Back to updates

April 23, 2026

v0.0.6

authsecuritydevicesusagenextjs

Highlights

  • Desktop auth is now browser-first end to end, with PKCE-style request flow and explicit browser approval before desktop token issuance.
  • Next.js now hosts the account/auth experience used by desktop sign-in, including login, registration, reset, approval, and account center routes.
  • Device/session controls were expanded for desktop scenarios: approve/deny browser auth requests, revoke devices, and replace devices with stronger server-side checks.
  • Usage reporting moved to a shared canonical contract (`UsageMetricContract`) used by both desktop and web, including unified metric keys and shared totals.
  • Metrics taxonomy was refined: `Verse Detected` removed from surfaced dashboards and lyrics operations merged under `Lyrics Processing`.
  • Web account center usage received a cleaner trend visualization and fuller timeline rendering behavior for selected windows.

Fixes

  • Fixed desktop browser auth race behaviors and approval handling so desktop token issuance waits for explicit browser approval.
  • Fixed desktop auth endpoint routing to use Next.js auth shell URLs consistently.
  • Fixed usage aggregation reliability by introducing cloud canonical summary service and local fallback strategy in desktop.
  • Fixed usage pipeline consistency gaps between desktop modal and web account center by normalizing metric shape, labels, and units.
  • Added/expanded auth and usage observability events for browser auth lifecycle, contract versioning, and mismatch diagnostics.
  • Improved account center and security flow wiring for real device actions (revoke/replace/revoke-all) through web API routes.

Known issues

  • Some local-only usage activity may appear delayed in cloud-canonical dashboards until sync/outbox processing completes.
  • Device/session and usage values can differ temporarily during offline periods before reconciliation.
  • This release introduces major auth and account UX transitions; teams should monitor browser-auth and usage mismatch telemetry closely after rollout.

Notes

  • This release is focused on production hardening of desktop auth/device enforcement and alignment of account/usage experiences across desktop and web.