March 4, 2026

Conversational RFP generation, universal assistant, scoring explainability, and team management.

Eight new features ship today. RFP creation is now a guided conversation with Strutter AI that auto-starts generation when you finish answering questions, and the assistant can take actions from any page in the app, including updating RFP overviews. Strutter also powers a unified prompt bar, reviews your RFP before publish, suggests content from past RFPs, and pre-fills vendor responses. Scoring explainability and streaming generation progress round out the new capabilities, alongside editor improvements and fifty-plus bug fixes across security, billing, and infrastructure.

New

  • Conversational RFP generation. Creating an RFP now feels like chatting with Strutter AI. Describe what you need, and Strutter asks clarifying questions one at a time with selection chips you can tap or skip. Each answer gets a personality-driven reaction before the next question appears. Once generation starts, live streaming progress shows each section being written with inline previews and Strutter's commentary. A celebration summary appears when your RFP is ready, with a direct link to the editor.
  • Universal assistant. Strutter AI now works from every page in the app, not just the review dashboard. Search your RFPs, look up vendors, check vendor history, create new RFPs, invite vendors, send messages, update RFP overviews, or change RFP status through natural language. Strutter confirms before taking any action and asks for clarification when multiple matches exist. After completing an action, Strutter suggests logical next steps like inviting vendors or notifying participants.
  • Strutter AI prompt bar. A single AI prompt bar now appears at the bottom of every authenticated page, replacing the previous floating chatbot. The prompt bar is context-aware, offering different tools depending on whether you are on the dashboard, editing an RFP, or reviewing vendor responses. Press Cmd+K to focus it instantly, and expand the panel to see your full conversation history.
  • Strutter AI self-review. Before publishing, Strutter AI reviews your RFP for completeness, clarity, bias, structure, and scoring balance. Each review includes a score (1 to 100) and actionable suggestions with severity levels (critical, warning, info). Click "Apply Fix" to accept a suggestion with one click. Self-review runs automatically when you publish, but it is advisory only: you can always publish anyway.
  • Strutter AI Suggestions. A knowledge base now learns from every RFP your organization creates. When building a new RFP, Strutter AI suggests questions and sections based on similar past RFPs. Vendor history badges on invite and review pages show each vendor's track record across your organization. Available on Standard tier and above.
  • Strutter AI vendor pre-fill. Vendors now see AI-suggested responses based on their own past submissions. Each suggestion shows a confidence score and the source RFP it was drawn from. One click applies the suggestion. Pre-fill works for both anonymous (link-based) and registered (portal) vendors, and vendor data stays private: suggestions only draw from the same vendor's history.
  • Scoring explainability. Every AI score now includes a written explanation of why the vendor received that rating. Click any score badge to see the reasoning, the original AI score, any human override, and an option to override the score yourself. The comparison matrix also shows AI reasoning when you expand a response.
  • Streaming AI generation progress. RFP generation now shows live progress updates instead of a generic spinner. Each step of the AI pipeline reports what it is doing, so you can follow along as sections, questions, and scoring criteria are generated.
  • Create vendors from chat. You can now add vendors directly from the Strutter AI chat. Say "add a vendor" or "create a vendor" and Strutter conversationally collects the name, website, notes, and contacts. Duplicate vendor names are detected automatically. Available on paid tiers.
  • API key management in Settings. Pro and Enterprise users can now access API key management directly from the Settings page.
  • Team management. Org admins can now invite new members, edit roles (Admin, Member, Viewer), and remove team members directly from the Settings page. Non-admin users see a read-only view of their team.

Security

  • Prompt injection protection. Strengthened AI scoring input handling to prevent vendor responses from influencing scoring behavior.
  • Billing admin enforcement. Billing and checkout settings now require the admin role. Previously, any organization member could modify billing settings.
  • Directory search bounds. The vendor directory search API now enforces a maximum limit parameter, preventing large unbounded queries from dumping the full directory.
  • File upload validation. Uploaded files are now validated server-side by content inspection rather than relying on the client-provided type, improving upload security.
  • Vendor portal admin controls. Organization settings in the vendor portal can now only be modified by members with the admin role.
  • Thread tenant isolation. Thread creation and access now verify the RFP belongs to the requesting user's organization, improving data isolation.
  • Team member identity sync. Improved authentication sync to preserve correct team membership during sign-in.
  • Vendor response size limits. Vendor response content now enforces a maximum length, preventing unbounded database storage and oversized AI model inputs.
  • Team invite email matching. Improved team invite acceptance to preserve account identity.
  • Vendor visibility enforcement. The API responses endpoint now respects tier-based vendor visibility limits, matching the behavior of the rest of the platform.
  • Post-submission portal access. Vendors can now view RFP details and read messages after submitting their response. Previously, all portal actions were blocked after submission.
  • Chat authentication. The AI chat endpoint now requires authentication, and authenticated users are subject to per-organization AI credit controls.
  • Billing data privacy. Fixed a data exposure issue in the organization API for non-admin users.
  • API key restrictions. API key management is now restricted to organization admins, preventing non-admin users from viewing or modifying keys.
  • Load balancer rate limiting. Rate limiting now runs at the load balancer level, ensuring consistent enforcement across all server instances.
  • Token hash redaction. Removed sensitive token data from API responses.
  • Scoring tenant isolation. All scoring operations are now scoped by organization for improved data isolation.

