Changelog

This document summarizes the notable features, changes, and fixes shipped in each release of the Tenanto SaaS Boilerplate. Use it to understand what a specific release contains and what you need to review when upgrading to a newer build.

The format follows Keep a Changelog and the product itself uses Semantic Versioning.

Latest — Protected Tenants & Admin Impersonation

Two safety/UX fixes for system administrators of the boilerplate.

Added

• tenants.is_protected boolean column with a deleting model listener that throws on any attempt to delete a protected tenant (UI, jobs, tinker). The DemoDataSeeder flags the showcase demo tenant as protected so it cannot be wiped out accidentally from the admin panel.
• Custom admin impersonation (no third-party package) — a super-admin can open any active tenant as its owner via a new "Open as Owner" action in TenantResource. A session flag stores the original admin id; a yellow banner inside the tenant panel offers a one-click "Leave & return to admin" link. Both take and leave events are logged for audit.

Changed

• TenantResource now hides single delete actions on protected tenants and cancels bulk delete/force-delete actions if any selected record is protected, surfacing a clear notification.

Operations note

For impersonation to work across admin.<host> and <tenant>.<host>, SESSION_DOMAIN must include a leading dot (e.g. .tenanto.dev).

Previous — Commercial Legal Package

A rewrite of the shipped License Agreement and the Terms of Service / Privacy Policy templates to make the boilerplate safe to list on commercial marketplaces such as CodeCanyon and to protect both the seller and any buyer who builds their own SaaS on top of it.

Added

• config/legal.php — single source of truth for operator identity, jurisdiction, governing law, venue, contact addresses, GDPR supervisory authority, data-retention statement, and sub-processor list. Every value reads from a dedicated LEGAL_* environment variable with sensible fallbacks to APP_NAME and SUPPORT_EMAIL, so nothing is hard-coded to a specific operator.
• .env.example and .env — new LEGAL / COMPLIANCE section with fourteen documented environment variables covering operator details, jurisdiction, contact, DPO, supervisory authority, data retention, and sub-processors. Blank defaults intentionally trigger a "Template — customize before publishing" banner on /terms and /privacy so unconfigured installs cannot accidentally expose generic legal text to real users.
• Launch checklist — new "Legal and Compliance" section listing every LEGAL_* variable the operator must fill in plus a reminder to have the rendered pages reviewed by qualified counsel and to add a jurisdictional imprint where required by law.

Changed

• LICENSE.md — complete rewrite as a proper commercial license agreement with fifteen numbered sections: copyright and ownership, license grant scoped to a single End Product, purchase channels (Envato Regular/Extended or direct purchase), nine explicit restrictions (no redistribution, no competing boilerplate, no notice removal, no reverse engineering, no key sharing, etc.), third-party components, support scope, warranty disclaimer, limitation of liability capped at twelve months of fees, indemnification, termination with survival clauses, export compliance, Czech Republic as governing law and exclusive venue, and general clauses (entire agreement, severability, no waiver, no assignment, force majeure, notices, English as controlling language).
• resources/views/legal/terms.blade.php — rewritten as a buyer-customizable Terms of Service template with fifteen sections (accounts, acceptable use, billing and refunds, content license, IP, third-party services, privacy, suspension and termination, warranty disclaimer, liability cap, indemnification, modifications, governing law, miscellaneous, contact). All operator-specific values read from config/legal.php so the buyer edits their .env and gets a consistent legal document across both pages.
• resources/views/legal/privacy.blade.php — rewritten as a GDPR-oriented Privacy Policy template with fourteen sections including personal data categories, collection methods, processing purposes, GDPR Article 6 legal bases, sharing and disclosure, sub-processors, international transfers with Standard Contractual Clauses reference, retention, data subject rights under Articles 15–22 (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to supervisory authority), cookies, security, children under Article 8, automated decision-making under Article 22, changes, and DPO contact.
• Terms and Privacy pages no longer render a dynamic "Last updated" timestamp; the previously used now()->toFormattedDateString() call has been removed.

