v4.0.1

Striae Release Notes - v4.0.1

Release Date: March 15, 2026
Period: March 15 - March 15, 2026
Total Commits: 7 (non-merge; metadata/canonical URL alignment, worker subdomain validation fixes, and runtime/deployment maintenance)

Patch Release - Metadata, Worker Routing, and Operational Refinements

Summary

• Updated canonical URL behavior and page meta title handling for public-route metadata consistency.
• Fixed worker subdomain check behavior and patched signed URL GET handling in route-sensitive paths.
• Updated security disclosure metadata and refreshed generated worker runtime types.
• Simplified deployment script behavior for lowercase worker naming and subdomain automation consistency.
• Preserved release stability with targeted patch-level fixes and low-risk maintenance updates.

Detailed Changes

Metadata and Canonical URL Alignment

• Updated canonical URL handling to reduce route-surface inconsistencies.
• Refreshed page meta title behavior for public-facing metadata correctness.

Worker Routing and Signed URL Stabilization

• Fixed worker subdomain check logic in proxy-sensitive routes.
• Patched signed URL GET handling to align with expected worker route validation semantics.

Security and Runtime Maintenance

• Updated security.txt metadata to reflect current release posture.
• Refreshed Wrangler-generated types to keep worker runtime contracts synchronized.
• Simplified worker script naming/subdomain automation behavior for cleaner operations.

Key Fix Summary

Category	Change	Impact
Metadata Consistency	Canonical URL and meta-title updates	Improves SEO consistency and reduces public-route metadata drift
Worker Route Validation	Subdomain check corrections and signed URL GET patch	Improves route and auth correctness for worker-bound requests
Security Metadata	security.txt refresh	Keeps disclosure and policy metadata current for this release
Deployment Operations	Worker-name casing and subdomain automation cleanup	Reduces script fragility and config drift risk
Runtime Contracts	Wrangler type refresh	Keeps generated runtime types aligned with deployed worker interfaces

Technical Implementation Details

App Metadata Layer

• Canonical URL and meta-title adjustments were applied to align route-level output with current domain and release metadata expectations.

Worker Proxy and Validation Layer

• Subdomain validation checks were corrected.
• Signed URL GET behavior was patched for route-sensitive worker integration paths.

Tooling and Script Layer

• Worker automation scripts were refined for consistent lowercase worker-name handling.
• Runtime type generation outputs were refreshed to match current worker definitions.
• Security metadata surfaces were updated in the release window.

Release Statistics

• Commit Range: v4.0.0..v4.0.1
• Commits Included: 7 (non-merge)
• Build Status: Succeeded (npm run build)
• Typecheck Status: Succeeded (npm run typecheck)
• Lint Status: Succeeded with warnings (npm run lint: 0 errors, 2 warnings)

Commits Included (non-merge)

• b170fb09 patch signed url get
• 23f1ffb1 update canonical urls
• 938d0d50 upd security.txt
• d99efb2c update meta titles
• 2db492e1 refresh wrangler types
• 7782072b fix worker subdomain checks
• 6c924a99 refresh, script - worker names lowercase, simplify worker subdomain automations

Closing Note

v4.0.1 delivers targeted patch-level refinements focused on metadata consistency, worker routing validation, and operational hardening while maintaining the secure baseline established in v4.0.0.

v4.0.0

Striae Release Notes - v4.0.0

Release Date: March 15, 2026
Period: March 14 - March 15, 2026
Total Commits: 37 (non-merge; security, API proxy migration, and secret/config hardening; general cleanup and stabilization)

Major Release - Security, API, and Secret Hardening Migration

Summary

• Migrated app transport to same-origin Pages API proxy routes with Firebase bearer-token verification at the edge boundary.
• Hardened internal worker authentication paths and upstream proxy header handling across user, data, audit, image, and PDF request surfaces.
• Expanded and standardized secret deployment flow (workers and Pages), including stronger config/secret separation and deployment-script validation.
• Simplified and stabilized worker-domain handling by removing custom-domain injection into worker Wrangler configs while preserving secret-based routing contracts.
• Applied targeted stabilization fixes during migration (header auth semantics, deletion reliability, 500-path corrections, and type generation refresh).

