Hardened deploy recovery, telemetry hygiene, dashboard actions, and auth contrast.
Reliability
- TradeVind now uses one shared stale-deploy detector for JavaScript chunks, CSS preload failures, and Vite preload errors
- The app shell recovers from stale deploy assets with a cache-busted refresh before users are left on a broken route
- Recovery now has a sessionStorage loop guard so a bad asset does not trigger endless reloads
- DOCX parsing now installs a client-wide default XML MIME fallback so browser parser calls do not crash when a dependency omits the MIME type
- Noisy ResizeObserver loop events and malformed automatic PostHog exception events are filtered before they pollute production monitoring
- The client /api/errors reporter and server intake now share the Sentry/PostHog expected-noise filter for rate limits, stale deploy assets, ResizeObserver loops, and probe traffic
- Entity and dashboard-card lists now dedupe repeated rows before keyed Svelte blocks render, reducing duplicate-key runtime failures
- Discover matches, dashboard drilldowns, activity feeds, network action queues, and pipeline views now use keyed-list-safe dedupe before rendering id-keyed rows
- The Pharos hex audit now has a working lint:hex entry point and rejects invalid targets instead of falsely reporting a clean pass
- Dashboard widget import failures now use the shared stale-deploy recovery path instead of leaving generic failed-widget boxes
Resumes
- Resume auto-fit now keeps body text at readable two-page typography instead of shrinking saved drafts to 6pt-style output
- Legacy tiny style overrides are clamped during preview and export so previously compressed resumes become readable again
- The style panel now starts from realistic resume font defaults and prevents body text from being dragged below the readability floor
- Resume typography and margin controls now use the same readability limits as preview and export, so sliders and presets no longer fight the rendered output
- Legacy tiny style values are normalized as resumes load and save, keeping the controls, editor, preview, and export on the same readable values
- The manual Fit to pages action now tightens margins, spacing, and line height before typography, and never bypasses readable font floors
- Template default body text now starts at the shared 10pt resume baseline before user styling or auto-fit compaction is applied
- Auto page targeting now optimizes generated and converted resumes toward the recommended two-page length instead of doing nothing when no original page count exists
Dashboard
- Stream-card actions now navigate before dismissing the card, so View can no longer silently remove a recommendation
- Older Career Radar, market pulse, digest, and mode-suggestion cards now fall back to useful app destinations even when they were created without a path
- Recommendation cards now stay visible when their destination is already open, instead of disappearing on a no-op View click
- Recommendation View now opens a readable detail dialog for cards without a new destination, with explicit Close and Skip choices
- The resume workspace now exposes a stable main heading and loading state while the resume library resolves
Accessibility
- The dark sign-in surface now forces high-contrast Clerk titles, labels, helper text, links, placeholders, and inputs
- Auth contrast guardrails now protect the dark sign-in page from regressing to low-opacity text
- Landing CTA fine print, public profile metadata, legal-page footer links, and other readable secondary labels now use accessible text contrast instead of disabled-text styling
- Shared modal close controls and company pipeline rows now expose verified keyboard focus states
Design system
- Component-level brand, status, chart, and icon colors now use Pharos tokens instead of hardcoded hex values
- Token guardrails now pass across the component library with zero blocking color, radius, z-index, or legacy-orange violations
- Shared UI shell spacing now uses Pharos spacing tokens, and the design lint now recognizes the global keyboard-focus baseline
Fixed the Insights page after production deploys.
Insights
- Insights analytics cards now render from the route bundle instead of fragile secondary dynamic chunks
- The page no longer shows repeated "Importing a module script failed" error boxes when a stale or missing child analytics chunk is encountered
Made uploaded PDF and Word resumes appear immediately in the resume library.
Resumes
- Preserved PDF, DOCX, and DOC uploads now create and select the resume row immediately instead of waiting behind the AI enhancement prompt
- If text extraction fails for an uploaded original, TradeVind still saves and previews the original file with an explanatory note
- Regression coverage now protects preserved uploads with successful extraction and failed extraction
Protected resume edits from partial-save data loss and made shared API failures easier to diagnose.
