1.3.1 (2026-05-16)
- a11y: use .visually-hidden for skip-link to remove visible 1px sliver (#75) (4098376)
- a11y: WCAG AA contrast fixes for status colors (d6ee74d)
- a11y: WCAG AA contrast fixes for status colors + restore accent card (fe29524)
- csp: resolve report-only violations for inline script and Iconify API (7a151ea)
- csp: resolve report-only violations for inline script and Iconify API (cc99255), closes #60
- require adminId for impersonate action (#63) (2c9c161)
- require adminId for impersonate action (#63) (61a0bf9)
1.3.0 (2026-05-07)
- add Content-Security-Policy in Report-Only mode (b64b6fa)
- add Content-Security-Policy in Report-Only mode (2e77065), closes #39
- a11y: WCAG 2.2 AA fixes for portal, admin, marketing layouts (fb3d670), closes #49
- a11y: WCAG 2.2 AA fixes for portal/admin/marketing layouts (72dd0cf)
- add report-uri to CSP and create /api/csp-report sink (c9cf0aa)
- stop mutating global svelte-i18n locale store from server hook (66a30d2)
- stop mutating global svelte-i18n locale store from server hook (94d63f2)
- auth: throttle session lastActiveAt write (afca92d)
- auth: throttle session lastActiveAt write to once per 5 minutes (77ed921), closes #38
1.2.0 (2026-04-28)
- admin: allow adding users to an organisation from the detail page (789d548)
- admin: allow creating and deleting organizations from the admin panel (58f131b)
- admin: create/delete organizations + fix header toggle layout (053435f)
- admin,portal: align theme and language toggles in header (29314ac)
- admin: include org name in suspend/activate audit log entries (42308fc)
- admin: record client IP in admin audit log (f39251c)
- prevent register page from forcing scroll on short viewports (e5b41a5)
- prevent register page from forcing scroll on short viewports (123a6ef), closes #30
1.1.2 (2026-04-25)
- security: strict match on DNS TXT verification record (ed780dd)
- update pricing to €5 Small / €3 Medium (01b5fce)
- update pricing to €5/user for Small and €3/user for Medium (d5ef578)
1.1.1 (2026-04-24)
- remove unused .key-banner code CSS selector (0e519b9)
- seo: add structured data, canonical tags, security headers, sitemap (21fe32b)
- seo: structured data, canonical tags, security headers, sitemap (830cd9f)
1.1.0 (2026-04-24)
- add legacy pkg api_keys migration script and plan (8dee289)
- add purple PostGuard shield favicon as 144x144 PNG (d7c07e5)
- add users table and Yivi-based registration (9c1097f)
- add users table to separate org signing attrs from user identity (2e2e926)
- admin: show users per organisation on org detail page (9f12bd8)
- admin: show users per organisation on org detail page (d202745)
- auto-push schema and seed admin on container startup (bf6dfed)
- i18n: add Dutch and English translations (d4a2ac2)
- i18n: add Dutch and English translations across entire app (60f6d05)
- migration script for legacy pkg api_keys → business PG- format (8e40573)
- nav: show logged-in state in marketing header (300bf70)
- nav: show logged-in state in marketing header (5eace1b), closes #16
- proxy IRMA requests through SvelteKit backend (e2367f1)
- replace registration form with Yivi disclosure flow (2b982aa)
- show commit hash in footer version (e.g. v1.0.0+abc1234) (7e0dcbb)
- show version indicator in footer from package.json (18d4407)
- switch to file-based migrations with safety checks (7087869)
- a11y: improve color contrast to pass WCAG AA in both themes (196d8b9)
- add accessible labels to theme toggle buttons (452d911)
- add accessible labels to theme toggle buttons (4278cf5), closes #5
- center contact person icon in members table (ba75628)
- change footer headings from h4 to h2 (4e07c0e)
- change footer headings from h4 to h2 (782135e), closes #6
- design: inline feature icons next to headings (6c8e60f)
- design: large background icons as decorative card accents (e498c56)
- design: mixed feature layout with rows and pairs (d1bc96b)
- design: replace AI template patterns with more distinctive layouts (bb4ee52)
- improve white-on-purple contrast in dark mode (58959bf)
- improve white-on-purple contrast in dark mode (8224ca8), closes #4
- include schema.ts in production image for seed script (7a30b44)
- include YIVI_SERVER_TOKEN when verifying session result from IRMA server (a4cca2e)
- keep impersonation banner inside viewport layout (0a94f99)
