Release Notes — March 16, 2026

Issuer landing page, homepage messaging rewrite with free tier CTA, top-level audience navigation, site-wide padding compression, lightning bolt split design, vendor page messaging overhaul, simplified vendor onboarding, accessibility and SEO fixes, Standard tier features, admin delete redirect fix, vendor dashboard invitation linking fix, and security fixes.

A new issuer landing page gives RFP creators their own dedicated entry point, and the homepage messaging has been rewritten around a "Get Started for Free" call to action that highlights how the free tier handles the full RFP process. The header and footer now feature top-level "For Issuers" and "For Responders" links so visitors can find the right path immediately, and section padding has been compressed across the entire site for a tighter, more focused layout. The homepage lightning bolt split guides visitors into issuer and responder paths with bold visual treatment, and the vendor landing page has been rewritten around a "Day One, Not Month Six" message with a new Strategic Partner program. On the product side, vendors can now invite RFP issuers from the prompt bar, use the Strutter AI writing assistant, and take advantage of new Standard tier features: response templates, an analytics dashboard, original-format exports, and more AI credits.

New

  • Issuer landing page. A brand new /issuers page gives RFP creators a dedicated landing experience. The hero leads with "Stop Choosing the Wrong Vendor" messaging focused on the opportunity cost of a bad procurement decision. Value props highlight creating RFPs in minutes, AI-powered vendor evaluation, and full lifecycle management. A three-step "How It Works" flow walks visitors through describing their need, collecting and scoring proposals, and getting recommendations. Four issuer-specific feature cards round out the page, along with full metadata, JSON-LD structured data, and lightning bolt dividers with hover animations.

  • Homepage lightning bolt split design. The homepage hero now features a bold diagonal lightning bolt divider that splits the page into two clear paths: "I Create RFPs" on the left and "I Respond to RFPs" on the right, each with its own visual treatment and call to action. The How It Works section and CTA banner also use the bolt motif to separate issuer and vendor flows. On mobile, the bolt rotates from diagonal to horizontal for a clean responsive layout.

  • Vendor page messaging overhaul. The vendor landing page has been completely rewritten with new positioning. A new "Day One, Not Month Six" hero highlights that StrutterAI connects to existing data sources through the Strutter MCP with no lengthy implementation. A new Strategic Partner section lets vendors invite prospects to use StrutterAI for their procurement process at no cost to the prospect. "Both sides" messaging runs throughout the page, reinforcing that StrutterAI is the only platform built for the entire RFP lifecycle.

  • One-click AI workspace connection for vendors. The vendor portal RFP list and response pages now feature a prominent "Complete RFPs with AI" banner that lets vendors connect StrutterAI to their AI workspace in one click. Clicking "Connect" auto-generates an API key and displays a ready-to-paste configuration. Once connected, the banner shows a "Connected" badge and can be dismissed. Previously, AI workspace setup was buried in the Settings page, making it hard for non-technical vendor teams to discover.

  • Section navigation sidebar for vendor responses. A sticky outline sidebar now appears on the right side of the vendor RFP response form on desktop, listing every section with a live count of answered questions (e.g., "3/5 answered"). The active section highlights as you scroll, and clicking any section smooth-scrolls directly to it. The sidebar is accessible with proper keyboard and screen reader support, and hides automatically on smaller screens to keep the mobile experience clean.

  • File uploads through the AI workspace. Strutter AI agents can now upload files directly to RFP questions through the AI workspace. Agents can attach supporting documents, certificates, or evidence files to any question that accepts file uploads, and list the files already attached to a question before deciding what to add. Uploads are validated for file type, size (up to 15 MB), and content integrity.

  • AI-generated PDF documents. Strutter AI agents can now generate PDF documents from text and attach them to RFP questions in a single step. Agents can produce formatted compliance narratives, technical specifications, or cover letters on the fly, with support for headings, bold, italic, bulleted lists, and code blocks.

