CHARON GATE

Charon Gate

Changelog

Shipped changes and notable fixes from each release.

# Changelog

All notable changes to this project are documented here. Source of truth for the public page: `docs/CHANGELOG.md`.

## [Unreleased]

### Added

- **Operator + GTM docs:** **`docs/OPERATOR_CHECKLIST.md`** (pre-go-live and post-incident). **`docs/marketing/apollo-cold-outreach.md`** — Apollo-style cold email templates with merge-field placeholders and compliance reminders. **`docs/marketing/APOLLO_SETUP.md`** + **`npm run apollo:io-health`** for Apollo.io API verification (optional `APOLLO_IO_API_KEY`). **Dashboard Overview** shows live **PostgreSQL + Redis** status (`checkLiveness`). Observability runbook links **`docs/runbooks/prometheus-alerts.example.yaml`**.

- **Clerk sign-in / sign-up:** embedded **`/login`** / **`/register`** use path routing, cross-links, and **`fallbackRedirectUrl`** / **`forceRedirectUrl`** to **`/dashboard`** where applicable. Events toolbar **batch replay preflight** (`dryRun` on **`POST /api/replays/batch`**). **`GET /api/internal/ops`** includes **`incidentConsole`**, **`healthSnapshot`**, and hints for the poison DLQ guard. **Poison immediate-DLQ guard** (`POISON_IMMEDIATE_DLQ_*`, default off) pauses endpoints after repeated non-retryable first-attempt DLQs; counter **`charon_poison_immediate_dlq_pauses_total`**. Runbooks **`docs/runbooks/DLQ_SANDBOX.md`**, **`docs/runbooks/prometheus-alerts.example.yaml`**, **`docs/COMPLIANCE_OVERVIEW.md`**; dashboard quick links on Overview and Failures.

- **Plan-tier delivery queues** (`delivery-attempts-{free,pro,team}` + legacy `delivery-attempts` drain); `queues.deliveryAttemptsByPlan` on **`GET /api/internal/ops`**; runbooks **`docs/runbooks/PARTITIONING.md`**, **`docs/runbooks/EDGE_INGEST.md`**; **`npm run ops:print-inbound-partition-ddl`**, **`npm run ops:ensure-inbound-partitions`**, **`npm run ops:synthetic-ingest-smoke`**, **`npm run git:install-hooks`**; CI **Spectral** (`npm run openapi:spectral`) + workflow **`docs-inventory.yml`** for `docs/PROJECT_OVERVIEW.md` drift.

- **Postgres `inbound_events` hardening:** migration **`0013_inbound_events_hot_indexes`** — partial indexes for active statuses + tighter **autovacuum** scale factor.

- **Full-stack E2E (`e2e/pause-billing-retention.spec.ts`):** pause → ingest `503` → resume → `202`; **billing ingest guard** — DB fixture **`e2e/e2e-tenant-billing-db.ts`** mirrors `past_due` + elapsed grace on `tenants` (same `DATABASE_URL` as the app), asserts `402` + `billing_blocked`, then clears; **`POST /api/internal/retention`** smoke when **`INTERNAL_RETENTION_SECRET`** + **`APP_URL`** are set (wide `retentionDays` to avoid deleting recent rows).

- **Scale controls:** global Redis throttle on outbound deliveries per destination **hostname** (`DELIVERY_PER_DESTINATION_HOST_MAX_PER_SECOND`, `charon_delivery_host_throttled_total`); separate BullMQ **`WORKER_CONCURRENCY_*`** overrides; **`DATABASE_POOL_MAX`** for the shared `postgres` pool; **`docs/runbooks/SCALING.md`**; `GET /api/internal/ops` **`scaling`** snapshot; deployment env script lists non-default scale knobs.

### Fixed

- **Marketing navigation** from `/status`, `/changelog`, and other trust pages: section links now use absolute paths (`/#…`, `/pricing`) so the header, footer, and hero CTA leave those routes correctly. Dedicated **`/pricing`** page. Header/cookie **z-index** adjusted so the sticky header stays above the cookie strip.

### Changed

- **Delivery observability:** outbound requests include **`X-Charon-Delivery-Id`** / **`X-Charon-Event-Id`** (mirrors `Charon-*`); active OpenTelemetry spans receive **`charon.delivery_id`** / **`charon.event_id`** attributes when OTel is enabled on workers.

- **Incident backoff:** **`INCIDENT_MODE_RETRY_BACKOFF_MULTIPLIER`** scales BullMQ retry delays after failures (default **1**).

- **Ingest backpressure** via `INGEST_QUEUE_BACKPRESSURE_WAITING`; **retryable-failure circuit breaker** (`circuitBreakerRetryableThreshold` + `consecutive_retryable_failures` migration `0012_retryable_circuit`); dashboard **paused endpoints** banner; Events **incident console** quick link; ops hint for backpressure env; OpenAPI ingest examples; runbook **`docs/runbooks/SLO_TEMPLATES.md`** and **`docs/recipes/`** vertical guides.

- Marketing copy centers **ingest vs forward** (`PRODUCT_HERO_LEAD`, refreshed `PRODUCT_PROMISE_LINES`); trust section highlights per-endpoint policy, isolation, and operator surfaces. Internal ops JSON includes **`retrySchedule`** next to `deliveryPolicy`. New guides: `docs/SAFETY_NETS.md`, `docs/MIGRATION_FROM_HOMEGROWN_WEBHOOKS.md`; `docs/reliability.md` and `SECURITY.md` expanded (idempotency, destination safety, tenant isolation summary, Clerk delete). `docs/deploy/doppler.md` adds multi-environment notes.

- Product rename to **Charon Gate** (UI, docs, package `name`, outbound `User-Agent`); HTTP headers remain `Charon-*` and env `CHARON_SIGNING_SECRET` for backward compatibility. Introduced `src/domain/` and `src/platform/` layout seeds (`product-truths`, vocabulary, delivery policy; destination safety).

## [0.1.0] — 2026-05-13

### Added

- Phase 6 trust & observability surface: public **Status**, **Changelog**, **Roadmap**, and **Security policy** pages; operator **`GET /api/internal/ops`** (BullMQ depth + liveness) guarded by `INTERNAL_OPS_SECRET`.
- Runbooks for wiring **Sentry** / **OpenTelemetry** and for interpreting **queue metrics** alongside Prometheus (`GET /api/internal/metrics`).
- Shared **`checkLiveness()`** helper (`src/lib/health-check.ts`) used by `/api/health` and the status page.

### Notes

- Install `@sentry/nextjs` or OpenTelemetry SDKs when you are ready; `src/instrumentation.ts` is reserved for that wiring (see `docs/runbooks/observability.md`).