What's New in SMAD
Every feature, tool, and improvement we've shipped — organized by release.
Full messaging system with Inbox, Sent, Drafts, and Trash folders. End-to-end encrypted using Web Crypto API (RSA-OAEP + AES-GCM). Messages are encrypted client-side before storage and decrypted on read.
New messages appear instantly via Supabase Realtime subscriptions. Unread count badge in the header updates live without page refresh.
RSA-OAEP 2048-bit key pairs generated automatically on login. Private keys stored securely in IndexedDB, public keys in Supabase. Manual key generation available on the Profile page.
Incoming messages push a notification to the recipient via the existing notification system, appearing in the notification bell instantly.
Messages can be sent to users who have not yet logged in. Sent as plaintext when the recipient has no encryption keys, with encrypted delivery for all other cases.
Fixed reply compose modal not showing the recipient in the dropdown. Recipient is now loaded into the select before the modal opens.
Fixed compose recipient dropdown showing empty for users who are the only member of their company. Now falls back to all portal users when no company peers exist.
TipTap-powered rich text editor for generated deliverables and Document Register entries. Full toolbar with bold, italic, headings, lists, tables, and undo/redo. Edit inline and save changes back to the mission.
Two new deliverable types: Interface Control Document (ICD) and Systems Engineering Management Plan (SEMP), bringing the total to 12 auto-generated mission documents.
New Document column on phase gate checklists. Link any Document Register entry to a gate item via dropdown, with clickable chips when viewing.
All 12 deliverable templates expanded from 4-5 sections to 7-10 sections with detailed aerospace engineering content, HTML tables for parameter summaries, and live mission data injection.
Fixed generated deliverables not appearing in the deliverables list. Storage upload failures no longer block document registration and list updates.
Fixed document link selections reverting immediately after choosing. Linked docs now stored in mission_params instead of requiring a database migration.
Fixed generated document tables using light-theme inline styles. All tables now use dark-themed borders and semi-transparent header backgrounds.
Assign reviewers to documents, submit approve/reject/changes-requested decisions, and track approval status. Status transitions (Draft → In Review → Approved → Released) with full RBAC enforcement.
Generate expirable read-only share links for missions, documents, requirements, risks, and review packages. 24-character cryptographic tokens with view counting and revocation.
Full notification center with Supabase Realtime delivery. Filter by All, Unread, Comments, Reviews, and System. Bell indicator shows unread count with instant updates.
See active team members on any mission page in real time. Avatar stack in the header shows who is online and what page they are viewing, powered by Supabase Realtime presence channels.
Fixed 400 error when users without a Stripe customer ID clicked Manage Subscription. Portal now auto-creates a Stripe customer on demand before opening the billing portal.
Resolved generatorWorker.js 404 and InMemorySearchWorker SharedWorker errors on the Operations Dashboard by removing unused demo plugins and adding graceful fallback handling.
Fixed NotificationBell component using wrong column name (read vs is_read), causing notifications to never appear as read.
Public documentation page with 8 categories, 32+ articles, client-side search, and nested accordions. Covers Getting Started, Engineering Calculators, Systems Engineering, Risk & Compliance, Program Management, Team & Permissions, Deployment, and FAQs.
Fixed critical bug where "Save to Mission" in all 17 calculators wrote parameters but never recorded changes in the parameter history audit log. Added saveCalculatorParams composable that writes to both mission_params and param_changes tables.
Footer Resources section now includes a Knowledge Base link. Contact page Documentation card links directly to the knowledge base.
Ground Contact, Orbit Decay, Stationkeeping, Gravity & Drag Loss, Modulation & Coding, Doppler Shift, Heater Sizing, MLI Performance, Launch Loads, Natural Frequency, Fastener/Bolt, Battery DoD, Coverage & Revisit, GSD Calculator, Debris Probability, and Harness Mass.
Calculators organized into 7 categories — Budgets, Orbital Mechanics, Spacecraft Sizing, Thermal, RF & Communications, Structures, and Environment & Analysis — with labeled dividers for quick navigation.
Design Studio dashboard expanded from 7 summary cards to 24, covering every calculator category with live parameter readouts from saved mission data.
Source field on stakeholder needs page now uses a dropdown populated from the mission stakeholder list instead of a freeform text input.
Team page enhanced with company invite token display and copy, add-member-by-email flow, and a clear empty state when no company is configured.
Added admin role to the mission role-capability matrix with full owner-level permissions. Refactored role definitions to a single source of truth.
Admin-only security dashboard with a computed security score (0-100), 10 automated checks (admin count, registration mode, RLS, RBAC, encryption, API key storage, HTTPS, audit trail, error monitoring, unused accounts), user security overview, and data protection status grid.
