QuackbackIO/quackback releases

Features

• Per-board Discord channels. Discord notifications now support per-channel routing with board filters, matching Slack. Add multiple channels, scope each to a specific board, and pick which events fire (post created, status changed, comment created).

Bug fixes

• Add Channel dialog state reset. The Add Channel dialog now clears form state when closed via Cancel or X, so reopening starts fresh instead of carrying over leftover input.

Internal

• Shared routing-table UI between Slack and Discord extracted into a single NotificationChannelRouter component. One-time migration cleans up legacy duplicate event-mapping rows for chat integrations.

Tests

• New Playwright e2e coverage for the Discord routing flow and Slack routing parity.

Full changelog: https://github.com/QuackbackIO/quackback/compare/v0.9.8...v0.9.9

Features

• Filter chips on the public feedback portal. A new chip-based filter UI replaces the legacy Filter button. Status, Tag, Vote count, Created date, and Team-response filters can each be added, swapped, or removed inline; chips are translated across all 6 locales. Boards joined the chip system on this release, so the mobile board sheet has been retired in favour of the unified filter UI.
• Roadmap toolbar parity. The public roadmap page now shares the feedback page's toolbar pattern: searchable Sort combobox, Search popover, and a Filter button on a single row across desktop and mobile. The roadmap selector is a horizontal scrolling tab strip with snap-to-column behavior, and Kanban columns scroll horizontally with chevron + fade affordances and an internal column scroll capped to viewport height.
• More filter dimensions on the public portal. Public post queries now respect minVotes, dateFrom, and responded filters. Complete and closed posts are hidden by default unless a Status chip overrides it.

Performance

• Faster cold start. Nitro now lazy-loads SSR chunks and the bootstrap path uses an auth fast-path. Bundles dedup shared deps, the Docker image switched to an Alpine base, the database is pre-warmed at boot, and migrations are bundled into the runtime.

Bug fixes

• Calendar-invalid date filters are rejected. `dateFrom` strings that look syntactically valid but aren't real dates (e.g. Feb 30) now fail validation instead of returning empty results.
• EXISTS subquery on public post listings. Matches the admin path's `${posts.id}` interpolation so the duplicate-suggestion-aware filter works on the portal too.

Internal

• Promoted `toggleItem`, `CircleIcon`, `MenuButton`, `VOTE_THRESHOLDS`, `DATE_PRESETS`, and `RespondedFilter` to `components/shared` / shared types so admin and portal filter UIs reuse the same primitives.
• /simplify pass: memoization, hoisted icon maps, and pruned dead code across the new portal toolbar/filters surfaces.
• Filter message IDs migrated to chip-based keys; widget board placeholder + portal "Upvotes" label wrapped in `FormattedMessage`.

Tests

• New Playwright e2e coverage for the chip filter flow and active-by-default hint.
• Unit tests for the Board filter category, single-board collapse, and the new public post filter dimensions.

Full changelog: https://github.com/QuackbackIO/quackback/compare/v0.9.7...v0.9.8

Performance

This release reduces server-side render times under concurrent load and shrinks the JavaScript footprint of every page. Both improvements are most visible on busy boards and admin pages with many simultaneous viewers.

• Hot data on the server-render path (workspace settings, OAuth provider config, user role lookups) is now cached more aggressively so most page renders only do a single fast lookup instead of multiple database queries.
• Per-route bundles were merged into per-section groups so the browser fetches a handful of larger chunks instead of dozens of tiny ones.
• Sensitive credentials remain off the cache layer — only metadata about which integrations are configured is cached, not the secrets themselves.
• Removed a duplicate database query that was firing on every authenticated page load.

Features

• Edit your own comments. Comment authors and team members can now inline-edit comments after posting. Edited comments show an (edited) marker. (#149)
• Set help-center article author via API and MCP. Articles created or updated through the API/MCP can now specify an author principal. Internal: this came alongside an API-layer cleanup that standardises how endpoints handle authentication and ID validation. (#147)

Bug fixes

• S3 uploads on self-hosted Docker Compose. When S3_PROXY=true, presigned uploads are now proxied through the server instead of returning a URL the browser cannot reach. Fixes deployments where MinIO is only reachable on the internal Docker network. (#150)
• Widget changelog scroll. Restored vertical scroll on the changelog detail view inside the embeddable widget.
• Cmd+Enter in the post editor. Cmd+Enter inside the comment textarea now submits the comment instead of also saving the post; Cmd+Enter on the post itself only saves when there are pending changes. (#144)

Internal

• Enforced the client/server import boundary so server-only modules (node:crypto, ioredis, bullmq) can no longer be pulled into the browser bundle through accidental imports.
• Expanded Playwright e2e coverage with 25 new spec files (~400 tests) over previously untested areas. (#148)
• Added unit tests covering the new caching surfaces.

Full changelog: https://github.com/QuackbackIO/quackback/compare/v0.9.6...v0.9.7

Bug fixes

• Restored the max-width container on post detail pages, which was accidentally removed during the help center routing restructure in v0.9.5 (#146)

Tests

• Added a Playwright regression test that asserts post detail content is constrained within its max-width container

What's changed

• Help center categories use icons - The emoji picker for help center categories has been replaced with a Heroicons picker for consistent iconography.
• Fix article editor layout - The article body now scrolls independently while the header stays fixed.
• Fix widget default board - The new post form in the widget now opens with the configured default board selected.
• Smoother widget launcher animation - Launcher fade-in and content load feel more polished.
• Clear default board in widget settings - The default board field now has a clear button to unset the value.
• Fix settings not refreshing - Settings changes now take effect immediately after saving.

What's changed

• Help center shows categories with nested articles - Parent categories whose articles lived under sub-categories were hidden from the public help center. They now appear with a total count that includes the whole subtree.
• Admin help center shows subtree article counts - Parent categories display "direct / total" so editors can see where articles actually live.
• @quackback/widget on npm - npm install @quackback/widget to embed Quackback in your app. TypeScript types and a React adapter (useQuackbackInit, useQuackback, useQuackbackEvent) included.
• Widget security hardening - Stricter instanceUrl validation and hardened window.open calls.
• Fix widget theme colors - Configured colors now apply consistently.
• Fix dark mode flash on navigation - Dark mode no longer flickers during client-side route changes.

