QANode Logo

Community Edition

Escolha sua versão

Selecione o sistema operacional para baixar o instalador.

macOSmacOS (Arm64)

Instalador disponível para Apple com processador Arm64.

Baixar para macOS

Changelog

v0.8.6Latest2026-07-10

Added

  • **Connect AI in Desktop Community**: QANode Desktop Community now includes a highlighted **Connect AI** page that detects Codex, Claude Desktop, and Cursor and can add QANode to them with one click. It also shows the connection status and provides a manual configuration for other MCP-compatible clients. The connection stays local to the computer and is available only while QANode is open.
  • **AI access to Community workflows**: connected AI assistants can now use the Community edition to work with projects, official QANode documentation, scenarios, components, suites, Web and Mobile automation, API, database and file nodes, executions, diagnostics, and artifacts. Features exclusive to Enterprise remain available only in the Enterprise MCP profile.
  • **Chrome recorder guidance**: users who have not yet used QANode Recorder now receive a direct Chrome extension recommendation after completing the guided tour or when adding their first Smart Web Flow manually.

Fixed

  • **Scenario runs started by AI in Community**: complete scenario executions requested through a connected AI now use the normal Community execution path, so they start correctly and appear in QANode's execution history.
v0.8.52026-07-03

Added

  • **On-demand PDF reports**: report templates now include a setting to choose whether QANode generates the PDF automatically when a run finishes or only when someone downloads it. On-demand generation helps reduce storage usage in environments with many executions, and the download flow shows progress while the PDF is prepared.
  • **Skipped nodes during normal runs**: any node can now be marked as ignored from the properties panel. Ignored nodes stay on the canvas for drafts or experiments, but normal scenario/component runs record them as skipped instead of executing them.
  • **Manual invite fallback**: administrators can use a manual invite mode from the Users settings when SMTP is unavailable, creating the pending user and showing the invite link so it can be sent directly.
  • **Friendly run failure hints**: run details now show one translated possible-cause hint for failed steps when the error matches common issues such as expired sessions, broken expressions, missing files, ambiguous or hidden targets, disabled/read-only fields, timing, assertion mismatches, blocked clicks, and expected effects that did not appear.

Changed

  • **Report generation defaults**: the default report templates now use on-demand PDF generation, while automatic PDF creation can still be enabled per template when the team prefers immediate evidence availability.
  • **Session configuration defaults**: web and mobile flow nodes now make persisted sessions the default when switching to session reuse, while keeping in-memory sessions available for advanced cases.
  • **Run outputs are less noisy**: Smart Web browser console output is now shown in the variables/output panel only when browser console capture is enabled, matching the behavior of accessibility and performance outputs.
  • **Smart Web MCP guidance**: MCP authoring guidance now documents skipped nodes and target-reference behavior more clearly, helping AI-assisted edits avoid hiding failures or creating weaker Smart Web steps.

Fixed

  • **Smart Web recording for repeated form fields**: consecutive fill steps are no longer merged just because two different fields share a repeated selector such as the same `name` attribute. This prevents recordings from losing fields in forms with repeated sections like billing and shipping addresses.
  • **Smart Web target references in repeated UI**: Smart Web capture is more conservative when adding row/card context, improving repeated table, list, card, kanban, Salesforce, SAP/UI5, and ServiceNow-style screens without adding context to generic repeated text.
  • **Smart Web SAP/UI5 handling**: recorder and replay behavior was improved for SAP/UI5 tables, rows, hidden select controls, technical resize handles, scrollable containers, tiles, and list/table row clicks.
  • **Smart Web assert reliability**: text assertions now handle rendered text and whitespace more consistently, and assert modes for hidden, count, enabled, disabled, checked, value, attribute, URL, and title now behave according to the selected mode.
  • **Smart Web optional scroll cleanup**: run details can now recommend removing optional scroll steps when Smart Web proves they were not needed, similar to the existing optional-hover cleanup.
  • **Portuguese and Spanish UI labels**: report settings, manual invites, skipped nodes, Smart Web assert modes, and the report-template save toast received missing translations.
v0.8.42026-06-30

Added

  • **Project document previews**: project attachments can now be opened directly in QANode before downloading. PDFs, images, videos, and audio files open in an embedded viewer; text, code, logs, emails, and DOCX files show readable text previews; CSV, TSV, and XLSX files show tabular previews with row limits for large files.
  • **Richer project document list**: documents now show file-type badges and previewable file names open the new preview screen from the project documentation tab.
  • **Project list view mode**: the Projects page now supports both grid and list views, including project dates, status, scenario count, and actions in a denser layout. The selected view is remembered for the user.

Changed

  • **Chrome recorder defaults to Smart Web Flow**: the browser extension now starts in Smart Web Flow mode by default, keeping new recordings aligned with the recommended web automation node.
  • **Custom JavaScript starter code**: new Custom JavaScript nodes still get the helpful starter template, while existing nodes without saved code no longer have sample code injected into the editor.
  • **Project document downloads and previews**: more file types now receive appropriate content types, improving how browsers display or download project documents and artifacts.

Fixed

  • **Smart Web reliability for SAP/UI5 apps**: Smart Web capture now prefers stable title-based locators for SAP/UI5 shadow buttons that have no visible or accessible name.
  • **Smart Web self-healing suggestions**: run details now avoid promoting risky generated CSS id fallbacks for SAP/UI5-style pages, reducing noisy or fragile locator recommendations.
  • **XPath Inspector recording**: selecting an element in XPath Inspector mode no longer activates the underlying page while the extension is capturing the target.
  • **Settings table readability**: integration token tables now handle long names and keys better, and audit log tables show clearer labels for project document uploads, cancellations, and project document entities.
v0.8.32026-06-16

Added

  • **Project document search for MCP**: AI clients can now search relevant snippets inside project documents without reading the entire attachment first, with support for PDFs, OCR-capable PDFs/images, DOCX, text, JSON, CSV, and spreadsheets.
  • **Official QANode documentation through MCP**: AI clients can now search and read QANode documentation by language and section, making product guidance easier to access without loading the full documentation manually.
  • **Node import for MCP-assisted authoring**: AI clients can copy selected nodes from one scenario into another, including internal edges, label conflict handling, simple expression rewrites, and warnings for references that need review.
  • **Smart Web browser console capture**: Smart Web Flow can now capture browser console messages, warnings, page errors, and errors, optionally fail on console errors, and expose a downloadable console log in run details.
  • **Screenshot timestamps in report templates**: report templates can now show the capture timestamp next to screenshots in generated PDFs.

Changed

  • **Mobile Flow execution feedback**: Mobile Flow nodes now show step progress on the canvas while a run is executing, matching the experience of other step-based nodes.
  • **Dashboard widget editing**: widget previews, default sizes, placement behavior, field auto-detection, gauges, funnels, heatmaps, scatter/bubble charts, tables, progress columns, tooltips, legends, and conditional formatting were refined for a more consistent editing experience.
  • **Dashboard query handling**: dashboard data now handles executor names, date formatting, chronological ordering, decimals, and progress-friendly numeric columns more consistently.

Fixed

  • **Dashboard rendering and editing**: metrics, gauges, tables, heatmaps, funnels, scatter/bubble charts, legends, tooltips, conditional formatting, and progress columns received rendering and editing fixes.
  • **Dashboard widget placement**: newly added widgets better respect the final dashboard position and the minimum row height needed by larger widgets.
v0.8.22026-06-11

Changed

  • **Faster lists in large environments**: scenarios, projects, suites, executions, and project details now load with less waiting.
  • **Lighter filters and selectors**: project, suite, and scenario fields now search and load results progressively, keeping modals and filters responsive even with many records.
  • **More responsive reports and dashboards**: dashboards, totals, success rates, failures, and daily history were optimized for larger execution datasets.
  • **More efficient suite history**: last-run and reliability indicators now load faster for suites with larger histories.

