> ## Documentation Index
> Fetch the complete documentation index at: https://docs.shipyard.lol/llms.txt
> Use this file to discover all available pages before exploring further.

# Changelog

> Product updates and improvements across the Shipyard suite.

<Update label="May 10, 2026">
  ## Updates

  * **Database requests now run over HTTPS for serverless reliability.** [ShipOS](/shipos) and [ShipSpace](/shipspace) have moved their database layer from direct TCP connections to Supabase's REST API. This eliminates the IPv4/IPv6 connectivity failures that intermittently surfaced as 500 errors on Vercel serverless deployments, so requests resolve consistently across regions.
  * **Clearer database error reporting in [ShipOS](/shipos) and [ShipSpace](/shipspace).** Failed database calls now log a structured error with message, code, and hint instead of returning silently. Issues that used to surface as a vague 500 are now diagnosable from server logs on the first occurrence.
  * **Lighter ShipAgent polling in the [ShipOS](/shipos) dashboard.** The sidebar and menu bar no longer poll the ShipAgent task feed independently. They now share a single request that runs every 30 seconds and pauses when the tab isn't visible, cutting background traffic by roughly 90% and reducing battery and network use during long sessions.

  ## Fixes

  * **Restored production database connectivity across the suite.** The Supabase Transaction Pooler began returning `tenant/user not found` errors across every region overnight, breaking database-backed requests on [ShipOS](/shipos), [ShipSpace](/shipspace), [ShipChat](/shipchat), [ShipCode Cloud](/shipcode), and the Shipyard Console. Production now uses a direct Supabase connection tuned for serverless, so requests resolve normally again.
  * **Softer IPv6 warning during deploys.** Production startup checks no longer hard-fail when an IPv6-capable database URL is detected — Vercel handles IPv6 fine, so this is now a non-blocking warning.
  * **Fixed 404s and 500s in [ShipOS](/shipos) preview after the database move.** Records returned by the new HTTPS database layer were missing fields like organization and timestamp, breaking server-rendered pages. Server components now receive the expected fields and pages render cleanly.
  * **Database health check returns reliably.** The `/api/health/database` endpoint on [ShipOS](/shipos) and [ShipSpace](/shipspace) now responds correctly under the new HTTPS database layer, so uptime probes and status pages report accurate state again.
  * **Structured JSON errors from API routes in [ShipOS](/shipos) and [ShipSpace](/shipspace).** API routes that previously returned opaque plain-text 500s now respond with structured JSON containing an error message and details, making client-side error handling and debugging straightforward. When the database is unreachable, [ShipOS](/shipos) settings now returns a `503` instead of a generic 500, so retry logic can react correctly.
  * **Preview deploys for [ShipSpace](/shipspace) connect to the database again.** Supabase environment variables were only set for production, causing preview deployments to fail when reaching the database. Preview environments now have the credentials they need and run cleanly.
  * **Saving preferences and creating projects no longer 400s.** User preference and project saves on [ShipOS](/shipos) and [ShipSpace](/shipspace) intermittently failed with a 400 after the move to the HTTPS database layer. Saves now succeed cleanly and new [ShipSpace](/shipspace) projects get a generated ID without manual input.
  * **Creating issues, projects, and notes in [ShipSpace](/shipspace) succeeds again.** A follow-on fix to the database layer move: creating issues, projects, comments, notes, docs, and user preferences in [ShipOS](/shipos) and [ShipSpace](/shipspace) was failing with 400/500 errors because record IDs and modification timestamps weren't being generated automatically. New records now get a unique ID and timestamp on save, and the dashboard loads without cascade failures.
  * **[ShipSpace](/shipspace) deploys are building again.** Vercel builds for [ShipSpace](/shipspace) had been skipped during the database migration. Builds now run on every push, so deploys reflect the latest changes.
</Update>

<Update label="May 9, 2026">
  ## New

  * **Shipyard sign-in is now a waitlist page.** While we put the finishing touches on the public launch, [shipyard.lol/login](https://shipyard.lol/login) has been replaced with a "launching soon" screen and a **Join the waitlist** button. Existing app entry points like [ShipOS](/shipos), [ShipSpace](/shipspace), and [ShipCode Cloud](/shipcode) keep working as before — sign in directly from each app.
  * **"Already have access?" link for existing users.** The new waitlist page includes a quiet **Login** link that takes existing customers to a dedicated `/sign-in` page on Shipyard, so early-access users can still authenticate from the marketing site.

