Changelog
User-facing changes to Sertiq. Pure refactors, lint cleanups, and typo fixes are omitted.
2026-05-12
Section titled “2026-05-12”- Global search (
Cmd+K/Ctrl+K//) — spotlight modal searching across NCRs, CAPAs, Suppliers, RMAs and Calibration tools in one place. Keyboard navigation (↑/↓/Enter/Esc). See Workspace UX. - Mobile navigation drawer — the desktop sidebar collapses on screens narrower than 768 px and re-appears as a slide-in drawer triggered by a hamburger icon in the top bar. Auto-closes on route change.
- Breadcrumbs — automatic breadcrumbs above the main content on list and settings pages. Hidden on detail pages (where a
← Backlink already exists) and on top-level routes. - Unified
<DataTable>component — sortable columns, faceted filters, search, pagination (25/page), bulk selection, URL-driven state, mobile-friendly column hiding. First adopted on/capa. - CAPA bulk actions — select multiple CAPAs from the list and update status in one action: Mark in progress, Mark pending verification, Close selected.
- CAPA list overdue filter + sort — new filter to show only overdue CAPAs; sort by due date ascending by default; overdue rows highlighted with an
AlertTriangleicon and rose text. - Save indicators in settings forms — submit buttons now show a
Saving…spinner while the server action runs. Wired on/settings/users,/settings/issue-types,/settings/sites. - AI report persistence — Root Cause, Supplier Risk and Pareto reports are now persisted on generation. Opening the drawer/panel returns the cached result via
GETfor free — credits are only spent when the user explicitly clicks Generate or Regenerate. Cached banner names the original author and generation time. History per NCR is browsable on the detail page. See AI assist. - Supplier portal password — interactive supplier SCAR portal can now be password-protected per request. Sertiq emails the supplier the URL; password is shared out-of-band.
- Branded transactional emails — all outbound mail (invitations, mentions, password reset, plan-change receipts) renders with the Sertiq logo, brand colour, and a clean MJML layout. Logo is served from
LOGO_HOST(falls back todev.sertiq.appfor non-prod) so Gmail proxies can fetch it. - Workspace UX polish pass — search modal background fixed (transparent
bg-popoverswapped forbg-card), header pinned opaque atz-[70], breadcrumbs smarter (hides on detail and top-level), settings forms get save indicators, Settings → Users renamed to Workspace access with a clearer subtitle and link to Employees.
Changed
Section titled “Changed”- Settings → Users renamed to “Workspace access” to disambiguate from the Employees list under Organization. New subtitle explicitly links to
/organization/employees. See Workspace access (users & roles). - Top bar — Search button with
⌘Kchip, locale-aware date / time using the browser’s timezone (no geolocation prompt). Header now opaque and pinned atz-[70]so it stays visible when the search modal is open. - NCR detail page redesign — hero header with key facts grid (Supplier, Due, Raised, Issue type), 2-column main + sticky sidebar with primary actions (Change status, RMA, SCAR documents). Repeat-issue alert promoted into the hero.
- Dashboard redesign — time-aware greeting, quick-action buttons (New NCR / New CAPA / Add supplier), 6 KPI tiles (added Open RMAs and Calibration due), Notifications widget, NCR trend card, and a 3-column bottom row (top suppliers, overdue CAPAs, calibration due).
- Sidebar plan badge — subtle text-only treatment with progressive emphasis (muted grey → sky → violet → gold gradient for Enterprise) below the Sertiq logo, linking to
/settings/billing.
- Search modal and bulk-action dropdown were using
bg-popover, which was not defined as a CSS variable — backgrounds rendered transparent and content behind bled through. Switched tobg-card(defined). Backdrop bumped tobg-black/40with a 2-pixel blur. - Sticky header was a
bg-background/80glass plate atz-10, which let the search-modal backdrop bleed through and made the top bar look washed out. Header is now opaque and pinned above the modal atz-[70]. - RMA PDF report: “Unknown font format” on Vercel — Roboto TTFs were resolved via
process.cwd(), unreliable in serverless. Switched tofileURLToPath(import.meta.url)and added the TTFs tooutputFileTracingIncludesinnext.config.mjs. - Dashboard’s
relativeTimeimport — function was exported from a'use client'module and used in a server component, which got the client-reference proxy instead of the function. Moved tosrc/lib/notifications/format.ts(plain module). - Email logos broke in Gmail because they pointed to
localhostfrom dev. Now resolved viaLOGO_HOSTwith adev.sertiq.appfallback so corporate webmail proxies can reach the asset.