Fixed

  • **Date-based dashboard charts**: widgets grouped by date now order results more reliably.
  • **Dropdowns in modals**: selectors now preload results, avoid empty messages before searching finishes, load more items while scrolling, and fit better inside the available space.
  • **Scenario selection in suites**: the suite editor now continues loading available scenarios as the user scrolls the list.
v0.8.12026-06-07

Added

  • **QANode MCP server**: QANode can now be used by AI assistants through MCP to create, inspect, diagnose, and maintain projects, scenarios, credentials, variables, executions, Smart Web flows, Mobile flows, components, suites, defects, dashboards, and run artifacts with the same permission model used by the platform.
  • **AI-assisted scenario authoring**: AI assistants can now create scenarios, add and connect nodes, update node settings, validate graphs, test a single node while building, run a complete scenario for final validation, and cancel stuck executions.
  • **AI-assisted Smart Web and Mobile recording**: AI assistants can open live browser or mobile sessions, record steps, inspect screenshots/snapshots, reuse sessions when appropriate, save recordings as QANode nodes, and help repair saved steps.
  • **Project document reading through AI**: AI assistants can read project attachments such as PDFs, scanned PDFs/images with OCR, DOCX, text, JSON, CSV, and XLSX files to help create scenarios from project documentation.
  • **Dashboard SQL widgets**: dashboards now support guarded read-only SQL widgets for advanced analytics that are too complex for the visual query builder.
  • **New dashboard visualizations**: dashboards now include gauge, donut, funnel, calendar heatmap, scatter, bubble, stacked line, stacked area, and richer table widgets with progress columns and conditional formatting.
  • **Custom nodes through AI authoring**: custom nodes/providers available in QANode can now be discovered and used by AI assistants when building scenarios or components.

Changed

  • **Run details are easier to scan**: execution details now emphasize the user-facing node label before technical identifiers, making failed or slow steps easier to locate.
  • **Dashboard authoring experience**: widget previews, field auto-detection, default widget sizes, widget placement, progress columns, conditional formatting, colors, legends, and tooltips were refined for the expanded dashboard set.
  • **Dashboard data handling**: dashboard queries now handle executor information, date grouping, date formatting, decimal values, and chronological time-series ordering more consistently.
  • **Smart Web target context wording**: locator context is now presented as the target reference, making repeated rows/cards easier to understand when a step needs to act on a specific item.
  • **Smart Web target reference visibility**: target references can now be shown even when the step does not use `nth`, making scoped Smart Web steps easier to inspect and adjust.
  • **Mobile Flow execution feedback**: Mobile Flow nodes can now show richer step progress and highlight context during execution.

Fixed

  • **React Router open redirect advisory**: `react-router-dom` was updated to `6.30.4` in the frontend and desktop packages, resolving the reported same-origin protocol-relative redirect advisory.
v0.8.02026-06-02

Added

  • **File automation nodes**: new Files section for generating TXT, JSON, CSV, Excel, and PDF files, converting Base64 to files, converting files back to Base64/data URIs, and extracting PDF, CSV, Excel, TXT, and JSON content through a unified Extract File node, with run artifacts available for download in execution details.
  • **Component file inputs and outputs**: components can now declare `fileRef` inputs and outputs, upload file test data in component input nodes, pass file references through component calls without stringifying them, and expose component file outputs to downstream nodes.
  • **Common header suggestions for HTTP requests**: the header name field in the API (HTTP Request) and Performance (Load Test) nodes now autocompletes common HTTP headers (Content-Type, Authorization, Accept, and more) while still accepting any free-text header name, similar to Postman.
  • **Smart Web Flow file handling**: Smart Web Flow can now upload files through recorded file-input steps and automatically captures files downloaded by normal click steps as downstream `fileRef` outputs.
  • **Chrome extension file recording for Smart Web Flow**: the Smart Web recorder now detects file inputs, records upload steps with file metadata, opens the native file picker during inspector recording, and marks missing upload files in the flow before execution.
  • **Mobile Flow file handling**: Mobile Inspector and Mobile Flow now support sending files to the device and capturing files generated by the app. Downloads can use exact device paths or pick the newest file in a selected folder, with Android public folders and iOS app-container Documents support, filename patterns, output filenames, and MIME type configuration.
  • **Email attachment file outputs**: Email Inbox can now include attachments as file references, with filters for attachment name/MIME type, optional inline attachment inclusion, and an option to require a matching attachment before the node succeeds.
  • **SSH file transfer steps**: SSH Command now supports explicit upload and download steps alongside commands. Uploads can target the current remote folder or a remote path, downloads can read from the current folder or a full remote path, and downloaded files are exposed as downstream file references.
  • **Custom JavaScript file helpers**: Custom JavaScript nodes can now read and write file artifacts with `files.read`, `files.readText`, `files.write`, and `files.writeText`. Files written from custom code are stored as artifacts only, with safe filename handling, per-file/per-node size limits, and dangerous extension/MIME blocking.
  • **Provider file artifacts**: external providers can now return artifacts with `type: "file"` and base64 content; QANode stores them as run artifacts, infers MIME type when omitted, and exposes them as downstream `fileRef` outputs. Provider artifacts are now intentionally limited to `screenshot` and `file`.

Changed

  • **Syntax-highlighted node outputs**: JSON outputs from node unit tests and run steps are now color-coded (keys, strings, numbers, booleans, and null each get their own color) instead of rendering as a single flat color, both in the app and in the generated PDF reports — making outputs far easier to scan, like Postman and browser dev tools.
  • **Syntax-highlighted JSON request editors**: the Headers and Body editors of the API (HTTP Request) and Performance (Load Test) nodes now color JSON keys and values as you type, while keeping `{{ }}` variable expressions highlighted, in both light and dark themes.
  • **HTTP request body and file handling**: HTTP Request now has explicit Postman-style body modes (`none`, JSON, raw text, x-www-form-urlencoded, multipart/form-data, and binary file), imports cURL commands into the matching visual body mode, and exposes binary or attachment responses as file references for downstream nodes.
  • **HTTP request output contract**: HTTP Request now promotes a cleaner output surface in the variables panel: `status` plus `body` for text/JSON responses, or `status` plus `fileRef` for file responses. Legacy fields such as `statusCode`, `headers`, `json`, `text`, and `rawBody` remain available for manual expressions during the compatibility window, but are no longer suggested to users.
  • **Performance Load Test request builder**: Load Test now mirrors the HTTP Request body options for request generation, including query parameters, raw/JSON bodies, x-www-form-urlencoded fields, multipart/form-data, and binary file bodies.
  • **Variables panel UX**: the variables drawer now opens with a wider, searchable output browser while keeping the node properties width stable; outputs are grouped by source, collapsed by default, split global/project/flow variables, show type/value columns with copy actions, present file references with name/MIME/size details while hiding internal storage paths, shorten nested child labels visually, and keep the compact drag label behavior when dragging variables into fields.
  • **Custom property dropdowns**: select fields in the node properties panel inside flows now use a custom themed dropdown instead of the native browser select, for consistent styling across light and dark themes; the inline credential dialog field sizing was aligned to match the standalone Credentials page.
  • **Smart Web Inspector select options**: native select controls in the Smart Web inspector now show the available options as clickable choices instead of asking users to type the option value manually.
  • **Smart Web session storage UX**: named persisted sessions created in Smart Web nodes are stored globally so shared flows can be reused by other users, while sessions imported from the Chrome extension remain user-scoped. Reuse suggestions search both scopes, return up to 10 named sessions, hide UUID-generated session keys, and old unused sessions are cleaned up after 30 days.
v0.7.22026-05-28

Added

  • **General settings for Super Admins**: Configurations now include a dedicated **General** tab available only to Super Admin users. Global MFA controls were moved into this tab, keeping organization-wide security and maintenance options in one place.
  • **Execution evidence retention policy**: Super Admins can now configure automatic cleanup of old run artifacts from the General settings tab, with separate retention windows for successful, failed, cancelled, and sandbox-leftover executions. The cleanup protects recent executions, runs linked to defects or support tickets, and only removes eligible execution artifacts. Scheduled cleanup runs once per day after a fixed low-traffic server time.
  • **Scenario and component version history (Enterprise only)**: Scenarios now keep up to 50 user-facing save snapshots, and components keep up to 50 publish snapshots. Editors can inspect snapshots in read-only mode and restore a previous version; component restores come back as drafts so they can be reviewed before publishing again.
  • **Execution stop control**: running executions can now be stopped directly from the editor and execution lists when a run needs to be interrupted.
  • **Project variables**: project-scoped variables can now be managed directly inside each project and are shown separately from global variables in scenario editors and Custom JavaScript helpers.

Changed

  • **Mobile Inspector experience**: the Mobile Inspector now has a more polished recording interface with action colors and icons, draggable recorded steps, clearer element attributes, and selectable locator strategies before adding actions to the flow.