Resumes
- Partial resume updates now preserve existing title, content, template, master status, target job, settings, original-file metadata, and style fields unless the caller explicitly changes them
- Switching an uploaded/preserved resume into TradeVind editing mode no longer risks blanking the underlying resume fields
Reliability
- Shared entity API calls now report invalid or malformed server responses with actionable refresh guidance instead of low-signal JSON/type errors
- Regression coverage now protects partial resume updates and malformed entity responses
Reduced agent-route abuse surface and made API trust audits more accurate.
Security & reliability
- Agent submission result and needs-input callbacks now rate-limit repeated calls per user agent token before touching job records
- Agent token creation, token revocation, and paused-submission answer routes now use the shared authenticated rate limiter
- Admin, TradeVind Connect, OAuth connect/disconnect, Gmail scan/match, Google Calendar event, integration-client, and smoke-token mutation routes now have explicit throttling
- The API route trust audit now recognizes exec-agent rate-limit protections so remaining notices are easier to triage
- API route trust audit now reports zero trust-boundary or mutation-rate-limit gaps
- Client analytics and client-only insight widgets now skip server-side execution to avoid SvelteKit eager-fetch warnings during SSR
- Neon and PostHog server SDKs now use native fetch captured before SvelteKit render instrumentation, eliminating false eager-fetch warnings during parallel smoke tests
- Chrome extension 2.2.3 now opens the side panel from the floating page button and falls back to a visible TradeVind tab if the side panel API is unavailable or blocked
Restored preserved resume previews, reduced failed-agent noise, and tightened dense UI controls.
Resumes
- Preserved resume PDFs and DOCX files now load through an authenticated same-origin proxy instead of direct blob links
- The proxy only serves the signed original file for the owning user and rejects oversized, missing, or unsupported upstream files
- Build-time and runtime CSP now allow the browser PDF viewer frame sources needed by preserved resume previews
- Resume style overrides now persist on the primary resume save path
Reliability
- Agent auto-triggers now check the user agent credit allowance before queueing jobs, preventing zero-agent-credit plans from creating doomed jobs
- Agent submission callbacks now reject stale updates unless the job is still actively submitting
- An API route trust audit script now surfaces routes that need explicit auth, webhook, cron, or rate-limit review
Interface
- Discover and Pipeline search, filter, card, pagination, and icon controls now use the shared spacing and touch-target rhythm
- Score-fit icons now use visible inline SVG instead of low-contrast emoji glyphs
Normalized platform spacing and CI rate-limit behavior.
Design system
- Shared layout, card, and control rhythm tokens now keep inner and outer spacing consistent
- Buttons, icon buttons, form fields, cards, and empty states now share a safer spacing floor
- Resume editor actions no longer collapse around labels, including the Save button
- Network search, view toggles, action buttons, tabs, and score controls now align to the same control-height system
- Network content now keeps a consistent page gutter instead of sitting against the viewport edge
Reliability
- Redis-backed rate-limit checks now time out before falling back to deterministic local behavior outside production
- CI coverage now verifies Redis limiter timeout fallback against dummy Upstash configuration
Cleaned up platform hygiene and release guardrails.
Reliability
- The Clerk shared runtime dependency is now declared directly instead of relying on a transitive dependency
- Unused Babel, adapter-auto, and Tailwind package entries have been removed from the install graph
- Noisy development-only analytics debug logging has been removed
- Company dossier compensation loading no longer starts a fetch during SSR markup rendering
- Modal analytics now runs on client mount instead of component initialization
- Guardrails now fail if local OS junk files are accidentally tracked
Made Discover skips durable across refreshes and repeated searches.
Discover
- Job Board and VC Portfolio skips now persist locally by stable job URL or id, so skipped external jobs stay hidden after refresh or repeated searches
- Discover skip persistence is isolated by source bucket and capped to avoid unbounded browser storage growth
- Malformed local skip state is ignored safely instead of breaking the Discover page
Fixed Discover skip actions and preserved resume PDF previews.
