Platform Changelog

Fixed a 500 error on forensic analysis supplier pages caused by a Prisma query referencing a non-existent field on SourceOrganization. Source organizations store province data under provincesOperating (JSON array or comma-separated), not a single province field.

Rebuilt the admin analytics page as a tabbed observability dashboard with realtime online-user tracking, referrer/landing-page analytics, configurable time buckets, and JSON/CSV export.

Pre-created Tender Radar profiles were returning zero live results because the category resolver used stale seeded categories instead of querying real database categories tenders are linked to.

Fixed bank account number exposure on GET status endpoint (now masked), race condition on admin verification, empty subscriptionId on invoice creation, audit log placement, and NotificationType enum use.

Bank Transfer / EFT is now available as a payment method alongside Paystack card payments. Users select their preferred method after choosing a plan, receive a unique reference number to include in their EFT, and see bank details on a confirmation page. Admins manage the verification workflow: mark as received, verify funds, and activate subscriptions. Pending transfers expire automatically via cron, and users see a dashboard banner for pending transfers.

Expanded the Tender Radar profile library from 19 to 35 company archetypes, covering stationery, pest control, waste management, CCTV, mining services, hospital catering, school nutrition, pharmaceuticals, medical devices, printing, uniforms, event management, marketing, HR/recruitment, fire protection and water/sanitation. Each new profile is mapped to real seeded categories via the category resolver, includes 2–4 FAQs and profile-specific OG highlight text, and is validated by new unit tests.

Complete sitemap coverage for all 604 Tender Radar static URLs (1 landing + 288 province/category pages + 315 profile pages). Updated priority and changefreq values aligned with search importance: landing (0.9/daily), indexes (0.8/daily), profiles (0.85/daily). All page types verified to emit self-referencing canonical URLs. Internal linking chain connects profile pages to parent indexes, back to /tender-radar, and to related profiles. Province/category index profile cards use standard <a> elements with full province names in anchor text.

Added branded dynamic OG images for Tender Radar profile and province pages, replaced hard-coded URLs with getBaseUrl(), added Twitter cards, and rolled out the platform identity schema bundle (Organization + WebSite + SearchAction + BreadcrumbList). Profile pages now emit WebPage with speakable selectors, a Service schema, and an ItemList of live tenders; province/category pages emit an ItemList of profile cards. Dynamic wizard results with query parameters are now noindex.

Fixed a category-matching bug that caused most Tender Radar company profile pages to return zero tenders. Profile pages now match against the real database category names and canonical names, including sensible aliases across related categories.

Three additional tender detail paywall channels that were deferred from the original v1.3 paywall launch: supplier contact details (registration number, contact person, email, phone, address of the awarded supplier), per-document AI summaries in the SEO document list, and AI-computed tender value estimates. The workspace page shows the built-in purple "Unlock Value Estimates" placeholder for the value channel; the SEO pages use the standard dual-CTA overlay for all three. Cross-page consistency is preserved — a free user navigating between the public SEO page and the authenticated workspace for the same tender sees the same gate treatment. Tier 2 FROZEN modules (FeatureGatingService, TenderValueService) are reused read-only; no frozen module is modified.

Anonymous visitors and free-tier accounts now see a paywall on every tender detail page (both /sa-tenders/tender/[slug] and /tenders/[id]) for document analysis, AI summaries, AI key requirements, contact information, issuing organization details, and briefing venue. Paid access requires an active subscription (Professional / Enterprise) or any active Action Pack bundle wallet. New registrations no longer create a 14-day Starter trial — they start as free-tier. Existing trial users are grandfathered.

Company intelligence profile pages were loading very slowly or timing out due to expensive database queries and a remnant of the restricted supplier integration that was removed from the UI but still ran on every page load. The page now loads in seconds instead of timing out.

Company intelligence profiles now surface World Bank debarments alongside the existing OCPO restricted supplier data. If a SA-registered company appears on the World Bank debarment list, it will be flagged in their profile — expanding compliance coverage beyond South Africa's National Treasury list.

Every company profile now shows a unified restricted supplier status banner — red for active restrictions, amber for expired ones, green for clean records. Organisation and province pages list restricted suppliers tied to that body. Award cards show a badge next to restricted supplier names.

Company intelligence pages for claimed company profiles were crashing when the claim-owner enrichment section tried to load. The owner's contact details, capabilities, B-BBEE level, and profile text now display correctly.

AI assistants like ChatGPT, Gemini, Claude, and Perplexity can now read Tenders-SA pages as clean markdown. Every major public route serves an AI-optimised version, with rate limits that distinguish well-behaved bots from scrapers. A daily cost guardrail keeps bandwidth in check.

