Registro delle modifiche

Tutte le modifiche importanti a VitaPulse

v2.23.32026-03-22

Corretto **package.json** — suppression de la virgule traînante après le script `scan` (causait un `EJSONPARSE` au `npm ci`)

v2.23.22026-03-22

Modificato **Sitemap dynamique** — suppression du cron quotidien `generateSitemap.js` et du fichier statique `public/sitemap.xml`. Le sitemap est désormais servi dynamiquement via une route Express `/sitemap.xml` avec cache in-memory (TTL 1h)

v2.23.12026-03-17

Corretto **Emails discussions** — correction de l'URL de fallback dans les templates email de discussion : `vitapulse.io` → `vitapulse.e-xode.net` (5 langues)
Modificato **Lighthouse 12 → 13** — mise à jour majeure du moteur d'audit. 27 audits individuels supprimés (consolidés dans les 17 insights). Diagnostics réduits de 33 à 13 IDs. Fallback CLS elements vers `cls-culprits-insight`. `uses-http2` retiré des `skipAudits`. Scores a11y/SEO/BP ajustés (poids modifiés). Rétrocompatibilité totale avec les anciens scans
Modificato **Vite 7 → 8** — migration vers Rolldown (bundler Rust). Option `api: 'modern-compiler'` retirée des options SCSS (seul mode supporté). Builds ~2x plus rapides
Modificato **Vue Router 4 → 5** — mise à jour majeure sans breaking changes (merge de unplugin-vue-router dans le core)
Modificato **@vitejs/plugin-vue 5 → 6** — alignement sur Vite 8
Modificato **Dépendances mises à jour** — vue 3.5.18→3.5.30, vuetify 4.0.0→4.0.2, vue-i18n 11.1.11→11.3.0, pinia 3.0.3→3.0.4, dompurify 3.2.6→3.3.3, express 5.1.0→5.2.1, express-rate-limit 8.2.1→8.3.1, stripe 20.4.0→20.4.1, nodemailer 8.0.1→8.0.2, multer 2.0.3→2.1.1, sass-embedded 1.87.0→1.98.0
Modificato **TipTap épinglé à 3.20.0** — overrides npm pour contourner le publish cassé de 3.20.3 (dist/ manquant)
Modificato **Performance Insights — extraction enrichie** — `extractPerformanceInsights()` capture désormais la structure complète des insights Lighthouse : `headings`, `metricSavings`, `overallSavingsMs/Bytes`, `scoreDisplayMode`, `debugData`, `sortedBy`, `isEntityGrouped`, `subItems` imbriqués, et items sans troncature abusive (50 max pour tables, 30 pour listes)
Modificato **Performance Insights — UI refondée** — `ScanInsightsSection.vue` remplacé par une interface riche avec recherche, filtre par métrique impactée (LCP/CLS/INP/TBT/FCP), tri par score ou par gains, chips metricSavings, badges overallSavings, et rendu adaptatif selon le type de données (table/list/checklist)
Modificato **Performance Insights — PDF enrichi** — le PDF affiche désormais les metricSavings, warnings, et les tables de détails des insights (même rendu que les opportunités et diagnostics)
Modificato **AuditDetailTable — subItems et nouveaux valueTypes** — support des sous-éléments expandables (clic pour déplier), et des types `source-location`, `code`, `numeric`
Modificato **Lighthouse — capture `runtimeError`** — vérification de `lhr.runtimeError` après chaque appel à `lighthouse()` pour détecter les erreurs fatales (page non chargée, crash GPU, timeout DNS) et éviter les scans silencieusement marqués "completed" avec des scores null
Modificato **Lighthouse — `effort` calculé depuis `guidanceLevel`** — le champ `effort` des opportunités est maintenant calculé depuis `audit.guidanceLevel` (1→high, 2→medium, 3→low) au lieu d'être hardcodé à `'medium'`
Modificato **Lighthouse — `language` default cohérent** — le fallback de langue passe de `'fr'` hardcodé à `DEFAULT_LOCALE` (`'en'`) pour respecter la convention du projet
Modificato **Lighthouse — desktop timeouts configurables** — `maxWaitForFcp` (15s) et `maxWaitForLoad` (35s) desktop sont maintenant dans `LIGHTHOUSE_CONFIG.timing` au lieu d'être hardcodés
Aggiunto **InsightChecklist** — nouveau composant pour afficher les insights de type checklist (document-latency, lcp-discovery) avec icônes de validation
Aggiunto **InsightListRenderer** — nouveau composant pour afficher les insights de type list (cls-culprits, forced-reflow, breakdowns, network-tree) avec rendu récursif
Aggiunto **Lighthouse — `audit.explanation`** — extraction et affichage du champ `explanation` de Lighthouse dans les opportunités, diagnostics, issues (a11y/SEO/BP/security), insights et le PDF de résultats. Ce champ fournit un texte contextuel expliquant pourquoi l'audit a échoué pour la page spécifique testée

v2.22.12026-03-14

Modificato **GitHub Actions** — build workflow déclenché sur push/PR vers `main` (remplace `npm run lint`/`test:run` inexistants par `npm run build`), Docker build déclenché uniquement sur les tags de release (`v*`), CodeQL aligné sur la branche `main`

v2.22.02026-03-12

Sicurezza **Google reCAPTCHA v3** — intégration CAPTCHA invisible sur les 3 endpoints publics (signup, quick audit, contact). Vérification serveur du token avec score minimum 0.5. Désactivé en développement. Composable Vue `useCaptcha` partagé, helper serveur `verifyCaptcha` factorisé

v2.21.02026-03-12

Aggiunto **Statut de vérification utilisateur** — l'administration affiche si un utilisateur a validé son compte (code de sécurité vérifié au moins une fois) : chip vert/gris dans la liste et dans le détail utilisateur
Aggiunto **Suppression de compte utilisateur** — les administrateurs peuvent supprimer un compte utilisateur avec cascade complète (projets, scans, stats, discussions, messages, audits, associés, logs, sessions, avatar). Les comptes admin sont protégés contre la suppression
Sicurezza **Validation serveur signup** — ajout de la validation email (EMAIL_REGEX), password (≥ 8 caractères), et name (≥ 2 caractères) côté serveur dans l'endpoint d'inscription. Normalisation de l'email en lowercase et trim du name
Sicurezza **Validation serveur signin** — ajout de la validation email côté serveur dans l'endpoint de connexion
Sicurezza **Rate limit signup renforcé** — réduction du rate limit signup de 10 à 5 requêtes par 15 minutes
Sicurezza **Traduction des erreurs serveur** — les erreurs renvoyées par le serveur (signup, signin, forgot, reset) sont désormais traduites via i18n au lieu d'afficher les clés brutes

