What we shipped, in plain language

Two authentication improvements shipped together to tighten access control across the API.

• First-party session tokens are now accepted on all authenticated API routes, so browser-based flows no longer require a separate API key
• x-tenant-id is now validated against the caller's workspace membership; unrecognized or unauthorized values are rejected rather than passed through
• Staff email allowlist is honored even when the database promotion step fails, preventing lockouts during degraded states

Webhook configuration moved from an in-memory UI state to a fully persisted, tenant-scoped store. Each endpoint you add is tied to your workspace and survives sessions.

• Create, update, and delete webhook endpoints from the dashboard; changes persist immediately
• Send a signed test event to any saved endpoint with one click
• Each delivery attempt is recorded in a log so you can confirm receipt and inspect failures
• All test events are signed using the same signature scheme as live events

The signals page now reads from a real endpoint backed by persistent signal records, so the data you see reflects your actual usage history.

• Refreshing the page no longer shows stale signal data from a previous load
• The signals API rejects malformed date and limit parameters with a descriptive error instead of silently failing
• AI agents calling GET /api/usage/signals can rely on validated, structured responses

The pricing models section is now fully wired to a persistent backend. Data is stored in a dedicated table and served through a new API route, so the page reflects real configuration instead of static placeholders.

• Added a GET /api/pricing-models endpoint that reads and returns live pricing model records
• Pricing models page replaced mock state with real API-backed data
• Input validation added to the new endpoint to reject malformed requests early

A new write client and scheduled publishing pipeline ship pricing data to a structured dataset on a regular cadence.

• A cron-triggered endpoint builds the current pricing dataset and publishes it automatically
• A staff-only endpoint allows on-demand dataset pushes outside the scheduled window
• The integration layer gained a typed write client for the dataset host, with full test coverage

Anyone can now visit /price-check to run a live pricing query across modalities, no account required. The page is linked from the main nav and uses a streaming pipeline endpoint purpose-built for public access.

• New /price-check page with a multi-modal pricing form available to all visitors
• Public pipelines API endpoint enforces a 2 MB request body limit
• Abort handling cancels in-flight requests when the user navigates away

Two user-visible bugs in the billing flows were resolved.

• Payment date entered at creation time is now stored correctly and displayed in the payments list; the date field uses a proper date picker control
• Invoice detail Edit link and the order edit page were broken when the record ID was not yet resolved; both now await the ID before rendering

Four dashboard pages that previously displayed stub data or silently faked success have been wired to the live APIs.

• Costs page now pulls from the real cost APIs and no longer shows invented KPIs.
• Usage page now reads from the live metering APIs, so usage figures match what is actually recorded.
• Invoice detail page - the "Send invoice" action now submits to the real endpoint and persists the result.
• Payment detail page - the "Refund" action now calls the real refund endpoint; refunds are processed and recorded instead of returning a fake success message.

A round of fixes across the commerce pages ensures that partial failures no longer result in silent empty states.

• The costs page loads cost data even when customer names cannot be resolved
• A notice is shown when the trace list is capped at its maximum size, so you know results may be incomplete
• Trace-load failures now display an error message instead of an empty table
• Orders, invoices, and credits lists are now wired to their real APIs, replacing the last remaining mock responses on those pages

The commerce control plane used to need a connected storefront before it could do anything. Run a cycle on a brand new workspace and every count came back zero, so there was no way to try approvals or see a proposal.

Now the Commerce dashboard has a "Load sample data" button on the Pipeline tab. One click:

• Creates a demo connector account with a small sample catalog
• Adds competitor observations priced below your catalog
• Adds an "undercut competitors by 3%" policy that needs manual approval
• Runs a full cycle so proposals appear in the Approvals queue

From there you can approve or reject a proposal end to end, exactly as you would with a real store. When you are ready, connect your own storefront and run cycles against your real catalog.

Questions? Reach us at support@last-price.ai.

Last Price implements the Universal Commerce Protocol (UCP) so AI shopping agents and commerce platforms can interact with your pricing without custom integration code.

