FilaOps Core v4.0.0

What's New in v4.0.0

Added

• Quality Dashboard — inspection queue, pass/fail metrics by product/inspector, scrap analysis, and trend charts for QC managers (#525)
• Print Cost Estimation Engine — auto-estimates material and labor cost on PO creation using work center rates (machine + labor + overhead); estimated/actual breakdown visible in the PO modal (#521, #539)
• Material-Printer Compatibility Validation — validates filament material type and diameter against printer nozzle and platform specs before scheduling; suggests compatible alternatives on mismatch (#522)
• Scheduling Sequence Enforcement — operations must be scheduled in sequence order; out-of-order attempts return a validation error with the next-available slot suggestion (#526)
• Purchase Order PDF — printable PO document with vendor info, line items, and totals; matches invoice/quote visual style (#523)
• Breadcrumb Navigation — contextual breadcrumb trail across all admin pages with clickable path segments (#524)
• FilaFarm Admin Page — PRO-gated admin panel for FilaFarm printer farm management and automation settings (#518, #520)
• Silent Token Refresh — 401 responses trigger background token refresh without interrupting in-progress form work (#517)

Fixed

• Production order modal rendered its content block twice due to rebase conflict residue (#539)
• Cost estimation silently skipped on new POs — db.flush() now called before relationship access (#539)
• ProductionOrderListResponse did not include cost fields — modal cost section now renders correctly (#539)
• FilaFarm API response shape — extract printers/jobs arrays from nested response object (#520)

Documentation

• API-REFERENCE: 444 endpoints across 49 files
• SCHEMA-REFERENCE: 65 models
• MIGRATIONS-LOG: 62 migrations
• FEATURE-CATALOG: 51 → 60 features

---

Full changelog: https://github.com/Blb3D/filaops/blob/main/CHANGELOG.md

v3.7.1

What's Changed

Fixed

• Self-hosted deployment — proxy headers (--proxy-headers --forwarded-allow-ips) added to uvicorn so mixed-content redirects no longer error behind nginx/Traefik (#510)
• Onboarding company name — company name now saved to CompanySettings during initial setup so sidebar header is populated after onboarding (#510)
• GL entries for SO shipment — shipping an order now creates a balanced journal entry (DR COGS 5000 / CR FG Inventory 1220); entries were previously missing (#468)
• Price Levels on Core — price level CRUD moved to Core API (/api/v1/price-levels); was previously only accessible with PRO installed (#476)
• PO receiving for non-material items — maintenance/supply items purchased in a different unit class (e.g. PTFE tubing in metres, product unit EA) can now be received without a 400 error (#514)

Full Changelog: v3.7.0...v3.7.1

v3.7.0

What's New

• Close-short workflow — accept partial fulfillment when full quantity cannot be produced or shipped; close-short preview shows per-line achievable quantities before executing
• PO accept-short — complete a production order with less than the ordered quantity; BOM-aware guard prevents breaking assembly dependencies
• SO line editing — edit quantities on confirmed/in-production/on-hold/pending orders with reason tracking
• SO line removal — remove a line from an editable order; guarded by shipped quantity, active PO check, and minimum one-line requirement
• PO refresh-routing — re-snapshot a product's current active routing onto an existing production order
• Quote PDF redesign — professional B2B layout with brand colors, two-column header, itemized lines, and terms
• Invoice PDF redesign — professional layout with full customer info, payment terms, calculated due date, and packing slip match
• Packing slip redesign — matches invoice/quote style with brand header, dark table header, and alternating row stripes

Bug Fixes

• Pending orders now included in editable statuses
• Quote-converted orders incorrectly used source='portal' — now source='quote'
• sales_orders.unit_price nullable fix for multi-line quotes (migration 077)
• Packing slip header collision fixed

See CHANGELOG.md for full details.

