currently v0.2.0

Changelog

Everything that's shipped on Kryo.to, newest first.

v0.2.0

current2026-06-25

Kryo.to now has a real backend. You can sign up, sign in, browse a live catalog,

and (if you're staff) manage everything from the admin panel. The site also

picked up a proper light/dark theme, per-page previews on link shares, and a

handful of security defaults that should have been there from day one.

Accounts

  • Sign up with email + password, or sign in with Discord.
  • Email verification on new accounts, with a "resend verification" link if the first email gets lost.
  • Forgot password / reset password flow with single-use reset tokens.
  • Active sessions screen in your account — sign out individual devices without losing the others.
  • Edit your username, email, and password from `/settings`. Change email re-triggers verification.
  • Discord account can be linked or unlinked from your profile.

Catalog & browsing

  • Games now load from a real database instead of placeholder data.
  • Browse gets a search box, genre filter, and sort options (newest, top rated, A–Z).
  • The home page spotlight and game detail pages pull live data, with a friendly empty state when the catalog is empty.
  • Per-game social-share previews (title, description, cover) on Twitter, Discord, and friends.

Admin

  • New `/admin` panel — visible in the header if your account has a staff role.
  • Manage games: create, edit, delete, and toggle "featured" from one place.
  • Manage staff: grant or revoke owner / admin / moderator roles for other users.
  • Admin endpoints live behind role checks, not just "is logged in".

Design

  • Light theme is now the default, with a toggle in the header. Dark mode still available and remembered across visits (no flash on reload).
  • The header shows your account status — username chip when signed in, "Sign in" button when not, an "admin" badge for staff.
  • Site footer now shows the current version and links to `/changelog`.

Pages

  • New: `/login`, `/register`, `/forgot-password`, `/reset-password`, `/verify-email`, `/account`, `/settings`, `/admin`, `/changelog`.
  • New: `/about`, `/contact`, `/terms`, `/privacy`, `/dmca`.
  • New: `robots.txt` and `sitemap.xml` (auto-generated).
  • New: PWA manifest + Apple web-app metadata (installable on supported devices).

Security

  • Standard security headers on every response: `X-Content-Type-Options`, `X-Frame-Options`, `X-XSS-Protection`, `Referrer-Policy`, `Permissions-Policy`.
  • Passwords stored with a modern KDF (not plaintext, not reversible).
  • Sessions are server-issued cookies; password reset and email verification use single-use, time-limited tokens.

Under the hood

  • Catalog moved from in-memory mock data to a Postgres-backed read/write API with a small Redis cache for hot reads.
  • Shared session context so the header knows whether you're signed in without a round-trip per page.
  • DB migration runner (`pnpm db:migrate`) for the accounts and games schemas.

v0.1.0

2026-06-25

The first public shell of Kryo.to. A clean, monochrome catalog you can browse —

the rest is on the way.

Added

  • Home page with spotlight and catalog grid.
  • Browse page with genre filter, search, and sort.
  • Game detail pages with cover, specs, tags, and related games.
  • Light / dark theme toggle.
  • About, Contact, Terms, Privacy, and DMCA pages.
  • This changelog, served from `CHANGELOG.md`.

Notes

  • Catalog data is still placeholder while the backend comes online.