v2.20.02026-03-12

Aggiunto **Suivi conversions Google Ads** — événement GA4 `purchase` déclenché après un checkout réussi (Pro/Business) avec valeur de conversion, devise EUR et cycle de facturation. L'événement est automatiquement importé par Google Ads via `ads_conversion_PURCHASE_1`
Aggiunto **Validation URL** — vérification du format URL sur la page Quick Audit et la page d'accueil (protocole http/https, hostname valide avec au moins un point). Le bouton est désactivé tant que l'URL est invalide
Aggiunto **Validation email** — vérification du format email sur les pages de connexion et d'inscription. Utilise le regex partagé `EMAIL_REGEX` au lieu d'un regex inline moins strict
Corretto **Textes de validation en dur** — remplacement des messages de validation en français hardcodés (signup/signin) par des clés i18n traduites dans les 5 langues

v2.19.02026-03-08

Aggiunto **Langue italienne** — ajout de l'italien (it) comme 5ème langue supportée : traductions complètes (interface, vulnérabilités, emails), drapeau, imports dans tous les modules (main, email, googleWebhook, downloadPdf)
Corretto **Traductions allemandes incomplètes** — correction de 697 clés manquantes dans de.json (landing, admin, billing, project, cwv, caseStudies, pdf, et toutes les autres sections). Nettoyage des clés obsolètes et correction des types incompatibles (tableaux FAQ, takeaways, includes)
Corretto **Traductions italiennes incomplètes** — correction de 320 clés manquantes dans it.json. Nettoyage des clés obsolètes pour alignement parfait avec la structure anglaise de référence

v2.18.22026-03-08

Corretto **Appel parasite quick-audit/convert** — nettoyage du localStorage lorsque la conversion échoue, évitant un appel API inutile à chaque connexion

v2.18.12026-03-08

Modificato **Limite scans Pro** — réduction de la limite de scans manuels du plan Pro de 50 à 30 par mois. Code et textes mis à jour dans les 4 langues (en/fr/es/de)
Corretto **Limite scans Business** — correction de la limite de scans manuels du plan Business (était `Infinity`, maintenant 100). Seul l'admin est illimité
Corretto **Reset mensuel du compteur de scans** — ajout d'un reset lazy du compteur `scansThisMonth` (le compteur n'était jamais remis à zéro, bloquant les utilisateurs définitivement après X scans)
Corretto **Affichage compteur scans** — le dashboard Billing affiche maintenant les scans du mois en cours (`scansThisMonth`) au lieu du total à vie
Corretto **Alignement textes/code limites scans** — correction des incohérences entre les textes (5/50/200) et les valeurs réelles dans le code (10/30/100) pour les 3 plans dans les 4 langues

v2.18.02026-03-08

Aggiunto **Langue allemande (DE)** — support complet de l'allemand comme 4ème langue : traductions UI (de.json), vulnérabilités (vulnerabilities/de.json), templates email (emails/de.js), drapeau SVG, intégration dans les imports (main.js, email.js, googleWebhook.js, downloadPdf.js)
Aggiunto **News multilingues dynamiques** — refonte de l'éditeur de news admin : EN toujours obligatoire, ajout de langues supplémentaires via bouton (+), onglets dynamiques par langue. Champ `languages` stocké sur chaque news. Recherche admin étendue à toutes les langues. Chips de langues affichées dans la liste admin
Modificato **Rétention plan Free** — passage de 1 mois à 3 mois d'historique de scans (retentionDays 30 → 90). Textes pricing, FAQ et labels mis à jour dans les 4 langues

v2.17.12026-03-08

Modificato **Page Free Audit enrichie** — ajout de 3 sections marketing sous le formulaire : highlights des fonctionnalités, aperçu du rapport PDF (screenshots case study), et CTA vers l'inscription

v2.17.02026-03-08

Aggiunto **Landing pages campagnes** — 3 pages dédiées pour Google Ads : `/agencies` (agences web, white label), `/developers` (développeurs, régressions), `/core-web-vitals` (métriques Google). Traduites en FR/EN/ES, intégrées au sitemap
Modificato **Limites de plans** — rétention réduite : free 1 mois (était 6), pro 6 mois (était 12), business 1 an (était 3 ans). URLs par projet pro : 3 (était 5)
Modificato **CheckoutView factorisé** — les features hardcodées en anglais sont remplacées par les traductions i18n de la page pricing

v2.16.22026-03-07

Aggiunto **ProjectBanner sur la page scan** — affichage du screenshot et de l'URL du projet dans les résultats de scan, avec lien cliquable vers la page du projet
Sicurezza **Codes de sécurité cryptographiques** — remplacement de `Math.random()` par `crypto.randomInt()` pour la génération des codes 2FA
Sicurezza **Comparaison timing-safe** — les vérifications de codes de sécurité utilisent désormais `crypto.timingSafeEqual` pour prévenir les attaques par timing
Sicurezza **Protection open redirect** — validation du paramètre `redirect` dans les pages d'authentification (signin, signup, verify-code)
Sicurezza **Invalidation des sessions** — les autres sessions sont détruites lors d'un changement de mot de passe ou d'email
Sicurezza **Fuite de stack trace** — les erreurs 500 n'exposent plus la stack trace en production
Sicurezza **Secret de cookie** — le secret de session est désormais obligatoire en production (plus de fallback en dur)
Sicurezza **CSP Helmet activé** — Content Security Policy configuré en production (script-src, style-src, frame-src, etc.)
Sicurezza **Sanitization v-html** — les descriptions Stack Packs sont désormais sanitizées via DOMPurify
Sicurezza **Webhook Stripe** — les messages d'erreur ne divulguent plus les détails Stripe internes
Sicurezza **Sanitization HTML durcie** — restriction de l'attribut `style` au tag `span` uniquement, regex de couleur stricte
Sicurezza **Rate limiting étendu** — ajout de limites sur change-password, change-email, verify-email-change
Sicurezza **Plages IPv6 privées complètes** — ajout des plages `fd00:`, `::ffff:` mapped pour bloquer les scans sur IPs privées
Corretto **Bug associates/invite.js** — correction d'un crash `ReferenceError` quand la variable `project` était utilisée avant sa déclaration

v2.16.12026-03-07

Corretto **SSR 404 systématique** — toutes les pages retournaient HTTP 404 quand JavaScript est désactivé (le slash initial de l'URL était supprimé avant résolution du routeur Vue)