  • Invite issuers from the prompt bar. Vendors can now invite RFP issuers to Strutter directly from the AI prompt bar by providing an email address. The issuer receives an invitation email with a personalized landing page. When the issuer signs up, the vendor is automatically added to their vendor library and the vendor earns +25 AI credits as a referral bonus. Invite status (Sent, Clicked, Signed Up) is visible in the vendor portal.

  • Strutter AI writing assistant in the prompt bar. The vendor prompt bar now includes a full writing assistant powered by Strutter AI. Ask Strutter AI to draft a response and it generates a suggestion inline on the target question, complete with a confidence label and actions to use, dismiss, or refine the response. Auto-fill matches your Q&A library entries to every question in the RFP and shows inline suggestions across the board. A new review tool checks existing drafts and suggests improvements. Conversational refinement lets you say things like "make it more concise" or "add more detail about compliance" to iterate on suggestions without leaving the prompt bar.

  • Export responses in original format. Standard tier vendors and above can export their completed RFP responses as DOCX or XLSX files that match the original RFP layout. Use the prompt bar to say "export my responses for [RFP name]" and receive a download-ready file.

  • Invite issuers with a pre-uploaded RFP. Standard tier vendors can upload an RFP on behalf of a prospect, have Strutter AI automatically parse and structure it, and generate an invite link. The issuer sees their RFP already organized and ready to manage. The vendor is automatically added as a respondent.

  • Delete organization from the admin panel. Super admins can now permanently delete an organization and all its associated data directly from the admin org detail page. The button lives in a new Danger Zone section and requires typing the organization name to confirm, preventing accidental deletions. Removing an organization cascades to all related users, RFPs, vendors, responses, AI jobs, and audit logs.

  • Response templates. Vendors can save completed response sets as reusable templates, storing section structure and boilerplate answers. Apply a template to any new RFP as a starting point, cutting repeat work across similar questionnaires. Templates are shared across your organization and managed through the prompt bar or the Q&A Library section.

  • Analytics dashboard. A new analytics page gives Standard tier vendors a clear view of their response pipeline: RFPs organized by status with a deadline calendar, an activity summary covering submissions, average completion time, and Q&A library growth, plus Strutter AI usage tracking showing credits used, credits remaining, and usage by type.

Improved

  • Homepage messaging rewritten around free tier. The primary CTA above the lightning bolt split now reads "Get Started for Free," and the subheadline emphasizes that the free tier completes the full RFP process. The issuer panel leads with opportunity cost messaging and highlights creating RFPs in minutes, not months. The responder panel positions the Strutter MCP as a market-breaking advantage and pitches the Strategic Partner angle. How It Works step copy has been rewritten for both issuers and vendors, and the CTA banner now focuses on the free tier. All homepage section padding has been compressed roughly 50% for a tighter layout.

  • Homepage headline. Updated hero subtitle for clarity and brevity. The new copy, "One platform for the entire RFP lifecycle. Free to start.", replaces the longer previous subtitle.

  • Top-level audience navigation. "For Issuers" and "For Responders" now appear as top-level links in the header, footer, and mobile menu, giving each audience a single click path to their landing page. "For Vendors" has been removed from the Learn dropdown since it is replaced by the top-level "For Responders" link. The "Launch App" button has been removed from the header.

  • Site-wide section padding compressed. Section padding has been reduced by roughly 50% across 16 pages beyond the homepage, including vendor, about, pricing, compare, blog, docs, releases, and contact pages. The tighter spacing creates a more focused reading experience.

  • File upload questions fully supported in the AI workspace. Questions that require file attachments are now recognized and handled by the AI workspace instead of being marked as unsupported. Strutter AI returns the allowed file types, size limits, and maximum number of files for each upload question, so agents know exactly what to attach.

  • Answer validation for AI workspace responses. When vendors use their AI workspace to draft RFP responses, Strutter AI now surfaces the allowed answer format for every question, including valid options for select fields and acceptable ranges for sliders. Draft responses that don't match the expected format are rejected with a clear error showing the valid choices, so AI tools produce correct answers on the first attempt instead of submitting responses that silently fail validation.