Fixed

  • **Execution list refresh**: the executions page no longer flashes while running suites update their child scenario statuses.
  • **Variable permissions display**: role configuration no longer shows an unused secret-value permission, keeping variable permissions aligned with the current UI behavior.
  • **Email language follows the user's QANode UI language**: password reset, user invitation, resend invitation, user import, scheduled report delivery, and alarm notifications now send messages in the same language the sender is using in QANode (PT/EN/ES). Previously the choice depended on the browser's `Accept-Language` header or fell back to English even when the interface was in Portuguese, so users on English-default browsers received English emails despite having switched the UI language. The detected language is now persisted per user and shared across requests via a centralized resolver, so background-sent alarms also respect the creator's chosen language.
  • **Active workers count on the dashboard**: a single worker process that listens to both the executions and load-tests queues is now counted as one worker instead of two. The deduplication relied on the Redis client name suffix, which BullMQ overwrites with the queue name before returning it from `getWorkers()`; the original suffix (preserved in `rawname`) is now used so multiple queues sharing the same worker process collapse to a single identity. Workers running on separate processes or hosts continue to be counted independently.
  • **Smart Web Flow self-healing apply**: legacy self-healing patches now preserve the real Smart Web step id, and older patches that only stored the step label are matched only when that label identifies a single step. This prevents successful healing suggestions from failing when the user applies them back to the flow.
v0.7.12026-05-24

Added

  • **Canvas step execution feedback**: Web Flow, Smart Locators, Smart Web Flow, and SSH Command nodes now show live step progress directly on the canvas while a run is executing, including the hidden current step when it falls under the `+N more` preview.
  • **Smart Web Inspector mode in the Chrome extension**: Smart Web Flow recording now includes an inspection mode with draggable helper panels, element highlighting, suggested actions, selector confidence, match counts, ancestor context selection, step copy/delete/reorder, extract-list field selection, and guided drag/drop capture before copying the recorded steps back to QANode.

Fixed

  • **SSH command step preview**: SSH Command nodes now show their configured command steps on the canvas card instead of appearing empty.
  • **Smart Web drag-and-drop recording**: drag captures from the Chrome extension now distinguish same-list row/item drops from board column/lane drops, improving recordings for sortable lists while preserving stable column-based targets for kanban-style boards such as Salesforce and ServiceNow.
  • **Desktop quit no longer kills the backend while the window stays open**: when a flow had unsaved changes and the user tried to close the desktop app, a race in the shutdown handler stopped the API server, the embedded PostgreSQL, and Appium before the renderer had a chance to cancel the close via its unsaved-changes guard. The result was a zombie state - the window kept the unsaved flow visible but every subsequent API call failed with connection errors. The handler now asks every window to close first and only runs the cleanup if every window actually closed, so an unsaved-changes prompt correctly aborts the shutdown and keeps the app fully usable.
v0.7.02026-05-20

Added

  • **Smart Web Flow node**: new recommended web automation node for complex web applications, with resilient recording and playback for locators, frames, scrolling, dynamic targets, validations, screenshots, self-healing, and diagnostics.
  • **Dedicated Smart Web Flow recorder**: the Chrome extension now records Smart Web scenarios with richer target identity, selector strategies, frame context, screenshots, expected effects, storage/session bootstrap, and action metadata.
  • **Full Smart Web action set**: Smart Web Flow supports navigation, page/tab switching, frames/iframes, click, double click, fill, check/uncheck, select option, key press, focus, hover, scroll, refresh, slider, drag and drop, wait, assert, extract, extract list, and extract table.
  • **Extract Table for Smart Web Flow**: users can record table/grid extraction directly by selecting a table area, producing structured tabular output without hand-building repeated item extraction.
  • **Smart Web expected effects**: recorded steps can validate useful UI outcomes such as stable DOM, visible targets, opened overlays/menus, URL/title changes, and newly opened pages.
  • **Smart Web optimization review**: successful runs can surface learned strategy improvements, wait recommendations, and optional hover cleanup so users can review and apply improvements back to the flow.
  • **Canvas annotations**: the flow editor now supports sticky annotations on the canvas, with colors, resizing, drag positioning, markdown-style text, copy/paste, duplicate, delete, and a `Shift+A` shortcut to add a new annotation.
  • **Step-level copy/paste**: Web, Smart Web, Mobile, and SSH step editors now support right-click copying of only the selected step and pasting it above or below another compatible step.
  • **Guided Smart Web demo tour**: the onboarding tour now creates a Smart Web Flow against the QANode demo site, covering navigation, clicks, forms, sliders, assertions, modals, hover menus, extraction, tables, drag and drop, iframes, and new tabs.

Changed

  • **Smart Web Flow is now the recommended web node**: legacy `Web Flow` and `Smart Locators` nodes are visually marked as legacy in the editor, and their properties panel recommends Smart Web Flow for better precision.

Fixed

  • **Project date display**: project start and end dates are now rendered as calendar dates, preventing dates saved at UTC midnight from appearing as the previous day in local time zones.
v0.6.12026-05-12

Added

  • **SQL Server query node**: QANode now supports SQL Server credentials and query execution, including SQL Server-compatible query-builder output such as `TOP (...)`, bracketed identifiers, and SQL Server boolean expressions.
  • **Switch Page / Tab for web automation**: `Web Flow` and `Smart Locators` now include a page/tab switch action, allowing recorded scenarios to continue correctly after links or buttons open a new browser tab.

Changed

  • **Faster web click execution**: `Web Flow` and `Smart Locators` no longer wait several seconds after every click just in case a new tab opens. QANode now uses a short grace period by default and waits longer only when the scenario expects a new page, reducing unnecessary execution time.
  • **Chrome extension web recording**: the recorder now captures more useful context for frames, editable fields, and links that open new tabs.

Fixed

  • **Frame recording reliability**: actions recorded inside iframes now preserve frame context more consistently, including URL-based frame matching when needed.
  • **New-tab playback reliability**: clicks that open a new tab are detected and the active page is switched automatically when appropriate.
v0.6.02026-05-11

Added

  • **Reusable Components**: component authoring now supports dedicated input/output contracts, component test executions, scenario-side component calls, required input validation, and component usage warnings before deletion.
  • **XPath Inspector page highlighting**: the Chrome extension now highlights visible page elements while XPath Inspector mode is active and flashes the selected element after capture.

Changed

  • **Security dependency hardening**: dependency overrides and BullMQ upgrades resolve the remaining high-severity `npm audit` findings.

Fixed

  • **Chrome extension deleted steps**: deleting a recorded step in the popup now synchronizes the content script state, preventing removed steps from coming back when recording continues.
v0.5.52026-05-08

Added

  • **Session bootstrap via Chrome extension**: the recorder extension now includes a **Save Session** toggle in the popup. When enabled, it captures all cookies (including `httpOnly` via the `chrome.cookies` API) and localStorage from the active tab and exports them as a Playwright `storageState` JSON. This allows bootstrapping enterprise automations that require 2FA or SSO login — log in manually once, save the session, paste it into the node's Seed Session field, and subsequent runs reuse or renew the session automatically via `storageStrategy: persisted`.

Changed

  • **Locator fallback is now sequential, not a union**: `getByRole`, `getByLabel`, and related fallback chains in `Smart Locators` were rewritten from Playwright `.or()` (which creates a union and causes strict mode violations when multiple elements match) to an async sequential strategy — each candidate is tried in order with `.count()` and the first match is used. The `getByLabel` fallback to `exact: false` is now applied only as a last resort when `exact: true` was configured and no element was found.
  • **Clicks now use `force: true` by default**: all click actions in `Web Flow` and `Smart Locators` bypass Playwright's pointer-interception check. This is required for Salesforce Lightning Web Components, where styled `<span>` overlays cover real inputs and checkboxes. Actionability checks (visible, enabled, stable) are still enforced before the click.

Fixed

  • **Loop children stay animated during all iterations**: nodes connected to a Loop via the "each" edge no longer turn green after the first iteration completes — they remain in the "running" (blue) state until all iterations finish and only turn green at the end.
  • **Accessible name resolution now includes `aria-labelledby`**: the Chrome extension's element inspector resolves `aria-labelledby` references to produce correct accessible names for Salesforce LWC and similar components that use labelled-by associations instead of direct labels. A CSS uniqueness fallback is also applied before falling back to generic `getByRole`.
  • **Screenshot sort order in run detail**: evidence screenshots are now sorted by step number first, then by phase (`before → after → fail`), ensuring before/after pairs always appear together in the correct order regardless of creation timestamp.
v0.5.42026-05-07

Added

  • **Extract List action for web automation**: `Web Flow` and `Smart Locators` now include an `Extract List` step that iterates over repeated DOM elements — rows, cards, list items — and extracts one or more named fields from each, producing an array of objects as output. The item selector and field selectors support the same strategy fallback chain used by all other web steps.
  • **Chrome extension recording for Extract List**: pressing `Ctrl+Shift+E` during recording enters a two-phase capture mode where the first click identifies the repeating item pattern and subsequent clicks select individual fields within that item. Visual overlays highlight detected items in teal and selected fields in orange while the mode is active. Clicking the REC indicator finalizes and records the step.