Discover
- Job Board and VC Portfolio result cards now expose Skip controls, matching the Matches inbox behavior
- Skipped external and portfolio jobs disappear immediately from the current Discover view
- Save and Skip interactions record best-effort learning signals without blocking the UI
- Archived Discover matches now invalidate match and review caches so skipped jobs do not reappear from stale client data
Resumes
- Preserved PDF previews now allow the browser-safe blob iframe source required by the inline PDF viewer
- Regression coverage now checks that CSP permits the blob frame source used by the preview
Expanded safe job-source ingestion for Discover.
Job sources
- Himalayas ingestion now uses the documented public search API instead of the stale legacy endpoint
- We Work Remotely now searches the all-jobs public RSS feed instead of only programming jobs
- Jobicy and JobsCollider are now included as public remote-job sources with normalized results and stable IDs
- Authentic Jobs can be enabled with AUTHENTIC_JOBS_API_KEY when publisher access is available
- RSS parsing, HTML stripping, token-based query matching, and per-source failure isolation are hardened
- The source-ingestion audit documents which LinkedIn-post sources are implemented, indirect, partner/API-required, or unsuitable for direct ingestion
Distributed rate-limit hardening for agent and MCP traffic.
Security and reliability
- Exec-agent endpoints now use Redis-backed distributed rate limits keyed by persona and action bucket
- TradeVind Connect MCP now uses the same distributed limiter instead of per-instance memory limits
- Production degraded mode fails closed when Redis is missing or unavailable, protecting AI spend from serverless instance churn
Safari extension credential hardening and guardrail coverage.
Extension security
- Safari extension access and refresh tokens now use local extension storage instead of browser sync storage
- Legacy Safari sync-stored tokens migrate into local storage and are removed from sync storage on first use
- The extension guardrail now scans Safari resources as well as Chrome resources for synced token writes
- Safari extension bundle metadata is bumped to 2.1.3 for the credential-hardening release
Reliability cleanup for production gates, resume DOCX rendering, stale deploy assets, and executive task gating.
Production readiness
- Production verification now loads production env files before generic local env files, so the launch gate validates the intended deployment configuration
- RLS verification now uses the production restricted app role configuration and confirms that the app role enforces row-level security
Resumes and deploy recovery
- DOCX resume parsing now guards browser DOMParser calls that omit a MIME type, preventing resume-page crashes during preserved document preview and import
- Stale immutable CSS preload failures after deploys now use the same reload recovery and Sentry-noise filtering as stale JavaScript chunks
Executive Edition
- Executive agent tasks now validate research output before completion and no longer mark cover-letter tasks complete until reviewer-gate checks pass
Sprint 1 reliability hardening across the dashboard, resume preview, LinkedIn enrichment, and Chrome extension capture flow.
Dashboard
- Stream cards now dedupe with stable entity-aware keys before the dashboard and guided mode render them
- Daily action cards no longer repeat just because equivalent action payloads arrive with different object key order
Resumes
- Preserved PDF resumes now select immediately from the original file URL instead of waiting on extracted content
- Export on preserved resumes opens the original PDF source, avoiding accidental exports from extracted fallback text
- Original preview upload failures now show a clear notice instead of silently downgrading the resume
Enrichment and extension
- LinkedIn enrichment refund paths now reuse the middleware idempotency key so retry failures do not double-refund credits
- Bulk contact enrichment now clears its running state if the provider token is missing before work starts
- Network engagement history is now schema-validated before writes and normalized on reads so malformed legacy JSONB cannot break warmth timelines
- Discover recommendation-learning feedback now validates its profile settings payload before JSONB persistence
- Core agent job trigger, progress, and checkpoint JSONB writes now validate payloads before persistence
- Expired stale agent jobs now create visible manual-fallback cards instead of only changing backend state
- The Chrome extension now single-flights token refreshes, rejects stale capture cache, reports actionable auth states, and recovers dashboard failures with retry controls
- The RLS launch gate now loads local environment configuration and reports restricted-role connection failures without raw stack traces
Executive Edition
- Executive hard anchors now support type, provenance, confidence, approval, draft, and suppression metadata
- Resume and cover-letter tailoring now require Claim Trace and Anchor Coverage sections before artifacts are accepted
- Research briefs now have a quality gate; resume and cover-letter generation are blocked until there is sufficient evidence
- Application packages now persist draft/ready state and fail closed if reviewer checks cannot verify traces and coverage
- Executive scoring now stores decomposed confidence factors instead of relying only on one opaque confidence number
- External task polling now exposes canonical queued, researching, tailoring, ready, blocked, and failed states
Recommendation learning, preserved resume PDF preview hardening, and production noise reduction.
