CHANGELOG

What's new.

Notable changes to the iOS app and sonolex.com.

2026-05-26 — Launch-readiness pass

Product: new Activity card on /profile/ shows joined date, total cases composed, last case timestamp, and verdicts received — all server-side counters, no PHI. Sign-in page simplified: the three "coming soon" methods (Apple ID, voice match, NPI lookup) are hidden until they actually ship; visitors now see only the working email magic-link path. The "Coming to App Store" pill is now a live TestFlight beta request link.

Security: comprehensive Content-Security-Policy (no inline third-party scripts, no framing, strict default-src), plus X-Frame-Options, Permissions-Policy, and Referrer-Policy headers. Verification-email sends capped at five per rolling hour per bearer to keep abuse and Postmark costs in check. Twenty-two common-URL typos (/login/, /signup/, /dashboard/, etc.) now 308-redirect to the correct page instead of returning 404. The DB-backup endpoint is token-gated and returns 404 when the token is unset — prod stays sealed by default.

Observability: backend exceptions stream to Sentry (PHI-scrubbed before send — authorization header redacted, request body never transmitted) for proactive alerting; previously you only learned about bugs from user complaints. External synthetic monitoring via UptimeRobot: six monitors on prod + staging API and web, 5-minute interval, SMS + email on outage. First catch within minutes — found that HEAD requests to the API root and /healthz were 404/405-ing (now fixed; both endpoints accept GET and HEAD).

Discovery: verified in Google Search Console (auto-verified via existing GA4 install — no separate meta tag needed) and Bing Webmaster Tools. Sitemap submitted to both with full XSD schema declaration; 14 pages discovered. Sonolex is now findable on both search engines.

Resilience: nightly DB backup via macOS launchd at 03:17 local — pulls a transactionally-consistent SQLite snapshot from Render, gzips it, retains 30 days. Token stored in Keychain; cron script lives at ~/.local/bin so it survives the T7 drive being unplugged. Dedicated staging.sonolex.com / staging.api.sonolex.com environment with its own Render service, persistent SQLite disk, and a sticky amber banner so QA can never confuse it for prod.

2026-05-25 — Profile, email verification, account deletion

New /profile/ page: edit display name, credentials, institution, role. Send-verification-email flow with 30-minute one-time tokens — verifies you control the email before cases addressed to it become visible. Account deletion with cascade across your threads, cases, audit events, and notifications. Avatar in the top-right of every signed-in page now links to /profile/. Web session expires after 30 days idle.

Supervisor case page now shows the trainee's raw shorthand by default and exposes the hash-chained audit log inline.

2026-05-24 — Educational supervisor review (v1)

De-identified case sharing with magic-link sign-off. Hash-chained audit log. No app install required for the supervisor.

2026-05-23 — Web companion

sonolex.com goes live as a thin client to the iOS engine. Trainee and supervisor flows mirror the app, behind sign-in.

2026-05-15 — iOS v1

Logbook capture, shorthand parsing, board-style summary, PDF export. Local-first, no account required.