Fetching latest headlinesโ€ฆ
Dev Log: 2026-07-05
NORTH AMERICA
๐Ÿ‡บ๐Ÿ‡ธ United Statesโ€ขJuly 6, 2026

Dev Log: 2026-07-05

0 views0 likes0 comments
Originally published byDev.to

TL;DR

  • 23 commits across 4 repos, one theme: opening apps to the outside world, safely.
  • Public: kickoff v1.32.0 ships SDK-free support-widget integration stubs.
  • Private: external intake channels (token-authed API, cookie-free widget, signed webhooks) on a helpdesk product; signed public API + rebuild webhooks on an event platform.

Everything today was about external surfaces โ€” letting the outside in without leaving the door unlocked.

What shipped

Where What
kickoff v1.32.0 (public) SDK-free support-widget integration stubs: settings class + migration, Livewire admin settings page, Blade component, docs, Pest coverage
Helpdesk product (private) External intake channels: token-authed API, magic-link requester view, cookie-free embeddable widget, signed outbound webhooks, hardening pass from an adversarial review
Event platform (private) Signed public event API + landing-page rebuild webhooks, persona nav overhaul, 15 new MCP tools, offline PWA check-in, plan-limit enforcement
Event platform docs (private) Tracker updates + before/after UX screenshots

Stubs, not SDKs

kickoff now ships a support-widget integration as stubs โ€” settings class, migration, admin page, Blade component โ€” copied into your app. No composer dependency for glue code: you own it, you can read it, you can change it. For ~100 lines of integration code, a stub beats a package.

Intake is three problems

The helpdesk work was the day's core: letting outside systems and end users create tickets. Every inbound surface splits into the same three problems โ€” who gets in (token auth, magic links), what they can do (rate limits, severity clamps, single-use entry), and what you send back out (signed, idempotent webhooks). An adversarial review caught four real issues before launch; that story gets its own post, next.

Static pages, fresh data

The event platform got a signed public API plus webhooks that fire on content changes โ€” so landing pages can be static builds that rebuild themselves when an event changes. CDN speed, CMS freshness, nothing dynamic on the hot path.

Also: plan limits (active events, staff seats) are now enforced in the domain actions, not just the UI. The UI check is a courtesy; the exception in the action is the contract.

Takeaway

Every external surface came down to the same checklist: authenticate, clamp, sign, dedupe. Deep-dive on the widget hardening in the next post.

Comments (0)

Sign in to join the discussion

Be the first to comment!