v0.10.1 — SEO + SSR overhaul, Library & MCP docs

SEO + SSR overhaul, Library & MCP docs.

Added

• Server-side rendering across the whole site. Pages now ship full content, a real <h1>, and per-page JSON-LD in the static HTML, so search engines and non-JS AI crawlers (ClaudeBot, GPTBot, PerplexityBot) see the real page instead of a skeleton.
• app/lib/seo.ts — centralized metadata (pageMetadata()): every route ships a complete, consistent Open Graph + Twitter set (og:site_name, og:locale, og:type, twitter:site/creator, images), canonical, and the noindex flag — 100/100 on the full OG/SEO checklist across all pages.
• Google-compatible favicon.ico (Google ignores SVG favicons) and FAQPage + WebSite JSON-LD on the home page for AI and search overviews.
• New /library page documenting zefer-cli as a programmatic Node.js library (encodeZefer, decodeZefer, generateWithOptions, analyzePassword; ESM and CommonJS).
• /how: "Use Zefer your way" — the four channels (Web app, CLI, MCP server, Node.js library) with links, reinforcing that they share the same engine and .zefer format.
• OpenGraph MCP integrated in .mcp.json, plus OG/SEO audit tooling in scripts/.
• Documented zefer-cli v1.3.0 (the library channel) across the site and the AI docs (llms.txt, AGENTS.md, agents.md, CLAUDE.md, README), and enriched the author entity (sameAs).

Fixed

• Instant navigation — internal links use next/link for prefetched client-side transitions: no full-page reloads and no language/theme flash.
• Normalized title/description lengths to SEO ranges on indexable pages; /device now renders its content server-side.

Full Changelog: v0.7.0...v0.10.1

v0.7.0 — MCP server page and site-wide syntax highlighting

MCP server page and site-wide syntax highlighting.

Added

• /mcp page — zefer-cli as a Model Context Protocol server: 2-step setup (global and npx), smart-detection explanation, the 5 exposed tools as rich entries (icon, key-parameter chips with required markers, returns line, call example), an example JSON-RPC call, and per-tool accordions with copy-ready configs for Claude Code (incl. claude mcp add), Claude Desktop, Cursor, Windsurf, VS Code (Copilot servers format), Zed (context_servers) and generic stdio clients — each with global + npx variants and one-click install buttons for Cursor and VS Code (official deep links). Linked from the navbar, mobile drawer, footer, home resources and /how
• Syntax highlighting site-wide — shared CodeBlock with a dependency-free tokenizer (JSON keys/strings/numbers/booleans/comments; bash commands/flags/strings/vars), hover copy button, and theme-variable token colors (dark/light, WCAG-checked); applied to /mcp and /install
• Donations FAB bubble — a small invitation appears 25 s after load and every 3 min (auto-hides in 9 s, X silences the session); icon-only design (lucide Coffee badge), primary-accented border and glow
• VS pages: new capability rows — password generator & analysis, encrypted-file inspector and AI integration (MCP) on all five comparisons with honest per-competitor statuses; Zefer spec card lists the built-in tools and the MCP-enabled CLI
• AI-integration docs refreshed everywhere: llms.txt and agents.md gained an MCP section (global + npx configs), AGENTS.md documents zefer mcp, README routes/AI sections updated

Changed

• "Proyecto" → "Desarrollo" in the main menu; the dropdown holds "Sobre el proyecto" and "Sobre el autor" ("Donar" lives in the FAB now)
• Footer PRODUCT column trimmed to Generator, Analyzer, MCP and Performance

Fixed

• Interrogative headings: "¿Cómo funciona?", "¿Cómo usar Zefer?", "¿Cómo reportar?", "¿Qué incluir en el reporte?", "¿Cómo se generan las contraseñas?" (es ¿…? / pt …?)
• Outdated Picocrypt comparison row: Zefer does have a CLI
• "Exposed tools" no longer nests glass cards inside glass cards (site-wide .glass .glass = 0)
• Dev servers no longer replay stale chunks: any service worker registered before the prod-only gate is actively unregistered in development

Full Changelog: v0.6.0...v0.7.0

v0.6.0 — Password lab and deep .zefer analyzer

Password lab and deep .zefer analyzer.

Added

• Generator/Analyzer tabs — /generator is now a two-tab password lab; every generated key gets its own strength meter, score and effective bits, sorted highest → lowest
• 2 new key types — Base58 Readable (standard Bitcoin alphabet, no 0 O I l — safe to dictate or hand-copy) and PIN (digits only), shared with the home popover via the canonical MODES list
• Advanced generation options (collapsible panel, persisted): exclude ambiguous characters, exclude custom characters, guarantee all character classes, no consecutive repeats, dash grouping every 4/6/8
• Stop-slider controls — length (presets 16–1024 + custom up to 2048) and quantity (1–50, default 1) use a horizontal slider with dot markers mathematically centered on the thumb path, plus a manual input
• Security report (SecurityInsights, shared by the config panel and the analyzer tab): 4 attack scenarios (10²–10¹⁵ guesses/s), cybersecurity framework checks (NIST SP 800-63B, OWASP ≥64 bits, long-term ≥100 bits, AES-128 ≥128 bits, post-quantum Grover), total keyspace, post-quantum entropy, and comparison vs an average human password (~40 bits) — collapsible on the generator tab
• Plain-language tooltips — 12 explanations (es/en/pt) for entropy, scenarios, each framework check, keyspace, post-quantum bits and the average comparison
• Deep .zefer analysis (/analyzer) — structural integrity (chunk-framing walk, corruption/truncation detection, chunk count, estimated content size), ciphertext randomness via Shannon entropy, salt/IV hex, full-file SHA-256 fingerprint, KDF resistance table (per-GPU guess rate from the file's iterations + crack times for typical passphrase strengths vs a 1,000-GPU fleet) and severity-tagged security observations (weak KDF, public hint/note, reveal-key surface, compression side-channel, low entropy, broken structure)

