Changelog

All notable changes to Deckly will be documented in this file.

[Infrastructure & Analytics Hardening] - 2026-04-22

Domain Split & Infrastructure

• Decoupled Marketing & App: Transitioned the application to the app.deckly.space subdomain to isolate the workspace from the marketing site.
• Legacy Cleanup: Removed internal Landing.tsx, Privacy.tsx, and Terms.tsx pages.
• External Redirection: Updated all legal and landing links to point to the canonical deckly.space marketing site.
• Cross-Domain Sharing: Updated url.ts to use VITE_SHARE_BASE_URL, ensuring deck and room links generated in the app point to the correct public domain.

Advanced Analytics & Observability

• Unified Identity Sync: Integrated posthog.identify() and Sentry.setUser() in AuthContext.tsx. Authenticated sessions are now tied to user emails across both analytics and error tracking.
• Signup/Login Funnel: Added granular event tracking (viewed, submitted, completed, failed) for Email and OAuth (Google/GitHub) flows in Signup.tsx and Login.tsx.
• Business Event Tracking: Added explicit capture events for deck_upload, data_room_created, and link_sharing workflows.
• Error Monitoring: Added explicit Sentry.captureException to critical upload and save workflows to ensure visibility into "handled" errors.

Documentation

• Multi-Domain Specs: Updated ARCHITECTURE.md with the new decoupled infrastructure blueprint.
• Developer Guidelines: Updated DEVELOPER.md with environment requirements for the domain split and analytics synchronization.

[2026-04-20] - Infrastructure Hardening & CLI Migration Workflow (v2)

Added

• Unified Migration Baseline: Consolidated all legacy database schema files into a hardened 00000000000000_initial_schema.sql, providing a 100% executable "one-click" setup for new contributors via supabase db reset.
• Transactional Advisory Locks: Implemented pg_advisory_xact_lock in validate_signup_throttle to serialize concurrent signups from the same IP, eliminating TOCTOC (Time-of-Check to Time-of-Use) race conditions.
• Support for Multi-Access Storage URLs: Upgraded sign-deck-url and DeckList.tsx with regex-based URL normalization, now supporting all Supabase access modes: /public/, /sign/, and /authenticated/.

Changed

• CLI-First Database Workflow: Formally deprecated the Supabase Web SQL Editor for schema changes. All database management is now 100% version-controlled via the Supabase CLI (supabase migration new and supabase db push).
• Granular Storage Security: Refactored decks and assets bucket policies from monolithic FOR ALL statements into granular, per-operation policies (INSERT, UPDATE, DELETE, SELECT). This ensures WITH CHECK size enforcement is correctly applied only to write operations.
• Redacted Security Logging: Redacted sensitive identifiers (User UUIDs and internal storage paths) from Edge Function logs to prevent PII exposure in observability platforms (Sentry/Logflare).

Fixed

• Analytics Consistency: Resolved a broken UNIQUE constraint on deck_stats by implementing a COALESCE-based partial index, correctly handling nullable data_room_id during UPSERT operations.
• State Leakage in DeckList: Fixed a bug where DeckList.tsx would leave stale signed thumbnails in state after a deck was deleted; state is now explicitly cleared when the deck list is empty.
• Authenticated Function Invocations: Updated the frontend to pass an explicit Authorization header during sign-deck-url calls, enabling the Edge Function to authorize the owner for private-bucket banner signing.

[2026-04-20] - Analytics Optimization & Database Hardening

Added

• Type-Safe Analytics Pipeline: Introduced DeckPageStats interface to ensure strict typing for aggregated analytics data, eliminating unsafe type assertions and any types in analyticsService.ts.
• O(N) Thumbnail Mapping: Optimized dashboard performance by migrating from $O(N^2)$ search to Map-based lookups for thumbnail signing, significantly improving load times.
• Edge Function Monitoring: Enhanced sign-deck-url with detailed RPC error reporting, capturing message, hint, and details for transparent debugging.

Changed

• RLS Resiliency: Hardened the assets bucket RLS policies with COALESCE guards to prevent upload failures during asynchronous metadata population.
• Robust URL Extraction: Upgraded get_owner_thumbnails to use regexp_replace, supporting all Supabase storage access modes (public, signed, authenticated).

Fixed

• Schema Integrity: Implemented the missing get_signup_count utility function to resolve security grant dependencies and fixed a capacity check bug in tr_limit_decks_per_room.

[2026-04-20] - Supabase API Key & Security Infrastructure Hardening

Added

• Modern API Key Architecture: Transitioned from legacy anon and service_role keys to the recommended publishable and secret keys to align with modern Supabase security standards.
• Asymmetric JWT Signing: Migrated from a single JWT secret to RSA-based signing keys. This uses a private/public key pair, enhancing the integrity of user authentication tokens.
• Hardened Secret Prefixing: Configured custom backend secrets with the PROJECT_SECRET_KEY variable to avoid naming collisions with Supabase's reserved internal environment variables.

Changed

• Client Initialization: Updated the frontend client to use VITE_SUPABASE_PUBLISHABLE_KEY, ensuring strict adherence to the new browser-safe key format.
• Improved Function Resilience: Hardened all Edge Functions (delete-account, sign-deck-url, etc.) with explicit environment variable validation. Functions now perform a comprehensive check for all required keys before initializing clients, preventing silent failures.
• Unified Local environment: Synchronized .env.local and .env.example with the new naming conventions to ensure a consistent developer experience across existing and new setups.

[2026-04-18] - Storage Hardening & Analytics Security

Added

• Private Deck Storage: Transitioned the decks storage bucket to private, enforcing signed-URL access for all deck slides and data room documents.
• sign-deck-url Edge Function: Implemented a secure signing authority that re-validates access (password/expiry) before issuing short-lived (1-hour) signed URLs.
• URL Refresh Mechanism: Added an automatic refresh loop in Viewer.tsx that re-acquires signed URLs 60 seconds before expiration, ensuring uninterrupted viewing sessions.
• IDOR Protection: Hardened the signing process by validating user-requested storage paths against canonical paths returned by secure database RPCs.

Changed

• Analytics Security Hardening: Removed public INSERT policies on deck_page_views. All analytics writes are now strictly routed through the record_deck_visit SECURITY DEFINER RPC to prevent data injection.
• Data Room Payload Parity: Updated get_data_room_payload to return storage_path alongside file_url, bringing it into alignment with get_deck_payload and enabling the same signed-URL flow.
• Idempotent Schema Management: Added DROP POLICY IF EXISTS statements for all library-related policies to ensure clean, error-free database migrations.

Fixed

• Analytics Write Integrity: Implemented automatic truncation for oversized visitor IDs and enforced strict caps on time_spent to prevent database bloat and metric tampering.

