The journal

What's shipping across the studio, in the open.

Dated entries from the live ventures, newest first. Each entry links to the venture brief for the full current snapshot — roadmap, stack and stage.

Latest entries

Studio log.

One line per change, tagged with the venture it belongs to.

AdoptDontShop 23 Jun 2026

Account sanction notices; application drafts now autosave.

Adopters and rescue users with an active account sanction now see a clear banner explaining it, which they can acknowledge. In-progress adoption applications save automatically as you fill them in and can be resumed later — this also fixes a bug that had silently broken pre-filling new applications from your saved details.

AdoptDontShop 22 Jun 2026

Rescue dashboard: bulk application actions restored.

Approving, rejecting, withdrawing or advancing the stage of one or more applications at once had stopped working for rescue staff. Both bulk and single-application actions are now working correctly again.

AdoptDontShop 20 Jun 2026

Personalised pet recommendations; faster applications.

A new Top Picks page — and a refreshed home page — surfaces personalised pet recommendations ranked by your match preferences, each with a plain-language reason for the suggestion. New adoption applications now pre-populate from your saved details, and those defaults update automatically as you apply. Separately, a bug preventing rescues from saving changes on their dashboard Settings page has been fixed.

AdoptDontShop 19 Jun 2026

Security: inline styles removed from CSP. Full API documentation published.

The frontend’s Content-Security-Policy no longer permits unsafe-inline for stylesheets, closing a CSS-injection vector; a CI guard now blocks any regression. Every route across the application and document lifecycle now declares its contract in the interactive API docs at /docs, for integration partners and SDK generators.

AdoptDontShop 18 Jun 2026

Staff invitations, 2FA, pet favourites and custom application questions.

Rescue staff can now accept email invitations to join their organisation — the invite link creates or connects an account and grants team access automatically. Accounts can enrol in two-factor authentication (TOTP); once enabled, a one-time code is required at every sign-in. Adopters can save favourite pets and return to them at any time. Rescues can add their own screening questions to the adoption application form, with answers captured on submission.

AdoptDontShop 18 Jun 2026

Security: high-severity vulnerabilities patched; production images pinned.

Two CVE-grade advisories — an arbitrary file read risk in the email delivery library and a TLS certificate validation bypass in HTTP transport — have been resolved. All production container images are now pinned to immutable content digests; a CI gate blocks any unverified image from deploying. Automated audit reports zero high-severity findings.

AdoptDontShop 17 Jun 2026

Login restored after gateway migration.

Following the switch from the legacy monolith to the new Fastify API gateway, the adopter portal had an auth contract mismatch that prevented users from signing in. The contract is now aligned — login works correctly end-to-end across the adopter portal, rescue dashboard and admin panel.

AdoptDontShop 17 Jun 2026

Adopters can now update their own notification preferences.

A permissions gap meant adopters could not save changes to their notification settings without triggering an authorisation error. Each account can now update its own channel preferences — in-app vs. email, per notification type — without requiring a staff intervention.

AdoptDontShop 16 Jun 2026

Auth security hardening.

Registration no longer reveals whether an email address is already in use — your privacy is protected regardless of account state. New accounts now require email verification before becoming active. Signing out a device or resetting your password immediately invalidates all related access tokens; previously issued tokens can no longer be replayed.

AdoptDontShop 16 Jun 2026

Data isolation, notification opt-outs and infrastructure reliability.

Applications are now strictly scoped to the adopter who submitted them; pet listings are correctly isolated to the managing rescue — no cross-organisation data access is possible. Email notification opt-outs are enforced per notification type, so opting out of one category doesn’t affect others. A dead-letter queue now captures any background event that fails processing, eliminating silent data loss.

AdoptDontShop 15 Jun 2026

Email notifications live.

Adopters and rescue staff now receive application updates, new messages and rescue decisions by email as well as in-app. Each account’s saved channel preferences are enforced at send time — if you’ve opted out of email for a notification type, it stays in-app only. A deduplication guard ensures each alert arrives exactly once.

AdoptDontShop 15 Jun 2026

Microservices migration complete. Security hardening pass done.

All ten domain services now run as independent containers — the legacy monolith is deleted. Separately: all high-severity findings from an automated static-analysis security audit have been resolved, and the API documentation page is now gated behind admin credentials. The platform is closer to closed beta readiness.

AdoptDontShop 25 May 2026

Roadmap re-baselined to closed beta Aug–Sep 2026.

Original §15 beta target (Q4 2025) was missed. The May 2026 re-baseline replaces it with seven sequenced milestones: legal foundation, data protection package, platform hardening, closed beta, trust & safety, payments & commercial, and public launch in November. Demand signal preserved — 5 lister LOIs and a 1,000+ adopter waitlist carried in.

AdoptDontShop 25 May 2026

Sprint focus published.

Rescue profile builder (drag-and-drop, three columns) live in staging. Geographic search by postcode in review. 6-step application workflow in design. Welfare-incident reporting from the adopter side next.

AdoptDontShop 25 May 2026

Scope cuts logged.

Three features dropped on purpose: a rescue ratings system (against principle), an adopter “wishlist” (animal-as-listing — no thanks), and premium rescue placements (the £40k cheque we turned down).

AdoptDontShop 26 Apr 2026

Proposal moved to In Build.

The ADS proposal cleared the gate and is now an active venture on the studio platform. Stack locked: React + Vite + TypeScript, Node + Express + Sequelize, PostgreSQL 16 + PostGIS, Redis 7, Socket.io, Turborepo. Lead: Alex Jenkinson.

AdoptDontShop 26 Apr 2026

Alpha feature-complete.

Six engineering milestones standing: monorepo + Docker dev stack, JWT auth + rescue registration, pet listings with staff permissions + photo upload, adopter browse/filter/like flow, real-time messaging on Socket.io, and Docker dev + prod environments. Closing 18 open issues + QA pass before handing off to compliance.

Pairflix Apr 2026

Early alpha state captured.

Platform stack standing — three apps (client, admin, backend), JWT auth, watchlist + partner matching, TMDB integration, TypeScript strict mode, full test suite passing, multi-stage Docker builds behind Nginx. No public users yet; matcher and partner-pairing UX in flight before opening a closed alpha.

Operating principles · Journal

How this page is kept honest.

Within 24 hours

Every shipped feature gets a changelog line within twenty-four hours of going live.

Customer-facing language

Written for the people who use the product, not the engineers who built it. No commit-message jargon.

Workflow-breaking only

Bugs noteworthy enough to break a workflow get listed. Trivial fixes don’t clutter the page.