0.5.0 — Phase 1 Foundation11 May 2026
The foundation lands. Auth, sessions, RBAC, design system, and audit logging are wired end-to-end. Marketing site shell is live.
addedThree-app monorepo: marketing, customer dashboard, staff dashboard.
addedEmail + password auth with bcrypt(12), email verification, password reset.
addedTOTP-based two-factor authentication with QR-code enrolment.
addedGoogle and GitHub OAuth — custom flow, no NextAuth bolt-on.
addedRefresh-token rotation with a 12-minute client-side ticker.
addedShadow login for support staff with reason field and Super Admin email alerts.
addedZero Trust JWT verification on the staff app.
addedBot-protection challenge on every public auth form.
addedFull Prisma schema for every model in Spec §5.
addedMarketing site shell with hero, bento, pricing, testimonials, CTA — all from the prototype.
0.4.0 — Auth Foundation28 April 2026
JWT-cookie session model finalised, session table-backed for revocation, rate limiting added to every auth endpoint.
addedHttpOnly access (15 min) + refresh (30 days) cookies.
addedPer-email login rate limiter (5 attempts / 15 minutes).
addedPer-IP register rate limiter (3 attempts / hour).
changedCookie SameSite policy relaxed from Strict to Lax to accommodate OAuth redirects.
0.3.0 — Design System14 April 2026
Design tokens consolidated into a shared package. Nunito, DM Sans, JetBrains Mono adopted across every surface.
added`@exerax/ui` shared component library with Button, Input, Card, Badge.
addedGlobal tokens.css imported by all three apps — single source of truth.
changedRemoved conflicting font imports (Plus Jakarta Sans, Inter, Syne) from dashboard prototypes.
0.2.0 — Monorepo30 March 2026
Repository structure locked in. Turborepo + pnpm workspaces; four shared packages; three Next.js apps.
addedTurborepo configuration with shared task pipeline.
added`@exerax/config`, `@exerax/db`, `@exerax/auth`, `@exerax/ui` packages.
addedGitHub Actions CI workflow: lint, typecheck, test.
0.1.0 — Initial commit15 March 2026
Project bootstrap.
addedSpec document `EXERAX_SPEC.md` locked in at version 2.3.
addedVisual prototypes for marketing, login, and both dashboards.