Changelog

All notable changes to Etch.

[0.2.0] - 2026-02-15

Admin Portal Security
- Brute-force protection with lockout (5 attempts = 15 min lockout)
- Per-IP tracking for failed login attempts
- Rate limiting on auth endpoints (10/min challenge, 5/min verify)
Cleanup System
- Automatic cleanup of expired auth challenges
- Old rate limit entries purged after 7 days
- Resolved DLQ items cleaned after 30 days
- Vercel cron job (/api/cron/cleanup) runs hourly
Health Endpoint Enhancements
- Config status (JWT, wallet, QStash availability)
- Circuit breaker status included
- More comprehensive diagnostics
Developer Experience
- QStash sync fallback for local development
- Stricter TypeScript configuration
- Request correlation IDs on all errors
- Structured logging with sensitive data redaction

Variable shadowing in launch route
Console.log replaced with structured logger in all services
Input validation in job handler (re-validates beneficiary, Zod parsing for JSONB)

Token Launch API
- Create SPL tokens with metadata
- Configure total supply and reserve percentage
- Automatic Meteora pool creation
Vesting Integration
- Time-based vesting via Streamflow
- Cliff period support
- Linear unlock schedules
DAO Governance
- Realms V3 integration
- Community and council governance types
- Proposal and voting endpoints
Webhook System
- HMAC-signed webhook notifications
- Per-endpoint circuit breakers
- Retry with exponential backoff
Resilience Features
- Transaction retry with exponential backoff
- Connection health monitoring
- Idempotency checks to prevent duplicates
- Dead letter queue for failed jobs
Authentication
- Wallet-based challenge/response auth
- JWT tokens with configurable expiry
- Rate limiting per wallet and IP