Release Notes

This page tracks notable Zerq platform documentation and behavior changes.

2026-04-11

Changed

• Management MCP (workflow tooling) — Added workflow automation tools for full-run and trigger capture testing: workflow_test_workflow_stream, workflow_trigger_test_listen, and workflow_trigger_test_stream. Updated Management Tool Catalog counts to 57 tools (workflow category now 9).
• Workflow node authoring metadata — Enriched workflow_list_nodes to return edge-authoring guidance (entry_trigger, terminal_node, requires_source_handle, supported_source_handles, default_source_handle, dynamic_source_handles, wiring_hint) so agents can wire sourceHandle values deterministically.
• Workflow trigger support alignment — Updated docs and backend validation messaging to consistently include imap_trigger alongside http_trigger, manual_trigger, cron_trigger, and kafka_consumer for single-entry trigger workflows.

2026-04-03

Changed

• Documentation — Zerq Copilot page rewritten for clarity: operations (Management MCP) and consumer (Gateway MCP) modes, professional structure, and marketing-site alignment (/ai-copilot anchors #operations, #gateway).

• Marketing (zerq-website) — Single Zerq Copilot page at /ai-copilot covers Management and Gateway Copilot (#operations, #gateway).

• Management UI — Sidebar adds an external Developer Portal link (configure with NEXT_PUBLIC_DEVELOPER_PORTAL_URL; local default http://localhost:3001). See Developer Portal Overview URL.

2026-04-02

Added

• Zerq Copilot for Gateway — Documented the built-in Developer Portal assistant: Zerq Copilot for Gateway (Gateway MCP, profile-scoped gateway auth, server-persisted threads). Internal ops: _internal/developer-portal-copilot-ops.md; _internal/reference/developer-portal-api.md lists GET/PUT/DELETE /api/v1/developer-portal/copilot/thread.

Changed

• Zerq Copilot for Gateway — Page context: collections list vs collection detail (name, id, endpoint count) is passed to the chat API for better situational replies. See Zerq Copilot for Gateway Page context.

• MCP Gateway — notes Developer Portal Zerq Copilot for Gateway as a built-in consumer of Gateway MCP when LLM settings are enabled.

• Developer Portal Overview — feature table includes Zerq Copilot for Gateway.

• Zerq Copilot for Management — cross-link to the Gateway assistant page (management vs portal scope).

• Choose Your Path — consumer path mentions optional Copilot for Gateway.

2026-03-31

Added

• Collection live updates (SSE) — Successful collection creates, updates, deletes, status toggles, duplicates, JSON import, and OpenAPI import emit ManagementEvent with resource_kind: collection and an operation hint (created, updated, deleted, status_changed, duplicated, imported, openapi_imported). Contract: internal/management/ports/collection_events.go; Emitter implements CollectionEventPublisher. Collection detail and edit pages subscribe via useManagementEvents({ collectionId, resourceKind: collection }); the collections list uses useManagementEvents({ collectionList: true }) to refetch the table when any collection event fires. See Live updates (SSE).

• Proxy metadata live updates (SSE) — Successful POST/PUT/DELETE /api/v1/proxies emits ManagementEvent with resource_kind: proxy, proxy_id, collection_id, and operation (created, updated, deleted). Distinct from proxy_workflow (workflow definition saves). Contract: internal/management/ports/proxy_events.go; Emitter implements ProxyEventPublisher. Collection detail (/collections/:id) subscribes with useManagementEvents({ collectionId, resourceKind: proxy }) to refetch the proxy list when other sessions change proxies in the same collection. See Live updates (SSE).

• API credentials live updates (SSE) — Successful POST/PUT/DELETE /api/v1/credentials emits ManagementEvent with resource_kind: credential, credential_id, and operation (created, updated, deleted). Validation-only POST /api/v1/credentials/validate does not emit. Contract: internal/management/ports/credential_events.go; Emitter implements CredentialEventPublisher. The credentials list uses useManagementEvents({ credentialsList: true }); edit uses credentialId + resource_kind: credential with a reload banner on remote updates. See Live updates (SSE).

• API access policies live updates (SSE) — Successful POST/PUT/DELETE /api/v1/policies and PUT /api/v1/policies/:id/toggle-status emit ManagementEvent with resource_kind: policy, policy_id, and operation (created, updated, deleted, status_changed). Contract: internal/management/ports/policy_events.go; Emitter implements PolicyEventPublisher. The policies page uses useManagementEvents({ policiesList: true }); the edit modal uses policyId + resource_kind: policy for reload-on-remote-change behavior. See Live updates (SSE).