FilaOps v3.6.0 — Invoicing, Payment Terms & Variant Matrix

What's New

7 New Features

• Invoice Engine — PDF invoice templates, payment recording, and invoice line items (#471)
• Customer Payment Terms — COD, net-15, net-30 with credit limits and aging (#469)
• Sales Order Price Level Auto-Apply — automatic tier-based pricing on order creation (#470)
• Variant Matrix — bulk create color/material variants from template products with BOM material swaps (#458)
• External Order Ingestion — portal order import with operator notification inbox (#475)
• Suggest Prices Tool — margin-based bulk pricing suggestions for items (#440)
• Multi-Line Item Quotes — quote line items with per-line and customer discount support (#488)

12 Bug Fixes

• Routing cost calculation — setup time, materials, deduplication (#441)
• Purchase factor GL entries corrected (#460)
• Product image upload — nginx limit, URL handling, schema (#444)
• Bulk update status field name mismatch (#446)
• Routing cost Decimal consistency, N+1 queries, currency precision (#448)
• Duplicate materials on BOM lines and routing operations (#455)
• Price level assignment shows current tier (#461)
• Routing-only items in sales orders (#462) and quotes (#478)
• Items list missing has_bom/has_routing fields (#481)
• Quote product picker filtered to finished goods (#480)
• Exception details no longer exposed in variant sync API (#477)
• Alembic heads 069/070 merged (#472)

3 Security Patches

• CVE-2026-33228: flatted prototype pollution — pinned to 3.4.2 (#453)
• requests 2.32.5 → 2.33.1 — insecure temp file reuse (#474, #490)
• picomatch 4.0.3 → 4.0.4 — method injection in POSIX character classes (#473)

Dependencies

• codecov-action 5→6, deploy-pages 4→5
• fastapi 0.135.1→0.135.2, uvicorn 0.41.0→0.42.0
• react-router 7.13.1→7.13.2, vitest 4.1.0→4.1.2
• storybook 10.3.1→10.3.3, lucide-react 0.577.0→1.7.0

Stats

• 432 API endpoints across 63 models
• 4617 backend tests passing, 33 frontend component tests
• 56 service modules, 95 test files

Upgrading

git pull origin main
cd backend && alembic upgrade head  # Runs migrations 068-073
cd frontend && npm install

Full Changelog: v3.5.0...v3.6.0

FilaOps v3.5.0

What's New

Duplicate Item with BOM Component Swap

Creating color variants just got fast. Duplicate any item, swap one material in the BOM (e.g., PLA Red → PLA Blue), and get a fully costed new product with its own BOM and routing in seconds. No more rebuilding BOMs from scratch for every color.

Copy BOM Modal

Copy an existing BOM to a different product with a searchable target product picker. Replaces the old broken button that sent empty request bodies.

Routing Copy on Duplicate

When duplicating an item, the manufacturing routing (operations + operation materials) now copies too. Component swaps propagate to routing materials automatically.

First-Run Setup Wizard

New installs get a guided onboarding flow: create your admin account, configure settings, and optionally seed example data.

Password Reset Flow

Full password reset with admin approval (SMTP) or auto-approve with direct link (no SMTP). Anti-enumeration security built in. Production deployments without SMTP get a security warning with a link to the email setup docs.

Fixes & Improvements

• Fixed Dockerfile version detection (VERSION file now takes priority over stale env vars)
• Fixed OWASP category reference in troubleshooting docs (A01 → A07)
• Fixed SMTP variable names in email configuration docs
• Portal Admin button in admin header (PRO-only)
• Updated README with accurate feature counts (41 features, 439 endpoints, 53 services, 89 tests)
• Added FIRST-RUN-SETUP.md to documentation site navigation
• Synced all reference doc counts (API, Schema, Migrations)

Stats

• 41 core features across 8 modules
• 439 API endpoints
• 59 database models
• 89 test files

Full docs: https://blb3d.github.io/filaops/

v3.4.0 — Final Feature Release

Added

• Raw material/filament as sales order line items — fractional quantities, material cost tracking (#362)
• Nepal locale (ne-NP), NPR currency, Asia/Kathmandu timezone (#387)
• B2B Portal admin pages — Access Requests, Catalogs, Price Levels (PRO-gated)
• Portal nginx proxy with priority prefix matching and bare-path redirect
• T-REX pre-commit hook for branch governance
• Docker entrypoint: atomic portal extract with staging dir, error handling
• SQL LIKE wildcard escaping (escape_like) for search inputs
• Pydantic Field constraints on production order schemas (quantity, time, notes)