Discovery
- Accepted and skipped suggested jobs now update a per-user learning profile stored in profile settings
- Future Discover queues are re-ranked from those signals across title terms, company, location, and source
- Learning is best-effort and non-blocking, so moving or skipping a job still succeeds if feedback recording fails
Resumes
- Preserved PDF uploads now render through a browser-safe object URL instead of directly iframe-loading the source file
- PDF preview fallback now clearly offers Open original and Download actions when the browser blocks inline rendering
Reliability
- Core entity and batch API rate limiters have more practical production headroom and fallback-memory degraded mode
- Expected rate-limit responses are filtered out of Sentry so real product errors stay visible
Resume overhaul, voice mode, and platform polish. 90+ commits across every surface.
Resume builder
- 19 templates including 3 structurally unique layouts (Professional, Impact, Catalyst) and 3 new styles (Horizon, Nordic, Vertex)
- Resume type selector: entry-level, IC, senior, director, executive, career changer, academic, each with tailored scoring
- Templates filtered by resume type (executive templates only shown for director/executive)
- Grouped toolbar dropdowns (AI Tools, Export, Create) replacing flat button row
- AI-enhanced PDF import with formatting cleanup (2 credits)
- Vector PDF export with selectable text (ATS-compatible)
- Nested list and table support in markdown editor
- Draggable page break adjustment in preview
- Section reorder via drag-and-drop
- Text alignment controls (name and body)
- Auto-save with unsaved changes warning
- Cmd+S / Ctrl+S keyboard shortcut
- Improved scoring: XYZ format check, broader action verb recognition, executive strategic framing
AI and credits
- Voice conversation mode in Pharos (Chat/Voice toggle)
- Credit depletion banner with action-specific messaging
- "X of Y daily actions remaining" in credit display
- 90-second client timeout on AI calls with auto-retry on token expiry
- Friendly error messages for all AI failures (credits, timeout, rate limit, auth)
Pipeline
- Paste job URL quick-add (inline input, no modal needed)
- Post-action prompts: "Tailor your resume" after adding a job
- Contextual tool suggestions in job detail panel based on entity state
- Interview prep packet directly from Interview Mode (no Pipeline redirect)
Network
- Contact enrich prompt after LinkedIn import ("Get photos for X contacts")
- Hover enrich icon on contact avatars without photos
- Clearbit company logo fallback for contacts with websites
- Contextual tool suggestions in contact/company panels
Community
- Salary and story forms auto-fill from your pipeline data (jobs, offers)
- Role and company picker dropdowns from your existing data
Dashboard
- Editable weekly goal targets (click to change)
- Quick profile completion widget refreshes after completing
- Error boundaries for all widgets (one crash does not kill the dashboard)
- Accessibility: aria labels on stats, drilldown, warmth indicators
Platform
- 15+ PostHog funnel events (onboarding, first-value, AI usage, monetization)
- Rate limiting on all critical API endpoints
- Tighter CSP img-src policy
- Blank screen prevention (cache headers and chunk error auto-recovery)
- Resizable side panels with drag handle
- Mobile hamburger menu on landing page
- Nav items show inline when few (no More/Less toggle for 1-2 items)
Developer
- Composable API middleware (withAuth, withCredits, withRateLimit, withTryCatch)
- 55+ endpoints migrated to middleware
- Settings page split into 5 sub-components
- Resumes page split into 4 sub-components
- Pipeline: QuickAddJobURL and PipelineToolbar extracted
- AiChat: VoiceMode extracted
- ActionPrompt shared store
- Template token system (design tokens instead of CSS strings)
- CREDIT_COSTS in shared module
Automation infrastructure, network intelligence, onboarding overhaul, and Neon + Clerk migration.
