ShieldOps

Fixed release packaging to ensure the Documentation route is correctly included in distribution archives. This resolves an issue where the /docs endpoint was missing from shipped builds due to incorrect zip-exclude configuration.

Internal maintenance: refreshed QG-Report PDF with backfilled audit data to ensure compliance documentation accuracy. No changes to template functionality or dependencies.

Packaging hygiene: excluded documentation artifacts (AGENTS.md, docs folder, Word documents) and included QG PDF in the release bundle. Reduces package size and clarifies distribution contents. No functional changes.

**Fixed:** useCountUp hook now renders with correct initial value during server-side rendering, eliminating hydration mismatches in Next.js apps. This resolves visual flicker and console warnings when the component mounts on the client.

Fixed input element labeling across the ShieldOps cybersecurity template to ensure all form controls carry proper `<label>` associations. This resolves WCAG 2.1 Level A violations and improves screen reader navigation. Also cleaned up a stale `PREMIUM_AUDIT` entry in the audit registry that was causing false positives in compliance checks. These changes strengthen accessibility compliance without requiring migration or configuration changes.

Documentation and dependency hygiene: migrated from Framer Motion to Motion (motion/react) package for improved maintainability. Dashboard page examples reorganized into component documentation. No breaking changes or feature updates.

Layout & linting housekeeping: removed unused mx-auto max-w-Nxl wrapper from dashboard component and cleaned up unnecessary eslint-disable comment. No functional changes.

Security: Applied pnpm.override for qs package to address a known DoS vulnerability (#112). This release propagates updates from UI00-BASE #116, ensuring alignment with the core template. No breaking changes or new features. Update recommended for security hygiene.

Documentation and code quality: synced primitive JSDoc annotations from UI00-BASE and applied eslint comment cleanup across the codebase. Internal housekeeping with no impact on component APIs or runtime behaviour.

Fixed race condition and timing edge cases in UI00-BASE integration (#109). Addressed delayMs=0 handling and improved component teardown logic to prevent state leaks. These are internal stability improvements with no API changes.

Internal sync: aligned RevealOnScroll component `as` prop and useIsMobile singleton implementation with UI00-BASE. No breaking changes or new features in this release.

Replaced magic-number min-height values in below-fold sections with per-section Skeleton loading placeholders (#96). This eliminates layout shift during content load and provides clearer visual feedback to end users about what's loading. Skeleton heights now match their corresponding content sections, reducing cumulative layout shift (CLS) and improving perceived performance.

Internal: renamed Skeleton.tsx to skeleton.tsx to align with project naming conventions. No functional changes.

Dependency management: added pnpm.overrides configuration for ws and brace-expansion@5.x to ensure consistent transitive dependency resolution across the project. No functional changes.

Backported form primitives from UI00-BASE PR #94, bringing refined input, select, checkbox, and radio components to ShieldOps. These primitives align with the base design system and provide better accessibility out of the box, improved keyboard navigation, and consistent styling across form interactions. No breaking changes. Existing forms continue to work; new projects can adopt the updated primitives for better consistency with the broader Template Empire ecosystem.

Added a production-ready `Skeleton` component for dashboard loading patterns. Includes a pre-built `loading.tsx` template that integrates with Next.js streaming and Suspense boundaries. New design token `--border-subtle` provides refined border styling for skeleton placeholders and other low-contrast UI elements. This token pairs with existing color variables for consistent theming across light and dark modes. Use the skeleton component to scaffold data-heavy dashboards while async operations complete—improves perceived performance and user experience during initial page load.

Added root `opengraph-image.tsx` powered by `next/og` with brand-aware composition. Social shares and link previews now render with consistent, branded imagery automatically. The implementation leverages Next.js native OG image generation for zero runtime overhead and seamless integration with your existing metadata pipeline. No configuration required — OpenGraph images are generated on-demand and cached by Next.js.

Design token hygiene: added `--border-strong` alias for te-banner component. Ensures consistent border styling across the ShieldOps cybersecurity template and improves token naming clarity for future customizations.

Improved numeric and monospace rendering across the template. **Changes:** - Applied tabular numerics (`font-variant-numeric: tabular-nums`) to body text for better alignment in data-heavy layouts and financial displays - Enabled slashed-zero (`font-variant-numeric: slashed-zero`) on monospace surfaces to reduce confusion between zero and the letter O in code blocks and terminal-style components These adjustments enhance readability in security dashboards, logs, and tabular data—common patterns in ShieldOps workflows.

