Vercel Sandbox credential brokering
AI Builder routes third-party API calls (Anthropic, FAL, and others) through Vercel Sandbox credential brokering, so raw keys never reach the sandbox environment — only short-lived tokens do.
Also shipped
- End-to-end testing foundation — first Cypress test lands in CI, exercising the checkout flow against a disposable store and setting up broader browser-level coverage
Fixes
- [security]minimize the risk of leaking Anthropic API key
- [security]minimize the risk of leaking FAL API key
- [security]shipping update vulnerability
- [auth]rewrite auth email URLs to use the store's custom domain
- [ai-builder]use SSH deploy key for git push instead of PAT credential brokering