What's changed

• Fix URLs breaking post submit - TipTap link marks with null attrs (e.g. title: null) were rejected by Zod validation, preventing posts with auto-linked URLs from being submitted
• Fix raw HTML/markdown in post previews - Post card descriptions now strip HTML tags and markdown formatting instead of showing raw syntax like <p>text</p> or [link](url)
• Consolidate content preview utility - Removed duplicate truncateContent functions across widget and help center, replacing them with a shared contentPreview() that handles both stripping and truncation
• Standardize widget typography - Consistent text sizing across all widget views: bumped help center category titles/descriptions, unified metadata labels, form buttons, badges, and action links
• Fix help article scroll overflow - Article content in the widget now scrolls properly when it overflows the container
• Fix help article portal link - "View on portal" from widget help articles now opens the correct Quackback URL instead of the host site

What's new

• Help center category hierarchy -- Organize articles into nested categories up to 3 levels deep with cascade soft-delete, 30-day restore window, and parent-chain validation (#132)
• Help center inline in portal -- /hc/* now renders under the portal shell with a Help Center tab in the portal nav; standalone subdomain and custom-domain support removed in favor of a single unified portal
• Full-page article editor -- Replaces the old dialog-based editor with an Intercom-style page at /admin/help-center/articles/$articleId: slim top bar with category pill and publish state, reader-width body, description subtitle, rich editor with images and embeds
• Publish → View article flow -- Once an article is published, the Publish button swaps to a green "View article ↗" link that opens the portal URL in a new tab; Unpublish moves to an overflow menu
• Admin finder redesign -- Sidebar category tree that auto-expands the ancestor chain of the selected category, hover-reveal row actions for + sub / edit / delete, breadcrumb row, sub-category chip row for lateral navigation, skeleton loader, deleted items view
• Auto-rehost external images on article save -- LLM-authored image embeds now get fetched (SSRF-guarded, magic-byte verified) and rehosted to workspace S3 automatically
• Settings nav regrouped -- General / Customization / Feedback / Help Center / End Users / Developers, dropping the "Portal" umbrella and pulling Widget alongside Branding under Customization
• Portal + Permissions pages merged -- /admin/settings/portal was split across two pages by auth state (signed-in vs anonymous); now consolidated into /admin/settings/permissions grouped by action, with signed-in and anonymous toggles per action
• Button pills everywhere -- New `shape` variant on the Button component defaulting to pill (opt out with `shape="default"`), making admin buttons consistently rounded without per-call class overrides

Bug fixes

• Fix help center article canonical URL missing `/hc` prefix -- og:url and rel=canonical now correctly point at `{baseUrl}/hc/{category}/{article}` (#132)
• Fix restoreCategory allowing a child to be restored under a still-deleted parent, which would leave the category orphaned from the active tree -- now throws PARENT_DELETED and admins must restore the ancestor chain top-down (#132)
• Fix help center finder infinite scroll sentinel never observed on first category selection -- the IntersectionObserver was attached to a null ref when the sentinel was only conditionally mounted (#132)
• Fix stale closure in HelpCenterCategoryTree toggle() that could read outdated ancestorIds under concurrent mode (#132)
• Fix help center admin nav links font weight + header hierarchy for better readability

Housekeeping

• Rename TypeID prefixes: `helpcenter_article` → `article`, `helpcenter_category` → `category`, `helpcenter_feedback` → `article_feedback`. No data migration required -- TypeIDs are stored as raw uuid columns and prefixes only apply at serialization time
• Drop dead `kb_domain_verifications` table and `helpcenter_domain` type after custom help center domain support was removed earlier in the branch
• Delete dead `packages/db/src/utils.ts` generateId helper, shadowed by `@quackback/ids` generateId(prefix)
• Branding preview page rewritten to mirror the real feedback portal layout (collapsed "What's your idea?" header, boards sidebar, per-post cards, Powered by Quackback pill with duck logo)
• Extract CategoryActions shape to collapse sprawling category callback props through HelpCenterList → FiltersPanel → Tree

What's new

• Tag editor -- Manage tags from Admin > Settings > Tags with name, description, and color. Tags render as colored badges throughout the app. (#130)
• Status editor improvements -- Auto-save on every change (no more save/discard bar), hex color input with randomize button, edit dialog for existing statuses, roadmap accepts any number of statuses
• Per-field save spinners -- Inline ArrowPathIcon spinner on the specific toggle being saved across widget, status, tag, and permissions settings

Bug fixes

• Fix status/roadmap reorder failing with cannot cast type record to uuid[] -- use Drizzle query builder with inArray instead of raw SQL ANY()
• Fix tag description clearing silently ignored (null converted to undefined)
• Fix tag list not updating immediately after create/edit
• Fix popover scroll inside dialogs -- popovers now auto-portal to dialog content instead of document.body, so react-remove-scroll doesn't block wheel events
• Fix native scrollbar showing in tag add popover -- use Radix ScrollArea with styled scrollbar

Housekeeping

• Unify help center embeddings to text-embedding-3-small (same model as feedback pipeline)
• Large codebase cleanup: deduplicate OAuth/webhook components, consolidate AI utilities, extract shared Redis config, remove dead code
• Migrate widget identify from HMAC to JWT-only with server-side token signing
• Support custom user attributes in widget JWT claims
• Remove unused feedbackSignalCorrections table

What's new

• Standalone help center (experimental) -- Build and publish a help center directly from Quackback. Create categories and articles with the rich text editor, then serve them on a standalone subdomain with search, SEO, and structured data. Enable via Settings > Advanced > Experimental. (#128)
• Help tab in widget -- Browse help center categories and search articles without leaving the feedback widget. Drill into categories to see article lists, or search across everything. (#128)
• Help center MCP tools -- Manage categories and articles programmatically via MCP, with a new quackback://help-center/categories resource for discovery. (#128)
• Help center API -- Full REST API at /api/v1/help-center for categories and articles with CRUD, publish/unpublish, and article feedback endpoints. (#128)
• Russian translations -- Full Russian locale for the portal and widget by @TAZAQ. (#126)
• API-only imports -- Import system simplified to use the REST API exclusively, removing direct DB mode. (#127)

Fixes

• Bubble menu clipping -- Fixed the editor bubble menu getting clipped inside dialog modals.

Fixes

• Portal navigation — Removed the Help Center tab from the public portal. Help center will become its own dedicated portal in a future release. The tab was previously visible even when the feature flag was turned off.

What's new

• Mobile native SDK support -- New sendToHost bridge abstraction replaces direct postMessage calls, enabling native mobile SDK integration for iOS and Android. The bridge falls back to postMessage in web contexts for full backwards compatibility.
  • quackback-ios -- Swift SDK for iOS
  • quackback-android -- Kotlin SDK for Android
• Full-screen mobile widget -- Widget renders full-screen on mobile with a close button and CSS-based responsive layout. Smooth slide-up/slide-down transitions replace the desktop popover on viewports under 640px.
• Internationalization -- Portal and widget now support English, French, German, Spanish, and Arabic with full RTL support. Auto-detects browser language via Accept-Language, with explicit locale override via SDK config or ?locale= param.
• Auto-upvote on post creation -- Authors automatically upvote their own posts, with the vote recorded atomically in the same transaction.
• Mobile SDK locale support -- iOS and Android SDKs now pass locale via both URL param and postMessage for flicker-free i18n.
• Rich editing for portal users -- Users editing their own posts now have full editor features: headings, code blocks, task lists, dividers, slash commands, and images.
• Slash command hints -- Editor placeholders now show "Type / for commands" across all locales to improve discoverability.

Fixes

• Widget placement CSS on re-init -- Style tag is now properly cleaned up on destroy, preventing stale left/right positioning when reinitializing with a different placement.
• Image paste in admin -- Fixed Zod validation crash when pasting images with undefined attrs (e.g. caption: undefined from ResizableImage extension).
• Slash commands in admin -- Global / search hotkey was intercepting keystrokes in TipTap editors. Now skips contentEditable elements.
• Post modal feature parity -- Edit post modal now has full editor features (images, slash menu, code blocks, tables) matching the create dialog. Saves also close the modal.
• Team members query crash -- Switched from useSuspenseQuery to useQuery with fallback to prevent crashes during navigation.

