CertaOS
Project

Changelog

Notable changes to the CertaOS platform

2026-02-21

  • Added explicit worker health modes to ops:verify-deployment-health (auto, token, anonymous) plus --healthcheck-token override for one-off verification runs.
  • Updated release/docs runbook examples to use deterministic anonymous worker-health verification for post-deploy checks.
  • Added certificate CGS sync-state persistence on certificates (cgs_sync_status, cgs_sync_last_attempt_at, cgs_sync_error, cgs_synced_at) with migration src/db/migrations/0023_deep_sync_state.sql.
  • Certificate issuer now records explicit CGS sync outcomes (cgs_synced, cgs_sync_skipped, cgs_sync_failed) and prefixed diagnostics for credential/sync failures.
  • Admin/provider DE filing queues and /course/<enrollmentId> now surface persisted certificate sync status/details for faster operations triage.
  • Added unit coverage for certificate sync status derivation and diagnostic parsing (npm run test:certificates, npm run test:compliance).
  • Enhanced ops:test-email with first-class --env (local|staging|production) and --dotenv override support for repeatable environment-targeted email smoke tests.
  • Added incident response playbook (docs/incident-response-playbook.md) and linked it from operations docs alongside release/rollback procedures.
  • Added launch-readiness checklist (docs/go-live-checklist.md) and linked it in operations runbooks.
  • Added performance/availability verification guardrail command (npm run ops:verify-performance) with configurable endpoint/sample/latency/error thresholds.
  • Added scheduled/manual performance baseline workflow (.github/workflows/performance-baseline.yml) with auto open/update/close incident issue behavior.
  • Added backup/restore drill runbook (docs/backup-restore-drill.md) and pilot provider onboarding runbook (docs/pilot-provider-onboarding-runbook.md) to close launch-operations documentation gaps.
  • Added secret-rotation drill runbook (docs/secret-rotation-drill.md) with staged rollout, validation, and rollback procedure.

