Changelog

Annotator (in-app PDF preview)

• Page renders no longer get stuck blank. A race between the resize observer and the page-render task could leave a freshly-displayed page completely transparent, while the viewer still thought it was rendered. Toggling fullscreen or split view, then jumping to a specific page (e.g. page 5 of a 30-page submission) was the most common way to hit it. The render result is now discarded when the underlying canvas has been detached or replaced during the render, and the next observer pass paints the live canvas correctly.
• Sidebar Delete always asks first. Clicking the red Delete button on an annotation now always swaps the action row to a Delete? / Cancel confirm pair before any destructive request goes out. The previous build only mounted the confirm when an older .btn-group ancestor was present; on the current stacked sidebar markup a single accidental click was destroying annotations with no warning.
• Sidebar Revert-to-AI now talks to the server with the right id. The orange “revert” button on annotations that started as AI and were edited by a human now resolves the annotation’s stable server identifier before sending the request. Previously it sent a composite token that the server rejected silently, so the button looked broken even though the endpoint itself was healthy.
• Drag-to-move on the PDF now transfers ownership AI → Human in-place — the marker recolours, the sidebar card jumps to the Comments column, and a Revert-to-AI affordance appears on the row. No modal reopen required.
• Split view is fullscreen-only. Exiting fullscreen drops split mode immediately; reopening the modal defaults to single-panel.
• Narrow Comments column no longer overlaps actions. Meta-row (verdict pill, source badge, author, priority dots) wraps cleanly above the Edit / Revert / Delete actions at every reachable sidebar width.

Local agent v0.3.7

• Loopback Host header enforcement on every route — closes the DNS-rebinding gap where a hostile origin could reach the local agent through an attacker-controlled hostname that resolves to 127.0.0.1.
• Pairing PIN no longer leaks to non-interactive stdout. Tray notification + OS clipboard still hand the PIN to the operator; daemonised launches and captured stdout logs do not receive it any more.
• Pairing flow hardening. POST /pair/initiate refuses to overwrite an active challenge; POST /pair/complete keeps the challenge alive on pre-PIN validation failures; failure detail collapses to a single Pairing failed; repeated bad-PIN attempts trigger a temporary lockout.
• Request-body cap on JSON endpoints prevents authenticated memory-exhaustion against the results, assignment, grading-bundle, and annotation CRUD routes.
• File-IO reliability fixes — randomized temp filenames with cleanup on failure, incremental SHA-256 hashing on PDF downloads, nanosecond-mtime cache freshness for annotated PDFs, and PDF-space round-trip of annotation rects.

The agent download is available from the docs page; existing paired tokens stay valid across the 0.3.6 → 0.3.7 upgrade.

Grading quality

• Native-text-first page anchoring. For exams that contain both printed text and handwritten work on the same page, the grader now reads the printed text directly instead of routing every page through vision. Q&A pages get matched to the right task with less drift; annotations land closer to the relevant content.
• Page-routing fallback. When the printed-text path can’t settle a page, the grader falls back to the agent-side text bundle so context grading still works on scanned-only exams.
• Cleaner annotation comments. Removed a class of teacher-debug phrasing (e.g. “the schema does not contain an authoritative reference”) that occasionally leaked into student-facing rationales. Verdict comments and per-step rationales are now consistently student-facing and concrete.
• More varied annotation placement. Margin annotations no longer clump at a single X position on dense pages; placement now diversifies across the available margin without losing the link to the cited content.

Local agent

• AEMS Agent v0.3.4 ships alongside this release with Windows, macOS, and Linux installers. Download links remain on the docs page; the Agent updates itself on launch when a newer signed release is available. The tray icon is also refreshed — cleaner shape, easier to spot at a glance.

Public site

• Refreshed the homepage, pricing page, and FAQs with plainer, less-marketing copy. The product description now leads with what an examiner actually does in the tool — upload, review draft marks on the PDF, publish only what they approve.

New Features

• Central Extraction Service. New modular pipeline that combines native text, OCR, and vision paths to read scanned exams. Picks the right path per page automatically and avoids redundant work in smart mode.
• Unified grading orchestrator. Canvas and Offline grading consolidated into a single shared orchestrator, eliminating duplicated logic and ensuring both paths receive identical pipeline improvements.
• Language-aware grading. Automatic language detection from PDF text and grading instructions. Non-English exams receive localised feedback headers and language-specific prompts, with the annotation language forwarded end-to-end from API to grading worker.
• Simple schema bypass. Schemas with zero tasks now skip the full schema pipeline and route directly to basic grading, reducing latency and avoiding unnecessary processing.
• Schema builder sync. Preview-editor scroll synchronisation with drag-based region selection, allowing examiners to highlight PDF areas and map them to schema fields interactively.

Improvements

• All image processing consolidated to WebP format, removing the image format setting and reducing storage footprint.
• Vision-based annotation placement now used for offline grading, matching Canvas workflow quality.
• Schema grading instructions loaded from the linked schema file rather than requiring manual re-entry.
• Structured feedback added to the vision-only grading prompt for richer single-call results.
• Schema pipeline JSON repair improved with LLM-assisted recovery for malformed extraction output.
• UI refinements across analytics, SEO meta tags, and dashboard layout.

