Changelog

Admin routes hidden from public OpenAPI spec. Platform-admin endpoints are no longer enumerated in /api/v1/openapi.json. The routes themselves are unchanged (still served, still gated by admin auth) — only their visibility in the public spec is reduced.

OpenAPI spec is now fully populated. GET /api/v1/openapi.json covers every public path and method (128 methods on 99 paths). Response shapes are validated server-side in production — if you depend on a field that isn't in the spec, please open an issue. Scoped PATs are also enforced end-to-end now.

Full URL-scoped workspace + team routing. /workspaces/:workspaceId/... and /workspaces/:workspaceId/teams/:teamId/... are now the only valid route shapes. The previous /workspaces/me/* and /teams/me/* shortcuts have been removed — they had been emitting Deprecation / Sunset headers for the past two months.

Old clients (CLI < 4.0) calling /me paths now receive 404. Upgrade with vibehost update.

Marketing site refresh. vibehost.com has been redesigned around a clearer "deploy in two minutes" story. The dashboard, CLI, and API are unaffected.

Team URLs go scoped. Every team-scoped route now lives under /workspaces/:workspaceId/teams/:teamId/.... The legacy /teams/me/* mounts keep working through the hard-removal window with Deprecation / Sunset headers.

New error code: TOKEN_TEAM_MISMATCH (HTTP 403) when a PAT bound to team A is presented against team B. Browser sessions exempt — URL team wins.

Workspace fail modes unified. Both "workspace does not exist" and "user is not a member" now collapse to 404 NOT_FOUND with "workspace not found". Removes a probe surface where an attacker could enumerate workspace existence by the error-message diff.

Exception: a PAT bound to the wrong workspace returns 403 TOKEN_WORKSPACE_MISMATCH — the token holder already knows their token's scope, so the code carries no information an attacker without the token could obtain.

docs.vibehost.com shipped. Self-hosted docs with auto-generated OpenAPI reference, full-text search, Cmd-K palette, multi-language samples (curl / JavaScript / Python / Go), and per-page Copy Markdown / Open in ChatGPT buttons. Performance: TTFB ~350 ms / 136 KB initial payload (5–10× lighter than typical SaaS docs).

Scoped PATs. Personal access tokens can now be minted with a subset of action scopes (deploys:write, apps:read, …) and optionally bound to specific resource IDs. Server-side enforcement is on in production. Full-access PATs (no scopes) still work for backward compatibility.

New error codes: PAT_SCOPE_INSUFFICIENT, PAT_RESOURCE_NOT_ALLOWED, PAT_CAP_REACHED, PAT_NOT_ALLOWED. See Personal access tokens.

Custom-domain verify error granularity. vibehost domain verify now returns one of three precise codes instead of a generic VALIDATION_FAILED:

• DOMAIN_VERIFY_RECORD_NOT_FOUND — record not published yet, wait + retry.
• DOMAIN_VERIFY_RECORD_MISMATCH — record exists but wrong target; details carry observed vs expected.
• DOMAIN_VERIFY_DNS_TIMEOUT — resolvers didn't respond inside 3 s × 3; transient, retry shortly.

All three remain HTTP 400 / exit code 3.

Passkey / WebAuthn login. Sign in (and re-auth for sensitive operations like password changes) now supports passkeys via WebAuthn. Recovery codes are issued at passkey registration; the lost-device flow goes through the recovery-code endpoint, which intentionally collapses "credential never existed" and "credential revoked" into the same response (privacy property).

vibehost app inspect. Full state of an app in one call — runtime, visibility, password status, channels, recent deployments, custom domains, email grants, active share links. Designed for agents: vibehost app inspect <name> --json is now the single command an LLM should run before deciding what to do with an app.

OG card watermark on by default. Free-tier deploys get a powered by [VibeHost logo] vibehost.com watermark on auto-generated OG screenshots. Paid plans can disable via vibehost app og watermark --off. Re-enabling is always free.

Watermark renders server-side at request time — no re-screenshot needed on toggle. New error code: OG_WATERMARK_TOGGLE_REQUIRES_PAID.

Redeem codes. vibehost redeem <code> exchanges an officially-issued code for N months of Business plan on the current workspace. Failure modes are per-code (REDEEM_INVALID, REDEEM_EXPIRED, REDEEM_EXHAUSTED, REDEEM_DUPLICATE, REDEEM_RATE_LIMITED) so funnel analytics can bucket by reason.