2026-02-20

  • Expanded provider onboarding on /dashboard/provider to support provider-scoped staff invites for both provider_admin and counselor roles.
  • Added provider approval visibility in provider admin UI (approval status, active/inactive state, and provider type) for faster onboarding triage.
  • Expanded provider invite operations table to show mixed staff invite roles instead of counselor-only entries.
  • Added encrypted provider credential domain model (provider_credentials, credential_type) with migration src/db/migrations/0021_tidy_provider_credentials.sql.
  • Added provider dashboard credential capture flow for cgs/pacer with encrypted-at-rest storage and hidden secret values.
  • Added provider dashboard credential-status visibility (configured, valid/invalid, last validated, updated) via metadata-only RLS helper function app_private.provider_credential_metadata.
  • Added worker credential-validator cron (worker/cron/provider-credential-validator.ts) to periodically decrypt-check stored provider credentials and persist is_valid/last_validated_at.
  • Extended provider credential validation persistence with provider_credentials.last_validation_error for remediation context.
  • Added provider-admin credential remediation controls on /dashboard/provider (last error visibility + per-credential Re-test now queue action).
  • Hardened worker certificate sync and DE court-filing processors to gate external integration attempts on provider credential health (configured + valid), with explicit skip/failure reasons in logs/queue state.
  • Added write-only provider-admin RLS coverage for provider_credentials (provider-scoped insert/update only; read remains platform/system only).
  • Hardened runtime security verification (npm run ops:verify-runtime-security) with a provider-admin invitation scope probe that enforces allowed role set and blocks invalid role invites.
  • Extended runtime security verification with provider-credential scope checks (valid provider-scoped write, blocked cross-provider write, blocked provider-admin read).
  • Updated baseline RLS policies for user_invitations so provider admins can read/create/update/delete pending provider-scoped invites for provider_admin and counselor only.
  • Added public consumer intake capture on /:providerSlug/enroll with individual and joint filing modes.
  • Added enrollment_requests domain model + migration (src/db/migrations/0017_panoramic_tusk.sql) for provider-scoped intake triage.
  • Added provider dashboard Public Enrollment Requests table with search (requests_q) for intake operations.
  • Added admin dashboard Recent Public Enrollment Requests section for cross-provider intake visibility.
  • Added inline request-status controls in provider/admin dashboards (submitted, reviewing, invited, rejected, cancelled).
  • Added admin Convert + Invite action to convert public intake requests into direct-intake enrollments and send client enrollment invites.
  • Added provider-admin Convert + Invite parity on /dashboard/provider with provider-scoped request authorization.
  • Added RLS policies for enrollment_requests (public submit, provider-scoped read/update, platform/system control).
  • Hardened RLS policies for attorneys and clients to support direct-intake conversion writes without broadening access scope.
  • Added Dependabot weekly update automation and patch-only Dependabot auto-merge workflow.
  • Added deploy smoke-test guardrail command (npm run ops:verify-deployment-health) for /api/health + token-gated worker health.
  • Added GitHub Actions deployment health workflow (.github/workflows/deployment-health.yml) for scheduled/manual staging+production smoke checks.
  • Added deployment-health incident automation (auto open/update on failure, auto close on recovery) in .github/workflows/deployment-health.yml.
  • Added admin Invite Email Delivery table (searchable email_q) for invite-event status visibility from notification_deliveries.
  • Added required counselor/instructor completion metadata (method, language, duration, optional notes) when closing counselor_pending and escalation_pending enrollments.
  • Added completion audit events for staff interactions: enrollment.counselor_interaction.completed and enrollment.de_escalation.completed.
  • Added DE test-attempt domain table (test_attempts) + migration (src/db/migrations/0018_odd_roulette.sql) with RLS coverage.
  • Added DE course test submission action/UI (/course/<enrollmentId>) to record score, auto-pass at >=70, and auto-route failed attempts to escalation.
  • Replaced DE manual score entry on /course/<enrollmentId> with a full question-based DE final assessment, server-side grading, and persisted answer metadata in test_attempts.responses.
  • Transition preconditions now require a recorded failed DE test before entering escalation_pending.
  • Added course runtime scaffolding tables course_modules + course_progress with baseline seeded CC/DE module content (src/db/migrations/0019_swift_morgan_stark.sql).
  • Added /course/<enrollmentId> module completion actions and visibility; transition guards now require all active modules complete before counselor/escalation/completed transitions.
  • Added counselor queue visibility for module progress and latest DE test score to improve escalation triage.
  • Added sequential course-module runtime UX on /course/<enrollmentId> with locked module states, active module selection, and server-side enforcement that prior modules must be completed before later modules can be marked complete.
  • Added module-level knowledge checks for all seeded CC/DE modules with server-side grading and completion guardrails (module_knowledge_check_failed when below threshold/incomplete).
  • Tightened cert_issued transition scaffolding to persist deterministic scaffold certificate numbers (certificates.cgs_certificate_number) and placeholder PDF paths when creating/backfilling certificate records.
  • Added runtime unit tests for course assessments and certificate scaffold helpers (npm run test:course, npm run test:certificates) and wired them into CI.
  • DE completed -> cert_issued transitions now immediately seed idempotent court_filings queue records (status=queued) plus audit event enrollment.court_filing_queued.
  • /course/<enrollmentId> now shows DE court-filing lifecycle details (status, attempts, next retry, reference/error) for enrollment-level visibility.
  • Added module-attempt audit traces for blocked module-order progression (enrollment.course_module_blocked) and failed knowledge checks (enrollment.course_module_assessment_failed).
  • Expanded runtime security guardrail checks (npm run ops:verify-runtime-security) to assert provider_applications and user_identities policy coverage and probe provider-application insert scope enforcement.