Fixed

• Walk-in customer orders — customer_id no longer required (#361)
• PRO feature 403s show "PRO Feature" upgrade cards instead of error toasts (#367)
• Docker security audit "Fix It For Me" handles missing .env (#366)
• Password reset UX for single-admin deployments (#360)
• Await async fetchRequests in access request action handlers
• Re-resolve stale assigningLevel after price level refresh
• Check DELETE response before updating UI state (CustomerDetailsModal)
• Clear setup link banner when switching access request filters
• LICENSE_URL scoping bug in docker-entrypoint.sh
• Cross-DB ilike() escape parameter for portable wildcard escaping

Dependencies

• sqlalchemy 2.0.46 → 2.0.48, postcss 8.5.6 → 8.5.8
• react-router 7.13.0 → 7.13.1, lucide-react 0.575.0 → 0.577.0
• storybook ecosystem 10.2.11 → 10.2.16
• types-python-dateutil 2.9.0.20260124 → 2.9.0.20260305

---

This is the final feature release for FilaOps Core. Future releases will be bug fixes and maintenance only.

v3.3.0 — Internationalization & Multi-Tax

Highlights

Your ERP, your currency — FilaOps now supports 21 currencies and 20 locales out of the box. Set your company's currency and locale in Admin Settings, and every number, price, and PDF in the system renders accordingly. No more hardcoded dollar signs.

Multi-tax rates — Create named tax rates (GST 10%, VAT 20%, State Sales Tax 6.25%) and assign them to quotes and orders. The system supports a default rate, per-quote overrides, and graceful fallback to legacy settings. The frontend adapts automatically: checkbox for single-rate setups, dropdown selector when you have multiple rates.

PRO-ready architecture — Core now exposes a clean plugin registration system. PRO modules can inject routes, declare features, and set tier information without modifying any Core code. The frontend discovers available features at startup via /system/info.

What's New

Internationalization (i18n)

• LocaleContext provider with useFormatCurrency() and useFormatNumber() hooks
• 21 ISO 4217 currencies (USD, EUR, GBP, CAD, AUD, JPY, CNY, INR, and more)
• 20 BCP-47 locales with human-readable labels and live preview
• Regional Settings UI in Admin Settings — currency and locale dropdowns
• Currency-aware PDF generation with proper symbol mapping
• 48 hardcoded $ signs replaced across 10 components
• 13 duplicate formatCurrency definitions consolidated into centralized hooks

Multi-Tax Rate System

• New tax_rates table with full CRUD API (/api/v1/tax-rates)
• Named rates with percentage, default flag, and soft-delete
• Tax resolution: specific rate > default rate > legacy fallback
• QuoteFormModal adapts: checkbox (0–1 rates) or dropdown (2+ rates)
• Admin Settings tax rate management with inline add/remove

PRO Extension Points

• plugin_registry.py — runtime tier and feature registration
• /api/v1/system/info — frontend discovers available features
• load_plugin() — environment-variable-driven plugin loading
• useApp() hook — frontend tier/feature awareness

Testing

• 98 new frontend unit tests (i18n hooks, locale context, currency/number formatting)
• Component-level currency integration tests for all currency-bearing components
• Frontend unit tests now run in CI via dedicated vitest.unit.config.js

Bug Fixes

• Upload directory resolution: Path(__file__) instead of hardcoded /app/ paths — fixes CI and fresh VM installs (#365)
• FileStorageService startup hardened: mkdir wrapped in try/except
• Module-level locale defaults synced for non-hook code (PDFs, modals)
• SQLAlchemy .is_(True) for ruff E712 compliance
• Migration 058 seed INSERT explicit for PostgreSQL compatibility

---

Full Changelog: v3.2.0...v3.3.0

94 files changed | +2,776 | -253

v3.2.0 — Editor Consolidation & Cost Accuracy

Highlights

Single routing editor — Replaced 5 duplicate BOM/routing editor components with one RoutingEditorContent, cutting ~2,850 lines of duplicated code. The same component now powers both the Items page (modal) and BOM page (embedded).

Material cost accuracy — Fixed a UOM conversion bug where filament material costs were ~1000x too high. The unit_cost property now correctly divides by purchase_factor (e.g., $20/KG ÷ 1000 = $0.02/G).

