Releases: gerfru/PulseBase
Releases · gerfru/PulseBase
Release list
v1.6.1
1.6.1 (2026-07-09)
Bug Fixes
- ci: unblock PR queue — suppress gosu CVE-2026-27145 + pydantic-settings 2.14.2 (#249) (dea2a1b)
v1.6.0
1.6.0 (2026-06-17)
Features
- insights: /insights page + JSON endpoints (P6) (#232) (cf88d72)
- insights: Feinschliff — Niveau-Kontext, Labels, Markdown (#235) (90134f0)
- insights: persistence + cache-aware generation (P5) (#230) (5d25c47)
- insights: rolling 7-day window + lazy per-segment generation (#236) (c857314)
- insights: wire real week-bounded metrics + reuse evidence catalog (#234) (9875ba7)
Bug Fixes
v1.5.0
v1.4.0
v1.3.0
1.3.0 (2026-06-14)
Features
- account deletion, data export, DSGVO consent (Art. 9/17/20) (61f89e0)
- account lockout after 5 failed logins (OWASP-compliant) (1fe0c5f)
- activity page glassmorphism, light mode fix, pre-commit + CI hardening (a5cc16c)
- activity: synchronized chart crosshair, map layer selector, VO₂max sub-page (#204) (e647409)
- add abbreviation/unit explanations to RPE, Trainingswirkung and metric KPIs (23ff299)
- add activity detail page with GPS map and training effect (c585a34)
- add central settings page with connection management (c7ad182)
- add energy score backfill script + make target (833b6be)
- add epilepsy seizure diary (V15) (8eeaed9)
- add epilepsy seizure diary (V15) (034fa5d)
- add intensity minutes, training status, fix HRV trend display (401d103)
- add intensity minutes, training status, fix HRV trend display (859f3ca)
- add manual sync button with last-sync timestamp and error toasts (18b8b67)
- add new ML metrics for battery pattern and correlations (30164eb)
- add password reset request test and update password query test (a1687e6)
- add plain-language explanations to all ML detail pages (8083992)
- add readiness score info tooltip (19a259d)
- add RF confidence intervals and API route tests (642bb81)
- add running economy metrics (V13) (1f77323)
- add science explanations and sources to all metric detail pages (9f92f50)
- add Sentry DSN configuration for error tracking in ml-service a… (df7b646)
- add Sentry DSN configuration for error tracking in ml-service and sync-service (4fb0a63)
- add tests and configuration for sync-service activities and sleep mapping (104ddb8)
- add weekly volume aggregation and readiness score endpoints to API (af63969)
- aktualisiere Schlafberechnung und entferne Qualitätsfaktor für Tiefschlaf (898343d)
- aktualisiere Trainingsübersicht und verbessere Datenabfrage für Trainingslast (aed6f38)
- api: einheitliche Fehlerform via globale Exception-Handler (#170) (ce4b4b0)
- audit logging + remove garmin-tokens volume (b074efd)
- auto-backfill energy history on ML run when gaps exist (4d401d4)
- body battery pattern analysis (k-means clustering) (bcbed81)
- body battery pattern analysis (k-means clustering) (92011ba)
- CI/CD und Sicherheitsverbesserungen — Trivy Artefakte hochladen, CSP Nonce implementieren, Branch-Namen aktualisieren (cdbf286)
- CI/CD und Sicherheitsverbesserungen — Trivy Artefakte hochladen… (bfc4d1e)
- ci: add JS quality gates — Biome lint, Vitest unit tests, Playwright E2E (580b3c5)
- consolidate dashboard metrics into hero + RPE rating on activity page (0a362dd)
- custom metrics replace Garmin black-box scores (6eb533d)
- custom metrics replace Garmin black-box scores (#roadmap-1-6) (ad5db2a)
- dashboard: update styling for help button and sync action for improved UI (dfca5bf)
- db: per-service DB roles with least privilege (ADR-0001) (a8b6b1f)
- db: per-service DB roles with least privilege (ADR-0001) (e9d5738)
- e2e: implement end-to-end testing workflow and update test configurations (e0f0db1)
- email-verification at registration (2c18d6d)
- encrypt Garmin/LibreLink tokens at rest in DB (a06811e)
- enhance backfill logic to include additional custom metrics for energy scores (fd2b577)
- enhance body battery model with REM sleep data and improve backfill processes (2f8fdb6)
- Enhance evidence catalog with EN 62366-inspired fields and update dashboard (edc6519)
- Enhance metrics rendering and improve sync-service shutdown handling (8cc1cb4)
- erweitere Schlafmetriken um Einschlaf- und Aufwachzeiten sowie Diagramme für Schlafrhythmus (8204484)
- erweitere Wochenparameter auf 56 und verbessere Body Battery-Diagramm-Logik (7fe25e1)
- EU compliance — consent_terms, consent_age, accessibility statement (f52609e)
- expand seizure risk indicator with HRV, body battery, resting HR and vigorous training flags (cb9703d)
- extend ML models + add scientific evidence transparency (f5a50ac)
- Extrahiere Token-Logik in auth_tokens.py und verbessere Sicherh… (5c7eb67)
- Extrahiere Token-Logik in auth_tokens.py und verbessere Sicherheitsüberprüfungen in auth.py und epilepsy.js (0775ce7)
- glassmorphism dashboard redesign and fix training status sync (71e3d9b)
- hardening: app-rules compliance — structlog, caching, CSP, fonts, Docker (96fb992)
- help: enhance help articles with improved search functionality and layout adjustments; add metrics overview script (fbbfd96)
- hero card permanent above tabs + fix stress label + 100% coverage (ccaf546)
- hero card redesign + chart time navigation (49aaab0)
- implement 4 quick-win ML metrics (ACWR, Training Monotony, Sleep Consistency, SpO2 Trend) ([b252bd2](b252bd2d7f4b502df8374454...
