№ 04 — CHANGELOG
What we
shipped.
Every feature, fix, and improvement to the FerrLabs toolkit. No marketing roundups — just what landed and why.
RSS ↗Admin · Editable org subscriptions + global discounts + promo codes
Staff can now edit any org's subscriptions inline from the admin console, and a new Billing page manages site-wide percentage discounts and user-redeemable promo codes with stacking rules.
ASCII / Unicode inspector
Codepoint-by-codepoint breakdown of any string — UTF-8 bytes, UTF-16 units, HTML entities, CSS escape and Unicode block.
Punycode converter
Internationalised domain names (IDN) to ASCII Punycode and back, using the browser's native URL parser.
IP / CIDR calculator
IPv4 and IPv6 CIDR math — network, broadcast, usable host range, netmask, total hosts, and address classification.
User-Agent parser
Break down any User-Agent string into browser, engine, OS, device and bot heuristics — no remote call.
HTTP status lookup
Searchable dictionary of HTTP status codes — number, reason phrase, category and what each one actually means in practice.
Sitemap validator
Fetch a sitemap.xml or a sitemap index, validate the XML, list child sitemaps or sample the URLs with lastmod / changefreq / priority.
Robots.txt analyzer
Fetch and parse a domain's robots.txt, simulate a crawl decision for any User-Agent + path, list every declared sitemap.
Security headers grader
Score any URL on CSP, HSTS, X-Frame, X-Content-Type, Referrer-Policy, Permissions-Policy, COOP and CORP. A+ to F grade out of 90 points.
HTTP header inspector
Fetch any URL, see every response header, the full redirect chain, and the time it took. Like curl -ILv but rendered nicely.
Reverse DNS
IP address (v4 or v6) → PTR hostname lookup. Useful for tracing the rDNS of a mail server or checking that your IP resolves to the hostname you think it does.
DNS lookup
A · AAAA · MX · TXT · NS · SOA · SRV in one shot, queried in parallel against Cloudflare's public resolvers.
FerrLens · Diff tool is live
Paste two blobs, get a side-by-side or unified diff with inline character highlights. Whitespace and case toggles. Fully client-side — the URL fragment encodes both inputs so you can share without uploading anything.
FerrLens · Dates now render in your local timezone
Snapshot timestamps and scan-fetched-at on shared SEO pages used to render in the server's timezone. They now show in yours. Plus a reusable SSE hook so future streaming tools share the same pattern as the SEO checker.
Spam score — SpamAssassin-style heuristics
Drop a subject + body, get a 0-10 spam score with the exact rules that flagged each line. Runs entirely in your browser — your draft never leaves the page.
Email verifier (v0)
Syntax + MX record check + disposable-provider list + role-based local-part detection. Real SMTP probe comes later.
DNSBL blacklist checker
Query an IP or domain against 30 major DNSBLs (Spamhaus, SpamCop, Barracuda, SORBS, UCEProtect, Mailspike, …) in parallel. Verdict in under a second.
SPF / DKIM / DMARC inspector
Pull, parse and score a domain's email-authentication TXT records — SPF mechanisms, DMARC policy + reports, ~30 common DKIM selectors checked in parallel.
FerrLens disponible en français
38 nouvelles routes /fr/ — home, pricing, account, les 8 pages légales, le changelog et les 21 outils — avec un sélecteur EN/FR en haut de chaque page.
Compressed, opaque share links
Share links from any tool now embed state as a single lz-string-compressed JSON blob instead of plain key=value pairs — 30-70% shorter, no longer human-readable.
FerrLens · SEO checker is now live-streaming, and ~3× faster
The SEO checker no longer waits 20 s before showing anything. Core Web Vitals appear in ~3 s, then full Lighthouse scores fill in. Chromium is now pooled, K8s right-sized, perf flags fixed.
Text stats
Characters, words, lines, sentences, paragraphs, reading time and approximate LLM token count for any block of text.
Credit card / IBAN validator
Validate credit card numbers with the Luhn algorithm and issuer detection, or IBANs with a mod-97 check and per-country length validation.
File hash
Drop a file, get its MD5, SHA-1, SHA-256 and SHA-512 — computed locally, the file never leaves your browser.
JWT signature verify
Verify a JWT against a public key (PEM or JWK) — HS, RS, PS and ES families, all algorithms — through the native Web Crypto API.
Number base converter
Convert between binary, octal, decimal and hex with BigInt arithmetic — no precision loss even on 128-bit numbers.
Slugify
Turn any string — accented, punctuated, multi-word — into a clean URL slug. Configurable separator, max length, and case.