Fixed

• Previous LICENSE.md contained two contradictory license tier systems (Envato two-tier and a Standard four-tier), which no longer conflict now that the rewritten agreement uses a single clean structure with Envato terms expressly incorporated.
• Old LICENSE.md contact block leaked the author's website; the rewritten agreement directs licensing inquiries to the marketplace item page or the address on the purchase receipt.

Earlier — Developer Experience Update

A follow-up release focused on making the out-of-the-box development experience friction-free for buyers and aligning the documentation with the shipped code.

Added

• Vite Dev Server as a Docker service — tenanto_vite (Node 24 Alpine) now runs alongside PHP-FPM, nginx, PostgreSQL, Redis, Horizon, the scheduler, and Mailhog. No npm install on the host is required; frontend assets are served with hot module replacement at http://localhost:5273.
• VITE_HOST_PORT environment variable to override the Vite host port when 5273 is already in use by another project.
• Production nginx config split (docker/nginx/sites.prod/). The docker-compose.prod.yml file automatically mounts this directory so that dev-only CSP allowances never reach production.
• Bunny Fonts (https://fonts.bunny.net) whitelisted in both dev and prod Content Security Policies for the Inter web font used by the default layouts.
• Polling file watcher for reliable hot reload across WSL2 bind mounts.
• Landing page brand icons (PHP, Laravel, Filament, PostgreSQL, Redis, Stripe) switched from emoji to inline Simple Icons SVG to guarantee consistent rendering across operating systems.
• Troubleshooting entries covering Vite port conflicts, stale node_modules named volumes, and WSL2 file-watching quirks.

Changed

• Development CSP now allows http://localhost:5273 and ws://localhost:5273 in script-src, style-src, img-src, font-src, and connect-src so the Vite dev server and its HMR websocket load correctly in the browser.
• Marketing configuration (config/marketing.php) derives DEMO_* URL and email fallbacks from APP_URL. A fresh install shows working local URLs (admin.<host>/admin, demo.<host>/app) without requiring any env configuration. Empty strings are treated as unset so the fallbacks fire.
• .env.example leaves SUPPORT_EMAIL, SALES_EMAIL, DEMO_*_URL, and DEMO_*_EMAIL blank by default so the derived fallbacks are used. Fill them in only when you have a real public demo environment.
• Installation guides (README.md, docs/user-guide/installation.md, docs/codecanyon.md) no longer instruct buyers to run npm install / npm run build during initial setup.
• docs/deployment.md documents the dev/prod CSP split and how to build production frontend assets.
• docs/security.md documents both CSP variants and the fonts.bunny.net whitelisting.
• Documentation pages served at /docs no longer display stale "last updated" timestamps and correctly render inline screenshots.

Fixed

• Missing frontend styles on the landing page after a clean docker compose up -d on hosts where port 5173 was already occupied by another Vite project.
• CSP violations blocking https://fonts.bunny.net stylesheet and font loads on the Breeze /login view.
• config('marketing.demo.admin_url') resolving to placeholder URLs even when the env keys were blanked out.

Initial Release

The first public release of the Tenanto SaaS Boilerplate. Everything a production-grade multi-tenant SaaS needs to ship on day one, bundled in a single Laravel 13 + FilamentPHP 5 code base.

Stack

• Laravel 13 on PHP 8.4+
• FilamentPHP 5 for the System Admin and Tenant Admin panels
• Livewire 4 and Alpine.js for reactive components
• PostgreSQL 16 as the primary database
• Redis 7 for cache, sessions, and queues
• Laravel Horizon for queue monitoring
• Tailwind CSS 4 and Vite 8 for the frontend build
• Laravel Sanctum for API token authentication
• Laravel Cashier for Stripe billing
• Spatie Laravel Permission for multi-tenant RBAC

Multi-Tenancy

• Single database architecture with automatic tenant isolation via global scopes on every tenant-aware model.
• Subdomain and custom domain tenant identification with caching-backed resolution.
• Team-based organization structure with per-team roles.
• Per-tenant settings and branding support.
• Defense-in-depth authorization — Policy classes double-check tenant ownership even when global scopes are active.
• Octane-safe tenant context — middleware clears and terminating callbacks reset tenant state between requests to prevent leaks in long-lived workers.

