WORK FREQSession RequiredAuthenticate
Network Frequency · Work Freq V1

Changelog

What shipped, when, and why it mattered. Every security fix is disclosed here, even when no customer was exposed. Every compliance milestone is dated. If you want the detail behind a controls claim, the Trust Center is one click away.

Last updated: 2026-04-22
v1.8.0 Highlight

Rights Issues Queue & Performance Hardening

HQ operators now have a single landing page for rights expirations across every project, every line of business, every client. Platform capped multiple unbounded queries and added composite indexes so response time stays flat as tenants grow.

+Added
  • Rights Issues queue in Command Center — surfaces assets with expired or expiring-soon rights (30-day window) with project deep-links.
  • Rights Issues KPI card in the HQ KPI strip, conditionally rendered so the strip stays clean on the happy path.
  • CSV export of the Rights Issues queue — full asset metadata for compliance review.
  • Composite indexes on the activity log for project, org, and user dimensions. Audit trail queries are visibly faster when filtering by client or LOB.
~Changed
  • Command Center queries now bounded with generous-but-finite limits (projects 500, orgs 500, LOBs 1,000). No noticeable effect at current scale; insulates against multi-thousand-row cliffs as clients grow.
  • Client Portal initialization queries for super-admin operators now capped, reducing cold-start time on the Clients page.
  • Gallery thumbnails across Project Detail, Client Dashboard, and Guest Browser now use native browser lazy loading — page weight on long galleries dropped sharply.
v1.7.0

Security Hardening

A quadruple audit pass uncovered a multi-factor auth verification path that accepted a hardcoded six-digit code. That path has been removed and replaced with real time-based one-time password (TOTP) verification against Supabase Auth. Session tokens now receive a sweep on sign-out, eliminating a session-fixation risk across shared devices.

+Added
  • Database trigger prevents a user from escalating their own role, tenant, or admin status even if the UPDATE somehow reaches the row.
!Fixed
  • Organizations table now has explicit INSERT, UPDATE, and DELETE row-level policies for super_admin — previously an implicit policy gap. No customer data was affected.
Security
  • Removed legacy internal-access PIN from MFA challenge flow. All MFA prompts now verify against the signed-in user's TOTP factor via Supabase Auth.
  • Sign-out now sweeps every WorkFreq-scoped key from local storage (device trust tokens, dev persona overrides, session cache). Prevents leakage between users on a shared workstation.
  • Users table UPDATE policy scoped so non-admins can edit only their own first name, last name, and avatar. Role, tenant, and active-status changes blocked at the database layer.
v1.6.0 Highlight

Trust Center, MFA Enforcement, and SSO Framework

Procurement teams and vendor-evaluation reviewers asked for a single URL that documents our security posture. The Trust Center now lives at /trust and is the canonical source for every control we claim to enforce. Multi-factor auth is now required for Work Freq staff roles, and the OIDC framework for customer-managed SSO (Okta, Entra, Ping) is wired and waiting for provisioning requests.

+Added
  • Public Trust Center at /trust — security posture, compliance roadmap, sub-processors, data handling, and contact. Screenshot-ready for vendor scorecards.
  • Multi-factor auth enforcement gate for HQ roles. Staff sign-in requires an enrolled TOTP factor; Profile Settings and Trust Center remain reachable pre-enrollment.
  • Profile Settings page — MFA enrollment wizard, avatar upload, password change, sign-out. Accessible from the GlobalNav drawer.
  • Single sign-on framework via OIDC. Okta, Microsoft Entra ID, and Ping Federate supported via Supabase Auth third-party providers; per-customer provisioning available on request.
Compliance
  • SOC 2 Type II program moved into observation phase. Vendor and runbook selection documented.
  • Sub-processor register published. Every third party with access to customer data is named with purpose, region, and DPA link.
v1.5.0 Highlight

Asset Rights & Lifecycle

Every asset can now carry a rights expiry date, talent release, license type, geographic restriction, and channel restriction. A nightly job flags assets past expiry and the Guest Browser refuses downloads of expired rights automatically — no more accidental use of paid-media assets after the window closes.