Structured logging across 90+ files with useLogger composable (client) and server logger utility. All console.error/warn/log calls replaced with Sentry-aware logging. Exceptions automatically captured in catch blocks.
Changed By column now resolves user UUIDs to display names via profile lookup instead of showing raw IDs. Fixed field name mismatch (changed_by → created_by).
Each node in the requirements tree is now a clickable link that navigates directly to that requirement on the requirements page with highlighting.
Section chips (Gate Readiness, Requirements, Risks, Verification, Action Items) are now anchor links that smooth-scroll to their respective sections.
Two-factor authentication is automatically disabled on air-gapped deployments with an explanatory message. Connected deployments retain full 2FA functionality.
Fixed critical security issue where useMissionRole defaulted to owner role on errors. Now correctly defaults to viewer (least privilege) when authentication fails or database queries error.
Replaced regex-based HTML sanitizer with DOMParser-based allowlist approach. Blocks javascript/data/vbscript protocols, forces rel="noopener noreferrer" on links.
Replaced Math.random() with crypto.randomBytes (server) and crypto.getRandomValues (client) for invite token generation.
Removed internal error details from /api/health responses. Errors logged server-side only to prevent information disclosure.
Cross-mission command center with three panels: Program Health Grid (color-coded mission cards), Compliance Engine (9 automated rules), and Activity Stream with notifications.
9 deterministic compliance rules scan all missions for issues: unlinked requirements, TBD parameters, missing mitigations, gate readiness, CR aging, critical risks, unauthorized signoffs, and traceability gaps.
Formal change request workflow with normalized database tables, auto-generated CR numbers, approval chains, and impact analysis that traverses traceability links to find affected items.
Interactive linked-items panels on requirements, risks, and verification pages. Bi-directional linking between stakeholder needs, requirements, verifications, and phase gate items.
Full CRUD page for stakeholder needs with priority, source tracking, and linked requirements panel for traceability chain management.
Server-side PDF generation for gate review packages. Includes cover page, gate readiness table, requirements summary, risk register, verification status, traceability coverage, and action items.
Threaded comment system with nested replies, timestamps, and mission-scoped context for collaborative review discussions.
Fire-and-forget activity logging composable that records user actions across all mission pages for the Mission Control activity feed.
Reorganized from 7 groups to 8 focused groups. Systems Engineering, Risk & Compliance, and Reference sections consolidated for clearer navigation across 80+ pages.
RTM upgraded to show 5-level hierarchical view: Stakeholder Needs → Requirements → Verification methods with rollup status indicators.
Fixed pdfmake bundling issue where Nitro/Rollup incorrectly resolved internal module paths. Server-side PDF generation now works reliably.
Full Docker Compose stack for self-hosted deployments with Supabase (Postgres, Auth, PostgREST, Kong). No external network calls required.
STRIPE_ENABLED flag lets self-hosted instances disable billing entirely. All users get enterprise-tier access with site-level licensing.
Live health checks for database, auth, Stripe, and Sentry connectivity. Accessible from the admin panel.
Admin panel Instance Settings section backed by Supabase for deployment tier, registration mode, and instance name.
Nitro server plugin validates required environment variables at startup and warns about missing optional ones.
23 Vitest tests covering tier features, Stripe guards, and environment validation. Test framework configured with happy-dom.
Poppins font served locally via @fontsource instead of Google Fonts CDN. Works fully offline.
Breadcrumbs now show full page names (e.g. "Mass Properties" instead of "mass-props") via a comprehensive lookup map.
Fixed column name mismatch (key/value vs param_key/param_value) that prevented Design Studio from displaying saved calculator data.
Fixed gate readiness status checks to use correct values (Green/N/A instead of Complete/Pass) and removed unused user variable.
Complete rewrite from WordPress/PHP to Nuxt 3 + Supabase + Vercel. 200+ source files, 106 portal pages, all engineering modules functional.
Replaced WordPress auth with Supabase Auth (email/password, Google, Microsoft SSO, TOTP 2FA). PostgreSQL replaces SQLite/MySQL with 45+ tables and Row Level Security.
Requirements, Risk Register, Phase Gates, Mass/Power/Thermal/Delta-V Budgets, Orbit Calculator, Constellation Designer, Link Budget, ADCS, Solar Array, Propulsion, FMEA, Trade Studies, and more.
10 document types (MCD, MAB, SEA, ODR, SDC, SRD, RTM, LCP, OCD, MCR) auto-generated from mission data across 8 phases.