  • Q&A library auto-save on vendor submissions. When vendors submit RFP responses through any path, including the portal, direct links, or the API, their answers now automatically save to the vendor's Q&A library. Previously, auto-save only worked through the portal. Saved answers power Strutter AI auto-fill on future RFPs, so the Q&A library grows with every submission.

  • Settings page AI section renamed. The "API Keys" section in vendor portal Settings is now called "AI Workspace Connections," making it clearer that the section is for connecting AI tools to StrutterAI rather than managing generic API credentials.

  • Auto-expanding text fields for vendor responses. Text areas in the vendor response form now grow automatically as vendors type, instead of being locked to a fixed height. This makes it easier to compose and review longer answers without scrolling inside a tiny box.

  • Full-height comparison matrix expanded view. The expanded view in the comparison matrix no longer caps scroll height, so admins can read complete vendor responses at a glance instead of scrolling through a small popup window.

  • Unified vendor portal response form. The vendor portal response form now shares the same component as the direct-link response form, bringing rich text editing, file uploads, an expandable progress bar with per-section breakdown and navigation, scroll-spy section highlighting, and auto-expanding text areas to portal users. Previously, the portal form lacked these features. All future response form improvements will automatically apply to both routes.

  • Thin release pages excluded from sitemap. Individual release note detail pages are no longer included in the sitemap, reducing it from roughly 61 URLs to about 42 substantive pages. The releases index page remains indexed. This focuses search engine crawl budget on pages that matter most for discoverability.

  • Vendor subdomain defaults to vendor account. Users who sign up from vendor.strutterai.com now automatically start with a vendor (responder) account instead of an issuer account. The role selector is locked on the vendor subdomain, matching the existing behavior for vendor invite links. Previously, all signups defaulted to issuer regardless of which subdomain the user was on.

  • Enterprise tier pricing is now fully bespoke. The Enterprise tier no longer displays specific numeric limits for RFPs, AI credits, or team members. All Enterprise limits now read "Custom" across the marketing site, app settings, help docs, and internal specs, reflecting that Enterprise pricing is tailored through direct conversations rather than fixed packages. Free, Standard, and Pro tiers are unchanged.

  • Vendor subdomain root redirects by session state. Visiting vendor.strutterai.com now sends logged-in users straight to the vendor dashboard and sends logged-out users to the sign-in page. Previously, the root always showed the invite response form regardless of whether you were already signed in.

  • Subdomain-aware email links. All email templates now generate links that point to the correct subdomain for the recipient. Vendor-related emails link to the vendor portal and issuer-related emails link to the issuer portal, so recipients land on the right experience without manual URL editing.

  • Expanded vendor pricing comparison. The vendor pricing table now shows all features across Free, Standard, Pro, and Enterprise tiers, including export, response templates, analytics, content freshness monitoring, tone and style profiles, review workflows, API access, SSO/SAML, audit logs, and admin console. Vendors can compare plans at a glance before upgrading.

  • RFP conversations persist across sessions. Conversations tied to a specific RFP now save to the database, so context carries over when you return later or switch devices. General chat remains local to your browser. Switching between RFPs automatically clears the prompt bar to keep each conversation focused.

  • Organization profile fields in onboarding. The signup flow now collects optional organization details, including a description, tagline, year founded, employee count, headquarters, capabilities, and certifications. A visual divider separates required fields from optional ones, making it clear these can be skipped. Previously, vendors had to navigate to Settings after onboarding to fill in their company profile.

  • Increased RFP import limits for Standard tier. Standard tier vendors can now import up to 10 RFPs per month, up from the single lifetime import available on the Free tier.

  • More Strutter AI credits for Standard tier. Standard tier includes 150 Strutter AI credits per month, giving vendors more capacity for drafting, auto-filling, and reviewing responses.

