Skip to content

Changelog

Web v0.19.1CLI v1.1.0SDK v1.4.0MCP v1.3.0
Web Appv0.19.1

Guest Dashboard SEO Overhaul

  • Fixed layout bug on /go where hero copy rendered above the navbar
  • Added feature cards flanking the Send Your First Webhook widget — mock responses, signature verification, CLI tunnel, SDK testing, MCP, and search/replay — visible without scrolling on xl+ screens
  • Expanded server-rendered SEO content (14 internal doc links, 12 headings, 751 words, BreadcrumbList + FAQPage schemas, hreflang alternates)
  • Promoted the page h1 to a visible subtitle inside the nav on md+ screens
CLIv1.1.0

Signature Verification

  • Tunnel forwards X-Signature-Verified, X-Signature-Provider, and X-Signature-Error headers
  • Listen shows inline verification status (checkmark/cross) per request
  • Create supports --signing-provider and --signing-secret flags (or WHK_SIGNING_SECRET env var)
SDKv1.4.0

Signature Verification Matchers

  • matchVerified() and matchUnverified() matchers for signature verification assertions
  • signatureVerified, signatureError, and signingProvider fields on Request and Endpoint types
MCPv1.3.0

Signature Verification Tools

  • Signing config (provider + secret) on create_endpoint and update_endpoint
  • verify_signature tool returns stored server-side results with skipped detection
  • Discord publicKey support for Ed25519 verification
Web Appv0.19.0

Signature Verification

  • Server-side webhook signature verification for 13 providers — configure once per endpoint, every request verified automatically
  • New Signature tab in request detail: paste a secret for instant client-side verification, or view stored server-side results with detailed error diagnostics
  • Verification badges (shield icons) in the request list and summary bar for at-a-glance valid/invalid status
  • Signing configuration section in endpoint settings: provider dropdown, encrypted secret storage, provider-specific tips
  • SDK: matchVerified() and matchUnverified() matchers for test assertions
  • MCP: verify_signature returns stored results without needing a secret; create/update endpoints with signing config
  • CLI: X-Signature-Verified headers on tunnel, verification status in listen output, --signing-provider/--signing-secret on create
Web Appv0.18.3

Blog Resilience & Housekeeping

  • Blog pages gracefully fall back when Supabase is unreachable instead of erroring
  • Added SECURITY.md and CODE_OF_CONDUCT.md for open-source governance
Web Appv0.18.2

SDK v1.3.0 & MCP v1.2.0 Release

  • Updated llms.txt and llms-full.txt with conditional response rules documentation
  • SDK and MCP version bumps for response rules and provider consolidation
Web Appv0.18.1

Blog Page Redesign

  • Redesigned blog index with clear visual hierarchy: featured post, two latest cards, and a scannable list for all posts
  • Compact page header replacing the bulky hero section
  • Fixed blog posts not appearing after publish due to stale Next.js fetch cache
Web Appv0.18.0

Conditional Response Rules

  • Define ordered response rules that match on method, path, headers, or body — first match wins
  • Visual response rules editor in endpoint settings with drag-to-reorder
  • Rules evaluated in the Rust receiver for low-latency conditional responses
  • Full SDK, MCP, and API support for managing response rules
SDKv1.3.0

Response Rules & Provider Consolidation

  • ResponseRule and ResponseRuleCondition types for conditional mock responses
  • validateResponseRules() and validation constants exported for shared use
  • TEMPLATE_PROVIDERS, VERIFY_PROVIDERS, and buildTemplateSendOptions exports — single source of truth for provider logic
  • Notification URL support in create/update endpoint options
  • Raw body replay with byte-exact fidelity (base64-decoded bodyRaw)
MCPv1.2.0

Response Rules & Notifications

  • Response rules support in create_endpoint and update_endpoint tools
  • Notification URL parameter for endpoint creation and updates
  • Provider lists imported from SDK — single source of truth
Web Appv0.17.4

