New

• dashboard: add webhook delivery debugger and email HTML preview #253
• api: add email validation service endpoint #252
• dashboard: DMARC monitoring dashboard with per-domain stats and trend charts #251
• dashboard: add GDPR compliance report PDF generation #250
• deploy: automate migration init container and CI image tag updates #248
• metrics: add async operations observability metrics #249
• sdk: automate Rust SDK versioning and publishing with release-plz #239
• api: add async operations tracking for batch send and GDPR erase #238
• dashboard: add deliverability insights page with ISP breakdown and reputation scoring #237
• sdk: add API keys, GDPR modules and fix signature inconsistencies #236
• auth: add scoped API keys with fine-grained permissions #235
• auth: unify API and Dashboard auth into shared middleware #234

Fixed

• api: post-sprint hardening — enum types, self-hosted Chart.js, query limits, tests #247
• tests: check error type instead of status code for scope gate test
• api: correct operations SQL enum casting and scoped key test payloads
• ci: correct trigger function name in operations migration and apply cargo fmt
• dashboard: register admin domains template in Minijinja environment #246
• sdk: allow dirty working directory in release-plz config #244
• sdk: add missing permissions and config path for release-plz #243
• sdk: install gh CLI on self-hosted runner for release-plz #242
• sdk: install clippy component in CI toolchain #241
• worker: use sorted set delay queue for webhook retry backoff #232
• auth: return 503 Service Unavailable on database errors during authentication #233