Changelog

All notable changes to VerifyKit will be documented in this file.

The format is based on Keep a Changelog.

[0.5.0] -- 2026-03-26

Improved

Full codebase audit: resolved all TypeScript type errors, unused variables, and dead code across core, react, and plugin-revocation packages
Rust/WASM engine: zero clippy warnings — replaced manual iterator patterns with idiomatic contains(), strip_prefix(), ? operator, and const thread-local initializers
Removed dead functions (injectIconIntoStream, getBannerSub), unused imports, and stale constants
Fixed type safety in plugin-revocation handler and proxy request paths
ESLint configuration overhauled: proper ignore patterns for generated files, _-prefix convention for unused params, removed inapplicable react-refresh rules
All workspace dependency references aligned to wildcard (*) for consistent local resolution
Fresh production builds verified clean across all packages

[0.4.6] -- 2026-03-26

Added

PAdES conformance tab in signature properties with progress bar and level timeline
PAdES level badges (B-T, B-LT, B-LTA) and TIMESTAMP badge in signature panel
Document Timestamp label and TSA name display for ETSI.RFC3161 signatures
SDK logo in viewer About modal, documentation header, and favicon
Branded name with logo colors (Verify in cyan, Kit in default)
About modal redesigned with logo, capability pills, link cards, and TrexoLab product link
Five new documentation pages: Security, Testing, Internationalization, Browser Support, Error Reference
Documentation version badge in website header (read from root package.json at build time)

Fixed

PAdES B-LTA detection: upgrade B-LT signatures when followed by RFC3161 document timestamp
PAdES level detection restricted to ETSI signatures only (PKCS#7 signatures no longer incorrectly tagged as PAdES)
padesLevel field now optional (null for non-PAdES signatures like adbe.pkcs7.detached)
Documentation audit: 15 files corrected (wrong props, broken examples, stale versions, missing types)

Changed

Details tab redesigned: verdict-first layout, verification checks promoted, signer card with avatar
Removed GitHub references from documentation website
All hardcoded version numbers removed from documentation (single source of truth via root package.json)

[0.4.5] -- 2026-03-26

Fixed

Display status aligned with Adobe Reader DC default behavior — valid signatures with unchecked revocation now show as "Valid" instead of "Unknown" (matches Adobe's non-strict revocation mode)
Missing React key props in plugin overlay, right panel, and page overlay collection functions

Added

Changelog page added to documentation site
Mermaid diagram rendering support in documentation
Architecture diagrams (SDK overview + verification pipeline) using Mermaid
"Adobe Reader Aligned" capability added to About modal
npm run version:sync script — single source of truth for version across all packages
Version and release guide (docs/creating-a-package.md)

Changed

About modal redesigned — technology-neutral descriptions, cleaner layout with bordered cards, copyright footer
Polyfills no longer need separate import — auto-included via main entry point

[0.4.4] -- 2026-03-25

Added

Certificate chain resolution with AKI/SKI matching and PKCS#7 embedded certificate support
Acro6 layer icons loaded from SVG source files instead of hardcoded paths

Fixed

Signature display aligned with Adobe Reader for expired certificates, certification level, and N4 text
Keyboard shortcuts now toggle instead of one-shot activate
Multi-field signatures sharing a single PKCS#7 blob are correctly detected
Unknown signature status aligned with Adobe Reader DC behavior
Signature validation for malformed PDFs aligned with Adobe Reader
H/V SVG path commands handled in Acro6 icon converter

Changed

Documentation synced with recent SDK changes
Homepage redesigned with stone palette, SEO metadata, and grid sections
Demo site restyled with dark-first design tokens, Geist fonts, muted palette, and flat styles

[0.4.3] -- 2026-03-17

Fixed

ETSI.RFC3161 document timestamp integrity check -- use TSTInfo messageImprint instead of signedAttrs messageDigest for document timestamps (PAdES B-LTA)
Document timestamp EKU validation -- accept id-kp-timeStamping (1.3.6.1.5.5.7.3.8) for TSA certificates instead of requiring document-signing EKUs
PDF field name extraction from binary stream data -- strict delimiter validation prevents /T matches inside compressed streams from corrupting the field name
Signature widget overlay matching for multi-page fields -- handle sibling-replica suffix (_sr{N}) and shared /V reference patterns
Appearance layer swap (Acro6) for PDFs with multiple widget annotations sharing a single signature value
Revocation check leniency for failed document timestamps -- require valid CMS signature before granting timestamp grace period

Added

Scroll-to-signature on panel click -- viewport centers on the signature field with 4-blink highlight animation (matching Adobe Reader behavior)
Widget registry in signature plugin for cross-page widget lookup
Shared field-name-utils.ts utility for normalized field name matching across the codebase

Changed

Overall verification messages use "Document timestamp" language for ETSI.RFC3161 signatures instead of generic "Signature" wording
Document timestamp signing time extracted from TSTInfo genTime (the CMS itself is the timestamp)
Extracted duplicated field name suffix stripping into shared normalizeFieldName() / isSameFieldFamily() helpers (was duplicated in 3 files with inconsistent order)
Removed redundant overall_message.to_string() allocation and trivial extract_tst_gen_time_from_econtent wrapper
Marked file-dependent integration tests with #[ignore] for CI compatibility

[0.4.2] -- 2026-03-16

Changed

Enable wasm-opt -Oz post-compilation pass -- WASM binary reduced by 15.7% (1297 KB to 1093 KB)
Switch Rust build from opt-level = 3 to opt-level = "z" (size-optimized) with per-crate overrides keeping crypto crates (RSA, ECDSA, Ed25519) at full speed
Async base64 decode via fetch(data:...) in browser -- avoids 1.3 MB intermediate atob() string, reducing peak init memory
Trust store refactor: removed unused all field, ownership transfer instead of cloning, single-pass classification with inline root_dns build -- reduces heap allocations by ~1 MB

[0.4.1] -- 2026-03-16

Fixed

Support BER indefinite-length CMS encoding (0x30 0x80) -- PDF signatures using this encoding were rejected by the ASN.1 parser, causing all verification checks to cascade-fail
DSS extraction now resolves latest object revision in incremental PDF updates -- fixes LTV/DSS revocation data not being found when the catalog was updated after signing

Changed

Bump version to 0.4.1

[0.4.0] -- 2026-03-16

Changed

Version bump to 0.4.0

[0.3.3] -- 2026-03-16

Changed

Flicker-free appearance swap for PDF page rendering
Single-render VerificationFloater for improved performance

Added

Automated registry and CDN update via npm run pack:registry command

[0.3.2] -- 2026-03-15

Added

Embedded VerificationFloater component in the viewer
Smart context menu with signature-aware actions
Live demo page
CORS headers on revocation API route for cross-origin requests
Revocation guide added to documentation navigation

Changed

workerUrl is now mandatory -- removed auto-detection and bundled worker
Updated all documentation for mandatory workerUrl configuration
Updated Viewer props API

Fixed

pdfjs-dist getOrInsertComputed compatibility error
Polyfill issues resolved

[0.3.1] -- 2026-03-13

Added

Base64-embedded WASM binary for universal bundler compatibility -- no external .wasm file needed, works in Vite, webpack, Next.js, Node.js, Deno, and Bun with zero configuration
Comprehensive documentation update covering all packages
pack-registry script for building registry tarballs

Changed

Aligned all packages to v0.3.1
Fixed type declaration paths across all packages
Removed registry tarballs from git tracking