Detailed Changes

API Boundary Migration and Authentication Hardening

• Refactored frontend/backend API interactions to route through Pages /api/* proxy endpoints instead of direct worker-domain browser calls.
• Added and refined Firebase token retrieval/lookup/verification behavior for API-bound requests.
• Completed phased migration of higher-risk operations and service routes with auth-scoped forwarding behavior.
• Corrected auth-response handling to improve proxy/worker interoperability after migration.

Secret Management and Deployment Hardening

• Added Pages secret deployment workflow and integrated required secret contracts for proxy routing and worker auth.
• Updated deploy/config scripts to reduce legacy fallback behavior and tighten configuration consistency.
• Strengthened script guidance around generated config, validate-only checks, and deployment ordering.
• Kept worker domains as secret/config inputs for routing and fallbacks, not as worker Wrangler custom-domain replacement values.

Worker Auth and Route Surface Stabilization

• Removed custom worker route replacement paths from deployment flow where they were causing drift and complexity.
• Iterated worker Access/auth changes, then stabilized with targeted reverts to keep the secure proxy-secret baseline intact.
• Regenerated worker runtime types and aligned migration-era auth/header behavior across workers.

Reliability, Operations, and Supporting Refinements

• Fixed deletion-operation reliability and upstream error handling in migration call paths.
• Addressed API-path failures (including 500-class regressions) discovered during migration rollout.
• Updated compatibility metadata and preserved release-surface stability through final script and auth cleanups.
• Included in-window UX/supporting updates (for example single-case export progress visibility) alongside security/API migration work.

Key Fix Summary

Category	Change	Impact
API Security Boundary	Same-origin /api/* proxy migration with Firebase edge verification	Reduces direct worker exposure and centralizes auth enforcement at the Pages boundary
Worker Auth Hardening	Header/auth semantics refined across worker proxy paths	Improves internal service trust enforcement and reduces auth drift/failures
Secret and Config Hardening	Pages+worker secret deployment and stricter script validation	Makes deployment safer, more repeatable, and less error-prone
Route/Domain Stabilization	Removed worker custom-domain replacement in Wrangler updates	Prevents config churn while preserving secret-driven upstream routing
Migration Reliability	Targeted fixes and controlled reverts during rollout	Maintains secure, stable behavior while converging on hardened architecture

Technical Implementation Details

API and Edge Verification Layer

• Migrated service calls in phased sequence to proxy-backed API transport.
• Hardened Firebase token handling and request validation for auth-gated API routes.
• Corrected auth header handling to align Pages proxy and worker enforcement behavior.

Deployment and Secret Layer

• Added/iterated Pages secret deployment script behavior and required secret inventory.
• Updated deploy-config/deploy-worker-secrets flows for stricter config hygiene and reduced legacy fallback behavior.
• Stabilized worker-domain treatment as secret routing inputs rather than Wrangler replacement targets.

Worker and Runtime Layer

• Applied worker auth/header fixes across migrated services.
• Regenerated worker runtime types and aligned migration outputs with current contracts.
• Used targeted reverts to preserve secure baseline behavior when intermediate migration paths introduced excess complexity.

Release Statistics

• Commit Range: v3.3.0..v4.0.0
• Commits Included: 37 (non-merge)
• Build Status: Succeeded (npm run build)
• Typecheck Status: Succeeded (npm run typecheck)
• Lint Status: Succeeded with warnings (npm run lint: 0 errors, 2 warnings)

Closing Note

v4.0.0 marks a major architectural hardening milestone: API transport now centers on authenticated edge proxy boundaries, worker auth and secrets are more rigorously managed, and deployment scripts are aligned to a safer secret/config migration model for production operations.

v3.3.0

Striae Release Notes - v3.3.0

Release Date: March 14, 2026
Period: March 14 - March 14, 2026
Total Commits: 20 (non-merge; portable signature verification, sidebar UX refinement, and npm package metadata/distribution updates)

Minor Release - Portable Verification Packages, Sidebar UX Refinement, and Package Distribution Updates