Case converter
Convert between 11 case styles — camelCase, PascalCase, snake_case, SCREAMING_SNAKE, kebab-case, COBOL-CASE, dot.case, Title Case, Sentence case, lower, UPPER.
FerrLens · User menu with tier badge in the navbar
Signed-in users now see an avatar + tier pill in the FerrLens navbar instead of a plain Account link. The dropdown surfaces email, plan, Upgrade CTA and Sign out.
Password generator
Generate strong passwords with configurable charsets, a "no look-alikes" mode, an entropy bar and a crack-time estimate — backed by crypto.getRandomValues.
Color converter
HEX ↔ RGB ↔ HSL ↔ OKLCH with a live colour preview, alpha-aware.
Timestamp converter
Convert between Unix seconds, Unix milliseconds and ISO 8601, with a live view in any IANA timezone plus a relative reading ("3 days ago").
HMAC generator
Generate HMAC-SHA1/256/384/512 of a message with a key in UTF-8, hex or Base64 — through the native Web Crypto API, in your browser.
URL / Base64 / Base64-URL / hex encoder
Encode and decode between text and URL-percent / Base64 / Base64-URL (RFC 4648 §5) / hex, with a single shared input that toggles direction in one click.
Hash generator
MD5, SHA-1, SHA-256, SHA-384 and SHA-512 of any input. SHA-* through the native Web Crypto API, MD5 through a small pure-JS implementation. Your input never leaves the browser.
FerrLens · Sign in with your FerrLabs account
ferrlens.com now uses the central FerrLabs identity, so the same account works across every product site. Cross-domain auth handled server-side by the Astro SSR layer — no token in JavaScript.
FerrLens · SEO checker runs Lighthouse locally
ferrlens.com now runs a real Lighthouse against a real Chromium in-cluster, instead of waiting for Google PageSpeed Insights. Faster, no quota, more signals.
FerrLabs · Org switcher in every product sidebar + cross-app create-org link
All four product apps (Vault, Track, Growth, Fleet) now show the same org switcher dropdown in the sidebar. 'Create an organisation' deep-links to the central labs portal instead of being a dead end.
FerrVault · API package shipped to GHCR for the first time
ferrvault-api is now a proper independently-versioned package with its own Docker image and FerrFlow release lane. End of the "API lives in the app repo but never gets built" era.
FerrTrack · 'My issues' wired to the API + mocked nav stripped
Inbox no longer fans out one request per project. The 'My issues' page is real data. Subscribed, Active cycle, Roadmap, Docs and Teams are gone until they have a backing data model.
FerrTrack · Org-scoped reads + new GET /v1/issues (breaking)
Closes a cross-tenant data leak — issue, user, and comment reads now enforce org ownership. Adds /v1/issues with assignee/status/kind filters to replace the Inbox N+1 fan-out.
FerrVault · End-to-end backend rewrite — every screen talks to a real endpoint
Mocks are gone. Vault edit/delete, secret version history, and the K8s operator token page now hit real APIs. Sidebar trimmed to the three surfaces that actually have a data model.
FerrGrowth · Forms CRUD — create, update, delete, list submissions
The 'New form' button now opens a real modal instead of doing nothing. POST/PATCH/DELETE on /v1/sites/:slug/forms plus a submissions list endpoint, all org-scoped.
FerrLabs · Product APIs accept the BFF session cookie — auth no longer 401s in cookie mode
Every product API (Vault, Track, Growth, Fleet) now falls back to the fl_session HttpOnly cookie when no Authorization header is present. Fixes a hard 401 for all BFF-routed traffic.
Legal pages published — DPA, subprocessors, security
ferrfleet.com now hosts the standalone Data Processing Addendum, subprocessor list, and security overview in EN and FR.
FerrLabs · server-side telemetry emit wired into auth + org + subscription handlers
API now emits the documented events when accounts sign up, log in, orgs are created, members added, subscriptions activate / change tier / cancel.
app.ferrlabs.com · telemetry opt-out toggles in Preferences and a new Privacy page
Per-user toggle on /prefs and a new /privacy page with the org-wide toggle for owners and admins.
FerrFlow · DO_NOT_TRACK env var + first-run telemetry notice
Telemetry now honours DO_NOT_TRACK=1 alongside FERRFLOW_TELEMETRY=0, and the first invocation prints a one-line notice pointing to ferrlabs.com/telemetry.
FerrLabs · telemetry ingestion endpoint + opt-out plumbing
POST /v1/telemetry now persists envelopes, organizations and users get a telemetry_opt_out flag, and the toggle endpoints are live in app.ferrlabs.com.
FerrLabs · /telemetry preview of the on-by-default commitment
New transparency page documenting every event we plan to collect, the hashing scheme, and the opt-out paths. Marked draft until the events actually emit.
