Mikesoft TeamVault Changelog

Entries are ordered newest first. Release dates are included where recorded.

## 2.6 - 2026-06-09
- Feature: TeamVault Groups — a dedicated admin screen to organize users into departments/teams, independent from WordPress roles; a user can belong to multiple groups.
- Feature: per-folder permissions with granular actions (view, upload, download, delete, manage) for individual users and groups, evaluated with inheritance from the nearest ruled ancestor and explicit child overrides. Folders with no rules keep the prior all-or-nothing free behavior, so existing installations are unaffected.
- Feature: preview-only access — granting view without download lets selected users/groups preview files but not download or ZIP-export them; export honors the per-folder download permission so restricted files are never bundled.
- Feature: storage quotas per user or per group on customer-owned storage; the upload is blocked before any disk write or metadata insert when it would exceed the limit, and existing files remain accessible. Administrators are never limited.
- Feature: access reports aggregating preview and download events by user, file, or folder with date/action filters, plus a streamed CSV export of the filtered activity log via an admin-post endpoint. Preview events are now logged (previously only downloads were) and exports are recorded.
- Feature: email notifications on upload, download, delete and access-denied events; recipients resolve to administrators, selected users, and/or group members. Emails are batched per request and sent on shutdown so uploads/downloads are never slowed.
- Feature: light white-label branding (name, logo, accent color) applied across the plugin admin screens, including the menu title and primary accent.
- Improvement: clearer upload validation errors — disallowed extensions list the allowed types, dangerous extensions are called out for security, and the size error reports the actual size against the maximum.
- Improvement: the governance admin screens (Groups, Quotas, Reports, Notifications) and the permissions modal were aligned to the plugin design tokens and the WordPress dashboard, made fully responsive across breakpoints, and hardened for keyboard accessibility and color contrast.
- Security: downloads, previews, exports and all folder/file mutations are now authorized per folder through a central permission engine; WordPress administrators always retain emergency full access.
- Note: these governance features were previously planned as a paid Pro add-on and are now included for free in the core plugin. The free user limit planned for that split was not introduced — the plugin remains unlimited.

## 2.5 - 2026-06-05
- Feature: added folder move so folders can be relocated across the workspace tree from the context menu and details panel, with protection against moving a folder into its own subtree and cascading relative-path updates for nested folders and files.
- Performance: the file browser now renders list metadata from stored records and performs a single on-disk existence check per file, avoiding a per-file MIME read on large folders.
- Performance: the storage self-heal reindex now runs only when the index is empty (for example after a database reset or migration) instead of re-scanning the storage tree on a timer during normal browsing.
- Admin UI: replaced native browser confirmation dialogs for delete actions with an in-app confirmation modal.
- Uploads: added a cancellable upload progress indicator backed by AbortController.
- Maintenance: uninstall data removal now also clears plugin transients (storage-usage cache and auto-reindex markers).
- Code quality: replaced inline display toggles on the settings whitelist UI with a reusable CSS class.
- Tests: added regression coverage for folder move (storage relocation, cycle protection, REST wiring) and the storage reindex gate.

## 2.4 - 2026-05-23
- Quality of life: refreshed the public TeamVault support path with the dedicated `teamvault@mikesoft.it` mailbox.
- Documentation: added direct contact details to the WordPress.org-facing readme, GitHub README, and security policy.
- Release metadata: aligned plugin version, stable tag, and release metadata tests for the 2.4 maintenance release.

## 2.3 - 2026-05-21
- Admin UI: moved the file details panel to off-canvas drawer mode at 1200px and below so toolbar actions stay reachable on narrow desktop and tablet screens.
- Admin UI: kept the folder sidebar drawer breakpoint at 992px while offsetting fixed drawers below the WordPress admin bar.
- Admin UI: preserved the TeamVault logo inside the mobile folder drawer header.
- Tests: added regression coverage for the split drawer breakpoints and admin-bar-safe drawer CSS.