Summary

• Added a reusable internal verification utility and bundled public signing key PEM files into case and confirmation export packages for portable authenticity verification.
• Extended case and confirmation import flows to use ZIP-contained PEM files for signature verification when present, with configured-key fallback when a PEM is absent.
• Refined sidebar experience with reduced case-management clutter, toast-based sidebar feedback, and targeted button/layout polish across the release window.
• Updated npm package metadata and publish file selection to improve package discoverability and ensure required PDF worker helper files are included in the distributable scaffold.
• Stabilized release surfaces with manifest reinstatement plus metadata refreshes during the same-day release window.

Detailed Changes

Portable Verification and Export Packaging

• Added an internal verifier utility to support more direct signature validation workflows.
• Packaged public signing key PEM files with case ZIP exports and confirmation export bundles.
• Refined verification-template and clipboard support used alongside authenticated export verification flows.

Import Verification and Authenticated Transfer Hardening

• Updated import verification flows to consume PEM files carried inside signed ZIP packages.
• Preserved configured verification-key fallback for import scenarios where a bundled PEM is not present.
• Strengthened signed export portability by keeping verification material adjacent to exported payloads.

Sidebar UX and Interaction Refinements

• Reduced case-sidebar clutter with case-management UI/UX refinements during active case work.
• Moved sidebar success/failure messaging to toast-based feedback.
• Applied iterative button and sidebar polish passes across switch/cancel and related interaction states.

Package Metadata and Publish Surface Updates

• Updated npm package keywords and long-form description to better reflect authenticated confirmations and report-generation capabilities.
• Refined package file-list behavior for publish output and aligned included worker helper assets/scripts with the intended distribution surface.

Metadata, Notification, and Release Stabilization

• Refreshed app metadata across the release window.
• Iterated notification behavior, landing on a cleaner permission/toast posture after in-window experimentation.
• Reinstated manifest-related behavior as part of release stabilization before the minor version cut.

Key Fix Summary

Category	Change	Impact
Verification Portability	PEM files bundled with signed export packages plus internal verifier utility	Improves independent validation and keeps signature-verification material with exported artifacts
Import Hardening	ZIP-contained PEM verification with configured-key fallback	Strengthens authenticated import handling while preserving compatibility when PEM is absent
Sidebar UX	Case-management decluttering and toast-based status messaging	Reduces workflow noise and makes operational feedback more visible
Package Distribution	npm description/keywords/file-list updates	Makes the published package clearer and ensures required PDF worker helpers ship with the scaffold
Release Stability	Manifest reinstatement and metadata/notification cleanup	Keeps the minor release surface coherent after same-day iteration

Technical Implementation Details

Verification and Export Layer

• Added reusable internal verification support to authenticated export flows.
• Updated export packaging so public verification keys travel with signed case and confirmation artifacts.

Import and Validation Layer

• Extended import verification logic to recognize bundled PEM files inside ZIP packages.
• Maintained fallback verification behavior through configured public-key resolution when bundled keys are unavailable.

UI and Interaction Layer

• Reworked sidebar flow and feedback presentation to reduce visual clutter during active case review.
• Applied iterative button and interaction polish throughout the sidebar-related surfaces touched in this release window.

Packaging and Metadata Layer

• Refined published package metadata and whitelist behavior.
• Aligned distributable contents with the current PDF worker helper/script requirements.

Release Statistics

• Commit Range: v3.2.2..HEAD
• Commits Included: 20 (non-merge)
• Build Status: Succeeded (npm run build)
• Typecheck Status: Succeeded (npm run typecheck)
• Lint Status: Succeeded with warnings (npm run lint: 0 errors, 2 warnings)

Commit List (Non-Merge)