SEO & Accessibility Improvements

  • Custom 404 page, OG image optimization (PNG→JPG), and improved sitemap generation
  • Comprehensive structured data (JSON-LD) and meta tag improvements across all pages
  • LLMs-full.txt for AI agent discoverability
Web Appv0.17.3

Configurable Limits & Security Hardening

  • Endpoint creation rate limits, ephemeral caps, and receiver body size now configurable via env vars
  • Stored XSS regression test suite for endpoint names, mock responses, and request data
Web Appv0.17.2

Teams Module Refactor

  • Atomic team invite acceptance with member limit enforcement (max 25)
  • Split teams module into focused sub-modules for better maintainability
Web Appv0.17.1

Consolidated Provider Logic

  • Unified webhook provider lists, signing, and payload generation via SDK — single source of truth
  • Added standard-webhooks provider to Send Webhook dialog (fixes drift from SDK/MCP)
  • Shared mock response validation across endpoint routes using SDK constants
Web Appv0.17.0

Redis-Backed Rate Limiting

  • Distributed rate limiting via Redis sliding window for all API routes
  • Receiver notification deduplication backed by Redis
  • Graceful fallback to in-memory rate limiting when Redis is unavailable
Web Appv0.16.0

Raw Body Fidelity & Search Performance

  • Raw body storage for non-UTF-8 payloads preserves byte-exact fidelity
  • Trigram-indexed full-text search across request path, body, and headers
  • Improved SSE streaming with raw body support
  • SDK version drift fix and accurate Retry-After headers
Web Appv0.15.0

Notification Webhooks

  • Configure a notification URL on any endpoint to receive POST alerts when webhooks are captured
  • Supports Slack, Discord, Microsoft Teams, and any webhook-compatible service
  • Notification URL management in endpoint settings and via API/SDK/MCP
  • New docs page for notification webhooks
Web Appv0.14.1

API Key Deletion Confirmation

  • Added confirmation dialog before deleting API keys to prevent accidental revocation
CLIv1.0.0

Rust Rewrite

  • Complete rewrite from Go to Rust for faster startup and smaller binaries
  • Full feature parity: tunnel, listen, auth, endpoints, requests, replay, send, update
  • Interactive TUI with ratatui (search, endpoint detail, request viewer)
  • Request search and filtering in TUI
  • Send webhooks with provider template signing from TUI
Web Appv0.14.0

API Explorer & Rate Limiting

  • Interactive API explorer at /api-explorer powered by Scalar
  • OpenAPI 3.1.0 specification at /openapi.yaml
  • Improved rate limiting with sliding window and informational headers
  • SDK error messages now include rate limit details and Retry-After hints
SDKv1.2.1

Rate Limit Metadata

  • RateLimitError now includes limit, remaining, and reset fields
  • New RateLimitMeta type export
Web Appv0.13.1

Pricing Copy Updates

  • Updated pricing copy across comparison pages and docs
  • Teams highlighted as Pro-exclusive feature
Web Appv0.13.0

Teams

  • Create and manage teams with invite-based membership
  • Share endpoints with team members
  • Team roles: owner and member with scoped permissions
  • Endpoint switcher shows personal and team endpoints
  • Teams documentation page
CLIv0.6.0

Teams Support

  • Endpoint list shows owned and team-shared endpoints
  • TeamShare metadata in endpoint responses
SDKv1.2.0

Teams Support

  • TeamShare type for endpoint team metadata
  • Endpoint type includes sharedWith and fromTeam fields
Web Appv0.12.1

Comparison Pages Expansion

  • New comparison pages: Hookdeck, localtunnel, RequestBin, Smee
  • Redesigned Beeceptor, ngrok, and Webhook.site comparison pages
  • Shared comparison CTA component
Web Appv0.12.0

Request Debugging Tools

  • Pin requests to keep them visible across endpoint switches
  • Add notes to captured requests (stored locally)
  • Side-by-side request diff comparison
  • Visual request timeline view
  • Interactive dashboard guide
  • Dashboard features documentation page
Web Appv0.11.0

Dashboard Improvements

  • Keyboard shortcuts for dashboard navigation
  • Collapsible JSON tree viewer for request bodies
  • JSON to TypeScript type generation
  • Resizable split pane in request viewer
  • Richer request list rows with method badges and size
Web Appv0.10.1