  ## Updates

  * **Cleaner Shipyard homepage hero.** The "Execution Engine · AI-era Builder Tools" badge above the hero headline on [shipyard.lol](https://shipyard.lol) has been removed for a tighter, less cluttered first impression.

  ## Fixes

  * **Plan-required screens no longer crash in production.** The "upgrade required" screens on [ShipOS](/shipos) and [ShipSpace](/shipspace) hit a Clerk provider error on cold starts that could surface as a 500. The workspace switcher embedded in those screens now resolves reliably on the first request after a deploy, building on yesterday's plan-required reliability work.
  * **Steadier ShipSpace middleware.** Internal Next.js and WebSocket requests are now skipped by ShipSpace middleware so signed-in and signed-out routing stays consistent and runtime errors no longer surface on those paths.
  * **Production database connections are reliable across the suite.** Database queries from [ShipOS](/shipos), [ShipSpace](/shipspace), [ShipChat](/shipchat), [ShipCode Cloud](/shipcode), and Shipyard now connect reliably in production after switching off a broken upstream connection pooler, resolving the `tenant or user not found` and `ENOTFOUND` errors that could surface on serverless networks. Builds also surface a clear warning in production if a misconfigured database URL is detected, so issues are caught before deploy.
  * **Subscriptions appear immediately after checkout.** Returning from a successful upgrade in [ShipOS](/shipos), [ShipSpace](/shipspace), [ShipChat](/shipchat), [ShipCode Cloud](/shipcode), or Shipyard sometimes landed users back on the plan-required screen for a few seconds while billing data propagated. The checkout success page now waits for your new plan to become visible before redirecting, so you go straight into the product.
</Update>

<Update label="May 8, 2026">
  ## New

  * **Global ⌘K command palette in ShipOS.** Press `⌘K` (or `Ctrl+K`) anywhere in the [ShipOS dashboard](/shipos) to jump between pages, run quick actions like "New issue" or "New note," and search across issues, projects, ShipCode agents, ShipAgent conversations, notes, and messages — all from one palette. Results are grouped by type so you can scan and act fast.
  * **Issue detail pages in ShipOS.** Click any issue title in the issues table to open a full detail view with status, assignee, priority, and an inline comment thread. Comments post and delete optimistically, so threads stay snappy. Edits to title, description, status, priority, and assignee save without leaving the page.
  * **Gemini 3.1 Flash Lite in AI Chat.** [ShipOS](/shipos), [ShipChat](/shipchat), and [ShipSpace](/shipspace) AI Chat now offer Gemini 3.1 Flash Lite alongside GPT-5 Mini. A context window badge next to the model selector shows how much room each model has for your conversation.
  * **Default AI model picker in Settings.** Pick your preferred model — GPT-5 Mini or Gemini 3.1 Flash Lite — under **Settings → AI** in [ShipOS](/shipos). New chats open with your default selected.
  * **Issue cards in AI Chat replies.** When AI Chat surfaces issues, it now renders them as GitHub-style cards with title, status, priority, and assignee instead of inline IDs, so you can scan results at a glance.
  * **Destructive action confirmation in AI Chat.** Bulk deletes and large removals (more than 10 items at once) now prompt for confirmation before the agent executes them, giving you a chance to back out.
  * **App switcher on the sign-in screen.** The [Shipyard sign-in page](https://shipyard.lol/login) now opens with tiles for ShipOS, ShipSpace, and ShipCode so you can pick where to land after authenticating, with locked tiles for products that aren't available to your account yet.

