Skip to content

chore(release): v1.4.1 — hardening + per-section admin + CI safety nets#149

Merged
MBombeck merged 1 commit intomainfrom
release/v1.4.1
May 8, 2026
Merged

chore(release): v1.4.1 — hardening + per-section admin + CI safety nets#149
MBombeck merged 1 commit intomainfrom
release/v1.4.1

Conversation

@MBombeck
Copy link
Copy Markdown
Owner

@MBombeck MBombeck commented May 8, 2026

Summary

Release v1.4.1 — the followup-marathon's hardening release, packaging the audit-driven security + truthfulness fixes alongside the structural and CI work that landed since 1.4.0.

What's in 1.4.1

Security

  • moodLog SSRF closed (credentials write + sync worker both refuse non-public hosts; redirect: "manual").
  • Central error-message redaction (Bearer …, Telegram bot<token>, query-string secrets) applied to both Wide Events (Loki) and Glitchtip incident path.

Citation accuracy

  • BP classification cites "ESH 2023" everywhere (was ESC/ESH 2018 on dashboard tile + doctor PDF).
  • Steps target source label is "Saint-Maurice JAMA 2020" (was "WHO" — last drift on this).
  • Saint-Maurice "mortality plateau" attribution softened to "continued dose-response benefit through ~12,000 steps/day" (the original paper doesn't actually report a plateau).

CI safety nets

  • Postgres testcontainers integration suite is executable now (10 tests, ~4s, runs in CI).
  • Playwright + axe-core E2E foundation — 5 public-surface specs in CI.

Internal cleanup

  • Admin page split into 14 per-section components (2,702 LOC monolith → 77 LOC shell).
  • Final ESLint error gone (medications dialog refactored to TanStack Query).

Docs

  • README + AGENTS + CLAUDE + OpenAPI + migration guide synced for v1.4 (11 new endpoints documented).

Deferred to v1.4.2

docs/ops/v141-followup-issues.md lists the items the audit found that warrant deeper architectural work — idempotency-race serialisation, encryption-key NODE_ENV gate, refresh-token rotation transactional rewrite, moodLog HMAC lookup column, recharts dynamic split for /insights, MoodEntry @@index migration, glucose-history bound. Six security MEDIUM, three performance P0, plus i18n hardcoded-strings cleanup. Each entry has audit reference, fix shape, and "why deferred" reasoning.

Quality gates

  • pnpm typecheck clean
  • pnpm test — 669 / 669 pass
  • pnpm test:integration — 10 / 10 pass (3.9s)
  • pnpm lint — 0 errors
  • pnpm exec prettier --check — clean on touched files

Operator notes

  • No database migration in 1.4.1.
  • No environment-variable change required to upgrade.
  • No API contract change — every route added in 1.4.0 is still there; no shapes or status codes flipped.
  • Drop-in docker compose pull && docker compose up -d.

🤖 Generated with Claude Code

@MBombeck
chore(release): v1.4.1 — hardening + per-section admin + CI safety nets
a080cd9 
CHANGELOG entry covers the three buckets of change between 1.4.0 and
1.4.1: security hardening from the audit pass (moodLog SSRF closed
+ centralised error redaction), citation-accuracy fixes (ESH 2023
label, Saint-Maurice attribution, steps source), and the CI safety
nets (executable Postgres testcontainers + Playwright/axe-core
foundation), plus the structural per-section admin extraction and
the in-tree docs sync. The deferred items from the audit pass land
in docs/ops/v141-followup-issues.md so they're discoverable for the
v1.4.2 cycle without re-running the audit.

package.json bumped 1.4.0 → 1.4.1.

No DB migration. No env-var change required. No API contract
change.

Co-Authored-By: Marc-André Bombeck <mbombeck@gmail.com>
@MBombeck MBombeck merged commit d18c574 into main May 8, 2026
7 of 8 checks passed
@MBombeck MBombeck deleted the release/v1.4.1 branch May 8, 2026 14:35
MBombeck added a commit that referenced this pull request May 8, 2026
@MBombeck
revert: roll source tree back to v1.4.0 to restore production
e444a90 
Production at healthlog.bombeck.io has been 503-ing since the v1.4.1
deploys started landing on apps-01 (Coolify). The container boots —
Next.js prints "Ready" and the pg-boss workers run — but never
accepts HTTP on :3000, so the Docker healthcheck fails and Traefik
takes the upstream out of rotation. A manual restart, a Coolify
force-rebuild, and a docker-compose pin to the GHCR :1.4.0 multi-arch
image all failed to bring the site back up — Coolify rebuilds the
image from main HEAD on every deploy regardless of the compose
directives.

This commit resets the working tree to commit 21bd46d (v1.4.0
release). Same content that's been running for self-hosters since
yesterday's tag-and-release. The next Coolify deploy will build
from this tree and produce a healthy container.

The v1.4.1 work is NOT lost:
  - PRs #144, #145, #137, #146, #147, #148, #149, #150 remain in
    git history.
  - Their commits are still tagged (`v1.4.1`), still on the GHCR
    multi-arch image (`ghcr.io/mbombeck/healthlog:1.4.1`), still in
    the GitHub Release notes.
  - Self-hosters who have already pulled the v1.4.1 image keep it.
  - Local development continues from main HEAD with the v1.4.1
    code — the regression only surfaced under the Coolify build
    flow.

Re-applying v1.4.1 to production will need a separate cycle to
reproduce the runtime failure under the Coolify build path. That
work is tracked in docs/ops/v141-followup-issues.md (added back
when the tree is reapplied) and the deploy gating in
.github/workflows/e2e.yml will catch this class of bug going
forward.

No DB migration. No env-var change. No API contract change.
Co-Authored-By: Marc-André Bombeck <mbombeck@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MBombeck