What's new

• Help menu — New ? icon in the admin sidebar opens a dropdown with docs, changelog, and version info (follows the Sentry/PostHog/GitLab pattern)
• Update indicator — A notification dot appears on the help icon when a newer release is available, with a direct link to the release notes
• Update banner — Dismissable banner at the top of the admin area that smoothly animates in when an update is detected
• Scrollable sidebar — The icon rail now scrolls gracefully on small viewports
• Cleaner dev experience — Removed TanStack Router and React Query devtools icons

Improvements

• Version fetch runs once in the route loader (parallel with avatar fetch) instead of duplicate client-side calls
• Update banner starts collapsed on SSR and animates in after hydration to avoid flicker
• Tightened sidebar-to-content spacing

Email logo embedding

• Email logos now work reliably across all email clients (Gmail, Outlook, Apple Mail)
• When no public S3 URL is configured, logos are served through a server-side proxy instead of a 302 redirect that email clients silently ignore
• Proxied responses are cached in memory (1h TTL) so repeated email opens don't hit S3 every time
• Cache headers set to 1 year with immutable for any intermediate proxies that honor them

Thanks

• @ozayo - reporting the email logo issue (#111)

Rich text editor

• Rich text editing for posts, widget submissions, and the portal - bold, italic, lists, links, blockquotes, and more
• Image uploads in the editor with drag-and-drop, paste, and slash menu support
• Image resize handles, context menu actions (view, download, copy, delete)
• Read-only HTML renderer preserves image aspect ratios

Email brand logos

• Your brand logo now appears in all email templates (welcome, invitations, status changes)
• Improved HTML email compatibility across major email clients (88% to 95%)
• Local email testing with Mailpit in Docker

Board slugs

• Boards now use i18n-safe slugs via the slugify library, supporting non-Latin characters
• Fixed optimistic updates and cache invalidation for board mutations

Portal

• Improved mobile responsiveness across the public portal

Fixes

• Widget - Stabilized popular ideas search height and prevented accidental Enter submit
• Editor - Image extension is always registered so existing image content renders correctly in all editor contexts
• Accessibility - Suppressed missing DialogDescription warnings across all dialogs
• Upload routes - Fixed branded type mismatch for session user IDs
• Docker - Bumped Bun to 1.3.11 to fix arm64 install failure
• BullMQ - Fixed handler argument being lost when queued (#113)

Thanks

• @ozayo - reporting mobile view issues (#112)
• @TAZAQ - fixing the BullMQ handler argument bug (#113) and reporting the board slug issue (#115)

Widget

• Trigger button stays visible and toggles the widget open/close instead of being hidden when the panel opens
• Animated open/close with scale + origin-anchored transition and rotating trigger icon
• Board filter pills below "Popular ideas" — toggleable, horizontal scroll with chevron nav buttons
• Search behind a magnifying glass icon on the "Popular ideas" heading — expands inline on click, no extra layout row
• Replaced Radix ScrollArea with plain overflow div, eliminating display:table layout inflation that caused horizontal overflow on the feedback list

Analytics (experimental)

Enable via the Experimental settings page. Not enabled by default.

• Redesigned analytics layout with left nav sidebar and clean metric-focused cards
• KPI summary cards with sparklines and metric toggle pills on activity chart
• Proportional bar rows for board breakdown, donut chart for status breakdown
• Changelog views card with ranked entries
• Hourly BullMQ refresh with materialized daily stats

Auth

• Replace isAnonymous with principalType across session interface, bootstrap, and client checks
• ensureSessionThen defers anonymous session creation to first interaction (vote/comment/post)

Fixes

• Docker build: set HUSKY=0 to skip prepare script
• Analytics spacing and chart color fixes

Widget Auth

• Anonymous-to-identified merge — votes, comments, and posts transfer when user re-identifies via SDK
• Identify precedence — portal session takes priority over SDK anonymous calls
• OTT safety — skip session transfer for anonymous users to prevent portal logout
• Shared merge utility extracted from portal auth for reuse by widget identify
• 50 new auth tests

Widget UI

• Consistent font sizing across post and changelog detail views (15px title, 13px body, 11px meta)
• Post detail header mirrors listing layout (vote column left, status/title/meta right)
• Clickable titles linking to portal with hover icon (shared WidgetPortalTitle component)
• Unified comment form with inline email/name for anonymous users (single Post action)
• User avatar popover with engagement stats
• Infinite scroll for feedback and changelog tabs
• Comprehensive widget test coverage (52 tests)

• Redesign widget home with portal-style expandable create card
• Merge search and create into single expandable input
• Integrate email capture directly into feedback form
• Unify similar posts design and animations across widget and portal
• Fix widget card overflow issues (horizontal, input, email/name row)
• Simplify widget internals: extract post row, remove prop drilling and dead code

• Widget changelog tab with entry listing and detail views
• Configurable widget navigation (feedback/changelog/roadmap tabs)
• Inline email capture for anonymous widget users

• Add publishedAt parameter to MCP changelog tools

New Features

• Markdown rendering for changelogs and posts - Content created via the rich text editor, MCP, or API now stores markdown alongside TipTap JSON. The server auto-derives contentJson from markdown when only plain text is provided, ensuring consistent rendering everywhere
• Redesigned public changelog - The changelog page now displays a full-article feed with a date sidebar, rendered rich content, and linked feature cards, similar to a blog layout

Bug Fixes

• Fix list item spacing in rendered content - Ordered and unordered lists no longer have excessive whitespace between items. Fixed by unwrapping single-paragraph list items in the HTML renderer
• Remove unsigned cookie from widget identify endpoint - Cleaned up the widget identify endpoint to use only the signed cookie for authentication
• Strip markdown in admin changelog previews - Admin changelog list no longer shows raw markdown syntax in content previews

Improvements

• Refactor service layer into focused modules - Large service files (posts, comments, changelog, settings, users, segments, roadmaps) split into smaller, focused modules for better maintainability

New Features

• Cascade delete linked integration issues - When deleting a post that has linked issues in external platforms, the delete dialog now shows each linked issue with a checkbox to archive/close it. Supports Linear, GitHub, Jira, GitLab, ClickUp, Asana, Shortcut, Azure DevOps, Trello, Notion, and Monday. Integration icons and human-friendly issue identifiers (e.g. QUA-24, #142) are shown in the dialog
• Per-integration on-delete behavior config - Each integration's settings page now has an "On post delete" option to control whether linked issues are archived/closed by default

Bug Fixes

• Fix dark theme flicker on admin pages - Admin pages no longer flash white on load in dark mode. Theme is now read from a server-side cookie instead of client-side detection
• Remove static vote count from integration syncs - Vote count was included in synced issue descriptions but never updated after creation, showing a misleading frozen value. Removed from all integration message builders (Linear, GitHub, Jira, GitLab, ClickUp, Asana, Shortcut, Azure DevOps, Zapier)

