A running, honest log of platform changes — connectors, frameworks, trust center, MCP, and core platform work — logged as it lands, not as it's promised.
Added a read-only Shopify connector template that collects staff-account and access-posture evidence for e-commerce tenants, following the same evidence-only pattern as our other connector templates.
Added a read-only Stripe connector template that inventories account security configuration for vendor-risk and access-review evidence, without touching payment or customer data.
Added a read-only Notion connector template covering workspace member and permission inventory, for teams that use Notion as a system of record.
Added a read-only Twilio connector template for account and access-posture evidence collection.
Reviewed and promoted 7 connector templates that had been sitting in our lowest-confidence tier after a targeted verification pass against each provider's real, documented API surface.
Landed a broad batch of additional read-only connectors — including Zendesk, Confluence, Freshservice, Supabase, Vercel, Netlify, Google BigQuery, Sentry, Discord, SecurityScorecard, and Carbon Black — each collecting only inventory/access-posture evidence, never writing to the source system.
Added read-only connectors across HR/HRIS and applicant-tracking systems for access-review and roster evidence, each scoped to the specific documented endpoints of that provider's API.
The dashboard's core integrations surface supports 12 native connectors spanning source control, cloud, identity, and security tooling, each with its own dedicated marketing and setup page.
Shipped the public trust-center surface — a per-tenant public page plus NDA-gated document sharing — alongside the admin trust-center workspace where the security posture and documents are managed.
Added an MCP endpoint and an API-tokens settings page so AI clients like Claude can query a tenant's controls, evidence, and risk data directly over the Model Context Protocol.
The frameworks hub covers cross-mapped controls for security, privacy, government/defense, AI governance, and EU-resilience standards, so one control and one test can satisfy requirements across multiple frameworks at once.
Shipped an ungated public scanner at /scan that runs passive, browser-equivalent checks and returns results inline when the job queue or database isn't configured.
Want the raw feed? /changelog/rss.xml. Curious what's next? See the roadmap.