• 845dcae7 (2026-03-14) - upd description npm
• c7f87e14 (2026-03-14) - upd keywords
• a4f5ff1e (2026-03-14) - npm package file list upd
• 698a2d4d (2026-03-14) - ui/ux dev
• 9b31716b (2026-03-14) - ui/ux dev
• cf46eeeb (2026-03-14) - button ui/ux dev
• dce8d2fa (2026-03-14) - button dev
• 4007ee3f (2026-03-14) - cancel button dev
• 7fff586a (2026-03-14) - sidebar messages to toasts
• ccc464fb (2026-03-14) - Case management UI/UX dev
• 4a9e9015 (2026-03-14) - add PEM import verification flows
• 2bc311e3 (2026-03-14) - include public key PEM files in ZIP and confirmation exports
• e62dc340 (2026-03-14) - Internal verifier utility dev
• dc6011f6 (2026-03-14) - clipboard utility and signature verification templates
• 509e9685 (2026-03-14) - rm desktop notif permissions
• 744b961c (2026-03-14) - permissions and successful login toast
• 8c601fae (2026-03-14) - add desktop notifications for toasts
• 6bf0a7de (2026-03-14) - upd meta
• 5b41a839 (2026-03-14) - upd meta
• 9be65870 (2026-03-14) - reinstate manifest

Closing Note

v3.3.0 is a same-day minor release that packages verification material directly with signed exports, hardens import verification portability, and refines the day-to-day sidebar/package experience around those authenticated workflows.

v3.2.2

Striae Release Notes - v3.2.2

Release Date: March 14, 2026
Period: March 14 - March 14, 2026
Total Commits: 33 (non-merge; audit-service refactor phases, PDF asset/format re-organization, repository hygiene, and release metadata updates)

Patch Release - Audit Service Refactor Consolidation and Repository Hygiene

Summary

• Consolidated a multi-phase audit service refactor and cleanup sequence, with follow-on normalization of shared type imports and User type usage.
• Reorganized PDF worker assets and formats, including removal of legacy custom-asset paths.
• Applied repository hygiene passes across filename normalization, .gitignore, lint iterations, and Cloudflare type generation.
• Executed and then reverted keys/config migration and keys-worker decommission experiments within the same release window to preserve deployment baseline behavior.
• Updated project funding metadata and captured dependency movement history, including Vite bump and corresponding revert activity.

Detailed Changes

Audit Service Refactor and Type Normalization

• Completed phased audit service refactor updates (phase 1 through phase 4) followed by cleanup consolidation.
• Normalized shared type import patterns and User type usage consistency across affected modules.

PDF Worker Asset/Format Reorganization

• Moved PDF worker assets/formats into the updated organization layout.
• Removed legacy/custom PDF asset references and aligned generated asset placement.

Repository Hygiene and Operational Stability

• Applied lint-driven cleanup commits and refreshed Cloudflare type generation output.
• Corrected filename and .gitignore adjustments, including explicit revert commits where needed.
• Reverted in-window keys/config migration and keys-worker decommission change set to avoid unstable release-surface drift.

Funding and Dependency Metadata

• Updated Patreon/funding metadata references.
• Recorded Vite dependency bump and revert history in the release commit stream.

Key Fix Summary

Category	Change	Impact
Audit Services	Multi-phase refactor consolidation and cleanup	Improves maintainability and consistency of audit operation pathways
Type Safety	Type import and User usage normalization	Reduces type drift and improves compile-time consistency
PDF Worker	Asset/format structure reorganization	Simplifies worker source organization and future format maintenance
Repository Hygiene	Lint/typegen/filename/ignore cleanup	Reduces maintenance noise and improves repo hygiene
Change Control	Explicit reversions for keys/config and worker decommission attempts	Preserves stable runtime baseline during patch release
Package Metadata	Patreon/funding updates and dependency-history capture	Keeps release metadata and package lifecycle history aligned

Technical Implementation Details

Service Layer

• Audit service pathways were iteratively refactored and then consolidated into a cleanup pass.
• Type normalization updates aligned import conventions and User usage across impacted modules.

Worker Layer

• PDF worker source structure now separates assets/formats in the updated layout.
• Legacy custom asset remnants were removed to reduce duplicate or stale worker sources.

Repository and Tooling Layer

• Lint and typegen maintenance commits refreshed repository hygiene.
• Filename and ignore-file adjustments were applied with matching corrective reverts where necessary.