Authentication & Authorization

• Laravel Breeze with Livewire components for login, registration, password reset, and email verification.
• Role-based access control with Owner, Admin, and Member roles per tenant.
• 20+ granular permissions for fine-grained access control.
• Spatie Laravel Permission integration wired to multi-tenant teams.
• Defense-in-depth policies on all Filament resources.

Billing & Subscriptions

• Stripe integration via Laravel Cashier with Tenant as the billable entity (SaaS standard — the organization pays, not the individual user).
• Three subscription plans (Basic, Pro, Enterprise) configured via config/billing.php and the SubscriptionPlan enum.
• Feature gating and plan limit validation through PlanFeatureService.
• Billing UI for tenant owners with plans, checkout, invoices, and receipts.
• Stripe webhook handling with custom notifications for subscription and trial events.
• Trial period support with configurable grace days.

Admin Panels (FilamentPHP 5)

• System Admin Panel (/admin) — manages tenants, users, licenses, and feature flags for super administrators.
• Tenant Admin Panel (/app) — per-tenant workspace for Users, Teams, Projects, Tasks, Billing, and Settings.
• Dashboard widgets with real-time statistics and eager-loaded queries.
• Full CRUD for all resources with policy-driven visibility.
• Cached navigation badges for performant sidebar rendering.

Example Module — Projects and Tasks

• Complete project management implementation that demonstrates the tenant isolation patterns and enum-based workflow states.
• Task tracking with status and priority enums, assignment, and completion tracking.
• Ready to customize in place or replace with your own domain module.

REST API

• Versioned API at /api/v1/ with Laravel Sanctum token authentication.
• CRUD endpoints for authentication, projects, and tasks.
• Rate limiting with tiered access levels (guest, authenticated, read-only).
• Consistent JSON response envelope and tenant-aware error handling.
• Comprehensive test coverage for tenant isolation across every endpoint.

Developer Experience

• Docker development environment with PHP-FPM, nginx, PostgreSQL, Redis, Horizon, scheduler, and Mailhog.
• PHPStan level 8 compliance across the whole code base.
• 600+ automated Pest/PHPUnit tests plus 480+ Playwright E2E tests.
• Laravel Pint (PSR-12) auto-formatting.
• Pre-commit hooks and a ready-to-use GitLab CI pipeline reference.
• Comprehensive in-repo documentation and an in-app /docs reader.

Marketplace Features

• Automated demo tenant provisioning with expiration and auto-cleanup.
• License key system with HMAC-verified keys and Filament admin UI.
• Update notification system with version info service and UpdateBanner Livewire component.
• Four-step customer onboarding wizard with progress tracking.
• Pluggable support provider contract with an email-based default.

Security Hardening

• CSP, HSTS-ready, Permissions-Policy, and Referrer-Policy headers on every response via nginx.
• QueryHelper for safe LIKE-query escaping against pattern injection.
• No CORS wildcard defaults — explicit origin configuration required.
• 7-day Sanctum token expiration to limit exposure of compromised tokens.
• Secure-cookie defaults flip automatically in production.
• Stricter CSP for the admin subdomain.
• Input validation at every entry point via FormRequest classes.

Production Readiness

• Reference docker-compose.prod.yml without exposed DB/Redis ports and without Mailhog.
• Hardened PHP configuration for production (docker/php/php-prod.ini).
• Backup and restore guide, performance guide, and deployment guide.
• Sentry integration for error monitoring with tenant/user context.
• Structured JSON logging with tenant, user, and request ID context.
• Request ID propagation for distributed tracing.

Support

For issues and feature requests, use the support email configured in your .env file (SUPPORT_EMAIL) or the dedicated support channel listed on your marketplace purchase page.