CHANGELOG
What's new.
Notable changes to the iOS app and sonolex.com.
2026-05-26 — Launch-readiness pass
Product: new Activity card on /profile/ shows joined date, total cases composed, last case timestamp, and verdicts received — all server-side counters, no PHI. Sign-in page simplified: the three "coming soon" methods (Apple ID, voice match, NPI lookup) are hidden until they actually ship; visitors now see only the working email magic-link path. The "Coming to App Store" pill is now a live TestFlight beta request link.
Security: comprehensive
Content-Security-Policy (no inline third-party scripts, no framing,
strict default-src), plus X-Frame-Options, Permissions-Policy, and
Referrer-Policy headers. Verification-email sends capped at five per rolling
hour per bearer to keep abuse and Postmark costs in check. Twenty-two
common-URL typos (/login/, /signup/,
/dashboard/, etc.) now 308-redirect to the correct page instead
of returning 404. The DB-backup endpoint is token-gated and returns 404
when the token is unset — prod stays sealed by default.
Observability: backend exceptions stream to
Sentry (PHI-scrubbed before send — authorization header redacted,
request body never transmitted) for proactive alerting; previously you only
learned about bugs from user complaints. External synthetic monitoring via
UptimeRobot: six monitors on prod + staging API and web, 5-minute
interval, SMS + email on outage. First catch within minutes — found that
HEAD requests to the API root and /healthz were 404/405-ing
(now fixed; both endpoints accept GET and HEAD).
Discovery: verified in Google Search Console (auto-verified via existing GA4 install — no separate meta tag needed) and Bing Webmaster Tools. Sitemap submitted to both with full XSD schema declaration; 14 pages discovered. Sonolex is now findable on both search engines.
Resilience: nightly DB backup via macOS
launchd at 03:17 local — pulls a transactionally-consistent
SQLite snapshot from Render, gzips it, retains 30 days. Token stored in
Keychain; cron script lives at ~/.local/bin so it survives
the T7 drive being unplugged. Dedicated staging.sonolex.com /
staging.api.sonolex.com environment with its own Render
service, persistent SQLite disk, and a sticky amber banner so QA can never
confuse it for prod.
2026-05-25 — Profile, email verification, account deletion
New /profile/ page: edit display name, credentials, institution, role. Send-verification-email flow with 30-minute one-time tokens — verifies you control the email before cases addressed to it become visible. Account deletion with cascade across your threads, cases, audit events, and notifications. Avatar in the top-right of every signed-in page now links to /profile/. Web session expires after 30 days idle.
Supervisor case page now shows the trainee's raw shorthand by default and exposes the hash-chained audit log inline.
2026-05-24 — Educational supervisor review (v1)
De-identified case sharing with magic-link sign-off. Hash-chained audit log. No app install required for the supervisor.
2026-05-23 — Web companion
sonolex.com goes live as a thin client to the iOS engine. Trainee and supervisor flows mirror the app, behind sign-in.
2026-05-15 — iOS v1
Logbook capture, shorthand parsing, board-style summary, PDF export. Local-first, no account required.