2026-05-11
Section titled “2026-05-11”- SCAR PDF output alongside
.docxfor branded supplier corrective-action requests (#7432372) - @-mention teammates in CAPA update comments — mentioned users get an email and in-app notification (#6e47aa3)
- Drafts and autosave for NCR and CAPA forms; drafts are excluded from quotas, dashboards, and analytics (#774cad7 / #a88c251)
admin_grant_ai_creditsRPC for manual non-Stripe credit top-ups (#1665abb)- Configurable Claude model via
system_settings; Anthropic API key now sourced fromsystem_settingswith env fallback (#4f8a47d, #a4d22ba) - CAPA assignee combobox with internal-member typeahead plus external email; sends notification email on publish (#68b0c1e)
- CAPA AI auto-fill from the linked NCR using Claude Haiku 4.5 (#8363f20)
- CAPA updates require a comment (3–4000 chars); every status change is logged on the activity timeline (#756b312)
- NCR list view with supplier swim-lanes (#faa3e21)
- Supplier list view with risk-band swim-lanes (#f553d2e)
- Hard-delete a member from an organisation (admin only) (#45f489e)
- Favicon and branded Sertiq logo in transactional emails (#b3019cf)
- Customer-side red banner shown when internal staff is impersonating a user (#5df17aa)
internal_stafftable and audit log for the staff console atadmin.sertiq.app(#b069c0d)
- CAPA combobox: opaque background, opens only after typing, readable colours with violet active row (#0d55956, #f961e52)
- CAPA combobox shows an empty state instead of silently hiding (#22cad02)
create_invitationRPC: ambiguousidcolumn resolved (#7e2cd37)list_org_membersRPC: ambiguousidcolumn resolved (#abf2c98)- Invitations:
pgcryptocalls now qualified with theextensionsschema (#00995db) - Invited users skip onboarding and land directly in the inviting organisation (#2cbb5d0)
Infrastructure
Section titled “Infrastructure”- Astro Starlight docs site bootstrapped at
/docs-site, served atdocs.sertiq.app(#b53f5f8)
Earlier — Sprint 5 (v1.2 Pro)
Section titled “Earlier — Sprint 5 (v1.2 Pro)”- v1.2 Pro shipped: supplier portal, SCAR document, Pareto analytics, multi-site (#e47c8b1)
- Cloudflare Turnstile captcha on login, register, and forgot-password screens (#0e56195)
Earlier — Sprint 4 (v1.1 retention)
Section titled “Earlier — Sprint 4 (v1.1 retention)”- v1.1 retention features: containment action, supplier risk score, CAPA effectiveness verification, email alerts (#d62de06)
- Photo and file attachments at NCR creation time (#cddb9e3)
Earlier — Sprints 1–3 (MVP polish)
Section titled “Earlier — Sprints 1–3 (MVP polish)”- Sprint 3 UX pack: onboarding wizard, supplier address, profile tabs, CSV export (#5d4a847)
- Cloudflare R2 storage for
.docxreports and NCR attachments (#c21ed6f) - Stripe subscriptions and AI credits — billing live end-to-end (#2e5db50)
Changed
Section titled “Changed”- Transactional email sender switched to
no-reply@sertiq.app(#8afe0fe)
Earlier — MVP (T1–T10)
Section titled “Earlier — MVP (T1–T10)”- T10: AI-assisted NCR drafting with Claude Sonnet 4.5 (#50789d2)
- T9:
.docxaudit reports (#50789d2) - T8: dashboard tiles (#50789d2)
- T7: multi-user organisations with role management and invitations (#e70758c)
- T6: per-organisation NCR issue types managed by admin (#e09a87f)
- T5: CAPA (corrective + preventive) linked to NCR (#31ab7ea)
- T4: NCR with auto-numbering
NCR-YYYY-NNNN(#b21b2f5) - T3: supplier evaluations with weighted ISO 9001 scoring (#f947fe0)
- T2: supplier CRUD, RLS, app shell sidebar (#bf92f62)
- Full password-reset flow with error display (#fd2f053)
- Onboarding: RLS workaround via
SECURITY DEFINERRPC (#3fb414e)