Flipline is in closed beta. New cuts go out as we build them — usually multiple times a week. The list below is the highlight reel; the working terminal is /dashboard (sign in required).
v0.7.02026-05-25
Deal Radar (beta) — local marketplace sourcing alerts
▸New Deal Radar: watches Craigslist + Facebook Marketplace for local listings matching your saved searches and ranks them by estimated flip margin against your live price data — so you can snipe underpriced devices before anyone else.
▸Save searches by state + city (Craigslist) or area (Facebook). Filtered to local pickup, your search terms, and real devices — cases, chargers, and "ships to you" scam listings get stripped out automatically.
▸Craigslist runs on our servers; Facebook runs through a lightweight browser add-on on your own PC, using your own session — no separate accounts or logins to babysit.
▸Heads up: Deal Radar is genuinely experimental right now and will have rough edges for a while. Treat the margin estimates as a rough signal and always open the listing before you act.
v0.6.02026-05-21
Closed beta opens — activation codes + admin user panel
▸Closed-beta signup via single-use activation codes. 30-day trial per redemption. No card required during beta.
▸New /admin/codes — generate, copy, revoke codes with full redemption history.
▸New /admin/users — every user across every store with last login, monthly Sickw usage, status flip (revoke / reactivate), full per-user auth log + activity feed + lookup chart.
▸Public changelog at /changelog so testers can track what shipped between sessions.
v0.5.02026-05-21
Security hardening + multi-tenant signup fix
▸Email header-injection defense on the customer intake form. CRLF / RFC-invalid values silently rejected.
▸Per-IP rate limiting on the public intake photo upload and field PATCH endpoints. 10 uploads / 60 PATCHes per minute.
▸Public /api/sync/* endpoints gated by an internal token. No more public scrape triggers.
▸New public signups provision their own store on creation — no more accidental multi-tenant data sharing.
▸Customer intake API no longer leaks store_id, employee_user_id, or bulk_session_id to the public form.
▸Single-device offer auto-email — if the customer captured an email via the intake QR, the receipt sends on Bought.
v0.4.02026-05-21
Bulk-buy sessions, lifecycle tracking, customer intake QR
▸Bulk-buy mode for games. Scan a pile of cartridges, default offer = Quick Flips × your margin, per-row edit, FL-NNNNNN receipt with QR for re-scan.
▸Customer intake QR — desktop shows a QR, customer scans, fills name / phone / address / email + front-and-back ID photo on their phone. Form fills in live on the employee monitor.
▸Customer-attached single-device buys. Hard-gated: ✓ Bought is blocked until you either attach a customer or check Skip.
▸Email receipt auto-sends on Finalize when the customer provided an email.
▸Purchases page with lifetime margin: paid → sold → margin %, per-row "Mark sold" action, audit-logged Delete.