What we actually shipped.

Real ship dates for real features. We publish ship records, not roadmap promises. If something is here, it is live in production. If it isn't here, we haven't shipped it yet.

2026-05-28 — Platform: site overhaul foundation

Platform · Marketing site

  • New: /agents + /skills pages. Capability showcases for our custom-build practice. Paige V2 is the publicly-inspectable reference build for the agents work.
  • New: /about + /customers + /security pages. Founder, location, operating principle, customer-reference policy, and security posture explicitly documented. We do not claim compliance certifications we have not earned.
  • New: /integrations page. Real list of what each product connects to today, with explicit "on the roadmap" section for items not yet shipped.
  • New: spec-compliant /llms.txt. Following the llmstxt.org standard. Preferred citation format and product roster published for answer-engine crawlers.
  • Updated: /robots.txt. Six additional LLM crawler allowances: ClaudeBot, OAI-SearchBot, Applebot-Extended, Meta-ExternalAgent, DuckAssistBot, Amazonbot.

2026-05-28 — GDK-CRM: production restore

GDK-CRM · Backend + Frontend

  • Fixed: real CRM SPA now serves at /crm/app/. The placeholder gate that previously displayed a "launching soon" banner is replaced with the production React SPA. Authenticated customers reach the real application.
  • Fixed: backend authentication against Redis. BullMQ queue configuration now passes Redis credentials so the backend starts cleanly when Redis requires authentication.
  • Fixed: CORS handling for non-browser callers. Health checks, server-to-server calls, OAuth callbacks, and third-party webhooks (Stripe, Twilio, Mailgun) now succeed. Browser security boundary remains enforced for authenticated cross-origin requests.

2026-05-27 — Platform: per-product brand marks deployed

Platform · Brand

  • Per-product logos now live at /assets/products/ for Fortilis, GDK-CRM, FTC, GDK Nexus, PA Quiz, and Tavira. Two real designed marks (Fortilis, Tavira) plus honest wordmark placeholders for products whose names are still being finalized.
  • /products clean URL now resolves to the products hub instead of returning HTTP 403.

2026-05-14 — Platform: SSO security hardening

Platform · Authentication

  • SAML 2.0 implementation migrated from hand-rolled crypto to the onelogin/php-saml library. Closes a class of XML signature wrap and assertion handling issues.
  • OIDC ID token verification now uses firebase/php-jwt with JWKS caching. Userinfo claims treated as enrichment-only with subject equality enforced.
  • SAML Service Provider signing infrastructure added (schema columns and key management). SSO remains feature-flagged off until formal security review completes.

Earlier 2026 — ongoing platform work

Platform · Multiple products

  • Q1 2026: GDK Nexus production launch with dynamic QR, scan analytics, A/B testing, and client-side encryption.
  • Q1 2026: GDK-CRM module consolidation (contacts, accounts, deals unified); +13 frontend pages; +48 API methods.
  • Q1 2026: Stripe integration with subscription lifecycle webhooks across the platform.
  • Q1 2026: Admin panel V2.0 with dual authentication (JWT + legacy session).

How this changelog works

  • Entries are added when work ships to production, not when work begins.
  • Each entry names the product and the surface it affects (backend, frontend, platform).
  • Major fixes get their own line. Minor incremental work is bundled into platform updates per period.
  • Items in our internal roadmap that have not shipped are not listed here.

Want to know when something specific ships?

We don't currently run a release-notes newsletter. The changelog page is the source of truth; subscribe in a feed reader if you want updates as they happen.

Tell us what you're tracking →

Last updated: 2026-05-28