Changed

• Zerq Copilot for Management — shell layout — The floating Zerq Copilot button is unchanged. When opened, the chat embeds in the app shell: main content on the left, Copilot on the right (desktop/tablet md and up). On narrow viewports, the panel opens as a full-width column below the header covering the main area until you close it. The panel uses an embedded layout (embed mode) rather than a detached floating bottom sheet on desktop.

• Zerq Copilot for Management — mobile — The Fullscreen header control is hidden below md (the embedded panel already uses the viewport under the top bar). Fullscreen mode is cleared when the viewport is narrow so layout stays consistent.

• Marketing site — zerq-website /ai-copilot: hero actions are Read the docs (when NEXT_PUBLIC_DOCS_URL is set) and See all capabilities; Request Enterprise Demo appears only in the closing CTA and links to /#contact (home page contact), not a broken in-page #contact anchor.

• Documentation — Management MCP tool count aligned to 54 across Management Tool Catalog, _internal/ai-copilot-ops.md, and the Zerq Copilot changelog entry; Zerq Copilot for Management capabilities table distinguishes profiles (rotate profile credentials) vs API credentials CRUD. Public changelog: removed a broken /_internal/... doc link (excluded paths are not published) in favor of a repo path. _internal/ai-copilot-ops.md: Management UI shell; _internal/catalog.md: internal/management/copilot/ pointer.

• Backend (naming) — cmd/server/main.go: the shared events.Emitter for management-domain SSE is now named managementEventEmitter (was workflowPublisher) so wiring matches its role beyond workflow saves. _internal/management-domain-events-sse.md updated accordingly.

• Frontend (build) — NextAuth authOptions moved to frontend/src/lib/auth-options.ts so the App Router auth route only exports GET/POST (required for next build type-check). ClientFormModal: onRemoteListRefresh, SSE stale banner, and reloadClientFromServer implemented. Collection detail: use service Credentials type (includes imap). Select wrapper aligned with installed Radix types (no modal prop until Radix upgrade).

2026-03-28

Added

• Access profiles live updates (SSE) — Successful POST/PUT/DELETE /api/v1/clients/:clientId/profiles, POST .../profiles/:id/rotate (when rotation runs), and PUT .../profiles/:id/auth-type emit ManagementEvent with resource_kind: profile, profile_id, parent client_id, and operation (created, updated, deleted). Contract: internal/management/ports/profile_events.go; Emitter implements ProfileEventPublisher. The access profiles UI uses useManagementEvents({ accessProfilesForClient: true, parentClientId }) for silent list refetch; edit and authentication modals use profile_id + resource_kind: profile for reload-on-remote-change behavior. See Live updates (SSE).

• API clients live updates (SSE) — Successful POST/PUT/DELETE /api/v1/clients and PUT /api/v1/clients/:id/status emit ManagementEvent with resource_kind: client, client_id, and operation (created, updated, deleted, status_changed). Contract: internal/management/ports/client_events.go; Emitter implements ClientEventPublisher. The API Clients page uses useManagementEvents({ clientsList: true }) for silent list refetch; the edit modal uses client_id + resource_kind: client for reload-on-remote-change behavior. See Live updates (SSE).

• Management live updates (SSE) — After a successful PUT /api/v1/proxies/:id/workflow, the API emits a compact ManagementEvent on an internal bus and (when Redis is enabled) on Redis channel zerq:management_events so all pods can fan out to browsers. GET /api/v1/events/stream (viewer+ OIDC) streams JSON events over SSE; the Workflow Builder refetches when the editor is clean, or shows a banner when there are unsaved local changes. See Live updates (SSE). v1 emits only for this workflow persist route; validate/test endpoints do not emit.

• Zerq Copilot for Management — built-in chat assistant in the management UI (short name Zerq Copilot in the product). Streams responses using any configured LLM provider (OpenAI, Anthropic, Groq, Google, OpenRouter, Azure OpenAI, Amazon Bedrock, Ollama, custom). Connects exclusively to the Management MCP — full CRUD across all 54 tools: collections, proxies, workflows, policies, clients, profiles, credentials, audit logs, metrics, and request logs. Acts on behalf of the logged-in user using their OIDC session; RBAC is enforced by the backend on every tool call. Configurable via AI_MODELS env var with runtime enable/disable (no image rebuild). See Zerq Copilot for Management for user docs and _internal/ai-copilot-ops.md for ops setup. Zerq Copilot for Gateway (runtime-focused) is planned for a future release.

