Changelog

Release notes and version history for Rankiteo Cyber Underwriting Desktop App

v1.0.9May 4, 2026

Version 1.0.9

Team-portfolio collaboration on Custom Companies (in-page edit, auto-refresh on save/merge, restyled list), split-view routing fix for Add Claim / Edit Claim, copy correction in Collaboration settings

Team collaboration — connect your team's private server

Bring your underwriting work in-house. Enterprise customers can now run Rankiteo Desktop Server on their own infrastructure and connect every underwriter's desktop app to it — your portfolios, your insureds, your audit trail, all on hardware you control.
Your data stays in your network. The on-prem server lives on a Windows VM inside your datacenter. Nothing ever leaves your perimeter — there is no callback to Rankiteo, no hidden mirror to the cloud.
One-click connect. Settings → Collaboration → Connect to your team server. Enter the server address you got from your IT team and your credentials. Done.
Verified connection on first use. The first time you connect, the desktop captures your server's identity and asks you to confirm it matches the one your install team gave you out-of-band. Once confirmed, the desktop refuses to connect to anything pretending to be your server.
Credentials stored safely on your machine. Your sign-in is protected by your operating system's built-in encrypted vault — the same place your browser keeps your saved passwords.
Sign-in survives, accounts stay separate. Sign in once and stay signed in. If a colleague signs in to the same laptop as a different user, they get a clean slate — they never see your data and never inherit your on-prem connection.
Seamless coexistence with the cloud platform. While you're connected to the on-prem server, the cloud sync pauses automatically and a clear banner tells you so. Disconnect and the cloud sync picks up where it left off.
See where every company lives. A new row of badges on Custom Companies shows whether each company is on this machine 💾, in the cloud ☁️, in a team portfolio 🤝, or any combination. No more guessing where the underwriting file actually sits.
Bulk-share your custom companies with the team. Two header buttons on Custom Companies: Save to team — package the companies you've built locally into a brand-new team portfolio on the on-prem server. Merge into team portfolio — append them to a team portfolio that already exists.

Team collaboration — edit together, never overwrite each other

Pick a team, pick a portfolio. The new Team Portfolio section on Custom Companies has a simple cascading picker, scoped to the teams and portfolios your role lets you see.
Click Edit and the row is yours. The page opens the same 9-step underwriting wizard you use to create a local Custom Company — only this time, edits land directly on the on-prem server when you save. While you're editing, every other underwriter on the team sees a 🔒 being edited by Alice badge on that row.
No lost work if you close the laptop. Edits stay protected by an automatic lock that renews itself in the background. If your machine crashes, you lose Wi-Fi, or you simply walk away, the lock releases on its own after a few minutes so the team isn't stuck waiting on you.
Saves are conflict-aware. If two people somehow grabbed the same row at the same time, the second one to save sees a clear conflict modal with their draft preserved and a one-click try again button — zero risk of silent data loss.
Live status for the whole team. Lock badges, available rows, and newly-saved edits update in real time across every connected desktop — no refresh button, no waiting.
Manager override when you need it. Team managers and admins can unlock a row that has been left held by a teammate who left for the day. The displaced editor's draft stays preserved if they come back.
Compliance-grade audit trail. Every change a team member makes — create, edit, or delete — is recorded on the on-prem server with the who, what, when and a full before/after snapshot. Available to your admins through the on-prem admin UI for SOC 2 / GDPR review.

Team portfolio on Custom Companies — collaboration polish

In-page Edit for a team-portfolio insured. Clicking Edit on a row in the Team Portfolio section no longer opens an overlay modal — the page swaps to a full-width inline view of the same 9-step wizard used to create a local Custom Company, with the lock acquire / 30-second heartbeat / release lifecycle preserved.
Auto-refresh of the loaded team portfolio after a Save-to-team or Merge-into-team operation. Save and Merge now broadcast a rankiteo:team-portfolio-mutated window event with the affected portfolioId; the Team Portfolio list listens and reloads when the dispatched id matches the one currently selected.
Team Portfolio insured list restyled to match the local Custom Company table — same columns (Company / Industry / Score / Band / Employees / Status / Actions), same band-colour badge from the SCORE_BANDS palette, same s.actionBtn pill — so the two sections feel like one product instead of two stitched-together views.
Defensive dedup-by-id on the Team Portfolio dropdown. The drainer now accumulates portfolios into a Map keyed by id so older un-restarted on-prem servers (whose user_visible_portfolios SQL view echoed each portfolio once per matching RBAC branch) no longer cause duplicate dropdown rows.

