v0.10.0

• Admin dashboard — Complete overhaul featuring tabbed settings, queue health monitoring with events log, overview widgets, a powerful reusable DataTable component (search, pagination, faceted filters, bulk actions), confirmation dialogs for destructive actions, robust error/retry handling, and role-aware UI.
• Async job queue system — New background job queue with retry and backoff for long-running operations (room/user deletion, suspension, S3 chat upload cleanup). Includes bulk admin endpoints.
• New subsystems:
  • Recording (foundational wiring, config, and cascade cleanup on room soft-delete).
  • Outbound webhooks with HMAC-SHA256 signing for room events.
  • Full email verification flow (canonicalization, cooldowns, verification audit trail, auto-login on success, dedicated admin settings tab).
• Security & hardening:
  • Configurable rate limiting (YAML + environment overrides) with tests.
  • In-memory banned user cache + middleware guards.
  • Password hashing upgraded to SHA-256 + bcrypt.
  • Atomic refresh token rotation.
  • Passkey improvements (clone detection, scoped deletes, stateless ChallengeStore).
  • Input sanitization, SafeIO package for symlink-safe file operations, Helmet middleware, body size limits.
• TLS & LiveKit integration — Multi-algorithm self-signed certificate generation (ed25519 / ecdsa / rsa) with renewal and PEM validation, scheduler-driven auto-renewal, new bedrud cert CLI command, automatic TURN/TLS configuration for embedded LiveKit from the server certificate, SAN support, and outbound IP handling.
• Resource governance — Room participant limits (maxParticipantsLimit), upload quotas with S3 deletion on cleanup, chat message retention policies, persistent rooms (admin-pinned rooms that skip idle/expiry cleanup), and room soft-delete with scoped name uniqueness.
• CLI — Complete migration from custom flag parsing to Cobra + Viper. New rich subcommands for users, rooms, configuration, settings, invite tokens, database, and certificates. Added --admin flag for direct superadmin creation during bootstrapping. Role parameter support on promote/demote.
• Frontend performance & UX — React.lazy + Suspense for heavy dependencies (recharts admin chart, react-markdown), extensive meeting room stabilization (memoization, stable refs/handlers/keys to reduce re-renders and fix DOM reuse issues), full conversion of meeting room to Tailwind CSS, ErrorBoundaries, accessibility improvements (RTL logical CSS properties, ARIA attributes, skip links, reduced motion, focus management), and a new DisconnectedOverlay with timeout and manual recovery.
• Internationalization — Initial react-intl + IntlProvider setup in the web app with string extraction for auth and error pages. Comprehensive documentation updates and new guides across all 10 supported locales.
• Meeting experience — Disconnected overlay with 30s timeout + retry/leave, focus trap, secure context banner, chat clustering and key stability fixes, elapsed time display, push-to-talk microphone state restoration, and proper AudioContext cleanup on mobile.

Backend & API

New Features & Subsystems

• Recording subsystem (bootstrap wiring, configuration, cascade cleanup on soft-delete, Swagger updates).
• Outbound webhook dispatch with HMAC-SHA256 signatures for room events.
• Email verification (POST endpoint with JSON response and auto-login, canonicalization, cooldown, audit trail, admin settings tab).
• Structured ApiError responses and hydrated auth success payloads.
• Health (/health) and readiness (/ready) check endpoints.
• Admin TLS certificate info, startup validation, and daily expiry checks via scheduler.
• Room soft-delete, suspend endpoint, persistent rooms, capacity enforcement (atomic join), and bulk admin operations.
• Admin user deletion (async 3-phase), force-logout, and set-password endpoints.

Security & Platform Hardening

• Configurable rate limiting with YAML/env support and tests.
• In-memory banned user cache and middleware guards.
• Password hashing upgrade (SHA-256 + bcrypt) and related infrastructure.
• Atomic refresh token rotation (UpdateRefreshTokenAtomic).
• Passkey clone detection, scoped deletion, and migration to in-memory ChallengeStore.
• OAuth and passkey signup flow hardening.
• SafeIO package providing symlink-guarded file operations (adopted for TLS and logging).
• API hardening with Helmet middleware, request body limits, and auth/guest rate limiting.
• SQLite optimizations (WAL mode, foreign key constraints) and model type fixes.

Operations & CLI

• Full migration of the CLI entrypoint to Cobra + Viper command structure.
• New subcommands: user (create with --admin, promote/demote with role, delete, set-password), room, config, settings, invite-token, db, cert.
• Improved flag parsing, syntax consistency (--config placement), and cross-compile fixes.
• Go version updated to 1.26 across manifests; Cobra/Viper promoted to direct dependencies.
• Scheduler enhancements: guest cleanup, idle room deactivation, periodic token cleanup, and certificate auto-renewal.

