ProductRoadmap

Dashboard blog at /dashboard/blogs: lecturers and admins create and publish articles with TipTap editor, featured images, dynamic categories, revisions, and scheduled publish. Students and lecturers see all published articles.

Save answers and current question index when users are in the middle of a quiz. Detect in-progress attempts and offer Resume vs Start new options.

Add optional passScore (0-100, default 70) to Quiz schema. Display configurable pass score on quiz start screen.

Accept .xlsx files directly in the create-flashcards import, parsing first sheet with column A as front and column B as back.

Allow admins to attach PDFs and images to notices with cloud storage integration and download links.

Replace markdown textarea with WYSIWYG editor (TipTap recommended) for easier content formatting.

Save and reuse notice templates for frequently sent announcements with predefined content and audience.

Schedule recurring notices (daily, weekly, monthly) with automatic publishing via cron jobs.

Dashboard showing notice performance with views, read rates, dismiss rates, and engagement trends over time.

Full security hardening sprint triggered by a mass spam registration attack. Covers rate limiting, Cloudflare Turnstile CAPTCHA, mandatory email verification, HIBP password breach detection, MFA (TOTP + email OTP), session timeout, request logging with IP geolocation, device fingerprinting, and IP whitelisting for admins.

Email verification is now required before login. SHA-256 hashed tokens are stored in the database. A dedicated /verify-email page handles confirmation, with a resend endpoint (rate-limited to 3/hour). Unverified accounts receive a 403 on login attempts.

Two-factor authentication with TOTP (authenticator apps via RFC 6238) and email OTP fallback. Backup codes (SHA-256 hashed, single-use). Two-step login flow: first step returns a tempToken, second step verifies code and issues real JWT tokens. Admin accounts strongly encouraged to enable MFA.

FingerprintJS (open-source) collects a visitor ID on login and compares it against known devices. Unrecognized devices trigger a 'New device login' alert email and require MFA if enabled. Users can list and remove known devices.

Automatic session expiry after inactivity: 15 minutes for students, 30 minutes for staff. A 60-second warning modal appears before logout. Cross-tab sync via localStorage storage events.

tests passing across auth all the way down to security integration suites using Supertest.

Replace or supplement the current Ai provider with a locally-hosted LLM (via LM Studio or Ollama) to reduce API costs. Tavily search API provides internet access to the local model, replicating the web search capability that the Cyber Law curation and Research Topic suggestion services depend on. An AI_PROVIDER config flag switches between Anthropic and local providers without changing service code.

Add a lightweight API endpoint for the admin users page stat cards (Total Users, Active Users, Lecturers) instead of relying on the heavy dashboard/stats endpoint. Deferred pending redeployment verification.

Timetables filtered by student's program with clickable cards, fixed calendar view (exact date matching), accurate color rendering, and mid-semester support.

Exam timetables restructured with program-scoped filtering and dynamic 'Next Exam' countdown that updates based on the selected timetable card.

Redesigned PDF exports with branded header, dynamic summary cards, professional footer. Fixed Ghana Cedis encoding. Subscription PDF shows only successful transactions.

Subscription page stat cards now show global totals from backend aggregation instead of paginated page data. Payment pagination fixed for 10+ records.

Added favicon, fixed SubscriptionProvider race condition, created Activity page, added performance chart to profile page.

Login no longer creates duplicate 'Complete Your Onboarding' reminders. Fixed incorrect field path and added a duplicate guard to prevent notification spam.

Quiz views now increment when the quiz detail page is viewed, not only when a session is started. Views and attempts are tracked separately.

Replaced hardcoded mock alerts with real system checks: expired subscriptions, failed payments, pending verifications, and unread notifications.

Admin dashboard and analytics pages now display Total Revenue, Yearly, Quarterly, and Monthly revenue cards powered by real payment data.

Replaced chart placeholders with real ApexCharts: User Growth (area), Content Engagement (stacked bar), and Revenue Over Time (area) with time range selector support.

Dynamic year range (current year to 1900), Faculty dropdown populated from API with university info, Semester filter, and Institution filter now wired to backend.

Role-specific dashboard statistics for admin, lecturer, and student views with real-time data.

Socket.IO integration for live updates without page refreshes across all data types.

Daily study progress calculation with cards reviewed, daily goals, and study streaks.