v2.16.02026-03-07

Aggiunto **Page 404** — les URLs inexistantes affichent désormais une page 404 dédiée avec HTTP 404 au lieu de rediriger vers la homepage (amélioration SEO)
Aggiunto **Méta dynamiques pour les news** — les pages de détail des articles ont désormais un titre, description et image OG uniques générés côté SSR. Schema JSON-LD `NewsArticle` avec auteur et dates
Aggiunto **x-default dans le sitemap** — le générateur de sitemap inclut désormais le hreflang `x-default`
Modificato **Optimisation fonts** — suppression du double chargement Google Fonts dans `index.html` (déjà chargé via `style.css`) et de la police IBM Plex Mono inutilisée
Modificato **Remplacement de Plotly par Chart.js** — le graphique d'historique CWV utilise désormais Chart.js (tree-shaked) au lieu de `plotly.js-dist-min`, réduisant le bundle de ~4.6 MB à ~50 KB
Corretto **robots.txt** — correction du domaine du sitemap (pointait vers un domaine inexistant)
Corretto **Schema Pricing** — suppression du faux `AggregateRating` (données inventées)
Rimosso **`useMeta.js`** — composable jamais utilisé, supprimé (dead code)
Rimosso **`sitemap.xml` du dépôt Git** — fichier régénéré quotidiennement par cron, ne doit pas être versionné

v2.15.02026-03-07

Aggiunto **Suppression de projet** — les propriétaires peuvent supprimer un projet depuis la page Paramètres (zone de danger). La suppression cascade sur tous les scans, statistiques, discussions et messages associés. Les associés perdent automatiquement l'accès
Aggiunto **Navigation par clic sur les scores** — cliquer sur une carte de score (Performance, Accessibilité, SEO, Best Practices) redirige automatiquement vers l'onglet ou sous-onglet correspondant dans les résultats du scan
Corretto **Badge non lu des news** — les news sans commentaire restaient toujours marquées comme non lues même après consultation, car la discussion nécessaire au suivi de lecture n'était créée qu'au premier commentaire

v2.14.0

Aggiunto **Redirection post-auth vers le projet partagé** — lorsqu'un associé clique sur le lien d'un email de partage de projet, il est redirigé automatiquement vers la page du projet après connexion ou inscription (au lieu du dashboard)
Aggiunto **Liens documentation dans les résultats de scan** — les éléments de sécurité documentés (headers HTTP, audits Lighthouse, warnings TLS, versions logicielles) affichent une icône "doc" avec tooltip, cliquable pour ouvrir la page de documentation correspondante dans un nouvel onglet
Aggiunto **Badge non lu en cyan** — les badges de contenu non lu (news, discussions) utilisent la couleur primaire au lieu du rouge pour éviter la confusion avec les erreurs
Aggiunto **Annulation des invitations en attente** — les propriétaires de projet peuvent annuler les invitations en attente d'un associé via un bouton dans la section "Invitations en attente" des paramètres du projet
Aggiunto **Bannière projet partagée** — le titre, l'URL et le screenshot du projet sont affichés sur les pages Discussions et Paramètres via un composant `ProjectBanner` réutilisable
Aggiunto **Lien résultats complets** — lien "Consulter tous les résultats de l'audit" sous les scores dans la page projet
Modificato **Logo email embarqué (CID)** — le logo VitaPulse dans les emails est désormais embarqué en pièce jointe CID au lieu d'être référencé par URL externe, garantissant son affichage dans Gmail, Outlook et tous les clients email
Modificato **Avatar email embarqué (CID)** — l'avatar de l'utilisateur dans les emails d'invitation associé est embarqué en pièce jointe CID pour un affichage fiable dans tous les clients email
Modificato **Menu header** — l'option "Administration" est déplacée juste avant "Déconnexion" (après le divider) au lieu d'être en première position
Modificato **MongoDB connection** — encodage `encodeURIComponent()` du nom d'utilisateur et mot de passe dans l'URI de connexion pour gérer les caractères spéciaux
Modificato **Traduction française** — remplacement de tous les termes "scan/scans" par "audit/audits" dans l'interface française
Modificato **Harmonisation responsive** — remplacement de tous les breakpoints hardcodés (768px, 960px, 600px) par des mixins SCSS centralisés (`max-md`, `max-sm`, `max-lg`) basés sur les variables du design system. Harmonisation des 4 pages projet (overview, settings, discussions, discussion detail) : même background (`$gradient-light`), même padding, même breakpoint (`max-md`), même variable `$header-height`. Remplacement de `calc(100vh - 72px)` par `$header-height` dans 6 pages app

v2.13.32026-03-06

Corretto **Email partage projet** — l'email envoyé lors du partage d'un projet avec un associé déjà inscrit inclut désormais les scores de performance et les alertes de sécurité (headers manquants), comme c'était déjà le cas pour les invitations de nouveaux utilisateurs
Modificato **Factorisation `getProjectScanData()`** — la logique d'extraction des scores et headers de sécurité pour les emails d'invitation est centralisée dans `dbHelpers.js` (utilisée par `invite.js` et `share.js`)

v2.13.22026-03-06

Modificato **MongoDB indexes initialization** — `initializeCollections(db)` est désormais appelée au démarrage du serveur, garantissant la création des index sur toutes les collections (users, projects, scans, quickAudits)
Modificato **Optimisation N+1 project list** — remplacement de 2N requêtes individuelles (find + count par projet) par 2 aggregations batch (`$group` + `$facet`), réduisant drastiquement la charge MongoDB sur le dashboard
Modificato **Aggregation `$facet`** — les endpoints `GET /api/projects/:id/scans` et `GET /api/admin/projects/:id` combinent désormais data + count en une seule requête MongoDB au lieu de deux
Modificato **Admin scans pagination** — l'endpoint `GET /api/admin/scans` est désormais paginé (50 résultats/page avec navigation) au lieu de charger 200 résultats d'un coup
Modificato **Index compound scans** — ajout de l'index `{ projectId: 1, status: 1, createdAt: -1 }` pour optimiser les requêtes filtrées par statut
Corretto **MongoDB sort memory overflow** — ajout de `allowDiskUse()` sur les requêtes de listing scans pour éviter le crash `QueryExceededMemoryLimitNoDiskUseAllowed` sur les collections volumineuses