## 2.2 - 2026-05-21
- Admin UI: limited the private storage security notice to the TeamVault settings page instead of showing it across the WordPress admin.
- Compatibility: kept WordPress 7.0 release metadata current.
- Tests: added regression coverage so the storage notice appears on settings and stays hidden elsewhere.

## 2.1 - 2026-05-21
- Compatibility: verified TeamVault release metadata for WordPress 7.0.
- Compatibility: confirmed the plugin does not depend on block editor, iframed editor, or `@wordpress/components` APIs affected by WordPress 7.0 admin changes.
- Tests: added regression coverage for release metadata alignment.

## 2.0.9 - 2026-05-06
- Reliability: fixed file moves so local private-storage files remain on disk after being moved between TeamVault folders.
- Reliability: verified moved files can still be downloaded, previewed, exported, and deleted after the move operation completes.
- Tests: added regression coverage for filesystem adapters that report a move without leaving the file in the destination.

## 2.0.8 - 2026-05-06
- Security: hardened uninstall data removal so recursive storage cleanup stays inside the TeamVault storage root and does not follow symlinks.
- Security: hardened upload validation so SVG remains blocked even if custom extension filters try to re-enable it.
- Documentation: clarified that WordPress.org listing translations are handled through translate.wordpress.org instead of locale-specific readme files.

## 2.0.7 - 2026-05-06
- Reliability: fixed stale file browser responses in local and proxy-backed environments by adding cache busting to browser and search requests.
- Reliability: disabled HTTP caching on browser and search REST responses so file and folder changes appear immediately after create, upload, rename, move, and delete actions.
- Uploads: improved client-side size validation so files are checked against the effective PHP upload and post limits before the request is sent.
- Architecture: split REST permission callbacks into clearer read, write, and delete guards while preserving the current capability model.
- Export: hardened ZIP export temporary file generation and readability checks before response headers.
- Branding: updated the in-plugin admin logo color to TeamVault blue.

## 2.0.6 - 2026-05-06
- Reliability: fixed file list refresh after delete file, delete folder, rename file, rename folder, and move file operations.
- Reliability: disabled HTTP caching for browser and search REST responses and added client-side cache busting for local and proxy-backed environments.
- Export: fixed ZIP export temporary file collisions when multiple exports start in the same second.
- Export: fixed ZIP export readability and size checks running after response headers.

## 2.0.5 - 2026-05-06
- Reliability: fixed newly uploaded files and newly created folders not appearing immediately without manual interaction.
- Admin UI: fixed persistent dismissal for the storage security notice.
- Admin UI: fixed context menu and folder tree event listeners accumulating across repeated interactions.
- Reliability: fixed concurrent navigation requests overwriting the file list with stale data.
- Security: moved download and preview readability checks before response headers and sanitized MIME types before output.
- Correctness: fixed storage directory creation checks, finfo cleanup, upload tmp_name handling, and invalid date handling.
- Security: fixed an XSS vector in user search autocomplete via the username attribute.
- Compliance: added sanitize_callback declarations to REST API string parameters for WordPress.org review compatibility.
- API: added order_by and order parameters to browser and search REST route declarations.

## 2.0.4 - 2026-05-05
- Uploads: improved the oversized file message so it shows the file name, actual size, and configured maximum.
- Uploads: added a client-side size check so users receive immediate feedback before the upload request is sent.

## 2.0.3 - 2026-05-03
- Security: hardened filesystem path verification for private storage operations, including traversal and symlink rejection.
- Maintenance: added safer storage reindex validation so unsafe or disallowed files are skipped and reported to administrators.
- Privacy: switched activity log IP capture to REMOTE_ADDR only instead of trusting spoofable forwarding headers.
- Admin UI: added an administrator notice when the TeamVault storage path is inside the public uploads tree.
- Access control: changed new activations so only Administrators receive manage_private_documents by default.
- Tests: added regression coverage for filesystem boundaries, reindex validation, log IP handling, storage warnings, and activation capabilities.

