Release notes — CareNova 1.1.0

Release date: April 17, 2026
Channel: General availability (dashboard + public landing)

Summary

CareNova 1.1.0 tightens multi-tenant (SaaS) access, aligns public landing pages with a single clinic context end-to-end, improves branding and favicon behavior on landing, and adds print-ready invoice PDFs from the clinic management system dashboard—including a single merged PDF when multiple invoices are selected.

Added

Invoice PDFs — Download a printable PDF per invoice from the invoice list actions.
Bulk invoice PDF — When multiple invoices are selected, download one combined PDF (one invoice per page).
Invoice selection — Checkbox per row, select-all for the current page, and bulk toolbar actions (download, delete, clear selection).
Clinic-scoped landing URLs — Middleware ensures public landing routes include ?clinic=; cookie-based fallback when the query is missing.
Landing clinic context in links — Internal landing navigation preserves the active clinic query parameter across home, appointment, blog, and policy pages.
Clinic unavailable experience — Dedicated handling when a workspace/clinic target cannot be resolved in SaaS flows.
Clinic staff management (workspace) — Add, update, and remove clinic staff from the workspace UI.
Workspace logout confirmation — Confirm before signing out from the workspace top bar.
Request correlation — Middleware logging includes request identifiers for easier tracing.
Localization — New/updated strings for invoice bulk actions, download flow, and common “Download” label across supported locales.

Changed

SaaS access control — Authenticated access to clinic dashboards is gated on workspace membership where SaaS mode applies.
Active clinic resolution — Cookie and workspace targeting behavior adjusted so SaaS mode does not fall back to unintended global defaults.
Platform / super-admin workspace entry — Opening a workspace routes to the correct clinic dashboard; middleware honors explicit workspace targeting and staff-login fallbacks where required.
Public landing composition — Landing pages use cached, merged settings for performance and consistency with tenant branding.
Landing favicon — Landing routes use tenant-aware favicon metadata (aligned with branding preview), not a single static app icon for all tenants.
Landing Page Settings (Logo & Identity) — Server actions resolve the active workspace clinic in SaaS mode so dashboard branding matches the public preview.
Notifications — Queries and mutations scoped to the active clinic; clearer behavior when no active clinic is present.
Database tooling — .env.example expanded with connection and migration guidance; Drizzle introspection uses a connection timeout to avoid hangs on bad endpoints.
Settings → Version — Version tab lists all releases from /versions/*.md (newest first), each expandable.
Dashboard sidebar — Top navigation group no longer uses a clinic-type “Overview” banner label; section headers can be omitted for a cleaner layout.

Removed

Invoices CSV export (toolbar) — The export control was removed from the invoices search bar in favor of PDF-based print workflows.

Fixed

Incorrect landing branding in dashboard — Landing settings for the active SaaS workspace could show default/general assets while preview showed the correct clinic; resolution now follows the active workspace clinic.
Translation fallbacks — Missing keys that surfaced as raw paths (e.g. download-related toasts) are covered by proper invoices.* and common.* entries.
Landing → dashboard data mismatch — Appointments created from public landing pages now consistently appear inside the correct clinic dashboard (patients, appointments, and notifications stay in sync).
Notification UX — Notification bell now shows an unread count badge and stays responsive to new items.
Staff onboarding approvals — Admins can optionally auto-accept new staff signups per clinic; when disabled, pending staff see a clear pending approval state during sign-in.
Logout & redirects — Unauthenticated access to /dashboard routes back to the intended platform admin entry when no clinic context can be resolved.

Security

Cross-tenant dashboard access — SaaS mode enforces membership before serving clinic-scoped dashboard experiences.
Workspace targeting — Invalid or unknown workspace codes route to a safe clinic unavailable state instead of ambiguous access.
Workspace isolation — New clinics are no longer auto-linked to unrelated platform/demo operators by default.

Upgrade & rollout notes

No mandatory database migration for this release line; deploy using your normal checklist.
Verify after deploy: workspace cookies, landing URLs with ?clinic=, invoice PDF generation (single + bulk), and Settings → Version changelog rendering.
Bookmarks: Bare landing URLs without ?clinic= are redirected to a clinic-scoped URL via middleware and cookie fallback.

