Release Feb 14, 2026

Protected API routes now require bearer token authentication, conversion throughput is more reliable, and public health and documentation endpoints are available.

✨ New

• Public health endpoint that reports service status without authentication.
• API documentation endpoint serving OpenAPI definitions for integrations.

💎 Improved

• Protected API routes now require a bearer token; missing or wrong token returns 401.
• Background conversion worker with concurrency, queue limits, and timeouts improves throughput and prevents long-running conversions.
• Fetch handling now blocks local hostnames and reserved IP ranges to reduce internal network exposure.
• Deployment docs clarified required token handling and that production start does not automatically load development env files.