• Standard discovery at /.well-known/ucp advertises checkout and pricing compute capabilities with protocol version negotiation
• Full checkout session lifecycle: create, read, update, complete, and cancel, with idempotency on every mutating call
• Pricing quotes flow through the same compute pipeline, so routing policies, metering, and cost tracing all apply automatically
• UCP-Agent header negotiation ensures forward compatibility as the protocol evolves
• Fulfillment and discount extensions are supported from day one
• New dashboard page under Commerce shows all UCP checkout sessions with status, buyer, totals, and line item count

The PriceRouter surface is now fully represented in the OpenAPI contract:

• GET /api/price-router documented with PriceRouterCapability response schema (providers, builtins, strategies, metering constants)
• POST /api/price-router documented with typed request/response schemas including function-name resolution and metering output
• Seven new component schemas: PriceRouterCapability, PriceRouterStrategy, PriceRouterProvider, PriceRouterBuiltin, PriceRouterMetering, PriceRouterRequest, PriceRouterResponse
• New /features/price-router marketing page with investor-facing copy framing the multi-vendor routing as "OpenRouter for price computation"
• SDK generators and agent tool runtimes can now validate against the canonical contract without relying on runtime discovery alone

Previously a small number of internal routes would accept an x-user-id header as a fallback when no bearer token was present. That fallback is gone. If your integration was relying on it (it should not have been), switch to the standard Authorization: Bearer <token> flow and you are set.

• Header fallback removed from all API routes
• OpenAPI spec scrubbed of x-user-id references
• Bucket-key paths now key strictly off the authenticated identity
• Components that previously read the header now read from the auth context

If you are unsure whether you were depending on the old behavior, the fastest check is to issue a request without the header and make sure it still succeeds.

The /app shell now renders in a read-only preview mode for signed out visitors. Catalogs, sample functions, and the marketplace are visible; anything that mutates state (creating a function, running a priced call, editing settings) prompts a sign-in instead.

• Header CTAs adapt: signed-out visitors see "Sign in" and "Open the app"; signed-in users see their workspace switcher
• A dedicated public-preview API guard blocks write paths at the server boundary, not just in the UI
• Telemetry hook captures preview-mode page views separately so we can measure conversion from preview to signed up
• Dashboard layout no longer races on the redirect decision when a session is still loading

Signing into Last Price is now a first-class experience instead of a detour. The old /login route is gone and everything redirects to the new /sign-in and /sign-up pages.

• One-click Google sign-in on both pages
• Forgot-password and reset-password flows wired end to end
• Sessions refresh in the background so deep links into the dashboard resume cleanly after a tab has been idle
• Sign-up form labels its fields explicitly so browser password managers stop autofilling company name into the email field
• Same look and feel as the dashboard, with the LastPriceLogo squircle in the sidebar on desktop and the header on mobile

If you connect a storefront or marketplace account, the OAuth tokens and API keys you hand us never sit unencrypted on disk. Reads now return a __unreadable sentinel instead of raw ciphertext when decryption fails, so a misconfigured key cannot leak a token through an error path.

• AES-256-GCM envelope encryption applied to stored connector credentials
• Plaintext fallback dropped: legacy rows are read once, re-encrypted, and the plain form is purged
• Decrypt failures return a sentinel value, never the raw stored bytes
• Same cryptographic wrapper used for workspace API keys is reused here so there is one path to audit

Questions or concerns: support@last-price.ai.

Last Price is now multi-tenant from the ground up. Invite teammates, assign roles, and switch workspaces from the avatar menu.

• Three roles: owner (billing + members), admin (settings + secrets), member (read and run, no destructive actions)
• Workspace switcher in the dashboard header keeps you scoped at all times; API keys are workspace-scoped too
• Membership and role checks run on every request, with the audit trail attributing each action to a real person
• GET /team returns the full roster in a single round trip; the membership check no longer re-queries on every page load

If you wire Last Price into your stack, you receive signed webhooks for proposals, price changes, and approvals. The new public verifier lets you (or your AI agent) check a signature without writing a line of code. Same algorithm as the SDKs, just runnable from a tab.