Complete onboarding service with faculties, programs, and user course management.

All dashboard pages connected to real backend APIs with proper hooks and error handling.

Admin-managed notice board with audience targeting (global, role, course, program), markdown support, read tracking, scheduled publishing, and email notifications for important notices.

Lecturers enrolled in the programme receive a unique referral link to bring students onto the platform. Commission tiers: 30% for monthly, 35% quarterly, 40% yearly. Incentivising annual plan referrals. Payout is annual, net of 10% withholding tax remitted to Ghana Revenue Authority per the Income Tax Act 2015 (Act 896). Platform generates WHT schedules, WHT certificates, and financial statements. Terms & conditions updated with revenue share agreement and full tax disclosure. Lecturers must publish content regularly to stay active (60-day warning, 90-day auto-deactivation).

Lecturers and admins create timed mock exams with multiple choice, open-ended, or hybrid question formats. AI marks open-ended answers objectively with grade and feedback. Auto-submits on timer expiry. Exams can be public or scoped to a specific course or program. A global leaderboard shows student rankings per exam. Exam creators get a full participant table with individual scores and attempt history.

Dedicated research workspace where students manage projects with assigned supervisors, get Ai-powered topic suggestions, upload thesis chapters for Ai validation (structure, references, flow, academic tone), and track supervisor remarks and approvals chapter by chapter.

Dedicated page providing round-the-clock, Ai-curated information on IT-related court cases worldwide. IP infringement, trademark disputes, cybersecurity cases, media harassment, mobile money fraud, and more. Each case includes verdict, status (ongoing/concluded), jurisdiction, and detailed analysis to help students understand and apply international computer law.

Dedicated page where administrators create learning material cards for each course students selected during onboarding. Each card links to external storage (Google Drive, Dropbox, etc.) where the actual materials are hosted, giving students easy semester-by-semester access to required readings and resources.

A page where students can browse and watch educational videos relevant to their courses and programs. Content curated and uploaded by administrators and lecturers.

New students automatically receive one month of full platform access upon completing registration and verifying their email address, no payment required. The trial subscription is created server-side at the point of email verification, giving every new user immediate access to quizzes, flashcards, past questions, learning materials, and videos. A clear banner communicates how many trial days remain and prompts conversion before expiry.

Sign in and sign up with Google or X (Twitter) accounts using OAuth 2.0. Server-side Passport.js integration exchanges OAuth tokens for the platform's own JWT, keeping the existing auth architecture intact. Includes account linking for users who hold both a password account and an OAuth provider, and handles the X edge case where email is not always returned.

Replace hardcoded subscription plans with a fully API-driven pricing engine. Subscription tiers, tax schedules (VAT/GST with Ghana-specific jurisdiction support, inclusive/exclusive treatment, tax schedule versioning), and discounts (percentage off, fixed amount, trial extension, volume tiers, promo codes) all managed via admin API — no code deployment needed. A calculation engine computes final price from base → tax → discount with a transparent breakdown shown to the user at checkout.

A dedicated hands-on cybersecurity learning environment accessible to paid subscribers. Two pillars: Concept Labs — guided walkthroughs of core concepts (cryptography ciphers, network sniffing, attacker/defender mindset, web security) with interactive exercises, links to real GitHub tools/repos, and curated video references. Arena — browser-based coding playground (Monaco Editor + Docker-sandboxed execution), self-hosted CTF rooms with hints and flag submission, cybersecurity mini-games, weekly challenge drops, and monthly tournaments. XP system with Arena Rank (Recruit → Elite Hacker), badges, and completion certificates.

Expand beyond tertiary to serve Senior High School, JHS, and Primary students across Ghana. Ghana has two curriculum systems: GES (national syllabus, public schools) and Cambridge (international and elite private schools). Students select their curriculum body on onboarding, all content, subjects, topics, and past papers are filtered to their syllabus. Cross-syllabus browsing is always available. GES content covers WASSCE and BECE past papers; Cambridge covers IGCSE and A-Level past papers. Dashboard personalised by tier, curriculum body, and level.

Native iOS and Android applications for studying on the go with offline support.

Intelligent study suggestions based on performance patterns and learning goals.

Create and join study groups with shared flashcards, quizzes, and discussion boards.

Download content for offline access with automatic sync when back online.