Switch product and installation telemetry to OTLP/Grafana across runtime config, CI injection, docs, and tests to unify telemetry transport and simplify privacy-focused opt-in behavior.
Sync editor content before submit validation and replace hidden required-field blocking with explicit inline checks. Preserve posted form values and enforce non-empty HTML on backend validation to avoid data loss and confusing no-op behavior.
Prevent 500s during first/parallel purchase-order creation by using collision-safe PO numbering, explicit validation, and reliable commit/error handling in web and API flows. Add regressions for purchase-order edge cases and invoice stock-reduction idempotency to catch adjacent inventory failures before release.
Implement issue #575 by introducing token-based invoice number patterns in settings and unifying number generation across invoice creation paths. This removes hardcoded INV/date formatting and aligns export filenames and bootstrap schemas with stored invoice numbers.
Increase quantity column spans for Invoice Items and Extra Goods on the invoice edit page so values are easier to read, and keep static and JS-added rows aligned.
- queueForOffline now saves url, method, headers, body (replay-safe for localStorage);
legacy items with options only still replayed via fallback
- processOfflineQueue builds fetch options from stored method/body so replayed
requests send the same payload when back online
- Make queueForOffline async and await it in handleFetchResponse/handleFetchException
- Add tests asserting queue stores method/body and replay uses them
- Catch AttributeError/KeyError/TypeError and generic Exception in PEPPOL block;
log with exc_info and show generic warning to user so view still renders
- Avoid silent pass that hid configuration or data errors
- Add test for exception path (mock get_custom_field to raise)
- Reports accept ?days=1-365 (default 30) for configurable date range
- ?format=csv returns CSV download (summary, hours by project, time by date)
with same access control as reports page
- Subtitle shows 'Last N days' when date range is applied
- Add tests for days param and CSV export
- New scopes read:inventory and write:inventory; existing read/write:projects
still grant same inventory access for backward compatibility
- require_api_token() accepts tuple of scopes (any one required); inventory
endpoints accept (read:inventory | read:projects) and (write:inventory | write:projects)
- ApiTokenService: add new scopes to allowed list; document in API_TOKEN_SCOPES.md
- Add tests for inventory report endpoints with scope checks
- /api/activity: return 400 with clear message when start_date/end_date
are not valid ISO 8601; avoid silent pass on parse errors
- Web route /activity: catch ValueError, log and skip filter instead of 500
- Add tests for invalid date formats on API and web routes
- When webhook_secret is set in Jira integration, verify incoming webhooks
via X-Hub-Signature-256, X-Atlassian-Webhook-Signature, or X-Hub-Signature
- Reject requests with missing or invalid signature; no secret = accept all (unchanged)
- Add webhook_secret password field to Connection Settings in Jira config
- Add tests for verification success, missing sig, and invalid sig
- Add keyboard_shortcuts_defaults utility for default bindings and overrides
- Update Settings keyboard shortcuts template for customization UI
- Add KEYBOARD_SHORTCUTS_DEVELOPER.md for implementation and extension
- Add ClientPortalDashboardPreference for per-client/widget dashboard layout and order
- Export new model in models __init__; minor updates to audit_log, link_template, user as needed
Remove from index (keep on disk): .cursor/plans, logs/.gitkeep, logs/app.jsonl,
mobile lib files, tests/__pycache__/*.pyc. These are already in .gitignore;
stopping tracking so future changes are ignored.
- test_installation_config: assert install_id UUID format and config persistence
- test_telemetry_consent_and_base: analytics not sent when opt-out, sent when opt-in
- test_telemetry_consent_and_base: base first_seen idempotent, heartbeat payload schema
- test_telemetry_consent_and_base: install_id stable across calls
- Add telemetry-architecture.md: base vs detailed layers, schema, consent, retention
- ARCHITECTURE: link to telemetry doc and two-layer overview
- analytics.md: two-layer telemetry section and link to architecture
- privacy.md: update base/detailed analytics and retention wording
- all_tracked_events.md: document base_telemetry.first_seen/heartbeat, opt-in events
- settings: distinguish minimal install telemetry (always on) vs optional detailed analytics
- telemetry: update toggle label and data-collection copy for base vs opt-in layers
- List what is collected in each layer and what is never collected
- Register send_base_telemetry_heartbeat_with_app cron at 03:00 UTC
- setup: call check_and_send_telemetry when user opts in during setup
- admin: call check_and_send_telemetry when toggling detailed analytics on
- Delegate track_event, identify_user, track_page_view to telemetry service
- Only send detailed analytics when user has opted in (is_detailed_analytics_enabled)
- Call send_base_first_seen() once at app startup (idempotent per install)
- posthog_funnels: require telemetry_enabled for funnel tracking
- posthog_monitoring: require telemetry_enabled for error/performance events
- Webhook models: remove duplicate index definitions so db.create_all()
no longer raises 'index already exists' (columns already have index=True)
- ImportService: fix circular import by late-importing ClientService,
ProjectService, TimeTrackingService in __init__
- reports: fix F823 by renaming unpack variable _ to _entry_count to avoid
shadowing gettext _ in export_task_excel()
- Code quality: add .flake8 with extend-ignore so flake8 CI passes;
simplify pyproject.toml isort config (drop unsupported options)
- Format: run black and isort on app/
- tests: restore minimal app fixture in test_import_export_models
- Move Python and shell scripts (apply_migration, check_routes, run_tests, etc.) to scripts/
- Move setup-https-mkcert and start-https (bat/sh) to scripts/
- Update start-local-test.bat and start-local-test.sh
- Add RecurringInvoiceRepository and RecurringInvoiceService; refactor recurring_invoice model
- Add GanttService and move gantt logic from route to service
- Expand ReportingService and simplify reports route
- Add license_utils and user license template/settings
- Refactor routes to use scope_filter, api_responses, and services (API v1, timer, admin, invoices, etc.)
- Extend invoice_service for recurring; cache and scope_filter utils; base/template updates
- In section 5.3 Stock Devaluation: note form message when item does not
support devaluation.
- Add 'How to use (UI)' steps for return and waste with devaluation.
- Add API note for POST /api/v1/inventory/movements devaluation parameters.
- Enables closing GitHub issue #385 with a doc reference.
Defer manual entry worked-time recalculation to the next microtask so
the DOM has the latest start/end date and time before reading. Add
input listeners so recalculation runs on every date/time change.
Fixes incorrect duration when end date is in the past (e.g. yesterday)
until the user reselected the end date.
- Add data-devaluation-supported on stock item options (trackable + default cost).
- When return/waste is selected and item cannot be devalued, disable 'Apply
devaluation', show message: 'Devaluation requires a trackable item with a
default cost.'
- Same message for standalone devaluation type when item is unsupported.
- Add en translation string for the new message.
OAuth: Replace deprecated accounting.transactions scope with accounting.invoices and accounting.payments so new Xero Developer apps (on or after 2026-03-02) complete the authorization flow.
Expense sync: Use /api.xro/2.0/ExpenseClaims instead of non-existent /api.xro/2.0/Expenses; read ExpenseClaimID from response.
API: Add optional json_body to _api_request and send invoice/expense payloads (Invoices and ExpenseClaims wrappers) to Xero.
Docs: Add docs/integrations/XERO.md (setup, scopes, sync, troubleshooting) and CHANGELOG entry.
Dries Peeters