Added (continued)

• Workflow IMAP Trigger entry node (imap_trigger) for email-driven workflow runs: config includes credentials_id, mailbox (default Inbox), poll_interval_seconds, mark_as_seen; outputs include subject, from, to, date, body_text, body_html, uid, mailbox, and run_id. Added new credential type IMAP for storing host/port/username/password/TLS settings. Includes a two-layer HA design (Redis ownership lock + UID deduplication) for safe multi-pod deployments. Added starter template IMAP Email Echo (imap_trigger_echo).
• IMAP "Listen for Email" test mode — workflow builder now shows a Listen for Email test panel for imap_trigger nodes (mirrors HTTP "Listen for request"). Connects to IMAP read-only, waits for the first unseen email, streams the captured payload to the UI via SSE, and auto-runs the downstream workflow for immediate testing. Credentials and mailbox are required before starting.
• Generic credential validation — new endpoint POST /api/v1/credentials/validate accepts { type, config } and tests a live connection without saving. Currently supports imap credential type (dials IMAP and lists the target mailbox). Additional types can be added by registering a validator in internal/management/credentials. Frontend "Validate Connection" button available on the IMAP credential form in Settings → Credentials.

Changed

• Workflow builder — Removed the duplicate floating Add node button on the canvas (bottom-right); it conflicted with the Zerq Copilot control. Use Add node in the builder toolbar only.

• Product naming — The management UI assistant is branded Zerq Copilot for Management (in-app and marketing: Zerq Copilot). Zerq Copilot for Gateway is reserved for a future runtime-focused experience. Docs, website, and UI copy updated accordingly.

• Zerq Copilot for Management — UI — Chat panel restyled for a clearer Claude-like experience: sticky header with model selector, soft message surfaces (assistant cards + user bubbles), centered readable column in fullscreen, copy-to-clipboard on assistant replies, refined markdown typography, and an elevated composer. Side panel width slightly increased on desktop.

• Zerq Copilot for Management — UI (continued) — Syntax-highlighted fenced code blocks (Prism / light–dark themes), copy on code blocks and on user messages, larger Radix model selector, Zerq logo in header and message avatars.

• Zerq Copilot for Management — user messages — User turns are right-aligned in the thread (assistant stays left); the signed-in user’s photo or initials (OIDC session via NextAuth) lead each bubble (before the message), still within the right-side cluster.

• Zerq Copilot for Management — theming — Markdown and Prism code blocks use shared CSS variables (--foreground, --muted, --primary, --success, --border, etc.) instead of bundled light/dark palettes; copy and “done” states use text-success.

• Zerq Copilot for Management — UX — Panel layout aligned with app surfaces (bg-card, bg-sidebar, borders, primary-tinted user bubbles). Retry on failed requests and on each assistant message (regenerate). Retry on user messages: regenerates the following assistant reply when present, or resends the same prompt when the user message is still the last message (no reply yet). Stop while streaming. Error card with Retry / Dismiss.

• Zerq Copilot for Management — model control — Model selector moved from the header to a rounded pill beside the message field (Claude-style), with the menu opening upward when space is tight.

• Zerq Copilot for Management — conversation retention — Closing the panel does not discard the thread; only Clear conversation (trash) clears it. Threads are persisted on the management API (GET/PUT /api/v1/copilot/thread, MongoDB copilot_threads, scoped by OIDC sub) so refresh and multi-device use the same saved conversation. See Zerq Copilot for Management and _internal/ai-copilot-ops.md.

Changed

• Management SSE (GET /api/v1/events/stream) — Fixed a panic when opening the event stream: the body stream writer must not call fasthttp.RequestCtx.Done() from the streaming goroutine. The handler now relies on write/flush errors and hub channel close for teardown.

• Zerq Copilot for Management ↔ Management MCP — Server-side MCP client now targets /api/v1 + MCP_MANAGEMENT_PATH (not a hardcoded /mcp/management suffix) and sends the user’s OIDC access token on every Management MCP request (initialize, tools/list, prompts/get, tools/call), matching backend managementAuthMiddleware and external IDE clients. See _internal/ai-copilot-ops.md.

