In March 2025, the acsp-web team focused on stability and accuracy for AML-related pages. The key deliverable was reverting the Welsh translation changes on AML Supervisory Bodies pages, restoring correct display of supervisory body names by replacing references to i18n with AMLS_Body_Names (AMLSupervisoryBodies) and undoing a prior translation implementation. This change was committed as 327fefb2a6145c2a0004d7280b3e15c796225f97, reducing user confusion and mitigating regulatory content risk. Overall, the work improved UI reliability and content correctness with no new feature risk, aligning with business value by ensuring accurate Welsh content for regulators and users.

February 2025 (2025-02) focused on stabilizing security-sensitive middleware in the acsp-web codebase. Key actions included addressing an overly permissive Content Security Policy in the form submission flow and restoring the authentication middleware behavior to ensure a consistent auth flow. No new features shipped this month; primary value came from security hardening and reliability improvements. Security posture enhancements included the CSP policy adjustments and restoration of proper auth middleware behavior across critical request paths. Commit-level traceability provided via explicit changes to the content_security_policy_middleware_config.ts and authentication flow logic.

January 2025 monthly summary focusing on security hardening and enabling user onboarding flows across two repositories. Key outcomes include a CSRF error handling fix for the client-id verification web app and a CSP policy update to support the new registration endpoint. These changes improve reliability, security posture, and readiness for the upcoming registration workflow.

Month: 2024-11 — acsp-api stability and regression focus. Reverted a change in API client selection for deleting transactions to restore the original behavior, ensuring the correct client is used and minimizing risk of failed deletions. Updated tests to cover the revert and prevent regressions. No new features were introduced this month for acsp-api; primary work centered on bug fix, test hygiene, and ensuring consistent client routing.

2024-10 Monthly Summary for companieshouse/acsp-api: Restored data storage integrity by eliminating the data wrapper and implementing direct mapping between AcspDataDto and AcspDataDao. This fix reverts prior wrapper-based storage changes to correct incorrect persistence behavior and stabilize the data layer. No user-facing features introduced this month; focus on reliability, maintainability, and performance of the data path. Business value: reduced data corruption risk, simpler debugging, and clearer data access boundaries across the API.