⚠️ Breaking Changes — Authentication Rebuild
This release replaces the legacy JWT/Passport auth stack with Better Auth. Self-hosters must update their backend env vars before deploying. Existing users keep their passwords — no resets required.
Required new environment variables (apps/backend/.env)
# 32+ character random secret. Generate with: openssl rand -base64 32
BETTER_AUTH_SECRET=<your_random_secret>
# Backend's public base URL where /api/auth/* is served.
BETTER_AUTH_URL=http://localhost:3000
# Frontend's public URL — must match the browser's actual origin
# (http:// in dev, https:// in prod). Mismatch → 'invalid origin' error.
FRONTEND_URL=http://localhost:5173
# Optional
# PASSKEY_RP_ID=hivepal.app
# COOKIE_DOMAIN=.hivepal.app
Database migration
If you run the official Docker image, migrations run automatically on container start — no manual step is needed. For non-Docker deployments, run pnpm prisma migrate deploy before starting the new backend.
The migration adds Session/Account/Verification/Passkey tables, copies existing bcrypt hashes into Account, and drops the old User.password column and PasswordResetToken table.
Login keeps working for existing users
The auth layer verifies bcrypt hashes transparently and lazily rehashes them to scrypt on first successful sign-in. New signups use scrypt from the start. No password resets needed.
Auth is now cookie-based
The frontend no longer stores a token in localStorage. Sessions use HTTP-only cookies. If you integrate via Authorization: Bearer …, switch to cookies. Internal HiveScale service calls still forward a JWT (minted server-side from the session with the same JWT_SECRET payload), so downstream backends are unaffected.
In production, your reverse proxy must serve both frontend and backend on the same origin (or set COOKIE_DOMAIN), and preserve the original Origin and Cookie headers.
🚀 What's New
Magic Links & Passkeys
- Magic-link sign-in — passwordless login via email (uses the existing mail provider).
- Passkeys (WebAuthn) — register passkeys from Settings for biometric/device-bound sign-in.
- Admin user management — list users, set passwords (forces change on next login), manage roles.
HiveScale Integration
Full integration with the standalone HiveScale physical-device backend:
- Claim devices, bind channels (
scale_1,scale_2) to specific hives, and share devices asowner/admin/viewer. - Dashboard with weight, hive & ambient temperature, battery & solar telemetry, sound and bee-counter panels, calibration mode, and an insights & history dialog.
- Swarm alert scheduler — periodic check for sudden weight drops, with per-device cooldown, opt-in user preference, and email notifications when a swarm is detected.
AI Assistant Chat & Voice-Driven Inspections
- Conversational assistant scoped to the selected apiary, with streaming responses.
- Update inspections by voice or chat — the assistant proposes structured field changes for you to review before they're applied.
- Edit transcriptions — review and correct a recording's transcription before it's analyzed.
Bulk Add for Inspections & Queens
Add multiple inspections across selected hives in one go, and bulk-create queens with shared attributes (year, marking color, source).
Account Data Export & Import
Export your full account (apiaries, hives, inspections, queens, equipment, preferences, photos) as a ZIP from Settings → Data Transfer, and import it back into a fresh account or another HivePal instance.
Subjective Observations
Inspections now distinguish objective (scored) observations from subjective ones (overall impression). Subjective notes appear in the timeline and detail view but don't affect score calculations.
UI Refreshes
- Inspection detail page redesigned for clearer reading flow.
- New create-inspection view with a mobile-friendly step flow.
- Apiary minimap popover on hive pages for quick spatial context.
- Collapsible homepage sections so you can focus on what matters today.
- Landing page refresh with new typography (Fraunces reserved for large headlines), a Tools menu, and AI voice-inspection highlights.
Hive Measurements & API Keys
First-party endpoints for ingesting hive readings from external scales/sensors, authenticated with per-user API keys.
Public Tools
Tools (swarm management, demaree, etc.) are now publicly accessible without an account, share a unified layout, and include llms.txt + JSON-LD for better LLM/search discoverability.
Miscellaneous
- Onboarding now starts at a later, more relevant point in the first-run flow.
- Photo delete & replace on inspections.
- Bulk audio analysis view for re-running and auditing recordings.
- Pull-mode AI workers — optional pull-based transcription/analysis via
/api/worker/*. - Paleta (
.pltrc) configuration checked in for monorepo contributors.
Harvests
Add and remove hives from a harvest, so you can adjust which colonies contributed after the fact.
🐛 Bug Fixes
- Fixed frame count percentage misalignment in the inspection form.
- Prevented the FAB container from blocking touch input on mobile.
- Various ESLint and SonarCloud cleanups.
🌍 Translations
- Dutch (Nederlands) is now available — full translation contributed via Weblate.
- Spanish (Español) added to the language switcher, with translation underway on Weblate.
- Continued Weblate contributions across supported languages.
🤝 Contributors
- @MacNite — HiveScale integration (PR #184), AI assistant chat, and AI inspection updates
- @Wollycobbles — swarm-management tool (PR #185), inspection percentage fix, mobile FAB fix
- @JacKruczek — continued equipment work
- VisualDuality — Dutch (Nederlands) translation
- Marc Valls Garcia — Spanish (Español) translation
- Weblate translators for ongoing locale contributions
Like a guard bee at the entrance — checking every visitor, letting the right ones in. 🐝🛡️