Datetime stability — Resolved timezone naive/aware mismatches across 9 locations in 7 backend files that could cause TypeError crashes on quote expiration checks, production operation completion, command center overrun detection, and more.

What's Changed

Refactored

• Consolidated BOM/routing editors: 5 components → 1 RoutingEditorContent (#358)

Fixed

• Material unit_cost now divides by purchase_factor for correct UOM conversion (#358)
• Fulfillment queue material consumption had the same UOM bug (#358)
• Timezone naive/aware datetime mismatches in quote expiry, auth token purge, password reset, command center, operation completion, maintenance checks, inventory approval, fiscal period close (#358)
• Work center rate field mismatch: unsaved operations showed $0.00 cost (#358)
• Operation rows now use backend-computed calculated_cost; materials show extended_cost (#358)
• CodeRabbit review fixes: stale closure, fetch fan-out, embedded save, stale materials (#358)
• BOM page material save restored (#357)

Performance

• Fixed N+1 query patterns in items list and dashboard (#356)

Added

• Dev seed script for local development (#355)
• Walkthrough screenshot Playwright tests (#355)

Dependencies

• 12 dependency upgrades via Dependabot consolidation (#354)

---

Full Changelog: v3.1.1...v3.2.0

37 files changed | +3,511 | -4,134 (net -623 lines)

v3.1.1 — Maintenance & Security Patch

FilaOps v3.1.1 — Maintenance & Security Patch

26 commits | Security fixes, data integrity, dependency updates

Patch release addressing security findings, a foreign key bug, and timezone handling — plus 13 dependency updates.

---

Security

• Resolved 6 CodeQL security alerts (#339)
• API error responses no longer expose stack traces (#335)

Bug Fixes

• Product customer_id FK pointed at wrong table — now correctly references customers (#338)
• PostgreSQL timezone — session forced to UTC, naive datetimes handled correctly (#336)
• Import ordering fix in fulfillment_queue.py (#337)
• Datetime deprecation warnings and auth cleanup (Session 13 code review)

Dependencies (13 updates)

Python: sqlalchemy 2.0.46, pydantic-settings 2.13.0, email-validator 2.3.0, alembic 1.18.4, reportlab 4.4.10
JavaScript: lucide-react 0.564.0, @types/react 19.2.14, eslint-plugin-react-refresh
CI: actions/checkout v6, setup-python v6, upload-pages-artifact v4, codeql-action v4

Other

• Configurable database connection pool size
• PRO code isolation safeguards
• Branded documentation site with user manual

---

Full Changelog: v3.1.0...v3.1.1

v3.1.0 — Clean Core Release

FilaOps v3.1.0 — Clean Core Release

169 commits | 453 files changed | +115,580 / -38,151 lines | 263 new files

The first production-ready community edition. Every core workflow validated end-to-end — eyes-and-mouse + 46 automated domain tests across 10 business domains. All CI green (backend, frontend, CodeQL, GitGuardian).

---

🏗️ Architecture Overhaul (35 refactors)

God file splitting — 15+ frontend components and 20 backend services extracted from monolithic files:

• AdminAccounting.jsx (2,179 → 203 lines), SalesOrderWizard.jsx (2,729 → 1,421 lines), BOMDetailView.jsx, AdminItems.jsx, AdminManufacturing.jsx, AdminPrinters.jsx, AdminQuotes.jsx, AdminPurchasing.jsx, OrderDetail.jsx, AdminCustomers.jsx, AdminSettings.jsx, and more
• fulfillment.py (2,465 lines) → fulfillment_queue.py + shipping_service.py
• 20 new backend service files: item_service, sales_order_service, production_order_service, purchase_order_service, routing_service, material_service, bom_service, quote_service, customer_service, analytics_service, traceability_service, and more
• Pydantic response models added to 27 endpoints
• Raw fetch() replaced with useApi/useCRUD hooks across 24 admin pages

🔒 Security (10 commits)

