Added error checking for so HEXL synchronization can detect invalid sessions before querying to prevent query failures.
Added simple logic to ensure users can log in even if the HEXL sync fails. Since the HEXL syncs missing logs automatically whenever a user logs in to CommonFrame, this should keep things moving smoothly.
v0.40.0 - Postgres HEXL migration
2025-11-22
Replaced SQLite HEXL.db with a Postgres database schema, marking the first major step toward migration to a scalable system.
Automated setup and migration of HEXL data from legacy SQLite to Postgres.
Reworked user profile data to be pushed as a snapshot to the HEXL upon creation of a new experience log.
Replaced AWS VM’s local instance of Portainer with Portainer-agent to reduce load on the very small AWS VM.
Introduced profile data coarsing when sending profile snapshot to HEXL. Included admin controls for refinement.
Fixed admin settings to allow text fields to expand horizontally.
Added safeguards to prevent duplicate users and preserve existing timestamps.
Limited updates to only the newest matching experience to avoid overwriting history.
Automated populating HEXL statistics with the most recent profile snapshots for more accurate reporting.
Fixed handling of Stroop test tags so they correctly link to stored test results.
Preserved Stroop trial timestamps and improved result ordering.
Ensured Stroop tags match and align with HEXL test identifiers.
Removed the need for placeholder experiences when tagging Stroop data.
Added guards to avoid repeat HEXL syncs during routine flows.
Added horizontal resizing for admin text areas.
Wired in Sentry endpoints to monitor errors and outages externally.
Corrected mail environment variable fallbacks for reliability.
v0.36.2 - App Monitoring
2025-11-18
Added a healthcheck /health endpoint.
Introduced a status page on https://status.cframe.co and included Discord webhooks to allow real time app monitoring.
Replaced entire backend docker stacks with more reliable and easier-to-read compose files.
Added backups for backend files to CFrame documentation.
Made a bunch of mistakes that shouldn't happen again.
v0.36.1 - Pointless security updates but also some useful stuff
2025-10-31
Added encryption scaffolding with runtime toggles and KMS settings, expanded experience entries with encryption metadata, supplied an Alembic migration, documented crypto/key/KMS interfaces for future implementations, and ensured supporting dependencies are declared.
Introduced a HEXL dispatcher that normalizes timestamps and emits anonymized metric payloads after decryption via the trusted backend pipeline.
Refactored HEXL record aggregation to share sanitized data for admin and public analytics, navigation, statistics, and Stroop pages.
Added configurable login throttling defaults and ensured clinician login attempt tables are created during app startup.
Introduced shared throttling utilities and wired them into the primary user login API to enforce exponential backoff with retry hints.
Hardened clinician authentication by logging attempts, applying throttling with retry headers, and enforcing a 30-minute inactivity timeout across protected routes and logout handling.
Added a Demo User settings card so admins can store or clear the demo login email and password while masking password changes in the admin audit log.
Created a reusable helper to fetch stored demo credentials and wired them into both the public login flow and the admin preview context so the button only appears when fully configured.
Updated the login page shortcut and client script to use the configured demo credentials and show a disabled state with messaging when no demo user is available.
Extended _delete_user_data to clear Fitbit, clinician, study, notification, and other dependent records while supporting optional transaction control so account removals no longer leave foreign key violations.
Reused the shared cleanup helper in the admin delete endpoint and reassigned any admin log entries to a surviving administrator before dropping the user record.
Added a regression test that signs up an admin and a study creator to confirm the admin deletion flow succeeds without integrity errors.
Added a fallback in _collect_hexl_record_components so HEXL records always expose a pseudonym derived from the user ID when no profile metadata exists.
Added a regression test ensuring the admin aggregates endpoint returns the fallback pseudonym for users lacking a HEXL profile row.
v0.35.0 - Hotfix HEXL comparison in user statistics
2025-10-30
Declared the SOS threshold constant at module scope so computeHexlComparison and other helpers share the same value without scope errors.
Updated the trigger bucket computation to rely on the shared SOS threshold rather than a shadowed local definition.
Fixed version number. The last update was supposed to be 0.35.0 so I just went ahead and made this one that.