Bug fixes

Fixed Add Claim / Edit Claim navigation in split-view mode. Clicking "Add your first Claim" or the "+ Add a Claim" button on the Claims Management page used to open the same Claims Management page in the other panel instead of routing to the Add Claim wizard. CrmLayout::SplitView::routeToPageId now matches the longest registered multi-segment key (claims/new) before falling back to the parent single-segment key (claims), so /crm/claims/new resolves to AddClaimPage as it should. Same fix applies to the Edit button (which navigates to /crm/claims/new?id=<id>).
Fixed misleading copy on Settings → Collaboration. The Not-connected card used to read "the Portfolio and Custom Portfolio pages will let you load team portfolios" but only the Custom Companies page actually wires up a team-portfolio loader today. Now reads "the Custom Companies page will let you load team portfolios."

v1.0.8April 25, 2026

Version 1.0.8

Free Version (sign-in-free mode), OFAC SDN screener with enriched profiles, Premium Impact 54-control library (CSPM / CASB / SAST-SCA / SIEM / DLP …), tour-mode rebuild, claims fixes

Free Version — full underwriting toolkit, no sign-in required

Free Version is a fully-functional, locally-hosted underwriting environment bundled with the desktop app — no Rankiteo account, no internet connection, no API keys needed for any of the included pages. Pick 'Continue without signing in' on the welcome screen to enter.
Bundled local Python backend (FastAPI compiled with PyInstaller) starts automatically on 127.0.0.1 with a dynamic port at first launch. All Free Version pages talk to it; nothing leaves your machine unless you explicitly download the OFAC SDN list (one-time HTTPS pull from sanctionslistservice.ofac.treas.gov).
Local SQLite database stores your custom companies, portfolio entries, claims, scenarios, and OFAC SDN index — survives reboots, app updates, and device restarts. Located in your user-data folder; you own the file.
Custom Company — score any company by domain, paste a broker submission for AI auto-fill, or upload a SOC 2 / pen-test report. The local scoring pipeline runs the full enrichment + premium model.
Premium Estimation (offline) — full premium model with 21 coverage lines, hazard-group multipliers, regional severity adjustments. Drops a binder-ready quote in seconds.
Portfolio Manager (offline) — every custom company you score auto-lands in your local portfolio with band, score, and a Premium Estimation shortcut. Empty state now points you to Custom Company instead of showing fake demo rows.
Underwriter Tools — 10 tabs of live, client-facing calculators: Premium Impact (54 cyber controls — see dedicated section), ILF Calculator (4 industry curves + custom), Loss Exceedance (single-risk Monte Carlo), Appetite Scorecard (rule-based BIND / REVIEW / DECLINE), IR Readiness, Retention Impact, Cost of Breach, NIST CSF self-assessment, Reserve Calc, Renewal Compare. Everything runs offline.
Claims Management + Add a Claim — 5-step claim intake wizard (Insured & Policy → Loss Details → Financials → Response → Review & Save) feeding a full claims register with sortable table, filters by peril / status, summary cards (total incurred / reserved / paid), edit-in-wizard, delete with confirm, and XLS export.
Quote Letter generator — produces a binder-ready DOCX from a portfolio entry. Brand it, send it, archive it.
UW Memo generator — single-click underwriting memo with risk summary, posture analysis, premium recommendation, and signed audit trail. DOCX export ready to drop into your file.
Policy Wordings library — reference library of cyber policy wordings, base forms, endorsements, war-exclusion variants. Compare, cite, and link directly into your quote letters.
Sanctions / OFAC Screener — curated 30-entry starter list bundled out-of-the-box (ransomware gangs, APT actors, OFAC-designated cyber entities) plus optional one-click download of the official OFAC SDN Advanced list (~20 MB ZIP) for full coverage. See the dedicated OFAC section below for the click-through profile detail features.
AI Copilot integration — Free Version honours the AI provider you configured in the launch wizard (local GGUF model OR external API key for ChatGPT / Claude / DeepSeek). Auto-fill on Custom Company, portfolio Q&A, and underwriting summaries all work in Free mode.
Privacy guarantee: Free Version performs zero outbound calls except (a) the user-initiated OFAC SDN download and (b) external LLM API calls if you configured ChatGPT / Claude / DeepSeek as your AI provider. No telemetry, no analytics beacons, no auto-update phone-home from Free Version pages.

First-launch wizard — 4-step reorder

New step order: AI Copilot → Offline Mode → OFAC Sanctions → Installation. Strictly forward 1→2→3→4 dot progression with no regressive jumps.
Brand-new step #3: OFAC Sanctions question slide (Yes / Skip) + dedicated download progress card on the install screen — the official OFAC SDN list (~20 MB) downloads automatically when you opt in.
Back buttons now on the AI Provider, Offline Mode, and OFAC question slides so any answer can be revisited before installation begins.

OFAC SDN Screener — official-list download + click-through profile detail

Auto-download of the official OFAC SDN Advanced list from sanctionslistservice.ofac.treas.gov, parsed locally into SQLite. Fully offline thereafter.
Status strip on the Sanctions page with green/amber dot, profile + alias counts, last-updated date, and one-click Refresh / Download.
Click any hit row in the screener to open a detail modal with the FULL profile from the SDN store: party type, designation date, country, programs as red pills, primary name, every alias (PRIMARY badge on the canonical one), indexed timestamp.
Addresses (1:N) — every recorded address with country tag.
Identity documents (1:N) — passport / national ID / tax ID / registration number with issuing country, monospace formatting for easy copy-paste into your file.
Crypto wallet addresses (1:N) — BTC / ETH / USDT / TRX with currency tag and a 'sanctions violation' warning footnote. Critical for ransomware payment screening.
Free-text remarks from OFAC's <Comment> element — the often-overlooked context like 'operates the BlackCat ransomware variant'.
Modal closes via × / Close button / backdrop click / Esc key.
Pre-screen modal: if the SDN list isn't installed, the screener no longer returns a misleading 'no hit' verdict against the 30-entry curated starter list — instead it prompts to download with an explicit 'Search anyway (curated only)' opt-out.
Min-length 2-char client guard on the search input — no more raw Pydantic JSON dumps when typing a single character.

