v3.3.1 — Titlebar telemetry + public API docs

UI polish + docs polish on top of v3.3.0's API surface. No breaking changes.

Titlebar telemetry

• Connected / Safety / Reposting moved out of the page Header (where they smushed at narrow widths) into the Titlebar — always visible regardless of which page you're on.
• Connected is now clickable — opens a pop-out showing each IG account with token expiry, Cloud Scheduling status, and API Keys status at a glance.
• Safety pop-out (the shield) also lives in the titlebar now.
• Responsive: labels visible ≥1024px, icon-only at medium widths, Safety-only on narrow windows.

Public API docs

• voidgram.org/docs/api — 5 pages (landing, quickstart, full reference, errors, MCP setup) built from the v3.3.0 API surface. Safe, static, no analytics, no forms, no secrets.
• In-app docs link — "View full API docs ↗" in Settings → API Keys opens the public docs in a new tab.
• Source docs sanitized — placeholder accounts + subdomains, no real install data leaked.

No API or behavior changes

All v3.3.0 features (Bearer auth, /api/v1, OpenAPI, Swagger, MCP server, rate limits) remain identical.

v3.3.0 — External API, OpenAPI, Swagger UI, MCP server

First external-facing release of the VoidGram API

VoidGram now exposes a stable public API under `/api/v1`, fully documented via OpenAPI 3.1 and usable from Claude Code / Claude Desktop via a bundled MCP server.

REST API

• Stable `/api/v1/` contract — frozen across v3.x. Existing `/api/` UI paths unchanged.
• Bearer token auth: `Authorization: Bearer vg_live_...` alongside existing session cookies.
• Generate keys from Settings > API Keys. Keys are shown once, stored hashed, revocable.
• Rate-limited at 100 req/min + 1000 req/hour per key. Cookie-auth (UI) bypasses limits.
• Structured error responses: `{ error, code, status, details? }` with 50+ canonical codes.

Documentation

• OpenAPI 3.1 spec at `GET /api/v1/openapi.json` — 35 endpoints, 10 schemas.
• Swagger UI at `/api/docs` — interactive try-it-out.
• Full guide at `docs/api/README.md` in the repo with end-to-end cURL, TypeScript, and Python examples for publish, schedule, bulk workflows, polling, and repost history.

MCP server (Claude-native integration)

```
claude mcp add voidgram --scope user -- npx -y @voidgram/mcp-server
```
Set `VOIDGRAM_API_KEY` env var from the Settings UI and Claude has 11 tools natively: list accounts, upload media, create draft, schedule post, publish now, list scheduled, cancel scheduled, repost history, whoami, and more.

Talk to VoidGram in natural language:

"Schedule 20 posts from ~/content, spaced 6am/noon/6pm daily, captions from filenames"

What is NOT in v3.3.0

• LAN/internet access (localhost only)
• Webhooks (polling only)
• Per-key scope enforcement (every key is full-access)
• Idempotency keys (use your own dedupe)
• Official TypeScript SDK (planned v3.4)

Stability

• Zero breaking changes to existing `/api/*` behavior. Embedded Electron UI unaffected.
• New functionality strictly additive. Frozen `/api/v1` — future breaks go to `/api/v2`.

v3.2.8 — rebuild web bundle (About showed stale version)

The 3.2.6 and 3.2.7 installers shipped with a web bundle baked from v3.2.5 because I skipped the root npm run build before packaging. Functionally correct (server + Worker + desktop all carried the right code), but the Settings > About card read the stale constant and reported '3.2.5'. 3.2.8 is a clean full rebuild — no behaviour changes vs 3.2.7.

v3.2.7 — Cross-account repost attribution + green badge

Fixes

Reposts from one account showed up under the other account. Confirmed live: @laser_dimension was actually reposted by remvisualart but the Repost History card for thevisualcast displayed it. Root cause: server's /auto/sync forgot X-Account-Id on the Worker call, Worker returned every account's results, server wrote them all under whichever tab the user was on.

Successfully published "Reposted Story" badge stayed orange. PostHistoryPage checked sourceType before status and hardcoded a neutral colour. Now mirrors regular posts — green for PUBLISHED, red for FAILED, amber for in-flight.

Cleanup

• Cleaned up 9 mis-attributed CLOUD StoryRepost rows from local DB. Worker KV results are untouched — just open Story Repost on each account tab and click Sync Cloud once to repopulate correctly.

No Worker changes

Same Worker version as v3.2.6. Both timezone-aware and phase-error-clear logic still live.

v3.2.6 — Timezone-aware sleep window + sessionOnly Settings sync

Silent-skip bug fixed

Worker sleep-window was evaluating in UTC. When the Worker's cron decided whether to scan your DM inbox for story mentions, it checked whether the current hour fell inside your configured sleep window — but when the config didn't carry a timezone (it never did, until now), the check fell back to UTC hours. For anyone west of UTC that effectively moved the 11pm–7am sleep window into the middle of their waking hours, silently blocking scans with zero UI signal.