FerrLabs · CI i18n + langue désactivée quand pas de miroir
Tous les sites passent par un check CI parité fr/en + résolution de clés. Le toggle FR/EN sur une page sans miroir est désormais visiblement désactivé (strikethrough + tooltip) au lieu de no-op silencieux.
FerrFlow · docs au style Claude
ferrflow.com/docs/ adopte le langage visuel de docs.claude.com — fond off-white, accent FerrFlow orange, code blocks soft-dark, callouts à barre accent, layout 3 colonnes, composants <Card>/<CardGroup>/<Note>.
FerrLabs · changelog disponible en français
ferrlabs.com/fr/changelog/ et /fr/changelog/<slug>/ + flux RSS FR. La chrome (header, breadcrumb, boutons, dates) suit la langue ; les entrées restent en anglais (source unique de vérité).
FerrLabs · Navbar + Footer enfin traduits sur les 3 sites SaaS
FerrTrack / FerrVault / FerrGrowth: les pages /fr/ affichaient une navbar et un footer en anglais. Tout passe maintenant par t(lang, key).
FerrLabs · public changelog
New /changelog/ on every FerrLabs site — editorial entries for what shipped, when, and why. Source of truth at FerrLabs/Changelog (public repo).
FerrLabs · editorial scrollbar everywhere
Hairline scrollbar with slate thumb — applied via @ferrlabs/styles base + inlined on sites that do not consume the package. Firefox supported via scrollbar-width.
FerrLabs · auto-redirect French browsers + translate=no on code
First-time visitors with browser locale starting with `fr` are redirected once to /fr/. Code blocks tagged translate="no" so Google Translate stops mangling shell snippets.
FerrFlow · editorial features grid, install grid, dark CTA
The body of ferrflow.com now matches the new editorial design — six feature cards in a single bordered grid, four install methods side by side, dark contrast CTA block.
FerrLabs · noindex on private app surfaces
Every app/admin/auth UI now ships meta robots + robots.txt + nginx X-Robots-Tag for defence-in-depth no-indexing. Search engines stop crawling auth flows and dashboards.
FerrLabs · sitemaps + structured robots.txt for every marketing site
ferrlabs.com / ferrflow.com / ferrvault.com / ferrtrack.com / ferrgrowth.com all ship a generated sitemap.xml + a robots.txt that points to it. Hreflang alternates included for the bilingual sites.
FerrLabs · org profile rewritten
github.com/FerrLabs landing now reads like a proper org: one paragraph per public product, links to ferrflow.com / ferrvault.com / ferrtrack.com / ferrgrowth.com / games.ferrlabs.com. No mention of internal tooling.
FerrLabs · cross-product nav in every footer
Each marketing site footer now lists the other FerrLabs products with their accent dot. Visitors on ferrflow.com discover ferrvault.com without going back to the holding site.
FerrLabs · brand-glyph favicons across every product
Each product site now ships a favicon matching its navbar glyph. No more generic concentric circles.
FerrLabs · branded OG images for social previews
Slack / LinkedIn / X previews now render a branded card (1200x630) with the product glyph + Fraunces wordmark + tagline.
FerrLabs · typographic [FL] logo
Replaced the placeholder concentric-circles logo with a typographic [FL] mark — DM Mono brackets around Fraunces 900 letters.
FerrLabs · editorial footer
4-column footer with brand colophon, product chips with live-status glow, "All systems normal" pulse — replaces the generic SaaS footer.
FerrFlow v4.2 · pre-release channels
Ship `alpha`, `beta`, and `rc` releases without touching your floating tags.
FerrLabs · editorial holding-site refresh
New design system for ferrlabs.com — paper palette, Fraunces display, list-style products, scroll-blur navbar, sticky-bottom footer.
FerrLabs · products switch to a list layout
The 4 product slots on ferrlabs.com are now a hairline-divided list with Fraunces 64px names, accent dot, italic tagline. Replaces the asymmetric card grid.
FerrGrowth · editorial Navbar + Footer
growth.ferrlabs.com now ships the FerrLabs editorial design — Fraunces display, paper palette, violet accent.
FerrTrack · editorial Navbar + Footer
track.ferrlabs.com now ships the FerrLabs editorial design — Fraunces display, paper palette, indigo accent.
FerrVault · editorial Navbar + Footer
vault.ferrlabs.com now ships the FerrLabs editorial design — Fraunces display, paper palette, emerald accent.
FerrFlow · editorial hero on the landing page
New display headline (Fraunces 900, italic accent), softer paper background, monospace eyebrows.
FerrFlow · changelog ordering fix
Changelog entries are now sorted by commit date instead of alphabetically inside each section.