+Added
  • Rights & License capture fields in the asset upload form: expiry date, license type, geographic and channel restrictions, usage-terms notes, talent release upload.
  • Rights badges in asset galleries — orange EXPIRING SOON at 30 days out, red RIGHTS EXPIRED when the window has closed.
  • Rights & License panel inside the asset detail lightbox across Project Detail, Client Dashboard, and Guest Browser.
  • Private talent_releases storage bucket with HQ-only write, org-scoped read.
  • Nightly mark_expired_assets() function updates any asset whose rights window closed in the last 24 hours.
~Changed
  • Guest Browser download button replaced with a disabled 'Rights expired — Download blocked' stub when the asset's rights window has closed.
v1.4.0

Role Model Simplification & Portfolio Intelligence

Collapsed the legacy eight-role matrix down to six first-class roles that actually map to how clients and producers think about their teams: super admin, producer, executive, client, guest, agency partner. The Client Portal was rebuilt from scratch as a enterprise-grade portfolio intelligence desk — the best client-facing interface WorkFreq ships.

+Added
  • Executive and agency_partner as first-class client tiers, unlocking portfolio-level visibility for multi-LOB clients and external agency collaborators.
  • Client Portal v2 — portfolio intelligence, brand identity management, rights inventory rollup, sticky save bar, per-tab dirty indicators.
  • Client Portal contract tab shows rights inventory with expired / expiring / active counts rolled up at the client level.
  • Explicit row-level security policies for organization CRUD — plugs an implicit policy gap and confirms super_admin is the only write authority.
~Changed
  • Role enum simplified to six roles. Legacy agency_producer, agency_contractor, client_admin, and client_reviewer have been deprecated; existing records auto-mapped on upgrade.
v1.3.0

Audit Trail Coverage & Save UX

Every hot path in the platform now emits an audit log event — uploads, approvals, downloads, guest access, profile changes, rights updates, avatar changes, MFA enrollment. The audit history has been backfilled from existing project data so the timeline feels complete from day one. The Client Portal got a save model that is impossible to forget.

+Added
  • Activity log wired on six high-traffic paths (upload, approve, download, guest view, rights change, role change) with a consistent schema.
  • Backfilled more than 3,400 activity events from existing project records so the audit trail reads like a complete history, not just 'since we installed the logger'.
  • Audit Trail viewer ships with multi-scope CSV export — current view, by client, by line of business, by date range, or full history.
  • Client Portal save UX — per-tab dirty indicators, sticky save banner that pins to the top when the user scrolls, gold-bordered save bar that cannot be missed.
!Fixed
  • Contrast ratio of the 'subtle' grey text across the platform bumped to meet WCAG AA against the dark background.
v1.2.0

Responsive Sweep & Contrast

Edited every page on a real iPhone, an iPad in landscape, and a 13" laptop. Eliminated the 'clipped action bar' bug on five modals, added safe-area padding for iOS devices, and raised contrast on brand-colored buttons so clients with a light-blue primary color no longer lost legibility on disabled states.

+Added
  • Brand-color contrast helper that auto-picks white or black foreground text for any client-chosen primary color.
  • Tablet breakpoint tuned — iPad landscape now gets the mobile-style Intel bottom sheet and 2x2 KPI grid instead of the cramped desktop layout.
  • Loading skeletons across every page — zero layout shift when data arrives.
~Changed
  • Bottom-anchored sticky elements respect iOS safe-area-inset so the Intel FAB clears the home indicator.
!Fixed
  • Action bars on the Client Portal, Project Detail, Client Dashboard, Guest Browser, and Command Center no longer clip beneath browser chrome on mobile.
v1.1.0

Command Center Polish

Command Center got a sticky header, view-mode persistence across sessions, empty-state calls-to-action on every view, and a right-rail Intel panel that mirrors to a bottom sheet on mobile so operators never lose situational awareness.

+Added
  • Sticky header on Command Center with a compact 2x2 KPI grid on mobile.
  • View-mode persistence — kanban, list, client-grouped — remembered across sessions per operator.
  • Intel FAB and bottom-sheet on mobile — upcoming milestones, mission intel, quick access.
  • Empty-state CTAs on every list view so new tenants never hit a blank page.
  • Scroll-into-view on the active category pill in the audit trail viewer.
v1.0.0 Highlight

WorkFreq V1 — Public Preview

First customer-facing release. Truist is the flagship tenant with 25 active projects across seven lines of business. TD Bank onboarding begins June 1.

+Added
  • Three-tier storage architecture — private vault for raw, private delivery for approved, private thumbnails for galleries, public-read avatars only.
  • Row-level security on all 38 application tables with org-scoped tenant isolation.
  • Kanban, list, and client-grouped views for project pipelines.
  • Approval workflow with SLA tracking, download analytics, and guest galleries via token-gated links.
  • Parallel upload concurrency and automated duplicate detection.
  • Auto-tag pipeline on image uploads.
© Network Frequency LLC · Work Freq is a registered service mark.