- Add RecurringInvoiceRepository and RecurringInvoiceService; refactor recurring_invoice model
- Add GanttService and move gantt logic from route to service
- Expand ReportingService and simplify reports route
- Add license_utils and user license template/settings
- Refactor routes to use scope_filter, api_responses, and services (API v1, timer, admin, invoices, etc.)
- Extend invoice_service for recurring; cache and scope_filter utils; base/template updates
- In section 5.3 Stock Devaluation: note form message when item does not
support devaluation.
- Add 'How to use (UI)' steps for return and waste with devaluation.
- Add API note for POST /api/v1/inventory/movements devaluation parameters.
- Enables closing GitHub issue #385 with a doc reference.
Defer manual entry worked-time recalculation to the next microtask so
the DOM has the latest start/end date and time before reading. Add
input listeners so recalculation runs on every date/time change.
Fixes incorrect duration when end date is in the past (e.g. yesterday)
until the user reselected the end date.
- Add data-devaluation-supported on stock item options (trackable + default cost).
- When return/waste is selected and item cannot be devalued, disable 'Apply
devaluation', show message: 'Devaluation requires a trackable item with a
default cost.'
- Same message for standalone devaluation type when item is unsupported.
- Add en translation string for the new message.
OAuth: Replace deprecated accounting.transactions scope with accounting.invoices and accounting.payments so new Xero Developer apps (on or after 2026-03-02) complete the authorization flow.
Expense sync: Use /api.xro/2.0/ExpenseClaims instead of non-existent /api.xro/2.0/Expenses; read ExpenseClaimID from response.
API: Add optional json_body to _api_request and send invoice/expense payloads (Invoices and ExpenseClaims wrappers) to Xero.
Docs: Add docs/integrations/XERO.md (setup, scopes, sync, troubleshooting) and CHANGELOG entry.
When the IdP returns an encrypted ID token (e.g. Authentik with Encryption Key
set), Authlib raises UnsupportedAlgorithmError. Previously this was caught
generically and users saw a misleading message about session/cookie/proxy.
- Detect algorithm/JWE-related errors via exception type, module, or message
- Log reason=unsupported_algorithm_or_jwe and a specific warning
- Flash: disable ID token encryption (e.g. leave Authentik Encryption Key empty)
- Keep existing message for real session/state/code failures
The timer blueprint had two view functions named resume_timer, both
registering as endpoint 'timer.resume_timer' and causing Flask to raise
AssertionError on app load.
- Give the 'resume by id' route a unique endpoint: resume_timer_by_id
- Rename the view for GET /timer/resume/<timer_id> to resume_timer_by_id
- Update templates to use timer.resume_timer_by_id for links with timer_id
- Keep timer.resume_timer for POST (resume current paused timer)
- Mileage: Add GET /mileage/export/csv and /mileage/export/pdf with same
filters as list (status, project, client, date range, search). Export
buttons in list header; JS builds export URL from current filter form.
- Mileage PDF: New app/utils/mileage_pdf.py (ReportLab, landscape A4,
totals row for distance and amount).
- Per diem: Add Client filter to list (with client-lock/single-client
handling). Add GET /per-diem/export/csv and /per-diem/export/pdf.
- Per diem PDF: New app/utils/per_diem_pdf.py (same style as mileage).
- Export links always use current filters (no need to submit first).
- CHANGELOG and docs/import_export/README updated.