## 2.0.2 - 2026-05-03
- Compatibility: fixed TeamVault REST request URLs on sites using plain permalinks, preventing 404 errors while loading folders and files.
- Uploads: improved feedback when PHP rejects an oversized request before a file reaches TeamVault validation.
- Tests: added regression coverage for query-style REST bases and oversized empty upload requests.

## 2.0.1 - 2026-05-03
- Documentation: added the TeamVault file manager screenshot to the WordPress.org listing and GitHub documentation.
- Localization: completed Italian interface translation coverage and removed stale translation entries.
- Admin UI: fixed the move-file validation message shown when a file is already in the destination folder.
- Tests: added automated coverage to keep the Italian translation map aligned with plugin UI strings.

## 2.0.0 - 2026-05-03
- Security: introduced stricter administrator-only controls for settings, activity logs, whitelist management, maintenance tools, and uninstall data controls.
- Access control: kept document workspace access on manage_private_documents so authorized editors can manage files without controlling plugin settings.
- Privacy: removed email search and email fields from the user search REST response.
- Performance: improved large-file upload, download, preview, and ZIP export handling while keeping Plugin Checker compatibility annotations in place.
- Tests: added regression coverage for administrator-only controls and user search privacy.

## 1.3.6 - 2026-05-03
- Security: restricted settings, activity logs, whitelist management, and maintenance tools to administrator-level manage_options access.
- Access control: kept document workspace access on manage_private_documents so authorized editors can manage files without controlling plugin settings.
- Privacy: removed email search and email fields from the REST user search response.
- Performance: streamed uploads, downloads, previews, and ZIP exports in chunks to avoid loading large files fully into PHP memory.
- Tests: added regression coverage for administrator-only controls and user search privacy.

## 1.1.35 - 2026-04-18
- Documentation: improved the WordPress.org plugin page copy with clearer positioning, use cases, and privacy messaging.
- Documentation: expanded FAQ content to better explain private access, Media Library differences, and user access control.

## 1.1.34 - 2026-04-17
- Admin UI: simplified the storage widget so it shows only the space used by TeamVault files on shared hosting.
- Storage: calculated TeamVault storage totals from registered files that still exist on disk.
- Storage: persisted detected on-disk file size during upload so new records stay aligned with the physical file size.

## 1.1.33 - 2026-04-17
- Admin UI: reworked the storage widget to show TeamVault usage, other disk usage, and available capacity separately.
- Storage: switched TeamVault storage totals to a filesystem scan so reported usage matches stored binaries more closely.
- Storage: persisted detected on-disk file size during upload so new records stay aligned with the physical file size.

## 1.1.32 - 2026-04-17
- Release: refined release metadata and maintainer documentation for the WordPress.org maintenance release.
- Documentation: clarified WordPress.org icon assets versus the in-plugin TeamVault logo.
- Packaging: confirmed the WordPress.org release payload stays limited to runtime plugin files and public listing assets.

## 1.1.31 - 2026-04-10
- Settings: improved whitelist handling so allowed users are processed more safely during save operations.
- Release: finalized the maintenance release for the latest WordPress.org package.

## 1.1.30 - 2026-04-10
- Settings: fixed whitelist settings wiring so the authorized users selector appears when user-specific access is enabled.
- Settings: fixed persistence of selected whitelist users during settings save.
- Compatibility: added temporary handling for legacy cached admin submissions using pdm_allowed_users[].

## 1.1.29 - 2025-04-08
- Branding: added the TeamVault logo to the admin sidebar header on desktop and mobile.
- Admin UI: increased logo size for better visibility in the file manager.
- Release: published the plugin on the WordPress.org Plugin Directory.

## 1.1.28
- Security: replaced boolean setting shortcuts with wp_validate_boolean() in settings and REST handling.
- Security: added dedicated nonce verification for export selection.
- Compliance: added wp_unslash() handling for POST input and PHPCS annotations for validated patterns.
- Branding: added the TeamVault logo SVG to the file manager sidebar header.
- Refactor: extracted protection file generation to MSTV_Helpers and simplified repository ordering logic.
- Architecture: removed storage constructor side effects and injected settings dependencies into logger and assets classes.
- Maintainability: moved log data access out of the admin view and removed redundant settings instantiations.

