Changelog
User-facing changes to Qualio. Pure refactors, lint cleanups, and typo fixes are omitted.
2026-05-11
Section titled “2026-05-11”- SCAR PDF output alongside
.docxfor branded supplier corrective-action requests (#7432372) - @-mention teammates in CAPA update comments — mentioned users get an email and in-app notification (#6e47aa3)
- Drafts and autosave for NCR and CAPA forms; drafts are excluded from quotas, dashboards, and analytics (#774cad7 / #a88c251)
admin_grant_ai_creditsRPC for manual non-Stripe credit top-ups (#1665abb)- Configurable Claude model via
system_settings; Anthropic API key now sourced fromsystem_settingswith env fallback (#4f8a47d, #a4d22ba) - CAPA assignee combobox with internal-member typeahead plus external email; sends notification email on publish (#68b0c1e)
- CAPA AI auto-fill from the linked NCR using Claude Haiku 4.5 (#8363f20)
- CAPA updates require a comment (3–4000 chars); every status change is logged on the activity timeline (#756b312)
- NCR list view with supplier swim-lanes (#faa3e21)
- Supplier list view with risk-band swim-lanes (#f553d2e)
- Hard-delete a member from an organisation (admin only) (#45f489e)
- Favicon and branded Qualio logo in transactional emails (#b3019cf)
- Customer-side red banner shown when internal staff is impersonating a user (#5df17aa)
internal_stafftable and audit log for the staff console atadmin.qualio.app(#b069c0d)
- CAPA combobox: opaque background, opens only after typing, readable colours with violet active row (#0d55956, #f961e52)
- CAPA combobox shows an empty state instead of silently hiding (#22cad02)
create_invitationRPC: ambiguousidcolumn resolved (#7e2cd37)list_org_membersRPC: ambiguousidcolumn resolved (#abf2c98)- Invitations:
pgcryptocalls now qualified with theextensionsschema (#00995db) - Invited users skip onboarding and land directly in the inviting organisation (#2cbb5d0)
Infrastructure
Section titled “Infrastructure”- Astro Starlight docs site bootstrapped at
/docs-site, served atdocs.qualio.app(#b53f5f8)
Earlier — Sprint 5 (v1.2 Pro)
Section titled “Earlier — Sprint 5 (v1.2 Pro)”- v1.2 Pro shipped: supplier portal, SCAR document, Pareto analytics, multi-site (#e47c8b1)
- Cloudflare Turnstile captcha on login, register, and forgot-password screens (#0e56195)
Earlier — Sprint 4 (v1.1 retention)
Section titled “Earlier — Sprint 4 (v1.1 retention)”- v1.1 retention features: containment action, supplier risk score, CAPA effectiveness verification, email alerts (#d62de06)
- Photo and file attachments at NCR creation time (#cddb9e3)
Earlier — Sprints 1–3 (MVP polish)
Section titled “Earlier — Sprints 1–3 (MVP polish)”- Sprint 3 UX pack: onboarding wizard, supplier address, profile tabs, CSV export (#5d4a847)
- Cloudflare R2 storage for
.docxreports and NCR attachments (#c21ed6f) - Stripe subscriptions and AI credits — billing live end-to-end (#2e5db50)
Changed
Section titled “Changed”- Transactional email sender switched to
no-reply@qualio.app(#8afe0fe)
Earlier — MVP (T1–T10)
Section titled “Earlier — MVP (T1–T10)”- T10: AI-assisted NCR drafting with Claude Sonnet 4.5 (#50789d2)
- T9:
.docxaudit reports (#50789d2) - T8: dashboard tiles (#50789d2)
- T7: multi-user organisations with role management and invitations (#e70758c)
- T6: per-organisation NCR issue types managed by admin (#e09a87f)
- T5: CAPA (corrective + preventive) linked to NCR (#31ab7ea)
- T4: NCR with auto-numbering
NCR-YYYY-NNNN(#b21b2f5) - T3: supplier evaluations with weighted ISO 9001 scoring (#f947fe0)
- T2: supplier CRUD, RLS, app shell sidebar (#bf92f62)
- Full password-reset flow with error display (#fd2f053)
- Onboarding: RLS workaround via
SECURITY DEFINERRPC (#3fb414e)