Protocolv0.15.3 beta
Back to Dev Log
v0.15.2-Mar 01, 2026Patch

Marketing Persistence + Bot Defense + CSP

Persisted marketing form submissions in Supabase, upgraded bot protection from Turnstile to Vercel BotID, and added CSP directives to improve security posture.

MarketingSupabaseSecurityBotDefenseCSP

Shipped

  • Added Supabase entities for marketing data:
    • marketing_contact_submissions
    • marketing_beta_signups
  • Implemented API routes for beta signup + contact submissions with first-party persistence and request_id traceability
  • Strengthened bot protection workflow:
    • Turnstile CAPTCHA integration (initial)
    • Migrated to Vercel BotID server-side verification (removed Turnstile dependencies)
    • Added .vercelignore to prevent large artifact uploads
    • Added deploy rules doc and BotID green-light plan
  • Added CSP directives to marketing + training apps to improve baseline security
  • Refreshed marketing styles, simplified forms, and introduced a contact modal
  • Updated backend docs + ERD and design references for consistency

Why

  • First-party persistence gives you reliable lead capture and auditability
  • Bot defense should be server-verified and standardized across public endpoints
  • CSP reduces risk from third-party/script injection classes of issues

Next

  • Add deployment readiness checks to prevent misconfigured environments
  • Expand security gate checks in CI for public route changes
Install App