What changed?
The plain-language layer says what a site owner, tester, or operator can now do more easily, more safely, or with less confusion.
TraceLayer developments.
A public progress feed for TraceLayer, TracePress, plugins, communications, licensing, visibility, and safe publishing workflows. Updates are organized newest first, with major milestones separated from the regular timeline.
How to read this page
Plain language first, technical detail second.
Each update explains what changed for people using TraceLayer, then adds the implementation context needed by reviewers and operators. Public notes avoid secrets, private server details, source code, internal file paths, and personal contact information.
How is it built?
The technical layer explains architecture, safety gates, browser behavior, data boundaries, and release controls without exposing private implementation details.
What stays private?
Public updates do not publish secrets, tokens, private machine names, internal paths, license keys, personal inboxes, or operational command details.
Pinned for context
Featured Milestones
These are the big product moves that explain where TraceLayer is headed.
TraceLayer Admin is moving licensing into client onboarding.
Plain language: Client access is becoming a normal onboarding step instead of a separate tester-only workflow.
The admin licensing flow now favors client-ready access, invite copy, onboarding links, project setup, and account handoff. Tester and full-access modes still exist, but the default path is safer for day-to-day client work.
The goal is to keep license issuance connected to the rest of the work: onboarding, projects, site editing, support, and next steps.
Technical layer
The client lane reuses existing license authority actions while narrowing visible presets, default scopes, and handoff language so operators can issue access without over-granting capabilities.
TraceLayer Admin now has clearer diagnostic snapshots.
Plain language: Admin work now has better status snapshots for source, mirror, service-worker, and cache state.
Recent admin work tightened the way UI updates are checked across the canonical service, generated site mirrors, and browser cache layers. That makes it easier to tell whether a change is really live, stale in a mirror, or hidden behind a service-worker cache.
Technical layer
The diagnostic workflow treats admin source, generated mirrors, public workflow mirrors, script query strings, and service-worker cache versions as one consistency set before signoff.
TraceLayer public hosts now enforce the secure path more consistently.
Plain language: Visitors who land on the plain HTTP address are sent to HTTPS, while the HTTPS site continues to serve normally through Cloudflare.
The public router now handles Cloudflare HTTPS visitor signals, redirects insecure public-host requests to the secure URL, and returns strict transport security headers on secure responses.
Technical layer
A dedicated transport contract now checks HTTP-to-HTTPS redirects, Cloudflare-origin HTTPS behavior, local health checks, and HSTS so future transport changes do not regress the public trust path.
Visibility Engine v2 is now promoted into the live TraceLayer service.
Plain language: TraceLayer can publish stronger public discovery files for people, search engines, and AI systems while keeping private admin surfaces closed.
The Visibility Engine now generates public-safe sitemaps, AI index files, LLM summaries, visibility reports, and host-aware discovery files for the public site and public app. Admin discovery remains intentionally minimal and private.
Technical layer
The generator is root-aware, avoids private backup and draft trees, keeps arbitrary JSON blocked by default, and exposes only approved machine-readable discovery files per host.
TraceLayer App now includes a tester diagnostic snapshot.
Plain language: Testers can see whether their browser, license, workspace, and install setup look ready before asking for help.
The public app licensing route now gives testers a support-ready readiness snapshot covering license state, baseline entitlements, browser install eligibility, workspace session status, project working copy setup, and plugin gates.
The snapshot is designed for troubleshooting tester onboarding without exposing license numbers, device identifiers, internal records, or operational controls.
Technical layer
The diagnostic model is bound to the public app surface and reuses the same public-safe licensing, download, session, project, and entitlement boundaries already used by tester access.
TraceLayer App now shows tester license activity on the licensing route.
Plain language: Testers can see recent license activity for the current device without needing a separate admin dashboard.
The public app licensing route now includes a current-device activity timeline so testers can see activation, refresh, status, and deactivation events without needing an account dashboard.
The timeline is public-safe: it does not expose license keys, device identifiers, registry details, internal notes, or other devices.