Changed

  • **Improved Extract selector and naming quality in the Chrome extension**: recorded `Extract` steps now use stable class-based or attribute-based selectors instead of text-based ones, automatically set `attr` to `inputValue` for form fields and `text` for other elements, and derive the output variable name from stable element attributes (`data-testid`, `aria-label`, `name`, etc.) rather than display text.
  • **Mobile Inspector extraction uses stable selectors**: extracting a value from the Mobile Inspector now uses a dedicated strategy builder that avoids dynamic content — numbers, prices, dates, long strings — as selector candidates, preventing fragile selectors tied to data values.
  • **SMTP settings actions show toast notifications**: testing the SMTP connection and completing OAuth authorization now display toast notifications in addition to the existing inline status message, making the outcome visible even if the user has scrolled the page.
  • **Worker identity includes hostname and PID**: BullMQ workers now register with an explicit name combining the machine hostname and process ID (overridable via `QANODE_WORKER_ID`), improving worker visibility in queue monitoring dashboards.

Fixed

  • **Screenshot ordering groups before/after pairs correctly**: screenshots in run detail are now sorted by base name first so before/after evidence pairs always appear together, then by phase order (before → after), and finally by creation date — preventing mismatched pairs when multiple steps produce evidence with similar names.
  • **Worker identity deduplication in queue client**: `getWorkerIdentity` now correctly deduplicates BullMQ client entries whose names are prefixed with the queue name by extracting the stable worker name suffix after `:w:`, avoiding duplicate worker entries in the connected-workers list.
v0.5.32026-04-29

Changed

  • **Expanded Mobile Flow action set**: `Mobile Flow` now includes explicit actions for long press, pinch/zoom, multi-touch, and system permission handling, making mobile scenarios more complete for real app behavior beyond simple taps and swipes.
  • **Mobile Inspector recording for enterprise actions**: the Mobile Inspector can now add and configure the new mobile actions directly from the inspection UI, including system alert accept/dismiss and Android permission grant/revoke operations.
  • **More expressive mobile waits and scrolling**: mobile waits now support visible, hidden, enabled, text, attribute, and screen-change conditions, while scroll steps can continue until an element or text appears instead of only performing a generic scroll gesture.
  • **Oracle credential form alignment**: Oracle credential forms now follow the same layout convention used by PostgreSQL, showing structured host/port/service/user/password fields first and the optional connection string field at the end with Oracle-specific examples.
  • **Oracle schema discovery now focuses on the connected schema**: the database schema loader for Oracle now reads `USER_TAB_COLUMNS` instead of broad `ALL_TAB_COLUMNS`, preventing internal Oracle schemas such as `GSMADMIN_INTERNAL`, `LBACSYS`, and `OLAPSYS` from flooding the table selector.

Fixed

  • **Oracle driver loading in ESM runtime**: Oracle connection tests and `Oracle Query` execution now correctly resolve the `oracledb` default export when running through dynamic `import()`, fixing cases where `getConnection` was not found even though the driver was installed.
  • **Oracle connection string compatibility**: Oracle credentials and query nodes now accept the supported field-based configuration plus common connection string formats such as `host:1521/service`, `user/password@host:1521/service`, `oracle://user:password@host:1521/service`, and `jdbc:oracle:thin:@host:1521/service`.
  • **Credential save failures are visible to users**: saving credentials from both the main Credentials page and the inline node credential modal now shows failed validation/connection errors as toast notifications and inline modal feedback instead of silently logging only to the console.
  • **Web Flow duplicate DOM target handling**: selector resolution in `Web Flow` now prefers the topmost visible candidate when a selector matches duplicated elements, avoiding hidden or covered duplicate fields such as mirrored/overlay form inputs.
  • **Self-healing duplicate selector handling**: selector-based and healed selector fallbacks now use the same topmost-candidate logic, with execution logs indicating when QANode selected a later `nth(...)` candidate because it was the interactable visible element.
v0.5.22026-04-27

Added

  • **Browser clock control for web automation**: `Web Flow` and `Smart Locators` now include a `Browser Clock` step powered by Playwright `page.clock`, allowing scenarios to fix the browser time, advance time, pause at a specific date/time, or resume the browser clock during execution.
  • **Safer browser clock reload defaults**: newly created browser clock steps now start with page reload disabled by default, preserving the current page state for timer-driven applications while still allowing reload to be enabled explicitly when the application recalculates date/time on page load.
  • **Custom JavaScript clock autocomplete**: the Custom JavaScript editor now exposes `page.clock` typings for `install`, `setFixedTime`, `fastForward`, `pauseAt`, and `resume`, matching the runtime Playwright object already available during execution.
  • **Drag and drop automation for web nodes**: `Web Flow` and `Smart Locators` now support native drag-and-drop steps, including selector/locator based drops, coordinate fallback for canvas-style targets, evidence highlights, Chrome extension recording, and safer handling for repeated semantic text or low-semantic drag/drop containers.

Changed

  • **Scenario import with node selection**: importing a scenario from the editor now opens a second selection modal where all nodes start checked by default, allowing users to import the full scenario, deselect everything, select everything again, or import only the specific nodes they want. Node names in the list prioritize the configured label and fall back to the node type name exactly as shown in the editor today.
  • **Project document sharing rules**: project documents can now be uploaded by any user who can view the project. Deletion is limited to the user who uploaded the document or the project owner, and document upload/delete actions are now recorded in the audit log.
  • **Chrome extension layout refresh**: the recorder extension UI was reorganized with a clearer layout for recording modes and actions, making the expanded Web Flow and Smart Locators capabilities easier to access during scenario capture.
  • **Manual PWA implementation**: the web application now uses a manual Progressive Web App setup based on a static `manifest.webmanifest` and a custom service worker, preserving installability and static asset caching while removing the dependency on `vite-plugin-pwa` and its transitive Workbox chain.
  • **Security dependency hardening**: frontend, desktop, and shared toolchain dependencies were aligned to patched versions, including `vite` `7.3.2` and `lodash` `4.18.1`, eliminating the remaining npm audit findings in the repository.

Fixed

  • **Visual change detection now ignores diagnostic artifacts**: generated analysis images such as accessibility charts, performance charts, security audit artifacts, load-test reports, timelines, summaries, and similar diagnostic screenshots are no longer considered for visual change comparison in run details. Only real step evidence screenshots are now eligible for visual diffing.
  • **Third-party PWA security exposure removed**: the previous `vite-plugin-pwa` chain and its vulnerable transitive packages (`workbox-build`, `serialize-javascript`, and related dependencies) no longer affect the project.
  • **Full npm audit cleanup**: both runtime and development dependency advisories were resolved, bringing `npm audit` and `npm audit --omit=dev` back to zero known vulnerabilities.
  • **Web self-healing hint extraction expanded**: `Web Flow` and `Smart Locators` now extract healing hints from a much broader set of recorded selectors, including XPath text expressions such as `contains(., "...")`, `normalize-space(...)`, and exact `text()` matches, in addition to CSS/XPath attributes like `data-qa`, `data-testid`, `data-test-id`, `data-test`, `placeholder`, `name`, `id`, and `value`.
  • **Better compatibility with Chrome Recorder output**: self-healing now understands more of the raw selector patterns commonly produced by the Chrome extension without requiring changes in the recorded flow itself.
  • **Label fallback improved for unquoted steps**: steps such as `Click Signup` or `Type name` now contribute usable healing hints even when the label does not contain quoted text.
  • **Recovered selector fallback strengthened**: when healing resolves an element through non-semantic identifiers, QANode can now promote usable fallback selectors based on `data-qa`, `id`, and `name`, not only semantic locators like role, label, placeholder, or visible text.
v0.5.12026-04-17