  ## Updates

  * **Floating pill navbars across the suite.** Public pages on Shipyard, ShipOS, ShipSpace, ShipChat, ShipCode Cloud, and Agent now share a refreshed floating pill-shaped navigation bar with smoother transitions between routes.
  * **Polished pricing pages.** Pricing grids across all apps got a layout pass — subtitles align consistently and the grid reads cleanly across screen sizes.
  * **Type while the AI is replying.** The AI Chat composer in [ShipOS](/shipos) and [ShipChat](/shipchat) now lets you start drafting your next message while the previous response is still streaming. The send button shows a spinner until generation finishes.
  * **AI Chat composer auto-focus.** Opening AI Chat in any app now drops your cursor straight into the textarea so you can start typing immediately.
  * **"In Progress" replaces "Active" on issues.** The in-progress issue label across [ShipOS](/shipos) now reads "In Progress" for clearer status at a glance.
  * **Cleaner ShipOS menu bar.** The dashboard menu bar got an opacity and System panel polish pass for better contrast and a tighter layout.

  ## Fixes

  * **Notes textarea stays inside its panel.** The Notes write-mode editor in [ShipOS](/shipos) and ShipSpace no longer overflows its container on long entries — the textarea now resizes correctly within the workspace.
  * **Checkout works in development again.** A BotID check that was incorrectly blocking checkout on local and preview environments has been resolved, so [billing flows](/shipos) complete without intervention.
  * **AI Chat connects to the gateway reliably.** A mismatched environment variable caused some AI Chat requests to fail on first load. Requests now resolve correctly on every environment.
  * **⌘K search clears between sessions.** The command palette no longer keeps stale text from a previous open — every launch starts with an empty search field.
  * **Correct billing storage parameter ordering.** A parameter-numbering bug in billing storage queries has been fixed, removing an edge case that could surface incorrect plan data.
  * **Resolved 500 errors on [ShipOS](/shipos) and Shipyard.** A middleware misconfiguration that surfaced as `500 Internal Server Error` on some requests has been fixed across ShipOS and the Shipyard marketing site. Bot protection now applies consistently in production without breaking page loads.
  * **Plan-required upgrade screens render reliably across the suite.** The "upgrade required" screens on [ShipOS](/shipos), [ShipSpace](/shipspace), [ShipChat](/shipchat), [ShipCode Cloud](/shipcode), and the Shipyard marketing site now render dynamically after a fresh deploy. Previously, the workspace switcher on those screens could fail to load on the first request.

  ## Security

  * **Patched dependency vulnerabilities.** Several upstream advisories were resolved by upgrading to fixed releases (`ip-address`, `nitropack`, `hono`, `fast-xml-builder`). No action required.
</Update>

<Update label="May 3, 2026">
  ## New

  * **Connect any MCP client to ShipOS with an API key.** ShipOS now accepts simple bearer-token auth on its MCP endpoint, so clients that don't support OAuth — like Warp and other terminal-based assistants — can connect. Generate a key on the new **API Keys** page in the [Shipyard Console](/console-api-keys), then point your client at `https://mcp.shipyard.lol/api/mcp` with `Authorization: Bearer sh_...`. Existing OAuth-based connections from [ChatGPT and other clients](/shipos-mcp) keep working unchanged.
  * **API Keys page in the Shipyard Console.** Create, name, and revoke organization-scoped API keys from a new dashboard page. Keys are shown once on creation and stored as hashes — see [Console API keys](/console-api-keys) for the full lifecycle.

  ## Fixes

  * **ShipOS MCP connections survive transient Clerk hiccups.** The ShipOS MCP server now caches your workspace role for 5 minutes and falls back to it if a Clerk membership check fails mid-session. Previously, a brief Clerk API blip would knock ChatGPT into "Connected, but no tools" or cause OpenCode to report "not authenticated" right after a successful sign-in. Connections from [ChatGPT and other MCP clients](/shipos-mcp) now stay healthy through transient errors.