Changed

• Realistic file-size limits — the old formula derived the limit from the V8 heap cap (~4 GB on every desktop, freezing all machines at ~1.5 GB). Limits are now tiered by reported RAM + CPU threads: workstations (20+ threads or 64+ GB RAM) reach 10 GB, mid-range desktops 2–8 GB, mobile 256 MB–1.5 GB. /device page explanation updated accordingly; file reads now fail gracefully with a clear message if the browser cannot allocate
• /how — password generation explained: new section documenting the engine (CSPRNG, rejection sampling, 7 alphabets, analysis/scoring with attack scenarios and compliance, advanced options) with a link to /generator
• "Proyecto" dropdown: project, donate and author links consolidated into a modern dropdown on desktop and an accordion row inside the mobile drawer (aria-expanded/haspopup, outside-click close)
• Donations FAB: floating Buy Me a Coffee button (safe-area aware, pulsing glow via color-mix, reduced-motion safe) on every page
• 36 new unit tests for the password engine (app/lib/passwords.ts added to the coverage gates): charsets and modes, unbiased generation (including the rejection-sampling branch via a mocked CSPRNG), advanced options, analysis warnings and scoring bands, crack-time buckets (no Infinity), compliance checks and superscript formatting — suite grows from 125 to 161 tests, 100% line coverage maintained
• README, AGENTS.md, CLAUDE.md, docs/ARCHITECTURE.md, public/llms.txt and public/agents.md updated with the generator/analyzer pages, the password engine API, new preferences and design-system classes; privacy policy now states explicitly that the tools process everything locally

Fixed

• "Decrypt this file" on /analyzer now hands the analyzed file directly to the decrypt form (client-side navigation handoff) instead of landing on an empty form
• "Infinity years" — crack times are computed in log space (2^bits overflows Number past ~1024 bits); extreme configs now render ≈10ⁿ years with Unicode superscripts
• Checked toggles never turned green — Tailwind cannot variant plain CSS classes; native .peer:checked ~ selectors now style the track and knob (also fixes the home dual-key toggles)
• Saved keygen preferences were never applied — local state initialized before localStorage hydration; the popover now adopts preferences when they arrive
• Scenario labels wrapping — shortened and truncate-protected; technical detail moved into the scenarios tooltip
• Service Worker in development — now registers only in production, preventing stale-chunk issues while developing

Full Changelog: v0.2.0...v0.6.0

v0.2.0 — Preferences, AI guide, and an SEO/accessibility pass

Preferences, AI guide, and an SEO/accessibility pass.

Added

• Key generator preferences — Your chosen mode (Unicode, Secure, Alpha, Hex, UUID) and length (64-1024) are now remembered across sessions
• AI assistants guide — New /install/guide page with step-by-step instructions for using Zefer with AI tools
• Passphrase visibility toggle — Show/hide buttons on all passphrase input fields
• Character requirements — Clear minimum length indicators on passphrase fields
• Author section — Social links and profile information on the install page
• Professional documentation — Security policy, Code of Conduct, Changelog, Contributing guide, issue template chooser
• JSON-LD structured data — WebApplication schema with author, version, and language information for search engines
• Per-page SEO metadata — Every route now has its own title, description, keywords, OpenGraph, Twitter card, and canonical URL
• PWA screenshots — Manifest now includes screenshots for the install prompt on mobile devices

Changed

• Share links are now safer — When a reveal key is set, the share link uses only the reveal key instead of exposing the main passphrase
• URL parameters respect target tab — Encrypt params are ignored when t=decrypt and vice versa, preventing the wrong form from consuming and clearing params
• Touch targets — All icon-only buttons now meet 36x36px minimum (theme toggle, language selector, copy, close, file remove, passphrase toggle)
• Heading hierarchy — Footer section labels changed from <h4> to <p> to avoid skipping heading levels
• Aria labels — All toggle buttons now have dynamic aria-labels ("Show/Hide passphrase"), expand/collapse buttons have aria-expanded
• Social preview images — Redesigned OpenGraph, Twitter/X, and Apple touch icon with ambient glows, grid overlay, version badge, and tech pills
• Search engine indexing — Legal pages (/privacy, /terms) now have noindex, follow robots directive and are excluded from the sitemap
• Input styles — Better focus states and accessibility across encrypt and decrypt forms
• Documentation — All docs have cross-navigation, corrected counts (24 components, ~415 translations), SEO rules, accessibility rules, and new route guide
• Dependencies — All packages updated to latest stable versions with ~ (patch-only) ranges; TypeScript updated from 5 to 6

Fixed

• Share link security — Main passphrase no longer leaked in the URL when a reveal key was configured
• Decrypt auto-fill — Passphrase from /?t=decrypt&p=... URLs now correctly populates the input field
• Form param collision — EncryptForm no longer reads and clears URL params meant for DecryptForm (and vice versa)

Full Changelog: https://github.com/carrilloapps/zefer/commits/v0.2.0