Forge

Dependency maintenance: upgraded archiver to v8. This is an internal tooling update with no impact on template functionality or the dev experience.

Dependency hygiene: updated pnpm to v10.34.1. This is a patch release with no breaking changes or buyer-facing modifications.

Dependency maintenance: updated @types/node to v24. This is a types-only update with no impact on runtime behaviour or the devtools API surface.

Fixed WebGL hero scene rendering on mobile devices. The interactive 3D hero component now gracefully degrades on touch devices, reducing memory pressure and improving frame stability on lower-end hardware. **Changes:** - Disabled JS-gated WebGL hero scene on mobile viewports (#141) This ensures the hero experience remains performant across all device classes without requiring any configuration changes on your end.

Fixed documentation route exclusion in release zip artifacts. The `/docs` path is now correctly excluded during packaging, ensuring the Documentation route ships as intended in distribution builds.

Internal maintenance: corrected Forge QG-Report route inventory and dashboard page name mappings to ensure accurate reporting metadata. No user-facing changes.

Internal: refreshed Quality-Gate Report PDF with backfilled audit data to improve internal compliance tracking and reporting accuracy.

Packaging hygiene: excluded documentation artifacts (AGENTS.md, docs/, *.docx) from distribution to reduce package size. Quick-start PDF now included in release assets. No functional changes.

Applied P1 fixes from premium-audit pass (#131). This release addresses content compliance issues identified during our latest audit, improving overall template quality and standards adherence. No breaking changes or migration steps required.

Documentation updates for clarity and consistency: - Updated Motion library references from Framer Motion to Motion (motion/react) across docs to reflect current package naming - Reorganized dashboard pages into components folder structure for improved project organization No functional changes. Existing projects continue to work without modification.

Maintenance release. Internal updates and stability improvements.

Maintenance release. Internal updates and dependency hygiene to keep ui02-forge-devtools-nextjs stable and current with the Next.js ecosystem.

**Fixed** - Code-showcase component: code-line reveal now executes fire-and-forget instead of being scroll-scrubbed, which was causing blank renders (#128) - Documentation: corrected dashboard route reference (projects → empty) (#127) The code-showcase fix resolves an issue where code lines would fail to display when scroll interactions interfered with the reveal animation. This is now decoupled from scroll state.

Dependency updates: routine maintenance release with dependency version bumps. No breaking changes or new features. Safe to update.

Dependency hygiene: updated GitHub Actions checkout to v6. This is a build-time dependency update with no impact on the generated templates or development experience.

- **fix(dashboard)**: corrected full-width wrapper layout behavior - **lint(label)**: removed unused eslint-disable directive Routine maintenance release with no breaking changes or new capabilities.

Dependency security: added pnpm.override to mitigate a known DoS vulnerability in the qs package. This prevents a transitive dependency from being resolved to an unsafe version. Propagates UI00-BASE #116. No action required — update normally.

Documentation: synced primitive JSDoc from UI00-BASE and cleaned up eslint comments for consistency across the codebase. Internal maintenance release with no breaking changes or new features.

Internal maintenance: synced RevealOnScroll `as` prop and useIsMobile singleton from UI00-BASE to maintain consistency across the component library. No breaking changes or new features in this release.

Dependency maintenance: updated non-major dependencies to their latest patch and minor versions. These updates include security patches and stability improvements across the toolchain. No breaking changes or new features in this release.

Dependency hygiene: updated type definitions to latest versions. No breaking changes or new features. Recommended for teams running strict TypeScript configurations.

Dependency maintenance: pinned transitive dependencies to ensure consistent builds and reduce supply-chain risk. No feature or API changes.

Dependency management: added pnpm.overrides configuration for ws and brace-expansion@5.x to ensure consistent dependency resolution across the project. No functional changes.

Replaced interaction-gated mount with Skeleton loading placeholders for below-fold content (#104). This improves perceived performance by showing layout structure immediately rather than waiting for user interaction, reducing layout shift and providing clearer visual feedback during page load. No breaking changes. Update at your convenience.

**Accessibility:** Fixed landmark labeling on desktop navigation component (#102). The nav element now includes proper ARIA labels, improving screen reader announcements and semantic structure for assistive technology users.