  • Pricing information consolidated on the pricing page. The vendors page no longer displays tier pricing details or structured data pricing offers. All plan comparison and pricing information now lives on the dedicated /pricing page, giving visitors a single place to evaluate plans instead of splitting the information across multiple pages.

  • "Popular" badge on Standard tier pricing. The issuer pricing table now highlights the Standard tier with a "Popular" badge, making it easier for visitors to identify the recommended plan.

  • Vendor Directory listing checkbox removed from onboarding. The "List my company in the Strutter Vendor Directory" checkbox has been removed from the vendor signup flow. New vendors are now automatically listed in the directory, which was already the default behavior. Vendors who prefer not to be listed can toggle the setting off at any time from Portal Settings.

  • 10 accessibility improvements across the marketing site. ARIA attributes added to the FAQ accordion, persona tabs, feature comparison table, contact form, and navigation landmarks for better screen reader and keyboard support.

  • SEO improvements for About and release note pages. The About page JSON-LD now includes social profile links, and individual release note pages now carry structured data for richer search engine results.

Fixed

  • Chat widget color token corrected. The chat widget was using a hardcoded color value instead of the brand design token. It now uses the correct token for consistent styling across the site.

  • Marketing site interactivity restored. A Content Security Policy update was blocking Next.js hydration scripts from running on the marketing site, which broke all client-side interactivity. Navigation dropdowns, the pricing page issuer/vendor toggle, and other interactive elements were unresponsive. The CSP nonce is now correctly passed to all hydration scripts, restoring full functionality.

  • Required question warnings for select fields. Warning messages for unanswered required questions now correctly identify Single Select and Multi Select fields. Previously, these question types showed blank labels because their text field is often empty. The warning now falls back to showing a preview of the available options (e.g., "Select from: Yes, No, N/A") or the question type name, so vendors can quickly locate the missing field.

  • RFP overview alignment on vendor response portal. The overview card and messaging section on the vendor response portal now align properly with the question cards below them. Previously, the overview area was narrower than the questions on large screens, creating a visual mismatch.

  • Scoring status indicator. The scoring status now correctly reflects timeouts and failures in all scenarios, showing a clear failure message with a retry option instead of spinning indefinitely.

  • Scoring spinner timeout and stuck job recovery. The scoring progress indicator could time out before the worker finished processing larger RFPs, leaving vendors staring at a spinner that never resolved. The frontend now waits up to five minutes for scoring to complete and shows a "Still scoring... this may take a few minutes" message after 60 seconds so vendors know the system is still working. On the backend, jobs stuck in a processing or pending state are now automatically detected and marked as failed, which unblocks the Retry button. The Retry button itself now surfaces a clear error when the retry request fails instead of silently doing nothing.

  • Strutter AI scoring for larger RFPs. Scoring now works reliably on RFPs of any size, including those with 80 or more questions. If a group of questions fails to score on the first attempt, Strutter AI automatically retries with smaller groups until every question receives a score. Previously, scoring could fail or return incomplete results on longer questionnaires.

  • MCP config snippets now use the correct connection type. The AI workspace configuration shown on the vendor portal banner and Settings page previously specified "type": "url", which MCP clients like Claude Code do not recognize. The config now correctly uses "type": "http", so vendors can paste it directly into their AI tool without manual edits.

  • Dashboard content overlapped by AI chat bar. The floating AI chat bar could overlap the bottom of scrollable lists on dashboard pages, most noticeably on the Vendor Responses list. Added bottom padding so all content scrolls clear of the chat bar.

  • Vendor invitation page card misalignment. On the vendor invitation page (logged-out view), the RFP details card and the "Create an account" card had different widths on desktop. The auth gate card now matches the RFP card's responsive width and grid layout.

  • Strutter AI vendor recommendations now handle service interruptions gracefully. The vendor recommendation feature could return a cryptic error when the AI service was busy or timed out. Strutter AI now automatically falls back to a faster model when the primary model is unavailable, and returns clear status messages ("AI service is temporarily busy" or "Recommendation generation timed out") instead of generic errors.

