What’s changed in AORTrack.

D2 (consultant solicitation) false-positive rate reduced from 12% to 3.4% implicit solicitation detection threshold raised from 0.55 → 0.68. Genuine applicants writing "my consultant said…" no longer flagged

JSON repair prompt retry now fires correctly on malformed moderation API response previously returned unhandled promise rejection causing submissions to silently drop

Appeals upheld rate metric on /admin/metrics now computes correctly was reading from wrong collection after v0.4.0 schema rename

SSE connection now reconnects with exponential backoff (1s → 4s → 16s) was retrying immediately causing server overload during IRCC draw day spikes

Automated moderation pipeline all 7 detection categories (D1 date fraud, D2 solicitation, D3 multi-account, D4 off-topic, D5 misinformation, D6 harassment, D7 PII) evaluated per submission. Light → full review escalation at confidence 0.55–0.75 or >2 prior violations

BullMQ queue with token bucket rate limiting accepts 1,000 submissions/minute, retries with exponential backoff (1s, 4s, 16s, 60s), no silent drops

5-tier action-service: APPROVE, SOFT_FLAG, SHADOW_FLAG, REMOVE, BAN all written to append-only moderation_audit_log

Admin review queue at /admin/queue split-panel UI with flagged evidence spans highlighted amber, cohort mini-chart, account history, keyboard shortcuts A/R/E/P/N

Appeal flow 7-day window for REMOVE, 14-day for BAN. Human-only review (no automated re-review). Upheld appeals restore post to feed

Moderation metrics dashboard at /admin/metrics precision, recall estimate, appeals upheld rate, queue depth, Flash vs Pro split, P95 latency

IP hashing (SHA-256(ip + daily_rotating_salt)) for cluster detection. Rate limit: 5 profiles/24h = flag, 20/24h = HTTP 429

Moderation service unavailable fallback: all submissions shadow-flagged with moderation_unavailable status and routed to human review no data loss

Admin endpoints: RS256 JWT (15-min expiry) + TOTP MFA + IP allowlist at API gateway triple defence-in-depth

Moderation prompts moved to environment secrets. Post body HTML-stripped and truncated to 2,000 chars before review to mitigate injection attacks

Moderation verdict JSON schema validation before action-service logic runs unexpected action field values rejected and shadow-flagged

Community feed now shows only moderation_status = approved posts. Previously showed all submitted posts pending manual review

POST /api/v1/submissions returns HTTP 202 in <500ms processing is fully async. Dashboard updates optimistically

Community feed at /community paginated approved-only posts with SSE new-post notification bar (5-second delivery target)

Filter chips: All, PPR, BIL, BGC, Medical active filter persisted to localStorage and restored on return

Helpful / Reply / Save engagement on feed cards. Replies routed through same moderation pipeline as primary submissions

3-step onboarding: Application Details → Completed Milestones → Review & Email. localStorage draft persists between steps and return sessions

Share feature unique slug /t/{adjective}-{noun}-{stream}-{aordate}. Read-only. Copy / WhatsApp / PNG card (1200×630 server-generated)

PPR celebration prompt auto-shown on PPR milestone log pre-filled tweet and LinkedIn post with share URL

Days-to-PPR histogram in 30-day buckets. User estimated window highlighted red. Community-verified submissions only

Cohort dot map 500-sampled grid, colour-coded by stage. User dot: white outline ring. Hover tooltip shows anonymised applicant ID and stage

Community Insights panel alert cards with 72-hour auto-expiry, auto-generated ≤140 char summaries, moderated before display

Dashboard cohort stats now refresh in background without blocking initial render was causing 1.2s layout shift on return visits

SVG progress ring animates from 0% on dashboard load. WCAG 2.1 AA text equivalent for screen readers: "65% of median elapsed (120 of 184 days)"

PPR window estimate as p25–p75 date range (never a single date). Minimum 2-week buffer applied when p25 is already past. Requires ≥30 verified cohort submissions

Per-milestone cohort progress bars with animated fill, absolute count, and percentage ("482 of 1,240 past this stage")

Magic link resume via POST /api/v1/auth/resume single-use HMAC-signed JWT, 24h TTL, Redis invalidation. Works from any device for email-registered users

Processing stats page at /stats stream leaderboard with p25–p75 confidence bars, WES verification table, data source labels on all statistics

Email stored as SHA-256 hash only. Separate AES-256-GCM notifications_blob for transactional email raw email never persisted anywhere

One-click PIPEDA data deletion from dashboard cascades to all collections. Nightly hard-delete of soft-deleted records after 24h

IP stored as SHA-256(ip + daily_rotating_salt) raw IPs never logged to any persistent store

PPR submissions without biometrics date now excluded from community statistics with a clear dashboard warning was silently included causing inflated estimates

Critical: Cohort key collision between FSW_GENERAL:2:2026:inland and CEC_GENERAL:2:2026:inland due to missing stream-type prefix check. FSW estimates were inflated by ~30 days. All affected records re-indexed and cohort stats recomputed

Live counter now cached at 5-minute TTL server-side was hitting MongoDB directly on every request causing 120ms latency spike at peak load

AOR date submission at /track stream dropdown, inland/outland type, optional email, form validation, 202 response

MongoDB users collection with cohort key format {stream}:{aor_month}:{aor_year}:{type}. Fallback to annual key when cohort n < 30

Personal dashboard days counter, stream median, cohort rank, 6-milestone timeline with hover-to-edit inline date pickers and optimistic UI

Session token (HMAC-signed UUID) in HttpOnly cookie for anonymous user persistence on same device

6 streams at launch: CEC General, CEC STEM, CEC French, FSW General, FST, PNP

Feedback form → GitHub Issues API with labels source:community and type:[bug/feature/data]. feedback_queue collection for API failure fallback

CONTRIBUTING.md, CODE_OF_CONDUCT.md (Contributor Covenant v2.1), 4 GitHub issue templates, MIT LICENSE

Landing page SSR hero with live counter (5-min TTL), How It Works, stream cards, trust signals, consulting cross-sell