an account deletion is requested, in line with Article 17 right to erasure.
  • AI telemetry — usage tracking for AI features now has a dedicated, authoritative data store, replacing fragmented tracking that existed previously.

Security

  • Resolved two third-party dependency security vulnerabilities affecting HTML sanitisation and server-side rendering edge cases. Both are now patched via updated dependencies.
  • Two lower-severity development-tooling alerts are tracked and monitored; they have no impact on production runtime.

Platform reliability

The health endpoint now handles gracefully the case where the rate-limiting layer is unavailable, returning a degraded-but-operational status rather than failing the check entirely.

Weekly automated invariants

Automated weekly checks now verify that the production environment is in the expected state — no demo data in production, no forbidden environment variables configured, correct separation between staging and production credentials.

Known items tracked for upcoming releases

  • Rate limiting infrastructure — the current rate limiter is on the free tier of its cloud provider. Upgrading to a paid tier before high-volume production traffic is recommended.
  • Multi-factor authentication, account lockout, and GDPR deletion self-service UI are tracked for a future release and are not part of this version.