Added

  • **New Self Healing for web and mobile flows**: `Web Flow`, `Smart Locators`, and `Mobile Flow` now support native self healing during execution, allowing QANode to recover from selector drift without requiring the scenario to be re-recorded.
  • **Semantic recovery for UI changes**: self healing can recover from common text changes such as upper/lowercase differences, accents, partial label edits, short synonym changes, and equivalent action wording like “Avançar” → “Continuar” or “Entrar” → “Login”.
  • **Broader matching signals**: the engine now considers accessible name, labels, placeholder, title, alt text, test id, id, name, role, and surrounding DOM/mobile context to identify the intended target more reliably.
  • **Context-aware ranking**: healing decisions now use structural and runtime signals such as form, container, heading, screen region, proximity to the previous step, and nearby context to reduce ambiguity in repeated layouts.
  • **Conservative safety guardrails**: healing only applies when the best candidate is clearly stronger than the alternatives, helping avoid false positives on ambiguous actions like multiple “Salvar”, “Editar”, or repeated card/list buttons.
  • **Platform-aware mobile recovery**: `Mobile Flow` healing understands Appium strategies across iOS and Android, prioritizes compatible selector types for the active platform, and can rebuild selectors from accessibility labels, visible text, resource identifiers, and native element metadata.
  • **Healed selector promotion**: when a healing is applied, the execution report now shows the recovered selector and allows the user to apply that healed selector back to the original flow with a single action.
  • **Execution visibility**: healed steps are exposed directly in run details with confidence and selector information, making recovery transparent and reviewable instead of hidden inside execution logs.
  • **Visual change alerts in run details**: QANode now compares step screenshots against the latest compatible successful execution and highlights when relevant UI changes are detected directly in the execution report.
  • **Execution-aware comparison matching**: visual comparison now uses an execution hash derived from the real flow definition, ignoring canvas-only metadata such as node position while still invalidating comparison when any execution-relevant parameter changes.
  • **Before/after visual evidence**: detected changes now show the previous and current screenshot side by side per step, helping users confirm whether the application layout or content structure changed between executions.
  • **Conservative structural detection**: the comparison engine is tuned to prioritize larger layout changes such as modal overlays, container removal, CTA movement, and grid restructuring while avoiding noisy alerts for minor text, spacing, or decorative changes.
  • **Suite compatibility**: the same visual change detection logic now works for both direct scenario runs and suite-triggered executions, keeping run analysis consistent across execution modes.
  • **Defect webhook events**: the webhook system now supports three new events — `defect.opened`, `defect.status_changed`, and `defect.closed` — allowing external systems to receive real-time notifications about the full defect lifecycle.
  • **Rich defect payload**: defect webhook payloads include all defect fields — title, status, severity, priority, resolution, reporter, assignee, custom fields, originating project and flow, and the note entered during the triggering action (`actionComment`).
  • **Scope support**: defect webhooks respect project and flow scope filters. A webhook scoped to a project receives events for all defects in that project; one scoped to a flow receives events for defects originating from that flow.
  • **Reliability badge on suites**: each suite now displays a reliability percentage badge directly below its name, calculated from the last 10 completed executions. Suites with fewer than 3 executions show no badge.
  • **Confirmed failure exemption**: executions that failed but had a defect opened from them are not counted as unreliable — only unexplained failures penalize the score. Defects marked as rejected are treated as false alarms and do penalize the score.
  • **Compatible with sequential and parallel suites**: the correlation between a suite execution and its child scenario runs uses time-window matching, working correctly regardless of execution mode.
  • **Color-coded thresholds**: badges are green at 85% or above, yellow between 60% and 84%, and red below 60%. A tooltip on hover shows the exact count of successful executions out of the total considered.

Fixed

  • **Web wait-state translations**: `Smart Locators` and `Web Flow` now use explicit localized labels for `Wait Until` and related wait-state options, avoiding mixed-language UI and preventing the generic `load` key from being translated as the unrelated `Load Test`/`Carga` concept.
  • **Project Overview translation gap**: the `Statistics` card title in Project Overview is now correctly translated instead of falling back to the raw English label in localized interfaces.
  • **HTTPS certificate errors no longer block navigation**: `Web Flow` and `Smart Locators` now ignore SSL/TLS certificate errors by default, allowing execution against internal systems that use self-signed certificates, expired certificates, or plain HTTP over IP without requiring any configuration change.
  • **Mobile selector fallback parity**: `Mobile Flow` and standalone mobile nodes now try compatible selector strategies sequentially instead of stopping at the first one, bringing mobile fallback behavior closer to the reliability already used in web execution.
  • **Platform-aware mobile fallback rules**: Android-only selectors are ignored on iOS, iOS-only selectors are ignored on Android, and `bounds` is no longer used as a hidden fallback when better selectors exist. Bounds remain available for highlight and as a last resort only when they are the sole recorded strategy.
  • **Safer first-step mobile startup**: new mobile sessions now wait briefly before executing the first step, reducing false negatives right after app launch or iOS reset/relaunch.
  • **iOS coordinate normalization**: recorded mobile coordinates are now normalized before execution on iOS, fixing drags, taps, and coordinate fallbacks that worked in the inspector but landed in the wrong place during worker execution.
  • **iOS gesture evidence alignment**: drag and coordinate-based mobile highlights now use the same normalized coordinate space as execution, keeping swipe evidence aligned with the gesture that actually ran.
  • **Web Flow fallback consistency**: `wait`, `assert`, and `extract` in `Web Flow` now honor true selector fallback across `selectorStrategies`, matching the behavior already used by `click`, `type`, and the broader web execution flow.
  • **Page Load always `n/a` in web performance audit**: `Web Flow` and `Smart Locators` navigate with `waitUntil: 'domcontentloaded'`, which returns before the browser `load` event fires. The `loadEventEnd` value in the Performance API was therefore always `0` at snapshot time, causing Page Load to display as `n/a`. The engine now waits for the `load` state before taking the performance snapshot, so Page Load is captured correctly for all screens including those reached by click navigation.
v0.5.02026-04-10

Added

  • **New `Load Test` node**: QANode now includes a dedicated performance node for HTTP-based load and stress validation directly in the flow builder.
  • **Multiple performance test profiles**: the new node supports `smoke`, `load`, `stress`, `spike`, `soak`, and `breakpoint` modes to cover fast validation, gradual ramp, aggressive pressure, sudden bursts, endurance testing, and breakpoint discovery.
  • **Custom stage configuration**: performance runs can now be driven either by automatic VU/duration presets or by fully custom stage definitions with per-stage duration and target VUs.
  • **Native performance metrics**: executions now calculate and expose `totalRequests`, `errorCount`, `errorRate`, `rps`, `avgDuration`, `minDuration`, `maxDuration`, `p50`, `p90`, `p95`, and `p99` as structured outputs for downstream use.
  • **Threshold-based validation**: the node now supports pass/fail rules over key performance metrics such as latency, RPS, and error rate, allowing performance assertions to fail the step automatically.
  • **Visual performance evidence**: each load-test execution now generates dedicated summary and timeline charts as run artifacts, making throughput, latency, and error behavior visible in the report without external tooling.
  • **Performance node properties panel**: the editor now includes dedicated configuration fields for VUs, duration, timeout, think time, thresholds, and stage customization, with a distinct visual identity for the node on the canvas.
v0.4.22026-04-09

Added

  • **Built-in performance audit for web nodes**: `Web Flow` and `Smart Locators` now support native performance analysis directly inside the active Playwright session, without requiring a separate performance node.
  • **Thresholds in node properties**: web nodes now expose `Performance Audit`, `Max Page Load (ms)`, `Max API Response (ms)`, and `Fail on Request Errors` to turn performance checks into execution criteria.
  • **Per-screen checkpoints**: web executions now split performance evidence by navigated screen, generating a dedicated checkpoint for each detected page transition with screen name, URL, originating step, and request window.
  • **Visual performance artifacts**: each audited execution now includes a global performance summary chart plus per-screen charts showing page-load metrics, request counts, slow APIs, and API errors for that page.
  • **Structured performance outputs**: audited nodes now expose performance results in outputs, including request counters, error totals, pass/fail status, and a simplified structured summary for downstream use.

Changed

  • **Project document storage**: new project documents now use the shared storage abstraction, so they can follow the configured backend (`local` or `s3`) instead of being tied to the API container filesystem. Legacy local documents remain downloadable through the previous route.
  • **Configurable API bootstrap**: container startup now supports `QANODE_RUN_BOOTSTRAP`, `QANODE_RUN_DB_PUSH`, `QANODE_RUN_SEED`, and `QANODE_RUN_TEMPLATE_BOOTSTRAP`, making it possible to keep local zero-friction startup while moving bootstrap work to a dedicated init task in multi-replica environments.
  • **Managed Redis compatibility**: queue execution now accepts optional `REDIS_USERNAME`, `REDIS_PASSWORD`, `REDIS_DB`, `REDIS_TLS`, and `REDIS_TLS_REJECT_UNAUTHORIZED` variables without changing the existing host/port-only behavior used by local Docker setups.
  • **Chrome Extension scroll capture**: recorded web scroll steps now store the real scroll delta (`scroll by`) instead of the absolute page position, avoiding exaggerated playback that jumped too far down long pages and produced repeated screenshots.
  • **Smart Locators hover heuristics**: automatic pre-click hover recording became more conservative, ignoring hidden/pointer-disabled ancestors and checkbox/radio interactions so reveal-hover steps are kept only when there is a real visible reveal layer.
  • **Web evidence highlight overlays**: `Web Flow` and `Smart Locators` overlays now render in viewport coordinates, fixing highlight displacement after scrolls.
  • **Click evidence behavior**: `after` screenshots for `click`/`dblclick` steps no longer force a stale target highlight when the UI changes immediately after the interaction, preventing orphan or misleading evidence boxes.