v2.13.12026-03-06

Modificato **Sécurité : hashage des codes de vérification** — remplacement de l'encodage Base64 (réversible) par SHA-256 pour le stockage des codes de sécurité 2FA (`hashCode`/`verifyCode` dans `email.js`)
Modificato **Sécurité : projection MongoDB sur `users`** — exclusion systématique des champs sensibles (`password`, `securityCode`, `securityCodeExpires`, `securityCodeAttempts`) via `findUserSafe()` dans 18 fichiers API (billing, projects, associates, scans)
Modificato **Sécurité : sanitization formulaire de contact** — les champs `name`, `subject` et `message` sont désormais trimés et sanitizés via `sanitize-html` avant envoi
Modificato **Extraction IP centralisée** — remplacement de 9 occurrences de `req.headers['x-forwarded-for']` manuelles par `getClientIp(req)` dans les endpoints commentaires, discussions et admin
Modificato **Consolidation `escapeHtml`** — suppression des 2 implémentations dupliquées (entry-server.js, useMeta.js), import unique depuis `shared/utils.js`. Ajout de l'échappement des quotes simples (`'` → `'`)
Modificato **Helpers backend factorisés** — `parseObjectId()`, `parsePagination()`, `findUserSafe()` dans `dbHelpers.js` ; pagination utilisée dans 4 endpoints (logs, discussions, news, scans)
Modificato **Robustesse logging** — `logEvent()` loggue désormais les erreurs d'écriture MongoDB au lieu de les ignorer silencieusement
Modificato **Robustesse router** — le catch vide dans `router.beforeEach` loggue désormais les erreurs de vérification auth

v2.13.02026-03-06

Aggiunto **Project discussions** — forum-style discussions for project associates. Owner and associates can create discussions, post messages, and track unread discussions. Accessible from the project overview via a "Discussions" button with unread badge.
Aggiunto **Unified discussion system** — news comments and project discussions now share the same data architecture (`discussions`, `discussionMessages`, `discussionReads` collections) and reusable `CommentThread` component
Aggiunto **Discussion email notifications** — configurable alerts for new discussions and new messages, with separate toggles in project settings (available for all plans)
Aggiunto **Admin discussions page** — manage all discussions (news and projects) from admin panel with filtering by type and deletion capabilities
Aggiunto **Rich text messages** — discussion messages and news comments now support rich text editing (TipTap) with full toolbar: bold, italic, underline, colors, headings, lists, blockquotes, code blocks, images, YouTube, links. Images uploaded to dedicated `public/uploads/discussions/` directory
Aggiunto **Server-side HTML sanitization** — all user-generated HTML content (discussions and news comments) is sanitized server-side via `sanitize-html` to prevent XSS attacks. Only safe tags, attributes, and YouTube iframes are allowed
Aggiunto **Client-side HTML sanitization** — DOMPurify applied to all `v-html` rendering (discussion messages, news article content, news comments)
Aggiunto **Source Serif 4 content font** — discussion messages, news articles, and rich text editor now use Source Serif 4 (serif) for content readability, creating a clear visual distinction between app UI (Inter) and user-generated content
Aggiunto **Page comments** — users can read and post comments on documentation pages (vulnerability details). Public read, authenticated write, comment count badges and unread indicators on the vulnerability list page. Admin panel updated with "Pages" filter for page-type discussions
Modificato **News comments** — migrated from `newsComments`/`newsReads` to unified `discussions`/`discussionMessages`/`discussionReads` collections (breaking: existing news comments are lost, fresh start)
Modificato **TiptapEditor** — moved from `components/admin/` to `components/common/` for reuse across discussions and news. Added `showRawMode` prop (raw HTML mode now admin-only)
Modificato **Discussion & news UI redesign** — card-based message layout with left accent border, proper page backgrounds (gradient-light), white card containers for articles and comments, improved typography with content font, hover effects on messages, styled empty states and form areas
Corretto **News comment log events** — posting or editing a news comment now logs `news-comment-create` and `news-comment-edit` events (was missing)

v2.12.12026-03-03

Corretto **Associate sharing bug** — re-inviting an accepted associate on a new project incorrectly returned an "already associate" error instead of sharing the project
Corretto **Associate display per project** — associates tab in project settings now correctly filters by current project: shows only associates with access to this project, pending invitations for this project, and other associates without access
Corretto **Project settings centering** — page was not centered due to missing `container-narrow` class
Aggiunto **Associate empty states** — each section (project associates, pending invitations, other associates) now shows an explicit message when empty
Aggiunto **Signup email pre-fill** — associate invitation emails for new users include the email as query parameter, pre-filling the signup form

v2.12.02026-03-02

Aggiunto **User avatar system** — users can upload a profile picture (JPEG/PNG/WebP, 2MB max) from their account page. Avatar displayed in header menu, news comments, associate invite emails, and admin user pages
Aggiunto **News author display** — news articles show "Published by {name}" with author avatar below the title. Author is automatically tracked when creating news
Modificato **Email templates** — added VitaPulse logo (icon-192.png) in email header above the brand name for better visual identity
Modificato **Associate invite emails** — include the inviter's avatar and name in a styled card
Corretto **Security headers detection** — response headers were extracted from redirect responses (301/302) instead of the final response (200), causing security headers like `strict-transport-security` to be incorrectly reported as missing. Now uses `lhr.finalDisplayedUrl` for URL matching and filters only 2xx responses

v2.11.02026-03-01

Aggiunto **Google Analytics 4 integration** — GA4 tracking with SSR-compatible injection, SPA page view tracking on route changes, and custom events for key user actions (sign_up, login, quick_audit, project_create, scan_start, pdf_download, begin_checkout, contact form, share report). Configurable via `GA_MEASUREMENT_ID` environment variable
Aggiunto **Sitemap generator cron** — automated `public/sitemap.xml` generation with all static pages (11 routes × 3 locales with hreflang alternates) and dynamic news pages from database. Run via `npm run sitemap` or scheduled cron
Aggiunto **Public news list page** — new paginated `/news` page accessible without authentication, SEO-indexable with cover images, excerpts and pagination. News routes moved from `/app/news/` to `/news/` for better search engine visibility
Aggiunto **Dynamic news back link** — back button on news detail page dynamically adapts based on navigation history (returns to news list, dashboard or previous page)
Aggiunto **TipTap HTML raw mode** — toggle button in the editor toolbar to switch between WYSIWYG and raw HTML editing, allowing direct HTML paste
Aggiunto **Blog link in footer** — added Blog link in the Resources column of the footer
Modificato **Optimized robots.txt for SEO** — locale-aware Disallow rules for all private routes (`/*/app/`, `/*/signup`, `/*/signin`, `/*/auth/`, `/*/checkout`, `/*/report/`), allowing proper crawling of public content pages (landing, pricing, docs, news, case studies, etc.)
Modificato **Vue Router navigation guard** — migrated from deprecated `next()` callback to return-based API
Corretto **TipTap duplicate extensions warning** — disabled `link` and `underline` in StarterKit config since they are added separately with custom configuration
Corretto **News validation error messages** — admin news creation/update now returns specific missing field names instead of generic `error.validation`
Corretto **NewsDetailView comments crash** — restored missing `comments` ref declaration