• Paste the Last-Price-Signature header and the raw request body
• Tool confirms the HMAC and surfaces the timestamp window
• Failure messages name the exact reason (wrong secret, replay outside the freshness window, body altered after signing)
• Reference snippet shows how to do the same verification in code

A small change with a real impact on perceived speed for workspaces with large rosters.

• Membership verification uses an indexed LIMIT 1 lookup instead of iterating the team
• The team settings page makes one query for the full roster and derives membership in memory, instead of two round trips
• Tested against rosters up to several hundred members; the page now loads in well under a second on cold cache

Both documents were rewritten from scratch to match how Last Price actually works today: who handles what data, how connector credentials are stored, what happens on account deletion, and where to send a disclosure. The legal hub at /legal is the entry point.

• New plain-language Privacy Policy at /privacy
• New plain-language Terms of Use at /terms
• Legacy /tos route returns a 308 Permanent Redirect to /terms
• Footer "Legal" column links to the hub, the policy, and the terms
• Security disclosures and legal questions both go to support@last-price.ai

PriceRouter is "OpenRouter for price computation": one OpenAPI surface in front of multiple pricing vendors. The capability endpoint now returns the list of providers, their descriptions, and the models we expose for each, so an agent can call GET /api/price-router and discover what is available without scraping docs.

• New GET /api/price-router capability endpoint
• PriceRouterCapability OpenAPI schema with providers[] (id, display name, description, model count) and per-builtin provider
• Built-ins named lastprice/<provider>-<model> so the provider is unambiguous from the function name alone
• Dashboard reframes PriceRouter as multi-vendor: clickable catalog, compare-strategies view, explain-after-run, and a downloadable tool manifest for agent frameworks
• Snippets switched to safe JSON-to-Python literal conversion so copy-pasted examples run on first try
• POST body now uses proper context nesting and returns the actual response shape (previous docs had drift)

PriceRouter is a multi-vendor catalog of pricing models behind one API. These three additions make it transparent.

• Explain after run: every response can include a step-by-step trace of which provider was picked, why, and what each one would have returned
• Compare strategies: a side-by-side view in the dashboard runs the same input through cheapest, fastest, policy, and the rest, so you can pick the strategy with eyes open
• Clickable catalog: each provider/model has its own page with description, cost per unit, and a one-click playground
• Tool manifest: /api/price-router returns a manifest that agent frameworks can consume directly, with each built-in named lastprice/<provider>-<model> so the provider is unambiguous

The OpenAPI spec is the contract. We grew it so it actually covers the whole product, not just the original handful of endpoints.

• Tags for PriceRouter, Rosetta, Commerce, Signals, and the underlying inference router
• Every request and response has a named schema, so generated clients (and agent tool definitions) come out clean
• Capability descriptors are part of the spec, so a generated client can introspect available providers and models at runtime
• Spec is served at the API root and rendered with a "try it now" panel in the API docs page on the marketing site

Visual cleanup pass across every surface. The squircle is the canonical mark; the wordmark component is shared between the auth sidebar and the mobile header so they cannot drift again.

• New LastPriceLogo squircle on every auth page
• Emerald L$ mark promoted to the favicon and dashboard accent
• Sign in and sign up pages match the dashboard color scheme
• Copy passes across the dashboard caught lingering references to the prior brand and unified everything under Last Price
• Color tokens consolidated under the Tailwind v4 @theme inline block so theming is one file, not scattered overrides

The commerce control plane wires together every piece you need to move from "I have a Shopify store" to "Last Price set my prices this morning, here is the audit log." A full cycle runs:

• pullCatalogs from connected storefronts
• pullObservations from PriceAPI and Keepa
• matchSnapshots via Rosetta
• decidePrices through the pricing policy engine
• createProposalsFromDecisions into the approval queue
• executeApproved back to the storefront connector
• Every step writes to the audit log