Anonymous visitors (including AI crawlers) now get cached HTML from Cloudflare on repeat visits instead of triggering a full server render. Pro subscribers still see their full unlocked reports; free visitors see the locked default.

Tender detail pages are now cached instead of being rebuilt from the database on every visit. Blog, legislation, province, and category pages are served from Cloudflare's edge. AI rewrite jobs now run every 2 hours instead of every 15 minutes.

After paying the R1,500 claim fee, company owners can now edit their internal Company profile from the dashboard. The public profile shows owner-provided information (contact details, B-BBEE level, capabilities) in an "Additional information from the company owner" section. Expired trials are reactivated at no extra charge.

When a user pays the R1,500 Company Profile Claim fee via Paystack, the payment is now correctly reconciled. Previously, the webhook could create a phantom subscription instead of marking the claim as paid.

Clicking "Subscribe" on the pricing page was failing for Starter, Professional, and Enterprise plans with a Paystack "Invalid Amount Sent" error. This is now fixed — users can complete checkout end-to-end.

Paystack replaces PayPal as the primary payment processor for all new transactions. New subscriptions, one-time product purchases, and claim payments now go through Paystack in South African Rand. Existing PayPal subscribers are unaffected.

Tender Radar now has province-level pages for every category. You can browse all company profiles in a specific category and province combination. It's linked from the navigation menu, footer, and SA Tenders pages.

All feature pages, the how-it-works guide, changelog, and intelligence feed now carry proper structured data. AI assistants can surface the 4-step HowTo process from how-it-works, understand changelog freshness, and cite the intelligence dataset.

Blog posts now link to related tenders in their structured data. Legislation pages map each act to its regulator — National Treasury for PFMA, B-BBEE Commission for the BBBEE Act, CIDB for the CIDB Act — so search engines and AI assistants can answer "who regulates what".

Four improvements to the company profile claim flow: proof documents are saved reliably with a 10MB cap, the payment button says "Pay Now", the "Resume Claim" link in emails works correctly, and "Claim Under Review" emails no longer point to admin-only pages.

The Publishers Hub, all 5 sector pages, and the developers page now use the same structured data system as the rest of the platform, with proper attribution to Tenders SA.

Province pages, organisation-type filters (municipalities, SOEs, national departments), category sub-pages, and awards pages now carry richer structured data. AI assistants can answer "how many awards in each province" or "list municipalities" from typed data.

The home page now describes its stats as a Dataset and the platform as a SoftwareApplication. The pricing page exposes each plan as a typed Service with ZAR pricing, so AI assistants can answer "how much does Tenders SA cost" from structured data.

The Tenders SA organisation entity now carries full social profiles (Facebook, LinkedIn group, X), WhatsApp contact, and South Africa address. AI assistants can answer "how do I contact Tenders SA" from structured data.

Users who close the claim modal mid-flow can now return and pick up at the correct step — upload proof, pay, or awaiting review — instead of starting over. Rejected claims retain their full audit history.

A new admin claims dashboard lets admins find, filter, review, approve, and reject pending claim requests. Claimants receive emails on every state change. Approved claims unlock a profile editor.

Company intelligence profiles now expose their top awarded categories and most frequent awarding bodies in structured data. A new DynamicSchema wrapper makes it easy to add similar data to other page types.

Awarding organisations on tender detail pages now expose a "Tender Enquiries" contact point with phone numbers in standard international format.

Every tool page — B-BBEE calculator, CIDB grade calculator, compliance checklist, preparation planner, readiness assessment, AI proposal generator, value estimator, JV calculator, forensic analysis, company lookup, heatmap, and company intelligence — now carries proper structured data.

Tender detail pages now show a progress indicator on the documents panel — "Reading the tender document", "Compliance review", "Bid-ready summary" — so you can see at a glance which documents have been analysed.

Clicking "Calculate Matching Score" previously returned 0% if any eligibility gate failed. You now see a partial score from the other 12 matching factors plus the full breakdown, so you can identify which dimension to improve.

Every tender-related page now shares the same Organisation and Website identity in search engine data, creating a unified entity. XSS vulnerabilities in JSON-LD rendering have been closed across all tender routes.

Company intelligence pages now use the correct Schema.org paywall markup so Google understands which content is behind the subscription, resolving indexing issues for premium pages.

Fixed a bug where automated email flows were skipping the primary email provider and falling through to more expensive backups. All 60+ automated email flows now correctly try providers in the intended order.

The AI Document Analysis card on tender detail pages now uses the same green accent, gradient header, and branded styling as the rest of the page. Evaluation criteria headings now stack vertically for easier scanning.

When multiple tender documents restate the same information, duplicates are now suppressed. Each section shown on the page is unique across the entire tender — even when five documents carry the same paragraph.

