D driftstack
Start

Changelog

What changed.

Customer-facing changes, in reverse-chronological order. SDK releases, pricing changes, security posture updates, self-hosted-tier adjustments. Engineering-internal changes (refactors, test fixtures, observability work) live in the verification log inside the repo, not here.

  1. launch

    Profile snapshots: immutable point-in-time copies

    Capture a snapshot of any saved profile from /profiles → Snapshot. Snapshots are frozen — the source profile keeps evolving but the snapshot does not. List snapshots per-profile or across the whole account, restore any snapshot into a new profile (tier cap and name uniqueness checked the same way as profile creation), or delete one when you no longer need it. Full reference at docs.driftstack.dev/api/profiles.

  2. launch

    Account region preference (US / EU / APAC)

    Set a stated infrastructure region preference from /settings → Region. The selector is informational for v1 — Driftstack runs on EU-jurisdiction infrastructure for every account today (full sub-processor list at /trust/sub-processors). Recording your preference now lets us route accounts to the matching region automatically once the multi-region rollout lands; nothing about your data location changes when you set it.

  3. security

    Two-factor authentication (TOTP) is live

    Optional TOTP-based two-factor on every account. Enroll from /settings → Two-factor authentication: scan the QR with any standard authenticator app, confirm the 6-digit code, and store your 10 single-use recovery codes. Sign-in then issues a challenge token instead of a session; the dashboard exchanges it for a session after the second factor lands. Disabling MFA requires a fresh second-factor proof (15-minute step-up window). Recovery codes can be regenerated at any time. Full reference at docs.driftstack.dev/api/mfa.

  4. security

    Webhook signing-secret rotation with 24-hour grace

    Rotate any webhook endpoint's signing secret from /webhooks → Rotate secret. The new plaintext is shown once; the old secret stays valid for 24 hours so you can roll the new value across your verifier infrastructure without dropped deliveries. Driftstack dual-signs every outbound delivery during the grace (x-driftstack-signature + x-driftstack-signature-prev); SDK verifiers in TypeScript, Python, and Go accept either header.

  5. security

    Active sign-ins list + per-session revoke

    See every browser session currently signed in to your account from /settings → Active sign-ins. Revoke any individual session, or sign out of every other session at once. IPs are intentionally omitted; user-agents are reduced to OS + browser bucket so the dashboard renders signal without surfacing fingerprintable strings.

  6. launch

    Account avatars + readable account handles

    Upload a 2 MB PNG/JPEG/WebP avatar from /settings (stored on the existing EU-jurisdiction Cloudflare R2 sub-processor; private bucket; presigned read URLs). Set a lowercase a-z + 0-9 + hyphen account "slug" as a stable handle for support tickets, billing references, and audit entries. URL routing using the slug is a future feature — for now it's a readable identifier.

  7. launch

    Webhook test deliveries from the dashboard

    Click "Send test" on any webhook endpoint and Driftstack dispatches a synthetic test.ping event through the same delivery infrastructure as production events: HMAC-signed, retried on failure, audit-logged. Lets you confirm your handler signature-checks correctly before relying on it for real events. test.ping is delivery-side only — you can't subscribe to it.

  8. launch

    Profile cloning + audit-log filtering

    Clone any saved profile into a new copy from /profiles → Clone (server auto-derives "(copy)" / "(copy 2)" / ... naming). Filter the audit log by event type from /audit-log; the page now paginates with Load more across an unlimited backlog.

  9. security

    Team RBAC end-to-end: members act on owner resources via X-Driftstack-Account

    A member of a team can scope any /v1/* request to the owner's resources by passing the X-Driftstack-Account header. Read endpoints accept both member and admin roles; write endpoints (POST/PATCH/DELETE/api-keys rotate) require admin role. Customer dashboard adds an "Acting as" picker in the sidebar; the active selection injects the header into every request automatically. Full reference at docs.driftstack.dev/api/team.

  10. sdk

    PlaywrightDriver added for self-hosted local development

    Set DRIVER=playwright + PLAYWRIGHT_BROWSER=webkit|chromium|firefox to run end-to-end smoke tests against a real browser without waiting for the WebKit fork to integrate. Dev/E2E only — production stays on DRIVER=webkit (the modified WebKit fork). Self-hosted Mac runbook at docs/runbooks/self-hosted-mac-local.md walks through the entire local-stack setup; npm run dev:all starts every surface concurrently.

  11. sdk

    Team RBAC, API key rotation, and webhook replay land in all three SDKs

    TypeScript, Python, and Go SDKs gain client.team.{invite,listMembers,listInvites,acceptInvite,removeMember}, client.apiKeys.rotate (24-hour grace on the prior key), and client.webhooks.replayDelivery (one delivery, fresh attempt, same idempotency key). Documentation at docs.driftstack.dev/api/team, /api/api-keys, /webhooks/replay.

  12. launch

    Public status page at status.driftstack.dev

    Live system status, incident history, and a 30-day SLA panel. Subscribe by email for incident notifications (double-opt-in, per-email unsubscribe link). The site is independent of api.driftstack.dev so a control-plane outage does not take the status page down.

  13. security

    GDPR Article 20 portability — full audit log export

    Customers can now export their complete account audit log as CSV or JSON via /v1/account/audit-log/export from the dashboard. 10K-row ceiling per export with cursor pagination beyond.

  14. sdk

    Pagination iterators land in TypeScript + Python SDKs

    sessions.iterate(), profiles.iterate(), and webhooks.iterateDeliveries() walk every page of a cursor-paginated list automatically. Sync + async parity in Python.

  15. pricing

    Two-ladder pricing live

    Manual ($79/mo Solo / $249/mo Team / $699/mo Agency) and API ($149/mo Starter / $499/mo Builder / $1,499/mo Scale + custom Enterprise). Trial pack stays $2.99 / 16 hours.

  16. security

    Crypto payment rail deferred to post-launch

    Coinbase Commerce closed for non-US/Singapore merchants 2026-03-31. Stripe is sole launch payment rail (fiat-only). Crypto re-evaluates against actual transaction volume.

Want changelog entries delivered?

Email hello@driftstack.dev to get added to the customer changelog list. Roughly one email every 2-4 weeks; only material changes (no internal-noise spam).

See docs →