← Back to changelog
// Changelog
Entry #01
Web

April Recap

Highlights

  • Effect v4 rewrite is live - The full backend and frontend have been moved onto Effect v4, giving us stricter types, better error handling, and a foundation everything else this month was built on top of.
  • Auth overhead cut by around 85% - Sign in and session resolution got dramatically lighter, so dashboards, match pages, and the desktop client all feel snappier on cold loads.
  • Desktop client with working Tauri auth - The Tauri client now actually signs in and routes correctly through the UI module, so we have a real desktop entry point for players and admins again.
  • Security sweep across events, tickets, scheduling, and deploys - Non-public event reads, ticket read mutations, scheduler RPCs, and the deployment flow all got proper authorization boundaries, closing several privilege escalation paths.
  • Tickets and Autumn customer creation - Event tickets shipped in beta, and orgs and teams now create their Autumn customer records automatically so billing and entitlements line up from day one.

More Updates

Security

  • Enforce org view permission in getEventBySlug - Non-members can no longer read private events through the slug endpoint.
  • Require team access for signup mutation - Joining an event now properly checks team membership server-side.
  • Prevent ticket read mutation privilege escalation - Closed a path where ticket read flows could be abused to escalate access.
  • Enforce scheduler authorization boundaries - Scheduler RPCs now validate caller permissions on every entry point.
  • Validate permissions for non-public events - Tightened access checks across draft and private event surfaces.
  • More intuitive team permissions - Reworked authorization mutations so team roles behave the way captains and owners expect.
  • Hardened deployment flow - Addressed a vulnerability in the deploy pipeline that could expose secrets.
  • Platform admin owner-equivalent team and org access - Support and platform admins can now act with owner-level access where they need to, without manual role swaps.

Features & Enhancements

  • Public match page with interactive map veto - New match page with a longer veto timer, banned-map display, and improved map selection UI.
  • In-match chat routed through the UI module - Match chat is live and now goes through the shared UI module instead of bespoke wiring.
  • Public event pages - New event pages with the discover surface, overlays, and proper SEO.
  • Ticket system (beta) - Initial ticketing flow for events, including customer-side reads and admin issuance.
  • Public team pages - Teams now have a public page, isolated into its own module so it can evolve independently.
  • Footer across the site - Site-wide footer with the standard links, including a quick fix for a duplicate render.
  • Banlists - Banlist data and UI are in, feeding into the new map-veto flow.
  • Rulebook upload - Organizers can upload a rulebook per event and have it surfaced on the public page.
  • Image cropper - Avatar and event images can now be cropped before upload.
  • Regenerate bracket - Stages now expose a guarded "regenerate bracket" action with a confirmation dialog, plus a save-confirmation indicator.
  • Analytics page - First pass of an internal analytics page is live.
  • Event creation with templates - Event creation now checks name availability and lays the groundwork for template-based events.
  • Signup validation - Signup gained proper validation so bad input fails fast and clearly.
  • Legal pages - Imprint, terms, and privacy pages are in.
  • User pages - Public user profiles are back.
  • Email + bot ID - Transactional emails are wired up alongside the new bot ID.
  • Autumn customer creation for orgs and teams - Orgs and teams provision an Autumn customer on creation so billing flows work without manual setup.

Bug Fixes

  • CPU no longer pinned to 100% - Fixed a runtime hot path that was burning a full core.
  • Mapban config now saves correctly - Saving custom mapban configurations works again.
  • Owner-only teams and viewer access on the dashboard - Owner-only teams and viewer-role users can see the dashboard again.
  • Discover page UI - Cleaned up layout and spacing issues on the discover page.
  • Missing env vars - Restored env vars that broke on a fresh deploy.
  • Build size regression - Trimmed bundle output after it ballooned during the rewrite.
  • Edge cases on event flows - Resolved a batch of small bugs around drafts and signups.

Performance Improvements

  • Faster hot reloading - Dev server reloads are noticeably quicker after the rewrite.
  • Monorepo build optimizations - Cache hits and task graph improvements across the monorepo.

Infrastructure

  • Migrated to tsgo beta - We now build and typecheck on tsgo for faster CI and local feedback.
  • Docker configs and product specs - Added Docker setup for self-host scenarios and refreshed the product spec docs.
  • Vercel preview deployments - Switched preview deploys to vercel.ts and stabilized the preview script.