Fixed critical accessibility gaps in the mobile navigation menu: - **aria-controls**: Menu button now properly announces its controlled element - **Inert background**: Page content behind open menu is now inert, preventing accidental interaction - **Focus return**: Keyboard focus correctly returns to the menu trigger when closed - **Landmark labeling**: Navigation landmark now has explicit label for screen reader clarity These changes improve keyboard navigation and screen reader experience, particularly on mobile devices. No breaking changes.

Resolved a desktop Cumulative Layout Shift (CLS) regression in the hero card component (#91). This fix eliminates unexpected layout movement during page load on desktop viewports, improving perceived stability and Core Web Vitals performance. No breaking changes. Update at your convenience.

Documentation: added DEMO_BANNER.md reference guide for the te-banner.tsx component. This clarifies banner configuration and usage patterns for developers integrating the demo banner into their layouts.

Documentation: Added Copilot and Codex bot instructions to enforce Renovate dependency management canon (#88). This improves consistency in automated dependency updates across the project but requires no action from users.

Internal maintenance: backported family consistency updates from UI04 template suite. This release contains no breaking changes or new features — update at your convenience for codebase alignment with the broader Template Empire ecosystem.

Fixed a hydration mismatch that occurred during page transitions. This resolves console warnings and potential layout shifts when navigating between routes in the ShieldOps template. **Changes:** - fix(hydration): page-transition (#86) Update via npm or your package manager to receive this stability improvement.

Refactored entry animations to CSS-first approach (Phase 1+2 backport from UI04). This shift eliminates JavaScript animation overhead, reducing jank on lower-end devices and improving Time to Interactive metrics. No API changes. Animations remain visually identical; the underlying implementation is now more efficient and easier to customize via CSS variables. Recommended for teams prioritizing Core Web Vitals or targeting diverse device capabilities.

CI infrastructure: bumped Node.js from 20 to 22 to unblock pnpm 11 compatibility. No changes to template functionality or dependencies affecting your builds.

**Fixes:** - **Sibling-drift (P1)**: Resolved component state synchronization issue affecting multi-instance layouts. This was causing unexpected visual misalignment in certain responsive breakpoints. - **Demo bypass button**: Corrected interaction flow in demo mode to prevent unintended navigation. - **Brand mention**: Updated product attribution in footer and metadata. No migration required. Update at your convenience.

**Hotfix:** Resolved P1 sibling-drift surfaces introduced in v1.3.0 (PR #79). Three component rendering paths now correctly gate state propagation to prevent unintended cascade updates across related UI elements. No migration required—update at your convenience.

CI hygiene: pinned renovatebot/github-action to v46.1.14 for deterministic dependency updates. No template changes.

CI hygiene: bumped renovatebot/github-action v40 → v46. The v40 tag became unresolvable, causing scheduled Renovate runs to fail with 404 errors. This update restores reliable dependency update automation without affecting template functionality or buyer workflows.

Tooling: removed .github/dependabot.yml to consolidate dependency management under Renovate as the single source of truth for automated updates. No changes to functionality or dependencies.

Dependency update: lucide-react bumped from 0.563.0 to 1.16.0. This brings the latest icon set and performance improvements from the lucide library. No template API changes or migration steps required.

Internal consistency pass: resolved sibling-drift issues identified in Phase 2 review. No breaking changes or new features. Update recommended for optimal template stability.

Internal maintenance release. Completed Phase 2 propagation sweep and centralised IS_TE_DEMO configuration across the codebase. No changes to public APIs, components, or runtime behaviour. Update at your convenience.

Internal consistency update: propagated v1.2.28 component patterns across 15+ sibling surfaces in the ShieldOps cybersecurity template. No breaking changes or new features. Update recommended for consistency with the broader codebase.

Resolved 16 priority issues identified in Phase 2 review: - **4 P0 fixes**: Critical stability and security issues addressed - **12 P1 fixes**: High-priority UX and functionality improvements - **P2/P3 polish**: Additional refinements across the template This release focuses on hardening the ShieldOps cybersecurity template following comprehensive review. All fixes are backward-compatible; no migration required.

**Security:** Fixed AWS region leak in GDPR page that could expose infrastructure details. Removed unused SITE_CONFIG import to reduce bundle surface. This is a recommended update for all deployments, particularly those handling sensitive compliance documentation.

Fixed P0 issues from our premium audit sweep: - **Visible placeholders**: Removed stray placeholder text that appeared in metric cards and dashboard sections under certain viewport conditions. - **Metric consistency**: Standardized number formatting and unit display across all dashboard widgets to eliminate visual discrepancies. These fixes improve the polish of the ShieldOps dashboard, particularly in audit and compliance views where precision matters.

