v0.14.0

• Feat arco doctor — static diagnostic command for scaffolded arco-pro-recommend projects. Runs four checks and exits non-zero on any failure (CI-friendly):
  1. Project shape — probes for the standard layout markers (src/api/client.ts, src/auth/access.tsx, src/mock/handlers.ts, src/routes.ts, package.json).
  2. Mock handlers — every file under src/mock/*.ts or src/pages/**/mock/index.ts that exports handlers must be imported + spread in src/mock/handlers.ts. Helper modules (no export const handlers) are skipped, so mock/random.ts etc. don't produce false positives.
  3. Access flags — every access.foo reference across src/**/*.{ts,tsx} must be defined in defineAccess()'s return shape. Uses a \baccess\.\w+\b regex (not \ba\.\w+\b) so sort-callback shorthands like (a, b) => a.x - b.x don't trigger false positives.
  4. Route → page mapping — every leaf key: 'foo/bar' in src/routes.ts must have a matching src/pages/foo/bar/index.tsx.
• Feat (template) Logout now goes through Modal.confirm instead of firing immediately on click — the warning and OK/cancel labels are localised (navbar.logout.confirm.{title,content,ok,cancel} keys in en-US.ts + zh-CN.ts), and the OK button uses status: 'danger' for a visual safety cue.

v0.13.1

• Docs Added docs/auth-backend.{md,zh-CN.md} — end-to-end guide for wiring the new <Access> system to a real backend. Covers the UserInfo contract, three permission models (pure RBAC / pure ACL / hybrid) with SQL schemas, middleware examples in Node/Express, Spring Boot, Python/FastAPI, and Go, session vs JWT trade-offs with refresh-token rotation, data-level filtering (Postgres RLS), permission cache invalidation, best practices, and a migration checklist from existing auth backends.
• Docs Both READMEs now have a "Wiring a real backend" section linking to the new guide.

v0.13.0

• Feat (breaking, template) Modern <Access> permission system. Replaces the previous <PermissionWrapper> + requiredPermissions array convention with a hybrid RBAC + fine-grained model that mirrors ant-design-pro's <Access> API:
  • src/auth/access.tsx — defineAccess(userInfo) factory + useAccess() hook + <Access accessible fallback> component. All boolean flags consumed by the UI live in one place; backend shape changes are a one-file edit.
  • Backend shape: userInfo now exposes both roles: string[] (coarse RBAC) and permissions?: Record<string, string[]> (optional fine-grained overlay). The frontend defineAccess uses both — most flags resolve from roles alone, occasional can(resource, action) checks cover "give this user one extra capability outside their role" cases.
  • src/routes.ts: route nodes carry an access?: (a: AccessMap) => boolean predicate instead of requiredPermissions: [{ resource, actions }]. Cleaner type-checked references to central flags.
  • src/auth/ProtectedRoute.tsx gains a requireAccess prop for route-level gating with redirect to /exception/403 (override via denyRedirect).
  • Migrated 3 call sites in pages/list/{search-table,card} to use <Access accessible={access.canX}>.
  • Removed src/components/PermissionWrapper/ and src/utils/authentication.ts — no backward-compat shim.

v0.12.1

• Security pages/login/form.tsx no longer JSON.stringifies the password into localStorage when "Remember me" is checked. Only the username is persisted, and is rehydrated into the form on next visit (password field stays blank). The locale key + label changed from "Remember password" → "Remember me" / "记住账号".
• Fix /login no longer force-sets arco-theme=light on mount, so dark-mode users bounced to the login page (e.g. after a 401) don't see a theme flash.
• Fix Successful login now navigate('/') (with redirect-target restoration from location.state.from) instead of window.location.href = '/'. The page-reload was throwing away the TanStack Query cache that the login itself just warmed.
• Fix The axios 401 interceptor now calls a router-aware navigate when one's been bound by the layout (bindNavigator in api/client.ts); falls back to location.href only when the interceptor fires before React mounts.
• Cleanup Deleted utils/is.ts — isArray/isObject/isString had zero references, and isSSR was theatre in a Vite SPA. useStorage.ts and getUrlParams.ts lost their isSSR guards; useStorage also picked up a cross-tab storage event listener so two windows sharing the same arco-lang / arco-theme stay in sync.
• Cleanup Stripped import React from 'react' from 32 .tsx files where the namespace wasn't actually referenced — Vite 7's automatic JSX runtime makes the default import dead weight.
• UX Footer and pages/login/index.tsx now render env.appTitle instead of the hardcoded literal "Arco Design Pro". The login.form.title locale key is also localisation-neutral ("Sign in" / "登录") rather than baking the brand name into every translation.
• Types Typed pages/profile/basic/{item,index}.tsx on BasicProfile (no more data: any / {} as any), pages/user/setting/header.tsx on UserInfo, pages/list/card/index.tsx on CardListBundle.

