Skip to main content

v0.3.1 — 52 QA findings resolved

52 findings from the first formal QA test round resolved. Covers connection pool exhaustion, signed URL reliability, GDPR deletion visibility, a Tier 1 Verified badge on the DPP viewer, and supplier security improvements.

Fixed

  • Database connection pool exhaustion — dashboard queries were running in parallel and overwhelming the connection pool under moderate load. Queries are now serialised where appropriate, and connection handling has been tightened. Dashboard load time and reliability improved significantly.

  • Signed URL expiry — file download links embedded in DPPs and document views now remain valid for two hours (up from a shorter window that was causing link expiry for operators who kept a tab open).

  • Signup error messages — generic error messages on the signup flow have been replaced with specific, actionable messages. Email enumeration is protected — the message for "email already registered" does not confirm whether the address exists.

  • GDPR deletion audit trail — when an operator requests account deletion under Article 17, a system alert is now created for platform administrators. This ensures deletion requests are visible in the admin interface and can be tracked to completion within the 30-day SLA.

Added

  • Tier 1 Verified badge — published DPP pages now display a "Tier 1 Verified" badge when the DPP has passed independent third-party verification. The badge is linked to the verifier's decision record.

  • Supplier security tab — the supplier detail view in the Company Portal now includes a security tab showing the supplier's authentication status, last login, and active session count.

  • System health metrics — the platform health dashboard now includes CPU usage, memory consumption, and uptime metrics, in addition to error counts.

  • Clear error logs — platform administrators can now clear resolved error log entries, keeping the error log focused on active issues.

  • Test suite expanded — automated test coverage increased substantially across authentication, GDPR, and DPP rendering flows.