Tour mode — full sales-walkthrough rebuild

"Take a Tour" sidebar now organises items into Free / Analyst / Underwriter / Prospector / Enterprise / Other sections. Each item carries its tier badge — green FREE pill for free items, 🔒 tier badge for paid items.
Twin items in the Analyst section: 'Portfolio (Intelligent)' and 'AI Premium Estimation' point to the same routes as their Free twins but show the Analyst badge — visible contrast between the offline and intelligent versions.
Tour mode now grants full Enterprise access so every page is reachable with demo data — no more 'upgrade required' popup blocking exploration.
Global click + form-submit interceptor: every action inside the main content area in tour mode opens a feature-explanation popup with title, description, and an embedded video walkthrough.
Per-page feature explanations covering all 24 CRM pages (Companies, Incidents, Supply Chain, Benchmarks, Premium Estimation, Portfolio, Custom Company, Submission Triage, Accumulation, Loss Exceedance, Benchmark Report, Claims Correlation, Catastrophe, Concentration, What-If, Claims Tracker, Bordereaux, Leads, MCP Tools, Reinsurance Tower, Portfolio Optimizer, Continuous Risk Monitor, Regulatory Center, Emerging Risk Lab, plus all Free-tier pages).
YouTube tour player switched from inline iframe to clickable thumbnail (1280×720, with fallback to 480×360 for older videos). Click opens the watch page in your default browser via shell.openExternal — sidesteps YouTube Error 153 entirely, works for any video regardless of embed permissions.

Underwriter Tools — Premium Impact rework (54 cyber controls)

Expanded the Premium Impact of Security Controls library from 8 → 54 cyber controls organised into 12 underwriting-relevant categories.
Identity & Access (6): MFA on remote + privileged access, MFA on critical SaaS (M365 / Salesforce / Workday), Privileged Access Management (PAM), Single Sign-On, Identity Governance with quarterly reviews, Just-in-Time admin access.
Endpoint (3): EDR / NGAV fleet-wide, Mobile Device Management (MDM), application allow-listing on servers / sensitive endpoints.
Network (6): NGFW at perimeter, WAF on public apps, network segmentation (PCI / OT / corp split), Zero Trust Network Access (ZTNA) replacing VPN, DNS filtering / secure web gateway, email gateway with attachment sandbox.
Cloud Security (5): Cloud Security Posture Management (CSPM), Cloud Access Security Broker (CASB), Cloud Workload Protection (CWPP), Cloud Infrastructure Entitlement Management (CIEM), CIS Benchmarks enforced across cloud accounts.
Application Security / DevSecOps (5): SAST in CI pipeline, SCA (open-source dependency scanning), DAST, secret scanning on all repos, SBOM produced + retained for every release.
Data Protection (6): immutable / offline backups, backups restoration-tested within 90 days, Data Loss Prevention (DLP) on endpoint + email + cloud, data classification + labeling, BYOK / HYOK customer-controlled encryption, device encryption.
Vulnerability Management (7): internal vuln scanning weekly+, external vuln scanning continuous, patch SLA: critical < 14 days at 95% compliance, patch SLA: high < 30 days at 90% compliance, independent penetration test in last 12 months, bug bounty program (HackerOne / Bugcrowd / Intigriti), External Attack Surface Management (EASM).
Detection & Monitoring (6): SIEM with 12+ months log retention, SOAR with automated playbooks, XDR (Extended Detection & Response), UEBA (User Entity Behavior Analytics), threat-intelligence feed integrated into SIEM/EDR, File Integrity Monitoring (FIM) on critical systems.
Incident Response & Recovery (3): IR retainer with named provider (Mandiant / CrowdStrike / Unit 42), documented DR plan with RTO/RPO per system, DR plan tested in last 12 months.
Operations (2): 24×7 SOC (internal or MSSP), tabletop exercise in last 12 months. People (1): phishing training + simulated campaigns.
Governance & Compliance (4): ISO 27001 certification, SOC 2 Type II audit, third-party / vendor risk management program, named CISO with formal accountability + board reporting.
Frontend now groups controls by category with a 'N / M selected' pill per section header — scan completion at a glance during a broker call.
Realistic credit ranges sourced from Marsh / Aon / Coalition / Beazley / Resilience underwriting questionnaires (2024-2025 market).

Free Portfolio — empty-state CTA

When the local DB has no custom companies, the Portfolio page now shows an 'Add a company →' CTA pointing to the Custom Company wizard. Replaces the 6 hardcoded sample rows that previously confused users into thinking they were real data.
Banner copy clarifies 'Free Version stores your portfolio locally on this machine — no data ever leaves your computer.'