[2026-04-17] - Security Hardening & Mobile UX Enhancements

Added

• Mobile Profile Dropdown: Replaced direct navigation with a new DropdownMenu for mobile users, providing quick access to both Logout and Edit Profile actions from the header avatar.

Changed

• Dependency Security Patching:
  • Vite (Dev): Upgraded to ^7.3.2 to resolve High-severity vulnerabilities including server.fs.deny bypass, arbitrary file read via WebSocket, and path traversal in optimized deps.
  • Transitive Overrides: Implemented strict overrides in package.json to force secure versions of transitive dependencies deep in the tree:
    • protobufjs: Forced to 7.5.5 to resolve a Critical-severity arbitrary code execution vulnerability.
    • DOMPurify: Forced to 3.4.0 to resolve a Moderate-severity bypass vulnerability in the ADD_TAGS function.
• Package Integrity: Synchronized the lockfile and verified zero reported vulnerabilities via npm audit.

[2026-04-16] - Auth Redesign & Onboarding Optimizations

Added

• Premium Auth Experience: Completely redesigned the Login and Signup pages with a modern obsidian aesthetic, improved typography, and smooth field transitions.
• Smart Onboarding: Launched an enhanced DataRoomsPage tutorial using an optimized JoyrideWrapper for better mobile discovery.

Changed

• Performance Tuning:
  • Refactored DeckBrandingService to use memoized metadata lookups, reducing TTFB (Time To First Byte) for custom-branded viewers.
  • Streamlined DeckSettingsForm state management to eliminate unnecessary re-renders during high-frequency edits.

Fixed

• Tutorial Logic: Resolved a bug in the DataRoomCreateTour where the "Next" button would occasionally lose focus on small screens.
• Navigation Resilience: Fixed a regression in the data room navigation drawer that affected gesture handling on iOS.

[2026-04-14] - Sentry Observability Integration

Added

• Sentry React SDK Integration:
  • Implemented professional-grade error monitoring and performance tracing using @sentry/react.
  • React 19 Native Error Handling: Adopted the new reactErrorHandler pattern in createRoot for robust capture of uncaught, caught, and recoverable errors.
  • Vite Build Integration: Configured @sentry/vite-plugin for automatic source map uploads, ensuring readable stack traces in production.
  • Navigation Tracing: Integrated Sentry with React Router v7 to track page transitions and span performance.
  • Session Replays: Enabled with PII masking for better debugging of user friction points.
  • Environment-Aware Instrumentation: Centralized setup in instrument.ts with production-only enablement to prevent development noise.

[2026-04-14] - Layered Performance Strategy & Data Room Security Hardening

Added

• Multi-Layered Performance Architecture:
  • Layer 1 (Global Priming): Implemented background prefetching of core metadata (Decks, Data Rooms, Saved Decks) and JS module preloading for heavy routes (Viewer, Details) upon dashboard initialization in Home.tsx.
  • Layer 2 (Intent-Based Prefetching): Integrated onMouseEnter preloading for Sidebar navigation items and Data Room cards, ensuring perception-instant transitions.
  • Library Warming: Added comprehensive prefetching for Saved Deck folders and tags to eliminate initial loading spinners.
• Data Room Security Hardening:
  • Global Slug Uniqueness: Enforced platform-wide uniqueness for Data Room slugs, removing user-id scoping for stricter security.
  • Server-Side Expiration: Hardened access control by moving expiration checks to the database layer (Postgres RPCs), ensuring links are deactivated precisely at the expiry timestamp.
  • Optimized Validation Feedback: Replaced blocking error banners with standardized sonner notifications for password and expiry validation flows.

Changed

• UI Accessibility Refinement:
  • High-Contrast Presence: Enhanced Switch components with high-contrast active states and subtle brand glows for better visibility in the obsidian theme.
  • Access Protection Styling: Refined the visual hierarchy of security cards on the deck/room management pages with reinforced border tokens and sharp-contrast states.
• Resource Management: Deferred heavy analytics queries (deep-data and historical trends) to strictly on-demand triggers, balancing platform speed with database efficiency.

Fixed

• Slug Availability Logic: Corrected an issue where slugs would appear "available" but fail on save due to cross-user naming collisions.
• Data Room Password Guard: Resolved a bug where the password required check would fail silently under specific cache conditions.

[2026-04-13] - Infrastructure Hardening, Secure Account Deletion & Mobile Profile Overhaul

Added

• Secure Account Deletion Workflow:
  • delete-account Edge Function: High-performance administrative removal of user data across database and storage buckets.
  • Recursive Storage Purge: Implemented robust, paged storage traversal to ensure all user assets (decks, thumbnails, assets) are permanently deleted.
  • Global Session Revocation: Enhanced logout and account deletion to invalidate all active sessions across all devices for compromised or closing accounts.
• Mobile Header Profile Access: Integrated a persistent account entry point in the global mobile header, featuring the user's real avatar or initials.
• Comprehensive Profile & Workspace Management:
  • Implemented a centralized Profile Page (/profile) as a high-performance settings hub.
  • Workspace Identity: Managed branding assets (Mascot/Logo), public handles, and display names.
  • Tier Management: Visual status indicators, pricing transparency, and seat/limit usage tracking.
  • Team & Collaboration: Prepared infrastructure for team-based data room sharing.
  • Security & Danger Zone: Centralized session revocation and the new secure account deletion workflow.

Changed

• Mobile Profile Redesign:
  • Overhauled the Profile settings page with a fully responsive flex-layout.
  • Implemented horizontal scrollable navigation tabs for mobile viewports to ensure accessibility on small screens.
• Streamlined Bottom Navigation:
  • Refactored the mobile Bottom Nav to a 5-item core layout (Home, Content, [+], Rooms, Saved), significantly improving horizontal spacing and ergonomics.
  • Enhanced active indicators with animated pill backgrounds and glowing status dots.
• Sidebar Accessibility: Replaced interactive div containers with semantic Link components for better keyboard navigation and ARIA compliance.

Fixed

• Slug Availability Race Conditions: Implemented isMounted guards in the Profile.tsx debounce logic to prevent state updates after component unmount.
• Infrastructure UI Integrity:
  • Corrected isAtLimit logic in DataRoomsPage.tsx to properly recognize unlimited (-1) tier configurations.
  • Fixed Tailwind namespacing for Sidebar icons (group-hover/logout) to ensure reliable hover states.
• Tier Config Serialization: Replaced Infinity with serializable -1 constants in tier configuration to fix JSON parsing errors in server-side contexts.

[2026-04-06] - Interactive Onboarding & User Education

Added

• Interactive Platform Tours: Integrated guided walkthroughs across the entire dashboard using react-joyride.
  • Home Dashboard Tour: Visual introduction to metrics and workspace navigation.
  • Content Library Tour: Guidance on managing, organizing, and tagging decks.
  • Data Room Discovery: Step-by-step instructions for creating secure, branded investor sharing environments.