Performance

• MCP search response trimming - Search results now return 200-char excerpts instead of full content, extract just the summary string instead of the full summaryJson object, and use compact JSON encoding for list responses - reducing payload from ~170KB to ~40KB per 100-post page
• Database column selection for post lists - listInboxPosts now excludes unused heavy columns (embedding at ~12KB/row, searchVector, widgetMetadata, and pipeline metadata), reducing DB transfer from ~1.4MB to ~200KB per 100-post query
• Exclude internal fields from all post queries - getPostWithDetails and listPostsForExport now use explicit column selection, preventing ~12KB of embedding data per row from being transferred on detail, admin, and export paths

Bug Fixes

• Portal post edit view matches read-only view - Empty paragraphs in the TipTap editor now collapse to match the static prose rendering, fixing the excessive vertical spacing visible in edit mode. Edit title input also matches the normal h1 sizing
• Fix MCP OAuth posts showing 'Unknown' author - OAuth JWT was missing name and email claims, causing all MCP-created posts to show "Unknown" as the author. Users need to re-authenticate for the fix to take effect

Performance

• Dragonfly caching for hot paths - Tenant settings, integration event mappings, and active webhooks are now cached in Dragonfly with 5-minute TTL and write-through invalidation, eliminating redundant DB queries on every page load and event dispatch
• Slack channel cache migrated to shared helpers - Unified caching pattern across all cached resources

Improvements

• Robust cache failure logging - Cache helpers log warnings on failure instead of silently swallowing errors, improving production debuggability
• S3 deletion failure logging - Previously silent catch blocks in logo/favicon/header logo operations now log warnings with the affected S3 key
• Better embedding error context - OpenAI embedding failures now include pipeline step and post ID for easier triage
• Reduced log noise - Removed ~25 noisy read-path console.log entries from domain services (settings, statuses, posts, comments, roadmaps, subscriptions, notifications, webhooks) that fired on every request

Improvements

• Private comments - Notes are now consolidated as private comments with MCP isPrivate support
• Event system completeness - Added missing event types and improved private comment UX
• Slack channel listing - Improved Slack channel listing and incoming feedback UX

Bug Fixes

• Fix widget vote/reaction highlights after SSO identify - Vote and reaction highlights now persist correctly after SSO identify in the widget
• Fix vote and reaction highlights after page reload - Highlights no longer reset when the page is reloaded
• Fix Canny importer issues - Fixed soft-delete filtering and publishedAt preservation

Chores

• Upgrade to Vite 8 and @vitejs/plugin-react 6
• Update all dependencies to latest compatible versions
• Type safety improvements
• CI: run build before typecheck to generate route tree

New Features

• API extensions and Canny adapter - New API-to-API import pipeline with a Canny adapter for migrating feedback, votes, comments, and users from Canny to Quackback.

Bug Fixes

• Fix OAuth token exchange 500 for MCP clients - The token endpoint consumed the request body to inspect the resource parameter but only reconstructed it when resource was missing. MCP clients like Claude Code that include resource in the token exchange hit a 500 because Better Auth received an empty body. The request is now always reconstructed after reading.
• Fix consent page redirect - Added data.url fallback for OAuth consent redirect URL resolution, fixing cases where the redirect field name varied.

Database

• OAuth schema migration - Added require_pkce column to oauth_client and auth_time column to oauth_refresh_token for Better Auth compatibility.

New Features

• Anonymous voting - Users can upvote posts without signing in. Controlled by a per-workspace feature flag (enabled by default). IP-based rate limiting prevents abuse by counting anonymous sessions per IP.
• Anonymous posting - Users can submit feedback without an account. Controlled by a workspace feature flag (disabled by default). Anonymous sessions are created lazily via Better Auth's anonymous plugin.
• Anonymous commenting - Users can comment on posts without signing in. Controlled by a workspace feature flag (disabled by default).
• Workspace permissions page - New admin settings page under Settings > Permissions to toggle anonymous voting, posting, and commenting per workspace.
• Widget post detail view - Full post detail with voting, comments, threaded replies, status badge, author name, and relative timestamps inside the embedded widget.
• Widget SDK event system - Host apps can subscribe to widget events (vote, post:created, comment:created, identify) via Quackback('on', eventName, handler). Supports on/off commands and returns unsubscribe functions.
• Widget metadata - Host apps can attach key-value metadata to widget sessions via Quackback('metadata', { key: value }). Metadata is stored on posts created through the widget.
• One-time token session transfer - Widget sessions can be transferred to the portal via secure one-time tokens, so users clicking "View full discussion" arrive already authenticated.

Improvements

• Server-side feature flag enforcement - All three anonymous feature flags are now enforced server-side in toggleVoteFn, createPublicPostFn, and createCommentFn. Previously voting and posting were only gated on the client.
• Widget auth UX - When anonymous features are disabled, vote/comment/post buttons remain fully interactive. Clicking opens the portal (widget) or login dialog (portal) instead of appearing disabled.
• Widget identify requirement - The widget trigger button is now only shown after identify() is called, preventing interaction before the host app establishes an identity.
• Anonymous display names - Anonymous users receive auto-generated friendly display names (e.g. "Blue Falcon") instead of showing raw email addresses.
• Bearer token auth for widget - Widget iframe uses Authorization: Bearer headers instead of cookies for cross-origin compatibility.
• Rate limit hardening - Anonymous vote rate limiting now counts sessions per IP instead of active vote rows, preventing vote/unvote toggle bypass.
• Widget scroll behavior - Post detail view scrolls to top when navigating between posts.
• Memoized widget context - WidgetAuthContext value is memoized to prevent unnecessary consumer re-renders.
• Dofollow powered-by backlinks - "Powered by Quackback" links in the widget and feedback board are now dofollow for SEO value.

Bug Fixes

• Anonymous posting feature flag was dead code - The anonymousPosting check in createPublicPostFn was inside a branch that was never reached because anonymous users always have a principal record. Moved the check to run unconditionally.
• Anonymous voting had no server-side check - toggleVoteFn had zero feature flag enforcement. Any user with an anonymous session could vote regardless of the setting.
• Widget user state not cleared on anonymous switch - Switching from an identified session to anonymous via identify({ anonymous: true }) did not reset isIdentified, causing the widget to continue treating the user as signed in.
• SDK listeners not cleared on destroy - Calling Quackback('destroy') did not clear event listeners, causing memory leaks on re-initialization.

New Features

• Vote removal for admins - Admins can remove any vote (direct or proxy) from the voters modal on a post. Hover over a voter row to reveal the remove button.
• Proxy vote MCP tool - AI agents can add votes on behalf of users via the new proxy_vote tool (22 to 23 MCP tools total).
• Proxy vote DELETE endpoint - Remove proxy votes via the REST API at DELETE /api/v1/posts/:id/vote with OpenAPI docs.

