Changelog
All notable changes to Vigil are documented here. Versions follow semantic versioning: breaking changes bump the major, additive features the minor, fixes the patch.
1.1.0 — 2026-07-10
Minor release: chat notifications. No schema changes; native webhook payloads are unchanged.
Added
- Slack & Discord alerts. Point the organization webhook at a Slack
(
hooks.slack.com) or Discord (discord.com/api/webhooks/…) URL and Vigil delivers a readable one-line message in that service's format — event, incident title, severity, monitor and a link — instead of raw JSON. Detection is by exact host, so no other receiver can be misclassified; every other URL keeps receiving the signed, versioned native payload. TheX-Vigil-Signatureheader is still computed over the exact body sent.
1.0.1 — 2026-07-03
Patch release: deployment and UI fixes. No schema or API changes.
Fixed
- Docker: app now starts in a container. The standalone server bound
to
process.env.HOSTNAME, which Docker sets to the container id, so the web container crashed at startup (getaddrinfo EAI_AGAIN <id>). It now binds0.0.0.0. - Docker: Postgres data persists.
postgres:18relocatedPGDATAunder/var/lib/postgresql; the compose volume now mounts there so data survivesdocker compose downinstead of landing in an anonymous volume. - UI: no horizontal page scroll on tablets. Wide data tables (monitors, incidents, audit) forced the whole page to scroll sideways between ~768–1080px; the table now scrolls within its own container.
- UI: password fields show a placeholder for a consistent, premium empty state on the sign-in and sign-up forms.
1.0.0
Initial release.
Monitoring
- HTTP(S) uptime monitors with configurable intervals (1 min – 1 hr), timeouts, expected status codes and degradation thresholds.
- Postgres-backed worker (pg-boss): cron fan-out, per-monitor dedup, drift-corrected scheduling, 90-day check retention.
- SSRF hardening: domain-only target validation plus DNS-resolution checks against private address space.
Incidents
- Automatic incidents on consecutive failures; automatic resolution on recovery, with notifications to owners, admins and responders.
- Manual incidents, severity levels, a strict lifecycle
(
investigating → identified → monitoring → resolved), immutable timelines and blameless postmortems.
Status pages
- Public per-organization status page with live component health and a 90-day uptime history, ISR-cached.
Platform
- Multi-tenant organizations, invitations and four roles (owner / admin / responder / viewer) enforced by a single permission matrix across server actions, API and UI.
- Optional AI copilot (Anthropic API): postmortem drafts and public status-update suggestions, permission-gated and rate-limited.
- Email notifications (HTML + text) via Resend, with a structured-log fallback when no key is configured.
- Generic outbound webhooks: HMAC-SHA-256-signed, versioned JSON payloads for the incident and monitor events, with retries and a "Send test event" action.
- Audit trail, structured logging, security headers, light/dark themes.
Developer experience
- 135 tests (unit + integration against real Postgres) and a Playwright golden-path suite; GitHub Actions CI.
- Multi-stage Docker images, one-command Compose stack with migrations.
- Read-only demo mode, deterministic demo seed, screenshot automation, and a standalone marketing landing page.