Technical layer
The app scopes activity to the current license/device session and keeps it inside the same public app boundary as tester sessions, project working copies, and download readiness.
TraceLayer now has a public tester licensing guide and clearer install route.
Plain language: The public site now explains tester access, device activation, offline grace, and install limits before someone enters the app.
The public website now includes a dedicated tester licensing page that explains license numbers, device activation, plugin entitlements, offline grace, and current package limits before testers enter the app.
The public app route map now includes the install/download route directly, with tester access and install shortcuts available from the PWA shell.
Technical layer
The public guide uses the same public-safe authority and entitlement model as the app. The browser-managed PWA channel can unlock for licensed testers, while signed native packages stay unavailable until release artifacts have complete verification metadata.
TraceLayer App now connects tester projects, modules, and download readiness.
Plain language: Testers can plan working copy projects, see which modules are available, and understand what install options are ready.
Licensed testers can create, update, and archive review-only project records, preview which TraceLayer modules are available for the selected context, and review install/package channels from a public-safe download manifest.
A follow-up QA pass also tightened tester access boundaries and fixed local clear-state relock behavior, so the app returns cleanly to locked preview mode without noisy failed requests.
Technical layer
The public PWA uses the same public entitlement model for the Projects route, Plugin Registry, and Download route, so tester planning and install readiness reflect current license capabilities without exposing private license records or operational internals.
TraceLayer App now has a fuller tester licensing surface.
Plain language: The app now gives testers a clearer place to check access, activation history, plugin access, and PWA install status.
The public app now includes a dedicated licensing page for tester license status, device activation history, entitlement readiness, plugin access gates, and PWA install/update checks.
Technical layer
The public flow uses license-number activation, local entitlement state, protected plugin gates, negative-state handling for invalid or inactive licenses, and a billing-ready entitlement model without connecting a payment provider yet.
TraceLayer App now has license-number tester access.
Plain language: Testers can unlock the public app with a TraceLayer-issued license number while the public preview stays available.
The public PWA at app.tracelayer.online now shows a dedicated tester access panel. Testers can activate a TraceLayer-issued license number before enabling install/download behavior, while the core public preview remains visible during development.
Technical layer
The app validates tester access through public license and entitlement endpoints, avoids storing plaintext license numbers in the browser, and keeps install controls disabled until tester access is active.
TraceLayer's public web surfaces passed a full responsive QA pass.
Plain language: The public site and app were checked on common screen sizes so content is easier to read and navigate.
The public website and public PWA were checked across desktop, tablet, and mobile widths. The pass fixed mobile layout issues, cleaned local preview behavior, refreshed PWA caches, and tightened public routing boundaries.
Technical layer
The latest pass covered browser route and viewport checks, host-aware routing checks, and live smoke checks on the deployed public domains. The public app now uses refreshed cache assets and clearer fallback behavior.
TraceLayer is now organized as a local-first publishing and workflow platform.
TraceLayer is the control/workflow layer, TracePress powers native publishing, plugins extend the platform, Communications brings SMS and Email into one workspace, and safety checks keep publishing review-first.
Public builds now have a clearer release boundary.
Plain language: Public downloads and pages focus on what users need, while internal release tooling stays out of public view.
The public/user version is being kept clean, self-hostable, and usable for core TracePress workflows. Release tooling is separated from normal public downloads so product pages stay focused on user-facing capabilities.
Technical layer
Public plugin APIs expose public-safe tools by default. Protected release metadata and internal build paths are excluded from normal public downloads.
By Category
Each category is part of the same goal: make website work visible, reviewable, and safer before it goes live.
TracePress
Native pages/posts, clean routes, pretty links, previews, HTML working copies, and dry-run publishing reviews.
Site Editing
Site Manager, Site Library, assets, static files, WordPress pages/posts, and HTML Studio are being pulled into one editor flow.
Plugins / Tools
Visibility Engine, HTML Studio, Email Studio, WordPress, storage providers, and future integrations use manifest-driven structure.