- keep impersonation banner inside viewport layout (e08cd8e), closes #18
- read version from package.json instead of SvelteKit build timestamp (e96c64e)
- redirect already-authenticated users away from login pages (fa5c56e)
- resolve svelte-check errors and add pre-commit type checking (84c349c)
- security: allowlist change-request field names (843e361)
- security: allowlist irma proxy path prefixes (e3fb6ba)
- security: allowlist irma proxy path prefixes (75021e7), closes #10
- security: allowlist org change-request field names (55ac721), closes #10
- set migrated orgs to active and resolve open product questions (2ebe532)
- use PostGuard logo + Business badge consistently, enable Yivi minimal mode (0b42a5f)
- wait for locale before rendering, update e2e tests (06d5350)
- add .dockerignore to exclude node_modules, .git, build artifacts (0229d7f)
- add database seed script with default admin account (6099cda)
- add example organization and API key to seed script (371764b)
- add FF_ADMIN_AUDIT_LOG feature flag for admin audit log (3476555)
- add FF_ADMIN_ORG_STATUS flag for activate/suspend and status column (375cae4)
- add styled error page for 404/500 errors (34a4c90)
- admin settings page with runtime feature flag toggling (d52d7ae)
- auto-run schema push and seed in docker compose (0782488)
- enforce FF_PORTAL_EMAIL_LOG feature flag on email log page and sidebar (e941e28)
- feature flag admin impersonation (FF_ADMIN_IMPERSONATION) (cde1fcc)
- impersonation redirects to portal and shows org view (3fec8e9)
- implement full application (phases 2-5) (8b041c9)
- initial project setup for PostGuard for Business (e9318c4)
- read admin credentials from env vars in seed script (77d2be1)
- replace DNS and audit log features with EU hosted and email revocation (coming soon) (c8a1959)
- separate org and admin login pages (e2650e6)
- upgrade yivi packages to 1.0.0-beta.4 (b007933)
- use irma-demo attributes for local development (e8896bd)
- use official Yivi frontend SDK for login flow (8876ed8)
- use PostGuard shield logo with purple colorway (3439e29)
- add --force to drizzle-kit push to skip interactive prompt in Docker (5362005)
- alias yivi-css to its dist CSS file for Vite 8 compat (9209112)
- apply dark mode class before first paint in app.html (aee3884)
- apply Overpass font to span, div, and th elements (52d406a)
- create drizzle/migrations dir so Docker COPY doesn't fail (6d93e83)
- disable SSE and use polling for IRMA session status (ff76a93)
- dynamically import yivi-css to avoid SSR failure (cd45481)
- enable HMR hot reload in Docker dev setup (8c92e94)
- enforce feature flags on all portal routes and sidebar (51b9768)
- enforce FF_ADMIN_PANEL on all admin routes except settings (073f2ea)
- enforce FF_PRICING_PAGE and FF_REGISTRATION on routes, nav, and landing page (3096502)
- ensure features section is visible on first page load (25b5a77)
- error page button navigates back instead of to home (d709143)
- force Node.js 24 for release-please action to suppress deprecation warning (bea4c2a)
- import yivi-css by direct path in onMount (753c9c6)
- login pages respect dark theme (27ffc69)
- move email revocation to bottom-right of features grid, fix KVK → KvK (e34f22c)
- move theme toggle from sidebar to top bar in portal and admin layouts (62cf579)
- pre-bundle yivi packages at dev server startup (8678eb6)
- provide dummy DATABASE_URL during Docker build for SvelteKit analyse phase (57c522b)
- read feature flags from .env instead of hardcoding in docker-compose (c3e80d8)
- remove confusing undo button from feature flag settings (9a68880)
- remove override badge from feature flag settings (238062a)
- resolve all svelte-check errors (b61a024)
- respect all feature flags on dashboard stat cards and quick actions (0474adc)
- restore bird face details in dark mode logo (only change blue to purple) (aa81a44)
- set Yivi frontend language to English (default is Dutch) (99209cc)
- stub eventsource polyfill to fix util.inherits browser error (8403e27)
- update postgres volume mount path in docker-compose (64cf33e)
- upsert admin account in seed so re-running updates credentials (8a9af99)
- use absolute path for eventsource alias and include yivi in optimizeDeps (b463666)
- use correct IRMA disclosure request format (22b2d83)
- use locals.session instead of parent() in form actions (481364c)