Replaced SQLite HEXL.db with a Postgres database schema, marking the first major step toward migration to a scalable system.
Automated setup and migration of HEXL data from legacy SQLite to Postgres.
Reworked user profile data to be pushed as a snapshot to the HEXL upon creation of a new experience log.
Replaced AWS VM’s local instance of Portainer with Portainer-agent to reduce load on the very small AWS VM.
Introduced profile data coarsing when sending profile snapshot to HEXL. Included admin controls for refinement.
Fixed admin settings to allow text fields to expand horizontally.
Added safeguards to prevent duplicate users and preserve existing timestamps.
Limited updates to only the newest matching experience to avoid overwriting history.
Automated populating HEXL statistics with the most recent profile snapshots for more accurate reporting.
Fixed handling of Stroop test tags so they correctly link to stored test results.
Preserved Stroop trial timestamps and improved result ordering.
Ensured Stroop tags match and align with HEXL test identifiers.
Removed the need for placeholder experiences when tagging Stroop data.
Added guards to avoid repeat HEXL syncs during routine flows.
Added horizontal resizing for admin text areas.
Wired in Sentry endpoints to monitor errors and outages externally.
Corrected mail environment variable fallbacks for reliability.
v0.36.2 - App Monitoring
2025-11-18
Added a healthcheck /health endpoint.
Introduced a status page on https://status.cframe.co and included Discord webhooks to allow real time app monitoring.
Replaced entire backend docker stacks with more reliable and easier-to-read compose files.
Added backups for backend files to CFrame documentation.
Made a bunch of mistakes that shouldn't happen again.
v0.36.1 - Pointless security updates but also some useful stuff
2025-10-31
Added encryption scaffolding with runtime toggles and KMS settings, expanded experience entries with encryption metadata, supplied an Alembic migration, documented crypto/key/KMS interfaces for future implementations, and ensured supporting dependencies are declared.
Introduced a HEXL dispatcher that normalizes timestamps and emits anonymized metric payloads after decryption via the trusted backend pipeline.
Refactored HEXL record aggregation to share sanitized data for admin and public analytics, navigation, statistics, and Stroop pages.
Added configurable login throttling defaults and ensured clinician login attempt tables are created during app startup.
Introduced shared throttling utilities and wired them into the primary user login API to enforce exponential backoff with retry hints.
Hardened clinician authentication by logging attempts, applying throttling with retry headers, and enforcing a 30-minute inactivity timeout across protected routes and logout handling.
Added a Demo User settings card so admins can store or clear the demo login email and password while masking password changes in the admin audit log.
Created a reusable helper to fetch stored demo credentials and wired them into both the public login flow and the admin preview context so the button only appears when fully configured.
Updated the login page shortcut and client script to use the configured demo credentials and show a disabled state with messaging when no demo user is available.
Extended _delete_user_data to clear Fitbit, clinician, study, notification, and other dependent records while supporting optional transaction control so account removals no longer leave foreign key violations.
Reused the shared cleanup helper in the admin delete endpoint and reassigned any admin log entries to a surviving administrator before dropping the user record.
Added a regression test that signs up an admin and a study creator to confirm the admin deletion flow succeeds without integrity errors.
Added a fallback in _collect_hexl_record_components so HEXL records always expose a pseudonym derived from the user ID when no profile metadata exists.
Added a regression test ensuring the admin aggregates endpoint returns the fallback pseudonym for users lacking a HEXL profile row.
v0.35.0 - Hotfix HEXL comparison in user statistics
2025-10-30
Declared the SOS threshold constant at module scope so computeHexlComparison and other helpers share the same value without scope errors.
Updated the trigger bucket computation to rely on the shared SOS threshold rather than a shadowed local definition.
Fixed version number. The last update was supposed to be 0.35.0 so I just went ahead and made this one that.
v0.34.5 - PHI tagging and sleep data refinement
2025-10-29
Added X, Y, and SoS to Trigger Words table in user and HEXL Statistics page and made them sortable by column.
Highlighted Fitbit data as PHI, surfaced saved-data counts, and added deletion controls on the integration and Fitbit data pages so participants can manage stored imports explicitly.
Added helpers that describe requested Fitbit scopes, summarize stored Fitbit records, protect revoke/delete forms with CSRF, and introduced a deletion route that clears snapshots, sleep logs, and experience metrics only when the user requests it.
Added a “Display options” control group to the 3D scatter analytics card so viewers can toggle markers, trajectory lines, SoS coloring, and SoS-based sizing directly from the dashboard UI.
Set the Sleep Data chart controls to make Hypnogram the default selection, clarified the default label copy, and synchronized stored preferences across pages through local-storage handling and storage events.