Communications
SMS, SMTP Email, contacts, leads, templates, scheduling, dry-runs, and sanitized activity history live in one workspace.
Licensing
Client access, tester keys, entitlement toggles, offline grace, and protected plugin/update checks are being validated without blocking core local publishing.
Visibility / Trust
Discovery files, public-safe reports, HTTPS routing, cache behavior, and host-aware smoke checks continue to harden.
Newest first
Latest Updates
Client onboarding and diagnostics
June 23, 2026
Licensing is being connected to client onboarding.
The normal admin flow now favors client access, invite copy, onboarding links, project setup, and account handoff. This keeps access control tied to the next useful client action instead of leaving it as a separate authority task.
Technical layer
The backend keeps compatibility with tester-oriented authority actions, while the visible workflow now defaults to client-safe presets and narrower entitlement choices.
Admin UI changes now have a clearer consistency checklist.
Recent work documented the source, mirror, and cache-bust path for admin changes so operators can tell whether they are viewing current code, a stale mirror, or an older service-worker shell.
Technical layer
The checklist tracks canonical source, generated mirrors, public workflow mirrors, JavaScript query strings, service-worker shell entries, and cache versions.
Public trust path
June 22, 2026
Public HTTP traffic now redirects to HTTPS.
TraceLayer's public hosts now route plain HTTP visitors to the secure HTTPS address and send HSTS on secure responses. The public checks cover direct HTTP, HTTPS through Cloudflare, and local health behavior.
Technical layer
The router recognizes Cloudflare's HTTPS visitor signal so secure visitors are served normally even though the origin proxy connection remains local HTTP.
Public smoke checks now match the production HTTPS contract.
The host-aware runtime checks and public app API boundary checks now simulate the public HTTPS path correctly, which keeps transport enforcement and local QA aligned.
Technical layer
The smoke harness sends HTTPS-forwarding headers during local-origin checks and avoids false positives from broad secret-like substring matching.
Visibility and discovery
June 16, 2026
TraceLayer visibility files now come from a stronger generator.
The Visibility Engine now builds public discovery files for the public website and app while keeping admin discovery intentionally private and noindex. Reports are designed to be useful to people and automated reviewers without exposing operational internals.
Technical layer
The generator outputs sitemaps, AI indexes, LLM summaries, visibility reports, and host-scoped discovery files while blocking arbitrary private JSON and avoiding backup or draft trees.
Public PWA tester access
May 28, 2026
Tester license activation is now wired into the public app.
The public TraceLayer App now includes a tester access route, license activation form, entitlement lookup, and install button that remains disabled until a valid tester license is active.
Technical layer
The frontend uses public license activation and entitlement checks, stores only validation state locally, gates service-worker registration behind tester access, and keeps the public demo banner visible while the product is in development.
PWA QA and public release polish
May 27, 2026
Public website and public PWA were tested together.
TraceLayer now has a repeatable QA pass for the public marketing/docs surface and the public app PWA. The final browser pass found no horizontal overflow, clipped cards, broken images, or console errors across the tested desktop, tablet, and mobile widths.
Technical layer
The QA pass captured screenshots for representative desktop and mobile views, verified public routing boundaries, and deployed refreshed public service-worker caches after validation.
Current stabilization pass
May 18, 2026
Public release boundary audit
TraceLayer now checks that public/user builds stay clean and focused on user-facing workflows. Public plugin APIs show only public-safe tools, and core TracePress remains usable without a paid activation key.
Technical layer
The audit checks build profiles, plugin release metadata, public-safe filters, required release docs, runtime-data exclusions, and server-neutral navigation assumptions.
Site Library and Assets joined the editing workflow
Site Editing now includes a library layer for media, documents, linked files, TracePress assets, scoped static files, optional provider-backed files, and HTML Studio handoff.
Full HTML editing workflow for TracePress
TracePress now supports first-class HTML editing alongside Markdown. Pages and posts can keep local HTML working copies, render full-document previews, prepare dry-runs, and hand off richer HTML work to HTML Studio.