Case-Insensitive Slugs

  • Endpoint slugs are now case-insensitive (e.g. /w/AbC and /w/abc resolve to the same endpoint)
Web Appv0.10.0

Conversion Funnel & Live Preview

  • Live webhook preview on landing page
  • Getting started guide for new users
  • Claim ephemeral endpoints after signing in
  • Site stats social proof on landing page
  • Pricing CTA and docs CTA components
  • Redesigned hero and navigation
Web Appv0.9.3

Docs Expansion

  • REST API reference documentation page
  • Plans & limits documentation page
  • Webhook.site vs webhooks.cc comparison page
  • Docs navigation restructure and consistency improvements
Web Appv0.9.2

Changelog & Version Display

  • Public changelog page at /changelog with track filtering
  • Version display on account page
  • Deep health check endpoint for AppSignal uptime monitoring
  • Forward user IP on test webhook sends
  • Status page link in footer
Web Appv0.9.1

Provider Templates & Mock Response Delay

  • Add SendGrid, Clerk, Discord, Vercel, GitLab provider templates (12 total)
  • Configurable response delay for mock responses (0-30s)
  • Comprehensive analytics tracking for request and endpoint operations
  • New provider template reference documentation page
SDKv1.1.0

New Provider Templates

  • Add SendGrid, Clerk, Discord, Vercel, GitLab provider templates
  • Detection helpers: isSendGridWebhook, isClerkWebhook, isVercelWebhook, isGitLabWebhook
  • Signature verification: verifyClerkSignature, verifyVercelSignature, verifyGitLabSignature
  • Mock response delay field
MCPv1.1.0

New Provider Templates

  • Add SendGrid, Clerk, Discord, Vercel, GitLab to template and verify providers
  • Mock response delay support
Web Appv0.9.0

AppSignal & Next.js 16 Proxy

  • Replace Sentry with AppSignal for EU data residency compliance
  • OpenTelemetry tracing pipeline for Rust receiver
  • Migrate Next.js middleware.ts to proxy.ts (Next.js 16)
  • Proxy test webhook sends through server-side API route
CLIv0.5.3

Tunnel Base Path & TUI Fixes

  • Support base path in tunnel target (e.g. whk tunnel 8080/api/webhooks)
  • Fix TUI tunnel input swallowing shortcut-bound keys
CLIv0.5.2

Custom Headers

  • Add -H/--header flag for injecting custom headers in tunnel forwarding
SDKv1.0.1

Proxy & Delay

  • Mock response delay field support
  • Minor type and documentation fixes
MCPv1.0.1

Delay & Fixes

  • Mock response delay support in update_endpoint tool
  • Minor schema fixes
Web Appv0.8.0

Docs Overhaul

  • 14 new documentation pages with MDX pipeline
  • Standard Webhooks provider and sendTo method
  • Dynamic blog system with API publishing
  • PostHog analytics integration
  • Receiver file logging with daily rotation
  • Adjusted tier quotas (guest 25/12hrs, free 50/day, pro 100K/month)
SDKv1.0.0

Stable API

  • WebhookFlowBuilder for multi-step test scenarios
  • Request export (JSON, HAR) and clear methods
  • Full-text search and count queries
MCPv1.0.0

Stable API

  • Standard Webhooks provider support
  • Batch endpoint create/delete tools
  • Request export, search, and clear tools
  • Setup commands for Cursor, VS Code, Windsurf, Claude Desktop, Codex
SDKv0.6.0

Build Request & Fixes

  • buildRequest method for constructing signed webhook requests
  • Fix raw secret detection for Standard Webhooks
  • Request diffing (diffRequests)
SDKv0.5.0

Standard Webhooks & sendTo

  • Standard Webhooks provider and sendTo method
  • matchContentType, matchQueryParam, matchBodySubset matchers
  • Provider template sending with signed headers
MCPv0.3.0

Signature & Templates

  • verify_signature tool for 9 providers
  • send_webhook with provider template signing
  • compare_requests and extract_from_request tools
Web Appv0.7.4