Improvements

• Widget SDK simplification - Icon-only trigger button replaces the old text button. Removed buttonText option for a cleaner, more compact widget launcher.
• Widget shell redesign - Added close button to the home screen and simplified the panel layout.
• Widget settings overhaul - Two-column layout with live preview panel, dark syntax-highlighted code blocks, pill selectors for placement and board, and copy-to-clipboard embed snippets.
• MCP setup guide overhaul - Interactive client selector with SVG icons for Claude Code, Cursor, VS Code, Windsurf, and Claude Desktop. Dark code panels with syntax highlighting, OAuth/API key variant toggle, and tools badge summary.
• API Keys settings redesign - Replaced static docs card with an interactive Quick Start guide showing multi-language code examples (curl, JavaScript, Python, Go, PHP) with syntax highlighting, base URL copy, and API resources summary.
• Webhooks settings redesign - Replaced static docs card with an interactive signature verification guide showing HMAC-SHA256 verification code in 5 frameworks (Node.js, Python, Ruby, Go, PHP), webhook headers reference, and event badges.
• Signal embedding improvement - Embedding format now matches post structure for better similarity matching.
• Admin UI polish - Unified border opacity and card styling across all admin list views. Redesigned notifications and getting started pages.

New Features

• Slack integration - Two new ways to send feedback from Slack. The "Send to Quackback" message shortcut lets team members forward any Slack message as feedback with one click. Channel monitoring auto-ingests messages from configured channels into the feedback pipeline.
• AI signals progressive disclosure - AI-generated insights (duplicates, merge suggestions, similar posts) are surfaced contextually in the post modal via a signal summary bar and similar posts card instead of a separate banner.
• Bidirectional merge - Merge suggestions now support swapping direction so you can choose which post to keep as canonical.
• Activity timeline - Every post now has an activity tab showing status changes, merges, tag changes, owner assignments, proxy votes, and other events in reverse chronological order.
• Proxy voting - Admins can vote on behalf of users with full attribution tracking. The voters modal shows who added each vote.
• Author selector - Admins can choose the post author when creating posts, with a searchable member dropdown and inline user creation.
• AI usage logging - All pipeline steps (extraction, quality gate, embedding, suggestion matching) now log token usage, latency, and retry counts to the ai_usage_log table. A separate pipeline_log table tracks ingestion events end-to-end.
• Public API expansion - Five new REST endpoints for managing AI suggestions (list, accept, dismiss, restore) and viewing post activity logs. Existing post endpoints now return summary, merge, and lock fields.
• MCP server expansion - Five new MCP tools: list_suggestions, accept_suggestion, dismiss_suggestion, restore_suggestion, and get_post_activity (17 to 22 tools total). Enriched search and detail tools with summary, merge, and lock fields.

Improvements

• Suggestion dismiss with undo - Dismissing a suggestion shows a timed undo toast instead of requiring a separate restore action.
• Suggestion grouping - Suggestions from the same source are visually grouped in the triage view.
• Feedback UI redesign - Incoming tab merged into Feedback as a sub-tab. Post modal now includes manage actions and similar posts card.
• Duplicate dedup - Pipeline skips creating duplicate suggestions when a pending suggestion for the same feedback already exists.
• Query cache invalidation - Creating posts from the create dialog or accepting suggestions now properly invalidates inbox, portal, and roadmap caches.
• Nullable user email - External users from Slack and other sources no longer need a placeholder email address.
• Voters avatar stack - Compact avatar display for post voters with overflow count and source attribution badges.

Fixes

• Slack signature verification - Signatures are now verified before parsing the request body, preventing timing attacks.
• Comment cache invalidation - Comment mutations now cross-invalidate admin inbox and portal caches.
• Type safety - Replaced any casts with proper types across integrations, tests, and scripts.

Database Migrations

• 0026: Post activity table
• 0027: Slack channel monitors table
• 0028: Vote-on-post suggestion type
• 0029: Feedback indexes
• 0030: AI usage and pipeline log tables
• 0031: Nullable user email
• 0032: Drop dismiss reason column
• 0033: Vote added_by_principal column

New Feature

• Merge preview modal - PMs can now click the merge preview card in the suggestions triage view to see a full readonly preview of what the canonical post will look like after merging. The preview shows the post title, description, AI summary, metadata sidebar, and comments from both posts separated by a labeled divider. Vote count is computed server-side using the same deduplication logic as the real merge (unique voters across both posts).

Improvements

• Extracted shared post utilities - Moved toPortalComments and getInitialContentJson to a shared module for reuse across post modal and merge preview.

Improvements

• Simplified merge confirmation dialog - Replaced the redundant two-card layout with a single result card showing what the merged post will look like (title, description, combined votes and comments). PMs already see both posts in the triage row - the dialog now focuses on the outcome.
• Improved merge dialog copy - Clearer language about what happens when merging: voters are only counted once, the duplicate redirects to the kept post, and the action can be undone anytime.
• Aligned backfill prompt labels - Merge suggestion backfill script now uses the same neutral "Post A"/"Post B" labels as the production assessment service, instead of "Source Post"/"Candidate".

Features

• Redesigned merge duplicate flow - Replaced side-by-side post card layout with stacked cards showing duplicate/canonical direction, a merged result preview card with combined vote and comment counts, and a confirmation dialog before merging. Added post-merge resolved state with inline undo and view actions.
• Unified team settings table - Replaced two-section layout (members list + pending invitations card) with a single TanStack Table showing both members and invitations inline. Invitations display an "Invited" badge, sent date, and color-coded expiry text. Added global search filtering across all rows.

Fixes

• Fixed stale error banner on team page - Invitation resend/cancel actions now clear the error state before starting, preventing stale error banners from persisting after successful retries.
• Fixed merge direction race condition - Merge success handler now derives canonical/duplicate posts from the submitted mutation variables instead of closure state, preventing incorrect post IDs if the swap toggle changes during in-flight requests.
• Fixed Outlook Safe Links consuming magic link tokens - Outlook's link prefetch was consuming one-time invitation tokens before users clicked. Tokens now require a POST request to be consumed, with a GET landing page that submits via JavaScript.

Improvements

• Upgraded to Gemini 3.1 Flash - All LLM services now use gemini-3.1-flash-preview and gemini-3.1-flash-lite-preview for improved quality and performance across extraction, interpretation, summaries, and merge suggestions.

Features

• Link-based password reset - Replaced OTP-based forgot-password flow with email link-based reset using 24-hour token expiry. Users now receive a reset link instead of a 6-digit code, with a dedicated reset password page at /auth/reset-password.
• Profile password management - Added password change/set form to user profile settings. Users with an existing password can change it; OAuth/OTP-only users can set one for the first time.
• Voter subscription controls - Admins can now view and change notification subscription levels for individual voters directly from the voters modal, with colored badges and inline dropdown editing.
• Author link in admin posts - The author field in the post metadata sidebar now links to the admin users page with the author pre-selected for quick navigation.

Improvements

• Extracted levelFromFlags helper - Deduplicated subscription level derivation logic from boolean flags into a shared utility function with test coverage.
• Vote existence validation - Admin voter subscription changes now verify the target principal has a vote on the post before allowing modifications.
• Fixed sendResetPassword early return - Added missing early return when email is not configured, preventing unnecessary email function calls.
• Password reset email template - New email template with reset button, fallback link, and 24-hour expiry notice.

Fixes

• Fix crash navigating from portal to admin - Fixed "Cannot read properties of undefined (reading 'items')" error when navigating from the public feedback portal to the admin dashboard. The inbox posts query now tolerates undefined responses during route transitions.

