Merge branch 'enigma-changelog' into 'main'

## In a nutshell:

- The Editor is a user-friendly interface for designing INJECT exercises.

- It makes exercise creation accessible without requiring YAML expertise, because it guides

    designers through a structured creation process.

- Currently supports **definition version 0.18.0**:

    - Example of how to upgrade a definition to a newer version is

        [here](https://inject.pages.fi.muni.cz/inject-docs/tech/architecture/definitions/upgrade/).

    - All changes of definition are available

        [here](https://docs.inject.muni.cz/tech/architecture/definitions/CHANGELOG/).

- It makes exercise creation accessible without requiring YAML expertise,

    because it guides designers through a structured creation process.

- The Editor supports the latest definition version, which can be directly used

    in the platform.

- Definitions created outside of the Editor can also be imported for further

    editing and visualization.

---

### Should You Use the Editor?

The Editor is recommended for:

- New exercise designers

- Those unfamiliar with YAML

- Exercises that don't require advanced features

Consider manual YAML editing if you need:

- Latest platform features

- Complex milestone configurations

- Role-based exercise design

- Multiple channel configurations

Yes! If you are not familiar with YAML or prefer a guided approach,

the Editor is an excellent choice. Even if you are experienced with

the definition format, the Editor can speed up the design process and

help visualize complex exercises.

## How to start?

![Editor interface in INJECT Gateway](../../images/editor.png)

## Current Limitations

Before using the Editor, it's important to understand its current limitations to make an informed

decision about whether it's the right tool for your exercise.

### Version Compatibility

The Editor currently works with an older version of the

[exercise definition](https://inject.pages.fi.muni.cz/inject-docs/tech/architecture/definitions/upgrade/)

format (v0.13.0) than the one used by the Citadel platform (v0.14.0+). This means:

**Supported features:**

- Basic exercise structures

- Most common features

**Unsupported features:**

- Newer platform capabilities

- Multiple channels of the same type

### Milestone Management

- While the Editor handles common milestone scenarios well, some advanced features are limited:

**Supported Milestone Triggers:**

## Limitations

- Learning activities

- Standard injects

- Tool responses

- Email templates

**Currently Unsupported:**

- File download triggers

- Arbitrary email conversation initiations

- Complex milestone activation/deactivation patterns

- Specific questionnaire answer triggers

### Other Considerations

Some additional limitations to keep in mind:

While the Editor is a powerful tool, it currently has some limitations

compared to manual YAML editing, that you should be aware of:

**Single Exercise Definition Focus**

- You can work with only one exercise definition at a time

- You can only work with one exercise definition at a time

- Saving and loading different exercise definitions requires manual file management

**Role Management**

- No direct support for role-based exercises

- Roles need to be added manually after export

**Compatibility with Existing Exercises**

**Local Storage**

- Some existing exercises may need restructuring to work with the Editor

- Complex conditions might require simplification

- Definitions are stored locally in your browser using IndexedDB

    - This means your work is not synced across devices or browsers

    - **Make sure to back up your work regularly**

- The Editor storage is shared between all users on the same device/browser

**Role Management**

- No direct support for role-based exercises

- The Editor has no direct support for role-based exercises

- Roles need to be added manually after export

**Compatibility with Existing Exercises**

- Some existing exercises may need restructuring to work with the Editor

- Complex conditions might require simplification

!!! tip "Working Around Limitations"

    Most limitations can be addressed by making manual adjustments to the YAML file after using the

    Editor. If you need these features, consider using the Editor for initial setup and then fine-tuning

    the exercise definition manually. Check the:

    [Exercise definition description](../../tech/architecture/definitions/README.md).

<div class="navigation" markdown>

  [INJECT Process Overview](../intro/overview.md){ .md-button }

</div>

---

## 4.0.1 (Frontend)

## 5.0.0

- toolbar moved to the right side in the trainee view for better accessibility

- fixed an issue where the email overlay in instructor view would close unexpectedly

- added information about the recipients for emails in the instructor TODO-list

- when switching between teams in instructor view, the same page now remains selected

    (e.g., emails, questionnaires)

### Better Instructor Experience

The instructor view has been improved with several new features and enhancements

to make the instructor's experience more efficient and user-friendly:

- improved email template selection UI

- team selection filters for easier selection

- dedicated instructor notes page

- fixed email overlay closing unexpectedly

- Czech language localization for instructor view

#### AI-powered instructor tools

New AI-powered tools have been integrated into the instructor view

to assist instructors in facilitating the exercise and evaluating trainee performance.

The required [environmental variables](./tech/installation/setup.md#environment-variables)

need to be set up for these features to work:

- email template suggestions

- email and free-form evaluation based on a specified rubric

### More Powerful Analytics

The analyst view has been enhanced with new features and improvements

to provide more powerful analytics capabilities:

- optimized analyst view performance

- additional "room view" for easier team monitoring

- additional cause-and-effect view for analyzing trainee actions

- additional team clustering view for pattern recognition

- improved trainee performance overview

    - resizable score section

    - collapsible instructor comments section

- team selection filters for easier selection

- sandbox action logging

    - logging the actions performed by trainees within a prepared sandbox VM

        **directly to IXP**

    - improved analyst views for command log analysis

### Definition Editor

The definition editor has been refined to support even definitions created outside

of the editor itself. Now you can use the editor together with tools

you're used to, while still benefiting from the editor's visualization and validation features:

- visual exercise flow diagram

- support for exercise definitions created outside of the editor

    - only definitions with the latest version are supported

### Visual Studio Code Extension

A [Visual Studio Code Extension](./INJECT_process/vscode-extension.md) has been released

to enhance the development experience by providing seamless integration with the platform.