Documentation: added DEMO_BANNER.md to clarify banner component usage in demo context. Internal reference documentation only—no functional changes to the toolkit.

Documentation: Added Copilot and Codex bot instructions to enforce Renovate canon across the devtools suite. This improves consistency in dependency management practices for teams using AI-assisted development workflows. No changes to the toolkit itself.

Backport: synced family-related fixes from UI04 upstream (#115). Internal consistency improvement with no breaking changes or new features.

Fixed footer heading-order violation and corrected logo aria-label to match visible text. These changes improve WCAG compliance and screen reader accuracy without requiring any updates to your implementation.

Dependency security update: upgraded brace-expansion to v5. This addresses a known vulnerability in a transitive dependency used by the build toolchain. No changes to the devtools API or runtime behaviour.

CI/tooling: bumped Node.js version from 20 to 22 in CI pipeline to unblock pnpm 11 compatibility. No changes to template functionality or dependencies shipped to buyers.

CI: pinned renovatebot/github-action to v46.1.14 for deterministic dependency updates. This ensures consistent automation across release pipelines without affecting template functionality or buyer-facing features.

CI maintenance: upgraded Renovate GitHub Action from v40 to v46. This resolves 404 errors in scheduled dependency update runs caused by deprecated v40-tier tag resolution. No changes to the template or devtools functionality.

Quality control improvements: addressed code review feedback on the QC report generator to improve internal consistency and maintainability. No breaking changes or new features in this release.

Internal: Quality Gate report regenerated for v1.5.47 close-out. No changes to shipped functionality.

Resolved 4 accessibility advisories identified in the v1.5.46 te-verify review: - **3 P2 advisories**: Critical WCAG compliance gaps addressed - **1 P3 advisory**: Secondary accessibility concern resolved These fixes strengthen ARIA implementation, focus management, and semantic markup across the devtools. No migration needed—update at your convenience.

This release focuses on quality improvements across performance, accessibility, and demo content. **Lighthouse & Performance**: Optimised metrics to improve audit scores and load times. **Accessibility**: Enhanced a11y compliance to meet WCAG standards more reliably. **Demo Content**: Refined example templates and sample data for clearer onboarding. No breaking changes. Update at your convenience.

Lighthouse configuration: added `--throttling-method=provided` flag to align throttling settings with quality gate expectations. This ensures consistent performance audit results across CI/CD pipelines without affecting runtime behaviour or template output.

Development tooling: added archiver@5 as a dev dependency to support local release packaging workflows. No changes to the template or runtime behaviour.

Resolved remaining QG findings across multiple areas: - **Accessibility**: improved ARIA attributes and semantic markup compliance - **Animation**: refined motion timing and easing for consistency - **Demo content**: cleaned up placeholder text and example data - **Token hygiene**: standardized design token usage and naming No breaking changes. Update at your convenience.

**Quality Gate Fixes** Resolved 4 P1 findings identified in te-verify v1.5.38 review. These fixes strengthen the quality gate validation logic in the Next.js devtools, improving detection accuracy and compliance reporting. No breaking changes or migration required.

Environment configuration: added `NEXT_PUBLIC_TE_DEMO` to `.env.example` for clarity on available public environment variables in Next.js projects using ui02-forge-devtools.

Fixed critical issues in the premium audit suite affecting legal compliance and certificate handling: - **Legal leak prevention**: Closed exposure vectors in audit reporting that could inadvertently surface sensitive legal metadata. - **Certificate claim validation**: Corrected improper cert claim assertions in audit output. - **Demo banner pattern**: Removed unintended demo-mode indicators from production audit reports. These were P0 findings in the audit pass 4 review. If you run premium audits on production templates, update immediately to ensure compliance reports are clean and secure.

