v2.1.0

v2.1.0 — Synthetic Monitoring & UI Polish

Added

• Synthetic monitoring v0.2.0 — DB-backed config, runtime enable/disable, history dashboard
• Synthetic source filter — hide __synthetic_check from default views and API responses (tri-state filter: hide/show/only)
• Align analytics filter controls with sync logs view layout (quick-select, dropdowns, conditional date pickers)
• Changelog presentation — color-coded section badges, inline markdown, CSS accordion, pagination
• Date-range quick-select buttons for Analytics and Notifications tabs
• Beta branch CI workflow and auto-version tagging on main
• Standalone smoke test workflow with manual dispatch

Fixed

• Include start_time and end_time in synthetic check POST payload
• OIDC settings info boxes render correctly in dark mode
• Smoke test CI: use correct docker-compose.yml (app + db, not dev-only)
• Smoke test CI: add app healthcheck and wait-for-ready retry loop
• Isolate smoke tests from root conftest with -c /dev/null --noconftest
• Quote YAML value containing colon in CI smoke test step

Documentation

• Mark AC-005 (API key rotation) as covered by per-user API key management spec
• Mark synthetic source filter spec as complete (v1.0.0)
• Add and update specs for UI polish features

---

Container image: ghcr.io/finish06/rsync-viewer:v2.1.0

Full changelog: v2.0.0...v2.1.0

v2.0.0 — General Availability

Rsync Log Viewer v2.0.0 — GA Release

Rsync Log Viewer is promoted to General Availability. All milestones (M1–M11) complete.

Highlights

• 12 milestones delivered across 13 development cycles
• 650+ tests, 83% coverage
• Multi-user auth with JWT, RBAC (Admin/Operator/Viewer), and OIDC SSO
• Webhook notifications for failed syncs (Discord, Home Assistant, generic)
• Prometheus metrics and Grafana dashboard templates
• Security hardened — rate limiting, CSRF, bcrypt key hashing, security headers
• Alembic migrations for versioned database schema management
• Container images published to GitHub Container Registry

What's New in 2.0.0

Added

• Smoke test suite (7 tests for deployment verification)
• PR template with quality and TDD checklists
• Project glossary (15 domain terms)
• Service Level Targets (availability, latency, ingestion)
• Smoke test CI job after container build
• Container images now published to ghcr.io/finish06/rsync-viewer

Changed

• Docker tag strategy: latest + sha-{SHA} on main, version tag on v*
• Container registry migrated from private registry to GHCR
• Maturity promoted from Beta to GA

Container Image

docker pull ghcr.io/finish06/rsync-viewer:v2.0.0

Full Changelog

See CHANGELOG.md for the complete history from v1.0.0 through v2.0.0.

v1.11.0: Alembic migrations, codebase hardening, rsync client examples

Highlights

• Alembic database migrations — Replace SQLModel.metadata.create_all() with versioned Alembic migrations, preventing schema drift between models and production database
• Rsync client Docker Compose examples (M10) — Pre-built rsync client container with cron scheduling and SSH key support
• E2E test pipeline — Full integration test: rsync client → SSH transfer → POST to hub → verify parsed log
• Codebase hardening refactor — Split main.py into domain-specific route modules, extracted shared services, removed dead code
• 73 new unit tests for extracted services and helpers
• Grafana dashboard datasource variable (DS_PROMETHEUS) on all panels and queries
• Prometheus metrics and monitoring improvements

Deployment Notes

Existing databases have been stamped with alembic stamp d911ea2048ad. New deployments auto-migrate via entrypoint.sh.

For manual stamping (if deploying to a new environment with existing data):

alembic stamp d911ea2048ad

Stats

• 752 tests passing
• 12 tables covered by baseline Alembic migration
• 17 commits since v1.10.0

v1.10.0 — OIDC Authentication & Reverse Proxy Support

Highlights

OIDC Authentication (M7) — Full OpenID Connect single sign-on support for any OIDC-compliant provider (PocketId, Authelia, Keycloak, etc.).

Reverse Proxy Support — Correct URL resolution behind Nginx, Traefik, Caddy, and other reverse proxies.

Added

• OIDC authentication:
  • Admin-configurable OIDC settings UI (issuer URL, client ID, client secret, provider name)
  • OIDC discovery test button to verify provider configuration
  • Auto-create and auto-link local accounts from OIDC claims
  • State + nonce validation for secure authorization code flow
  • "Hide Local Login" mode with FORCE_LOCAL_LOGIN env var safety fallback
  • Client secret encrypted at rest with Fernet symmetric encryption
  • Callback URL displayed in settings UI for easy provider configuration
• Reverse proxy support:
  • Uvicorn proxy header forwarding (--proxy-headers, --forwarded-allow-ips)
  • Production docker-compose loads .env file into container
• Auto-generate ENCRYPTION_KEY in Docker entrypoint if not provided
• Fallback for legacy API keys without user_id (treated as operator-level)

Fixed

• OIDC callback URL resolves to public domain when behind reverse proxy
• Production container reads ENCRYPTION_KEY from .env file
• API key prefix filter handles legacy keys without rsv_ prefix
• Mobile card layout CSS specificity conflict on desktop
• CSS cache-busting added for static assets

Changed

• Optimized API key lookup, SMTP sending (async), changelog caching, and retention queries

Docker

docker pull dockerhub.calebdunn.tech/rsync-viewer:v1.10.0

v1.9.0 — SMTP Email, Registration Toggle & Mobile UI

What's New

SMTP Email Configuration

Admins can now configure SMTP settings directly from the Settings UI — host, port, encryption, credentials. Send a test email to verify your setup. Credentials are encrypted at rest with Fernet. This lays the groundwork for password reset emails and future notification channels.