Compatibility

Next.js: 14.x (App Router)
Existing v1.0.0 installations: Upgrade in place; review SaaS env flags and workspace onboarding URLs if you use custom domains or deep links.

Summary

Added

Invoice PDFs — Download a printable PDF per invoice from the invoice list actions.

Bulk invoice PDF — When multiple invoices are selected, download one combined PDF (one invoice per page).

Invoice selection — Checkbox per row, select-all for the current page, and bulk toolbar actions (download, delete, clear selection).

Clinic-scoped landing URLs — Middleware ensures public landing routes include ?clinic=; cookie-based fallback when the query is missing.

Landing clinic context in links — Internal landing navigation preserves the active clinic query parameter across home, appointment, blog, and policy pages.

Clinic unavailable experience — Dedicated handling when a workspace/clinic target cannot be resolved in SaaS flows.

Clinic staff management (workspace) — Add, update, and remove clinic staff from the workspace UI.

Workspace logout confirmation — Confirm before signing out from the workspace top bar.

Request correlation — Middleware logging includes request identifiers for easier tracing.

Localization — New/updated strings for invoice bulk actions, download flow, and common “Download” label across supported locales.

Changed

SaaS access control — Authenticated access to clinic dashboards is gated on workspace membership where SaaS mode applies.

Active clinic resolution — Cookie and workspace targeting behavior adjusted so SaaS mode does not fall back to unintended global defaults.

Platform / super-admin workspace entry — Opening a workspace routes to the correct clinic dashboard; middleware honors explicit workspace targeting and staff-login fallbacks where required.

Public landing composition — Landing pages use cached, merged settings for performance and consistency with tenant branding.

Landing favicon — Landing routes use tenant-aware favicon metadata (aligned with branding preview), not a single static app icon for all tenants.

Landing Page Settings (Logo & Identity) — Server actions resolve the active workspace clinic in SaaS mode so dashboard branding matches the public preview.

Notifications — Queries and mutations scoped to the active clinic; clearer behavior when no active clinic is present.

Database tooling — .env.example expanded with connection and migration guidance; Drizzle introspection uses a connection timeout to avoid hangs on bad endpoints.

Settings → Version — Version tab lists all releases from /versions/*.md (newest first), each expandable.

Dashboard sidebar — Top navigation group no longer uses a clinic-type “Overview” banner label; section headers can be omitted for a cleaner layout.

Fixed

Incorrect landing branding in dashboard — Landing settings for the active SaaS workspace could show default/general assets while preview showed the correct clinic; resolution now follows the active workspace clinic.

Translation fallbacks — Missing keys that surfaced as raw paths (e.g. download-related toasts) are covered by proper invoices.* and common.* entries.

Landing → dashboard data mismatch — Appointments created from public landing pages now consistently appear inside the correct clinic dashboard (patients, appointments, and notifications stay in sync).

Notification UX — Notification bell now shows an unread count badge and stays responsive to new items.

Staff onboarding approvals — Admins can optionally auto-accept new staff signups per clinic; when disabled, pending staff see a clear pending approval state during sign-in.

Logout & redirects — Unauthenticated access to /dashboard routes back to the intended platform admin entry when no clinic context can be resolved.

Security

Cross-tenant dashboard access — SaaS mode enforces membership before serving clinic-scoped dashboard experiences.

Workspace targeting — Invalid or unknown workspace codes route to a safe clinic unavailable state instead of ambiguous access.

Workspace isolation — New clinics are no longer auto-linked to unrelated platform/demo operators by default.

Upgrade & rollout notes

No mandatory database migration for this release line; deploy using your normal checklist.

Verify after deploy: workspace cookies, landing URLs with ?clinic=, invoice PDF generation (single + bulk), and Settings → Version changelog rendering.

Bookmarks: Bare landing URLs without ?clinic= are redirected to a clinic-scoped URL via middleware and cookie fallback.