Changelog

NEW

• Public Trust Center at /security covering encryption, hosting, RBAC, audit logging, vuln disclosure, and breach notification.
• Public About page at /about with company identity, founder, and contact channels.
• Self-service Data Processing Agreement at /dpa with Annexes I–III, suitable for clickwrap or counter-signed execution.
• Public subprocessor list at /subprocessors with 30-day advance-notice commitment.
• AI use disclosure at /security/ai with explicit no-training commitment.
• Required-permissions matrix at /security/permissions with exact Microsoft Graph and Jamf Pro privilege names.
• System status page at /status with real-time subsystem health.
• In-app feedback button (bottom-right) so customers can send notes without leaving the workflow.

IMPROVED

• Marketing landing page top nav now exposes Security and About directly so procurement reviewers don't have to dig.
• AI silent-install detection now runs against the winget manifest catalog as the authoritative source, with rule-based heuristics as a fallback. No third-party AI providers in the runtime path.
• Auto-Pilot patch automation now wired to real Intune and Jamf deploy paths (no more demo simulation).
• Multi-tenant organization model — billing, MDM credentials, and team membership all live at the organization level, with owner / admin / member roles and transferable ownership so a workspace survives employee turnover.
• Trial duration aligned to 10 days across product copy, billing, and email reminders.

FIXED

• Test Connection for Jamf Pro now uses a privilege-free version-check endpoint, eliminating a false 403 on correctly-scoped API roles.
• Jamf computer groups now load reliably across all Jamf Pro response shapes — earlier, customers on certain Jamf versions silently saw an empty group list.
• Group selector now surfaces real API errors instead of falling back to a generic "no MDM connected" message.
• Public marketing pages (Privacy, Terms, Security) no longer redirect unauthenticated visitors to the sign-in screen.
• Package wizard now warns when an uploaded file extension doesn't match the chosen target platform (e.g. .exe selected for Jamf).
• Failed Jamf deploys now clean up the orphan package record and uploaded file instead of leaving them in customer instances.
• Package reference numbers (PKG-YYYY-NNN) no longer collide after deletes — the generator now reads the actual highest reference for the year instead of the row count.

NEW

• Self-serve signup with email verification, free tier by default, and a 10-day Pro trial available without a credit card.
• Stripe billing integration with monthly and annual subscriptions, customer portal, and webhook-driven plan-state sync.
• Snap2Deploy branding on Intune apps and Jamf policies (with white-label override on Enterprise).
• Public package landing pages at /p/[ref] so anyone can see what was packaged and how — full audit transparency.
• In-app team management: invite by email with 7-day signed tokens, role assignment, and self-service ownership transfer.
• Audit log per organization for sensitive actions (member changes, integration changes, deploys, billing changes).

IMPROVED

• Signup flow streamlined to a single screen with a Pro-trial intent that carries through verification into billing.