**Focus Visible on Access Page Search Input** Fixed WCAG SC 2.4.7 compliance on the access page search input. Keyboard users now see a clear focus indicator when tabbing through the form, improving navigation clarity and audit readiness. No breaking changes. Update at your convenience.

Dependency maintenance: updated archiver (dev dependency) from 7.0.1 to 8.0.0. This is a build tooling update with no changes to the template runtime or exported components.

Dependency management: inherited Renovate configuration from organization settings and aligned Dependabot to weekly schedule. No functional changes to the template or UI components.

Fixed placeholder string handling across the ShieldOps cybersecurity template. All [CUSTOMISE] markers now properly resolve during initial setup, eliminating manual find-and-replace steps. Eager-mount sections now load correctly on first render, ensuring consistent component initialization. These changes streamline the onboarding experience for new projects without requiring any action from existing installations.

Internal: ported DemoBanner pattern from UI00-BASE to standardize live-demo gating across the template suite. No changes to production components or buyer-facing APIs.

Fixed duplicate site name suffix in page metadata (og:site_name, title tags). This resolves redundant text appearing in social previews and browser tabs for the ShieldOps template.

**Security & Accessibility** - **Next.js 16.2.6**: patched vulnerability via engines constraint to prevent unsafe dependency resolution - **Accessibility backports**: consent and a11y improvements from upstream, ensuring WCAG compliance across shield/ops components - **Canonical dep overrides**: resolved transitive dependency conflicts to stabilize the build graph No breaking changes. Update recommended for security and compliance.

- fix(ambient-glow): guard ResizeObserver for environments without it (#54)

- fix(p0): replace 99.99% SLA claims and dashboard real-vendor integrations with [CUSTOMISE] (#52)

- fix(a11y): jsx-a11y rules + violation fixes + consent backport (#51)

- fix(deps): canonical ^-bounded pnpm.overrides family block (#50)

- fix: pin postcss to >=8.5.14 (CVE-2026-41305 XSS) (#49)

- fix: promote hardcoded Tailwind colour to severity token (#48)

- chore(qg): track lighthouse summaries (#46)

- fix(qg): ship readiness cleanup (#45)

- fix: clean mechanical review demo content (#44)

- fix(lint): add out-dark/out-light to eslint ignore list (#42)

- perf(home): defer below-fold sections behind scroll gate (#40)

- perf(lenis): lazy-load Lenis + GSAP, add mobile skip (#38)

- fix(qg): LLM review P1/P2 — CVE/IP demo data, licence URL, tokens, headers, a11y (#36)

- fix(mech-review): change mock email domains to example.com (#34)

- fix(mech-review): P2 — route hardcoded emails to SITE_CONFIG, brand mentions reviewed (#32)

- fix(mech-review): remove remaining brand literals from scanned component files (#30)

- fix(ui03): mech-review v1.2.2 — GA env, SITE_CONFIG email/year, privacy GDPR+DNT/GPC

- fix(qg): P1 review fixes — document licence API dependency, define missing CSS vars for compliance pages

- fix(env): document NEXT_PUBLIC_GA_ID in .env.example (#24)

- feat(gate17): propagate canonical Gate 17 compliance scaffolding (#22)

- chore(deps): slim renovate.json to extend org preset (#19)

- chore(ci): remove unused codeql.yml (#18)

- fix(ui03): resolve duplicate React key warning in about page milestones - fix(ui03): brand sweep + WCAG 2.2 target-size and focus-ring fixes

- fix(ui03): close remaining advisory findings — grow-width scaleX, next start removed, Google Fonts docs, video bg

- fix(ui03): resolve mechanical-review P1s — settings brand tokens, input.tsx labelling comment, layout themeColor doc

- fix(ui03): migrate non-severity critical usages to brand/destructive tokens

- fix(ui03): close Phase 2 te-verify P1/P2 findings — dynamic AmbientGlow, LCP fixes, reduced-motion, docs

- refactor(ui03): align with allocation HTML + complete customisation cascade

- chore: sync next-env.d.ts

- refactor(ui03): centralise theme in globals.css + document one-file rebrand

- fix(ui03): v1.1.8 bundle — close all te-verify external-review findings

- fix(ui03): keep site header visible during page transitions

- chore: remove all Envato / marketplace references from kit packaging

- fix(ui03): add aria-labels to dashboard search inputs (mech-review P1)

- fix(ui03): replace fake fundraising metrics with CUSTOMISE placeholders (mech-review P0)

- chore(ci): sync workflows to canonical set from UI01

- fix(ci): expand zip_excludes to match UI01 pattern (mech-review P0)