Highlights
- Job scoring API, prep packet generator, document pipeline with approval queue
- Company watchlist with signal monitoring, alumni detection, mutual intro paths
- Deep-dive onboarding wizard: 6 steps, 35+ questions, AI preference discovery
- 3 layout modes: Guided, Standard, Power
- Migrated from Supabase to Neon (Postgres) + Clerk (auth)
- 225 automated tests, all passing
Complete rebuild from v1 (vanilla JS + Firebase) to v2 (SvelteKit + Neon + Clerk). First deployable beta.
Platform
- New stack: SvelteKit 5, Supabase (Postgres + Auth), Anthropic Claude, Stripe
- 7-tab navigation: Stream, Network, Pipeline, Resumes, Prepare, Learn, Insights
- 6 journey personas that shape the entire platform experience
- Progressive disclosure: features adapt per journey and unlock with milestones
- 177 automated tests, CSP security headers, ARIA accessibility
Stream (Dashboard)
- Customizable widget grid with drag-drop reorder
- 15 widget types: stats, roadmap, stream cards, goals, XP, funnel, sources, and more
- Pharos AI coach with journey-aware personality
- Journey progress bar with next-action CTA
Network
- Contact and company management with status tracking
- Force-directed network map with photos, logos, and warmth coloring
- LinkedIn import, enrichment, optimizer, message drafter, post generator
- Referral tracker, reference manager, outreach templates, follow-up sequences
- Company dossier (AI), culture analyzer (AI), community intel
- Network score: 5-dimension radar (reach, engagement, depth, growth, results)
- Event discovery via Eventbrite API
Pipeline
- Kanban board with drag-to-status for jobs
- Interview scheduling, AI prep, post-interview debrief, question bank
- Offer comparison tool, letter analyzer (AI), negotiation coach (AI)
- Match score badges on job cards (TF-IDF keyword matching vs resume)
- Application scorecard, ghost job detector, health score badges
- Calendar view with Google Calendar sync
- Bulk operations (multi-select, bulk delete/status change)
Resumes
- 3 editor modes: Builder (form), Rich Text (TinyMCE), Markdown
- 6 templates: classic, modern, compact, executive, creative, minimal
- Paginated A4 preview with smart page breaks
- AI features: optimize, refine, tailor per job, ATS checker, cover letter, translate (9 languages)
- Evidence library wired into AI tailoring and interview prep
- PDF/Word export, public profile page generator
Prepare
- AI mock interview (text + voice via ElevenLabs for Pro)
- Negotiation simulator with AI hiring manager
- 51 pre-built interview scenarios
- Elevator pitch builder with practice timer
- Question bank with methodology frameworks (STAR/CAR/SOAR/PAR)
Learn
- 17 modules, 89 lessons across all job search topics
- Covers resume writing, networking, interview prep, salary negotiation, personal branding, career transitions, mental health
Insights
- Pipeline funnel, applications over time, response rate by source
- Average time per stage, interview conversion rates
- Rejection pattern analysis, top companies
Job Search
- Built-in search via JSearch + Adzuna APIs (dual source, deduped)
- AI conversational search
- Saved searches with alerts and match scoring
Chrome Extension v1.1.0
- Universal job saving from any site (JSON-LD, Open Graph, DOM heuristics)
- LinkedIn-specific scraping (profiles, jobs, companies)
- One-click application autofill on 14 ATS platforms
AI, Payments, Security
- 33 AI actions with server-side auth and atomic credit deduction
- Stripe checkout for Pro subscriptions and credit packs
- CSP headers, rate limiting, input sanitization
- Focus traps, ARIA attributes, keyboard navigation
- 5 languages: English, Dutch, Spanish, French, German
Original TradeVind v1. Vanilla HTML/CSS/JS with Firebase backend.