What's New

• Scanner-safe magic link verification - Corporate email scanners (Microsoft Safe Links, Proofpoint, Mimecast) can no longer invalidate invitation magic links. An intermediate landing page sits between the email link and the auth endpoint - scanners GET the page harmlessly, while the real token is only consumed when the user clicks "Accept invitation".
• Branded invitation landing page - The verification page fetches workspace branding (logo, name, inviter) from the invitation, so users see a cohesive "You're invited to join [Workspace]" experience rather than a generic auth step. Includes a loading state and feature highlights.
• Renamed accept-invitation to complete-signup - The /accept-invitation/{id} route is now /complete-signup/{id}, better reflecting its role as the account setup step after accepting an invitation.

What's New

• Structured server-side logging - Added consistent [domain:*] and [fn:*] log prefixes across all domain services and server functions for better observability and debugging. Domain services log function entry with key parameters; server functions additionally wrap handlers in try/catch with error logging.
• Magic-link auth logging - Auth handler now logs magic-link request/response details including status codes and redirect locations to aid authentication debugging.

What's New

• Industry-neutral AI prompts - Duplicate detection reasoning now describes the shared customer need (e.g. "Both request the ability to export data as PDF") instead of using internal jargon like "source post" and "candidate post". Examples updated to be universal across all verticals.
• Removed merge_post from feedback pipeline - Duplicate detection is now fully handled by the dedicated merge-suggestions domain, removing the old merge_post suggestion type, schema columns (targetPostId, similarityScore), and related indexes from the feedback pipeline

What's New

• Suggestions tab renamed to Insights - The admin feedback tab is now called "Insights" with a cleaner route path at /admin/feedback/insights
• PM-friendly filter labels - Filter sidebar updated from action-oriented labels ("Suggested action", "Merge posts", "Create post") to insight-oriented labels ("Type", "Duplicates", "New feedback")
• Updated empty state copy - Empty state now reads "No pending insights" with improved description text
• Improved merge suggestion row UX - Cleaner layout for duplicate post suggestions with better visual hierarchy
• Default sort by relevance - Suggestions list now defaults to relevance-based sorting instead of newest-first

What's New

• Gold brand primary color - Default primary color updated from indigo to gold (#FFD43B) to match the Quackback website brand identity, across the app theme, sidebar, focus rings, and email templates
• Branded invite pages - All invite page states (sign-in, welcome, error) now show workspace logo and name inside the card with Quackback app branding above, matching the portal navbar layout
• Invite error context - Error pages now include workspace identity so users know which workspace they were invited to, even when something goes wrong
• Redesigned accept-invitation page - Improved error handling with distinct states for invalid tokens, expired links, and already-accepted invitations

Improvements

• Deduplicated InboxPostListParams type - Single source of truth instead of duplicate definitions
• Extracted role check helpers - Reusable isAdmin/isMember helpers replace inlined role checks across the codebase
• Removed unused regex - Cleaned up dead code in the interpretation service
• Shared toIsoString utility - Deduplicated date formatting into a shared utility
• Updated README - Reflects current feature set

Bug Fixes

• Fixed changelog API route - Route now goes through the service layer instead of bypassing it
• Fixed silent error swallowing - Comment permission checks now surface errors correctly
• Fixed missing soft-delete filter - Board queries now properly exclude deleted boards
• Fixed suggestion card layout - Improved footer layout with consistent board icons

What's New

• Redesigned suggestions page - Removed board filter, renamed "Type" to "Suggested action" with clearer labels (Merge posts, Create post), and collapsed Similarity/Confidence into a single Relevance sort
• Swap merge direction - New toggle to flip which post gets merged into which on the suggestions triage page
• Redesigned post modal layout - Two-column layout extends all the way down with comments in the main column, metadata sidebar floats as a card instead of a bordered column
• Collapsible AI insight cards - Both merge suggestion banners and AI summary cards are now collapsible with a unified header pattern
• Merge suggestion post preview - Duplicate suggestions now show a clickable post card with vote count, status badge, and title
• Cleaner visual hierarchy - Removed section separators, replaced "None" labels with subtle dashes, better spacing throughout

Bug Fixes

• Fixed I-beam cursor on editor content - ProseMirror editor now correctly shows text cursor instead of pointer

What's Changed

• Fix scrolling on suggestions page - Removed conflicting nested ScrollArea that prevented the page from scrolling
• Add Quackback source badge to merge suggestions - Duplicate post suggestions now show the Quackback logo and "Duplicate post" badge, consistent with other suggestion types
• Fix source filter for merge suggestions - Filtering by "Quackback" source now correctly includes duplicate post suggestions in results and sidebar counts

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.4.3...v0.4.4

What's Changed

• Fix BullMQ scheduler error on Dragonfly - upsertJobScheduler creates derived keys inside Lua scripts that aren't declared in the KEYS array, causing "script tried accessing undeclared key" errors on Dragonfly (Railway's Redis). Replaced the BullMQ maintenance queue with simple setInterval matching the existing summary/merge sweep pattern.
• Fix Date serialization in feedback suggestion expiry - Same .toISOString() fix as v0.4.1, this time in the feedback pipeline's expireStaleSuggestions query.

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.4.2...v0.4.3

What's Changed

• Fix merge sweep query errors - Raw sql template literals bypass Drizzle's TypeID-to-UUID conversion, causing invalid input syntax for type uuid errors. Replaced with ne() and isNotNull() operators that properly handle the conversion.

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.4.1...v0.4.2

What's Changed

• Fix merge suggestion sweep crash - The postgres driver's sql template tag doesn't auto-serialize Date objects, causing the merge sweep and expiry queries to throw ERR_INVALID_ARG_TYPE. Fixed by converting to ISO strings before passing as query params.

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.4.0...v0.4.1

What's Changed

• AI-powered duplicate detection - Standalone merge suggestion system that finds duplicate posts using hybrid vector + full-text search, then verifies with an LLM. Suggests which post to merge into which based on vote count, comment count, and age. Runs on post creation and via periodic sweep.
• Feedback aggregation UI - Merge suggestions appear alongside feedback suggestions in the admin inbox with accept/dismiss actions. Includes filtering by suggestion type (new post vs duplicate) and sorting by similarity or confidence.
• Custom OIDC OAuth providers - Support for generic OAuth2/OIDC providers beyond the built-in social logins. Configure custom providers with discovery URL, client ID/secret, and display name.
• Comment count filter - New minimum comments filter in the admin feedback inbox, matching the existing minimum votes filter.
• AI summary improvements - Redesigned summaries with key quotes, next steps, and live staleness detection. Single getOpenAI() guard across all AI features.
• Admin UI polish - Unified patterns across inbox, suggestions, changelog, and users pages. Restyled users page.

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.3.11...v0.4.0

What's Changed

• Post description fix - Fixed post descriptions not displaying in the admin modal and public edit mode for posts created via API or plain text submission. These posts only had the content field populated (not contentJson), so the rich text editor showed an empty placeholder instead of the actual content.

