Security & dependency maintenance

Dependency security audit completed, vulnerabilities resolved, and a platform-wide AI kill switch added for operational resilience.

Security

• Dependency security: upgraded PDF generation library and its peer dependencies, resolving one critical and four high severity vulnerabilities. Additional transitive dependency vulnerabilities resolved via automated audit tooling. Vulnerability count reduced from 42 to 4 — all remaining are in transitive dependencies where upstream maintainers have not yet shipped fixes.

• Runtime audit clean: npm audit --omit=dev now returns zero vulnerabilities in production runtime dependencies.

Added

Platform-wide AI kill switch

A central AI enable/disable switch now controls all AI features across the platform simultaneously. When disabled, all 21 AI-powered features deactivate cleanly without errors — useful for operational incidents, cost control, or compliance holds. The switch is controlled via an environment variable and takes effect without a deployment.

Fixed

• Compliance score — the DPP completeness score now correctly defaults to 0% when no mandatory compliance rules apply, rather than showing 100% when no certificates have been uploaded.
• Brand name auto-fill — the product wizard no longer auto-fills the brand name field with the company's legal name. Legal entity suffixes (GmbH, Ltd, S.A. etc.) were being inherited into product-level brand fields, requiring manual correction on every new product.