What shipped:

• Seven packages live in packages/commerce-control-plane and friends (connectors, observations, matching, pricing-policy, approvals, execution-router, orchestrator)
• Eight cp_* tables backing the cycle (see migration 007)
• /api/commerce/* routes for triggering each step independently
• Dashboard at /commerce shows the live cycle, recent proposals, and the audit log
• Mobile commerce view collapses tabs to icons and shortens execute button copy so the cycle stays usable on a phone

Rosetta is our translation layer between merchant payloads and our canonical schemas (offer, product, observation, match, action). The new ingest endpoint runs the full proposal-to-staged-mapping pipeline in a single call, so a merchant or an agent can onboard without clicking through the Mapping Studio.

• New POST /api/rosetta/ingest endpoint backed by the lastprice/rosetta-ingest builtin
• Rosetta dashboard now has six tabs: Translate, Mapping Studio, Onboard, Canonical Schemas, Review Queue, Frozen Adapters
• Mapping Studio supports both UI editors and agent-driven JSON edits
• Built-in catalog now includes Rosetta's six functions (translate, normalize, validate, suggest, freeze, ingest) for a total of 15 built-ins across Jale, Elo, and Rosetta

The built-in catalog grew from eight to fifteen. Every function is token-metered, callable from any SDK, and works the same way an AI agent would invoke it from a tool manifest.

• Rosetta: translate, normalize, validate, suggest, freeze, and ingest for canonical-schema translation and autonomous merchant onboarding
• Elo: ab-test, significance, and allocator for live experimentation on pricing variants
• Jale: optimizer, elasticity, advanced, psychological, bundle, and tier-optimizer for end-to-end revenue and margin shaping
• All fifteen share the same metering rate and the same input/output schemas, so swapping one for another is a single string change

Different storefronts speak different languages. Rosetta is the layer that turns "your" schema into "ours" without you writing glue code.

• POST /api/rosetta/translate accepts any merchant payload and a mapping, returns a fully validated canonical record
• Mapping Studio in the dashboard supports both UI editing and agent- driven JSON edits, so a person and an agent can collaborate on the same mapping
• Validation runs against trust tiers: high-confidence mappings ship straight through, low-confidence ones land in the review queue
• Frozen Adapters tab lets you pin a mapping version so production traffic does not drift when you experiment with new fields
• Tested against the canonical schemas for offer, product, observation, match, and action

Last Price is something people open from email and Slack, often on mobile. The dashboard now expects that.

• Dark mode is the default, with prefers-color-scheme: light still honored
• Every page tested at 375px (phone), 768px (tablet), 1280px (desktop)
• Tables that used to overflow now either reflow as cards below the md breakpoint or scroll inside a contained wrapper
• Dialogs and sheets render full-width on small screens with scrollable content areas
• All interactive elements meet the 44 by 44 pixel tap-target minimum
• Charts use a responsive container so they fit any width without blowing out the page

Two changes that close long-standing hardening items.

• Workspace API keys are encrypted at rest in the format ivHex:authTagHex:cipherHex. The same wrapper is reused everywhere we store a secret, so there is one cryptographic path to audit.
• Reads are backward-compatible with legacy plaintext rows. If decryption ever fails, the read returns null rather than leaking the stored ciphertext through an error path.
• Dashboard session tokens moved from localStorage to sessionStorage so they are scoped to the browser tab and do not survive a tab close.

Two product surfaces that turn Last Price from "API you call" into "thing you ship to customers".

• Embed Snippet page in the dashboard generates a single drop-in tag with your workspace ID baked in. The snippet streams observation events back to Last Price so your pricing functions see real demand, not just static config.
• Experiments / A/B Testing page lets you split traffic across pricing variants, watch the allocator balance arms, and call the Elo significance built-in to decide when to declare a winner.
• Both surfaces work with any pricing function in the marketplace, built-in or custom.