Improved

  • RFP generation quality. Executive summaries are shorter and more focused (under 400 characters). Generated RFPs include 20 to 100+ evaluation questions depending on project complexity, giving vendors a more thorough framework to respond to. Question type configurations (select options, table columns, slider ranges, file upload limits) are now auto-populated during generation.
  • Generation auto-start. After answering the last clarifying question, Strutter AI begins generating your RFP automatically, with no extra button click needed.
  • Conversation context during generation. Your clarifying question conversation stays visible while Strutter AI generates your RFP, so you can review what you discussed as each section is written.
  • Editor layout. The overview section in the RFP editor now starts collapsed, putting your questions front and center when you open an RFP.
  • Published RFP protection. Published RFPs with invited vendors are now locked server-side, preventing accidental content changes that could affect active vendor responses.
  • AI scoring accuracy. When the AI model returns scores with mismatched question identifiers, the scoring engine now detects and handles the mismatch instead of silently dropping questions.
  • AI recommendation validation. Vendor recommendations are now validated server-side against actual submitted scores, preventing recommendations that contradict the scoring data.
  • Chatbot page awareness. Strutter AI now knows which page you are on and tailors responses to your current context, giving more relevant suggestions and actions.
  • Chat message handling. Chat API routes now properly convert UI message format to model message format, resolving blank responses in AI conversations.
  • AI input size limits. All AI-powered routes now enforce maximum input sizes, preventing oversized payloads from reaching the AI model.
  • AI credit controls. AI-powered endpoints including suggest-content, suggest-question, vendor suggest-response, and recommendation now check feature access and track usage against your plan's AI credit allowance.
  • RFP import fidelity. The document import parser no longer double-truncates extracted text, preserving the full 30,000 character content window.
  • Vendor portal question config. The vendor portal now includes question configuration (slider ranges, table columns, select options) in responses, so specialized question types render correctly.
  • Thread route validation. Thread API routes now validate that the RFP ID in the URL path matches an actual RFP in the requesting organization.
  • Portal response validation. The vendor portal respond endpoint now uses strict schema validation instead of type assertions, catching malformed response data before it reaches the database.
  • Duplicate invite prevention. Inviting the same vendor email to an RFP now returns a clear duplicate error instead of creating redundant invite records.
  • Error visibility. Components that previously swallowed errors silently now surface clear feedback to users when operations fail.
  • Vendor directory errors. The vendor directory tab now shows a proper error state when loading fails, instead of misleadingly displaying "no vendors found."
  • Rate limiter consistency. Rate limit exceeded responses now use the same error format as all other API responses.
  • Team page controls. The team management page no longer shows role change or removal controls for yourself or the organization owner, preventing confusing self-modification attempts.
  • Clickable RFP cards. RFP cards on the dashboard are now fully clickable. Click anywhere on the card to open it, not just the title link.
  • Notification management. You can now dismiss individual notifications or dismiss all at once.
  • Queue input validation. All queue task handlers now validate their input payloads before processing, improving reliability for background jobs.