Bug Fixes

• Fixed double bullet prefix in structured feedback formatting.
• Fixed schema builder modal losing schemaJson when reopened after initial configuration.
• Fixed hide-unpublished filter and schema prompt persistence on save.
• Fixed vision_only missing from supported vision strategies, causing strategy validation failures.
• Fixed coordinate regressions and permission checks in the grading pipeline.
• Quieter logs by suppressing benign PDF-parser warnings during grading.
• Fixed handwritten exam page-split detection for non-English content.
• Fixed scroll sync warm-up timing after preview render completes.

New Features

• Top-down scoring strategies. New deductive-first scoring pipeline with holistic ceilings, microcheck fallbacks, and scale-aligned common-error deductions. Deductive-first is now the default strategy.
• Common error detection. Grading prompts now include common error analysis, surfacing recurring mistakes across submissions.
• Terms acceptance onboarding. Users must accept EULA and SaaS Terms before using the app, with a full-screen overlay, version tracking, and a before-request consent gate.
• About page & Legal section. New About page with EULA and SaaS Terms, PDF generation, and Swedish translations.
• Schema ownership & visibility. Schemas now have ownership controls, visibility settings, and bulk delete support.
• Offline grading wizard. Unified 4-step wizard for offline grading that reuses Canvas shared steps, with Swedish translations.
• Cloud deployment infrastructure. Deployment tooling for both Linux and Windows environments.
• PDF annotation benchmark. New benchmark system comparing Canvas workflow annotation quality with per-page metrics and LLM analysis.
• Cost analytics persistence. Cost records are now persisted to PostgreSQL for long-term analytics.
• Stale job reaper. Automatic recovery of leaked resource pool slots from abandoned grading jobs.

Improvements

• Check type badges replaced with icons and type-aware grading display.
• Canvas workflow refactored: jobs, export manager, and auth split into modular packages.
• Schema sort order and Canvas grade toggle/display fixes.
• PDF formatting improvements: title spacing, address fields, table word-wrapping.
• Comprehensive lint cleanup: ruff, mypy, and ESLint errors resolved across the codebase.
• Check dependencies now enforced across all grading paths.

Bug Fixes

• Fixed Canvas PDF upload using the correct submission comment endpoint.
• Fixed RBAC course ownership verification: API endpoints now check user-course membership.
• Fixed X-Forwarded-For trust issue: uses remote_addr instead of trusting proxy headers.
• Added file locking and atomic writes for GDPR data exports.
• Extracted inline scripts from builder template for CSP compliance.
• Normalized rubric dependency IDs and added validation for invalid references.
• Fixed XSS vulnerability, fail-open lockout, and falsy timestamp handling.
• Fixed race condition guard requiring DOM stamp existence and match.
• Fixed schema access control vulnerabilities across API v1 and editor routes.
• Fixed 267 wrong or missing Swedish translation entries.
• Fixed mobile dashboard readability and dark-mode card shadow issues.

Security

• All critical and high severity vulnerabilities resolved in security audit.
• RBAC enforcement on schema edit, bulk delete, and visibility routes.
• SSRF protection strengthened with DNS rebinding rejection.
• Exception detail leaking eliminated from client-facing responses.

New Features

• Model Management. Administrators can now discover, enable, and filter available AI providers from the admin panel without touching configuration files.
• Swedish localisation. Full Swedish (sv) translation covering all UI strings, email templates, and error messages.
• Invisible text detection. PDF pre-processing now strips invisible text (white-on-white, black-on-black) to prevent prompt-injection attacks via exam content.
• Analytics errors page. Redesigned analytics dashboard with dedicated error breakdown and cost-per-submission metrics.

Improvements

• Canvas workflow refactored into 34 modular files, significantly faster to load on large assignments.
• Vision cache hit rate improved by 12% through deterministic image preprocessing.
• Grading pipeline latency reduced by approximately 18% for multi-page submissions.

Bug Fixes

• Fixed annotation placement on landscape-orientation PDFs.
• Resolved race condition in batch grading queue when >50 submissions were processed simultaneously.
• Corrected Canvas grade sync for assignments with extra-credit components.

Breaking Changes

• None. This release is fully backwards-compatible with v0.1.x configuration files and databases.

Welcome to the initial launch of the Assisted Exam Marking System (AEMS).

Core Features

• Canvas Integration (Assignments, Students, Rubrics)
• Visual Schema Builder with iterative AI generation
• Offline grading via the AEMS Local Bridge Agent
• Multi-modal grading pipeline (Vision and Text)
• Grading analytics and export to Canvas

Bug Fixes

• Fixed Canvas API token refresh failing silently after 24 hours.
• Resolved incorrect page-split detection for multi-student PDFs with non-standard page sizes.
• Fixed memory system not persisting corrections when the grading session was closed before the review step.

Improvements

• Reduced startup time by lazy-loading provider clients.
• Improved OCR fallback accuracy for low-contrast printed text.
• Added retry logic for Canvas API rate-limit responses (HTTP 429).