All SEO metadata is now generated through a single, orchestrated pipeline with provider failover. Tender page descriptions are no longer at risk of being silently overwritten by inline AI on the request path.

The API status indicator in the navigation bar now fetches metrics through updated backend routes. No visible change for users.

All outbound email now routes through Amazon SES first, with SendPulse and Resend as automatic fallbacks. This reduces email delivery costs while maintaining reliability with a 3-provider fallback chain.

Tender document analysis now classifies content into 15+ section types, up from 7. Each section shows which source document it came from, so you can trace every requirement back to its original file.

All existing tender documents with extended analysis sections now have professionally rewritten text. New documents get the same treatment on ingestion.

Tender extraction was failing mid-write with a Prisma error. The fix lets live document ingestion complete end-to-end without crashing.

Tender document downloads now use Cloudflare Workers to fetch and cache files, with the main app providing a resilient download URL.

A new document retrieval Worker caches tender documents at the Cloudflare edge, reducing load on government portals and speeding up downloads for users.

Document download URLs now prefer R2-backed Cloudflare storage over original government source URLs. Source URLs are only used as a fallback.

The Worker's database schema now uses the correct table layout for document metadata, matching the application's expectations.

R2 storage now uses a standardised key format: government tender ID + original document blob name. No more random or generated keys.

A repair process has fixed existing document rows that had incorrect or broken URLs, populating missing metadata from original sources where possible.

The document ingestion pipeline now repairs broken source URLs by fetching fresh metadata from government portals, populating the correct download links.

The document download endpoint now resolves R2-backed URLs first. If a document exists in R2 cache, it serves from there before falling back to the original government source.

Document download buttons on tender detail pages now route through the download URL API, which resolves the best available storage location.

A new privacy policy page explains what data we collect, how we use it, and your rights under South African law.

A new terms of service page outlines the rules for using the platform, subscription terms, and liability provisions.

Company enrichment data now includes director names and details, enabling director-level analysis on company profiles.

Restricted supplier entries from the National Treasury list are now matched against CIPC-registered companies. When a match is found, the restricted supplier status appears on the company's intelligence profile.

The daily restricted supplier sync now checks whether the PDF has changed before processing. Unchanged PDFs are skipped entirely, reducing load and avoiding unnecessary writes.

The PDF URL used for restricted supplier sync can now be configured from the admin settings, with a sensible default if not set.

Sync metadata now tracks when each restricted supplier source was last updated, so the platform can show data freshness per source.

The restricted supplier banner on Company Intelligence profiles now shows when each data source was last checked.

Organisation and province detail pages now show a sidebar listing restricted suppliers tied to that body or local authority.

The public API now supports querying restricted suppliers by source and authorised body.

CIPC company registration data is now enriched and stored alongside tender data, enabling company lookups, director analysis, and cross-referencing with restricted supplier lists.

Admins can now configure data source URLs and sync settings from a dedicated admin page.

The admin dashboard now shows Amazon SES connection status and diagnostics for easier troubleshooting.

The admin dashboard now shows diagnostics for all email providers (SES, SendPulse, Resend) at a glance.

All cron job endpoints now validate a shared secret before executing, preventing unauthorised invocation.

Cron job endpoints have been added to the middleware's public route whitelist so they can be reached without session authentication.

A daily cron job downloads the National Treasury OCPO restricted supplier PDF, parses it, and syncs entries to the database. Changes detected via PDF hash comparison to avoid unnecessary processing.

The OCPO restricted supplier PDF URL can now be changed from the admin dashboard, with automatic fallback to the default URL.

Restricted supplier entries are now automatically classified by severity (critical, high, medium) based on the restriction reason, helping users triage the most important restrictions.

Restricted supplier entries are now matched to CIPC companies using fuzzy name matching, catching companies with slight name variations.

Award cards across the platform now show a red "Restricted" or green "Verified" badge next to supplier names, giving an immediate visual indicator of supplier risk.

When a winning supplier has active restrictions, the award detail page now shows a warning card with restriction details — type, period, and authority.

Company name matching across the platform now normalises legal suffixes consistently — Pty Ltd, Ltd, Inc, CC, NPC, SOC Ltd — so variations don't prevent correct matches.

Restricted supplier entries are now stored with normalised names at write time, improving matching consistency.

SEO metadata is now generated through a dedicated pipeline that runs after tender analysis, rather than inline during page requests.

Tender documents are now automatically analysed for key information — requirements, evaluation criteria, compliance needs, and bid preparation guidance.

Every new tender now gets automatic AI analysis of its documents, extracting requirements, compliance needs, and evaluation criteria.

Tender detail pages now show a progress indicator for document analysis, so users know when to check back for results.

A backfill pipeline scans for tenders that missed analysis and processes them, ensuring full coverage.