  • Expanded runtime security scope probes to assert provider-admin denial on provider_applications (read + insert) and user_identities (insert), plus client self-only visibility on user_identities.
  • Enriched enrollment.transition audit payload for cert_issued with scaffold certificate metadata (certificateId, certificateNumber, certificatePdfPath) and queued filing linkage (courtFilingQueuedId when applicable).
  • Added intake lifecycle transition validators for provider_applications and enrollment_requests (no invalid regression/skips), enforced in admin/provider status update actions with explicit invalid_transition reasons.
  • Extended intake transition enforcement to admin conversion/approval flows (convertEnrollmentRequest, createProviderFromApplication, approveProviderFromApplication) so no intake lifecycle path can bypass transition guards.
  • Added intake status unit test suite (npm run test:intake) and CI coverage.
  • Hardened eFinCert integration boundary: filing requests now require certificate metadata (certificateNumber, DE course type) instead of raw certificateId only.
  • Court filing worker now carries certificate metadata through candidate selection/retry logs and short-circuits retries on permanently invalid eFinCert request payloads.
  • Added worker integration unit tests for eFinCert request validation (npm run test:worker-integrations) and CI coverage.
  • Updated admin/provider intake status dropdowns to disable invalid next states client-side, matching server-side transition rules.
  • Added CGS integration scaffold (worker/integrations/cgs.ts) and certificate-issuer sync step to replace scaffold certificate metadata with CGS-generated number/path after cert_issued.
  • Added explicit audit event (security.rls_context_elevated) when provider-admin intake conversion temporarily elevates context for restricted writes.
  • Hardened module completion with heartbeat-backed minimum-time enforcement (module_minimum_time_required) and tamper-resistant time capping against observed course-session totals.
  • Improved public provider enrollment intake UX with explicit Individual vs Joint (Couple) mode toggle, conditional joint-filer required fields, and clearer intake validation messaging.
  • Invite links now deep-link through /:providerSlug/enroll?enrollmentId=<uuid> directly into /course/<enrollmentId> for lower-friction client resume flow.
  • Updated /course/<enrollmentId> certificate visibility to show real sync state (pending_cgs_sync vs cgs_synced) instead of always labeling issued certificates as scaffold.
  • Added authenticated scaffold certificate download endpoint (/api/certificates/<certificateId>/download) that generates a deterministic single-page PDF artifact while CGS file storage integration is pending.
  • Certificate download endpoint now always returns a file for non-external certificate paths by generating a fallback PDF (instead of hard-failing when CGS metadata exists without a public file URL).
  • Added certificate download links in course, client dashboard, attorney dashboard, provider filing queue, and admin filing queue views.
  • Certificate-issued emails now include a direct certificate-download link and, on successful send, persist certificates.delivered_to_client_at.
  • cert_issued enrollment transitions now stamp certificates.delivered_to_attorney_at to reflect attorney-dashboard availability at issuance time.
  • Added email duplicate suppression for enrollment-scoped notifications in queueEmail (same recipient + event + enrollment within 24h returns existing delivery result instead of re-sending).
  • Standardized DE court-filing last_error diagnostics with explicit court_filing_skipped:* / court_filing_failed:* prefixes in worker persistence.
  • Added shared court-filing diagnostic parser (src/lib/compliance/court-filing-diagnostics.ts) and friendly admin/provider queue rendering for common PACER/eFinCert failure reasons.
  • Added automated DebtorCC competitor capture script (npm run ops:capture-competitor:debtorcc) plus quarterly/manual GitHub workflow artifact capture (.github/workflows/competitor-capture-debtorcc.yml).
  • Refreshed seeded CC/DE module curriculum content from one-line placeholders to structured lesson plans and raised module minimum durations to align with runtime minimums (CC 60m total, DE 120m total).
  • Strengthened module knowledge checks by raising pass thresholds to 80% and expanding each module assessment question set.
  • Improved /course/<enrollmentId> time displays to human-readable durations (minutes/seconds) for module and course progress.
  • Added course assessment catalog integrity tests to enforce minimum question coverage, unique IDs, and valid answer-key mappings.
  • Added structured course-content rendering on /course/<enrollmentId> for module headings, checklists, and ordered steps (instead of raw markdown text).
  • Expanded counselor/admin operations queues with DE final-assessment review detail (latest attempt timestamp, attempt-history trend, and question-completeness context) and added admin-side queue completion action parity.
  • Added structured counselor/escalation completion quality signals (interactionOutcome, interactionReadinessScore, followUpRequired, followUpNotes) across course/admin/counselor completion actions and persisted them in interaction audit payloads.
  • Added provider/admin interaction-outcomes visibility tables for recent counselor/escalation quality signal review.
  • Added public enrollment recovery flow on /:providerSlug/enroll to find active enrollments by identity (email + DOB + SSN last four) when enrollment ID is unavailable.
  • Expanded and enforced RLS coverage for course_modules, course_progress, and test_attempts in staging/production; runtime-security verification now passes for these course-runtime tables.
  • Fixed ops:verify-runtime-security provider-application scope probe to use valid enum values (both) instead of invalid legacy value (nonprofit).
  • Added certificate sync-state visibility (pending_cgs_sync vs cgs_synced) to admin/provider DE court-filing queue tables for faster operations triage.
  • Added course catalog consistency test coverage that validates curriculum migration seed durations and ensures CC/DE module totals match runtime minimum-time rules.
  • Expanded enrollment transition compliance tests to assert full CC/DE transition matrices and multi-failure precondition behavior (src/lib/compliance/enrollment-status.test.ts).
  • Added scheduled/manual runtime-security GitHub workflow for staging/production to continuously run npm run ops:verify-runtime-security against configured runtime DB secrets.
  • Upgraded runtime validation dependency from Zod v3 to Zod v4 to align with Fumadocs/Next build compatibility guidance.