Fixed

  • **Suite modal selected-list layout**: the drag-handle grip in the Suite editor no longer steals horizontal space from the scenario name, keeping the selected list aligned correctly with a fixed grip column, a proper text column, and the remove action anchored at the end.
v0.4.12026-04-02

Added

  • **"Conclude manually" action**: runs with `failed` status that belong to a project now expose a new action in the three-dots menu of the runs panel inside the canvas editor. Clicking it opens a modal where the executor can describe how the test was performed and attach a mandatory PDF as evidence.
  • **Mandatory evidence PDF**: the attached PDF is saved directly to the project's document library, providing an auditable evidence trail accessible from the project's Documents tab.
  • **`manual_success` status**: a new run status that reflects a scenario concluded outside the automated execution pipeline. No database migration is required — the existing `status` field is a plain string.
  • **Symmetric manual actions menu**: the previous standalone "Fail" button was replaced by a three-dots action menu per run row. The menu shows "Fail manually" on successful runs and "Conclude manually" on failed runs (project-only), keeping both actions consistent and discoverable in one place.
  • **Audit log export**: the Audit Log screen now supports Excel export by period, with presets for the last 24 hours, 7 days, 30 days, and a custom interval, including all audit-log fields in the spreadsheet.

Changed

  • **Dashboard metrics**: success rate and daily stats now count `manual_success` alongside `success`, so manually concluded scenarios contribute to KPIs without requiring separate tracking.
  • **Reports**: pass rate, scenario completion, and daily run stats in project reports also count `manual_success` as a successful execution.
  • **Status display**: the `manual_success` status renders with a distinct purple badge ("Concluído manualmente" / "Concluded manually" / "Concluido manualmente") across the runs panel, the project scenario list, the dashboard recent-runs widget, and anywhere else status badges appear.
  • **Dashboard tab names**: system dashboards such as "Main Panel" now pass through the i18n layer and are displayed in the user's selected language.
v0.4.02026-03-30

Added

  • **Integration Tokens**: new Enterprise settings section to generate machine tokens for pipelines without human sessions. Tokens support optional expiration, revocation, last-used tracking, audit trail, and a global expiration policy controlled by administrators.
  • **CI/CD permissions**: new role permissions for CI/CD administration (`settings.integration_token` and `settings.integration_token_all`), allowing separation between users who can manage their own tokens and users who can view/revoke all tokens and define the global token expiration policy.
  • **Official CLI**: new `@qanode/cli` package for pipeline execution and automation, with commands for token validation (`auth me`), running scenarios and suites, polling runs, and downloading run artifacts.
  • **Dedicated CI routes**: new `/api/ci/*` endpoints for machine-driven execution, designed for CLI and pipeline integrations without relying on browser session flows.
  • **Execution overrides**: CI runs now support per-execution overrides for variables and credential fields, so pipelines can inject environment-specific values without overwriting persisted configuration in QANode.
  • **Execution targeting by name**: CI execution can resolve scenarios and suites by `id` or by `project + name`, reducing friction when teams copy identifiers from the UI or use project-scoped names in pipeline definitions.
  • **CI/CD help in Settings**: Integration Tokens now include a built-in help modal with usage guidance and working examples for GitHub Actions and Azure DevOps.
  • **Table View help**: role editing now includes a contextual help modal for `Table View`, explaining what the dashboard query-builder profile controls and which tables are visible by default for each profile level.
  • **Copy helpers for Enterprise resources**: Enterprise list views now expose quick copy actions for `Name` and `ID` on projects, suites, scenarios, variables, and credentials to make CI/CD and operational integrations easier.

Changed

  • **CLI output for pipelines**: when commands wait for completion without `--json`, the CLI now prints only the terminal status (`success`, `failed`, or `cancelled`) while preserving machine-friendly JSON output behind `--json`.
  • **CLI artifact download behavior**: `runs artifacts` now prioritizes the consolidated PDF execution report and downloads it with a unique `report_<runId>.pdf` filename instead of using a generic `report.pdf`.
  • **Settings UX — token policy**: the global Integration Token expiration policy now saves automatically when the mode or day count changes, removing the extra save button.
  • **Settings UX — action menus**: secondary actions across Enterprise lists were consolidated into the three-dots menu, while scenario blocking inside projects remained as a direct lock action for faster access.
  • **Documentation and website**: Enterprise documentation and marketing copy were expanded to cover CI/CD integrations, CLI usage, integration tokens, execution overrides, and the bug workflow/sandbox model.

Fixed

  • **Bug module visibility leak**: Community Edition no longer exposes bug-module navigation, run actions, project scenario blockers, or backend-related bug data that should remain Enterprise-only.
  • **Local desktop permissions**: the local Community user no longer receives `bug.*` permissions implicitly through the desktop skip-auth path.
  • **Initial workflow routing**: bug creation now correctly applies the `defaultRoleId` of the initial workflow status when no manual assignee or queue was explicitly provided.
  • **Owned queue behavior**: after a bug is claimed, other users from the same queue can no longer re-claim, reassign, or transition that bug through the normal flow while direct ownership is active.
  • **Workflow consistency**: bug workflow handling now preserves direct ownership when transitioning into the same destination queue and only returns the bug to queue ownership when routing actually leaves direct assignment behind.
  • **Attachment history and permissions**: attachment lifecycle rules were aligned and validated across normal users, privileged users, and super admins, including auditable attachment-added and attachment-removed history records.
  • **Token hash comparison**: integration-token validation now uses timing-safe comparison when checking stored token hashes.
  • **CI route protection**: CI execution endpoints now reuse the centralized permission helpers and include rate limiting on run-creation routes.
  • **CLI auth consistency**: `qanode auth me` now uses the same API error-handling path as the other CLI commands instead of bypassing the shared client.
v0.3.02026-03-27

Added

  • **Bug module**: new Enterprise module that connects failed test runs to a formal defect lifecycle. Bugs can be opened directly from a failed run or created manually, and go through triage, assignment, investigation, and closure with a full auditable history trail.
  • **Configurable workflow**: each instance defines its own bug statuses and transitions. The default workflow is seeded automatically when no active workflow exists. Workflow and custom fields are managed from the new Settings sections.
  • **Queues and assignment**: bugs can be routed to team queues or assigned directly to a user. Claiming a bug removes it from the queue and establishes direct ownership. Only members of the assigned queue can claim or investigate in the normal flow; `bug.transition_any` is the administrative bypass for any transition or status.
  • **Ownership-based transitions**: normal transitions require the bug to be claimed by the acting user. A user with only `bug.transition` cannot act on bugs owned by someone else without first claiming them.
  • **Investigation sandbox**: investigation runs on a disposable copy of the original flow, keeping official executions and KPIs clean. Sandbox is blocked on terminal statuses.
  • **Custom fields**: instance-level configurable fields, editable via a dedicated route with `bug.edit` permission.
  • **Comments, attachments and history**: commenting and attaching files requires `bug.view`. Attachment deletion follows authorship — the uploader can delete their own file; users with `bug.delete_attachment_any` can delete any attachment. Every transition note and comment is recorded in the full history.
  • **Bug key**: each bug receives a unique instance-scoped reference key (`BUG-N`).
  • **Integration with runs**: failed runs show a button to open a bug directly, preserving the link to the run, flow, and originating step.
  • **Integration with projects**: the project detail screen shows bug counts and the list of linked bugs.
  • **Integration with dashboard**: SQL dashboard queries can target bug module data.
  • **Role permissions**: roles now include granular bug module permissions (`bug.view`, `bug.create`, `bug.edit`, `bug.assign`, `bug.transition`, `bug.transition_any`, `bug.run_sandbox`, `bug.delete_attachment_any`).
  • **Stacked Bars chart**: new widget type that stacks multiple data series vertically, with automatic color assignment per series and rounded top corners on the uppermost bar.
  • **Horizontal Bars chart**: new widget type that renders bars horizontally, suitable for ranked or categorical comparisons.
  • **CTE / WITH queries**: SQL widgets now accept queries starting with `WITH` (Common Table Expressions). Writable CTEs remain blocked by the existing DML/DDL blocklist.
  • **Bug metrics — general view**: when no project is selected, the report now includes a row with Total Scenarios, Total Suites, Total Bugs, Open Bugs, and Closed Bugs.
  • **Bug metrics — project view**: when a specific project is selected, the report includes Total Bugs, Bug Rate, Open Bugs, Closed Bugs, and Blocked Scenarios.
  • **Report language**: PDF and email reports are now generated in the language of the user downloading or sending the report.