Bug fixes

Fixed launch wizard hanging at 'idle' on the OFAC step. Only 'done' and 'error' are terminal states now, with a 15-second stuck-idle guard.
Fixed 'Database locked' error during OFAC SDN import. Loader now commits each 500-row batch and SQLite runs in WAL mode with a 30-second busy timeout.
Fixed OFAC parser returning 0 profiles. XML tag and attribute matching is now case-insensitive so the PascalCase SDN_Advanced.xml parses cleanly.
Fixed tour-mode sidebar showing false 'Analyst' lock badges on Free items. Bare PlanKey strings now resolve correctly in resolvePlans().
Fixed tour-mode popup always showing 'Companies Finder'. TourActionGate now tracks the active split-view page via sidebar and panel navigation events.
Fixed Sanctions screener leaking a Pydantic JSON dump on 1-character queries. Frontend blocks short inputs with a clean inline message.
Fixed 'i.filter is not a function' crash on Claims Management and Add a Claim for cloud users. Both pages now hit the local Python backend with Array.isArray() guards.
Fixed sidebar Logout button doing nothing in Free and Tour modes. Both handlers now clear localStorage rankiteo-mode and rankiteo-guest-mode.
Fixed silent worker failures on Settings → Sanctions → Refresh. Worker exceptions now dump tracebacks to stderr with a wrapped error-state DB write.
Fixed Sanctions screener re-prompting to download OFAC after a successful download. screen() now refetches info before the gate and the page refreshes on window focus.
Fixed Python backend crash at boot caused by a missing python-multipart hidden import. FastAPI Form() routes (Quote Letter DOCX upload) now bundle and start correctly under PyInstaller.
Fixed Free utility pages (UW Tools, Sanctions, Quote Letter, UW Memo, Wordings) silently failing for paid users. All /api/free/* fetches now always target the local Python backend regardless of cloud login.
Fixed OFAC download in Settings → Sanctions silently 404ing for paid users. The /api/free/sanctions/* routes now always go through the local backend, not the cloud API.
Fixed Sanctions status strip staying 'OFAC SDN not installed' right after a successful download. The settings modal now emits an ofac-installed event on done-state transition and the page refreshes its info on the spot.
Fixed AuthGate not awaiting local Python backend startup in cloud mode. Paid users no longer see 'Local Python backend not started yet' or 'TypeError: Failed to fetch' on Free pages.
Fixed License menu showing legacy Basic / Pro / Expert plan names. Now resolves Analyst / Underwriter / Prospector / Enterprise / Free Version / Guest Demo from the user role list.
Fixed Release Notes menu link pointing to /changelog instead of /desktop-app/changelog.
Bug-report mailto now embeds app version, platform, architecture, and Electron version in the subject plus a structured body template so support can route and reproduce without back-and-forth.
Added Data Processing Agreement and Sub-processors entries to Help → Legal, plus a View Pricing & Plans link in Help for users in Free or Tour mode.

v1.0.7April 16, 2026

Version 1.0.7

Reinsurance Tower Designer, Portfolio Optimizer, Continuous Risk Monitor, Regulatory & War Exclusion Center, Emerging Risk Lab

Reinsurance Tower Designer (new page)

Drag-and-drop multi-layer tower builder: Quota Share, Working Layer XoL, Catastrophe XoL, and Aggregate Stop-Loss
Inuring waterfall engine - move layers up/down to test alternative inuring orders; each layer sees the net loss after all preceding layers
Per-layer parameters: cession %, ceding commission, attachment, limit, rate-on-line, reinstatements
Monte Carlo engine runs 1,500 to 10,000 simulated years against the selected portfolio source, returns gross + net EP curves, VaR99 / VaR99.5, and per-layer expected cession
Per-layer economics table: premium, expected cession, loss ratio, RoL, margin
Gross vs Net recovery table at 10 return periods (1-in-0.5 through 1-in-250)
Cession optimizer sweep - automatically iterates QS % from 0% to 70% and surfaces the capital-efficient cession point with $ saved per $ ceded ratio
Save / reload full tower configurations (Mongo-persisted)
Portfolio source picker: run tower against your in-force CRM portfolio OR any saved bordereau

Portfolio Optimizer (new page)

Severity-aware Monte Carlo engine pulls real incident history from the feed (count, max severity, severe count, ransomware history, leak-site hits)
Per-insured Euler/Shapley decomposition of portfolio AAL and TVaR - additive allocation, Solvency II standard
Concentration index (TVaR share ÷ fair share × N): > 1.2 = CONCENTRATOR, < 0.8 = DIVERSIFIER, else NEUTRAL
Recent-catastrophic OVERRIDE: any insured with max severity ≥ 75, ≥ 2 severe incidents in 180d, ransomware history, or leak-site hit is hard-flagged RECENT INCIDENTS and cannot be marked DIVERSIFIER regardless of the math
RAROC heatmap per insured: (premium − expected loss − expense) ÷ (TVaR × capital charge); green if above target, red if capital-destructive
Renewal Walk-Away engine - classifies every policy as RENEW / RE-RATE +X% / NON-RENEW with the exact rate change required to clear the hurdle
User-tunable assumptions (expense ratio, capital charge, target RAROC, target LR) persisted in localStorage
Per-insured incident columns (180d count, max severity) with 🔒 ransomware and 🚨 leak-site icons