Configuration and Packaging Layer

• Keys/config migration and keys worker decommission experiments were rolled back in-window.
• Funding metadata updates were finalized while dependency movement remained documented in commit history.

Release Statistics

• Commit Range: v3.2.1..v3.2.2
• Commits Included: 33 (non-merge)
• Build Status: Succeeded (npm run build)
• Typecheck Status: Succeeded (npm run typecheck)
• Lint Status: Succeeded with warnings (npm run lint: 0 errors, 2 warnings)

Commit List (Non-Merge)

• ca6356d2 (2026-03-14) - Revert "Merge pull request #687 from striae-org:dependabot/npm_and_yarn/vite-8.0.0"
• d8a129f1 (2026-03-14) - upd patreon
• 41f2c32b (2026-03-14) - add generated assets
• c90560e4 (2026-03-14) - upd gitignore
• 561b8619 (2026-03-14) - cf typegen
• 336b1c20 (2026-03-14) - lint dev
• 04da0b6a (2026-03-14) - lint dev
• 63325d8b (2026-03-14) - normalize type imports
• 9d292e10 (2026-03-14) - normalize User type usage
• e066ad8d (2026-03-14) - upd User type usage
• 473b73df (2026-03-14) - audit service refactor and cleanup
• 01f5e577 (2026-03-14) - audit service refactor phase 4
• 30e7c421 (2026-03-14) - audit service refactor phase 3
• 1a7b1b54 (2026-03-14) - audit refactor phase 2
• 9efa69b0 (2026-03-14) - Audit service refactor phase 1
• 6f7f783d (2026-03-14) - move pdf assets and formats for organization
• 2631bf36 (2026-03-14) - rm cutom assets from pdf worker
• 25cfe438 (2026-03-14) - rm custom assets from pdf worker
• cf5b604f (2026-03-14) - Revert "config/key migration phase A"
• fc4e6f1b (2026-03-14) - Revert "config/key migration phase dev"
• 3a5e1d0e (2026-03-14) - Revert "key/config migration phase dev (operations)"
• 9dd603e6 (2026-03-14) - Revert "rm keys worker and references - decommissioned"
• 029f1d19 (2026-03-14) - Revert "gitignore upd"
• f8e7f324 (2026-03-14) - Revert "fix filenames"
• fda0a346 (2026-03-14) - fix filenames
• c2167dce (2026-03-14) - gitignore upd
• 7fbe9665 (2026-03-14) - rm keys worker and references - decommissioned
• 052169ed (2026-03-14) - key/config migration phase dev (operations)
• b2a71546 (2026-03-14) - config/key migration phase dev
• 0afd6ed4 (2026-03-14) - config/key migration phase A
• 13e40938 (2026-03-14) - make patreon primary funding
• 6254bde7 (2026-03-14) - upd patreon funding
• 48e52d87 (2026-03-14) - Bump vite from 6.4.1 to 8.0.0

Closing Note

v3.2.2 is a same-day stabilization patch that consolidates audit refactor work, keeps PDF worker source layout clean, and preserves baseline behavior through explicit in-window reversions.

v3.2.1

Striae Release Notes - v3.2.1

Release Date: March 14, 2026
Period: March 13 - March 14, 2026
Total Commits: 15 (non-merge; React Router migration, export hardening, dependency refresh, and release metadata updates)

Patch Release - React Router Migration, Export Pipeline Hardening, and Dependency Refresh

Summary

• Completed the React Router runtime migration across the app shell, route handling, server/client entrypoints, and Cloudflare Pages integration.
• Hardened export processing with targeted XLSX safeguards, migration to ExcelJS, and externalized ExcelJS bundling for leaner client delivery.
• Improved export UX by moving case-export progress behavior for clearer long-running operation feedback.
• Refreshed root and worker dependency surfaces, including React/React DOM updates, npm audit remediation, and worker package lock/package synchronization.
• Strengthened deployment and configuration reliability with deploy-script hardening, deprecation cleanup, and compatibility/date alignment in example configuration files.
• Updated package metadata and documentation with funding links, React Router documentation alignment, and final version rebuild to 3.2.1.