v2.10.02026-03-01

Aggiunto **Email change with verification** — users can change their email address from the Account page via a secure 6-digit code sent to the new address (10 min expiry, 3 attempts max). Inline UI with two-step flow (enter new email → enter code)
Aggiunto **Enriched associate invitation emails** — invitation emails now include latest performance scores (4 categories with color-coded badges) and missing high/medium-severity security headers to incentivize recipients to sign up and view full reports
Aggiunto **Security alerts email helper** — new `renderSecurityAlerts()` shared helper in `emailLayout.js` for displaying missing security headers with severity badges
Aggiunto **Responsive container widths** — optimized Vuetify container max-widths for all breakpoints (92% at md, 1080px at lg, 1400px at xl, 1800px at xxl) with `.container-narrow` opt-out for form/centered pages
Aggiunto **`.form-narrow` utility class** — constrains form widths to 640px max, applied to ProjectSettingsView and ProjectNewView
Modificato **Unified email templates** — all 7 email types now share a consistent branded layout via `emailLayout.js` (gradient header with VitaPulse/e-xode branding, navigation footer with links to Pricing, Docs, Contact, Terms, Privacy). Factored shared helpers (score colors, CWV formatting, CTA buttons, code boxes) to eliminate duplication across locale files.
Modificato **Upgraded Vuetify from 3.x to 4.0.0** — full Material Design 3 migration
Modificato Migrated all typography classes from MD2 to MD3 (text-h1→text-display-large, text-body-2→text-body-medium, text-caption→text-body-small, etc.)
Modificato Migrated VRow grid props (`align` → CSS class, `dense` → `density="compact"`)
Modificato Updated SCSS breakpoints to MD3 values (md: 840px, lg: 1145px, xl: 1545px, xxl: 2138px)
Modificato Added `xxl` breakpoint mixin to SCSS design system
Modificato Added CSS reset for headings/paragraphs to replace Vuetify 4's removed global reset
Modificato Updated `vue` from 3.5.27 to 3.5.29
Modificato Updated `playwright` from 1.58.1 to 1.58.2
Modificato Updated `cors` from 2.8.5 to 2.8.6
Modificato Updated `vue-router` from 4.6.4 to 5.0.3
Modificato Updated `mongodb` from 6.21.0 to 7.1.0
Modificato Updated `nodemailer` from 6.10.1 to 8.0.1
Modificato Updated `stripe` from 14.25.0 to 20.4.0
Modificato Updated `@stripe/stripe-js` from 3.5.0 to 8.8.0
Corretto **Email link colors** — fixed link colors being overridden by email clients (Gmail, Outlook) using `<span>` wrapper technique
Corretto **Pending associates visibility** — associates with pending status now appear in the project settings list instead of being hidden until they accept
Corretto **Node watch paths** — added `src/translate/emails/` to `--watch-path` list for email template hot-reload in development

v2.9.02026-02-28

Aggiunto Security vulnerabilities documentation page (`/docs/vulnerabilities`) with detailed guides for HTTP security headers, TLS/SSL, Lighthouse security audits, and software version exposure (26 vulnerabilities total)
Aggiunto Separate translation files for vulnerabilities (`src/translate/vulnerabilities/en.json`, `fr.json`)
Aggiunto Vulnerability detail view with route `/docs/vulnerabilities/:id` and breadcrumb navigation
Aggiunto Vulnerabilities listed in Docs page section #10 with severity chips and direct links
Aggiunto 4 vulnerability categories: HTTP Security Headers (10), TLS/SSL Certificate (5), Lighthouse Security Audits (7), Software Version Exposure (4)
Aggiunto Spanish language support (es.json, vulnerability translations, email templates, flag icon)
Aggiunto Centralized locale configuration (`SUPPORTED_LOCALES`, `LOCALE_CODES`, `getIntlLocale()`, `getOgLocale()` in `shared/const.js`) — adding a new language only requires updating the single source of truth
Aggiunto Changelog page now auto-generated from `CHANGELOG.md` — single source of truth, no duplication in translation files
Modificato Redesigned header action elements (language switcher, account, sign in) with consistent pill-style buttons using shared SCSS mixin
Modificato Language switcher now displays country flag emoji (🇬🇧/🇫🇷) with locale code, clearly interactive at rest
Modificato CTA buttons (Dashboard, Start Free) use rounded pill style for visual consistency
Modificato Mobile drawer language buttons also show flag emojis

v2.8.32026-02-28

Corretto PDF section order now matches app tab order: Security → Quality → Performance → Resources → Advanced (Global → Framework → Critical Chains → Scripts Treemap → Audit Timing → Passed)
Corretto Moved `runWarnings` from after CWV to Advanced/Global section in PDF
Corretto Moved `console` to first position in Advanced section in PDF
Corretto Added missing translation key `scan.details.showAll` (EN/FR)

v2.8.22026-02-28

Modificato Moved Server Response Time block from Advanced > Global to Performance tab (displayed before Opportunities/Diagnostics)
Modificato PDF report updated to match new Server Response Time placement

v2.8.12026-02-28

Aggiunto Advanced tab split into 6 sub-tabs: Global, Framework, Critical Chains, Scripts Treemap, Audit Timing, Passed
Aggiunto New components: `ScanStackPacksSection`, `ScanCriticalChainsSection`, `ScanScriptTreemapSection`, `ScanAuditTimingSection`
Modificato Advanced > Global sub-tab: Console section displayed first, then Server Response Time, then remaining technical data
Modificato Fixed console section scrollbar overflow (removed unnecessary max-height constraint)
Corretto Console section displaying unwanted horizontal/vertical scrollbars