Fixed

  • **Desktop macOS — OAuth callback URI in packaged app**: the callback URI shown in Email Credentials and SMTP settings was being built from `window.location.origin`, which becomes `file://` in the packaged macOS desktop app and produced invalid values such as `file:///api/.../oauth/callback`. The UI now resolves the callback URI from the real API base URL used by the app.
  • **Reports — email not sending with OAuth2 SMTP**: report emails were built with a hardcoded password-only transport, causing `Missing credentials for "PLAIN"` errors when SMTP was configured with OAuth2. The report endpoint now uses the shared OAuth2-aware transporter.
  • **Reports — stale data on filter change**: switching project, start date, or end date now immediately clears the displayed data, preventing results from a previous query from remaining visible until the next generate click.
  • **Reports — PDF label overflow**: long translated labels such as "CENÁRIOS BLOQUEADOS" were wrapping across two lines in PDF metric boxes. Font size now auto-shrinks based on label length.
  • **Reports — garbled character in email and PDF subtitle**: the separator between project name and date range was stored as U+FFFD (replacement character), rendering as `ÿÿ` or a diamond symbol in some clients. Replaced with a plain ` - `.
  • **Reports — email metric labels overflowing cells**: metric title labels used `white-space: nowrap`, causing long Portuguese and Spanish labels to overflow the 20%-width table cells. Labels now wrap correctly.
v0.2.72026-03-19

Added

  • **Onboarding tour** for Community Edition: first-time users are guided through creating a project, a scenario, and running their first flow. During execution the canvas remains visible with a floating card on the left so nodes executing can be watched in real time.

Fixed

  • **SMTP OAuth2 — email/from auto-fill**: after completing the OAuth2 browser flow, the authorized email is now automatically filled in the Email and From Address fields, so the user does not need to type them manually.
  • **SMTP OAuth2 — data loss on navigation**: settings were cleared when navigating away because the Save button was disabled after OAuth connect. Config is now persisted to the database immediately after a successful OAuth connection.
  • **SMTP OAuth2 — all outgoing emails**: invite emails and password-reset emails were failing when SMTP was configured with OAuth2 because the transport was built using only password-based auth. All email-sending functions now use the shared OAuth2-aware transporter, including automatic access-token refresh.
  • **Password reset email — broken characters**: Portuguese template had corrupted special characters (ç, ã, ê, ©). All strings are now correctly encoded as UTF-8.
  • **Email credential — provider switch/defaults**: switching between Gmail, Outlook, and Custom IMAP now correctly applies provider defaults. Outlook now swaps to `outlook.office365.com`, and Custom IMAP clears the inherited host instead of keeping the previous provider value.
  • **Email credential — Gmail app password hint**: the Gmail app-password help card is now shown only when the selected provider is Gmail, avoiding incorrect hints on other providers.
  • **Email credential — Outlook password mode removed**: Outlook email credentials no longer offer password/app-password mode in the UI, and backend validation now enforces OAuth2/Modern Auth for Outlook IMAP connections.
  • **Email credential — clearer IMAP errors**: IMAP auth failures that previously surfaced as generic `Command failed` messages are now normalized to human-readable authentication errors.
  • **Email credential — Custom IMAP OAuth2 flow**: Custom IMAP now supports a real browser OAuth flow with configurable `Authorize URL`, `Token URL`, and visible callback URI, instead of exposing incomplete token fields without the required OAuth endpoints.
  • **Mobile Flow — session storage behavior**: Mobile Flow now supports `inMemory` and `persisted` session storage inside the same execution. `inMemory` closes the app and Appium session when the node ends, while `persisted` keeps the mobile session open for later nodes in the same run.
  • **Mobile Inspector — force app close on exit**: disconnecting, saving recorded steps, or closing the Mobile Inspector now forces the app to terminate before the Appium session is released, reducing stale app state on the next connection.
v0.2.62026-03-18

Added

  • Mobile Inspector now shows the real Appium error message when a session fails to start (e.g. device offline, wrong capabilities, SDK not found), replacing the generic "Internal Server Error".
  • Mobile Inspector network errors (API server unreachable, database down) now display a human-readable message instead of "Failed to fetch".

Changed

  • Mobile Inspector and Mobile Flow now default to resetting app data on session start for both iOS and Android — no longer preserves previous state by default. Use the **Sem Reset** toggle to opt out.
  • Mobile Inspector iOS app reset now also clears the app keychain (`mobile: clearKeychains`) in addition to `mobile: clearApp`, ensuring apps that store first-launch flags in the keychain start in a clean state.

Fixed

  • **iOS Mobile Inspector — inspect overlay positioning**: source node overlays were rendered using logical point coordinates while the screenshot is in pixel space (3× on retina devices). Overlays are now scaled by the detected pixel ratio and correctly overlay the screenshot.
  • **iOS Mobile Inspector — element selection highlight**: selected element highlight was using logical-point bounds. A `pixelBounds` field is now returned by the `element-at` endpoint and used for the inspector highlight.
  • **iOS Mobile Inspector — "Add Touch" wrong coordinates**: tap/double-tap from the inspect panel was using logical-point center coordinates as pixel inputs. Fixed to use `pixelBounds` for center calculation.
  • **iOS Mobile Inspector — scroll view off-screen content**: XCUITest includes elements scrolled outside the visible area in the page source. These elements (marked `visible="false"`) are now filtered out from both the overlay grid and the element-at hit test, preventing phantom grid lines and incorrect element matches on scrollable screens.
  • **iOS Mobile Inspector — backspace/delete key**: the `/keycode` endpoint used the Android-only `press_keycode` API, which is not supported by XCUITest. iOS now uses W3C key actions with the Unicode DELETE character (`\uE003`).
  • **iOS Mobile Flow — SDK version mismatch**: session creation now auto-retries with the available simulator SDK version when Appium reports "does not exist in the list of simctl SDKs", matching the existing retry logic in the inspector.
  • **iOS Mobile Flow — evidence highlight wrong position**: evidence screenshot highlights were drawn in logical point coordinates against a pixel-space PNG. The pixel ratio is now detected at session creation and applied when drawing highlight overlays.
  • **Android Mobile Inspector — app not resetting**: UiAutomator2 sessions now correctly respect `noReset: false` by default — the previous `noReset: true` default was preventing app data from being cleared.
  • **Custom JavaScript expanded editor — global variables duplicated**: global variables were appearing in both the "Global" and "Flow" sections of the variable panel. The "Flow" section now filters out any variable that is already listed under "Global".
v0.2.52026-03-12

Added

  • `Web Flow` and `Smart Locators` now support built-in accessibility scanning on the current Playwright session, without requiring a separate node.
  • Accessibility scans now support severity-based failure thresholds (`Do Not Fail`, `Minor+`, `Moderate+`, `Serious+`, `Critical+`) directly in the node properties.
  • Accessibility evidence now includes visual overlays on step screenshots plus a final execution summary with consolidated accessibility artifacts.
  • `Custom JavaScript` now supports advanced automation against active Web and Mobile sessions, with `web`/`page` for Playwright and `mobile`/`app` for Appium-driven code.
  • `Custom JavaScript` now supports manual Web and Mobile screenshots directly from code through `web.screenshot(...)` and `mobile.screenshot(...)`.

Changed

  • `Web Flow` and `Smart Locators` no longer reuse stale element highlights on `after` evidence screenshots; when the clicked element no longer exists on the new page state, the `after` screenshot is captured without an orphan highlight.
  • Chrome Extension recorded `click` steps now default to `before + after` screenshots, improving click evidence readability with a precise pre-click highlight.
  • Mobile Inspector recorded tap and double-tap steps now default to `before + after` screenshots, aligning mobile click evidence with the Web recording flow.