Detailed Changes

React Router Migration and Runtime Alignment

• Migrated core app runtime plumbing from legacy framework conventions to React Router across route config, root wiring, and server/client entrypoints.
• Updated Cloudflare Pages function integration and React Router build/typegen command paths in project scripts.
• Refreshed project docs and internal guidance to consistently reference React Router deployment/runtime behavior.

Export Pipeline Hardening and ExcelJS Transition

• Added XLSX export hardening updates in export data processing and download handler paths.
• Migrated case export spreadsheet generation to ExcelJS-backed handling.
• Externalized ExcelJS client bundle assets to vendor-delivered static files with aligned type definitions and download flow integration.
• Moved case export progress behavior to improve visibility and continuity of export status updates.

Dependency, Worker, and Tooling Maintenance

• Bumped React and React DOM package versions and applied npm audit-driven dependency updates.
• Applied deprecation cleanup and dependency lock refresh in root package metadata.
• Updated worker package manifests/locks and refreshed worker dependency state.
• Updated worker compatibility examples and release metadata during the version rebuild pass.

Deployment and Release Metadata Updates

• Hardened deploy orchestration/config scripts for safer and more predictable environment preparation.
• Added package funding links for GitHub Sponsors and Patreon support.
• Completed final package/version metadata rebuild for the 3.2.1 patch line.

Key Fix Summary

Category	Change	Impact
Framework Migration	React Router runtime migration across app/routes/entry/functions	Aligns frontend runtime with current router stack and deployment model
Export Integrity	XLSX hardening + ExcelJS migration + externalized bundle	Improves export safety while reducing bundle pressure in spreadsheet workflows
UX Reliability	Case export progress flow relocation	Gives clearer long-running export feedback and status continuity
Ops and Security Hygiene	npm audit/deprecation updates plus deploy script hardening	Reduces maintenance risk and improves deployment reliability
Worker Maintenance	Worker package/lock refresh and compatibility example updates	Keeps edge services synchronized and easier to operate
Release Metadata	Funding links, docs refresh, and version rebuild	Improves package discoverability and release consistency

Technical Implementation Details

Routing and Runtime Layer

• Updated route/runtime infrastructure to React Router conventions in app entrypoints, routing configuration, and Cloudflare Pages function integration.
• Kept TypeScript/typegen flow aligned with React Router tooling commands.

Export and Data Layer

• Hardened spreadsheet data preparation and export handler logic.
• Transitioned spreadsheet generation path to ExcelJS.
• Added vendor-bundle externalization path for ExcelJS and integrated supporting type declarations.

Deployment and Worker Layer

• Improved deployment script safeguards for configuration/deployment sequencing.
• Updated worker package dependencies and lockfiles for consistency across edge services.
• Refreshed worker Wrangler example configs during release rebuild.

Documentation and Packaging Layer

• Updated documentation references to React Router where applicable.
• Added package funding metadata and finalized 3.2.1 package/lock metadata alignment.

Release Statistics

• Commit Range: v3.2.0..HEAD
• Commits Included: 15 (non-merge)
• Build Status: Succeeded (npm run build)
• Typecheck Status: Failed (npm run typecheck) due to missing @cloudflare/puppeteer module resolution in workers/pdf-worker/src/pdf-worker.ts and workers/pdf-worker/src/pdf-worker.example.ts
• Lint Status: Failed (npm run lint) with existing repository lint debt (493 errors; includes minified vendor script lint hits and Node global usage in workers/pdf-worker/scripts/generate-assets.js)

Commit List (Non-Merge)

• 44a96a8f (2026-03-13) - intiial migration dev
• 2eb4f1fa (2026-03-13) - harden deploy scripts
• 6eeb20b0 (2026-03-13) - bump react react dom
• a23e833e (2026-03-13) - npm audit fix
• 8a9c84a3 (2026-03-13) - xlsx hardening
• 21b44e6c (2026-03-13) - migrate to exceljs
• 4d64f36b (2026-03-13) - externalize exceljs bundle
• 6e7988e5 (2026-03-13) - move case export progress
• 526b6167 (2026-03-13) - worker audit fixes and upd wrangler
• 47516171 (2026-03-14) - address deprecations
• 4cd4c6da (2026-03-14) - npm install refresh
• e99e09df (2026-03-14) - worker refresh
• 55108114 (2026-03-14) - add funding links to patreon
• 2ad4713e (2026-03-14) - upd docs for react router
• 77130a04 (2026-03-14) - version rebuild

