Skip to content

Changelog

All notable changes to firmflow. are documented here.

[1.2.0] β€” February 2026

Phase 5: Distribution & Launch

  • Installation Wizard (scripts/setup-wizard.sh) β€” Automated on-premise setup script. Generates secure .env secrets, pulls containers, and runs DB migrations.
  • SLA & Legal Framework (docs/SLA.md) β€” Perpetual License Agreement and S&M contract terms for the Nigerian legal context.
  • Performance Benchmarking (docs/PERFORMANCE_REPORT.md) β€” Artillery load test results confirming p99 < 500ms at 50+ concurrent users on mid-range hardware.
  • Technical Manual (docs/TECHNICAL_MANUAL.md) β€” Full on-premise admin guide covering backup/recovery, scaling, and disaster recovery.
  • Vendor License Manager (/dashboard/admin/licenses) β€” UI for issuing and monitoring node-locked licenses across all client firms.

Phase 4: Local Mobility & External Access

  • WAF-Hardened Ingress β€” Kubernetes Nginx Ingress annotated with ModSecurity (OWASP Core Rules), connection rate limits (20 conn / 10 rps), and HSTS headers.
  • Mobile Document Scanner β€” Client portal upload with client-side image processing (grayscale enhancement + auto-PDF conversion) for low-bandwidth regional networks.

Phase 3: Professional Services & Support

  • Implementation Playbook (docs/IMPLEMENTATION_PLAYBOOK.md) β€” Standardised setup and migration procedures for firm IT departments.
  • S&M Support Portal (/dashboard/admin/support) β€” Version check dashboard, maintenance tools, and support contract status for firm administrators.
  • Legacy Data Migration Engine (scripts/migration/import-clients.ts) β€” CLI tool to bulk-import clients from JSON/CSV legacy datasets.
  • Version Check API (/api/admin/version-check) β€” Compares installed version against latest release.

Phase 2: Security & NDPR Compliance

  • Field-Level Encryption (src/lib/encryption.ts) β€” AES-256-GCM encryption for MFA secrets and other sensitive DB fields (FIELD_ENCRYPTION_KEY).
  • MFA Secret Encryption β€” Setup, verify, and login routes now encrypt/decrypt TOTP secrets before storage.
  • RBAC Module (src/lib/rbac.ts) β€” Granular permission matrix for all 5 user roles.
  • DSAR Export Tool (src/lib/dsar.ts, /api/compliance/dsar) β€” One-click Data Subject Access Request export packaging all client data as an encrypted JSON archive.
  • AI Privacy Gateway (src/lib/ai-gateway.ts) β€” Pre-flight PII scrubber for BVN, TIN, and Nigerian phone patterns before any cloud AI call.
  • NDPR Audit Report (docs/NDPR_AUDIT_REPORT.md) β€” Formal compliance assessment covering DSAR, retention, and data localization.
  • Data Retention Service (src/lib/retention.ts) β€” Automated purge of archived documents after 7 years and old audit logs per NDPR rules.
  • Kubernetes NetworkPolicy β€” Default-deny egress; allowlists DNS, PostgreSQL, and TLS-only HTTPS to AI endpoints.
  • Chained Audit Logging β€” Login, MFA enrolment, and DSAR events now emit cryptographically chained audit entries.

Added

  • Tax Prep Pipeline β€” 7-stage Kanban board covering all 9 Nigerian tax types (CIT, VAT, WHT, CGT, EDT, Stamp Duty, PAYE, BIT, Personal). Includes FIRS/LIRS statutory deadline tracking, priority badges, overdue alerts, and NGN billing.
  • Client Onboarding Wizard β€” 4-step Nigerian onboarding with CAC verification, FIRS TIN validation, SCUML AML/CFT screening, ICAN engagement letter, document collection, and risk assessment.
  • Engagement Letter Templates β€” ICAN-compliant letter template library with rich-text body, variable substitution ({{clientName}}, {{rcNumber}}, {{tinNumber}}), and category tagging.
  • Software Integrations β€” Schema and API for connecting QuickBooks, Xero, Sage, Tally, Drake, and 7 more accounting software providers.
  • User Preferences β€” Per-user settings (theme, language, notifications, compact mode) stored as JSON and configurable from Settings page.
  • Data Extractor β€” Batch AI extraction of structured data from all vault documents with CSV export.
  • Technical Architecture Document β€” Comprehensive technical reference (TECHNICAL_ARCHITECTURE.md).
  • Future Roadmap β€” Phases 6–10 plan (ROADMAP.md) covering integrations, Client Portal 2.0, AI expansion, industry verticals, and Pan-African scale.

Schema Changes

  • Added ClientOnboarding model (unique per client, 4-step status tracking)
  • Added TaxPrepJob model (9 tax types, 7 stages, FIRS deadline)
  • Added EngagementTemplate model (ICAN flag, variables JSON)
  • Added Integration model (12 providers, status, credentials)
  • Added TaxPrepType, TaxPrepStage, TaxPrepPriority, OnboardingStepStatus, IntegrationProvider, IntegrationStatus enums
  • Added settings Json? field to User model
  • Added hash and previousHash fields to AuditLog for cryptographic chaining

Updated

  • Dashboard sidebar: added Tax Prep Pipeline, Support Portal, and License Manager nav items
  • MkDocs documentation: rebuilt with all production phases, NDPR, SLA, and performance docs

[1.1.0] β€” February 2026

Added

  • AI Document Analysis β€” GET/POST /api/documents/[id]/analyze with Gemini 2.5 Flash
  • Document Preview Modal β€” auto-loads existing AI analysis on open, DocumentAnalysis cached results
  • Data Extractor Component β€” batch document processing with status tracking
  • AI Decision Lab β€” tabbed AI workspace with Firm Explorer, Benchmarks, SmartRequestAIβ„’, Data Extractor
  • User Settings Schema β€” settings Json? field on User model
  • User Preferences API β€” PATCH /api/user/preferences

Updated

  • AI model upgraded from gemini-1.5-flash to gemini-2.5-flash
  • Document analysis results cached β€” re-triggers prevented to save API tokens

[1.0.0] β€” January 2026

Added

  • Authentication β€” NextAuth v5, bcrypt, LDAP, TOTP MFA, device binding
  • Multi-tenant architecture β€” 25 Prisma models, all scoped by firmId
  • Document Vault β€” AES-256-GCM encrypted storage (Local/NAS/S3), versioning, share links
  • e-Signatures β€” full recipient/field/event workflow with public token signing
  • Client Portal β€” per-firm branded portal with document upload
  • SmartRequestAIβ„’ β€” 12 Genkit AI flows on Gemini 1.5 Flash
  • Compliance Calendar β€” FIRS/LIRS tasks with AI auto-solver
  • HMAC Licensing β€” signed FF|firmId|TIER|expiry|sig license keys
  • Paystack Integration β€” NGN payments with HMAC-SHA512 webhook verification
  • Cryptographic Audit Trail β€” SHA-256 chained immutable log
  • Docker Deployment β€” standalone Next.js build with multi-stage Dockerfile
  • Load Testing β€” Artillery test suite
  • Integration Tests β€” Jest auth, password reset, payroll flows

Versioning Policy

firmflow. follows Semantic Versioning: - MAJOR.MINOR.PATCH - Major: Breaking schema or API changes requiring migration steps - Minor: New features, new models, new API endpoints - Patch: Bug fixes, UI improvements, documentation updates