• Cookie-based auth — migrated from localStorage JWT to httpOnly cookies (#188, #167)
• Command injection fix — sanitize domain input (GUARDIAN-001)
• Sentry DSN moved from hardcoded to env var (GUARDIAN-002)
• SECRET_KEY via settings instead of os.environ (GUARDIAN-004)
• Rate limiting on setup endpoints
• SECURITY.md + Dependabot + CodeQL scanning
• X-Frame-Options standardized to SAMEORIGIN

🐛 Bug Fixes (52 fixes)

Critical (found during validation):

• BUG-001: Seed script emoji crash on Windows
• BUG-004: Fresh install missing UOM seed data — added 12 standard UOMs
• BUG-005: Customers/Users pages empty — React Strict Mode race in useCRUD.js
• BUG-006: Auth redirect to /login (404) instead of /admin/login
• BUG-007: Spools locations dropdown empty — wrong endpoint + useState vs useEffect
• BUG-008: Security audit page hang (symptom of BUG-006)
• BUG-009: MRP engine zero demand — sales orders excluded by default + NULL due_date filter

Other notable fixes:

• N+1 queries in dashboard and BOM endpoints (ARCHITECT-001/005)
• Product shows as "Unknown" in production tab
• GL constraint violation on zero-cost materials
• Migration chain repair after PRO migration removal
• Docker permission errors (CRLF + missing /app/static)
• Setup wizard auth behind nginx proxy
• Unicode checkmarks in migration 039 (Windows compatibility)
• 74+ CI test failures resolved across all test suites

✨ Features & Performance (11 commits)

• Packing slip PDF generation (#21)
• Inventory adjustment reason codes (#24)
• Shared UI component library + Storybook (#11)
• Mobile responsive tables, filters, and modals (#105)
• Missing FK indexes + lazy-load admin pages (#30)
• bcrypt 4→5 with SHA-256 pre-hash
• Vitest 3→4 upgrade
• Production nginx build for frontend

🧪 Testing (71 new test files)

• Backend coverage pushed from ~40% to 80%+ (SENTINEL-003/004)
• Comprehensive tests for: MRP, production orders, purchase orders, BOM, fulfillment, items, sales orders, security, accounting, quotes, customers, dashboard, inventory, routings, materials, settings, vendors, work centers, admin users, printers, traceability
• Vitest component tests for frontend
• SME domain test suite (46 tests, 10 domains, dev-only)

📦 Dependencies (23 upgrades)

Security patches: cryptography >= 46.0.5, react-router 7.13.0, requests 2.32.4, python-multipart 0.0.22

Version bumps: bcrypt 5.0.0, Vitest 4.0, pydantic-settings 2.12.0, pyjwt 2.11.0, alembic 1.18.3, reportlab 4.4.9, semver 3.0.4, python-dotenv 1.2.1, globals 17.3.0, storybook 10.2.8, autoprefixer 10.4.24, axe-core/playwright 4.11.1

CI: actions/checkout@6, actions/setup-python@6, actions/setup-node@6, actions/upload-artifact@6, codecov/codecov-action@5

📚 Documentation

• MkDocs site live at blb3d.github.io/filaops
• Comprehensive user guide for all modules
• Deployment and operations guide
• Docker quickstart + troubleshooting
• Migration safety checklist
• GitHub issue templates (bug report, feature request, task)
• Pull request template

🏭 Infrastructure

• Runtime API URL configuration
• CI security audits
• Correlation IDs for request tracing
• Non-root Docker containers
• PostgreSQL 16 support
• .editorconfig + .gitattributes for cross-platform line endings

---

37 Core Features — All Validated

Products & Items | Bill of Materials | BOM Cost Rollup | Inventory Management | Cycle Counting | Low Stock Alerts | Quick Reorder | Negative Inventory Approval | Sales Orders | Quotes | Customers | Purchase Orders | Vendors | Production Orders | Routings | Work Centers | Machine Overhead | Scrap Tracking | Basic Accounting (GL) | MRP | MRP Auto-Trigger | Customer Traceability | Maintenance Scheduling | Command Center | Multi-User | REST API | Basic Scheduling | UOM Conversions | Company Settings | Shipping Events | Order Events | Purchasing Events | Payment Tracking | Spool Management | Product Catalog | Security Audit | Analytics Dashboard

---

Full Changelog: v3.0.1...v3.1.0