Registration Toggle

Lock down new signups with REGISTRATION_ENABLED=false. The registration page shows a "disabled" message and both UI and API endpoints return 403. Useful for production deployments where you want to control who has access.

Sync Logs UI Improvements

• Quick-select date range buttons (Today, 7d, 30d, 90d) now live inside the filter box
• Mobile-responsive card layout below 768px — sync logs are now usable on phones

Dev Seed Data

New python -m scripts.seed command populates the database with sample users, API keys, sync logs, webhooks, and notifications. Great for demos and onboarding.

Security Fix

Password reset tokens are no longer returned in API responses when DEBUG=false. Previously, the token was always exposed regardless of environment.

---

Full changelog: v1.8.0...v1.9.0

Milestone: M11 — Polish & Infrastructure (COMPLETE, 6/6 criteria met)
Tests: 596 passing, 83% coverage

v1.5.0 — Security Hardening

Security Hardening (M3 Phase 3)

This release hardens the application against common web vulnerabilities — rate limiting, improved API key security, security headers, input validation, and CSRF protection.

Added

• Rate limiting with slowapi (60/min authenticated, 20/min unauthenticated) with X-RateLimit-* headers
• Security headers middleware — X-Content-Type-Options, X-Frame-Options, CSP in report-only mode
• Request body size limit middleware (10MB default, returns 413)
• CSRF protection for HTMX form submissions (token-based validation)
• API key hashing with bcrypt (replaces SHA-256)
• API key rotation support — key_prefix and expires_at fields on ApiKey model
• Input validation — raw_content max length (10MB), source_name min length (1)
• 30 security hardening tests covering all 12 acceptance criteria
• Architecture mermaid diagram (docs/architecture.mmd)

Changed

• Upgraded venv from Python 3.9 to Python 3.13
• ApiKey.key_hash max_length increased from 64 to 128 (bcrypt support)
• Test client fixture now includes CSRF token cookie/header

New Configuration

Variable	Default	Description
RATE_LIMIT_AUTHENTICATED	60/minute	Rate limit for authenticated requests
RATE_LIMIT_UNAUTHENTICATED	20/minute	Rate limit for unauthenticated requests
MAX_REQUEST_BODY_SIZE	10485760	Max request body in bytes (10MB)
HSTS_ENABLED	false	Enable Strict-Transport-Security header
CSP_REPORT_ONLY	true	Use Content-Security-Policy-Report-Only

Full Changelog: v1.4.0...v1.5.0

v1.4.0 — Notification History & Debounce Tests

What's New

Notification History Dashboard

• New Notifications tab on the dashboard with HTMX lazy-loading
• Filter by status, webhook name, or source name
• Pagination (20 per page) with previous/next navigation
• Shows webhook name, source, failure type, status badge, HTTP code, attempt number, error message, and timestamp
• Handles deleted webhooks gracefully with [deleted] placeholder
• 17 tests covering all 10 acceptance criteria

API Key Debounce Tests (M5)

• 10 new tests verifying the existing last_used_at debounce implementation
• Covers: first use (NULL), stale key (>5min), fresh key (<5min), and auth regression checks
• Spec: specs/api-key-debounce.md

CI/CD Improvements

• All 21 mypy type errors resolved across the codebase
• Ruff lint error fixed and 15 files reformatted
• All 3 CI gates now pass (lint, type check, tests)

Housekeeping

• 5 stale merged branches cleaned up
• PRD updated: M1, M2, M5 marked COMPLETE; maturity promoted to Alpha
• 264 tests total, all passing

Docker

docker pull dockerhub.calebdunn.tech/rsync-viewer:1.4.0

v1.3.0 — Notifications & Discord Integration

What's New

Failure Detection & Webhooks

• Failure detection — Exit code tracking and stale sync monitoring trigger alerts automatically
• Webhook notification service — Configurable endpoints with retry logic (3 attempts, exponential backoff) and auto-disable after 10 consecutive failures
• Discord integration — Rich embeds with color coding, source filters, rate limiting, and customizable bot identity

Webhook Settings UI

• Full CRUD management at /settings via HTMX
• Add, edit, delete, enable/disable, and test webhook endpoints
• Discord-specific options (color, username, avatar, footer)
• URL validation for Discord webhook URLs

Performance

• Fixed N+1 queries in stale checker and Discord integration
• Added database indexes (webhook.enabled, notification_log composite)
• Reduced excessive DB commits in HTMX handlers
• Debounced API key writes

Bug Fixes

• Added python-multipart dependency for form parsing
• Fixed unhandled exception logging in global error handler

Stats

• 237 tests passing
• 21 new webhook settings UI tests
• Docker image: dockerhub.calebdunn.tech/rsync-viewer:1.3.0