Vuken
Sign Up
Changelogv1.0.2build 1.0.2.202605270514

Release Notes

A full history of features, improvements, and fixes shipped to the Vuken platform.

2026-05-27
v1.0.2 — Cashier Payment Link, Collection API & SSR Stability

build 1.0.2.202605270514

Introduces the Cashier token list manager and payment link generator, updates the collection API to use address strings, migrates per-asset minimum collection amounts, and resolves multiple SSR hydration mismatches.

NewCashier Payment Link
  • New Cashier button on sub-address detail page — generate a shareable payment link with QR code
  • Customers can open the payment link in any browser without logging in
  • Configurable link validity period (1h / 2h / 8h / 24h)
  • Merchant can now select the collect asset (USDT / TRX) when generating a cashier link; asset is encoded in the URL and respected by the payment page
  • QR code and copyable URL displayed immediately after generation; asset badge shown in the token info table
  • Handles existing active sessions: shows warning and provides Revoke & Regenerate option
  • Security notice: raw token is only shown once (HTTP 201); once lost, the session must be revoked
  • Open in new tab button for quick preview of the payment page
  • Payment page (cashier): QR code is now shown inline and expanded by default — no click required
  • Payment page: only the selected collect asset balance is displayed (not all balances)
  • Payment page: progress bar shows how far the balance is from the minimum collect amount
  • Payment page: collection task section shows task number, command number, started_at, and finished_at timestamps
  • Payment page: Collect Now button is hidden while a task is in progress; an informational banner is shown instead
  • Payment page: How to Pay guidance updated with clear 3-step flow (scan → refresh → collect)
ImprovedCollection API
  • Collection requests now use wallet address string instead of numeric wallet_address_id
  • Updated open-platform.md API reference to reflect the new address-based field
  • Cashier page (payer side) polling interval corrected to 30 seconds
  • Cashier page isTaskRunning now uses the complete CollectionTaskStatus in-progress set (not just status 1/2)
ImprovedPer-Asset Minimum Collection Amounts
  • Sub-address subscription settings now support per-asset minimum collection amounts (USDT / TRX) instead of a single global value
  • API field renamed from min_collect_amount (string) to min_collect_amounts (map: { USDT: '...', TRX: '...' })
  • Cashier page now reads min_collect_amounts[asset] from the session — the per-asset minimum is matched to the selected collect asset
  • Wallet detail collect modal now loads the sub_address subscription config and enforces per-asset minimums before enabling the Collect button
  • Collect modal shows available balance and min collect amount side-by-side; button is disabled with warning when balance is below threshold
NewCashier Token Manager
  • Clicking the Cashier button on a sub-address now opens a token list manager instead of directly opening the generation form
  • List view shows all cashier tokens for the current address: status badge, expiry, network, TTL, and creation time
  • Active tokens can be revoked individually from the list; expired tokens are clearly labeled
  • Inline create view within the manager: select asset, set TTL, generate link and QR code without leaving the panel
  • Back-to-list button after generation automatically refreshes the token list
ImprovedAmount Display Clarity
  • Minimum collection amount configuration inputs now accept human-readable units (e.g. enter 1 for 1 USDT) instead of raw integers
  • A live conversion preview shows the raw integer value that will be sent to the API alongside the current saved limit
  • Collect modal on wallet detail page now displays balance and minimum collect threshold in human-readable format
  • Warning message in collect modal uses formatted amounts instead of raw integer strings
Fixed
  • Fixed crash in sub-address subscription settings: typing in the minimum collection amount field caused the entire form to disappear due to .trim() called on a numeric value
  • Minimum collection amount input changed from type=number to type=text with inputmode=numeric to prevent v-model receiving a number instead of string
  • Fixed useRoute() called inside auth middleware warning: replaced useRoute() with the to parameter provided by defineNuxtRouteMiddleware
  • Fixed SSR hydration mismatch on sidebar user label: user display name now stored in an SSR-safe cookie (auth_display_name) so server and client render the same value
  • Fixed SSR hydration mismatch on Dashboard page: user name, email, and welcome greeting now use SSR-safe cookies (auth_display_name / auth_display_email) instead of client-only useState
  • Fixed SSR hydration mismatch on ChangeEmail component: current email display now reads from auth_display_email cookie
  • Cookies are updated on login, register, fetchMe, and updateName; cleared on logout
2026-05-25
v1.0.1 — Two-Factor Authentication (TOTP) & Dashboard Layout