## 1.1.27
- Compliance: fixed WordPress.org Plugin Check and security review findings across upload sanitization, request handling, and naming.
- Compliance: changed legacy pdm prefixes to the mstv/MSTV prefix family for plugin uniqueness.
- Compatibility: updated WordPress options from pdm_* to mstv_*.
- Admin UI: fixed JavaScript configuration naming from pdmConfig to mstvConfig.
- Correctness: fixed a syntax error in class-mstv-settings.php.

## 1.1.26
- Mobile UI: refined the header toolbar so filters, actions, and controls stay on a single row.
- Mobile UI: reduced Upload and Export action widths for a tighter toolbar layout.

## 1.1.25
- Files: fixed a file rename regression affecting legacy records with empty display names.
- Files: added safer display-name fallbacks during upload, reindex, browser payload formatting, and rename flows.
- Tests: added regression coverage for display-name fallback handling.

## 1.1.24
- Branding: renamed the plugin from Private Document Manager to Mikesoft TeamVault for WordPress.org guideline compliance.
- Localization: updated the text domain to mikesoft-teamvault.
- Admin UI: updated admin menu slugs for the new plugin slug.
- Mobile UI: restored the off-canvas drawer pattern for the mobile sidebar.

## 1.1.23
- Admin UI: fixed critical CSS typos affecting background color and font-family declarations.
- Mobile UI: added backdrop overlay behavior for sidebar and details panels.
- Accessibility: added ESC closing, body scroll locking, 44px touch targets, focus-visible states, reduced-motion support, high-contrast support, and safe area inset support.
- Files: fixed rename sanitization where names containing dots could become empty.

## 1.1.22
- Compliance: removed forbidden filesystem functions flagged by Plugin Check.
- Database: hardened migrations with table name validation before ALTER operations.
- Database: replaced interpolated updates with the WordPress database update API where appropriate.
- Packaging: excluded development files from release packages.

## 1.1.21
- Access control: aligned whitelist enforcement across REST requests, admin screens, and admin-post handlers.
- Storage: normalized log target types and added safer storage markers and uninstall guards.
- Performance: switched large-file delivery to chunked streaming.

## 1.1.20
- Admin UI: added visible selection highlighting in the move dialog.
- Admin UI: restored the root node in the left sidebar tree.
- Localization: completed Italian translation review for pagination, maintenance, export, and storage recovery strings.

## 1.1.19
- Compliance: fixed remaining Plugin Check findings in uninstall cleanup, logs pagination input handling, and selected-folder export request sanitization.

## 1.1.18
- Storage: added automatic storage self-healing on browser load and folder creation so non-technical users do not need manual reindex after leftover storage is detected.

## 1.1.17
- Maintenance: added storage reindexing to restore folder and file records from the storage directory when database entries are missing.
- Storage: restored folder creation when the physical directory exists but the database record is missing.

## 1.1.16
- Storage: restored folder creation when a directory remains on disk after its database record has been removed.

## 1.1.15
- Uninstall: fixed full data cleanup by loading the correct WordPress filesystem API and cleaning both default and custom storage paths.

## 1.1.14
- Folders: fixed folder recreation when an empty directory remained on disk after deletion.
- Filesystem: hardened rename and delete verification so stale directories are less likely to survive successful admin actions.

## 1.1.13
- Compliance: fixed Plugin Check issues around paginated repository queries, admin request sanitization, and filesystem fallbacks.
- Maintenance: normalized line endings across reported plugin files for cleaner Plugin Check output.

## 1.1.12
- Export: simplified the export modal to two choices: full library or selected folders.

## 1.1.11
- Compatibility: removed REST create/upload reliance on the WordPress filesystem abstraction for local file operations.
- Admin UI: improved API error parsing so backend errors surface a readable message instead of a generic upload error.