- fix(ambient-glow): guard ResizeObserver for environments without it (#73)

- fix(privacy): replace Stripe/Vercel/AWS vendor names with placeholders (#72)

- fix(a11y): jsx-a11y rules + violation fixes + consent backport (#71)

- fix(deps): canonical ^-bounded pnpm.overrides family block (#70)

- fix: finish ui02 premium audit

- fix: finish forge audit and gate prep

- Polish Forge audit implementation

- fix: clear UI02 v1.5.28 anchor P2 (#69)

- fix: clear UI02 v1.5.27 P2 cleanup (#68)

- fix: clear UI02 v1.5.26 review residue (#67)

- fix: clear UI02 v1.5.25 final residue (#66)

- fix: clear UI02 v1.5.24 mechanical P2

- fix: clear UI02 v1.5.23 review residue

- fix: clear UI02 v1.5.22 review residue

- fix: clear UI02 v1.5.21 review residue

- fix: clear UI02 v1.5.20 review residue

- fix: clear UI02 v1.5.19 review residue

- fix: address UI02 v1.5.18 review findings

- fix: clear UI02 v1.5.17 review findings

- fix: address UI02 phase 2 review findings

- fix: clear UI02 v1.5.15 mechanical findings

- fix: address UI02 phase2 review findings

- fix(qg): address UI02 phase 2 review findings (#52)

- docs(qg): add UI02 Lighthouse summaries and QC report (#51)

- fix(p093): use backgroundColor on motion elements

- chore(qg): track lighthouse summaries (#48)

- fix(qg): ship readiness cleanup (#47)

- fix: clean forge mechanical review findings (#46)

- fix(mech-review): move color normalizer behind token helper (#44)

- fix(mech-review): centralise brand hex into lib/tokens.ts (#42)

- perf(home): extract hero + defer below-fold sections behind scroll gate (#40)

- perf(lenis): lazy-load Lenis + GSAP to fix desktop Lighthouse performance (#38)

- fix(ui02): P1 fixes — token visibility, Slack URLs, GDPR, a11y, docs - fix: address PR #34 review findings (Codex P1 + Copilot) - fix(qg): v1.5.2 re-review findings (4 P1 + 5 P3)

- fix(qg): v1.5.2 re-review findings (4 P1 + 5 P3) (#34)

- fix(qg): address v1.5.1 mech-review findings (3 P1 + 3 P2) (#32)

- fix(qg): UI02 v1.5.0 → v1.5.1 full QG fix pass (22 P1 / 31 P2 / 17 P3) (#30)

- feat(gate17): propagate canonical Gate 17 compliance scaffolding (#29)

- chore(deps): slim renovate.json to extend org preset (#25)

- chore(ci): remove unused codeql.yml (#24)

- fix(ui02): backport brand-sweep + restore config brand name

- refactor(ui02): centralise theme in globals.css + document one-file rebrand

- fix(ui02): keep site header visible during page transitions + animate active nav pill

- fix(ui02): normalise CSS-var colour values before feeding WebGL shaders

- fix(ui02): v1.4.3 bundle — close all external-review findings + CHANGELOG cadence fix

- fix(ui02): close te-verify external-review v1.4.1 findings (Gemini + Codex)

- fix(ui02): close external-review P1/P2 findings on v1.4.0

- feat(ui02): close ChatGPT v1.3.4 P1 review bundle

- docs(ui02): backfill v1.3.4 CHANGELOG + clarify tokens.ts rebrand contract

- chore: remove all Envato / marketplace references from kit packaging

- fix(ui02): address all external-review P0/P1/P2 findings + regressions

- fix(ui02): close remaining mech-review v1.3.1 P1s

- fix(ui02): close mech-review v1.3.0 findings (3 P1 + 2 P2 + 1 P3)

- feat(ui02): close 3 P0 + 11 P1 + 9 P2/P3 findings from te-verify Phase 2 retrospective on v1.2.1

- docs(ui02): backfill v1.2.0 CHANGELOG entry covering the legal/a11y/motion/rebrand bundle

- feat(ui02): close 3 P0 legal blockers + 23 P1s from full te-verify-review audit

- chore(ui02): untrack stale root package-lock.json

- fix(ui02): disambiguate [CUSTOMISE] placeholders in security page (mech-review P0)

- chore(ci): sync workflows to canonical set from UI01

- fix(ci): expand zip_excludes to match UI01 pattern (mech-review P0)

- chore(ci): migrate release to shared bump-and-release workflow; sync manifest to v1.1.0 - chore(renovate): block major GitHub Actions version bumps - chore(renovate): tune config — security PRs any-time, routine bumps Monday mornings only