build 1.0.1.202605260525

Introduces Google Authenticator TOTP two-factor authentication with a full enable/disable flow, a global 403 TOTP Guard that intercepts protected API calls and retries automatically, and a redesigned dashboard layout using Nuxt UI's built-in Dashboard components. Includes several critical bug fixes.

NewTwo-Factor Authentication
  • Enable 2FA in Settings → Security using any TOTP-compatible app (Google Authenticator, Authy, etc.)
  • QR code display + manual Base32 secret key for device-less setup
  • 6-digit UPinInput with auto-submit on completion
  • Secure disable flow — requires a valid TOTP code to turn off 2FA
  • Login page handles TOTP-REQUIRED response and switches to OTP input step seamlessly
NewGlobal TOTP Guard
  • HTTP client intercepts 403 TOTP-CODE-REQUIRED responses from any protected endpoint
  • TotpGuardModal opens automatically, prompts for the 6-digit code, then retries the original request — no user-facing interruption
  • Protected endpoints: password change, email change, subscriptions, transfers
ImprovedDashboard Layout
  • Console layout rebuilt with UDashboardGroup + UDashboardSidebar + UDashboardPanel
  • Sidebar supports drag-to-resize and collapsible icon-only mode
  • Mobile sidebar toggle built into UDashboardNavbar — no custom hamburger needed
  • Sidebar state (size, collapsed) persisted automatically by UDashboardGroup
Fixed
  • Updating password no longer invalidates the current API token session
  • Fixed unable to disable TOTP — server returned error due to incorrect request handling
  • Fixed profile/password and profile/email/change not triggering the TOTP guard modal (missing onTotpRequired callback in useAuth)
  • HTTP client delete() method now correctly forwards request body to the server
Security
  • Sensitive operations protected by X-TOTP-Code header when 2FA is enabled
  • Backup secret key shown during TOTP setup to prevent account lockout
  • TOTP disable action requires a valid 6-digit code to prevent accidental or malicious disabling
2026-05-25
v1.0.0 — Initial Release

build 1.0.0.202605251101

First public release of Vuken — anonymous TRC20 wallet management platform.

New
  • Main wallet address creation and management
  • Token balance display with manual and auto refresh
  • TRON resource management — Energy and Bandwidth overview with stake/unstake/delegate/undelegate operations
  • Sub-address generation and management (requires Sub Address subscription)
  • Token collection tasks to sweep sub-addresses into main wallet
  • Withdrawal (transfer) from main wallet with idempotency protection
  • Command history with type and status filtering, pagination
  • Network API Key management (TronGrid Pro integration)
NewDeveloper Platform
  • REST API access with Bearer token authentication
  • Developer API token creation and revocation
  • Webhook configuration with HMAC-SHA256 signature
  • Webhook delivery records and debug testing
  • Open Platform API reference documentation
NewSubscriptions
  • Developer subscription (free) — API access, webhooks, cashier
  • Sub Address subscription — 3 tiers: Starter (9.9 TRX), Standard (19.9 TRX), Enterprise (39.9 TRX)
  • Subscription settings panel per service
  • Plan change and cancellation support
NewCashier
  • Payment link generation for sub-addresses
  • Time-limited cashier token issuance
  • No Vuken account required for payers
NewAccount & Security
  • Email-only registration — no KYC required
  • Email verification flow
  • Profile management: update username, password, and email
  • Automatic session expiry and 401 redirect handling
  • Light mode default with system preference detection
Security
  • All API keys encrypted at rest with AES-256-GCM
  • Developer API tokens shown only once at creation
  • Webhook payload signed with HMAC-SHA256
  • HTTP-only cookie-based auth token storage (SSR-safe)