Generate formal review packages, export checklists as CSV, create RFA reports, and request gate reviews — all from real mission data stored in Supabase.
12 mission-level roles with capability-based UI gating. Edit buttons, forms, and actions are hidden based on role permissions (owner, chief engineer, viewer, etc.).
System stats, user management (change roles/plans), company management with invite token regeneration, platform settings.
Generated documents uploaded to Supabase Storage (extant bucket) organized by mission ID. Replaces Backblaze B2.
Two signup modes: Create Organization (with full company details) or Join Organization (with mandatory invite token). Auto-generated 10-char invite tokens.
Deployed to Vercel with Nitro server preset, Speed Insights, and environment-based configuration.
Desktop header now shows nav links inline (Home, About, Features, Pricing, Contact). Hamburger menu only on mobile.
Home and About pages updated with WordPress Elementor assets — hero backgrounds, aurora effects, product screenshots, decorative meshes.
Fixed column name mismatches and source CHECK constraint violations across all 14 calculator pages.
Missions can now be archived and restored from the portal index page.
12 mission-level roles with a granular capability matrix. Edit buttons and forms are hidden for users who lack the required permission.
Requirements, mass budget, phase gate checklists, verification matrix, and AI requirements now check your role before showing edit controls.
Tier-aware steps: Starter users skip the team invite, Professional users see AI and trade study highlights, Enterprise users see API and company features.
Full-width layout with a dropdown of your company team instead of a freeform text box. Role and user fields are properly aligned.
Pre-configured parameter sets for LEO Earth Observation, GEO Comms, MEO Navigation, Deep Space Science, and CubeSat missions.
Applying a template now correctly creates database tables on first use and clears the health cache.
All database table creation now works on both MySQL (production) and SQLite (local dev).
A versioned, timeline-style changelog tracking every feature, improvement, and fix shipped to SMAD.
Onboarding wizard now triggers automatically on the very first frontend login instead of appearing on every page load.
Status page runs real-time checks against the database, REST API, filesystem, email stack, Stripe, and Backblaze on every page load.
Public site header updated to the SMAD. wordmark, replacing the portal-internal two-line brand.
Calculator links in the portal sidebar now open in new tabs so they no longer unload the portal sidebar.
Admin bar restored for administrator accounts on the frontend. Hidden for all other roles.
Removed API & Webhooks, Referral Program, and IP Allowlist from the portal sidebar Account section.
Immutable event log for all user and mission actions, filterable by event type, user, mission, and org. Supports CSV export.
Built-in WAF with SMAD-specific rules: blocks mission ID tampering, capability injection, AJAX abuse, and malformed API payloads.
Scans org member passwords against the Have I Been Pwned database using k-anonymity. Weekly automated scans plus on-login checks.
Restrict portal access to specific IP addresses or CIDR ranges. Emergency bypass token available for lockout recovery.
Replace SMAD branding with your organization's logo, name, and primary color.
Users can request a full export of their data as a structured JSON download.
Public trust page covering compliance status, data security, infrastructure, access controls, and responsible disclosure.
Unique referral codes per user, credit tracking, and a dashboard showing conversion stats.
Prospect-facing form to request a live demo with honeypot spam protection and rate limiting.
Structured document review with digital signature log, configurable reviewer assignments, and automatic email notifications.
Generate expirable, read-only share links for any mission view with cryptographically random tokens.
See which team members are active on a document in real time.
In-app notification bell with unread count badge supporting mission milestones, review changes, and custom events.
REST API with Bearer token auth for programmatic access to mission data. HMAC-SHA256 signed webhooks for event subscriptions.
Compute orbital eclipse fraction, hot/cold case equilibrium temperatures, and required heater power.
Size battery capacity (Wh) and mass from power load, eclipse duration, and depth-of-discharge.
Compute BOL/EOL array output accounting for degradation, temperature derating, and eclipse fraction.
Estimate disturbance torques and size reaction wheel angular momentum.
USCM-style cost estimating relationships broken down by subsystem. Includes system engineering, integration, and launch cost.
Pre-computed C3 and delta-V lookup for 6 common mission destinations based on launch date.
Compute downlink margin from data rate, contact time, and storage capacity with color-coded indicators.
Core mission management workspace with requirements traceability matrix, risk register, schedule, and phase tracking.
Guided 5-step onboarding for new users covering mission creation, requirements, team invitations, and portal orientation.
Cmd/Ctrl+K command palette for searching across missions, requirements, documents, and tools.
Structured articles covering SMAD methodology, portal how-tos, and engineering reference material.
Full public marketing site with Features, Pricing, About, Docs, Roadmap, Status, Case Studies, Contact, and Trust Center.