Changed

• Workflow Save vs Enable separation — saving a workflow and enabling a workflow are now independent actions. A workflow can be saved (and tested) while disabled. The Enable Workflow toggle in the builder toolbar controls whether production triggers fire. Save persists the workflow definition at any time regardless of the enabled state. Disabled workflows: all test modes (HTTP test-listen, IMAP listen-for-email, Execute Workflow) remain available; production triggers (cron, Kafka, IMAP scheduler) do not start. Affects all workflows; no migration required for existing enabled workflows.
• IMAP trigger default mailbox changed from INBOX to Inbox to match common IMAP server conventions. Existing configured workflows are unaffected; only the default value shown in new configurations changes.
• Frontend dirty-state tracking — the Save button in the workflow builder is disabled when there are no unsaved changes. Navigating away or refreshing with unsaved changes shows a browser confirmation prompt. Clicking a node or dragging it on the canvas does not trigger the "unsaved" state (ReactFlow runtime-only fields are stripped from the dirty-state comparison).
• Test Node button re-added for trigger nodes in the node config panel. Trigger nodes now show both the trigger-specific test action (e.g. "Listen for Email", "Listen for Request") and the standard "Test Node" button.
• UI layout fix — content wrapper now uses h-screen instead of h-[calc(100vh-3.5rem)]. The previous value caused a ~56 px white strip at the bottom of every page because the pt-14 header offset was being subtracted twice from the viewport height.

Changed (Engineering)

• Backend domain packages (Phase 4) — Top-level handlers/, services/, and middleware/ were removed. Management REST handlers and services live under internal/management/{collection,proxy,credentials,client,policy,profile}/ (each with service.go + handler.go), with internal/management/ports for collection/proxy interfaces and internal/management/middleware for management auth and cache invalidation. Gateway-specific code is under internal/gateway/ (handler.go + middleware/ for auth, DB logger, compress/cache/rate-limit stack). Observability (audit logs, metrics, gateway DB logs) is under internal/observability/{audit,metrics,dblogger}/. Developer portal is under internal/portal/ with middleware/auth.go. Public HTTP routes and behavior are unchanged; WorkflowEngine no longer stores an unused ProxyService pointer (constructor takes credentials + collection services and proxy handler only).
• Backend module layout — Shared infrastructure moved from backend/utils into internal/platform (cache, DB helpers, auth, httpx, logger, encryption, pub/sub, merge, duration). Portable IMAP/Kafka/SMTP/V8 clients live under pkg/ (imapclient, kafkaclient, smtpclient, v8engine). Binary entrypoint is cmd/server/main.go; Docker build uses go build ./cmd/server. MCP code lives under internal/mcp/gateway and internal/mcp/management. See docs/_internal/backend-structure.md.
• Backend workflow package layout — Workflow engine, HTTP handlers, trigger schedulers (cron, Kafka, IMAP), trigger test stores, and Redis/pubsub notifier code now live under backend/internal/workflow/ (engine, workflow, triggers, triggercore, and subpackages). Public management API routes and behavior are unchanged; this is an internal module organization change for maintainability.
• Generic Trigger Architecture — Backend and frontend refactored to a unified system for all workflow trigger test-listen flows. Single API endpoint pair replaces per-trigger routes. Backend TriggerTestManager and CapturedTriggerEvent provide a single facade. Frontend TRIGGER_REGISTRY is the single source of truth for trigger metadata (canTestListen, display labels, etc.). WorkflowBuilder uses one unified testListenSession state for all trigger types. Adding a new trigger test-listen in future requires only: a backend case in TriggerTestManager.Start() and one entry in TRIGGER_REGISTRY. Affects engineering team only.
• Backend trigger schedulers (cron, Kafka, IMAP) now enforce proxy.WorkflowEnabled && proxy.Status == "published" before starting or maintaining production workers. Workers are stopped immediately when a workflow is disabled or unpublished.
• cleanWorkflow in WorkflowBuilder.tsx strips ReactFlow runtime-only node fields (selected, dragging, measured, positionAbsolute, width, height) and edge fields (selected) before dirty-state comparison and before saving, preventing UI interaction events from being stored in the workflow definition.
• Docs location enforcement — remaining legacy docs under repository-root docs/ (middleware-flow.md, middleware-optimization.md) were migrated to zerq-docs/docs/_internal/ as gateway-middleware-context-flow.md and gateway-middleware-optimization.md, then deleted from root. Root README project layout now reflects that canonical docs live in zerq-docs.
• Backend structure governance doc expanded — docs/_internal/backend-structure.md now defines mandatory naming conventions, dependency direction, package-placement rules, and PR checklist guardrails so future backend changes continue to follow the microservice-ready hierarchy (cmd/server, internal/*, internal/platform, pkg).
• Phase 2 hardening guardrails (backend) — Added executable architecture boundary tests (internal/architecture/architecture_test.go) and backend/scripts/dev-check.sh for local/CI checks; workflow runtime now depends on workflow-owned ports (internal/workflow/ports) instead of direct management package imports; startup-fast-fail domain runtime validation added in internal/platform/config/domain.go; workflow trigger sync payload standardized via triggercore.WorkflowTriggerSyncEvent contract (event_type, proxy_id, version, source).
• Phase 3 microservice-readiness hardening (backend) — Added boundary-contract tests for workflow seams (engine_ports_test, contracts_test, notifier_test) and enforced them via scripts/dev-check.sh; tightened DTO boundaries for workflow persistence and collection->proxy cross-domain writes (ProxyWorkflowUpdateCommand, triggercore.ProxyWorkflowState, management/ports request DTOs); expanded internal service-readiness docs with data ownership, extraction sequence, and split blockers.
• Backend liveness/readiness probes — Added explicit probe endpoints for container orchestration: GET /livez (process alive) and GET /readyz (dependency readiness: MongoDB plus Redis when CACHE_TYPE=redis).
• Probe wiring alignment with backend structure — Moved probe logic from cmd/server/main.go into internal/observability/health and wired it through Fiber healthcheck.New(...) using custom liveness/readiness probes, keeping route behavior the same (/livez, /readyz) while keeping composition-root code slimmer.

