Changelog

Initialized the EmbassyOS platform with Next.js, Supabase, TypeScript, and Tailwind CSS

Implemented strict security headers across all pages (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)

CSS variable-based design system with semantic color tokens for consistent theming

Country and mission data model supporting unlimited diplomatic missions per nation

User role hierarchy: Super Admin, Country Admin, Mission Admin, Staff, Citizen

Dynamic landing page sections configurable per mission

Row-Level Security policies isolating tenant data at the database layer

Embassy reference number generation for tracking

Path-based tenant resolution (/country/mission) with edge middleware

Theme engine with mission-level color overrides cascading from country branding

Automatic session refresh and dashboard authentication enforcement

Email/password authentication with Supabase Auth

Role-based access control with configurable permissions per dashboard

Secure server-side login and logout flows

Super Admin dashboard for platform-wide country and mission management

Country Admin dashboard for managing missions within a country

Mission Admin dashboard with operational overview, staff management, service catalog, and branding configuration

Dynamic landing page engine with configurable sections: Hero, Services, News, Contact, Appointments

Themed navigation and footer per mission

Auto-seeding of default landing sections for new missions

Citizen dashboard with service requests, documents, and appointment management

Staff dashboard with queue management, profile, and assigned services

Personalized welcome messages for all user roles

Enterprise marketing site at embassyos.com with platform capabilities, security overview, and demo request form

Platform pages: Citizen Services, Consular Workflow, Diplomatic Communications, Intelligence & ROI, Security

Resources: Documentation (multi-audience), Security Whitepaper, API Reference, Changelog, System Status

Cookie consent banner with GDPR-aligned privacy controls

Architecture, database schema, tenant routing, auth flow, and theme engine documentation

Engineering knowledgebase with incident tracking

Security documentation and compliance alignment

Dashboard sidebars now use mission theme colors instead of hardcoded defaults

Service type labels use human-readable names throughout the platform

Navigation consolidated to eliminate duplicate menu items

Mission Admin sidebar highlighting multiple items simultaneously

Raw service type IDs displayed to citizens instead of formatted labels

Authentication redirect loops for non-super-admin users

**Message catalogs:** Full structural parity between `messages/en.json` and `messages/fr.json` (351 leaf keys each). New namespaces/keys for Sprint 3 follow-through, including `events.fallback.*` (locale-aware default embassy events) and `metadata.*` (mission `generateMetadata` titles and descriptions).

**Glossary pipeline:** Curated `scripts/glossary-en-fr.json` with exact-match lookup (`scripts/glossary-lookup.mjs`); `npm run translate` fills missing FR from EN with glossary-first then OPUS-MT; `scripts/translate-config.mjs` emits **plain translated JSON on stdout** for `lib/translation/translate-config.ts` (admin sovereignty: non-empty `fr` in locale maps is not overwritten).

**Locale routing:** `app/[locale]/[iso]/[mission]`, next-intl `routing` (`en` / `fr`, default `en`), middleware locale handling and CSRF; root `<html lang>` from `getLocale()`; redundant client `HtmlLang` removed from `[locale]` layout.

**Metadata localization:** Mission layout `generateMetadata` uses `getTranslations({ locale, namespace: 'metadata' })` so French home titles and descriptions differ from English (e.g. `Portail officiel — {missionName}` pattern plus root title template). `openGraph` titles aligned.

**Quality / UX fixes:** `LanguageSwitcher` ARIA uses `accessibility.selectLanguage` / `availableLanguages`; `verify:content` strips `<script>` and `<noscript>` before substring checks to avoid RSC/JSON false positives; ESLint baseline (`.eslintrc.json`); archival note in `docs/reviews/i18n-verification-2026-04-03.md`.

**Tooling:** `.eslintrc.json` (`next/core-web-vitals`), `scripts/verify-content.mjs`, `npm run verify:content`, glossary utilities under `scripts/` (`glossary-en-fr.json`, `glossary-lookup.mjs`, `sync-glossary-from-messages.mjs`).

**React:** `NewsletterBannerSection` hooks ordered before conditional return (rules-of-hooks).

**ESLint:** Escaped literal quotes in legal copy, household empty state, and user search empty state (`react/no-unescaped-entities`).

**i18n:** Fallback embassy event cards no longer hardcode English CTAs; language switcher no longer hardcodes English ARIA strings.