---

[2026-04-05] - Onboarding Hardening, Notification System & Production Cleanup

Added

• Contextual Data Room Onboarding: Split the Data Room tutorial into two distinct phases:
  • Discovery Phase: High-level introduction on the index page focusing only on creation.
  • Configuration Phase: Detailed guidance on branding, asset bundling, and elite security settings specifically during the creation process (/rooms/new).
• Stable Tutorial Targeting: Implemented a platform-wide migration from CSS class-based selectors to stable data-tour attribute selectors for all onboarding steps, significantly improving reliability during UI updates.
• Admin Broadcast System:
  • AdminNotificationComposer.tsx: A secure interface for administrators to send global system-wide notifications.
  • create_notification: Hardened security-definer RPC for safe broadcast delivery.
• User Notification Bell:
  • NotificationBell.tsx: Real-time notification indicator with unread count badges.
  • NotificationContext.tsx: Centralized state management for user alerts and announcements.
• Forced Workspace Branding: Implemented a mandatory onboarding gate for new users that requires the completion of workspace branding (logo and name) before accessing the full dashboard, ensuring a professional appearance from day one.

Changed

• Tutorial Resilience:
  • Implemented 1-second "stability guards" for all tours to ensure DOM elements are fully rendered and visible before tutorials trigger.
  • Disabled automatic scrolling in JoyrideWrapper to bypass visibility calculation errors in complex dashboard layouts.
• UI Label Refinement: Standardized final tutorial steps to use "Finish" instead of "Last" for a more intuitive completion signal.
• Production Performance: Disabled Joyride debug mode and removed all developer-only console logs related to onboarding triggers.

Fixed

• Content Tour Reliability: Resolved a "Target not visible" race condition in the Decks Table by implementing robust visibility checks (offsetHeight and offsetParent verification).
• Tour State Persistence: Corrected a bug where tutorials could re-trigger unexpectedly by adding the data_room_create_completed flag to the user session profile.
• Branding State Conflicts: Resolved a 400 error during workspace setup by enforcing a UNIQUE constraint on the branding.user_id column in the database.

Removed

• Developer Debug Controls: Removed the "Reset Tutorials (Dev)" floating button and its associated routes to ensure a clean, production-ready interface for end users.

---

[2026-04-04] - Refactor Consolidation, Test Recovery & Internal Docs Sync

Added

• Shared ManageDeck Workflow: Added useManageDeckWorkflow.ts to centralize deck edit/create orchestration, including hydration, PDF processing handoff, conversion flow, rollback, and submit behavior.
• Split ManageDeck UI Sections: Added src/components/dashboard/manage-deck/ManageDeckSections.tsx so upload, details, access, feedback, and action sections are isolated presentational units.
• Shared Auth Session Helpers: Added src/services/authSession.ts to standardize auth/user-id resolution across services.
• Focused Deck Service Modules:
  • deckStorageService.ts
  • deckLibraryService.ts
  • deckBrandingService.ts
  • deckService.shared.ts

Changed

• Vitest Recovery: Restored a healthy test pipeline with a dedicated vitest.config.ts and passing utility test execution.
• Analytics Ownership Cleanup: Removed duplicate initial deck-view tracking so the page/container owns the initial view event and viewer hooks own follow-on analytics.
• Viewer Query-Key Consistency: Standardized query keys in useViewerQueries.ts so optimistic updates, rollback, invalidation, and reads all target the same cache entries.
• ManageDeck Architecture: Refactored ManageDeck.tsx into a composition-oriented page that now delegates orchestration to a workflow hook and delegates render sections to focused UI components.
• Shared Document Processing: Centralized PDF rendering and image generation into src/workflows/deckProcessing.ts, and updated ManageDeck.tsx and DeckSettingsForm.tsx to use it.
• Deck Service Composition: Rebuilt deckService.ts as a composed facade over narrower service modules while preserving the public deckService.* API.
• Auth Resolution Standardization: Updated dataRoomService.ts, noteService.ts, and organizerService.ts to use shared auth/session helpers instead of inlined getSession() patterns.
• Internal Docs Sync: Updated developer-facing docs to reflect the current architecture, testing status, and refactor structure.

Fixed

• Transient Admin Failures: AdminNotifications.tsx now only redirects after admin verification definitively resolves false, while transient failures show retry/error UI.
• Notification Deduplication Semantics: Notification creation now treats RPC NULL as a non-error no-op instead of throwing.
• Notification Panel Responsiveness: The notification drawer now scales on narrow screens rather than forcing a fixed width.
• Public Profile Drift: profiles_public documentation and schema intent are now aligned around minimal exposure (id, handle).
• Notification RPC Hardening: create_notification now uses an authorization-checked public wrapper over an internal security-definer helper.

[2026-04-02] - Admin Security, Notification Hardening & Database Resilience

Added

• Secure Admin Gating: Replaced insecure client-side email allowlists with a server-side is_admin() RPC check for administrative access.
• Interactive Admin Dashboard: Integrated server-side admin verification with a dedicated loading state in AdminNotifications.tsx.

Changed

• Notification Security Hardening:
  • Standardized markAsRead and deleteNotification to require userId and enforce ownership filtering (.eq("user_id", userId)).
  • Implemented withRetry for internal notification service calls to ensure reliability against transient network failures.
• Optimized Database Cleanup: Refactored cleanup_expired_notifications() to use a batched loop (batch size 1000), preventing long-held table locks during large maintenance operations.
• Trigger Atomicity: Refactored notify_signal_threshold to accurately count unique visitors using a robust EXISTS guard, ensuring metrics remain precise across multiple page views.

Fixed

• Accessibility (ARIA) in Modals: Corrected the ARIA dialog role and attribute placement in AdminNotificationComposer.tsx for better screen reader compatibility.
• Schema Integrity: Resolved a forward-reference error in schema.sql where admin policies were defined before the is_admin() helper function.
• Notification Item Resilience: Added a DEFAULT_CONFIG fallback for unknown notification types and implemented isPending guards to prevent concurrent mutation UI flickers.

[2026-04-01] - UI Modernization, Security Hardening & Accessibility

Added

• Keyboard-Driven Navigation: Implemented Escape-key dismissal for the TierUpsellModal and standardized body-scroll locking during modal transitions.
• Clipboard Error Feedback: Integrated sonner toast notifications for clipboard failures in DeckList.tsx, providing immediate user feedback for copy actions.

