Changelog

v1.0.0-beta.1 — public beta

The big stuff

• FEATStable phone pairing. Each device gets a server-minted p_<12hex> identity that survives reinstalls and deviceId rotations.
• FEATCloudflared tunnel auto-spawn. APK invite links work over HTTPS from anywhere — no firewall opens, no port forwards.
• FEATCrash deduplication. Identical stack traces (top 5 app frames, line numbers stripped) merge into one CrashGroup with an occurrence counter.
• FEATScreenshot regression diffs. Per-pixel comparison vs the previous run, with red-overlay visualisation.
• FEATA/B rollout cohorts. Sticky deterministic assignment so you can canary new builds to 20% of phones.
• FEATMemory snapshot diff. Track PSS regressions between builds via dumpsys meminfo parsing.
• FEATNetwork traffic recording. Capture which hosts an app contacts during a test window.
• FEATWebhooks. Subscribe external services to install / crash / phone events. HMAC-signed payloads.
• FEATAccount system. Email + password signup, JWT sessions with refresh-rotation, API keys for CI.
• FEATAdmin dashboard at /ui/admin.html with real-time stats and crash group triage.
• FEATStatus page at /ui/status.html with rolling uptime bars.
• FEATOnboarding tour for first-time users.

Performance

• PERFMulti-phone parallel install — 3 phones receive an APK in the time of one.
• PERFCached APK upload — invite URL is reusable for an hour, no re-upload per visit.
• PERFRace-guard on phoneId minting prevents duplicate IDs under burst heartbeats.

Security

• SECbcrypt cost 12 + JWT HS256 with secret rotation support.
• SECAPI keys stored as SHA-256 hashes; raw key shown once.
• SECConstant-time comparisons throughout auth.
• SECStrict CSP + HSTS + frame-ancestors none.
• SECToken-bucket rate limiters per endpoint class.

Developer experience

• FEATPrometheus /metrics + /healthz + /readyz endpoints.
• FEATSentry hook (set SENTRY_DSN to enable).
• FEATGit SHA + branch stamping on every install session.
• FEAT/version endpoint with agent self-update contract.
• DOCSSingle-page docs at /docs.
• FEATMulti-arch Docker image at ghcr.io/droidfleet/droidfleet.
• FEATVPS bootstrap script — ./scripts/vps-bootstrap.sh --domain X --email Y.
• FEATSQLite → Postgres migration script.

Bug fixes from earlier dev builds

• FIXJWT dev-default secret now stable per process (was randomly regenerating, breaking auth in dev).
• FIXUTF-8 charset in Content-Type on every JSON response (Hebrew names were displayed as ?????).
• FIXCloudflared tunnel uses HTTP/2 to coexist with Cloudflare WARP.
• FIXElectron wrapper handles spawn EINVAL for npx.cmd on Windows (CVE-2024-27980 mitigation).

v0.x — pre-public-beta

• Initial monorepo (server + Android agent + relay).
• Multi-phone routing through Render-hosted relay.
• Web UI prototype.
• FCM remote-wake.
• Hebrew RTL UI support.

Internal milestones — see GitHub commit history for full detail.