Closing Note

v3.2.1 is a stabilization patch that completes the React Router migration baseline, strengthens spreadsheet export pathways, and refreshes dependency/deployment surfaces for safer operations.

v3.2.0

Release Notes — v3.2.0

Release Date: March 13, 2026
Covered Period: Since v3.1.1
Non-merge Commits: 14

Changes

• 2a192ce pdf worker auth dev
• 92f9dc8 reduce default timeout interval
• d68e971 Change Firebase Auth session persistence
• a07cd6d install deps
• 84f1635 add automated worker domain entry to script
• 54798b3 pdf worker generated assets
• 1383f6d add png to routes
• dff03d0 upd compat dates
• 2715c13 restore icon
• e6b1176 mv wiki to separate directory
• d22e95c upd gitignore
• 3d34d57 add pdf docs
• e31c383 bump v3.1.1
• 176b337 bump v3.1.1

Summary

Note: Summary excludes duplicate internal version-bump commits and focuses on functional changes.

• 🔐 PDF Worker Authentication Hardening - Added PDF-worker auth key protection and aligned worker key flow for secure report generation.
• 📄 PDF Pipeline Expansion - Added generated PDF assets and supporting PDF documentation updates.
• 🧭 Session and Timeout Behavior Updates - Switched Firebase Auth to session persistence and reduced default timeout interval behavior.
• ⚙️ Deployment and Config Improvements - Added automated worker-domain entry scripting and refreshed compatibility-date configuration.
• 🧹 Repository and Route Hygiene - Moved wiki content to a separate directory, updated .gitignore, and refined icon/PNG route handling.

v3.1.1

Release Notes — v3.1.1

Release Date: March 12, 2026
Covered Period: Since v3.1.0
Non-merge Commits: 13

Changes

• 4fdfc0d upd compat dates
• b887a75 clean up icons
• cd7a6d8 upd instructions
• 1c6ce86 patch pages secrets rm
• 0bac80b upd integrity verification in audit report
• 055fca7 fix max-height
• cb87fcf separate signing-key display into component (#684)
• 6a89088 revert wrangler
• 17b3ca3 GHSA DepBot 127 fix
• b7fb2a5 upd compat dates
• b288ba0 wrangler upd
• 951710c Bump isbot from 5.1.35 to 5.1.36

Summary

• 🧹 Icon Sprite Cleanup - Removed unused SVG symbols and manifest entries; sprite now contains only the 9 icons actively referenced in the app
• 🔑 Public Signing Key Component - Extracted public signing key display into a dedicated component for cleaner modal integration
• 📋 Audit Report Integrity - Updated integrity verification messaging in audit report output
• 📦 Dependency Updates - Bumped isbot; applied DepBot security advisory fix (GHSA)
• ⚙️ Config and Compat Maintenance - Refreshed Cloudflare compatibility dates, worker config, and Pages secrets handling

v3.1.0

Striae Release Notes - v3.1.0

Release Date: March 10, 2026
Period: March 9 - March 10, 2026
Total Commits: 20 (non-merge)

Minor Release - Verification UX, Security Hardening, and Tooling Cleanup

Summary

• Removed hash utility pathways and hash value exposure from validation UI flows.
• Added a public signing key modal for exports, including copy-to-clipboard support and verification guidance.
• Improved export modal behavior and containment (cursor handling, action placement, and layout stability).
• Completed ESLint flat-config migration and broad lint cleanup.
• Applied compatibility/configuration maintenance and repository hygiene updates.