Changed

• AccessGate Security: Strengthened email validation with a robust regex pattern (/^[^\s@]+@[^\s@]+\.[^\s@]+$/) and automatic whitespace trimming.
• Performance Optimization:
  • Memoized aspect-fit logic in DeckViewer.tsx to eliminate redundant layout calculations.
  • Moved static constants (e.g., EMAIL_CACHE_TTL) to module scope in AccessGate.tsx.
• UI Modernization: Revamped the AccessGate with premium obsidian-themed tokens, kinetic grid backgrounds, and enhanced typography.
• Secure Link Handling: Enforced rel="noopener noreferrer" on all external anchors and implemented strict protocol sanitization (https:, mailto:, etc.) for slide hotspots to prevent XSS.
• Timezone-Safe Dates: Refactored deck expiration logic to use Date.UTC, ensuring consistent calendar dates across different client timezones.

Fixed

• Modal Exit Animations: Resolved an early return bug in TierUpsellModal that was preventing AnimatePresence from triggering exit transitions.
• Accessibility (ARIA): Added role="dialog", aria-modal="true", and aria-labelledby attributes to core dashboard modals.
• Layout Integrity: Fixed PDF distortion in DeckViewer by removing redundant dimension constraints that forced a 16:9 stretch on non-standard documents.
• Branding Reset Persistence: Fixed a bug where resetting branding defaults would fail due to a missing user profile ID in the API call.

[2026-03-30] - Pipeline Hardening & Production Security Sync

Added

• Batch Data Room Analytics: Implemented get_batch_data_room_analytics Postgres RPC for O(1) retrieval of visitor and document counts across your entire library, eliminating N+1 query patterns.
• Atomic Rollback Architecture: Extended the PDF processing pipeline in ManageDeck.tsx to query live database state before cleaning up orphaned storage assets.

Changed

• RLS Security Hardening: Synchronized production data_room_documents policy to strictly enforce Deck Ownership on all writes (Select-based USING + Ownership-based WITH CHECK).
• Standardized Error Flows: Updated DeckSettingsForm.tsx to automatically clear error states on save and deduplicate intrusive browser alerts in favor of inline red banners.
• Batch Analytics Ownership: Hardened get_batch_data_room_analytics RPC with an owned_rooms CTE that filters input UUIDs against auth.uid(), ensuring the SECURITY DEFINER function cannot be exploited to read analytics for rooms owned by other users.

Fixed

• Analytics Query Safety: Hardened interestSignalService.ts with null-filtering (filter(Boolean)) and empty-guard returns to prevent malformed Supabase queries for rooms without documents.
• Stale State Rollbacks: Resolved an issue where aborted deck uploads could leave orphaned files in Supabase Storage due to stale local variables.
• Hook Data Security: Refactored useDataRoomPassword to useCheckDataRoomPassword (Mutation hook) to prevent raw passwords from being stored in the React Query cache.

[2026-03-29] - Location Analytics & Database Performance Optimization

Added

• Geographic Location Tracking: Integrated Vercel Edge Headers (x-vercel-ip-country, x-vercel-ip-city) to capture visitor origins without external API dependencies.
• Location Dashboard: Introduced a "Location" tab in DeckAnalytics.tsx featuring ranked lists of top countries and cities for each deck.
• Vercel Edge API: Implemented /api/geo edge function for zero-latency, dependency-free geo-data extraction.

Changed

• Analytics Server-Side Aggregation: Migrated high-traffic computation (unique visitors, location grouping) from client-side JavaScript to high-performance PostgreSQL RPCs.
  • Added count_unique_visitors(p_deck_id) for O(1) visitor counting.
  • Added get_deck_locations(p_deck_id) for server-side GROUP BY and sorting.
• Deep Obsidian UI Theme: Overhauled the Edit, Create, and Manage pages with a consistent #10120f "Deep Grey" aesthetic.
• Enhanced Visitor Signals: Updated the "Visitor Engagement Signals" section with a deeper interaction timeline and geographic markers.
• Optimized Caching Strategy: Refined TanStack Query intervals for analytics data to balance real-time freshness with database load.

Fixed

• City Name Encoding: Resolved an issue where Vercel-provided city names in headers were URL-encoded; implemented decodeURIComponent in the Edge API.

[2026-03-28] - Smart Slide Link Preservation & Edge Function Refactor

Added

• Local Link Preservation (PDF): Implemented a client-side extraction system for PDF uploads.
  • Added extractPdfLinkHotspots() utility to map PDF annotations to normalized (0-1) coordinates.
  • Integrated with processPdfToImages() to capture hyperlink metadata during the rasterization phase.
  • Introduced PdfLinkHotspot and SlidePage types to support interactive tracking layers.
• Smart Slide Overlay: The viewer now renders an invisible absolute-positioned grid of <a> tags over rasterized slides, allowing for 1:1 functional parity with original documents while using optimized WebP/JPG assets.

Changed

• Edge Function Refactor: Renamed and synchronized the document-processor Supabase Edge Function.
  • Implemented ConvertAPI integration for high-fidelity Office (PPTX, DOCX, XLSX) to JPG conversion.
  • Added server-side Tier Enforcement (PRO Only) and JWT security gating to the processing pipeline.
• Deno Module Synchronization: Unified deno.json import maps for Edge Functions to resolve uncached URL warnings and ensure consistent dependency versioning.

Fixed

• Interactive Conversion Mismatch: Corrected the naming convention in supabase/config.toml to ensure the frontend correctly invokes the document-processor instead of the legacy pdf-processor.

[2026-03-26] - Infrastructure Hardening & Feature Integrity

Fixed

• CSS Token Fix (src/App.css): Replaced nine instances of rgba(var(--deckly-primary-rgb), ...) with the standardized hsl(var(--brand-primary) / ...) alpha-aware syntax for consistent brand coloring.
• State Staleness in Notes: Resolved issues in DocumentRow.tsx and useLibrary.ts by adding a proper saveNoteMutation with explicit cache synchronization and an onSaveNote callback to ensure notes persist correctly.
• Folder Count Adjustments: Corrected a bug in useLibrary.ts where unsaving a deck failed to decrement its folder's deck_count; added a guard to prevent redundant state updates when moving a document to the same folder.
• Idempotent Service Mutations: Hardened organizerService.ts by converting tag creation to a conflict-handling upsert pattern and removing unsafe retries from folder creation to ensure reliable database operations.
• Improved Curation Rollbacks: Enhanced the updateFolder logic in organizerService.ts to capture full snapshots of folder state and tags before modification, allowing for complete data restoration if a network or database failure occurs.

[2026-03-23] - Saved Decks Performance & UX Overhaul & Dashboard Intelligence & Library Schema Reconciliation

Added

• Optimistic Document Management: Implemented instant UI feedback for moving documents between folders and managing tags. Folder counts and UI state now update before the server confirms the request, providing a "zero-latency" experience.