Continuous Risk Monitor (new page) - powered by the real incident feed

Reads cyber_portfolio.blog_data (the same source as the Incidents page) in real time - no synthetic signals
Per-insured incident counts in 30 / 60 / 90 / 180 day windows with velocity Δ30d (heating vs cooling)
Severity sum 90d and max severity 90d derived from per-incident severity score
Threat actors observed from incident_details.threat_actor (handles both string and dict/list shapes)
Ransomware families observed from incident_details.ransomware.ransomware_strain (with fallback extraction)
MITRE ATT&CK techniques from incident_details.mitre_correlation with technique IDs and names
Leak-site radar: flags insureds appearing on ransomware leak sites (LockBit, Cl0p, Akira, ALPHV, RansomHub) before FNOL
Portfolio Loss-Ratio Leading Indicator: green / amber / red composite of velocity, severity intensity, leak hits, and distressed share - 60-90 day look-ahead
Per-insured drawer with full signal detail: latest incident with source URL, all actors, all ransomware families, all MITRE techniques, leak-site details
Portfolio Threat Intelligence panel: top threat actors, top ransomware families, top MITRE techniques, top incident types - ranked across the whole book
Severity classification: alert (leak hit OR ≥2 incidents in 30d OR max sev ≥ 75 OR velocity ≥ 2) → watch → ok

Regulatory & War Exclusion Center (new page) - now geography-aware

Regulatory heatmap: maps every insured to 9 applicable regimes based on BOTH industry AND jurisdiction (country code parsed from headquarters address)
DORA and NIS2 only apply to EU entities; SEC Item 1.05 only to US-listed; NY DFS Part 500 only to US financials; HIPAA only to US healthcare; GDPR to EU + UK; CCPA to US; PCI-DSS global; UK FCA to GB - no more false positives on jurisdictional scoping
Unknown-country warning banner when insureds lack headquarters data
Portfolio geography distribution card (country code chips with counts)
Expected regulatory fine tail per insured (max fine × score factor × 40% probability weight)
War Exclusion Engine - replays 5 named state-attributed scenarios (NotPetya, SolarWinds, Viasat, hypothetical grid attack, CrowdStrike-class state sabotage) against the portfolio under LMA 5567A/B wording
Geographic loss multipliers: primary impact countries take 100% of scenario loss (NotPetya → Ukraine), secondary take spillover (EU/US/GB 55%), outside take minimal (5%) - a US-only company isn't hit the same as a UA-based company by NotPetya
Per-insured geo tier badges: PRIMARY / SECONDARY / OUTSIDE with multiplier %
Exclusion efficacy %, gross loss, excluded loss, paid loss by scenario
OFAC Sanctions Audit Ledger - client-side immutable audit trail (timestamp, checker, result) for strict-liability defense

Emerging Risk Lab (new page)

Four-dimension classification for the 2025-2026 frontier risks that traditional cyber wordings handle poorly
AI-BOM Risk: per-insured AI/GenAI exposure score (model risk, prompt injection, training data poisoning, agentic AI, hallucination liability) with Low / Medium / High tier
Quantum HNDL (Harvest Now, Decrypt Later): Critical / Material / Low tier for sectors with long-life sensitive data (banking, health, defense, legal, pharma)
Deepfake / synthetic identity: High / Medium / Low for banking / financial / insurance / legal / executive operations (Arup $25M precedent)
Critical infrastructure dependency: Critical / Material / Low for energy, telecom, transport, water, health, government (CrowdStrike / Fastly / MOVEit / Change Healthcare pattern)
Aggregate Emerging Risk Index (ERI) 0-100 - average of the four dimensions, color-coded
5 tabs: Overview with all 4 tiers / dedicated per-dimension views
Portfolio summary KPIs: AI High count, Quantum Critical count, Deepfake High count, Infra Critical count

Saved Loss Exceedance Scenarios - persistent across pages

New Save / Load dropdown on the Loss Exceedance page - persist a full scenario (coverage limit, retention, severity model, correlation factor, confidence levels, industry filter, reinsurance layer, supply chain contagion, cat bond selection) as a named snapshot
Mongo-persisted per-user in CRM.loss_exceedance_scenarios - survives across devices and sessions
Full CRUD endpoints: GET/POST/PUT/DELETE /api/company/crm/analytics/scenarios with two-step inline delete confirmation (no more window.confirm hangs in Electron)
Cat bond selection round-trips correctly: _selected_bond_id is persisted so reloading a scenario restores the exact bond from the dropdown, not just the underlying catbond_* parameters
Scenario picker on the What-If Simulator - apply any saved scenario's parameters as the baseline pricing assumptions for marginal analysis
Re-run button appears next to the loaded scenario - one click to re-simulate after any tweak
Fetch timeout (AbortController 15s) on all scenario operations prevents frozen save modals when the backend stalls
Active scenario chip is highlighted in blue on the LE page - clear which assumptions are currently loaded