  • Table question responses through the AI workspace. Strutter AI now correctly saves table-format answers when vendors use the AI workspace to respond to table questions. Previously, table data was stored as raw structured data, causing the response form to display all values in a single column instead of a properly formatted grid. Table answers and auto-filled table responses now render correctly across all columns and rows.

  • Vendor portal RFP detail page section widths. The header card, progress bar, and question sections on the vendor portal RFP detail page now share the same width. Previously, the response form applied its own max-width constraint independently of the page header, causing the header to appear wider than the sections below it on large screens.

  • Social media content for scheduled posts restored. Three scheduled social media posts for the week of March 17 were referencing a content file that no longer existed, causing them to render without copy. A fresh content plan was created and the schedule entries were updated to point to it.

  • AI workspace submissions no longer blocked by file upload questions. The AI workspace submit_responses tool could fail when an RFP included questions that require file uploads, because those questions cannot be answered through the AI workspace. File upload questions are now excluded from the required-response check for AI workspace submissions, so vendors can submit all answerable responses without being blocked by questions their AI tools cannot handle. If Firebase Storage is unavailable, file operations degrade gracefully instead of crashing the submission.

  • Chat no longer hangs when editing an RFP. Sending edit instructions in the Strutter AI chat while in Editing mode (for example, "remove the compliance section") could cause the chat to stop responding, leaving you waiting with no feedback. The chat now handles errors in the response pipeline gracefully, so you always receive a reply even if something goes wrong behind the scenes.

  • Dashboard RFP cards no longer clip on mobile. The metadata row on RFP cards (due date, question count, vendor count, and time ago) was getting cut off on the right side on smaller screens. Cards now wrap content properly so all details are visible without horizontal scrolling.

  • RFP generation progress text no longer overflows on mobile. Long section names in the generation progress card (for example, "Writing section: Executive Summary...") could extend beyond the card edge on mobile devices. Progress text now truncates cleanly within the card boundaries.

  • Issuer invites now assign the correct role. When a vendor invited an issuer to join the platform, the invited user was incorrectly signed up as a vendor instead of an issuer. This happened because the signup flow on the vendor subdomain overrode the role specified in the invite. Issuer invites now correctly assign the issuer role regardless of which subdomain the signup happens on.

  • Delete organization redirect corrected. Deleting an organization from the admin panel redirected to /admin/orgs, which does not exist, resulting in a 404 page. The redirect now correctly points to /admin.

  • Global vendor directory now visible to all accounts. Free-tier accounts could not search the global vendor directory when inviting vendors to an RFP. The invite search only returned vendors from the organization's own list. Search results now include both your organization's vendors and the full global directory, and the invite form filters results in real time as you type.

  • Vendor profile details accessible on all plans. Free-tier issuers could see vendors listed in the directory but received an "upgrade required" error when clicking to view a vendor's full profile. Vendor profiles are now viewable on all plans, so issuers can review vendor details before sending an invite.

  • Feature cards spacing. Fixed a layout issue causing extra vertical space between the two rows of feature cards on the homepage. The lightning bolt connector section between card rows was stretching too tall, and has been constrained to the correct height.

  • Vendor dashboard now shows all invited RFPs. Previously, vendors who were already signed in when they clicked an invitation link would not see the RFP on their dashboard. The invitation was only linked to the vendor's organization during the first-time signup flow, so existing users bypassed that step entirely. The token exchange endpoint now automatically detects signed-in vendors and links the invitation to their organization, so RFPs always appear on the dashboard regardless of how the vendor accesses the invite.

Security

  • Vendor portal admin access enforced. Admin-only endpoints in the vendor portal now properly verify administrator privileges before granting access, preventing unauthorized users from reaching administrative functions.

  • One-time password protection strengthened. Account linking verification codes are now compared using timing-safe methods with stricter attempt limits, preventing attackers from guessing valid codes through response-time analysis or brute force.