Testing & Documentation

• Added integration tests, negative authorization tests, and room CRUD/participant/transactional tests.
• Multiple Swagger documentation regenerations for new endpoints (verify, recording, webhook, email verification, health, cert, etc.).

Admin Panel & Dashboard

• Major architectural refactor into tabbed settings (email, webhook, TLS, etc.), queue health dashboard with live events log, and overview widgets.
• Introduced reusable DataTable components with search, pagination, faceted filters, and bulk actions.
• Confirmation dialogs (AlertConfirmDialog) for all destructive admin actions (ban, promote, kick, bulk operations).
• Proper error state handling: banners + retry buttons on admin queries; onError toasts on mutations.
• Role badges (admin/moderator) and Guest account indicators in user tables, with direct links to detail pages.
• TLS certificate status card and indicator in dashboard and settings.
• Significant component extraction and dead code removal (deleted ~539 lines of legacy UserTable/RoomTable in favor of RoomCard + PasskeyButton).
• Improved loading and error UX across admin routes (replaced beforeLoad with loader-based server-confirmed admin checks).

Web Frontend (React + TanStack Start)

Internationalization

• Installed react-intl and added IntlProvider wiring.
• Initial string extraction for authentication and error pages.

Performance

• Dynamic imports via React.lazy + Suspense for recharts (admin overview chart) and react-markdown.
• Extensive memoization, stable callback refs, and data-attribute usage in meeting components to reduce unnecessary re-renders.
• Stable keys for chat display items (clusters, separators, system messages) to prevent React DOM reuse bugs on new messages.

Meeting Room

• Complete conversion from inline styles to Tailwind CSS classes.
• Added ErrorBoundary wrappers.
• New DisconnectedOverlay component with spinner, 30-second timeout, and manual retry/leave actions.
• Focus trap and secure context warning banner.
• Chat refinements and performance fixes.
• Elapsed meeting time display (removed unused LIVE badge).
• Proper cleanup of AudioContext on mobile and restoration of mic/PTT state on unmount.
• Unmount-safe async state updates in auth routes and meeting components.

Accessibility & UX

• Widespread accessibility improvements: logical CSS properties for RTL support, ARIA attributes on buttons, type="button" where appropriate, skip links, reduced motion preferences, aria-live regions, and icon labeling.
• Polished authentication flow, dashboard layout, home page, user settings, and video preferences (webcam mirror toggle).
• Added forgot/reset password flow.
• New catch-all 404 route (routes/$.tsx) using ErrorPage component.

Build & Components

• Updated build configuration for Bun runtime and improved vendor chunk splitting.
• Added PWA manifest with icons, screenshots, and description.
• Added new shadcn/ui components and ErrorBoundary infrastructure.
• Removed unused props and cleaned up component APIs.

Documentation & Internationalization (Site)

Extensive updates across all 10 locales (en, de, fr, es, zh, ja, tr, fa, ar, ru):

• Architecture, API authentication, backend, and configuration documentation.
• New "Roles" guide.
• TLS improvements (multi-algorithm certificates, auto-configuration with LiveKit, SAN support, renewal, distribution, and internal guides).
• Resource governance features (room limits, upload quotas, chat retention).
• CLI reference documentation (new --admin flag and subcommands).
• Health and readiness checks, behind-proxy deployment guide.
• New blog post: "ed25519-self-signed-certs" (all 10 locales).
• Agent skills documentation (AGENTS.md) and repository guide updates covering the queue system, admin panel, lkutil, services, ChatUpload, and frontend conventions.
• Sidebar and i18n key synchronization.

Desktop App (Rust + Slint)

• Fixed audio device enumeration (correct device name and ID extraction).
• Migrated to keyring-core crate with proper native store initialization.
• Cleaned up desktop authentication UI (removed redundant error label padding).
• Dependency group bumps via Dependabot (cargo-all).

Android App

• Multiple Gradle dependency group updates.
• Added internationalization / localization support (initial translations and resource handling).
• Lint fixes for translatable resources.

Dependencies & Tooling

• Numerous Dependabot updates across:
  • Go modules (server)
  • Cargo (desktop)
  • Gradle (Android)
  • GitHub Actions
• Go version bumps to 1.26 in multiple locations.
• Promoted cobra and viper from indirect to direct dependencies.
• Added .gitattributes for accurate language detection in repository statistics.
• Workflow, build configuration, and gitignore maintenance.

Other Changes

• Many small fixes, format consistency improvements, prop cleanups, and revert commits.
• Added .gitkeep to server/frontend/ to preserve the embed directory during builds.