Changelog

What changed

Public log of every meaningful change to the platform. Updated when we ship; not auto-generated.

1. 2026-05-04Polish

   Spectacular pass — paper palette, state emblems, editorial body

   Replaced the cool-grey baseline with a warm paper-toned palette + subtle SVG noise texture. Built a per-state emblem combining the state silhouette with the official state mascot. Added newspaper drop caps to journal entries. Refined card hover language. Sticky mobile post-CTA. Designed empty states with personality.

2. 2026-05-04Shipped

   Manufacturer + caliber hubs, account dashboard, Q&A

   Listing Q&A surface (public ask + private answer). Manufacturer hub deep pages with editorial brand context + sold-comp data for 11 brands. Caliber hub deep pages for 14 cartridges. Account dashboard with Etsy-style performance band. Email-preferences page. Owner-only listing event timeline.

3. 2026-05-04Shipped

   Trust score, public seller profiles, price guide

   Per-user trust score with PRO/TRUSTED/STANDARD/NEW tiering, derived from verifiable signals. Public seller profiles at /seller/[username] with member-since, trust card, active listings, reviews. /sold price-guide page (state-aware). Security audit pass with new SECURITY.md.

4. 2026-05-04Fixed

   Domain ownership audit reveals 7-of-13 not owned

   WHOIS-audited every Phase-1 domain. Confirmed only 6 are owned by GTN at Porkbun (NC, GA, IN, SC, AL, OK). Other 7 (OH, AZ, TN, MO, WI, LA, KY) are registered to other parties. Narrowed LAUNCHED_PHASE_1 to reflect reality.

5. 2026-05-04Fixed

   ATF FFL fetch unblocked via manual upload endpoint

   ATF restructured every download URL — auto-fetch is broken. Built /api/admin/ffl-upload that accepts a manually-downloaded XLSX with the same parser the cron used. Token-or-session authorized. Transfer locator can populate now.

6. 2026-05-04Shipped

   Pricing transparency, journal, post-success upsell

   Public /pricing page (free standard + $5/$15/$25 promotion tiers + FFL banner table). Editorial /journal hub with three inaugural posts. Post-listing success page now shows a single-click promotion picker. State homepage shows recently-sold mini-feed.

7. 2026-05-04Shipped

   Watchlist, mobile nav, error boundaries, Authorize.net plumbing

   Per-user watchlist with WatchButton on every listing. Mobile drawer nav (was just a tiny CTA before). Editorial error.tsx + global-error.tsx fallbacks. Authorize.net Accept Hosted plumbed end-to-end (env-gated; graceful 'coming soon' UI when unset).

8. 2026-05-04Infra

   Off-site backup, expiry monitor, request IDs, SLO doc

   Encrypted off-site backup mirror to R2. Weekly TLS+DNS expiry cron. Request-ID propagated through middleware. Per-IP rate limit on /api/health. /opengraph-image dynamically generated per state. /.well-known/security.txt with safe-harbor. Account hard-delete endpoint. SLO + SECURITY docs.

9. 2026-05-04Shipped

   Backup automation, AWB engine, transfer locator

   Daily encrypted backup + weekly DR drill + weekly random-sample integrity check, all wired via /etc/cron.d/guntrader. Per-state Assault-Weapon-Ban engine for 10 Tier-2 states. /transfer + /transfer/[city] FFL locator routes (waiting on data ingest).

10. 2026-05-04Infra

    TOTP 2FA, audit retention, operator digest, status page, KPIs, CCPA export

    TOTP-based two-factor authentication. Audit log with 90d/7y retention tiers. Daily operator email digest. Public /status page reading deep health. Operator KPI dashboard. CCPA data-export endpoint. CI/CD via GitHub Actions.