Bordereaux Workbench - major upgrade

RFC-4180-ish CSV parser with auto-detected delimiter (, ; | tab), quoted fields, escaped quotes, BOM, CRLF
Drag-and-drop file upload + paste + Download example bordereau button (20 realistic policies with cedent-format columns)
Smart auto-mapping with ~50 column header aliases (Insured Name / Named Insured / DBA / GWP / SIR / Aggregate Limit …)
Cedent column-mapping templates: save once per cedent in localStorage, auto-apply on next quarter's upload - zero re-mapping
Validation engine: per-row warnings (missing fields, retention ≥ limit, premium > 50% of limit) with green/amber/red banner
Enrichment pipeline per row: insured resolution with match confidence, score + band, incident count, model premium, premium adequacy, rate-on-line
BIND / REVIEW / DECLINE decision engine with reason codes (e.g. 'Score 540 below floor · 3 historical incidents · Premium 65% of model')
Portfolio Impact panel: runs dual parallel Monte Carlo (in-force baseline vs in-force + bordereau) and shows AAL / VaR99 / diversification deltas
Save Bordereau (Mongo-persisted) - every saved bordereau becomes a selectable 'named portfolio' on Loss Exceedance, What-If, Reinsurance Tower, Portfolio Optimizer, and every analytics page
Annotated CSV export with all enrichment columns + decision + reason + warnings
Per-row drill-down: click any insured name → opens Premium Estimation prefilled with that linkedin_id

Backend - shared analytics engine

New severity-aware Monte Carlo engine (_simulate_gross_years) used by Reinsurance Tower, Portfolio Optimizer, and Loss Exceedance
New _fetch_incident_severity_stats helper returns per-insured count, max_severity, severe_count, severity_sum_90d, ransomware_history, leak_site_hit from cyber_portfolio.blog_data
Frequency calibration now factors in count × max_severity × severe_count; severity (lognormal mean) amplified ×2.5 for insureds with max_severity ≥ 80
_enrich_companies now parses country_code from the headquarters field (supports ISO-2 + common full-name mappings) and exposes is_eu / is_us / is_uk flags
New /reinsurance-towers CRUD collection for saving towers per user
bordereau_id and external_ids_merge query params added to /loss-exceedance so any bordereau becomes a usable portfolio source across every analytics endpoint
Defensive field extraction (_safe_str / _safe_str_list / _extract_named_field) - fixes the 'list object has no attribute strip' crash and correctly extracts ransomware_strain from dict-shaped ransomware fields

Cross-page integration

Every analytics page now accepts a saved bordereau as its portfolio source via a dropdown - run Loss Exceedance, What-If, Reinsurance Tower, Portfolio Optimizer, Continuous Risk Monitor, Regulatory Center, or Emerging Risk Lab against any saved cedent book without touching your in-force portfolio
Per-insured name clicks drill into Premium Estimation prefilled with the linkedin_id across every table
Saved Loss Exceedance scenarios (coverage limit, severity model, contagion settings, cat bond config) can be applied on the What-If page so marginal analysis uses the same pricing assumptions

v1.0.6April 9, 2026

Version 1.0.6

Claims Tracker & Bordereaux Upload

Claims Tracker

Full claims register with logging, filtering (by peril/status), and sorting
8 demo claims with realistic data (ransomware, breach, BEC, cloud outage, supply chain)
New claim form: company, peril type, date, incurred/reserved/paid amounts, description, policy limit, retention
Loss development triangle with quarterly origin periods and development factors
Model accuracy tab: predicted AAL vs actual YTD incurred, annualized comparison, per-peril frequency validation
Analytics tab: claims by peril bar chart, claims by status, key metrics (avg severity, payment ratio, limit breaches, loss ratio)
Expandable claim detail view with policy utilization %

Bordereaux Upload (initial release)

Upload CSV of policies — batch-analyze the entire book in one run
4-step wizard: Upload CSV → Map Columns → Analyze → Results
Demo data: 8 policies across Technology, Healthcare, Finance, Manufacturing, Education
Batch analysis: searches each company, fetches score, calculates model premium, compares to actual
Premium adequacy scoring: OK (within 10%), UNDER (>30% below model), OVER
Results summary: total premium, total limit, avg score, model premium, underpriced count
Progress indicator with per-policy analysis status

v1.0.5April 9, 2026

Version 1.0.5

What-If Simulator

New page — test how adding or removing a company impacts portfolio risk before committing
Dual Monte Carlo: runs baseline simulation + modified simulation, compares AAL, VaR99, claim count, diversification, and contagion
Add mode: search any company → simulate adding it to portfolio → see impact
Remove mode: select portfolio company → simulate removing it → see risk reduction
Impact verdict: HIGH / MODERATE / LOW with color-coded delta cards showing before → after
Automated recommendations: 'Caution: adding this company increases AAL by 18%' or 'Positive: diversification improves by 5pp'
Inspired by CyberCube Marginal Risk Analysis ($200K+/year) — included free in Rankiteo desktop