2026-03-26

Added

• Workflow Kafka Consumer entry node (kafka_consumer) for Kafka-driven runs: config includes credentials_id, topic, consumer_group, enabled, commit_mode, poll_timeout_ms; outputs include topic, partition, offset, key, message, headers, and run_id. Added starter template Kafka consumer + echo (kafka_consumer_echo).

Changed

• Workflow builder now auto-seeds a valid default proxy workflow when enabling workflows on a brand-new proxy (instead of sending workflow_definition: null), preventing 400 on first enable. The canvas now immediately reflects backend-seeded workflow changes without requiring a page refresh. API error messages from workflow save/validate/toggle are now surfaced directly in the UI instead of generic status-only failures.
• Workflow trigger registrar sync now uses Redis Pub/Sub broadcast (publish once, every pod receives and applies, including the sender on receive) instead of Redis Streams. Added reconnect protection: when Redis connectivity is restored after a disruption, trigger schedulers run a bootstrap sync to avoid stale in-memory registrations after missed pub/sub events.
• Management MCP workflow guidance updated to include kafka_consumer as a valid single entry trigger alongside http_trigger, manual_trigger, and cron_trigger in prompt text and tool descriptions (workflow_test_node, update_proxy_workflow, validate_proxy_workflow). Tool catalog docs now explicitly call out kafka-consumer support for workflow entry validation flows.
• Backend workflow validation now enforces exactly one entry trigger node per workflow (http_trigger, manual_trigger, cron_trigger, or kafka_consumer). Validation and enabled workflow updates reject definitions with zero or multiple entry triggers.
• Kafka consumer scheduler no longer uses Redis distributed locks; multi-pod coordination now relies on Kafka consumer-group partition assignment.
• Cron and Kafka trigger schedulers now use startup bootstrap plus event-driven per-proxy sync on proxy/workflow create, update, enable/disable, and delete. The recurring 60-second full trigger reconciliation loop has been removed by design.

2026-03-24

Added

• Workflow Cron Trigger node (cron_trigger) with scheduler-driven runs: configurable cron_expression, timezone, and enabled; outputs triggered_at, trigger, schedule, timezone, and run_id. Multi-pod execution uses Redis distributed locks for at-most-once execution per slot. Documented at Cron Trigger.
• Workflow template Cron trigger + echo (cron_trigger_echo in backend/templates/workflow_templates.json): cron_trigger → Code (simple starter) where code logs a cron run via console.log(...) and returns minimal metadata (run_id, schedule, triggered_at).
• Workflow Manual Trigger node (manual_trigger): starts runs from the builder only; outputs triggered_at and trigger (manual). Documented at Manual Trigger. Engine accepts http_trigger, manual_trigger, or cron_trigger as entry nodes.
• Workflow template Manual trigger + echo (manual_trigger_echo in backend/templates/workflow_templates.json): manual_trigger → Set → Response JSON with triggered_at and trigger. Listed on Workflow Templates.

Changed

• Workflow builder: Execute workflow failures show a compact Run failed chip with Details (full message in a small overlay panel) and Dismiss, so the toolbar layout is not stretched by long errors. Details closes on outside click or Escape. See Building Workflows.