Technical layer
HTML content is included in checksums, preview rendering, local save flows, and dry-run change detection so local working copies do not silently diverge from source content.
WordPress and TracePress posting paths were separated
WordPress posts use WordPress-native fields such as status, categories, tags, excerpts, featured media, scheduling, and REST payload review. TracePress posts use native routes, clean article URLs, and TracePress dry-runs.
HTML Studio, Email Studio, and Visibility Engine became first-party tools
HTML Studio supports advanced HTML review/editing. Email Studio supports reusable email composition foundations. Visibility Engine checks metadata, indexing readiness, social previews, schema, sitemap behavior, link quality, and publish readiness.
Self-hosted licensing and entitlement architecture
TraceLayer now has an end-to-end tested manual tester key flow connected to the public TraceLayer authority: manually issued keys, activation, scoped entitlement toggles, explicit full-access approvals, disabled/revoked/expired states, local entitlement cache, offline grace, audit history, and protected plugin checks.
Technical layer
The current licensing authority resolves through a public TraceLayer license domain, with the main site retained as a compatibility path during migration. The model protects premium plugins, protected downloads, update channels, and advanced features without locking ordinary users out of basic local TracePress publishing.
Settings and controls under Safety / Audit
TraceLayer now has a centralized Settings area for appearance, menu customization, pinned workflows, workflow defaults, integration visibility, developer details, privacy controls, and strict safety guardrails.
Responsive public-site layout pass
The public website was audited across phone, tablet, laptop, and desktop widths. Navigation, plugin detail panels, code blocks, generated registry content, and hidden form fields were tightened so pages fit cleanly without horizontal overflow.
Platform foundation
May 17, 2026
Native TracePress publishing model
TraceLayer gained a native publishing foundation for pages, posts, reusable sections, menus, templates, pretty links, previews, sitemap-ready route metadata, and dry-run output.
SMS and Email moved into one workspace
Communications now groups SMS, SMTP Email, contacts, leads, templates, scheduling, dry-run previews, and sanitized outreach history so outreach does not feel split across unrelated screens.
Posts and Pages became separate local workspaces
Posts can plan categories, tags, scheduling, and social queues. Pages stay focused on hierarchy, templates, HTML editing, preview, and update review. Pages do not include social queue controls.
Server-aware Site Manager language
TraceLayer no longer presents itself as a single-server app in primary navigation. Site management is framed around managed sites and server profiles so future machines fit naturally.
Optional storage providers
TraceLayer works locally by default and can optionally connect storage providers such as Nextcloud for scoped file browsing, working copy backups, exports, and future snapshots.
Dark and light mode support for the standalone product site
The public product site uses official TraceLayer branding, server-side forms, early-access signup, protected metadata storage, and dark/light theme support.
Early platform layer
May 16, 2026
Site registry and relationship mapping
TraceLayer can inventory websites, domains, WordPress installs, services, connected files, databases, backups, and publish targets so operators can understand what belongs together.
Visibility signals introduced
TraceLayer started surfacing indexing and visibility signals so site owners can review whether pages are ready to be found, shared, and promoted.
Roadmap progress
The product is moving in layers so safety and clarity come before automation. This section summarizes where the platform is now and what comes next.
Local-first editing
Working copies, previews, HTML editing, libraries, assets, and queues can be prepared locally before review.
Server-aware checks
TraceLayer reads current site and server state before assuming a workflow is safe.
Plugin ecosystem
Visibility Engine, HTML Studio, Email Studio, and provider-style integrations now have first-party structure.
WordPress workflows
Posts, pages, HTML editing, media handling, visibility review, and review-first flows continue to harden.
Sync/deployment reviews
Checksum-aware queues, dry-runs, provider health, deployment maps, and rollback planning are being refined.
Guided public testing
Public release packaging, tester onboarding, staged artifacts, and clearer demos are the next readiness layer.