- Add visible Apply filters button in filter header so users can apply
Start/End date and other filters without scrolling; expand panel if collapsed
- Keep CSV/PDF export links in sync with current filters: set href from URL
on load and update on form change so export (including right-click Open in
new tab / Save link as) always uses the filtered date range
- Document fix in CHANGELOG under [Unreleased]
- Backend: WorkforceGovernanceService.delete_period, delete_leave_request,
delete_leave_type, delete_holiday with permission and state checks
- Web: POST delete routes in workforce blueprint; delete buttons in dashboard
for periods (draft/rejected), time-off (draft/submitted/cancelled), leave
types list, and company holidays (admin only)
- API v1: DELETE endpoints for timesheet-periods, time-off/requests,
time-off/leave-types, time-off/holidays (scopes and admin where required)
- Desktop: deleteTimesheetPeriod/deleteTimeOffRequest in API client; Delete
buttons and handlers in workforce view with confirmation and refresh
- Mobile: deleteTimesheetPeriod/deleteTimeOffRequest in API client; Delete
in popup menus for periods and time-off requests
- Docs: WORKFORCE_DELETE.md, PROJECT_STRUCTURE and API_TOKEN_SCOPES updates
- Add docs/BREAK_TIME_FEATURE.md (timers pause/resume, manual break, API, settings)
- CHANGELOG: add entry under [Unreleased]
- FEATURES_COMPLETE: Timer Management and Manual Time Entry mention break time
- docs/README: link to Break Time feature doc
- Dashboard: Pause/Resume buttons, break and Paused badge, elapsed uses break-adjusted duration
- Timer page: Pause/Resume/Stop, break display
- Floating bar: paused state, Resume on click when paused; use server current_duration when paused
- Manual entry: Break field (HH:MM), Suggest button using default break rules
- Edit time entry: Break field (HH:MM) for admins
- Document accumulated overtime (YTD) and where it appears (dashboard, analytics, workforce)
- Document take-overtime-as-paid-leave flow, API endpoints, and new helpers
- Add migration 136 and test_overtime_leave.py to Testing section; bump version to 1.2.0
- TestOvertimeYTD: get_overtime_ytd / get_overtime_last_12_months structure and values
- test_overtime_leave: request within YTD succeeds, exceeding YTD fails with validation
- Smoke test: assert get_overtime_ytd is available on overtime module
- Workforce dashboard: show Accumulated overtime (YTD) next to Leave Balances
- Add get_overtime_leave_type() and validate requested_hours <= YTD for overtime leave
- Time-off form: 'Take as paid leave' link, overtime type preset, available hours hint
- create_leave_request rejects overtime requests exceeding YTD with clear error
- Main dashboard: compute and display Overtime (YTD) in Month's Hours card
- Analytics: GET /api/analytics/overtime supports period=ytd and start_date/end_date
- API: dashboard stats endpoints include overtime_ytd_hours in response
- get_overtime_ytd(user): returns overtime from Jan 1 through today
- get_overtime_last_12_months(user): returns rolling 12-month overtime
- Reuses calculate_period_overtime; no new DB columns
- Enforce scope in timer routes: start_timer (POST), start_timer_for_project (GET),
and start_timer_from_template; deny with flash+redirect when project/client not allowed
- Add user_can_access_project check in api_start_timer (legacy API), API v1 timer/start,
and kiosk start-timer; return 403 with clear error message
- Scope dashboard Start Timer modal: load active_projects and active_clients via
apply_project_scope_to_model/apply_client_scope_to_model so subcontractors only see
assigned options
- Document timer start scope in SUBCONTRACTOR_ROLE.md (web, API, kiosk, 403/redirect)
On viewports <=767px, skip loading Toast UI Editor for the notes field on manual entry and edit timer pages; use a plain textarea instead. Toast UI is heavy and was freezing/crashing mobile Safari and Chrome. Desktop behavior unchanged. Document in CHANGELOG and MOBILE_IMPROVEMENTS.md.
- Use timer.time_entries_overview instead of timer.time_entries when
building the 'View time entries' URL in the dashboard. The invalid
route name caused BuildError and an error page after stopping the
timer, even though the time entry was saved.
- Document the fix in CHANGELOG under Unreleased / Fixed.
Issue #555: Users could set start/end date but had no visible way to apply filters, and CSV/PDF export could ignore the date range if applied before the AJAX filter ran.
- Add explicit 'Apply filters' submit button so date and other filters are applied on click (and on Enter).
- Export CSV/PDF: on click, build URL from current form params so export always reflects the selected date range and filters.
- Initialize export links from form state on load so they match visible filters.