  ## Security

  * **More security hardening across the suite.** A second pass on the security audit landed today. Highlights:
    * **Strict-Transport-Security on every app.** Shipyard, ShipOS, ShipSpace, ShipChat, ShipCode Cloud, Console, Agent, and API now send HSTS headers in production, telling browsers to always use HTTPS.
    * **Authenticated billing endpoints.** All billing routes (checkout, plans, customer portal) across ShipChat, ShipOS, ShipSpace, and ShipCode Cloud now require a signed-in user and validate that the request matches the caller's account, closing IDOR risks.
    * **Sanitized share pages.** ShipCode share pages render markdown, code, and shell output through DOMPurify, preventing XSS in shared content.
    * **Open-redirect guards on sign-in.** ShipSpace Bar and Site sign-in flows now validate the callback host before redirecting, so a crafted link can't bounce you off-domain.
    * **Path-traversal protection in ShipCode CLI.** File operations resolve real paths before allow-listing, blocking symlink-based escapes.
    * **Production guard on ShipCode Cloud `seed`.** The seed endpoint now refuses to run outside development.
    * **Hidden environment metadata.** The dashboard menu bar no longer exposes `NODE_ENV` in production responses.
    * **Stricter TLS for database tooling.** Drizzle config rejects unauthorized certs in production.
    * **Expanded shell-injection blocklist.** The ShipCode CLI auth command rejects a wider range of dangerous shell patterns.
</Update>

<Update label="May 2, 2026">
  ## New

  * **Connect ShipOS to ChatGPT over MCP.** ShipOS now ships an OAuth-backed MCP server you can register as a custom connector in ChatGPT. After authorizing in your browser, ChatGPT can read issues, Company Knowledge, workspace messages, and ShipCode agent state — and, with explicit approval, create issues, update status and priority, post notes, and edit Company Knowledge. Access is scoped to your workspace. Grab your endpoint URL and connection steps from the new **MCP** page in the ShipOS dashboard.
  * **Switch ShipOS between sidebar and top bar layouts.** The ShipOS dashboard now supports two navigation layouts: the classic sidebar or a compact top bar. Toggle between them from the dashboard header — your preference is saved per account so it sticks across sessions and devices.
  * **ShipSpace database health endpoint.** A new `/api/health/database` endpoint reports whether ShipSpace can reach its database, returning a sanitized error code when it can't. Useful for uptime checks and status pages.

  ## Updates

  * **Refreshed Shipyard logo, suite-wide.** A new logo is now live across every Shipyard surface — Shipyard, ShipOS, ShipSpace, ShipChat, ShipCode (web, desktop, and console), favicons, and marketing pages. No action needed; you'll see the updated mark on next load.
  * **Polished plan-required screens.** The "upgrade required" screens across ShipSpace, ShipChat, and other paid surfaces now show app-specific messaging and a clearer list of what unlocks with Shipyard Pro.
  * **ShipSpace works keyless in development.** ShipSpace no longer requires Clerk keys to be set locally — it falls back to Clerk's keyless development mode so you can boot the app without any auth setup. Production still requires real keys.
  * **Better guidance for ShipSpace on Vercel.** The `.env.example` and startup validation now recommend the Supabase pooler/Supavisor connection string for production deployments and warn loudly if a direct Postgres URL is used, which can fail on IPv6-only serverless networks.
  * **Refreshed ShipSpace Bar download.** The macOS menu bar app on the [Apps page](https://shipyard.lol/apps) has been rebuilt with the latest fixes.

  ## Fixes

  * **More reliable ShipSpace database connections.** Connection failures now surface a clear, redacted error instead of leaking credentials or hanging, and production environments get an upfront warning when the connection string looks misconfigured.
  * **ChatGPT can now discover the ShipOS MCP connector.** OAuth discovery and the authorization callback are aligned with ChatGPT's stricter MCP requirements, so adding ShipOS as a custom connector completes cleanly. If a previous attempt failed during sign-in, try connecting again from the **MCP** page in your dashboard.
  * **Cross-origin MCP connections work in the browser.** ShipOS MCP and OAuth discovery endpoints now return the right CORS headers, so browser-based MCP clients can complete discovery and authorization without preflight errors.
  * **OAuth authorize uses a clean 302 redirect.** The MCP OAuth authorize endpoint now returns a standard `302` redirect on success and on error, fixing edge cases where some clients wouldn't follow the response correctly. Error responses are also redacted to avoid leaking internal details.