v1.0.4April 9, 2026

Version 1.0.4

Loss Exceedance Model v2.1 — Algorithm Overhaul

Poisson frequency model replaces Bernoulli — companies can now have multiple events per peril per year, critical for tail risk accuracy
Absolute USD severity (NetDiligence 2024 calibration) replaces percentage-of-limit — ransomware mean $4.5M, breach $4.88M, supply chain $4.91M, BEC $250K
Coverage limit now caps losses instead of scaling them — a $4.5M ransomware event costs $4.5M whether your limit is $5M or $200M
24 industry hazard groups (healthcare 1.6x, finance 1.4x, agriculture 0.7x) — aligned with premium engine
Company size multipliers (micro 0.05x → multinational 1.0x) — reuses catastrophe module factors
OEP now tracks max correlated peril event across portfolio (systemic event = single occurrence)
Diversification benefit computed from actual per-company VaR99 distributions (was ~0%, now shows real 15–30%)
Expected claim count per peril in output (annual events, avg severity per event)
Correlation sensitivity shows VaR99 impact at ρ=0.0, 0.10, 0.15, 0.30, 0.50
Coverage limit extended to $200M, retention to $10M
Fuzzy industry matching (40+ keyword patterns) with NAICS 2-digit prefix fallback — no more missed matches on 'Healthcare Services' vs 'healthcare'
Regional severity adjustments: US 1.0x, UK 0.85x, EU 0.80x, APAC 0.70x, Middle East 0.90x, India 0.50x — calibrated to local cost structures
Expected claim count per peril displayed (annual events + avg severity per event)
Model info bar below metrics showing version, calibration source, and claim statistics
Supply Chain Contagion in Monte Carlo — shared vendor dependencies now propagate losses across portfolio companies. When a supply chain attack or cloud outage hits Company A, all companies sharing the same vendor are affected with decay-weighted losses (supply chain 60%, cloud outage 50%, ransomware 20%)
Contagion card shows: shared vendors count, contagion links, total contagion-driven losses, % of AAL from contagion
Automated backtesting: model outputs validated against NetDiligence 2025 (10,402 claims), IBM/Ponemon 2025, Chubb Claims 2026, Coalition 2024 — PASS/REVIEW indicator in model info bar
Backtest checks: frequency (3–20 claims/100 policies), severity ($100K–$12M avg), peril mix (ransomware 15–40%)
Methodology page v2.1: 19 sections including backtesting validation, vendor comparison (vs CyberCube, RMS, Guidewire Cyence), regional severity table

v1.0.3April 9, 2026

Version 1.0.3

Coverage Reinstatement & Excess Layer Pricing

Coverage Reinstatement (inspired by Marsh Cyber ECHO expansion, Apr 2026)

Free 1st reinstatement toggle — restores full policy limit after a claim, with hazard-group-based uplift factor (1.05x–1.15x)
Paid 2nd reinstatement toggle — adds a second reinstatement at a configurable pre-agreed rate (default 33% of annual premium)
Effective aggregate display showing total coverage with reinstatements (e.g. 3× $5M = $15M)
Reinstatement factor chips in premium breakdown (Reinst 1 uplift, Reinst 2 additional cost)
Risk Management Bursary badge for policies with premiums exceeding $1M
Reinstatement parameters included in saved scenarios for what-if comparisons

Excess Layer Pricing

Price excess layers above the primary policy using the ILF difference method (e.g. $10M xs $5M)
Attachment point and excess limit selectors — excess limits up to $200M (matching Marsh Cyber ECHO capacity)
Coverage tower table showing Primary + Excess + Total with per-layer ROL (Rate-on-Line)
Excess premium cards (6m, 1y, 2y) displayed alongside primary premium
Excess factor chip in premium breakdown showing additional cost and ROL percentage
Excess at alternative limit tiers grid ($5M to $200M) with ROL comparison

Reference

Marsh expanded its Cyber ECHO excess facility to $200M capacity and introduced free 1st reinstatement plus paid 2nd reinstatement options (Insurance Business Mag, Apr 8, 2026) - marsh.com/en/services/cyber-risk/expertise/cyber-echo.html
Addresses the well-known aggregate exhaustion gap where a single ransomware event can consume the entire policy limit
Excess layer pricing enables underwriters to model full coverage towers (primary + excess) in a single view

v1.0.2March 31, 2026

Version 1.0.2

Offline Mode & AI Copilot

Offline Mode

SQLite local database for offline persistence - create, edit, score, and delete custom companies without internet
Background sync engine with automatic retry - all offline changes push to the server when reconnected
Smart API response cache for faster loading and offline fallback
Portfolio page shows offline-created companies with 'pending sync' indicator
Offline banner with pending sync count and 'Sync now' button
Auto-refresh on reconnect - portfolio and data reload automatically when internet returns (10s polling)