  • Deployment triggers restricted to authorized branches. Manual deployment workflows now verify the target branch before executing, preventing unauthorized deployments from unapproved branches.

  • Deployment secrets handling secured. Secrets used during automated deployments are now passed through secure channels, preventing credentials from appearing in build logs or process arguments.

  • Chat message validation tightened. Input length and format checks are now enforced on chat message endpoints, preventing oversized or malformed requests from reaching the system.

  • File upload scanning hardened. File upload validation now detects and blocks encoded bypass attempts, ensuring that malicious content cannot circumvent scanning through character encoding tricks.

  • Document processing timeout protection. Long-running document processing tasks now enforce time limits, preventing a single oversized or malformed document from consuming resources indefinitely.

  • Vendor document import rate limiting. The vendor document import endpoint now enforces rate limits, preventing automated bulk imports from overwhelming the system.

  • File download URL generation rate limited. Signed file download URL creation now enforces rate limits, reducing the risk of abuse through rapid URL generation.

  • Vendor portal error messages standardized. Error responses from the vendor portal now return consistent, generic messages, preventing internal system details from being disclosed through error output.

  • Marketing content requires review before publishing. Content updates to the marketing site now go through a review step before going live, preventing unreviewed changes from reaching the public site.

  • Distributed rate limiting at the network edge. API rate limiting now runs at the load balancer before requests reach the application, blocking abusive traffic earlier and more consistently across all server instances. Separate limits apply to authentication, AI features, public chat, onboarding, and the public API, each tuned to its expected usage pattern. The existing in-app rate limiters remain active as a defense-in-depth fallback.

  • Active sessions revoked on account deletion. All active sessions are now immediately revoked when an account is deleted, ensuring that no authenticated session persists after the account is removed.

Under the Hood

  • Expanded automated test coverage for rate limiting across authentication, AI, public chat, onboarding, and API endpoints, verifying that both edge and in-app limits behave correctly under load.

  • Updated the rate limiting architecture decision record to reflect the new multi-tier strategy, documenting how edge and application-level protections work together.

  • File uploads through the AI workspace include path traversal protection and polyglot file detection, blocking files that disguise their true content type.

  • Expanded automated test coverage for file upload, file listing, and PDF generation across the AI workspace tools.

  • Added 4 automated tests verifying that release note detail pages are excluded from the sitemap while the releases index page remains included.

  • Added 8 content validation tests ensuring scheduled social media posts reference valid content files and contain the expected copy.

  • Added automated tests for scoring retry failures and stale job detection, covering timeout scenarios, stuck job cleanup, and error handling when the retry API returns a non-OK response.

  • All vendor Free tier prompt bar tools verified end-to-end, including Q&A search, response drafting, auto-fill, submission, Q&A management, deadline checking, navigation, issuer invitations, and clarification requests.

  • Issuer invitation flow includes token-based landing pages with automatic account linking and referral credit tracking on signup.

  • Expanded automated test coverage for the onboarding flow, verifying organization profile creation, backward compatibility when optional fields are omitted, and input validation for new profile fields.

  • Added 36 tests for the new vendor page messaging, covering hero content, Strategic Partner section, and "both sides" layout.

  • Added 30 tests for the homepage lightning bolt split design, covering the bolt divider, dual CTAs, responsive behavior, and How It Works section.

  • Fixed 10 broken marketing site tests and added 64 new test assertions covering mobile navigation, accessibility attributes, pricing badge, chat widget theming, and structured data.

  • Added 46 tests for the issuer landing page, covering hero content, value props, how-it-works flow, feature cards, metadata, and JSON-LD structured data.

  • Added 48 tests for the homepage messaging rewrite, covering CTA copy, subheadline, issuer and responder panel content, How It Works step copy, and CTA banner updates.

  • Added 17 tests for the navigation update, covering header, footer, and mobile menu links for "For Issuers" and "For Responders," removal of "Launch App," and dropdown changes.

Release Notes — March 16, 2026 | Strutter AI