Stay up to date with the latest features, improvements, and fixes in LiteSOC.
v2.0.0April 2, 2026Latest
LLM-Friendly Public API — AI Context Layer
Introduced a complete LLM compatibility layer for the LiteSOC public site. Every public-facing page now has a corresponding raw Markdown route, a central /llms.txt index, a full-context /llms-full.txt document, and an AI Editor banner on the onboarding and API docs pages.
New /llms.txt route: central index following the llmstxt.org proposal, linking all public Markdown routes and official SDK repositories (Node.js, Python, PHP).
Markdown routes for all public pages: /pricing.md, /features.md, /security.md, /about.md, /docs.md, /how-it-works.md, /changelog.md, /help.md, /docs/api.md, /docs/integrations.md — each returns a text/markdown response kept in sync with the UI via shared data modules.
New /llms-full.txt dynamic route: concatenates all static product pages, the full API reference, every help center article (with full body content), and all published blog posts fetched live from the database into a single Markdown document for AI agents.
'AI Editor' banner added to the Dashboard Integration Guide and the public API Docs page, shows a one-click copyable @https://litesoc.io/llms.txt string with instructions for Cursor and Claude.
'LLM Friendly' link added to the site footer, pointing to /llms.txt.
Fixes a race condition in the worker pipeline that prevented new brute force alerts from being created, adds the View Event button for Free-tier users, and fixes dismissed alerts reappearing on realtime updates.
Worker pipeline ordering: events are now inserted into the database before alerts are created, preventing a foreign key constraint failure on trigger_event_id that silently blocked new brute force (and all other) alert creation across all tiers.
Dismissed alerts no longer reappear when new alerts arrive via realtime. The filter now checks the server-synced status field ('dismissed', 'resolved') in addition to local component state.
Free-tier users can now see the 'View Event' button on brute force alerts, providing basic forensic visibility into the triggering event without requiring a Pro upgrade.
A complete quality-of-life pass for Free-tier users: a lightweight Dismiss workflow replaces the forced upgrade wall for alert management, the Incident Storyline now shows contextually accurate labels per alert type with correlated event counts, and the retention notice is redesigned as a thin, dismissible info bar.
Dismiss Alert for Free users: Free-tier users can now dismiss open alerts directly from the Behavioral Anomalies card and Forensic Sheet via a new ghost-style 'Dismiss' button.
Automatic housekeeping for Free accounts: the daily retention cron now auto-dismisses any 'open' or 'acknowledged' alert older than 7 days for Free-plan organizations.
Dynamic Incident Storyline labels: the Discovery step now shows a contextually accurate sublabel per alert type.
Retention Info Bar: the large blurred overlay block below the Activity Feed table is replaced with a compact, single-line dismissible bar.
Optimistic UI for alert dismissal: dismissed alerts are removed from the Behavioral Anomalies card immediately on click without waiting for the server response.
dismissAlertAction enforces server-side tenant isolation, requires org membership, is idempotent for already-dismissed alerts. Audited as 'alert.dismissed' in the SOC 2 audit log.
v1.9.7March 12, 2026
LiteSOC Merch Store
Launched an official merchandise store at /merch with plan-aware pricing, Stripe Checkout for physical goods with shipping address collection, a confetti success page, and a new merch_orders table.
New /merch page: high-end product gallery (Tee, Hoodie, Cap, Mug, Stickers) with dark-mode Zinc-950 styling.
Plan-aware pricing: Enterprise users see a 'Claim for Free' button for the Official LiteSOC Tee; Pro users receive a 20% member discount.
createMerchCheckoutSession Server Action: Stripe Checkout in payment mode with shipping address collection.
New merch_orders table with RLS: stores user_id, org_id, item_name, size, shipping_status, and stripe_session_id.
Added merch.order_placed and merch.free_claim_redeemed audit log actions for SOC 2 compliance tracking.
v1.9.6March 11, 2026
Advanced Custom Threat Model Engine (Enterprise Tier)
Custom Threat Models now support multi-condition AND/OR/NOT logic, deep metadata field filtering, result grouping, and chained-event detection.
Advanced condition schema: conditions now support { logical_operator: 'AND' | 'OR' | 'NOT', filters: [...], group_by? }.
Deep metadata filtering: filter fields now resolve dot-notation paths up to two levels deep.
Chained event ('FOLLOWED BY') detection: new chained_event_type and chain_time_window_minutes columns.
Redis pipeline batching: primary event counter increments are now pipelined (single round-trip).
v1.9.5March 11, 2026
Network Intelligence Hardening & Security Fixes
A focused quality-of-life and security pass fixing incorrect network type detection, a free-tier data-leak in the Management API, and inconsistent Server IP display.
network_type now correctly stored as 'datacenter' (or 'vpn'/'proxy'/'tor') when detected via ASN/GeoIP enrichment.
Network Type badge in the Event Detail panel now derives the correct value from the already-resolved flags.
Metadata redaction for free tier now also covers is_datacenter, network_type, and network_provider keys.
Server IP (Origin) row in Event Detail is now suppressed when the value is meaningless.
GET /api/v1/events/:id _redacted_fields response field now accurately lists all nullified columns.
v1.9.4March 10, 2026
Automated Monthly Security Digest
LiteSOC now emails a dashboard-style security summary at the start of each month.
Monthly Security Digest email with dashboard-in-email layout.
Top 3 Attacking IPs table and Top Attacking Country indicator.
'View Full Forensic History' button in digest email.
Opt-in by design: only sent when 'monthly_reports_enabled' is true.
Endpoint secured with constant-time CRON_SECRET check and audited service client.
Redis-based deduplication ensures only one digest email per org per month.
v1.9.3March 9, 2026
Instant Security Alert Notifications
Pro and Enterprise users now see a pop-up notification the moment a new security alert is detected.
Real-time alert pop-ups: notifications appear instantly when new security alerts are detected.
Severity-based styling: Critical (red), High (amber), Medium/Low (neutral).
Smart grouping during attack bursts: multiple alerts within 3 seconds are grouped.
'View Details' button opens the full forensic investigation panel.
Alert notifications available on Pro and Enterprise plans only.