Included Commits (Non-Merge)

• 06fc2fe add ol ul li styling global
• fe1163e cursor default
• 743d63c fix export modal
• 127d2c0 move button
• fb8b282 add public key display modal
• ca9ccf6 upd README
• 252ed6c upd striae bg image
• 8390f33 rm hash value exposures to ui
• a67bc58 rm @types/xlsx
• 2dac779 upd compat, remove xlsx types
• 630b586 fix export case modal
• 6da5a5b fix default cursor on modals
• 960b71f rm hash utility
• 1ccb1eb lint warning cleanups
• 398d54b global linting cleanup
• a356cf3 eslint flat config migration
• 5514434 clean up intructions
• 2ba9442 upd gitignore
• 6861cdc gitignore release notes
• 13e941f rm mobile prevented and stale utils

v3.0.5

Striae Release Notes - v3.0.5

Release Date: March 9, 2026
Period: March 9 - March 9, 2026
Total Commits: 4 (non-merge)

Patch Release - Metadata and Public Surface Cleanup

Summary

• Removed project author meta tag references from active route metadata.
• Removed deprecated meta-config/public SEO leftovers and tightened public no-index header behavior.
• Applied a small toolbar color selector font-size style fix.

Included Commits (Non-Merge)

• 4733bdb fix toolbar color selector font size style tag
• 058c21f rm author tags
• db7f9f9 rm meta and unused assets
• 9b25628 rm no-index headers

v3.0.4

Striae Release Notes - v3.0.4

Release Date: March 9, 2026
Period: March 9 - March 9, 2026
Total Commits: 5 (non-merge; package scope migration, install docs refinements, deploy-config sync hardening, package payload expansion)

Patch Release - Package Distribution and Deploy Config Refinements

Summary

• Migrated package identity from @striae/striae to @striae-org/striae and finalized package version 3.0.4.
• Expanded package publishing workflows with dedicated npmjs and GitHub Packages publish scripts.
• Updated package payload rules to include worker source files while excluding runtime worker entry files.
• Refined deploy configuration syncing to preserve real admin credentials and avoid copying example admin-service.json.
• Updated installation and deployment guidance for the package-based setup path.

Detailed Changes

Package Identity and Publishing

• Updated package metadata to @striae-org/striae with version 3.0.4.
• Added publish:npm registry targeting for npmjs and introduced publish:github / publish:github:dry-run scripts.

Package Payload Coverage

• Expanded npm package file inclusion to publish worker source modules (workers/*/src/*.ts).
• Explicitly excluded worker runtime entry files (workers/*/src/*worker.ts) from package payload while keeping needed report modules.

Deploy Config Hardening

• Updated scripts/deploy-config.sh to sync non-admin files from app/config-example into app/config without blindly replacing existing local config.
• Preserved existing app/config/admin-service.json when present and prevented copying example credentials into active config.
• Added clearer copy/skip reporting during config synchronization.

Documentation and Release Surface Updates

• Expanded .github/README.md package section to include end-to-end install, scaffold copy, credential preparation, and deployment steps.
• Updated npm package links and package naming references to the new @striae-org scope.
• Updated supported version table in .github/SECURITY.md to v3.0.4.

Key Fix Summary

Category	Change	Impact
Package Identity	Migrated package scope to @striae-org/striae	Aligns distribution with organization namespace
Package Completeness	Included worker source modules and excluded runtime worker entry files	Improves install-time completeness while avoiding runtime entry leakage
Deploy Reliability	Refined deploy-config synchronization and admin credential preservation	Reduces config clobber risk and credential misconfiguration
Documentation	Updated install/publish/deploy instructions and links	Lowers setup friction for package consumers

Technical Implementation Details

Packaging Layer

• Package name, version, publish registries, and file inclusion rules were updated in package.json.

Script Layer

• deploy-config.sh now performs selective config synchronization and explicit admin credential preservation behavior.

Documentation Layer

• README and security metadata were aligned with package scope and current supported version.

Release Statistics

• Commit Range: v3.0.2..HEAD
• Commits Included: 5 (non-merge)
• Build Status: Not run in this release-prep update

Closing Note

v3.0.4 is a packaging and deployment-focused patch that improves package distribution clarity, config safety, and setup guidance for Striae adopters.