It supports:

- updating older definition versions to the latest version

- syntax checking

- validation of the definition through a deployed instance of IXP

- markdown files preview in YAML files

- experimental definition test environment through a deployed instance of IXP

### Definitions

A new unified storage was published through GitLab [Definition registry](https://gitlab.fi.muni.cz/inject/definitions/definition-registry), and all the provided definitions are listed [here](./INJECT_process/available-definitions.md). Changes:

- upgraded all definitions to definition version 0.24.7

- published new exercise definition _Ransomware Rezonio_

- published new exercise definition _Remote Workers_

- published new exercise definition _Supply Chain_

- published new exercise definition _Threat Modeling_

### Trainee Experience Enhancements

Several improvements have been made to the trainee view to enhance the overall experience

for trainees:

- refined inject overlay interface

- optional feedback on the correctness of questionnaire answers

### Exercise Management Improvements

New quality-of-life features have been added to the exercise management interface

to streamline exercise administration:

- optimized exercise panel performance

- bulk unassign team members from exercises

- links to assigned exercises in the user detail page

- instructor noticeboard real-time updates

- Czech language localization for the exercise panel

### Enhanced Security & Access Control

The platform's security and access control mechanisms have been strengthened

to ensure a safer and more controlled environment:

- added support for API token-based authentication

    (available on the Users page **for Admins only**)

- replaced outdated document viewer dependency

- improved navigation handling for exercises the user is not assigned to

- refined user registration process (a secure password is provided by the

    platform via email)

- improved password change interface

### Core Platform Enhancements

Additional improvements have been made to the core platform to expand its capabilities:

- extended exercise state tracking and management

    - additional states to recognize exercises paused, stopped, expired (duration

        ran out), and finished (a final milestone was reached)

- expanded exercise definition options

    - an exhaustive changelog can be found [here](./tech/architecture/definitions/CHANGELOG.md)

- multi-file attachment support for any content (injects, emails,

    questionnaires, ...)

## 4.0.1 (Frontend)

!!! News

    *February 4*, 2026 <br>

    We've just released the fifth version of the INJECT Exercise Platform (v5.0.0)– [Changelog](changelog.md#500).

    The entire documentation has been updated to reflect this new version.

    If you are using an older version of the platform, please check our

    [Version Compatibility](tech/version-compatibility.md) page.

    *November 18*, 2025 <br>

    Frontend version 4.0.1 is now available with UI improvements and bug fixes.

    [Changelog](changelog.md#401-frontend)

## License Terms

Copyright 2025 Masaryk University

Copyright 2026 Masaryk University

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and

associated documentation files (the "Software"), to deal in the Software without restriction,

The minor version is incremented for changes to the API. Because of this, **only

the frontend and backend with the same major and minor version are compatible

with each other**. For example, `v3.0.0` of the frontend is compatible with

`v3.0.0` of the backend but not with `v2.0.0` of the backend. Similarly,

`v3.1.0` of the frontend is compatible with `v3.1.0` of the backend, but not

with `v3.0.0` of the backend.

with each other**. For example, `v5.0.0` of the frontend is compatible with

`v5.0.0` of the backend but not with `v2.0.0` of the backend. Similarly,

`v5.1.0` of the frontend is compatible with `v5.1.0` of the backend, but not

with `v5.0.0` of the backend.

The patch version is incremented for bug fixes and minor improvements. Such

releases are created for the frontend and backend separately. **The patch

versions of the frontend and backend do not have to match.** For example,

`v3.0.1` of the frontend is compatible with `v3.0.0` of the backend, but not

with `v2.0.0` of the backend.

`v5.0.1` of the frontend is compatible with `v5.0.0` of the backend, but not

with `v4.0.0` of the backend.

For the best experience, **always use the latest compatible frontend and backend releases**.

The releases can be downloaded from the following links:

- [frontend](https://gitlab.fi.muni.cz/inject/frontend/-/releases)

!!! Disclaimer

    If you are upgrading an existing installation, please note that all stored data

    will be lost during the upgrade process, as we cannot guarantee compatibility

    between different versions of the platform.

    If you are upgrading an existing installation, please note that the stored data

    may be corrupted or lost during the upgrade process. We cannot guarantee

    compatibility between different versions of the platform.

    To avoid problems during the upgrade process, please stop the running containers

    We highly recommend removing all existing containers and volumes before upgrading

    to avoid any potential issues. To do so, stop the running containers

    and remove the volumes by executing `docker compose down -v`. Also, make sure to

    rebuild the containers by executing `docker compose up --build` when starting

    them again.

    them again with the new version.

### 7. Add an admin account by following [these instructions](./users.md).