Fixed

  • Chrome Extension recorder no longer creates false `click` steps from generic form submits in `Web Tools`.
  • Chrome Extension recorder now ignores script/autofill-driven text changes unless there is recent real user input, reducing phantom `type`/`fill` steps in both `Web Tools` and `Smart Locators`.
  • Smart Locator recording now promotes locators to `exact: true` and removes unnecessary `nth` when the target is already unique, reducing ambiguous matches such as partial button-name collisions.
  • Smart Locators scroll mode labels now use the same translated strings as `Web Flow`.
  • Duplicated nodes on the canvas now open beside the original node instead of overlapping it.
v0.2.42026-03-09

Fixed

  • `Mobile Flow` nodes now render the recorded step preview on the canvas card (same visual behavior used by `Web Flow` and `Smart Locators`).
  • Mobile Inspector inspect overlays now use border-only highlight for non-selected elements, improving screenshot readability in dense trees (e.g., Sauce Labs).
  • Mobile Inspector now clears stale selected-element highlight after tap/double-tap actions that change the app screen.
  • HTTP Request cURL import now accepts commands that provide the endpoint via `--url`.
v0.2.32026-03-08

Added

  • New `Email Inbox` node in **Utilities** for IMAP-based test automation:
  • New `email` credential type in Desktop and Flow Properties (inline credential modal), with IMAP password mode and OAuth2 mode.
  • Email OAuth flows (Gmail/Outlook) with browser authorization code + PKCE, including env defaults for Enterprise deployments (`EMAIL_OAUTH_*`).
v0.2.22026-03-06

Added

  • Report Template settings now include `Enable Evidence Highlight` (enabled by default) to control visual highlights in evidence screenshots for both Web and Mobile flows.
  • Mobile Inspector now shows visual gesture feedback overlays for taps and drags/swipes during recording.
  • Mobile Inspector now supports richer inspect overlays based on parsed source nodes (element bounds/highlight visualization in inspect mode).
  • Mobile Inspector now supports Shift+tap for double-tap recording and execution.

Changed

  • Step reordering in Properties panels now starts only from the grip handle in Web Flow, Smart Locators, Mobile Flow, and SSH nodes.
  • Mobile Inspector tap flow now executes tap and element lookup in parallel to improve perceived responsiveness after interaction.
  • Mobile Inspector screenshot refresh strategy was tuned with burst + tail refreshes to better capture delayed mobile UI updates.
  • Desktop installers now perform direct Node.js LTS + Appium setup for Mobile support (install/update path), including pinned Appium/driver versions in NSIS/macOS post-install flows; macOS/Linux runtime fallback also enforces Node update before automatic Appium setup.
  • Scheduler now performs orphan run recovery for stale executions (`pending`/`running` > 24h) at API startup and on periodic checks, marking them as `failed` with end time/duration/error summary (Desktop and Enterprise Web).

Fixed

  • Saving Report Template settings now shows a success toast.
  • Dragging to select text in Properties inputs no longer triggers unintended step-card dragging.
  • Variable fields (`VariableInput` and `SqlEditor`) now ignore non-QANode drag payloads, preventing accidental inserts like `{{ ... }}` from regular text drag/drop.
  • Mobile Inspector now handles expired/invalid Appium sessions more gracefully, preserving recorded steps and allowing reconnect.
  • Mobile Inspector typing/backspace capture is more stable with buffered flush handling, reducing missed or fragmented recorded input actions.
  • Parallel suite run finalization now always fails the parent run after the 24h wait timeout when child runs do not reach terminal status.
v0.2.12026-03-05

Added

  • **Browser & Device selection** for Web Flow and Smart Locators nodes — choose between Chrome/Chromium (default), Firefox, or Safari/WebKit per node
  • **Desktop viewport presets**: Full HD (1920×1080, default), 2K (2560×1440), 4K (3840×2160), Laptop (1440×900), HD (1366×768), WXGA (1280×720), XGA (1024×768), and Custom (free width/height)
  • **Mobile device emulation** for web nodes — select from 15 preset devices (iPhone SE through iPhone 15 Pro, iPad, Pixel 5/7, Galaxy S8/S9+/Tab S4) using real Playwright device profiles (viewport, user agent, device scale, touch)

Fixed

  • Web Flow and Smart Locators now auto-close non-persistent (`inMemory`) Playwright sessions at node end, keeping only persisted sessions open — this removes unnecessary session buildup and significantly improves runtime performance.
v0.2.02026-03-04

Added

  • Mobile automation support with the new **Mobile Flow** node and integrated **Mobile Inspector** recording workflow

Fixed

  • HTTP Request visual builder now correctly allows adding new Header and Query Param rows even when existing rows already contain values
  • Selector strategy fields now support variable highlight/preview behavior consistently in Web Flow, Smart Locators, and Mobile Flow editors
v0.1.112026-03-02

Fixed

  • Drag-and-drop reordering of selected scenarios in the Suite editor now works correctly — the grip handle is interactive and items can be repositioned by dragging

Changed

  • Storage backend is now abstracted as `local` or `s3`, with `seaweedfs` retained as a legacy alias for S3-compatible providers
  • Default report template image uploads now run through the application storage layer during API startup instead of storage-specific shell commands
  • Docker Compose and Swarm storage configuration now use generic `S3_*` variables while preserving local storage support
v0.1.102026-02-27

Added

  • **Chrome Extension — XPath Inspector mode**: new "XPath Inspector" radio button in the recorder popup; clicking any element in inspection mode generates all possible XPath strategies instead of recording a step

Changed

  • MongoDB Query node now auto-loads collections from `/db/schema` when a MongoDB credential is selected
  • MongoDB Query node no longer shows `URI` and `Database` fields in the flow panel (credential is now the single source of connection data)

Removed

  • Legacy `db-query` node was removed from worker registry and node definitions
  • Legacy `db-query` UI remnants were removed from the flow editor and props panel registry
v0.1.92026-02-26

Added

  • PWA (Progressive Web App) support for the Enterprise Edition — the web interface can now be installed as a standalone app on supported browsers and operating systems
  • Terms of Use (installer license page) updated in English, Portuguese, and Spanish to include an explicit data collection and privacy disclosure for the Community Edition
v0.1.82026-02-25

Added

  • Spanish (`es`) is now available in the language selector and i18n runtime for the frontend — full translation coverage across all pages and components
  • User invite/import email language detection now supports Spanish when `language` is sent by the UI
  • PostgreSQL credential form now includes a "Connection String (optional)" field — credentials created via connection string in the flow panel are now fully visible and editable from the Credentials page
  • Main dashboard panel widget titles and table column headers now follow the selected language (i18n keys stored on the backend, translated at render time)
  • Success rate cards on the main dashboard automatically turn red when the value drops below 70%, using the existing conditional formatting system
  • Windows installer now supports Spanish (`es_ES`) in the language selector — all installer strings and the Terms of Use are available in Spanish
v0.1.72026-02-24

Fixed

  • Credential edit form now correctly loads all database fields (host, port, database, username, password) — fields created via the inline flow panel were not appearing when editing from the Credentials page
  • Loop builder visual mode now correctly emits `&&` and `||` operators instead of literal `AND`/`OR` strings, fixing multi-condition while loops
  • While loop test mode now shows `_loopIndex: 0` in the output preview when the condition evaluates to true
v0.1.62026-02-23

Added

  • Resizable split panels for Variables and Properties in the flow editor — drag the divider to adjust each panel's height
  • Auto-updater now shows a download progress bar and handles network errors gracefully

Fixed

  • Switch node now correctly re-renders edge handles when cases are added or removed
  • If node condition expression was not being generated correctly in visual builder mode
  • Switch node operators (contains, startsWith, endsWith, etc.) were not being evaluated in visual builder mode
  • SSH Command node output key renamed from `steps` to `commands` to avoid conflict with the reserved `steps` context
  • HTTP Request node and Set Variable node now preserve `{{ template }}` expressions in URL parameters
  • Set Variable node no longer strips leading zeros from numeric string values
  • Global variable preview panel behavior and layout corrections
  • Flow execution now always runs headless when triggered as a scheduled or webhook flow
v0.1.12026-02-21

Fixed

  • Evidence node logo and template rendering issues
v0.1.02026-02-20

Added

  • Initial desktop release for Windows (NSIS), macOS (DMG), and Linux (AppImage)
  • Electron auto-updater integration for seamless background updates
  • Embedded PostgreSQL — no external database required
  • Dashboard worker count now reflects real active workers via BullMQ
  • macOS minimum system version set to 11.0 (supports all Apple Silicon Macs)

Fixed

  • Queue module no longer attempts Redis connection when running in standalone mode