What's new

TrigrFlow
Changelog.

Every update, fix, and improvement — tracked in one place. Newest changes first.

v4.0 — Security & Auth
httpOnly Cookie Auth Migration
SECMigrated to httpOnly, Secure, SameSite=Lax cookie-based JWT auth — tokens no longer accessible via JS
FIXResolved login redirect loop on all platform pages caused by stale sessionStorage token checks
NEWServer-side auth guard middleware — protected pages redirect to /login at HTTP level before serving HTML
SECSecurityHeadersMiddleware added: CSP, HSTS, X-Frame-Options: DENY, Referrer-Policy
IMPGZipMiddleware — 30–50% smaller API responses
IMPCacheControlMiddleware — /static/* assets now cached in browser
FIXAll stale localStorage and sessionStorage tokens wiped on page load
v3.1 — Auth Hardening
Token Security & Error Handling
SECPassword reset token type check added — reset tokens can no longer be used as session tokens
FIXFixed send_password_reset_email() function name mismatch causing reset emails to silently fail
FIXdecode_token() now raises 401 instead of returning None — eliminates silent auth bypass edge cases
IMPget_current_user() updated to support both Authorization header and cookie fallback
IMPauto_error=False added to oauth2_scheme — cleaner error handling for unauthenticated requests
v3.0 — Platform Launch
All 4 Platforms Live
NEWFacebook Messenger automation — keyword triggers, auto-replies, post comment detection
NEWWhatsApp Business API integration — rules engine, broadcast, lead CRM
NEWTelegram bot automation — polling + webhook mode, scheduled messages, subscriber management
IMPUnified dashboard across all 4 platforms
NEWAdmin panel — user management, subscription oversight, system health monitoring
NEWPaddle billing integration (in progress)

Detailed changelogs for earlier versions are being migrated. Full history coming soon.
Questions about a specific release? Contact the team.