SEO & Navigation Refresh

  • Refresh site metadata and navigation layout
  • Fix sitemap response content
Web Appv0.7.3

Webhook Templates & Retention

  • Signed webhook templates (Stripe, GitHub, Shopify, Twilio, Slack, Paddle, Linear)
  • Request retention policy improvements
  • Homepage comparison section
SDKv0.4.0

Signature Verification

  • verifySignature for Stripe, GitHub, Shopify, Twilio, Slack, Paddle, Linear
  • Webhook templates with realistic payloads
MCPv0.2.0

Webhook Templates

  • Provider template support in send_webhook
  • list_provider_templates tool
CLIv0.5.1

Replay & Ephemeral

  • Add whk replay command to resend captured requests
  • Add --ephemeral flag for auto-deleting tunnel endpoints
Web Appv0.7.2

SEO & Search

  • Structured data (JSON-LD), FAQ section, breadcrumbs
  • Add llms.txt for AI discovery
  • Full-text search across request body, headers, and path
  • Paginated request history with retention policies
SDKv0.3.0

SSE Streaming

  • subscribe() SSE async iterator for real-time streaming
  • describe() introspection for AI agents
MCPv0.1.0

Initial Release

  • 11 tools: create/list/get/update/delete endpoints, list/get requests, send/wait/replay, describe
  • stdio transport via @modelcontextprotocol/sdk
  • Setup CLI for Cursor, VS Code, Windsurf, Claude Desktop
Web Appv0.7.0

Rust Receiver & CLI TUI

  • Rewrite webhook receiver from Go to Rust (Axum + sqlx + Tokio)
  • Optimize database with stored procedures (capture_webhook())
  • Guest live dashboard for unauthenticated users
  • Strict quota enforcement for all endpoint types
CLIv0.5.0

TUI Mode

  • Interactive TUI with menu, auth, endpoint listing, and request detail views
  • Real-time SSE subscriptions in TUI
Web Appv0.6.0

Production Hardening

  • Six phases of production hardening (abuse protection, CSP, rate limiting)
  • Integration test suite (42 test cases)
  • SEO metadata, sitemap improvements, crawler exclusions
CLIv0.4.0

Device Auth

  • Browser-based device authentication flow
  • whk update self-update with SHA256 verification
SDKv0.2.0

Matchers & Helpers

  • Composable request matchers (matchMethod, matchHeader, matchBodyPath, matchAll, matchAny)
  • Provider detection helpers (isStripeWebhook, isGitHubWebhook, etc.)
  • parseJsonBody, parseFormBody, extractJsonField helpers
Web Appv0.5.0

Security & Docs

  • Security hardening across backend, API routes, and CLI
  • Floating navbar, sidebar, and docs improvements
CLIv0.3.0

Cosign Signing

  • Cosign keyless signing for release binaries
SDKv0.1.0

Initial Release

  • Endpoint CRUD (create, get, list, delete, update)
  • Request list, waitFor with timeout and polling
  • Replay captured requests to any URL
  • Human-readable duration strings (30s, 5m)
Web Appv0.4.0

Public Pages

  • Installation page with copy-paste commands
  • Privacy policy and terms of service pages
  • XML sitemap generation
CLIv0.2.0

Initial Release

  • whk tunnel for forwarding webhooks to localhost
  • whk listen for streaming requests to terminal
  • whk create, list, delete for endpoint management
Web Appv0.3.0

Billing & Polish

  • Polar.sh subscription management (free/pro tiers)
  • Request batching and endpoint caching for high-throughput
  • Dashboard UI improvements (empty states, layout fixes)
Web Appv0.2.0

CI/CD & Code Quality

  • CI pipeline with lint, typecheck, build, and test stages
  • Dependabot and CodeQL security scanning
  • Input validation, CSP, and rate limiting
Web Appv0.1.0

Initial Release

  • Dashboard with webhook capture and real-time inspection
  • GitHub and Google OAuth authentication
  • Basic endpoint CRUD and request viewer