MergeWhy

Changelog

What's New

A timeline of releases, features, and improvements to the MergeWhy platform.

v1.3.0February 25, 2026

CMMC Self-Assessment, Vendor Management, Control Testing

  • CMMC Level 1/2/3 self-assessment wizard with guided walkthrough
  • Vendor management dashboard with risk scoring and assessment tracking
  • Control testing framework with execution tracking and evidence linking
  • Drizzle ORM migration: 27 service files, all queries migrated from Prisma
  • Service layer architecture: business logic decoupled from tRPC routers
v1.2.0February 20, 2026

FedRAMP Dashboard, OSCAL Export, Self-Hosted Deployment

  • FedRAMP compliance dashboard with continuous monitoring metrics
  • OSCAL 1.1.2 export engine: System Security Plans, Assessment Results, and POA&M documents
  • OSCAL validator for machine-readable FedRAMP 20x authorization packages
  • Self-hosted deployment with Docker Compose and Kubernetes Helm charts
  • Pluggable provider architecture: OIDC auth, S3 storage, multi-LLM support
  • 1,919 tests across 7 test files with comprehensive coverage
v1.1.0February 15, 2026

SOC 2 Control Dashboard, Auditor Portal, Audit Bundles

  • SOC 2 Type II control dashboard with per-control pass/fail tracking
  • Auditor-specific dashboard view with compliance-first navigation
  • Audit bundle generation: ZIP packages with executive summary, compliance matrix, and evidence
  • Shareable audit reports via time-limited token URLs
  • PDF and JSON export for all compliance reports
  • Outbound webhooks with HMAC-SHA256 signed payloads
v1.0.0February 3, 2026

Initial Release

  • Decision Evidence Records: automatic creation from GitHub PR events
  • 14 compliance frameworks: SOC 2, FedRAMP, CMMC, HIPAA, DORA, ISO 27001, NIST 800-53, PCI-DSS, SOX ITGC, SOX 404, GDPR, and more
  • Evidence Vault with SHA-256 cryptographic sealing and integrity verification
  • AI analysis pipeline: documentation quality, intent alignment, audit readiness (Claude Haiku + Sonnet)
  • GitHub App integration with webhook processing for 5 event types
  • Jira OAuth integration for ticket enrichment
  • Slack OAuth integration for thread capture and notifications
  • Evidence scoring algorithm (0-100) with 6-factor evaluation
  • Gap detection: 9 gap types from MISSING_DESCRIPTION to UNSIGNED_ARTIFACT
  • CI/CD pipeline tracking with test, security, lint, build, and deploy categories
  • 20 dashboard pages with role-based views for engineers and auditors
  • Command palette (Cmd+K), mobile navigation, and smart breadcrumbs