v1.2.0 — Public release preparation
AGPL-3.0 license, SECURITY.md, pre-public hardening (gitignore, CIDR, mailmap).
v1.1.0 — Security hardening, code quality & infrastructure
What's new since v1.0.0
Security & Observability
- Token TTL values corrected in password-reset and email-verification mail copy
- Sentry DSN now reaches sync-service and ml-service (was api-only)
- Backup Docker image pinned by digest + included in Trivy CI scan
- Deletion-token no longer logged (was appearing in structured-log output)
- GDPR consent audit log (V27 migration): immutable
user_consent_eventstable for Art. 5(2) accountability - Seizure endpoints now enforce
epilepsy_modeflag at the route layer
Docker & CI Infrastructure
- All three Dockerfiles install from
uv.lock(reproducible builds, no resolver drift) init: trueon sync-service + ml-service (PID 1 / zombie reaping)no-new-privileges:truesecurity option on all app containers- Compose healthchecks upgraded: APScheduler sentinel +
/readyprobe for sync + ml - DB pool utilisation exposed in
/api/metrics(db_pool_used,db_pool_max) - Renovate
dockerfilemanager: digest-only updates automerge - SBOM generation switched from
curl | shto SHA-pinnedanchore/sbom-action
Python Code Quality
asyncio.get_event_loop()→get_running_loop()(deprecated call removed)- IP-hash double-call deduplicated; bcrypt cost factor explicit (
rounds=12) - HRV validation helper extracted; deferred import moved to module scope
libre_passwordexplicitly deleted from memory after use (analogous to garmin.py)
JS Code Quality
activity.jsnow imports shared utilities instead of redefining thembuildHealthChartssplit into per-chart-type helpersdashboard-hero.jssplit intodashboard-ml-feedback.js+dashboard-evidence.jsscoreColorconsolidated to a single threshold across all call sites- Evidence-badge constants (
EV_LEVEL_SHORT,EV_LEVEL_CLS) centralised indashboard-utils.js econRow()output escaped withesc()(XSS hardening)
Tests
- New PATCH-validation test for seizure endpoint (422 path)
- Activity IDOR cross-user E2E test added
- Existing IDOR E2E tests guarded with
CI_HAS_DATAskip-marker - Misleading test names corrected; weak assertion in sync-service test fixed
Infrastructure & Docs
- Deploy and test Compose files moved to
deploy/(cleaner root directory) .gitignoreextended:.mypy_cache/,.pytest_cache/,.ruff_cache/- All documentation synced with current codebase: deploy paths, migration range V1–V27, V26+V27 entries added
- CLAUDE.md env-table corrected (
SYNC_INTERVAL_HOURS, migration range, CI job count)
Dashboard UI (from earlier PRs in this cycle)
- Dashboard ↔ Metrics navigation: clickable charts, curated "Deine Metriken" bar, related-metrics block
- Sticky top-bar, segmented time-range selector, sync status pill
- Time-range labels (1W · 2W · 1M · 3M · 1J) fixed; onboarding dismiss CSP-safe
v1.0.0 — Public-Release-Ready
2026-06-08 · App-Review umgesetzt (alle 13 Findings) + Public-SaaS-Deployment.
- Sicherheit: Reset-Token-TTL, konfigurierbarer DB-Pool, /api/metrics-Fix
- Code-Qualität: api.py/users.py in Feature-Module gesplittet, SpO₂-Refactor
- Tests: Coverage-Gate 75→80, ehrliches JS-Gate
- Public-Deployment: gebündeltes Caddy + Let's Encrypt (
make up-public), Vector-Logs, Backup-Runbook, CI-Smoke-Job - CI/CD:
ci-ok-Gate als Required Check, SBOM via syft - Doku: Traefik→Caddy, Monitoring-Wahrheit, deployment-public.md
PR #164.
v0.6.0 — UX-Polish + ML-Feedback + a11y
2026-06-08 · ML-Feedback (👍/👎), Accessibility-Gate für Detailseiten, Motion-/Style-Polish, Tailwind-Purge-Fix. Letzter Stand vor dem Public-Release-Review.
v0.5.0 — Security-Hardening
2026-06-03 · Security-Waves 9/10/13: Admin-Creds, DOM-XSS/CSRF, DOMPurify, Token-Logik in auth_tokens.py, 100% Coverage über alle 3 Services.