v2.8.02026-02-28

Aggiunto HTTP response headers extraction from Lighthouse artifacts (`NetworkRecords`) during scans
Aggiunto Standalone Security tab in scan results with four sub-tabs: "TLS Certificate", "Response Headers", "Software Versions" and "Lighthouse Audits"
Aggiunto Security headers analysis: 10 critical headers checked (HSTS, CSP, X-Frame-Options, etc.) with present/missing status and risk severity levels (high/medium/low)
Aggiunto Full response headers table in Security > Headers sub-tab
Aggiunto TLS certificate analysis: protocol version, cipher suite, signature algorithm, issuer, expiration with warnings for weak/expired certificates
Aggiunto Software versions detection from HTTP headers (Server, X-Powered-By), HTML content (CMS, meta generator, frameworks) and TLS protocol
Aggiunto PDF report: security section now includes TLS certificate, response headers, software versions and Lighthouse security audits
Aggiunto Global CSS gap utilities (`.gap-1` to `.gap-16`) in design system — fixes all `gap-*` classes that were non-functional with Vuetify
Aggiunto Lighthouse scores sorted worst-to-best on scan details page and project overview page
Aggiunto Core Web Vitals sorted worst-to-best on scan details page and project overview page
Aggiunto Quick stats clickable: navigate to corresponding tab and sub-tab with smooth scroll
Aggiunto Passed audits click scrolls directly to Passed section anchor within Advanced tab
Modificato Scan result tabs reordered: Security → Quality → Performance → Resources → Advanced
Modificato Security tab is now the default selected tab on scan results
Modificato Security issues moved from Quality tab sub-tab to standalone Security tab
Modificato Scan results overview layout reorganized: environment chips before quick-stats, screenshot in 3rd column
Modificato Loading timeline moved from overview to Resources tab (after stat-cards, before resources by type)
Modificato Quality tab reduced from 4 sub-tabs to 3 (accessibility, SEO, best practices)

v2.7.12026-02-28

Modificato Refactored project creation wizard: removed step 4 (scan progress), now redirects to project overview after creation where `ScanProgressCard` handles scan progress display
Modificato Project creation wizard reduced from 4 steps to 3 steps (Info → Pages → Alerts → Launch)
Corretto Dashboard news section not displaying: `NewsSection` was reading `data.news` instead of `data.items` from API response
Corretto Scan results: overview section extracted from tabs and displayed permanently between CWV and tab navigation

v2.7.02026-02-28

Aggiunto Localized URLs: all routes now prefixed with locale (`/en/*`, `/fr/*`)
Aggiunto `useLocalePath` composable for locale-aware navigation
Aggiunto Automatic locale detection from browser on first visit
Aggiunto SEO: hreflang, canonical, og:locale, and Schema.org inLanguage in SSR
Aggiunto Locale switcher updates URL path in real-time
Aggiunto News system: CRUD backend with bilingual content (FR/EN), cover image upload, sticky/homepage banner flags
Aggiunto News comments with moderation: users can post, edit own comments; admin approval workflow with pending/approved/rejected status
Aggiunto Comment rate limiting: configurable max comments per time window via admin settings
Aggiunto Admin news management: TipTap WYSIWYG editor, bilingual tabs, publish/draft, sticky and homepage banner controls
Aggiunto Admin comments moderation panel: approve, reject, delete comments with filters
Aggiunto Dashboard news section: latest 3 articles with unread badge and sticky indicator
Aggiunto News detail page with full content rendering and comments section
Aggiunto Homepage news banner: dismissible gradient banner for featured articles
Aggiunto IP tracking: user login IPs stored with history for security auditing
Aggiunto User blocking system: admin can block by account and/or IP addresses
Aggiunto Admin user detail: security section with block/unblock UI, IP history table with per-IP status and unblock action
Aggiunto Admin bypass: administrators exempt from all plan limits (projects, scans, associates, pages)
Aggiunto Favicon: SVG/PNG/ICO with VitaPulse branding (gradient V + pulse line)
Aggiunto News publicly accessible: reading news and comments no longer requires authentication
Aggiunto Comment posting/editing still requires authentication, with "Sign in to comment" prompt for visitors
Aggiunto Centralized event logging system: `logEvent()` helper, `logs` collection, admin logs page with search/filter/delete
Aggiunto Event logging instrumented across all endpoints: auth, projects, scans, billing, associates, admin, contact, quick audit, PDF download (40+ events)
Aggiunto Admin user detail: recent activity logs section with link to filtered logs page
Aggiunto Forgot password flow: email verification code, reset password page
Aggiunto Change password: authenticated users can change password from account page
Aggiunto Account page: profile editing (name) and password change under `/app/account`
Modificato Pricing FAQ completely rewritten with 20 comprehensive questions covering all features, plans, and capabilities
Modificato Backend-generated URLs (Stripe checkout, emails, Google Chat webhooks, share links) now include locale prefix
Modificato Admin user detail page shows IP history and blocking controls
Modificato SCSS design system: all hardcoded hex colors, border-radius, font-size, font-weight replaced with variables across 30+ files
Modificato New SCSS mixins: `hover-row`, `hover-lift`, `hover-light-on-dark`, `link-on-dark`, `link-primary` for consistent hover effects
Modificato Removed unused SCSS mixins (`status-good/warning/error`, `score-gauge`)
Modificato Added `$border-radius-xs`, `$gradient-dark-diagonal` SCSS variables
Modificato Favicon and apple-touch-icon now use relative paths (fixes cross-origin issues in dev)
Modificato Removed orphan `src/views/auth/` directory (duplicate of `src/views/Auth/`)
Modificato Refactored: auth page SCSS extracted to global `.auth-page` class in `_components.scss`
Modificato Refactored: `getEventColor`/`getEventCategory`/`formatLogMeta` extracted to `useLogUtils` composable
Modificato Refactored: business downgrade logic extracted to `handleBusinessDowngrade()` in `dbHelpers.js`
Modificato Refactored: inline URL truncation styles replaced with `.admin-url-truncate` SCSS class
Modificato Logger `logEvent()` changed to fire-and-forget with `.catch(() => {})` (no more async/await)
Sicurezza ObjectId validation added to all news/comments API endpoints
Sicurezza ObjectId.isValid() validation added to all API endpoints accepting ID parameters (17+ routes)
Sicurezza Error logging (`console.error`) added to all catch blocks across the entire API (15+ files)
Sicurezza Blocked users/IPs rejected at login with appropriate error messages
Sicurezza MongoDB projection added to user query in lighthouse.js to exclude password hash
Sicurezza Webhook error responses standardized to JSON format
Sicurezza setReference race condition fixed with atomic bulkWrite operation
Corretto Hardcoded French progress messages in scan store replaced with i18n keys (`scan.progress.*`)
Corretto Default locale inconsistency: backend now uses `DEFAULT_LOCALE` ('en') everywhere instead of mixed 'fr'/'en'
Corretto Hardcoded French in `useDateFormat.js` replaced with i18n keys (`dashboard.fewSeconds`, `dashboard.days`)
Corretto Default locale for `formatDateShort`/`formatDateFull` changed from `'fr-FR'` to `'en-US'`
Corretto Scan status colors centralized in `SCAN_STATUS_COLORS` constant (removed duplication in 3 admin views)
Corretto ObjectId validation added to `findUserOrSharedProject` helper (prevents crash on invalid IDs)
Corretto Cron notifications now log warnings on failure instead of silently swallowing errors
Corretto Cron scheduled scans now validate `project.url` before launching scan
Corretto TiptapEditor image upload now handles fetch errors and checks `res.ok`
Corretto Unused `shallowRef` import removed from NewsDetailView
Corretto Unused `mdiEyeOff` import removed from AdminNewsEditView