## 1.1.10
- Export: added choices for full library, current folder, or selected folders from the export modal.
- Admin UI: fixed sort order button direction so the icon follows ascending and descending states.
- Files: added live filesystem metadata fallback for preview and download streams.

## 1.1.9
- Uploads: fixed validation regressions that could block new uploads.
- Admin UI: fixed duplicate upload controls in the upload overlay.
- Storage: added runtime self-healing for the private storage directory.
- Files: added live filesystem metadata fallback for stale MIME or size metadata.
- Admin UI: marked missing binaries clearly and disabled invalid preview/download actions.
- Maintenance: added an action to clean orphaned file records after local migrations.

## 1.1.8
- Documentation: standardized the plugin presentation around English-first source text.
- Documentation: polished README, WordPress.org readme, and contribution documentation.
- Maintainability: repaired naming inconsistencies introduced during language cleanup.

## 1.1.7
- Files: improved binary streaming handlers for preview, download, and ZIP export.
- Database: improved custom table handling for repository classes.
- Settings: hardened allowed extension sanitization.

## 1.1.6
- Compatibility: fixed Windows path normalization in filesystem boundary checks.
- Uploads: resolved false upload failures caused by mixed slash formats in destination paths.
- Compatibility: improved upload behavior on Local and Windows-based environments.

## 1.1.5
- Admin UI: fixed internal drag and drop so files can be moved reliably into folders.
- Admin UI: added drop targets to the folder tree and root breadcrumb.
- Admin UI: prevented internal drag operations from triggering the upload overlay.

## 1.1.4
- Admin UI: moved file and folder shortcut actions from hover overlays into the details sidebar.
- Admin UI: added folder selection state with sidebar actions and double-click open behavior.
- Admin UI: simplified content cards and list rows by removing inline hover action controls.

## 1.1.3
- Compliance: fixed remaining Plugin Check errors for translator comments and query ordering.
- Files: replaced remaining streamed readfile() calls with filesystem-backed reads.
- Settings: improved admin settings input handling and repository log sanitization.

## 1.1.2
- Security: improved admin escaping and metadata consistency.
- Localization: added languages directory support and removed deprecated manual textdomain loading.
- Files: reworked preview and download URLs through authenticated admin-post handlers with dedicated nonce support.
- Compliance: reduced Plugin Check issues across settings handling, uninstall cleanup, and filesystem operations.

## 1.0.9
- Export: added ZIP export for folders and the full document library.
- Export: preserved folder structure in exported ZIP archives.
- Admin UI: added an export button with confirmation flow.

## 1.0.8
- Downloads: fixed downloaded files so they keep the correct extension in the saved filename.

## 1.0.7
- Access control: refactored user whitelist support to use WordPress capabilities natively.
- Access control: users in the whitelist automatically receive manage_private_documents.
- Admin UI: aligned menu visibility with capability checks.
- Upgrade: added automatic capability synchronization during plugin upgrades.
- Settings: added a saved notification message.

## 1.0.6
- Access control: fixed user whitelist visibility for menu and API access.

## 1.0.5
- Access control: added user-specific access control with whitelist mode.
- Settings: added user management UI.
- API: added a REST endpoint for user search.
- Localization: added English and Italian strings for user management.

## 1.0.4
- Admin UI: added image thumbnails for file cards.
- Admin UI: fixed hover action button overflow.
- Storage: added a disk space usage indicator in the sidebar.
- Localization: added English and Italian strings for the storage indicator.

## 1.0.3
- Localization: set English as the default plugin interface language.
- Settings: added a plugin setting to switch between English and Italian.
- Localization: added a runtime English/Italian translation layer for plugin UI strings.

## 1.0.2
- API: fixed parent_id and folder_id validation for REST requests.
- Folders: fixed root folder creation and move-to-root behavior in the frontend.

## 1.0.1
- API: fixed REST bootstrap and infinite loading in the interface.
- API: fixed REST URLs in the frontend and asset cache busting.
- Database: fixed the files schema by adding relative_path.
- Files: fixed upload, move, delete, download, and preview behavior.

## 1.0.0
- Initial release.