Fixed

  • Chatbot action reliability. All chatbot actions (create RFP, invite vendor, send message, and others) no longer spin indefinitely. A state synchronization issue with the AI SDK has been resolved, and timeout fallbacks now ensure actions always complete.
  • Chat navigation. Navigation actions triggered from Strutter AI chat (such as "create an RFP" or "go to vendors") now work correctly from any page in the app.
  • RFP editing from chat. Editing an RFP through the Strutter AI prompt bar works again on edit pages, restoring the ability to refine content through conversation.
  • Publish celebration overlay. The sparkle animation during publish no longer overlaps text content in the celebration dialog.
  • Empty RFP detection. RFP generation now detects when the AI agent completes without producing any content and marks the job as failed with a clear error, instead of treating an empty result as success.
  • File upload type preservation. The FILE_UPLOAD question type is no longer stripped when using AI to refine an existing RFP, preserving file upload fields through the reprompt flow.
  • Chat context accuracy. The AI chat assistant no longer includes soft-deleted RFPs in its context, preventing references to RFPs that have been removed.
  • Feature gate enforcement. Four feature gates (question library access, RFP generation, vendor invitation limits, and recommendation generation) that were defined in tier limits but never checked are now enforced in their respective API routes.
  • Question library gating. Question library routes now check the question_library_access feature gate, restricting access based on organization tier.
  • File upload limits. Server-side file upload count limits are now enforced per question, matching the client-side restriction and preventing unlimited uploads through direct API calls.
  • Email compliance. Outbound emails now include the required CAN-SPAM unsubscribe mechanism.
  • List pagination. Multiple list endpoints that previously returned unbounded result sets now enforce pagination, preventing runaway queries on large datasets.
  • Chat pagination. The chat route now paginates vendor invite and response data instead of loading all records at once.
  • Onboarding idempotency. The onboarding endpoint can no longer be re-invoked to change an organization's role type or settings after initial setup.
  • Payment webhook logging. Payment webhook events with missing metadata are now logged with full context instead of being silently dropped.
  • Subscription sync. Admin-initiated tier changes now sync correctly with the active subscription state.
  • Portal respond atomicity. Vendor response submission and invite status updates now happen in a single database transaction, preventing partial state on failure. Successful submissions also trigger AI scoring automatically.
  • Awarded RFP immutability. RFPs with the Awarded status can no longer have their title, description, content, or deadline modified, enforcing the terminal state contract.
  • Team invite email reliability. If the invitation email fails to send, the invite record is rolled back and the API returns an error, allowing the admin to retry instead of showing false success.
  • Feature gate cold start. Remote Config failures during cold start no longer disable all feature gates. The system falls back to cached values or safe defaults.
  • Rate limiter persistence. The rate limiter now survives service restarts and works correctly across multiple server instances.
  • Directory invite emails. Inviting a vendor from the directory now correctly sends the invitation email to the vendor's admin contact.
  • Usage credit accuracy. AI credits are now deducted only after a successful operation completes. Previously, credits could be consumed even when the AI call failed.
  • Scoring reliability. Vendor response scoring now tracks failures and surfaces them to issuers, instead of silently failing with no visibility into what went wrong.
  • Close and award atomicity. Closing an RFP and selecting a winner now happens as a single atomic operation, preventing race conditions when multiple users act simultaneously.
  • Payment webhook idempotency. Payment webhook events are now processed exactly once, preventing duplicate billing records when events are retried.
  • Pricing badge cleanup. Removed incorrect "Most Popular" badges from pricing pages on both the app and marketing site.
  • Vendor favicon display. Vendor favicons now load correctly. A content security policy update switches to the Google Favicon API for reliable icon rendering.
  • Help documentation tables. Tables in help documentation pages now render correctly.
  • Enterprise tier label. Removed a stale "enterprise" pill from the teams page that no longer applied.
  • API key tier gating. Enterprise and Pro tier customers can now reliably access API key management in Settings. Previously, hardcoded tier name checks blocked access even for eligible plans. The Settings page now reads the feature flag result from the server instead.
  • Strutter AI section titles. RFP generation no longer produces sections with blank or missing titles. Schema validation now enforces non-empty titles, null sections from research data are filtered out before reaching the AI model, and a fallback title is applied if one is still missing.
  • Split view prompt bar styling. The prompt bar in the RFP generation split view now matches the standard prompt bar design, including the bottom gradient overlay, dynamic status colors, minimum height for layout stability, and last instruction display.

Under the Hood

  • Job status tracking. Queue handlers now track job status through each processing stage, making failures visible and diagnosable.
  • Worker request timeouts. The worker server enforces a five-minute HTTP request timeout, preventing runaway jobs from consuming resources indefinitely.
  • Stale job recovery. A new endpoint automatically detects and cleans up jobs stuck in a processing state, eliminating the need for manual intervention.
  • AI timeout protection. AI model calls now have operation-specific timeouts (30 to 120 seconds), preventing indefinite hangs on unresponsive model calls.
  • Idempotent task dispatch. Task dispatch operations now use idempotency keys, preventing duplicate jobs when network retries occur.
  • Feature gate coverage. AI suggest and reprompt endpoints now enforce feature access checks and credit limits for free-tier users.
  • Build pipeline optimization. Content-only changes to the marketing site now skip lint and typecheck steps, speeding up the pipeline for documentation and blog updates.
  • Deploy verification. Health checks run faster with streamlined verification logic.
March 4, 2026 | Strutter AI