v0.12.0

• Feat arco add table <name> — single-command full CRUD module scaffold. Generates a page (index.tsx + columns.tsx + drawer form.tsx + locale/), four API hooks (list / create / update / delete with zod schemas + cache invalidation), and MSW handlers that actually mutate an in-memory list (POST/PUT/DELETE persist for the session). Auto-edits src/routes.ts, src/locale/{en-US,zh-CN}.ts (or legacy index.ts), and src/mock/handlers.ts to register everything. Falls back to printing the snippet when any of the three files doesn't match the expected upstream shape — same pattern as add page / add api. Reuses the existing addPage/routesEdit, addPage/localeEdit, and addApi/handlersEdit engines.

v0.11.2

• Perf Global locale split per language (src/locale/{en-US,zh-CN}.ts); only the active language ships in the entry chunk. Switching languages dynamic-imports the other bundle and adds it to i18next on the fly. New initI18n() from src/i18n/index.ts is awaited in main.tsx before React mounts.
• Feat MutationCache.onSuccess now reads a typed meta.successMessage and fires the global Arco toast — same pattern the error toast already used. Added AppMeta type + declare module '@tanstack/react-query' block so the field is autocompleted at call sites. useSubmitGroupFormMutation accepts the meta as a parameter; the form page passes its localised success string in once at construction instead of re-implementing the toast inline.
• UX pages/dashboard/monitor/chat-panel.tsx swapped <Spin> for <Skeleton> shaped like a chat row (avatar + 3 text lines), matching the Skeleton pattern used by the workplace overview cards. Chart loaders still use Spin — Skeleton doesn't match a chart's visual footprint.

v0.11.1

• Fix pages/user/setting/info.tsx: Message.success('userSetting.saveSuccess') was passing the literal locale key instead of the translated string — users saw the raw key in the toast.
• Fix pages/login/banner.tsx: all three carousel slides referenced the same image URL. Replaced the three ByteDance CDN URLs with three distinct local SVG illustrations under pages/login/assets/.
• Fix i18n holes: NavBar menu-item placeholder toast was hardcoded English; welcome/code-block had hardcoded zh-CN copy/copied strings. Both now read locale keys.
• Security http://p1-arco.byteimg.com/... refs in dashboard/monitor/{data-statistic-list,studio}.tsx upgraded to https:// to avoid mixed-content blocks under HTTPS deploys.
• Perf All useQuery hooks across src/api/*.ts now forward signal from QueryFunctionContext into the axios call. TanStack Query aborts the underlying request when the component unmounts or the queryKey changes — previously the response was downloaded and silently dropped. useSearchTableQuery gained an explicit Promise<SearchTableResponse> annotation to keep type inference clean alongside placeholderData: keepPreviousData.

v0.11.0

• Feat arco add api <name> — scaffold a TanStack Query hook + zod schema + MSW handler in one shot, and auto-register the handler in src/mock/handlers.ts. --method get (default) generates useXxxQuery + list response schema; --method post|put|delete generates useXxxMutation + input schema + cache invalidation. --skip-mock skips the mock generation when the consumer brings their own backend.

v0.10.21

Release v0.10.21.

v0.10.20

Release v0.10.20.