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.3.10...v0.3.11

What's Changed

• Invitation flow rewrite - Rewrote accept-invitation page with welcome screen, atomic claim to prevent race conditions, email ownership verification, and server-side password setup via Better Auth internal API
• Invite modal UX - Fixed URL overflow when email delivery isn't configured, redesigned success state with copy-to-clipboard and wrapping URL display
• Migration ordering fix - Corrected out-of-order timestamps in migration journal that caused migrations to be silently skipped during deployment

Full Changelog: https://github.com/QuackbackIO/quackback/compare/v0.3.9...v0.3.10

Fixes

• OAuth email scope (part 2) - Add email to clientRegistrationDefaultScopes so dynamically registered clients (e.g. ChatGPT) are allowed to request it. The v0.3.8 fix only added it to the discovery metadata but not to the client registration defaults (#64)

Note: If ChatGPT already registered a client before this fix, you may need to delete its row from the oauth_client table so it re-registers with the updated scope set.

Fixes

• OAuth email scope - Add missing email scope to /.well-known/oauth-protected-resource metadata, fixing invalid_scope errors when connecting from ChatGPT and other OIDC-aware MCP clients (#63)

Fixes

• Cursor pagination - fix page 2+ failing on post search by converting TypeID to UUID and Date to ISO string before SQL tuple comparisons (#61)
• Date serialization in SQL - defensively call .toISOString() on all Date objects interpolated into Drizzle sql template literals in post queries and user listings (#61)

Features

• Date filtering for MCP search - dateFrom and dateTo params on the MCP search tool enable date-range queries like "what feedback did we get in June 2024?" (#61)
• Date filtering for public API - GET /api/v1/posts?dateFrom=2024-06-01&dateTo=2024-06-30 now supported, matching MCP parity (#61)
• Principal date index - composite (role, created_at) index on the principal table for efficient date-filtered portal user listings (#61)

Features

• SEO meta tags - all portal pages (feedback, posts, changelog, roadmap) now render title, description, Open Graph, and Twitter Card meta tags with canonical URLs (#60)
• Dynamic sitemap and robots.txt - /sitemap.xml includes all public posts, changelog entries, and static pages with lastmod timestamps; auto-paginates via sitemap index when exceeding the 50,000 URL protocol limit; /robots.txt blocks admin, auth, and API paths (#60)
• ESLint import conventions - new rules enforce @quackback/ids imports and consistent type import style across the codebase (#60)
• OpenAPI release workflow - GitHub Actions workflow generates and attaches openapi.json as a release asset on publish (#60)

Fixes

• Private boards excluded from sitemap - posts on private or deleted boards are no longer exposed in sitemap.xml (#60)

Features

• Startup banner - logs build version, git commit, environment, runtime, and base URL when the server starts (#57, #58)

Fixes

• Soft-deleted records visible in public queries - soft-deleted posts and comments were still appearing in public board views, search results, and portal pages. All public queries now exclude deleted records (#56)
• Startup banner timing - the startup banner now logs at server initialization instead of waiting for the first incoming request (#58)

Features

• MCP delete/restore tools - new delete_post and restore_post tools for the MCP server, letting AI agents soft-delete and restore posts programmatically (#53)

Improvements

• Comment counts maintained in application code - comment counts are now updated in application logic rather than database triggers, improving portability and testability (#51)

Fixes

• Widget mixed content error - the feedback widget iframe, RSS feed, and API docs were generating http:// URLs behind Cloudflare TLS termination, causing browsers to block the widget on HTTPS sites. All three routes now use the canonical BASE_URL from config (#55)

Features

• Admin post delete/restore - admins can now soft-delete posts from the post modal with a confirmation dialog, and restore them within a 30-day window. A new "Deleted posts" filter in the inbox sidebar shows recently deleted posts (#52)

Fixes

• Deleted posts visible on public portal - soft-deleted posts were still showing on portal listings, post detail pages, roadmap views, user profiles, and board counts. All public-facing queries now properly exclude deleted posts (#48, fixes #45)
• Responded/Unresponded filter crash - the admin inbox Responded/Unresponded filter crashed with "column posts.post_id does not exist" due to Drizzle's relational query builder rewriting column references in SQL subqueries to the wrong table alias (#54, fixes #46)
• "Response" filter renamed to "Team response" - clearer labeling in the inbox sidebar and active filter chips (#54)

Fixes

• Settings page URLs in reverse proxy deployments - the previous fix (#43) used window.location.origin on the client, which breaks reverse proxy setups where BASE_URL differs from the browser origin. Now threads BASE_URL through the router context via the bootstrap server function so MCP and widget settings pages always show the correct configured URL (#44)

Fixes

• Portal auth toggle lock - the Email OTP toggle was incorrectly locked when the stored config was missing an explicit password key. Root cause was parseJsonConfig using a shallow merge that dropped nested defaults - now uses deep merge so all default oauth keys are preserved (#42)
• Settings page URLs on client-side navigation - MCP and widget settings pages showed relative URLs (e.g. /api/mcp) instead of full URLs when navigating via client-side links. Switched to the shared getBaseUrl() utility that correctly resolves the origin on both server and client (#43)
• Avatar S3 key validation - validate avatar S3 keys before use and sanitize OAuth consent redirect URLs (#41)

Chores

• MCP registry - added server.json for the MCP server registry

Fixes

• MCP settings page URLs - the endpoint URL now renders with the full domain instead of just /api/mcp. Falls back to the browser origin when BASE_URL is unavailable during SSR.

Improvements

• Concise MCP setup guide - condensed the authentication explanation, per-tab help text, and tools listing. Now shows all 15 available MCP tools.

Cleanup

• Remove unused tenant provisioning system - deleted 835 lines of dead code including init-sql generator, tenant provisioning module, catalog exports, and stale multi-tenant references across the codebase

Fixes

• Regenerate tenant provisioning SQL - the init-sql file was stale, only bundling 2 of 7 migrations. New tenant databases were being created with dropped columns (official_response, etc). Now includes all migrations through 0006.

Maintenance

• Update all dependencies - bumped @tanstack/react-router 1.160.0, @tanstack/react-start 1.160.0, @aws-sdk/client-s3 3.990.0, bullmq 5.69.3, openai 6.22.0, tailwind-merge 3.4.1, typescript-eslint 8.56.0, and @types/nodemailer 7.0.10

Official response migration

• Pinned comments replace official responses - the official_response, official_response_principal_id, and official_response_at columns have been removed from the posts table. Existing responses are automatically backfilled into pinned comments during migration, preserving the original author and timestamp. Posts that already have a pinned comment are left untouched.
• Cursor-based inbox pagination - the admin inbox now uses keyset pagination instead of offset-based pagination, improving performance on large datasets. The MCP search tool's cursor format has been updated accordingly.
• Responded filter updated - the "has response" inbox filter now checks for team member comments instead of the removed official response columns
• Importer fallback - when importing posts with responses but no responder email, the importer now falls back to the post author instead of silently dropping the response

Improvements

• Docs links on settings pages - API keys, webhooks, and MCP settings pages now link to the relevant documentation. Integration detail headers link to their setup guides when available.

Upgrade

This release includes a database migration. Run bun run db:migrate after deploying. The migration backfills data automatically - no manual steps needed.