2026-03-22

Added

• HTTP Request node: body.type multipart for multipart/form-data (text fields + file parts, base64 file payloads). UI label Form (URL-encoded) clarifies form_data vs multipart. Documented on HTTP Request Node.
• Workflow XML node (xml_node): XML ↔ JSON conversion, optional SOAP Body unwrap for xml_to_json. Documented under XML Node; Data Processing and Node Reference updated. Management MCP workflow prompt lists xml_node.
• Workflow templates (in backend/templates/workflow_templates.json): XML → JSON (incoming) and JSON → XML (response) starters for gateway workflows that use xml_node.

Changed

• Management UI: proxy create/edit dialog step indicator shows horizontal connector lines between step circles so the step order reads as a clear sequence (completed segments use a stronger track color).

2026-03-07

Fixed

• Workflow expressions (loop body): use $json['$item'], $json['$index'], $json['$loop'] — same $json pattern as $json['node_id']. Example URL: {{ 'https://…/' + $json['$item'] }}.

Added

• Workflow APIs: POST /api/v1/workflows/:workflowId/execute-partial, GET /api/v1/workflows/:workflowId/versions, POST /api/v1/workflows/:workflowId/versions/:versionId/restore.
• Workflow node execute_subworkflow and MCP tools execute_workflow_partial, list_workflow_versions, restore_workflow_version.
• Execution records now store per-node node_inputs for replay; workflow runtime_settings for execution timeout and save-on-success/error flags.
• Expressions: $workflow, $execution, and $input (all/first) in the Go engine; partial run and test-node accept pinned_outputs. UI: pin output in the NDV for mock upstream data (not persisted on save).

2026-03-20

Added

• Workflow Loop node (loop_node): public docs Loop Node, updates to Logic And Routing, Expressions — loop variables, Flow Control; internal index (repo only): zerq-docs/docs/_internal/reference/workflow-nodes-index.md. Sidebar Nodes → Logic & Routing includes loop_node.
• deploy/mongodb.sh for full-database MongoDB backup/restore (reads MONGODB_URI from env or deploy/.env only, optional defaults in script); internal operator runbook deployment/operations/backup-and-recovery updated.
• deploy/mongodb.sh clear-collection <name> to empty a collection via mongosh (replaces earlier clear-logs naming).
• deploy/mongodb.sh backup-json / restore-json for per-collection Extended JSON (mongoexport / mongoimport); output under deploy/mongo-backups-json/.

Changed

• Loop node expressions: iteration context is only on $json ($json['$item'], $json['$index'], $json['$loop']); bare $item / $index / $loop globals are not injected in V8 (consistent with the rest of the workflow engine).
• Loop node canvas and NDV: Loop / Done outputs; edges use sourceHandle loop (or empty) for per-item body and done for after-loop. Engine routes only by handle (split-batch style). Templates: loop-batch-api-calls, loop-reqres-users, loop-github-repos-meta, loop-nested-rows (nested loops); Loop Node wiring docs updated.
• MongoDB backup/restore script path: deploy/mongodb.sh (run from deploy/; deploy/scripts/ removed).
• deploy/mongodb.sh reads MONGODB_URI from .env with line parsing (Atlas URIs contain &, which breaks source); macOS install hint uses brew tap mongodb/brew.
• deploy/mongodb.sh reads env keys from deploy/.env only (not backend/.env).
• Internal backup runbook: mongodump produces BSON + metadata JSON; restore uses mongorestore.

2026-03-17

Changed

• build-push.sh now updates only the docker-compose image tags for services that were built, not all services. Tags are written directly in the compose file.
• Documentation homepage UI/UX aligned with zerq-website: card styling (rounded-2xl, hover lift, shadow), section padding, buttons (scale on hover/active), icon boxes, section title underlines, and container layout.

2026-03-13

Added

• Audience-first information architecture introduced.
• New reference pages added for management and gateway behavior.
• New deployment architecture and environment index pages.

Changed

• Public documentation navigation was simplified across sidebar, top bar, and footer.
• High-friction onboarding pages were rewritten for clearer user journeys.

Fixed

• Duplicate and overlapping pages were de-duplicated.
• Public links to internal-only documentation routes were removed.

Security

• Public docs builds now fail on broken links to prevent accidental leakage paths.

Notes

• This changelog is the canonical release-notes entry in the docs site.
• For code-level commit history, use repository git history and PR links.