March 1, 2026

Agentic RFP generation, global vendor directory, floating prompt bar, and a major security hardening pass.

The biggest update since launch. RFP generation is now agentic with real research tools, a new global vendor directory gives you instant access to 500+ companies, and the prompt bar lets you refine your RFP with natural language after it's generated.

New

  • Agentic RFP generation. The AI generation pipeline now uses research tools that pull from your organization profile, past RFPs, and question library. The result is an RFP tailored to your industry, compliance requirements, and procurement patterns instead of a generic template.
  • Global vendor directory. Browse, search, and invite from a pre-seeded directory of 500+ companies. Each listing includes AI-enriched profiles with capabilities, certifications, and source citations. Available on Standard tier and above.
  • Prompt bar. A floating prompt bar appears on every RFP in edit mode. Type natural language instructions like "add a section about data security" or "make the timeline questions more specific" and the AI updates your RFP in place. Shows which questions were added or changed, with "Added by Strutter" attribution badges.
  • Edit after publish. You can now edit an RFP after publishing it, as long as no vendors have been invited yet. No more recreating RFPs because of a typo.
  • Onboarding context. New issuers now provide company size and compliance frameworks (HIPAA, SOX, PCI-DSS, FedRAMP, GDPR, ISO 27001, SOC 2) during setup. This feeds directly into AI generation so your first RFP already reflects your regulatory environment.
  • AI enrichment sources. When Strutter enriches a vendor profile, it now shows the sources it used so you can verify the information.
  • Error boundaries. Dashboard, portal, admin, and vendor routes now have dedicated error boundaries that display a recovery UI instead of a blank screen when unexpected errors occur.

Improved

  • Prompt bar design. Redesigned as a floating pill with backdrop blur. Shows cycling status messages during AI processing and success/error feedback with question count diffs when complete.
  • Vendor search. The vendor directory now merges results from your organization's vendors and the global directory into a unified search experience.
  • API error responses. All API routes now return structured JSON error responses instead of unhandled exceptions, with route context logged for faster debugging.
  • Admin input validation. Admin endpoints now use schema validation with type and range checks. The directory listing API enforces pagination bounds.
  • Invite status codes. Vendor response submission returns proper HTTP status codes: 409 for duplicate submissions, 400 for closed RFPs and validation errors.
  • Accessibility. Modal dialogs now include proper ARIA attributes. Tab groups use semantic tablist and tab roles with aria-selected state.
  • Date picker. The "Today" button now navigates to the current month before selecting the date.
  • Sign-out reliability. The sign-out flow in both dashboard and vendor portal now handles network failures gracefully.

Fixed

  • RFP award race condition. The award flow now uses a database transaction to prevent concurrent requests from awarding multiple vendors to the same RFP.
  • Multi-tenancy scoping. Award updates, invite deletions, and admin tier changes now use organization-scoped queries, improving data isolation.
  • Feature limit enforcement. Improved enforcement of tier-based feature limits.
  • Import worker recovery. The RFP import worker now marks jobs as failed when unhandled errors occur, preventing them from being stuck in a processing state.
  • CSV export security. Exported CSV files now sanitize cell values for safer handling in spreadsheet applications.
  • Invite expiration consistency. Directory invites now expire after 14 days, matching the standard invite flow.
  • Date display consistency. Release notes and blog posts now use UTC timezone formatting to prevent date shifting across timezones.

Under the Hood

  • Security headers added to all pages.
  • Improved email template security.
  • Strengthened vendor response sanitization.
  • Upgraded outbound email encryption standards.
  • Zero-downtime staged rollouts for all production services.
  • Build pipeline now detects which services changed and only builds/deploys affected services.
  • Expanded automated test coverage across API routes, UI components, AI pipelines, and workers.
March 1, 2026 | Strutter AI