Changelog

All notable changes to paulprae.com are documented here.

Format follows Keep a Changelog. Versioning follows Semantic Versioning.

[Unreleased]

Homepage from static resume to AI chat-first experience
Build output from static export (out/) to server-rendered (.next/)
Chat API hardened with JSON parse safety, size limits (100KB), message limits (50)
Origin validation middleware blocks cross-origin API abuse (CORS)
In-memory rate limiter fallback when Upstash Redis is unavailable
Per-message content length validation (4K chars) and total input budget
Content-Type enforcement (415 for non-JSON requests)
Prompt injection defenses in all system prompts (security rules S1-S5)
XML delimiters around user input in tool-calling to isolate untrusted data
Zod schema limits on tool inputs (job description 10K chars, emphasis areas capped)
Security headers in middleware (X-Content-Type-Options, X-Frame-Options, etc.)
Security and middleware test suite (origin validation, headers, prompt defenses)
Vercel AI Gateway integration with direct Anthropic fallback for local dev
Character counter in chat composer (appears at 75% of 4K limit)
Renamed middleware.ts → proxy.ts for Next.js 16 compatibility
Added "framework": "nextjs" to vercel.json (fixes 404 on preview deployments)
Removed duplicate security headers from proxy (vercel.json handles at CDN level)
Consolidated plan files: deleted 11 completed plans + 2 redundant docs (~3,800 lines removed)