2026-02-19

  • Added joint-filer enrollment intake on /dashboard/attorney with explicit individual vs joint filing mode.
  • Added spouse identity capture fields for joint filings (name, DOB, SSN last four, email) with server-side validation.
  • Added clients.is_joint_filer and clients.joint_filer_id to support spouse linkage in the domain model.
  • Joint filing enrollment creation now provisions a second enrollment for the spouse (separate certificate workflow path).
  • Added enrollments.household_id grouping and household payment behavior so one successful payment satisfies invite-payment preconditions for both joint enrollments.
  • Added attorney dashboard Invite Household action to sync both spouse invites in one click.
  • Added household-aware payment labels in attorney recent enrollments (household paid vs per-enrollment paid/waived).
  • Added provider dashboard household visibility in recent enrollments (payment label + household ID).
  • Added admin billing household rollups and household column/classification in recent payments.
  • Added provider/admin dashboard search filters for household/payment operations (enrollments_q, payments_q, households_q).
  • Added admin Recent Households table for grouped joint-case monitoring and drill-through links.

2026-02-17

  • Fixed docs dark mode visibility (main app CSS leaking into docs route group).
  • Fixed subdomain link 404s (middleware redirect for /docs prefix on docs.certaos.com).
  • Refreshed landing page + provider marketplace UI (typography, layout, and visual system).
  • Polished sign-in/sign-up and the dashboard header/nav to match the refreshed UI.
  • Improved dashboard readability with consistent page headers, status badges, and table styling.
  • Added a role-based /dashboard home plus search toolbars for DE ops tables (deadlines and court filing queue).
  • Added lightweight search toolbars on counselor/attorney/client dashboards; reduced inline styling in admin/provider tables.
  • Replaced “empty table rows” with proper empty-state cards across dashboards.
  • Added a lightweight /favicon.ico handler to eliminate noisy 404s during navigation.
  • Added DE enrollment filing intake fields on attorney dashboard with Chapter 7 auto deadline (meeting_341_date + 60 days) and Chapter 11/13 manual deadline validation.
  • Added DE filing date visibility (341 + deadline) in attorney recent enrollments.
  • Added /dashboard/admin DE Court Filing Queue view with a per-item "Queue Now" action.
  • Added /dashboard/admin DE Deadlines view (shows upcoming/overdue DE filing deadlines and last alert level).
  • Added /dashboard/provider DE Deadlines + DE Court Filing Queue sections (provider-scoped ops visibility).
  • Added /dashboard/admin inline DE deadline editor (updates de_filing_deadline and resets alerts with an audit log entry).

2026-02-13

  • Project scaffold created (src/, worker/, shared schema/types).
  • Rebranded docs to CertaOS.
  • Auth decision recorded: Better Auth selected.
  • Documentation governance and PR checklist added.

Architectural Decisions

Index of Architecture Decision Records (ADRs)

On this page

2026-02-212026-02-202026-02-192026-02-172026-02-13