v2.6.12026-02-27

Modificato CWV tooltips on scan detail page now show per-metric descriptions matching project overview page
Modificato Removed non-functional expandable CWV cards on scan detail page
Modificato Added spacing between Mobile/Desktop toggle buttons
Modificato Removed share report button from scan detail page

v2.6.02026-02-27

Aggiunto Plan upgrade/downgrade with Stripe proration (Pro ↔ Business, monthly ↔ yearly)
Aggiunto Upgrade preview dialog showing prorated amount before confirmation
Aggiunto Webhook handler for `customer.subscription.updated` as backup sync
Aggiunto Checkout guard preventing duplicate subscriptions
Aggiunto Project screenshot thumbnail on dashboard cards and project overview header
Aggiunto Placeholder image for projects without scans (VitaPulse branded SVG)
Modificato Upgrade button in Billing page now opens inline preview dialog instead of redirecting to pricing
Modificato Pricing page buttons adapt for existing subscribers (upgrade, downgrade, cycle change)
Modificato Downgrade from Business automatically revokes associates
Modificato Admin downgrade from Business now properly revokes associates and cleans shared projects

v2.5.12026-02-27

Aggiunto Associates can now view project settings in read-only mode
Aggiunto Associates can manage their own email notification preferences (scan results and regression alerts) based on their plan
Aggiunto Associate notification emails are sent after each scan completion

v2.5.02026-02-27

Modificato Case Studies page: fixed all section-to-page mappings to match actual PDF content (16 sections for 28 pages)
Modificato Case Studies page: corrected metrics values (mobile 82, desktop 78)
Modificato Documentation page: complete rebuild with comprehensive VitaPulse user guide (10 sections: Quick Audit, Projects, Scans, Scores, CWV, Opportunities, Regressions, PDF Reports, Associates, Plans)
Modificato Documentation page: added quick start cards, table of contents, and screenshot illustrations
Modificato Landing page: enhanced features section with 6 benefit cards and 4 illustrated feature showcases
Modificato Changelog page: complete rewrite with full version history (v1.0.0 to v2.4.0)
Modificato Security page: updated with VitaPulse-specific security practices and technical details
Modificato Terms of Service: comprehensive rewrite with 12 sections covering SaaS-specific terms
Modificato Privacy Policy: GDPR-compliant rewrite with detailed data collection, storage, and rights information
Modificato Cookie Policy: rewritten to reflect actual minimal cookie usage (single session cookie)
Rimosso API documentation page and route (no public API)
Rimosso Blog page link from footer (no blog content)
Rimosso Status page link from footer

v2.4.12026-02-26

Modificato Project settings page: split into tabs (Settings / Associates) for Business plan users
Modificato Dashboard: search field and project filter now on the same line
Corretto Associates tab not switching (missing activeTab ref)
Corretto Invite button not vertically centered next to email input

v2.4.02026-02-26

Aggiunto Associates system for Business plan users: invite up to 5 associates by email to share project access
Aggiunto Associates management section in project settings (invite, share, remove per project)
Aggiunto Dashboard filter (All / My projects / Shared with me) with shared badge showing owner name
Aggiunto Email invitation templates for associates (existing user + new user) in EN/FR
Aggiunto Automatic project linking when invited associate registers a new account
Aggiunto Associate access inheritance: associates inherit PDF download and report sharing capabilities from project owner's plan
Aggiunto Scan ownership awareness: project owners can manage scans launched by associates
Aggiunto Automatic associate revocation on plan downgrade (Business → Pro/Free)

v2.3.22026-02-26

Corretto Global button spacing: adjacent buttons in card actions are no longer visually stuck together
Corretto CWV history chart now auto-rebuilds project stats from existing scans when collection is empty

v2.3.12026-02-22

Corretto Admin scores display not showing due to per-device nested data structure
Corretto Admin CWV table empty due to same nested structure issue
Corretto Scan detail page now shows scores and CWV per device with mobile/desktop toggle

v2.3.02026-02-22

Aggiunto Admin user detail page with editable plan, type, name, company
Aggiunto User projects list in admin user detail
Aggiunto Clickable rows in admin users table
Aggiunto Admin project detail page with editable name, URL, scan frequency
Aggiunto Project scans list in admin project detail with status, score, device
Aggiunto Clickable project rows in admin projects list and user detail
Aggiunto Link to project owner from project detail page
Aggiunto Admin scan detail page with scores, CWV, regressions display
Aggiunto Editable scan status and reference flag from admin
Aggiunto Admin scan delete with confirmation dialog
Aggiunto Clickable scan rows in admin scans list and project detail
Aggiunto Links to owner and project from scan detail page

v2.2.12026-02-22

Corretto Landing page hero section alignment and height

v2.2.02026-02-22

Aggiunto User `type` field (`user` default, `admin` manual) for role-based access
Aggiunto Admin dashboard with user listing (email, plan, projects, scans, registration date)
Aggiunto Admin projects page listing all projects with owner, scan count, latest score
Aggiunto Admin scans page listing 200 most recent scans with project, owner, status, score, duration
Aggiunto `requireAdmin` middleware for admin-only API endpoints
Aggiunto Admin menu in header (crown icon) visible only for admin users
Aggiunto Admin route guard (`requiresAdmin`) on frontend router
Modificato CWV history chart now uses dedicated `projectStats` collection with incremental aggregation instead of paginated scan data
Modificato Stats are pushed to `projectStats` on each scan completion (no cron needed)
Modificato New `GET /api/projects/:id/stats` endpoint for lightweight chart data

