The user medications modal (clicking on a 'taken by' badge) was showing
the adjusted stock as total (e.g. 152/152) instead of the package size
(e.g. 152/196).
Changed from getMedTotal() to getPackageSize() for the denominator.
* chore: improve release script for branch protection
- Create PR for version bump instead of direct push to main
- Wait for CI checks before merging
- Auto-merge PR and create signed tag
- Better error handling and gh CLI validation
- Works with GitHub branch protection rules
* chore(ci): create draft releases for manual release notes
Release notes should be descriptive, not auto-generated commit lists.
The workflow now creates a DRAFT release with a template.
User edits the release notes following the style guide, then publishes.
* docs: add AI release notes workflow to instructions
* chore: improve release script for branch protection
- Create PR for version bump instead of direct push to main
- Wait for CI checks before merging
- Auto-merge PR and create signed tag
- Better error handling and gh CLI validation
- Works with GitHub branch protection rules
* chore(ci): create draft releases for manual release notes
Release notes should be descriptive, not auto-generated commit lists.
The workflow now creates a DRAFT release with a template.
User edits the release notes following the style guide, then publishes.
* feat: add About section with version info and update check
- Add About menu item in user dropdown
- Show frontend and backend versions separately
- Add 'Check for Updates' feature using GitHub API
- Compare versions using semver logic
- Cache update check results in sessionStorage (1 hour TTL)
- Link to GitHub repository
- Add i18n translations for EN and DE
- Extend health endpoint to return backend version
* fix: correct i18n interpolation in About modal
- Fix copyright year using dynamic interpolation
- Fix update available message (remove duplicate version placeholder)
- Add download link for available updates
- Change license to GPL-3.0
* fix: correct license to MIT
* chore: sync package.json versions to v1.3.1
The stockAdjustment and lastStockCorrectionAt fields were not being
exported or imported, causing stock corrections to be lost when
doing an export/import cycle.
Changes:
- Add stockAdjustment to inventory schema in export validation
- Add lastStockCorrectionAt to medication export schema
- Export both fields when generating export data
- Import both fields when restoring from backup
The 'Total' display should show the base package capacity (packs × blisters × pills + loose),
not the corrected stock amount. This is the fixed capacity of a full package.
- Add getPackageSize() helper to calculate base total without stockAdjustment
- Use packageSize in medications list 'Total: X pills'
- Use packageSize in medication detail modal 'Current Stock: X / Y'
- getMedTotal() still includes stockAdjustment for coverage calculations
* feat: add stock correction modal with blister-based input
- Add 'Correct Stock' button to medication detail modal
- New modal with Full Blisters + Partial Blister Pills inputs
- Auto-conversion for edge cases (full/negative partial)
- New stockAdjustment field for DB corrections without touching looseTablets
- New lastStockCorrectionAt timestamp to ignore old consumed doses after correction
- Tracking data preserved for future statistics
- Add Drizzle migrations for new columns
- Add translations for en/de
* fix: add stock_adjustment columns to e2e/integration test schemas
- Replace export checkbox with modal offering 'With Images' or 'Data Only' options
- Replace styled label with proper button for file import
- Replace browser alert() with integrated success banner for import confirmation
- Add i18n translations for new modal texts (EN/DE)
The export modal provides a cleaner UX with clear explanations for each option.
The import success message now displays inline with theme-appropriate styling.
- Add 'dismissed' field to dose history export/import
- Add 'takenByPerson' field to handle person-suffixed dose IDs (e.g., 5-0-timestamp-Daniel)
- Update parseDoseId() to extract person suffix from dose ID
- Update buildDoseId() to include optional person suffix
This fixes import losing:
1. Which past doses were marked as taken
2. Which doses were dismissed (cleared missed)
3. Person-specific dose tracking for shared schedules
- Add 'Include medication images' checkbox in export section
- Default: enabled (full backup with images)
- Disabled: much smaller export (~50 KB instead of several MB)
- Helpful for quick backups or when importing to another instance
- Increase nginx client_max_body_size from 10MB to 50MB
- Add bodyLimit: 50MB to Fastify import route
- Allows importing exports with many base64-encoded images
- Add CREATE TABLE IF NOT EXISTS for refill_history in ALTER migrations
- Improve frontend import error handling to show server errors properly
- Parse response as text first to handle non-JSON error responses
Added robust date handling to prevent 'Invalid time value' errors when
exporting dose history and share links. The code now safely handles:
- Date objects that might be invalid
- Timestamps stored as numbers or strings
- Missing or null values
Falls back to current date if conversion fails.
