Skip to main content

Platform Status

Below is the live snapshot of environments, integrations, recent changes, and upcoming actions. This data is sourced from src/data/status.json and should be updated during each end-of-day routine.

Environments

NameStatusAPI BaseDashboard
Productionoperationalhttps://reformer-platform.onrender.comhttps://dash.reformer.la
Developmentrequires local setuphttp://localhost:10000http://localhost:5173

Integrations

NameStatusNotes
MCP Serversconfigured15 custom MCP servers providing AI assistants with direct access to all services. 95+ tools total. See docs/integrations/mcp-servers for details.
ClickUpconfiguredService credentials in Render env vars (`CLICKUP_*`). MCP server available.
StripeconfiguredLive secret in Render (`STRIPE_WEBHOOK_SECRET`). MCP server available.
DropboxconfiguredAccess token stored in Render (`DROPBOX_ACCESS_TOKEN`). MCP server available.
SlackconfiguredWebhook URL in Render (`SLACK_WEBHOOK_URL`). MCP server available.
IntercomconfiguredAccess token in Render (`INTERCOM_ACCESS_TOKEN`). MCP server available.
Close CRMconfiguredAPI key in Render (`CLOSE_API_KEY`). MCP server available.
Cal.comconfiguredClient ID and secret in Render. MCP server available.
ResendconfiguredPrimary email service. API key in Render (`RESEND_API_KEY`). MCP server available.
VimeoconfiguredClient tokens stored in database integrations table. MCP server available.
SpotifyconfiguredUser tokens stored in database spotify_tokens table. MCP server available.
HunterconfiguredAPI key in Render (`HUNTER_API_KEY`). MCP server available.
PirschconfiguredClient credentials in database integrations table. MCP server available.
PageSpeedconfiguredAPI key in Render (`PAGESPEED_API_KEY`, optional). MCP server available.
Webflow AIconfiguredWebsite generation service. MCP server available.
RenderconfiguredExternal MCP server via `@render-oss/render-mcp-server`. API key in Render (`RENDER_API_KEY`).
Cursor Cloud AgentsconfiguredUser API key stored as `CURSOR_API_KEY` in Render & GitHub.
FirecrawlconfiguredWeb intelligence & crawling service integrated in Admin Dashboard. API endpoints: `/api/firecrawl/accounts/:id/summary` and `/api/firecrawl/accounts/:id/refresh`.
LoopsretiredIntegration removed from production; replaced by Resend. Credentials kept only for archives.
MemberstackretiredRemoved from stack. No longer in use.