• Inline Note Annotations: Transformed the static "Notes" section into an interactive, inline textarea in DocumentRow. Changes are persisted via noteService on blur or Enter press.

• Dynamic Deck Timestamps: The "Top Decks" card now displays real, computed relative timestamps (e.g., "2h ago", "1d ago") derived from updated_at metadata, replacing previous hardcoded placeholders.

• Global Notification System: Integrated sonner Toaster for high-performance, branded toast notifications across the application.

• Keyboard-Accessible Collections: Added full keyboard support (Enter/Space) to FolderCard interactions, enhancing accessibility for the organization suite.

Changed

• Folder Identity Standardization: Unified the LibraryFolder.color property across the database and UI. Standardized the default folder color to #666666 (Grey) for a more grounded aesthetic.
• Header Optimization: Streamlined the DashboardLayout by removing redundant "Bell" and "Settings" icons, focusing the workspace on primary asset management actions.
• Improved Note Persistence: Enhanced the inline note editing in DocumentRow with better error handling and state reset logic when switching between documents.

Changed

• Major Architecture Refactor: Extracted all library logic from SavedDecksView.tsx into a high-performance useLibrary hook.
• TanStack Query Migration: Fully migrated the Saved Decks library to TanStack Query for session-persistent caching. This eliminates loading spinners when returning to the library and enables background data synchronization.
• Terminology Update: Replaced "Artifacts" with "Documents" across the folder management UI to better align with the workspace branding.

Fixed

• Instant Folder Updates: Resolved a bug where folder counts would show 0 until a manual refresh after moving a deck.
• Dropdown Theme Integrity: Fixed Radix UI dropdown item hover states to use brand-consistent colors in the obsidian theme by targeting data-[highlighted] attributes.
• Uncategorized Filtering: Corrected the folder filter logic to strictly show folder_id === null items when "All Documents" (Uncategorized) is selected.
• Menu Label Clarity: Renamed "Remove from Curation" to "Remove from Saved" for better user intent alignment.
• Library Schema Reconciliation: Synced supabase/schema.sql with the live database by adding the missing color column to library_folders, ensuring deployment consistency.
• Type-Check Integrity: Resolved an unused import regression in DashboardLayout.tsx and performed a full repository type-check pass.
• Unsave Logic Correction: Fixed a bug in SavedDecksView where the incorrect identifier was being passed to the unsave service, preventing decks from being removed from collections.

[2026-03-21] - Security Hardening & Analytics Integrity (Part 2)

Changed

• Robust IP Address Handling: Standardized x-forwarded-for header parsing across all security-sensitive RPCs (check_deck_password, check_data_room_password, record_deck_visit). Added reliable fallback to inet_client_addr() for localized or direct connections.
• Slug Enumeration Prevention: Unified the 'Unauthorized' response pattern for both non-existent and password-protected assets in get_deck_payload and get_data_room_payload, preventing attackers from enumerating valid slugs.
• Deno Configuration Synchronization: Synchronized root and function-specific deno.json import maps to ensure consistent versioning for @supabase/supabase-js and standard library modules.
• Centralized URL Generation: Introduced src/utils/url.ts to unify the generation of public-facing links and internal paths for decks and data rooms, ensuring consistent handle-based routing across the application.

Fixed

• Analytics Data Integrity:
  • Replaced silent data drops with automatic truncation for oversized visitor_id strings (max 100 chars).
  • Refactored the 24-hour visit update logic to unconditionally capture viewed_at and viewer_email while enforcing strict time_spent caps.
• PL/pgSQL Record Evaluation: Fixed a bug in payload retrieval functions where NOT FOUND checks were incorrectly implemented for record types.
• PostHog Configuration: Corrected the defaults option in main.tsx from an object to a string to ensure proper configuration snapshot selection.
• Data Room Document Mapping: Resolved a field mapping error in DataRoomViewer.tsx to Ensure full document metadata visibility.

[2026-03-21] - Security Hardening & Type-Safe Infrastructure

Added

• Secure Analytics RPC: Migrated analyticsService.ts to use a server-side record_deck_visit Postgres function. This prevents public write access to deck_stats and deck_page_views, ensuring metrics are tamper-proof and strictly validated.
• Server-Side Password Verification: Introduced check_deck_password RPC to handle asset access gates. Validation now happens entirely in the protected database layer, eliminating the need to expose hashed passwords to the client-side.
• Deno Import Maps: Standardized Supabase Edge Function dependencies using deno.json import maps. This improves code portability, resolves IDE "Uncached URL" warnings, and centralizes version management for the @supabase/supabase-js and std/ libraries.
• Obsidian Auth Suite: Fully migrated the Login and Signup pages to the #10120f Obsidian Depth theme, providing a seamless visual transition from the landing page to the dashboard.

Changed

• Massive Type-Safety Refactor: Eliminated over 50+ instances of the any type across the frontend (ManageDeck, SavedDecksView, DeckAnalytics, etc.). Implemented strict unknown type guards and refined interfaces like SavedDeck and Partial<Deck> to prevent runtime failures.
• Edge Function Stability: Refactored document-processor and pdf-processor to use mapped imports and resolved Deno registry integrity issues.
• 1080p Viewport Optimization: Adjusted the Auth page layouts for perfect scaling on standard 1080p displays, eliminating redundant scrollbars while maintaining element accessibility.

Fixed

• Trigger Double-Hashing Bug: Resolved a critical logic error in the database triggers where updating a deck row would cause the view_password to be re-hashed if already set, breaking subsequent access.
• React Dependency Warnings: Fixed exhaustive-deps warnings in App.tsx and resolved Fast Refresh conflicts in AuthContext.tsx to ensure stable HMR during development.
• View Security Escalation: Upgraded profiles_public and other sensitive views from security_definer to security_invoker to prevent potential privilege escalation.

[2026-03-08] - UI Overhaul & Theme Migration

Added

• Obsidian Depth Theme: Migrated the entire core dashboard, sidebar, and analytics interfaces to a sophisticated #10120f background color for a more grounded, premium feel.
• Premium Card Texture: Enhanced DataRoomCard with a subtle 32px grid pattern (opacity-0.01) and a faint brand-colored corner glow to make cards standout without being distracting.
• Human-Designed Typography: Standardized all dashboard labels to use normal sentence-case instead of uppercase tracking, aligning with the Uncodixfy "grounded and professional" aesthetic.

Changed

• Data Room Detail Redesign: Completely overhauled DataRoomDetail.tsx. Removed decorative distractions (green patches), consolidated stats into a clean 4-column grid, and highlighted "Copy Link" as the primary action.
• Room Page Responsiveness: Re-engineered DataRoomsPage.tsx with a fluid header and a more adaptive grid system (1 to 2 to 3 columns) that scales gracefully from mobile to ultra-wide displays.
• Content Robustness: Implemented line-clamp-2 for room descriptions and truncate for titles in cards to ensure the UI remains clean even with long user-generated content.
• Responsive Padding: Standardized card and container padding (p-5 on mobile, p-6 md:p-8 on desktop) for balanced white space across all viewports.