Fixes#555
Architecture and maintainability improvements per production-readiness plan:
- API v1: Split monolithic api_v1.py into per-resource blueprints
(api_v1_projects, api_v1_tasks, api_v1_clients, api_v1_invoices,
api_v1_expenses, api_v1_payments, api_v1_mileage, api_v1_deals,
api_v1_leads, api_v1_contacts). Register all in blueprint_registry;
keep info, health, auth and remaining routes in api_v1.py.
- Bootstrap: Move setup_logging to app/utils/setup_logging.py and
legacy migrations (task management, issues tables) to
app/utils/legacy_migrations.py. Use SQLAlchemy 2-compatible
db.engine.begin() in legacy_migrations.
- Dashboard: Add AnalyticsService.get_dashboard_top_projects and
get_time_by_project_chart; thin main dashboard route to call
services only and remove inline TimeEntry aggregation.
- Docs: Update ARCHITECTURE.md (module table, API structure, data
flow, design decisions), DEVELOPMENT.md (workflow, build steps,
test examples), CHANGELOG.md (Unreleased refactor entry).
- Move Timer card to top as hero (primary action: start/stop, quick start, repeat last)
- Replace four adjust-time forms with single form and JS-driven delta submit
- Show only last 5 recent entries with columns: Project, Duration, Date, Actions
- Add View all link to Time entries overview; fix post-stop toast URL to time_entries_overview
- Apply max-w-7xl mx-auto to main content for readable width on large screens
- Add first-class sidebar links for Timer and Time entries (above Calendar)
- Fix active state: only Time entries highlighted on time_entries_overview,
only Timer highlighted on other timer.* routes
- Keep Time Tracking dropdown closed on Log time and Time entries pages
- Remove duplicate Time Entries link from Time Tracking submenu
- Add form-input-error and disabled state to form-input in input.css
- Add empty_state_compact and loading_overlay macros to components/ui.html
- Migrate tasks/overdue.html from Bootstrap (_components.html) to Tailwind
(page_header, empty_state, alert from ui.html; consistent cards and grid)
README: document dashboard time-by-project chart, summary report charts and PDF export, post-timer toast, remind-to-log setting; add daily workflow note under dashboard screenshot. CHANGELOG: add Unreleased entries for new features and changes. ARCHITECTURE: mention remind-to-log job and summary report PDF in Data Flow.
Dashboard:
- Add time-by-project chart (last 7 days) with Chart.js horizontal bar; link to Summary report
Summary report:
- Add time-by-project (last 30d) bar chart and daily trend (14d) line chart
- Add one-page PDF export (today/week/month hours + top projects table)
Post-timer flow:
- After stop, show toast "Logged Xh on [Project]" with action link "View time entries"
- Toast manager: optional actionLink/actionLabel for action links in toasts
- Session carries timer_stopped_toast to dashboard; no duplicate flash
Remind to log:
- User setting "Remind me to log time at end of day" + time picker (Settings)
- Hourly job: send one email per day if user has <0.5h logged that day (user TZ)
- Migration 135: notification_remind_to_log, reminder_to_log_time on users
- Remove placeholder version entries [4.8.0], [4.7.1], [4.7.0] with TBD dates
- Rename 'Release Notes Format' to 'Release notes format', reference
Keep a Changelog and Semantic Versioning
- Align section list with actual headings (Added, Changed, Fixed, etc.)
- Version: point to setup.py as single source of truth, link to CHANGELOG
- Tech stack: add Architecture overview link next to Project Structure
- Quick Start: add link to INSTALLATION.md for full steps
- Documentation: add Installation Guide, root Contributing, Development
Guide, Architecture, API quick reference
- Contributing: link to CONTRIBUTING.md and DEVELOPMENT.md
- REST API overview, token auth, base URL /api/v1
- How to get and use API tokens (Admin → Api-tokens, Bearer header)
- Main resources table (projects, time entries, tasks, clients, etc.)
- Curl examples for GET projects and POST time entry
- Links to REST_API.md, API_TOKEN_SCOPES.md, API_VERSIONING.md
- Add root CONTRIBUTING.md with quick overview and links to full guide,
Code of Conduct, and CHANGELOG
- Fix docs/development/CONTRIBUTING.md: use env.example (not .env.example)
for cp command to match repository
Dries Peeters