MCP server - complete API coverage

• 8 new MCP tools - update_changelog, delete_changelog, update_comment, delete_comment, react_to_comment, manage_roadmap_post, merge_post, unmerge_post - bringing the total from 7 to 15. Agents can now complete full workflows end-to-end: edit changelogs after publishing, fix comment typos, manage roadmap items, and merge duplicate posts.
• Comment reactions via MCP - new react_to_comment tool with explicit add/remove actions for emoji reactions
• Destructive tool annotations - delete operations are annotated with destructiveHint: true so MCP clients can warn before executing

OAuth improvements

• Redesigned consent page - shows the client application's name, logo, and domain instead of a generic "An application wants access". Scopes display structured labels with descriptions, and OIDC plumbing scopes (openid, profile, email) are hidden from users.
• OAuth setup guide - MCP setup guide now shows both API key and OAuth configuration options for Claude Code and Claude Desktop
• Default scope grants - dynamically registered OAuth clients now receive all scopes by default, removing the previous allowed/default split that required manual configuration
• OAuth role revalidation - the MCP handler re-reads the principal's current role from the database on every OAuth request, so role changes (demotions, revocations) take effect immediately instead of at token expiry

Improvements

• Explicit add/remove reactions - replaced the toggleReaction function across the entire codebase with explicit addReaction/removeReaction calls. Both are idempotent (double-add and double-remove are no-ops), preventing accidental state flips.
• Avatar upload refactor - profile avatar uploads now use presigned S3 URLs with dedicated React Query mutation hooks instead of inline fetch logic
• Portal auth tooltip - email OTP tooltip now links to the setup documentation
• Comment self-edit via MCP - portal users with write:feedback scope can now edit and delete their own comments through MCP, matching the web UI's permission model

Upgrade

No migrations required - redeploy from main.

New option for self-hosters who can't reach S3 directly from the browser.

New features

• S3 proxy mode - Added S3_PROXY environment variable that streams S3 file bytes through the server instead of issuing a 302 redirect to a presigned URL. Enable this when the browser can't reach the S3 endpoint directly - common with ngrok tunnels, HTTPS apps pointing at HTTP MinIO, or Docker networking where the S3 host is internal-only.

Configuration

Set S3_PROXY=true in your .env to enable proxy mode. When disabled (default), the existing presigned URL redirect behavior is unchanged.

Upgrade

No migrations required - redeploy from main. If your avatars or images aren't loading due to S3 connectivity issues, add S3_PROXY=true to your environment.

Patch release - fixes S3 image serving for private buckets and test configuration.

Bug fixes

• S3 image serving - Images now default to the presigned URL proxy (/api/storage) instead of constructing direct endpoint URLs. This fixes broken images on private bucket providers like Railway Buckets where the raw S3 endpoint is not publicly accessible. Users who want direct CDN/endpoint URLs can still set S3_PUBLIC_URL explicitly.
• Test configuration - Excluded Playwright e2e specs and build artifacts from vitest test discovery, fixing false failures when running tests from subdirectories

Upgrade

No migrations required - redeploy from main. Railway Bucket users no longer need to set S3_PUBLIC_URL - it works automatically via the /api/storage presigned redirect route.

Patch release - defense-in-depth for config validation in Docker environments.

Bug fixes

• Config schema resilience - envInt and envBoolean Zod schemas now preprocess empty strings to undefined via z.preprocess(), ensuring validation never fails on empty Docker/compose env vars regardless of how values arrive at the schema layer

Upgrade

No migrations required - redeploy from main.

Patch release - email setup is now fully optional.

Improvements

• Optional email setup - Quackback now gracefully degrades when no email provider (SMTP or Resend) is configured, instead of silently failing
• Email OTP gating - the Email OTP sign-in option is automatically hidden in portal auth settings when email is not configured, with a tooltip explaining why
• Invitation fallback - when email is not configured, invitation functions return the invite link directly so admins can share it manually via Slack, DM, etc.
• Event email skip - the email event handler logs a skip and returns success (no retry) when email is not configured
• Auth OTP safety net - a warning is logged if the OTP callback is reached without email configured

Bug fixes

• Config validation - empty env var strings (common in Docker/compose) no longer cause config validation failures for optional fields like EMAIL_SMTP_PORT

Technical

• EmailResult type - all 5 send functions in the email package now return { sent: boolean } instead of void
• isEmailConfigured() - new export from @quackback/email to check provider status
• Tests - added 17 new tests covering email configuration detection and email hook handler behavior

Upgrade

No migrations required - redeploy from main.

Feature release with new auth, feedback improvements, and quality-of-life fixes.

New features

• Password authentication - email + password is now the default sign-in method for both portal users and team members
• Comment status changes - status transitions are recorded inline as comment events, giving full context in the conversation thread
• Comments lock - admins can lock comments on a post to prevent further portal user replies
• Shared error & 404 pages - consistent error handling with a root error boundary
• Portal filtering - public portal now supports filtering by status and tags
• Scheduled changelog publishing - changelogs can be scheduled for future publish via the changelog.published event

Improvements

• Onboarding stepper - redesigned with a progress bar and cleaner two-zone layout
• Date filters passed as strings - fixes serialization issues with date-based inbox filters
• Error cause preservation - rethrown errors now include { cause } for better debugging
• Reset script - now tears down volumes and resets all services (MinIO, Dragonfly, Postgres)
• Telemetry simplified - single DISABLE_TELEMETRY env var replaces the old config system
• Removed analytics briefing - cleaned up unused analytics page and service
• Dependencies updated - TanStack, AWS SDK, MCP SDK, Radix, Slack, and more

Upgrade

Redeploy from main - migrations run automatically on startup.

Patch release fixing a deployment-breaking bug introduced in v0.1.0.

Bug fix

• Fix missing database migration - the telemetry_config column migration existed but was not registered in the Drizzle journal, so it was never applied on deploy. This caused 500 errors on every request.

Upgrade

If you deployed v0.1.0 via Railway or Docker, simply redeploy - the migration will run automatically on startup.

First public release of Quackback - the open-source alternative to Canny, UserVoice, and Productboard.

What's included

• Feedback boards - public voting, status tracking, comments, reactions, and duplicate detection
• Admin inbox - unified triage with filtering, bulk actions, and analytics
• Roadmap & changelog - show what's planned and close the loop when features ship
• Embeddable widget - collect feedback from inside your app with a script tag
• 14 integrations - Slack, Linear, Jira, GitHub, Asana, ClickUp, Shortcut, Azure DevOps, Intercom, Zendesk, HubSpot, Discord, Teams, and Zapier
• Two-way sync - inbound webhooks keep statuses in sync with your issue tracker
• REST API - API keys, outbound webhooks, and an MCP server for AI agents
• Auth - email OTP and configurable OAuth providers (Google, GitHub, etc.)
• Self-host anywhere - Docker, Railway one-click deploy, S3-compatible storage, any SMTP provider

Get started

git clone https://github.com/QuackbackIO/quackback.git && cd quackback
bun run setup && bun run dev

Or deploy with one click:

Links

• Website
• Documentation
• Self-hosting guide