AI Copilot

Floating AI Copilot panel (bottom-right) with chat interface and streaming token display
Supports both local LLM (Phi-3 Mini GGUF) and external providers (ChatGPT, Claude, DeepSeek)
Portfolio Q&A - ask questions about your portfolio in natural language ('What is my industry concentration?')
Quick actions: Risk Summary, Weak Scores, Concentration analysis
Real-time context injection - API responses are captured as you browse and fed to the LLM automatically
AI token counter in sidebar showing context size and session usage
Clear conversation button to reset chat history
Provider badge shows active LLM (Claude, ChatGPT, DeepSeek, Local, Disabled)
Status updates instantly when provider is changed - no restart needed

AI Auto-Fill for Custom Company

Upload up to 30 PDF broker submissions for automatic data extraction
Paste text mode for emails, proposals, and application forms
Full PDF text extraction via pdfjs-dist (digital PDFs, all pages)
8-step schema mapping with field descriptions, enum values, and example output
Token estimation display before sending (content + prompt + total)
Works with all configured LLM providers (local and external)
Auto-populates all wizard steps: company profile, infrastructure, security controls, compliance, data handling, incidents

First-Launch Setup Wizard

4-step guided setup: Offline Mode → AI Copilot → AI Provider → Installation
Progress bar with step indicators and animated transitions
Offline Mode step explains SQLite, Auto Sync, and API Cache with feature cards
AI Copilot step explains Portfolio Q&A and Document Auto-Fill
AI Provider selection: Local Model vs External LLM with SVG logos for OpenAI, Claude, DeepSeek
API key input with 'Load Models' button that fetches available models from the provider API
Model selector dropdown populated from the provider's model list
Rankiteo icon in wizard header (loaded from resources)
Maximize/restore and close buttons for window control
Real AI model download from HuggingFace (Phi-3 Mini 4K Instruct Q4_K_M, 2.3 GB)

Settings Menu

File → Offline Mode: enable/disable offline with status display (DB ready, pending sync count)
File → AI Copilot: configure/change/disable AI provider with model selection
Tabbed settings modal with Offline Mode and AI Copilot tabs
Enable/Disable buttons with confirmation dialogs
Changes apply immediately - copilot, banner, and sidebar update without restart
API key stored locally in encrypted SQLite database

Performance & Packaging

Installer reduced from 381 MB to 82 MB - heavy AI deps (node-llama-cpp GPU binaries) filtered by platform
node-llama-cpp bundled for Windows CPU only (78 MB vs 712 MB for all platforms)
pdfjs-dist, tesseract.js moved to on-demand download to keep installer small
ESM module compatibility for node-llama-cpp via dynamic import() workaround
Fresh context per LLM request - no more 'No sequences left' errors on consecutive queries
8192 token context window for local model (doubled from 4096)

v1.0.0March 28, 2026

Version 1.0.0

Initial Release

Core Features

Split-view dashboard, Portfolio and Companies side by side with draggable divider
Premium estimation across 21 coverage lines with AI-generated underwriting summary
Catastrophe modeling with stress-test scenarios (cloud outage, ransomware, supply chain attack)
Submission triage with ACCEPT / REVIEW / DECLINE decisions and confidence scoring
Interactive supply chain graph with company logos, score overlays, and multi-depth mapping
Portfolio management with score tracking, tags, notes, and CSV export
Industry benchmarks and benchmark reports with peer comparison
Accumulation risk heatmaps and concentration analysis
Loss exceedance curves with Monte Carlo simulation
Claims correlation analytics
MCP AI tools: company risk summary, side-by-side comparison, exposure check
Lead generation with email drafting and LinkedIn outreach

Desktop Experience

Native Windows, macOS, and Linux application
Split-view panels with maximize/restore and page selector dropdowns
Collapsible sidebar with pin favorites (right-click to pin/unpin)
Dark mode support (Light / Dark / System, follows OS preference)
Global search with Ctrl+K spotlight (searches pages and companies)
Breadcrumb navigation with back/forward buttons
Print and PDF export from any page
Drag & drop CSV import to bulk-add companies to portfolio
System tray with quick-access menu and minimize-to-tray
Session persistence, remembers window position, size, and maximized state
Keyboard shortcuts: Ctrl+1/2/3 navigation, Ctrl+D dashboard, Ctrl+P print, Ctrl+Shift+R reinitialize
Native notifications for session timeout and tray events

Security & Access

Secure authentication via Rankiteo website (browser-based login flow)
Plan-based feature gating (Basic / Pro / Expert) with upgrade prompts
Guest demo mode with full feature preview using sample data
Encrypted token storage via OS-level secure storage
Session timeout detection with automatic re-login prompt

Installer

Windows NSIS installer with license agreement, directory selection, and auto-launch option
macOS DMG with Intel and Apple Silicon support
Linux AppImage for Ubuntu, Fedora, and Debian
Desktop and Start Menu shortcuts
Launch at Windows startup (optional, togglable from File menu)
Clean uninstall with registry cleanup

For bug reports, contact [email protected]

Download Rankiteo Underwriting · Compare Plans