What we've shipped recently. Subscribe via RSS for an automated feed.
A reverse-chronological log of QorTrace product releases. The full machine-readable feed is at /api/methodology.rss. Specific methodology revisions live at /methodology/v0.1, /methodology/v0.2, etc.
2026-05-23 — Stripe live billing (iter269.19a)
qortrace.com now accepts production card payments. Customer Portal configured in live mode, all 8 critical webhook events signature-verified, public status endpoint confirms mode=live + webhook_signature_verified=true. Statement descriptor reads QORTRACE on customer statements. Tax handling deferred until meaningful EU revenue lands.
2026-05-23 — Site-wide email design refresh
Every transactional email — invites, password resets, audit deliveries, weekly digests, NDA notifications — got brighter body text, wider cards (600 → up from 560), more breathable line-height, and explicit text colors that survive Gmail/Outlook style rewriters. 30 templates, 269 dim-color usages, one sweep.
2026-05-23 — /changelog short-link + audit-delivery referral CTA
Type qortrace.com/changelog to land here directly. Audit-delivery emails now include a 'Refer & Earn Credit' module at the peak-happiness moment, directing recipients to /account/referrals.
2026-05-23 — Operator alerts on Slack (operator-facing)
The internal 5-minute synthetic monitor now pings a Slack channel on any 307 / 5xx / >2s / timeout across 12 critical endpoints, with cooldown gating to prevent alert flap. One-click test-ping from /admin console verifies the wire-up before deployment. Mentioned for transparency; CISOs reviewing our incident-response posture can cite this in their vendor questionnaires.
2026-05-22 — Status page upgrade: 30-day uptime ribbon + 24h sparklines
/status now ships a Cloudflare/Stripe-grade ribbon: 30 days of daily uptime per component, 24h latency sparklines on every probe, last-checked timestamps everywhere. Synthetic monitor extended to Audit, Scanner, Atlas, Compliance, and Trust Center endpoints. Both slash-variants probed (no more silent 307s).
2026-05-22 — Password UX: live policy meter + HIBP breach check
Every password form (signup, reset, 2FA backup, settings) now shows a live policy meter, a strength bar with gradient colors, a one-click strong-password suggester, and a HIBP (HaveIBeenPwned) k-anonymity breach check. Your password never leaves your browser — only a SHA-1 prefix is sent. Migrated to a single <PasswordChangeCard /> wrapper across 4 surfaces.
2026-05-22 — Cmd-K search now self-tunes + Trending Today
Hit ⌘K (or Ctrl-K) anywhere on qortrace.com. Site-wide search now learns from real query patterns — documents customers actually open rise in relevance, ignored ones fall. A new 'Trending Today' rail surfaces what other operators have been hunting for in the last few hours.
2026-05-22 — PQC Glossary expanded to 175 cross-linked terms
/docs/glossary now covers 175 post-quantum cryptography terms with cross-references between related entries. Built so a CISO or analyst landing cold on a PQC-heavy customer thread can decode any term in two clicks. Auto-upgrade hook ensures new terms reach production without a manual script run.
2026-05-22 — Slash-agnostic APIs — no more 307 redirects
Trailing-slash requests (/api/audits/ vs /api/audits) used to bounce through a 307. Small but real source of latency, broken Authorization headers (some HTTP libraries strip them on redirect), and CORS preflight pain. A new ASGI middleware flattens both variants to the same route. POST/PUT/DELETE included.
2026-05-21 — GitHub scanner validation hints + bug fixes
GitHub repo scanner shows inline format hints, validates as you type, and gracefully recovers from rate-limited GitHub responses. Also fixed: newsletter signup scope bug, broken email-link 404s, MegaMenu transparent-background CSS bug on /docs.
2026-05-07 — Wiki / Docs platform (Phase 2a)
Public docs surface with admin authoring, version history, and hybrid public/internal visibility. The page you're reading now lives in this system.
2026-05-06 — Persona foundation (Phase 1)
Multi-step persona-aware signup. New accounts now identify as Individual / Team / Enterprise, and Enterprise accounts pick between subscription and custom-build tracks. Drives the personalisation engine for everything from onboarding to email cadence.
2026-05-06 — Methodology compliance receipt
SOC 2 / ISO 27001 / FFIEC reviewers can now download a SHA-256-stamped PDF receipt directly from the methodology page. The hash pins them to a specific methodology revision for their workpapers.
2026-05-06 — Anti-fraud certificate lockdown
Public audit certificates now ship with a diagonal SAMPLE watermark, view-only download buttons, and contextmenu suppression. Customers who need a clean cert request one through Sales — closing a forgery loophole that existed since launch.
2026-05-06 — Public verify + cross-funnel widget
Reviewers can validate any audit ID at /verify/<id>. Sales sees a real-time hotlist of methodology reviewers who are also free-scan / consultation / lead-funnel matches.
Older
See the public methodology version registry at /methodology for revisions older than 2026-05.