v3.6.1
Step pipeline fixed: "Risk Map" and "AI Prompt" can no longer wrap to two lines (nowrap on every step), the pipeline starts directly after the brand instead of being centred, and on narrower windows it sheds decorations progressively — first the progress percentages, then the number circles, then the arrows — so labels always stay on one line. The brand column no longer reserves fixed width.
v3.6
⏏ Exit button returns to the launcher (index.html), asking first whether to save the assessment — and warning that unsaved changes are lost (with autosave state taken into account). Top bar decluttered: the autosave toggle is now a compact 💾 ON/OFF chip and Clear storage an icon-only 🧹 button — both keep their full hover explanations; button labels no longer wrap to two lines.
v3.5
Security controls for browser storage: a topbar Autosave ON/OFF toggle — when OFF, the existing autosave is removed immediately and nothing is written to local storage until you click Save yourself (hover the button for the full explanation; the preference persists per browser). New 🧹 Clear storage button wipes everything the Risk apps keep between sessions in this browser: autosaved assessor and configurator sessions, guided-help preferences, AI connection settings and the session API key — files on disk are untouched.
v3.4
Cleaner separation of roles between the two apps: the bundled-config gallery moved to the Risk Configurator's new landing page. The assessor landing is now purely assessment-focused — load a config exported by the configurator (drop zone / file picker), resume a saved assessment, or restore an autosaved session.
v3.3
Three new capabilities. Guided mode: business-language coaching tips on every step (how to answer like an auditor, what weights and effects mean, when to scope risks out) — on by default, each tip dismissible, whole layer switchable in Settings → Guided help. What-if simulator: 🧪 Simulate controls in the risk popup sandboxes control answers and shows where residual would land before anything is committed (Apply / Discard); 🧪 Opportunities on the Output step ranks not-yet-implemented controls by the total residual-points reduction they would buy — control investment prioritisation. Evidence assurance: a new score showing how many credited (Yes/Partial) controls actually carry an evidence reference — displayed on the Output step and in the risk popup, with an "Evidence Assurance" section in Markdown, an assurance block in JSON and an "Assurance %" column in CSV; optional scoring.unevidencedYes:'partial' config key scores unevidenced Yes answers as Partial (set in the configurator's Scoring Options).
v3.2
Config gallery on the landing screen — one click loads any bundled risk map or starter pack (with a drop-zone fallback when opened from disk). WI-2.8 session comparison: load a previously saved session on the Output step to see per-risk residual deltas (improved / worsened / new / dropped-out) against the current assessment. WI-2.9 usability: answer questions from the keyboard (focus a card, press Y / P / N / A / D), arrow keys move between cards, Esc closes modals, progress percentages in the step pipeline, Expand/Collapse-all on the Controls accordion, and visible focus outlines with ARIA labels for assistive technology. New scoring.detectiveAffects config key ('likelihood' legacy default | 'impact'): when set to impact, Detective controls reduce residual impact (early detection limits blast radius) instead of likelihood. Manual score overrides are now flagged with an info banner on the raw Inherent views, where they intentionally do not apply. Scope-suppression lookups are memoised for snappier rendering on large registers.
v3.1
Security & housekeeping: the AI API key now lives in session storage only — it is deleted automatically when the tab or browser closes (provider, endpoint, and model still persist; Clear removes everything). Changelog renumbered: a duplicate legacy v2.5 entry that sat out of order at the top is now v2.4.1 in its correct chronological position.
v3.0
Phase 4 AI integration: bring-your-own-key AI client (Anthropic direct or OpenAI-compatible endpoint) configured under Settings → AI Connection. ⎘ Copy AI package (prompt + full report to clipboard). ✨ Generate AI report (rendered in-app, embedded in exports and sessions). ✨ AI scoping assist (Scope step) and ✨ AI pre-fill (Vendor/Internal steps): paste source material, review per-question suggestions with justifications before applying — applied answers are tagged [AI-suggested]. ✨ AI treatments (Output step): drafts treatment decisions for risks exceeding appetite. All AI actions are human-in-the-loop; nothing is applied without explicit acceptance.
v2.9
WI-3.7: Framework cross-references — controls can carry a refs field (ISO 27001 Annex A, NIST CSF 2.0, Essential Eight, NIST AI RMF). Rendered as a "Framework Refs" column in the Markdown controls table and a refs field in the JSON export.
v2.8
WI-2.7: Print / PDF report — new button on the Output step builds a clean print-only report (header, executive summary with rating counts and appetite breaches, Current and Residual family×period heatmaps with colour-coded cells, Risks Exceeding Appetite table, Treatment Plan table) and opens the browser print dialog; save as PDF from there. Print stylesheet hides the app UI and uses print-safe colours.
v2.7
Phase 2 (WI-2.1/2.3/2.4/2.5): Autosave — session state persisted to browser storage 2s after every change; landing screen offers "Restore unsaved session" with timestamp. CSV export of the risk register (current + residual ratings, appetite, treatment columns; Excel-ready). Treatment plan per risk in the Output popup: decision (Accept/Mitigate/Transfer/Avoid), owner, due date, comment — saved in sessions, included in JSON/CSV exports and a new "Treatment Plan" Markdown section. Evidence link/reference field per control (audit trail) included in JSON export and the controls table. JSON export now reports residual rating and uses the residual-based exceeds-appetite rule (consistent with the heatmap).