Recent Changes

  • 2026-01-06: CRITICAL SECURITY FIXES: Fixed SQL injection vulnerabilities in 3 service files (smart-search-service, playlist-generator, activity-logger). All queries now use parameterized statements. Fixed CORS misconfiguration - removed 'allow all origins' and implemented whitelist-based CORS. Added environment variable validation on server startup.
  • 2026-01-06: SECURITY AUDIT: Identified 8 exposed credentials requiring immediate rotation (Stripe live key, ClickUp API key, Close CRM, Dropbox, Intercom, PageSpeed, Slack webhook, database credentials). Documentation created in SECURITY-AUDIT-2026-01-06.md with rotation procedures.
  • 2026-01-05: SUPABASE OPTIMIZATION: Fixed 6 view security issues (security_invoker=true), 7 function search path issues, added 16 performance indexes (50-80% faster queries), removed 2 duplicate indexes. All 47 tables verified with RLS enabled.
  • 2026-01-05: USER FLOW IMPROVEMENTS: Created enhanced signup endpoint (/api/auth/signup-enhanced) with atomic transaction (user + account + member). Implemented simplified guest checkout flow (no auth required) with Cal.com redirect and welcome email automation.
  • 2026-01-05: PORTAL FIXES: Fixed authentication handling in portal redirects for improved user experience. Updated redirect logic for root and login pages to ensure proper navigation.
  • 2025-11-13: RAGS HTML output hardened: Added null checks for replatforming_analysis fields and safe JSONB parsing in backend formatter to prevent TypeError crashes during report generation.
  • 2025-11-13: Intercom RAGS guardrails: Added message filters to skip admin/bot/internal URLs and prevent infinite analysis loops. Troubleshooting steps documented while webhook delivery is verified inside Intercom.
  • 2025-11-13: Slack /rags improvements: Default channel configurable via RAGS_SLACK_CHANNEL, duplicate result posts removed, and docs updated with new usage guidance.
  • 2025-11-11: Documentation system migration: Removed old /developer-docs route from dashboard. Added 'Developer Docs' link in navigation pointing to developers.reformer.la (Docusaurus). Single source of truth established for all platform documentation.
  • 2025-11-11: Password reset flow implemented: Complete forgot/reset password system with Supabase recovery tokens, Resend email delivery, and frontend pages at /forgot-password and /reset-password. Endpoints: POST /api/auth/forgot-password and POST /api/auth/reset-password. Full documentation in docs/api/authentication.mdx.
  • 2025-11-11: Email verification redirect fixes: Users now redirect to client portal (my.reformer.la/{clientslug}) after verification. Onboarding form displays directly on portal home page. Fixed redirect logic in Verify.jsx, Login.jsx, ClientPortal.jsx, and RequireOnboarding.jsx.
  • 2025-11-10: CRITICAL: Database migrations now run automatically on server startup. Migrations are part of the build process and cannot be forgotten. Health checks verify schema, EOD workflow verifies migrations.
  • 2025-11-10: Firecrawl Intelligence integration: Added real-time web crawling jobs, intent signals, and geo opportunities to AdminClientDashboard.
  • 2025-11-10: Enhanced Intercom integration: Improved user context boot with better error handling and member data mapping (530+ lines).
  • 2025-11-10: Docusaurus documentation site foundation initialized with v4 compatibility. EOD workflow now automatically deploys docs to developers.reformer.la.
  • 2025-11-09: Provisioned Cursor Cloud Agent API key (`CURSOR_API_KEY`) in Render & GitHub secrets.
  • 2025-11-09: Bootstrapped docs-site with architecture/API/runbook pages.
  • 2025-11-09: Imported E2E authentication test results into docs/operations.
  • 2025-11-12: MCP Servers: Built 15 custom MCP servers providing AI assistants with direct access to all platform services. 95+ tools total across Supabase, Close CRM, Stripe, ClickUp, Slack, Cal.com, Vimeo, Dropbox, Intercom, Resend, Spotify, Hunter, Pirsch, PageSpeed, and Webflow AI. Complete documentation added to docs/integrations/mcp-servers. All MCP servers documented in Docusaurus site and deployed to developers.reformer.la.
  • 2025-11-12: Email service migration: Loops retired, Resend is now primary email service. Resend MCP server available. Loops integration removed from production and all documentation updated.
  • 2025-11-12: Documentation deployment: Docusaurus docs site deployed to Cloudflare Pages (reformer-docs project). All MCP server documentation live at developers.reformer.la. Build successful, all links verified.
  • 2025-11-09: Documented ClickUp, Slack, Dropbox, Stripe, Memberstack (legacy), and Close CRM integrations in docs site.
  • 2025-11-09: Deployed docs to Cloudflare Pages project `reformer-docs` (https://developers.reformer.la).

Next Actions

  • CRITICAL: Rotate all exposed credentials (Stripe live key, ClickUp API key, Close CRM, Dropbox, Intercom, PageSpeed, Slack webhook) - see SECURITY-AUDIT-2026-01-06.md
  • Add ALLOWED_ORIGINS environment variable to Render with production domains
  • Verify DATABASE_URL in Render points to Supabase (not Render PostgreSQL)
  • Test SQL injection fixes with malicious input to verify parameterized queries
  • Test CORS configuration from unauthorized origins
  • Replace 606 console.log statements with logger utility (code quality improvement)
  • Implement Redis-based rate limiting (currently in-memory)
  • Complete end-to-end testing of new user flow (enhanced signup → verification → checkout)

Update Process

  1. Edit docs-site/src/data/status.json with:
    • Latest environment status or URLs.
    • Integration health (configured, needs attention, pending).
    • Recent changes (date + summary).
    • Next actions to tackle.
  2. Commit the changes with a meaningful message (e.g., docs: update status for Nov 9).
  3. Optionally regenerate ClickUp summary or Slack notification referencing this update.

Keeping this page current ensures anyone (including future developers) can immediately understand the platform state.***