  ## Security

  * **Suite-wide security hardening.** A deep audit landed across Shipyard, ShipOS, ShipSpace, ShipChat, and ShipCode this week. Highlights:
    * **Stronger session cookies.** Authenticated sessions are now `Secure`, `SameSite=Lax`, and shorter-lived (30 days), reducing exposure on shared or stolen devices. You may need to sign in again once.
    * **Self-hosted ShipCode server is fail-closed.** The local ShipCode server now refuses to start without `SHIPCODE_SERVER_PASSWORD` set, instead of silently exposing an unauthenticated endpoint. See [ShipCode Cloud setup](https://docs.shipyard.lol/getting-started/quickstart) for environment configuration.
    * **Tighter CORS on ShipCode Console.** Models and enterprise endpoints now only accept requests from approved origins.
    * **Safer agent tooling.** `webfetch` and skill discovery now block requests to localhost, private IP ranges, IPv4-mapped IPv6 addresses, encoded IP literals, and `.local`/`.internal` hostnames, preventing accidental access to internal network resources.
    * **Hardened CLI input handling.** The `--params` flag in the ShipCode CLI accepts strict JSON only — arbitrary expressions are no longer evaluated.
    * **Redacted error responses.** Server errors no longer leak stack traces or database details to clients; full diagnostics stay in server logs.
    * **Patched dependencies.** Several third-party advisories (Astro XSS, AI SDK, `@astrojs/cloudflare` SSRF, `uuid` buffer issue) were resolved by upgrading to fixed releases. No action required.
  * **New `CHAT_API_SECRET` for self-hosters.** ShipChat's API now supports an optional bearer-token check via the `CHAT_API_SECRET` environment variable. Set it in production deployments to require authentication on the chat endpoint.
</Update>

<Update label="May 1, 2026">
  ## New

  * **ShipSpace Bar for macOS.** A native menu bar app that puts your active ShipSpace work one click away. Sign in with Clerk, pick a workspace, scan your active issues from the status bar, and jump straight into ShipSpace to keep working. Download it from the new [Apps page](https://shipyard.lol/apps) (macOS 14+, DMG).
  * **Apps directory.** A public Apps page now lists every Shipyard surface — web apps like ShipSpace and ShipCode, plus desktop downloads — so you can find the right entry point at a glance.

  ## Updates

  * **Cleaner ShipOS dashboard chrome.** The ShipOS sidebar and menu bar got a polish pass for clearer navigation.

  ## Fixes

  * **Sign-in via OAuth no longer 404s.** Shipyard, ShipOS, ShipSpace, and ShipCode Cloud now have real `/sso-callback` pages, so completing a Clerk OAuth flow lands you back in the app instead of a 404.
  * **Correct app links in production.** Links to ShipSpace and ShipCode Cloud now resolve to `space.shipyard.lol` and `code.shipyard.lol` when deployed, instead of leaking localhost overrides.
</Update>

<Update label="April 28, 2026">
  ## Updates

  * **New Privacy and Terms pages on ShipOS.** Public-facing privacy and terms pages are now live, making policy information easier to find.
  * **Branded error and not-found pages.** ShipSpace and ShipOS now show branded `404` and error screens instead of generic browser fallbacks, so dead-ends feel like part of the product.
  * **Cleaner suspended-account experience.** Suspended ShipOS users now land on a proper `/blocked` page instead of a recursive 404.
  * **Localized menu bar.** The dashboard menu bar no longer surfaces placeholder text and now respects your environment for links.
  * **Pricing email corrected.** Billing-related emails now point to the correct `shipyard.lol` domain.

  ## Fixes

  * **404s after sign-in resolved.** Authenticated routes across all apps in the suite (Agent, API, Chat, Console, ShipOS, ShipSpace, Site) once again load reliably after login. If you were seeing a blank page or 404 immediately after authenticating, this is fixed.
  * **Safer redirects for unauthenticated users.** Visiting protected ShipSpace or Shipyard surfaces while signed out now redirects you to sign in instead of throwing a type error.
  * **Hardened dependency security.** 15 high-severity vulnerabilities have been eliminated by patching transitive dependencies across the suite. No action required on your end.
</Update>