The notification system now supports sending via multiple email providers with automatic fallback, improving delivery reliability.

Users can now configure alert preferences tied to their subscription plan, controlling which notifications they receive.

A new email template rendering engine supports dynamic content, sequences, and multi-provider delivery.

Users can receive daily or weekly email digests summarising new tenders, awards, and changes relevant to them.

Restricted supplier severity rules updated to better distinguish critical restrictions (fraud, corruption) from medium ones.

Matching between restricted suppliers and CIPC companies now uses multiple strategies for maximum coverage — registration number, exact name, and fuzzy name.

A new API endpoint lets you look up CIPC company enrichment data by name or registration number.

The admin claims dashboard now lets admins preview proof documents inline before approving or rejecting claims.

Claim proof documents are uploaded securely with file type validation and size limits, stored safely on the server.

Users can now reset their password through a secure email-based flow.

New users can register with email and password, receiving a verification email to confirm their address.

A complete email verification flow ensures all user accounts have verified email addresses before accessing restricted features.

Authentication now uses HTTP-only cookies validated at the edge, replacing client-side token storage for better security.

The authentication system now uses secure, HTTP-only cookies for token storage with 7-day lifespan, SameSite=Lax, and Secure attributes.

Platform database infrastructure initialised with Prisma ORM for tender data, awards, organisations, and user data.

Platform migrated from MySQL to PostgreSQL for better performance, advanced features (pg_trgm, full-text search), and lower hosting costs.

Database indexes created for faster tender, company, and award searches.

Tender detail pages now load component data in parallel instead of sequentially, reducing page load time.

Redis caching added for frequently accessed platform data (tender counts, company lookups, restricted supplier status) to reduce database load.

Incremental Static Regeneration caching applied to tender detail pages and content pages for faster repeat visits.

A live extraction pipeline now processes tender documents as they are published, running AI analysis immediately.

Document analysis now uses an AI orchestrator that tries multiple AI providers in sequence, ensuring analysis completes even if one provider is unavailable.

Document analysis upgraded to use the latest generation of AI models for better extraction quality.

A dedicated rewrite service converts raw tender data into clear, professional descriptions suitable for public display and SEO.

Tender descriptions are now rewritten with structured sections that highlight key information like requirements, deadlines, and compliance needs.

A matching engine now scores company profiles against tender requirements based on industry codes, location, financial capability, and more.

Tender pages now show a "Calculate Matching Score" button that evaluates your company against the tender requirements.

The matching engine now considers 12 factors including industry codes, BBBEE, province, value, experience, qualifications, capacity, and document readiness.

The matching engine now returns partial scores even when eligibility fails, showing users which specific criteria they don't meet and which they do.

Matching algorithm uses weighted penalties and sensitivity analysis to produce more nuanced scores.

Province matching now handles city names, regional aliases, and national scope — so "Johannesburg" correctly matches Gauteng, and "National" matches all provinces.

Company registration numbers are now validated for correct format when entered on the platform.

Companies can now be looked up by name or registration number, with the system normalising names for better matching.

Company intelligence data now served through a dedicated query service with 1-hour Redis caching for fast repeat lookups.

Company intelligence profiles now show comprehensive information including tender awards, CIPC enrichment data, director details, and restricted supplier status.

All 12 tool pages migrated from raw JSON-LD script blocks to the XSS-safe StructuredData component.

Home, pricing, and tools pages now share the same search engine identity bundle as the rest of the platform.

All 24 tender route templates now share the same Organisation and Website identity bundle.

A new DynamicSchema component provides a typed, safe wrapper for page-specific structured data, making it easier to add without raw JSON-LD.

Company profiles now expose their top categories and awarding bodies in structured data.

Company intelligence pages now correctly signal paywalled content to Google.

Tender detail pages now show bid enquiry contact details as a proper ContactPoint in structured data.

The Tenders SA organisation entity now includes Facebook, LinkedIn, X profiles, WhatsApp contact, and South Africa location in structured data.

All AI markdown mirrors and site pages now use the same Tenders SA publisher citation in structured data.

AI-optimised markdown pages now include a publisher citation JSON-LD block.

JSON feeds for tenders and awards, plus JSON sitemaps for AI aggregators.

Standard llms.txt and llms-full.txt files help AI platforms discover and understand the site structure.

A public AI Info API returns the full entity taxonomy (41 content types), JSON Feed URLs, and LLMs.txt references for AI platforms.

70+ public routes serve AI-optimised markdown at /_ai/* paths for AI platform consumption.

16+ AI bot families detected at the edge and served optimised content with appropriate rate limits.

robots.txt updated with specific rules for 10+ AI crawler types, blocking abusive scrapers from sensitive paths.

Sitemap.xml now includes all page types with appropriate priorities and update frequencies.