Today brings a mix of documentation visibility and internal hardening. We’ve added comprehensive automated walkthroughs for every user role, plus a consolidated batch of security and compatibility fixes queued for the next minor version bump.
Feature walkthroughs
We added a comprehensive set of automated feature walkthroughs to the documentation, covering every user role with screenshots:
- Guest: anonymous browsing and search
- Customer: account management, orders, and messaging
- Vendor: store management and sales (note: item creation is API-only for now)
- Staff/Admin: moderation, configuration, and user management
These guides are generated from automated tests, so they’ll stay accurate as the system evolves.
Security hardening (queued)
We tightened production error-reporting settings to reduce the chance of leaking sensitive debugging output.
We also strengthened protections around session-based write requests, tightened scoping on authenticated API reads, and applied a small authorization hardening pass on protected write actions. This work is part of a consolidated reviewer-fix bundle queued for the next minor version bump.
Deployments: database compatibility
We queued a small compatibility fix so default seeding works reliably on MariaDB deployments (the prior approach relied on SQLite-only syntax).
Documentation updates
- Roadmap: linked the roadmap post from the README for easier discovery.
- Agents: added a sample agent skill entry to help integrations get started.
- Transactions: clarified how transaction listings are scoped and what to expect from authenticated reads.
- Registration: updated docs to clarify security protections and configuration options.
- Admin config: corrected the documented response keys to match what the system actually returns.
User-facing summary: New visual guides make it easier to see what the system does, while under the hood we’re prepping a solid batch of security and compatibility fixes for the next release.