Fixed

• Sidebar Toggle Clipping: Refactored the DashboardLayout.tsx wrapper to eliminate redundant fixed-width containers that were partially hiding the sidebar collapse button.
• Tooltip Overflow Restoration: Modified DashboardCard and Table components to support overflow-visible overrides, ensuring that metrics tooltips appear above the UI without being clipped by parent cards.
• Action Hierarchy: Re-styled the action group (Preview, Edit, Delete) as clean secondary icon buttons to clear visual confusion and emphasize the primary "Copy Link" workflow.

Technical Optimizations

• TanStack Query Global Migration: Fully transitioned all data fetching (Analytics, Rooms, Decks, Profiles) from manual state management/local storage to TanStack Query. This results in significant memory footprint reduction and eliminated "ping-pong" state updates.
• Real-time Analytics Refresh: Implemented a refetchInterval: 45000 (45 seconds) across all analytics hooks (useDeckStats, useVisitorSignals, etc.). This ensures the dashboard stays fresh without hammering the database with excessive polling.
• Aggressive Refetching Strategy: Enabled refetchOnWindowFocus: true for analytics data, ensuring that whenever a founder returns to their dashboard tab, they instantly receive the latest engagement data.

---

[2026-03-07] - Workspace-Centric URLs & Dashboard Optimization

Added

• Workspace-Centric URLs: Migrated the routing architecture to a handle-based structure (/:handle/:slug) for a more branded sharing and viewing experience.
• Legacy URL Redirects: Developed a robust fallback mechanism (LegacyRedirect component) to gracefully route legacy /:username/:slug and bare /:slug links to their new namespaced destinations.
• Data Room Namespacing: Enforced strict handle validation and redirection for all Data Room viewer links, standardizing access across the app.
• Instant Dashboard Navigation: Replaced local storage caching and blocking load states on the main dashboard (Home.tsx) and TopDecksCard with high-performance TanStack Query hooks.

Changed

• Consistent Link Generation: Overhauled the generic "username" fallback across UI components (DeckList, SavedDecksView, DeckDetailPanel) to strictly enforce actual profile handles.
• Custom Branded Scrollbars: Introduced slim, premium scrollbars tailored to the primary brand color for the UI tables, replacing the clunky default browser scrollbars for a sleeker look.

[2026-03-07] - Custom Confirmation Modal & Premium UI Refinements

Added

• Animated ConfirmModal: Created a high-end, reusable ConfirmModal component using framer-motion for consistent, non-native confirmation flows across the app.
• Branded Modal Styling: Implemented a deep obsidian background (#09090b) with a subtle green corner gradient for all confirmation dialogs.

Changed

• Standardized Delete Workflow: Replaced legacy window.confirm() calls with the new ConfirmModal in the Library, Saved Decks, and Analytics dashboard views.
• Elegant Error Handling: Replaced intrusive browser alert() notifications with custom, non-blocking toast UI for branding updates and document management.
• Centralized Confirmation Logic: Refactored the dashboard's ContentView to eliminate redundant nested modals, ensuring a single, fluid interaction when deleting assets.

[2026-03-07] - TanStack Query Migration (Part 2)

Added

• Asynchronous State Management: Completed the full migration of AuthContext, Viewer, and NotesSidebar to TanStack Query.
• Real-time Slug Validation: Implemented debounced, asynchronous slug checks for Decks and Data Rooms with immediate UI feedback (Loading/Available/Taken states).
• Optimistic UI Updates: Added optimistic update logic for Investor Notes in the viewer, providing zero-latency feedback during saves.

Changed

• Pure Service Layer: Removed all manual Map-based caching and CACHE_TTL logic from dataRoomService, userService, deckService, and noteService.
• Intelligent Cache Invalidation: Configured automatic cache busting for queries when related mutations (like deck updates or data room creation) occur.
• Secure Logout: Enhanced session cleanup to explicitly wipe the entire Query Client cache upon user sign-out.

Fixed

• Stale Branding UI: Resolved issues where updated branding logos would not appear immediately across different pages until a hard refresh.
• Race Conditions in Viewer: Optimized the loading sequence for deck metadata and saved-states using parallelized TanStack queries.

---

[2026-03-07] - Analytics Refactoring & UX Polish

Added

• Accurate Profile Linking: Saved decks in the analytics view now accurately resolve the saving user's name or email via a manual fallback profile join, replacing the generic "Anonymous Investor" label.
• Engaged Metric Refinement: "Engaged" now correctly reflects the count of unique visitors who triggered at least one positive behavioral signal, improving the actionable quality of the data.

Changed

• Standardized "Saves" Terminology: Renamed "Bookmarks" to "Saves" comprehensively across the application (DeckAnalytics, Content view, Viewer header) to match standard user expectations and branding.
• Accurate Average Session Time: Fixed the Avg Session metric on the Deck Analytics page to correctly compute the average time spent dividing by unique visitors, rather than total slide views.
• Streamlined Content Dashboard: Shrunk the font sizes, labels, and padding of the main stats summary component (ContentStatsCard) to ensure that the user's primary focus remains on their list of decks without having to scroll.
• Clean Access Gate UX: Forced normal casing on the Identity Gate email input, disabling mobile autocorrect and auto-capitalization to provide a more frictionless access experience.

Fixed

• Identity Gate Progression Regression: Resolved a major UX bug where the Identity Gate would incorrectly prompt users for a password even if only an email was required, specifically handling flows where the email was already cached or known.
• Redundant Hover Effects: Removed distracting row hover states on empty content pages and static stats to ensure interaction only occurs where action is possible.

---

[2026-03-04] - Performance Code-Splitting & Room Analytics

Added

• Data Room Analytics Section: Added a comprehensive "Visitor Signals" section to the Data Room details page, displaying aggregated views, emails, time spent, and behavior signals across all assets in the room. Includes the ability to view detailed, non-blocking metrics before triggering security protocols.
• Route-Level Code Splitting: Overhauled application routing in App.tsx utilizing React.lazy and Suspense. Added a beautiful LoadingFallback and configured Vite's build settings to create an isolated vendor chunk out of node_modules. Significantly optimizes main-bundle sizes and initial perceived load time.
• Optimistic Document Reordering: Data room documents now feature instantaneous, optimistic front-end updates on drag-and-drop instead of waiting for database synchronization, vastly improving the UX of list management.

