Features
- compiler: extract $group-* / $theme-* into CSS at build time (natew)
Bug Fixes
- bento-get: redact access tokens in DEBUG logs so they can't leak to terminal/CI (#4062) #4062 (Nate Wienert)
- avatar: fill frame instead of mis-sizing image on numeric size (natew)
- compiler: de-opt hoverStyle / $theme-* / $group-* on native (natew)
- compiler: deopt native runtime-only props before split (natew)
- compiler: drop native hover-only props (natew)
- avoid stale RNGH taps for native press events Fixes #4024 (natew)
- use-element-layout: restore spec sync initial onLayout measurement on mount/host-swap (natew)
- compiler: resolve tokens inside extracted $theme-/$group- blocks so emitted CSS is valid (natew)
- vite-plugin: correct vite peer dependency range (#4069) #4069 (Nate Wienert)
- core: apply numeric fontSize as a literal size in getFontSized (#4043) #4043 (Patrick Wehbe)
- portal: missing key warning when PortalHost renders multiple portal items (#4067) #4067 (Janic Duplessis)
- core: drop "unset" style value on native instead of crashing (#4053) #4053 (Janic Duplessis)
- core: native "unset" clears earlier-set style keys matching web reset semantics (#4073) #4073 (Nate Wienert)
- toast: preserve v2 context through portals (#4070) #4070 (Nate Wienert)
- sheet: refresh hoisted overlay props Fixes #3947 (#4071) #4071 (Nate Wienert)
- sheet: cover native sheet gesture setup option (#4072) #4072 (Nate Wienert)
Documentation
- make AGENTS.md canonical (CLAUDE.md symlink) + finish-your-work contract (#4056) #4056 (Nate Wienert)
Code Refactoring
- use-element-layout: extract emitLayoutIfChanged + rework registerLayoutNode (natew)
Performance Improvements
- compiler: partial-flatten static props on native deopt, drop dead hover (natew)
- compiler: guard $group-/$theme- CSS extraction so animated elements stay on the runtime path (natew)
Tests
- core: guard native theme switching for styleable HOC leaves (data-disable-theme must stay web-only) (natew)
- select: regression coverage for #3952 viewport elevate resolution (from #4042 by @patrickwehbe) (natew)
Continuous Integration
- add SheetPressResponderSheetRngh to iOS Detox shard matrix (natew)
Chores
- release: add beta/prerelease dist-tag path so prereleases never publish to latest (#4066) #4066 (Nate Wienert)
- Fix typings for native-only TS builds. (#4026) #4026 (Stanislav Muhametsin)
Commits
- secure supabase RLS across public tables + harden theme/coupon server paths #4054 (Nate Wienert)
- record post-deploy supabase migration (og-storage upload lockdown + handle_new_user search_path) (#4055) #4055 (Nate Wienert)
- fix projects/project_team_members RLS infinite recursion via SECURITY DEFINER membership helpers (#4059) #4059 (Nate Wienert)
- take test-user admin secret via header with constant-time compare (not URL) (#4058) #4058 (Nate Wienert)
- harden api surface (exact-origin CORS, generic error bodies, theme-history scoping, install-bot ownership, impersonate html-escape, gitignore .env) (#4057) #4057 (Nate Wienert)
- read server secrets via dynamic serverEnv so the build can't inline them into dist/api (#4060) #4060 (Nate Wienert)
- only apply parity discount when CF-IPCountry is proven via a Cloudflare origin secret (fixes charge spoof) #4061 (natew)
- fix checkout discount application (natew)
- b41fd0d: canary2.4.0-1783099846627 (natew)
- 10de829: canary2.4.0-1783110557100 (natew)
- bd9497f: v2.4.1 (natew)