v2.6
WI-1.7/1.8: Scope uncertainty now visible — "Do not know" scope answers raise an amber banner on the Output step and a dedicated "Scope Uncertainty" table in the Markdown export listing affected in-scope risks for re-verification. New scoring.tpraAffects config key ('impact' legacy default | 'likelihood'): when set to likelihood, the TPRA multiplier scales the likelihood axis of vendor-linked risks instead of impact (applied in both the Current calculation and the Inherent (vendor-adjusted) view).
v2.5
Methodology update (WI-1.1…1.5): N/A answers are now excluded from survey/control scores entirely (previously scored like "No"). New config scoring block support: unanswered questions can count as 0 (unansweredAs:'zero'), and the survey (60%) / control (80%) max-reduction caps are configurable. Optional per-risk baseLikelihood starts likelihood independently of impact. Honest mode labels: Inherent (raw) / Inherent (vendor-adjusted) / Current Risk (posture-adjusted) / Residual — internal mode keys unchanged, saved sessions compatible.
v2.4.1
Residual scoring now reduces the impact band for Impact/Both controls (not just likelihood), so residual points line up with the directional index-based assessor. Base and TPRM map modes band likelihood with the impact bands (raw, unreduced), fixing inflated likelihood when likelihood bands are compressed. (Renumbered from a duplicate v2.5 during the June 2026 changelog clean-up.)
v2.4
Bug fix: answering scope, vendor, or internal survey questions no longer scrolls to top of page.
v2.3
Bug fix: "Load new config" now fully resets all state — metadata fields, risk overrides, and tab filters are cleared alongside answers and notes.
v2.2
Output tab risk popup redesigned: narrative, mitigation, three score cards (Score-Derived / Inherent / Residual with pts and band names), calculation trace, survey/control stats, likelihood and impact override dropdowns, base score override, linked controls with inline answer dropdowns. Sidebar heatmap: hover shows a floating tooltip with risk ID, score, inherent/residual ratings, appetite, and top controls list.
v2.1
Markdown export fully rewritten: header table, executive summary with inherent+residual counts and survey/control scores, inherent risk heatmap (family×period ASCII table), residual risk heatmap, full risk register with both ratings, risks exceeding appetite table, scope questions with answers+notes, vendor/internal survey questions with answers+notes, controls grouped by risk with type/effect/answer/note columns, AI prompt in fenced block. Date added to filename.
v2.0
Controls: all risk sections start collapsed. Click to expand; auto-collapses when all controls in that section are rated. No scroll-to-top when answering controls. Accordion header now shows: Inherent rating → Residual rating, Appetite value, controls answered/total.
v1.9
Output tab survey scores and control effectiveness now calculated against relevant questions/controls only (linked to in-scope risks). Shows 100% when all relevant items are answered. Exports updated with same scoping.
v1.8
Sidebar heatmap now always shows RESIDUAL risk colours (after controls). Exceeds Appetite logic fixed: residual LOW rating always = within appetite; for other ratings, compares residual matrix pts against appetite threshold — consistent with the residual heatmap view.
v1.7
Pipeline steps turn green when all relevant (in-scope) questions/controls are answered. Output: 5th map mode "Exceeds Appetite" colours risks red/green by residual vs appetite. Residual scoring: control reduction increased to 80% max — 100% control effectiveness guarantees LOW (green) rating.
v1.6
Sidebar progress shows relevant question/control counts (linked to in-scope risks only). Scroll-to-top on tab change and on every question/control answer (requestAnimationFrame ensures post-paint scroll). Per-risk add-control form now includes Effect field. Risk scoring fixed: high survey score now REDUCES inherent likelihood (up to 60%); controls reduce residual likelihood from the inherent baseline (up to 60%), ensuring Base ≥ Inherent ≥ Residual.
v1.5
Tab navigation now scrolls to top on every step change. Survey step subtitle shows total active question count alongside filtered (in-scope) count. Save filename now includes the current date (YYYY-MM-DD).
v1.4
Per-risk "Add control" button inside each accordion section. Control types updated to Contractual / Design / Operational / Other. New AI Prompt tab (step 7, last): pre-filled from config, editable, saved with session, included in exports. Output tab: 4 map-mode buttons — Base Map, Base + TPRM, Inherent Risk (TPRM + surveys), Residual Risk (inherent + control reduction).
v1.3
Vendor and Internal surveys now show only questions linked to in-scope risks. Controls step redesigned: Add New Control at top, controls grouped by risk in collapsible accordion sections (only in-scope risks shown). Clicking a risk on the heatmap expands and scrolls to that risk section.
v1.2
Scope tab: affected risks shown under each question as coloured chips. Output heatmap: click empty/OoS to close popup. Sidebar heatmap on survey/controls tabs: click empty or OoS cell clears risk filter. Metadata: "Load new config" button.
v1.1
TPRM score input on Metadata tab with live multiplier recalculation. Larger sidebar heatmap with risk-code labels and OoS text. Heatmap moved to top of sidebar. Scope tab: heatmap starts grey, activates when driven question answered Yes. Vendor/Internal/Controls: click a risk cell on the heatmap to filter questions/controls to that risk. Output tab: click a risk tile to open a floating detail panel with all info, survey/control scores, and editable notes.
v1.0
Initial release. Config-driven generic risk assessor. Landing screen for JSON config load, 7-step pipeline: metadata, risk map, scope, vendor survey, internal survey, controls (with custom control add), output heatmap. TPRA multiplier applied to vendor-linked risks. Survey export/import. Assessment save/load. JSON and Markdown report export.