v2.1.02026-02-21

Aggiunto "Set as reference" action on scan details page with `isReference` badge display
Aggiunto Network requests table in Resources tab (URL, type, protocol, status, transfer/resource size, priority)
Aggiunto Main thread time column in third-party summary table
Aggiunto Parse/Compile column in script bootup table
Aggiunto Overview stat cards in Resources tab (requests, transferred, third parties count, JS libraries count)
Aggiunto Show more/less toggle on script bootup, third-party, and network requests tables
Aggiunto Core Web Vitals history chart (Plotly) on project overview page, visible when at least 2 completed scans exist
Modificato Merged "Insights" tab into "Performance" tab (opportunities + diagnostics + insights)
Modificato Merged "Technical", "Console", and "Passed" tabs into a single "Advanced" tab
Modificato Replaced `v-btn-toggle` navigation with `v-tabs` for scan result sections
Modificato Redesigned Resources tab with section headers, sorted resource bars, and detailed tables
Modificato Third-party section now displays data directly from `thirdPartySummary` with entity name and main thread time
Modificato Replaced `networkSummary` (aggregate) with detailed `networkRequests` table
Modificato Regression detection now prioritizes scans marked as `isReference` before falling back to latest scan
Modificato Synchronized PDF report generation with all scan result display changes (4 stat cards, parseCompile column, network requests table, third-party mainThreadTime, section ordering)

v2.0.02026-02-15

Aggiunto Comprehensive PDF report generation matching the full application display with 25+ sections (screenshots, filmstrip, audit detail tables, resource bar charts, critical chains, layout shifts, script treemap, entities, BF cache, user timings, server response time, config settings)
Aggiunto Case studies page with real audit data from www.e-xode.net (23-page PDF, per-page screenshots, key metrics, takeaways)
Aggiunto Complete i18n localization system with `createT(locale)` server-side translation resolver
Aggiunto Shared component library: 13 reusable components extracted (`AlertError`, `ConfirmDialog`, `DataTable`, `EmptyState`, `LoadingSpinner`, `PageHeader`, `ScoreCircle`, `ScanProgressCard`, `SearchInput`, `SectionCard`, `StatCard`, `StatusChip`, `UpgradeCta`)
Aggiunto Shared utilities module (`shared/utils.js`) with `escapeHtml`, `formatBytes`, `formatMs`, `getScoreColor`, `getScoreLabel`, `getScoreBg`, `getCwvStatus`, `getCwvColor`, `formatCwvValue`
Aggiunto Shared constants module (`shared/const.js`) with `DEVICES`, `CWV_METRICS`, `INSIGHTS_FAILING_THRESHOLD`, `SCAN_DATA_FIELDS`
Aggiunto Shared database helpers (`shared/dbHelpers.js`) for MongoDB operations
Aggiunto Shared API client (`shared/api.js`) with centralized error handling
Aggiunto Rate limiting on all API endpoints with configurable windows
Aggiunto Session management with automatic cleanup on dev startup
Aggiunto Version number displayed in application footer
Aggiunto PDF White Label mode for Business plan users
Aggiunto App version exposed via Vite `define` for frontend access
Modificato Rewrote `pdfTemplate.js` (~580 lines) with all scan data sections, matching app UX/design (brand gradient, score colors, impact badges, CWV thresholds)
Modificato Rewrote `downloadPdf.js` with comprehensive `preparePdfData()` extracting all 35+ scan data fields per device
Modificato Refactored all Pinia stores to use shared utilities and constants
Modificato Refactored all API endpoints to use shared database helpers and middleware
Modificato Updated all Vue components to use shared component library
Modificato Migrated all hardcoded strings to i18n translation files (en.json, fr.json)
Modificato Updated `entry-server.js` with i18n-aware SSR (`getRouteMeta`, `generateMetaTags`, `getSchemaMarkup`)
Modificato Updated `index.html` with `` placeholder for dynamic lang attribute
Modificato Rewrote `CaseStudiesView.vue` with real audit content and PDF page screenshots
Modificato Improved error handling across all API routes with safe JSON parsing
Corretto Security audit: input validation, authorization checks, rate limiting on all endpoints
Corretto Data parity between scan storage and display fields
Corretto Docker and Playwright configuration for PDF generation
Corretto Session cleanup preventing stale session file accumulation
Corretto Rate limiting configuration for different endpoint categories
Corretto SSR hydration for localized meta tags and schema markup
Corretto Translation key consistency across all components
Sicurezza Added `requireAuth` middleware on all protected routes
Sicurezza Added input sanitization with `escapeHtml` utility
Sicurezza Enforced ownership checks on scan/project access
Sicurezza Configured Helmet CSP and CORS policies
Sicurezza Added rate limiting per API category (auth, scans, general)

v1.3.02026-02-10

Aggiunto Case studies page showcasing VitaPulse audit capabilities
Aggiunto GitHub Actions workflow for CI testing
Modificato Layout improvements across all views
Modificato Translation updates for all supported locales
Modificato Major layout and code refactoring

v1.2.02026-02-07

Aggiunto Coupon management system for Stripe payments
Aggiunto Quick audit rate limiting (max audits per plan)
Aggiunto Automated cron jobs for data pruning
Aggiunto Email notifications with scoring reports
Aggiunto Multi-page scan support
Modificato Pricing logic refactored with plan-based feature gating
Modificato Header theme improvements
Modificato Report results display fixes
Corretto Docker environment variables for Stripe integration
Corretto Translation consistency issues

v1.1.02026-02-06

Aggiunto PDF report export with Chromium rendering
Aggiunto SEO optimizations (meta tags, schema markup, sitemap)
Aggiunto Scan animation and progress indicators
Aggiunto CSS design system with variables and mixins
Aggiunto Detailed audit results display (8 tabbed sections)
Aggiunto New project creation workflow with guided steps
Modificato Factorized scan animation components
Modificato Server-side rendering fixes for Vue Router
Corretto Translation loading and fallback behavior
Corretto Server rendering hydration issues

v1.0.02026-02-04

Aggiunto Initial release of VitaPulse platform
Aggiunto Lighthouse 12 audit engine integration
Aggiunto Core Web Vitals monitoring (LCP, FCP, CLS, TBT, INP, TTFB, Speed Index, TTI)
Aggiunto Mobile and desktop device analysis
Aggiunto Performance, Accessibility, Best Practices and SEO scoring
Aggiunto Stripe payment integration with Pro and Business plans
Aggiunto User authentication with email verification
Aggiunto Legal pages (Terms, Privacy, Cookies)
Aggiunto CORS and security configuration
Aggiunto Docker containerization with docker-compose