Changed

• Asynchronous Data Rooms UI: Reworked DataRoomsPage.tsx to unblock UI thread while fetching heavy room arrays instead of hanging the renderer, delivering near-instant perceived performance when navigating to the library.
• Improved Analytics Caching: Expanded the reach of visitor signals to accommodate multi-deck arrays specifically to compute Data Room metrics dynamically.

---

[2026-03-03] - Mobile Usability & URL Namespacing

Added

• URL Namespacing: Introduced personalized user_handle logic so decks and data rooms are accessed via friendly URLs (e.g., deckly.app/username/slug). Re-engineered database views and frontend routing to support this structure securely.
• Action Hub Popout: Replaced the standard "+" create button in the mobile BottomNav with a fluid, animated popout menu explicitly separating "New Deck" and "New Data Room" actions.
• Data Room Mobile Optimizations: Transformed the Data Room sidebar hierarchy into an intuitive mobile drawer overlay. Redesigned image footers to ensure navigation components remain visible on small screens.

Changed

• Mobile UI De-cluttering: Hid redundant dashboard Floating Action Buttons (FAB), empty state CTAs, and duplicate desktop creation actions on mobile devices to provide a sleeker, distraction-free app experience.
• Improved Slug Integrity: Implemented automatic URL-safe slug generation and validation checks in the deck and data room creation forms.

Fixed

• PGRST200 Join Error: Resolved a Supabase database relation error by explicitly exposing user_handle inside the deck_stats_with_library views, restoring accurate metric tracking across namespaced URLs.

---

[2026-03-02] - Premium UI Revamp & Analytics Optimization

Added

• Premium Data Room Redesign: Completely overhauled the Data Room creation and detail pages with a high-end "glass-shiny" dark theme, animated emerald accents, and clear status indicators.
• Edit Asset Page Overhaul: Transformed the Edit Deck interface into a premium experience. Added a dynamic hero section with asset previews, translucent glassy form sections, and optimized mobile layouts.
• Relocated Save Actions: In the Edit Asset page, moved the "Save Changes" button outside the danger zone and placed it next to the delete button for a more natural user flow.
• Advanced Analytics Caching: Re-engineered data fetching on the Analytics page. Implemented a 2-minute refresh throttle and stabilized session dependencies to eliminate unnecessary re-fetches and jarring loading skeletons when switching browser tabs.

Changed

• Analytics UI Polish: Redesigned analytics tabs to match the premium dashboard aesthetic. Removed unused tabs, optimized tab spacing, refined the custom scrollbar, and improved the mobile responsiveness of the summary metrics.
• Enhanced Data Room Contrast: Improved text legibility and visual hierarchy across all data room interfaces, particularly within the stats display and interaction buttons.

---

[2026-03-01] - Saved Decks & Private Investor Notes

Added

• Saved Decks: Rebranded "Inbox" to "Saved Decks" across the entire platform for better clarity. Optimized navigation order and icons.
• Private Investor Notes: Implemented a secure, auto-saving notes sidebar in the Deck Viewer, protected by Row-Level Security (RLS).
• Inline Note Editing: Added the ability to update private notes directly from the Saved Decks library without reopening the deck.
• Viewer Mobile Optimization: Redesigned the viewer header and navigation arrows for a compact, intuitive experience on smaller screens.
• "Updated" Badge System: Visual notifications in the Saved Decks view for recently modified decks.
• Save Count Analytics: Real-time bookmark tracking on the Content dashboard.
• Last Viewed Sync: Persistent tracking of when an investor last accessed a saved asset.

---

[2026-02-28] - Multi-Document Support & Security Hardening

Added

• Save to Library: Investors can bookmark decks for easy access later.
• Auth Modal: Seamless guest-to-user conversion flow for bookmarked content.
• Interactive Mode: High-fidelity slide conversion for PPTX, DOCX, and XLSX (PRO tier).
• Multi-Document Support: Support for PPTX, DOCX, XLSX, and CSV viewing.
• Branding Controls: Custom logos and room names for data rooms.
• Office Embed Support: Raw viewing mode for Office files integrated directly into the workspace via Microsoft Office Online.
• Premium Tier Gating: Implemented TierUpsellModal and server-side feature checks to restrict Office support and Interactive Mode to PRO/PRO+ users.
• New Feature Guide (docs/other-document-support.md): Detailed documentation on format support, conversion modes, and tier restrictions.

Changed

• Unified Feature Flags: Integrated all tiered feature permissions into src/constants/tiers.ts for centralized management.

Fixed

• Information Exposure Vulnerability: Standardized generic error responses in Edge Functions to prevent stack trace leakage while maintaining detailed server-side logs.
• Ownership Verification: Implemented strict JWT-based ownership checks in the document processor to ensure users can only process their own files.
• RLS Analytics Hardening: Updated database Row Level Security for deck_stats to prevent unauthorized data tampering or cross-user stats modification.

---

[2026-02-28] - Mobile UX Overhaul & Analytics Integrity

Added

• Glassmorphic Bottom Nav: A premium, frosted-glass navigation bar for mobile devices with smooth animations and active-state indicators.
• Mobile Profile Integration: The user's profile icon is now integrated into the mobile navigation bar for instant access to account settings.
• Interactive Feature Feedback: Added "Coming Soon" tooltips for disabled mobile navigation items (Analytics, Inbox, Requests) providing clear user feedback.
• Comprehensive Testing Guide (docs/testing.md): A progressive, non-technical guide covering the entire user journey from account creation to advanced data room security.

Changed

• Centralized Branding State: Logo and room name settings are now managed in the global AuthContext with localStorage persistence. This eliminates "penguin flicker" during tab switches and ensures branding is available instantly on hard refreshes.
• Analytics Data Cleaning: Owners are now automatically excluded from analytics tracking. Views, page turns, and time spent are no longer recorded when the deck creator views their own work.
• Daily Deck Views: Dashboard charts now display unique daily visits (Visitor + Deck + Day) instead of raw slide impressions, providing a more accurate reflection of interest.
• Real-Time Insight Aggregation: Replaced simulated dashboard time metrics with actual database-synced totals from visitor heartbeat tracking.

Fixed

• Persistent Branding Loss: Resolved an issue where branding settings would reset to defaults after a hard refresh (Ctrl+Shift+R) by ensuring the userId is passed to the refresh logic during session initialization.