Observed live on 2026-04-20: desktop offline, both accounts Phase 3 with fresh sessions, sentinel past due, no heartbeat or lease — yet lastPollAt never advanced. Only the Worker tail log "within sleep window, skipping" gave it away.

Fixes

• Server now detects the OS timezone via Intl.DateTimeFormat() and passes it (plus the per-account sleep window) on every Worker config write.
• Worker config schema gained timezone + sleepWindowStart + sleepWindowEnd. Full writes require a timezone and return 400 otherwise — no more optional-field silent defaults for timezone-bearing code.
• Settings > Update credentials now uses a sessionOnly: true flag so the Worker preserves your cloud enabled state + poll interval instead of overwriting them. (A v3.2.5 side effect silently flipped enabled: true → false on every credential refresh.)
• Cron-path sleep check still tolerates missing timezone but logs a loud warning so it can't hide again.
• One-shot backfill script patched the two existing KV configs with the correct timezone — no user action required beyond installing.

Deployment

• Worker redeployed — 85d7c307-7201-4d6a-af86-c83e9c5f9163
• KV entries backfilled with timezone: "America/Los_Angeles"
• Existing configs stay enabled — no disable/enable dance needed

v3.2.5 — Credential save now clears stale phase error

Fixes

Stale 'Needs re-auth' red pill after successful credential update.

v3.2.4 introduced the new traffic-light UI and the Worker endpoint to clear stale lastWarmupError. But only the Story Repost → Enable Cloud flow actually called that endpoint. The much more common flow — Settings → Update credentials — pushed a fresh session to the Worker but left the old phase error sitting in KV. With the desktop online, the sessionWarmer cron never ran to clear it, so the UI lied forever.

v3.2.5 adds the clear-error call to the credential save path. After this install, re-authenticating from Settings will correctly flip the pill from red to green.

UI cleanup. When the red NEEDS_ATTENTION state is showing, the duplicate outline "Update" button is hidden — only the primary "Update credentials" CTA remains. They always did the same thing.

Deployment

• No Worker changes — v3.2.4 deployment still current
• No DB schema changes

v3.2.4 — Private API safety fixes + traffic-light UI

Fixes

P0 safety bugs

• /auto/disable now actually disables on the Worker. Previously it was a silent no-op — the server never sent X-Account-Id to the Worker DELETE, so the Worker fell through to accountSuffix = 'default' and deleted a non-existent key. Confirmed against live logs.
• Wrong-account actions eliminated. getRepostConfig used to fall through to findFirst with no orderBy when accountId was missing, returning whatever the SQLite engine felt like. Now required everywhere, with clear 400 validation.
• Stale lastWarmupError clears after re-auth. The Worker session-phase KV record would keep old warmup errors indefinitely because the sessionWarmer cron skips when desktop is online. /auto/enable now posts to a new Worker endpoint that resets it.

UI safety

• New Settings traffic light (Settings > Private API) replaces the misleading green "Session ready" badge with one of four states: Safe / Warming / Needs Attention / Waiting. Crucially, the lastWarmupError signal now outranks phase === 3 — a dead Instagram session no longer reports as healthy.
• New Account Safety pop-out in the header — visible on every page, shows the worst-case state across all accounts at a glance, with one click to jump to Settings for a fix.
• "Sync Credentials" menu item in Story Repost was misleading (local-only), relabeled to "Refresh local session".

Cleanup

• Removed 8 orphan Worker KV records tied to accountIds no longer in the local DB (residue from a past DB migration). One of them carried a stale challenge_required error that had been sitting in KV for a week.

Deployment

• Worker redeployed — new version ID ffeecf1a-25c2-4f78-bd3e-d316589b9df0. Cron unchanged at */5 * * * *.
• No DB schema changes; no user action needed beyond installing the update.

v3.2.3 — Fix shared database loading

Fix

• DATABASE_URL now passed in process env — Prisma reads DATABASE_URL at module import time, before dotenv runs. Electron now reads DATABASE_URL from .env and passes it directly to the server process. This fixes the shared dev/Electron database not loading.

v3.2.2 — Shared dev/prod database

Fix

• Shared database support — Packaged Electron app now respects DATABASE_URL and STORAGE_PATH from .env if set. Developers can point the packaged app at the dev server's database for unified state (accounts, tokens, sessions, Worker config). Normal users are unaffected.
• Auto-login — App auto-authenticates when accounts exist in DB without requiring OAuth re-auth.
• FB cross-post tracking — Worker saves Facebook post ID back to job data for sync.

v3.2.1 — Auto-login hotfix

Hotfix

• Auto-login from synced database — App no longer shows login page when accounts exist in the database but session cookie is missing. No re-authentication needed, no new tokens generated.
• FB cross-post result tracking — Worker now saves Facebook post ID back to job data and syncs to local DB.
• Periodic Cloudflare sync — Post status updates from Worker every 2 minutes (was only on startup).
• sync-to-electron.bat — Dev helper to sync database/keys to packaged Electron app.