---

[2026-02-24] - Data Rooms & Tier System

Added

• Data Room Detail Page (DataRoomDetail.tsx): A dedicated view for each data room with a dark gradient hero banner, stats row (documents, visitors, created date, share link), interactive document list with hover actions, analytics overview table, and room settings summary.
• Direct Upload to Room: "Upload New" button on the room detail page navigates to the upload flow with ?returnToRoom=<id>. After upload, the deck is auto-added to the room and the user is redirected back.
• Tier-Based Data Room Limits: TierConfig in constants/tiers.ts now includes maxDataRooms — Free (1), Pro (5), Pro+ (unlimited). The Data Rooms page shows a usage dot indicator, disables the "New Room" button at limits, and displays an upgrade banner.
• Tier Badge in Sidebar: The user's plan tier (FREE / PRO / PRO+) is displayed as a colored badge next to their name in the sidebar. Each tier has a distinct style — slate for Free, amber for Pro, purple gradient for Pro+.
• Google OAuth Profile Auto-Creation: AuthContext.fetchProfile() now auto-creates a profiles row for users who sign in via Google/GitHub OAuth and don't yet have one. Pulls full_name and avatar_url from auth metadata and defaults to tier: "FREE".

Changed

• Edit Room Navigation: Saving or deleting a room in ManageDataRoom now returns the user to the room detail page (/rooms/:roomId) instead of the rooms list.
• Back Button Context: The back arrow on the edit page navigates to the room's detail page when in edit mode.
• Route Structure: /rooms/:roomId now renders DataRoomDetail; editing is at /rooms/:roomId/edit.
• "Add Documents" → "Add Existing": Renamed to distinguish from the new "Upload New" option.

Safety

• Create Limit Guard: ManageDataRoom checks room count vs tier limit on mount (create mode only) and redirects to /rooms if at limit — prevents bypass via direct URL.

---

[2026-02-23] - Investor Signals & Analytics Accuracy

Added

• Viewer Email Linking: When a deck has "Require Email" enabled, the captured email is now stored in deck_page_views.viewer_email and displayed in the Visitor Engagement Signals section instead of a generic "Visitor #1" identifier.
• Per-Visitor Slide Time Breakdown: Each visitor card in the Signals section is now expandable — click to reveal a vertical bar chart showing time spent on each slide by that specific viewer (DocSend-style).
• getUniqueVisitorCount() in analyticsService.ts: New helper that counts distinct visitor_ids for a deck.

Changed

• "Total Visit" is now truly unique visitors: The summary card on DeckAnalytics, the dashboard (AnalyticsDashboard), and the content page (ContentView) now show unique people (distinct visitor_id), not cumulative slide-view sums. 1 person = 1 visit, regardless of slides viewed or return visits.
• Content page "Views" column: Per-deck view counts in the DecksTable now reflect unique visitors per deck, not aggregated slide impressions.
• getUserTotalStats(): Rewired to query deck_page_views for DISTINCT visitor_id counts across all user decks, replacing the old deck_stats.total_views sum.
• getDecksWithAnalytics(): Now computes per-deck unique visitors from deck_page_views instead of summing deck_stats.total_views.

Database Migration

ALTER TABLE deck_page_views ADD COLUMN IF NOT EXISTS viewer_email TEXT;

---

[2026-02-22] - Mobile Responsiveness Sprint

Added

• BottomNav.tsx (new component): A mobile-only bottom navigation bar fixed to the bottom of the screen. Replaces the desktop sidebar on small screens. Renders icon-only links with an active-state dot indicator. Uses safe-area-pb for devices with home indicators.
• Mobile Card View in DecksTable.tsx: On screens narrower than md (768px), the full data table is replaced by a compact card-list layout showing deck title, view count, last-viewed date, and all action buttons (Copy, Analytics, Edit, Delete).
• Responsive ContentStatsCard.tsx: Stats (Total Visits, Time Spent, Bookmarked) now render in a single horizontal row on mobile at text-2xl, condensed from the stacked text-6xl desktop layout.

Changed

• DashboardLayout.tsx:

  • Desktop sidebar hidden on mobile (md:hidden); BottomNav rendered instead.
  • Main content area adds pb-20 on mobile so content clears the bottom nav bar.
  • FAB (Floating Action Button) repositioned to bottom-24 on mobile to clear the nav bar. Size increased from w-13 to w-20 h-20 with a larger icon (size={36}).
  • "Founder Mode" toggle hidden on mobile (hidden md:flex).
  • Header <h1> reduced from text-2xl to text-lg on mobile.
  • Header horizontal padding reduced from px-12 to px-4 on mobile.

• AnalyticsDashboard.tsx:

  • Card min-height reduced to min-h-[400px] on mobile (from 600px).
  • Content layout switches from flex-row to flex-col on mobile so stats stack above the chart.
  • Tab button padding and labels condensed on mobile ("Time Spend" → "Time", "Bookmarked" → "Saved").
  • Chart content padding p-8 pb-12 → p-4 md:p-8 pb-8 md:pb-12.

• AnalyticsStatsSection.tsx: Stats display in a horizontal wrapping row (flex-row flex-wrap) on mobile with smaller font sizes; reverts to vertical column on md+.

• AnalyticsChart.tsx:

  • Chart bars changed from fixed w-12 with gap-8 to flex-1 max-w-12 so they scale with the container on any screen width and are capped at their original desktop size.
  • X-axis labels changed to flex-1 max-w-12 truncate to match bar alignment.
  • Removed unused cn import.

• DeckAnalytics.tsx (Detailed Analytics Page):

  • Outer padding p-8 → p-4 md:p-8.
  • Header layout stacks vertically on mobile; title truncates to prevent overflow.
  • Summary cards grid changed from grid-cols-1 to grid-cols-2 on mobile (2×2 layout vs. 1-per-row).
  • SummaryCard icon shrunk w-12 → w-8 on mobile; value font text-5xl → text-2xl.
  • "Coming Soon" badge hidden on mobile in summary cards.
  • Inactive tab button text color explicitly set to text-slate-700 (was defaulting to near-invisible light gray).
  • Chart section card padding p-10 → p-4 md:p-10.

Fixed

• Duplicate code in DecksTable.tsx: A previous edit left orphaned table JSX and a duplicate clsx function definition after line 295. Both were removed.

---

[2026-02-09] - Stability & Analytics Deep-Dive

Added

• Drop-off Visualization: A mathematical "Retention" tab in the analytics modal.
• Churn Alerts: Automated detection of high-friction slides.
• Access Gates: Password and Email protection for deck links.
• Diagnostic Logging: Verbose [Auth] and [App] logs for faster debugging.
• Composite SQL Index: Added idx_deck_stats_dashboard for optimized stats retrieval.

Fixed

• Infinite Loader Bug: Refactored the app initialization watchdog to be non-blocking.
• Analytics Race Condition: Fixed a bug where quick re-opens of the modal caused data clashes.
• Cold Start Timeouts: Extended app patience from 8s to 12s for Supabase wake-ups.

Performance

• In-Memory Caching: Added a 30-second TTL for analytics data to reduce DB pressure.
• Parallel Uploads: Improved PDF processing speed by parallelizing slide uploads.

---

[Initial Release] - MVP

• Basic PDF upload and viewing.
• Simple total views tracking.
• User authentication via Supabase.