Added prominent warning in copilot-instructions.md that every new feature
touching DB must include ALTER migrations in client.ts, not just schema.ts.
This prevents production 500 errors on existing databases.
Older production databases were missing the stock_calculation_mode column,
causing 500 errors on /export endpoint. Added migration to add column
with default value 'automatic'.
When clicking 'Edit' in the medication detail modal, the modal
now properly closes before navigating to the medications page.
Previously the modal remained visible behind the edit form.
* fix: browser back gesture closes modal instead of navigating
- Push history state when opening medication detail modal
- Handle popstate event to close modal on browser back
- Replace direct setSelectedMed(null) with closeMedDetail() helper
- Improves mobile UX: swiping back closes modal instead of leaving page
* feat: add back-swipe support for all modals
- Add history.pushState/popstate handling for all modal types
- Profile, ShareDialog, EditModal, RefillModal, ImageLightbox,
ScheduleLightbox, UserFilter now all support browser back button
- Mobile users can now swipe back to close any modal instead of
navigating away from the app
- ESC key also triggers proper history-based close for all modals
- Fix duplicate openShareDialog function
- Fix recursive call bug in openUserFilter
* fix: prevent past days count from wrapping to new line
- Add flex-wrap: nowrap to .past-days-toggle
- Add white-space: nowrap and flex-shrink: 0 to .past-days-count
- Ensures (7 Tage), (14 Tage) etc. stays on same line as label
* fix: improve schedule row layout for mobile screens
- Stack schedule label and value vertically on small screens (<400px)
- Add word-break for long text values
- Prevents 'Einnahmeprüfung' and '15 Min. vor geplanter Zeit' from overlapping
* feat: add back-swipe support for image lightbox on share page
- Add history.pushState/popstate handling for lightbox in SharedSchedule
- Mobile users can now swipe back to close image instead of navigating away
* chore(ci): add path filters to skip CI for docs-only changes
- test.yml: Only run on changes to backend/**, frontend/**, or the workflow itself
- docker-build.yml: Only run on code/docker changes (tags still trigger unconditionally)
* docs: move screenshots below GIF and add visual indentation
- Add Medication Refill and Data Export/Import to features
- Add collapsible screenshots section with 8 new screenshots
- Include desktop views: Dashboard, Medication Detail, Edit Form, Planner, Shared Schedule
- Include mobile views: Dashboard, Medications, Schedule
- Remove old dashboard.png, add properly named screenshots
- Add structured format with What's New, Features, Where to Find It
- Prefer bold feature names with inline descriptions
- Minimize emoji usage
- Add comprehensive example based on v1.3.0 release
* feat: Add Medication Refill feature with UI improvements
- Add refill functionality to medications (add packs/loose pills)
- Add refill API endpoint with history tracking
- Add refill section in edit forms (desktop & mobile)
- Add refill modal in medication detail view
- Add refill history display with expand/collapse
- Add schedule lightbox for clicking medication images
- Improve button styling with primary/info/success classes
- Move '+ New entry' button to medication list header
- Lightbox size: 50% desktop, 90% mobile
- Update selectedMed sync after stock changes
- Migrate from schema-sql.ts to Drizzle Kit migrations
* fix: Improve mobile tooltips and refill modal layout
- Center tooltips on screen for mobile devices (fixed position)
- Close tooltips automatically when scrolling on touch devices
- Use click-based tooltip activation instead of hover on mobile
- Fix refill modal buttons to display in two rows on mobile
- Add 'Keep it short' principle
- Add DO NOT include list (no technical details)
- Simplify example release notes
- Remove verbose example with implementation details
- Add dismissed column to dose_tracking table schema
- Add POST /doses/dismiss endpoint for batch dismissing
- Add DELETE /doses/dismiss endpoint to un-dismiss all
- Add frontend dismissedDoses state and missedPastDoseIds useMemo
- Add Clear missed button with confirmation dialog
- Add CSS styles for .past-days-header and .clear-missed-btn
- Add i18n translations for en/de
- Add 5 tests for dismiss endpoints
- Update test schemas with dismissed column
Allows users to acknowledge missed doses without deducting stock.
Closes#28
- Add Pushover to supported services list in UI
- Add Gotify to supported services list
- Add URL placeholder with examples (ntfy, pushover)
- Add link to shoutrrr.dev for all available services
- Change input type from 'url' to 'text' (shoutrrr URLs aren't HTTP URLs)
- Add comprehensive Push Notifications section to README
- Include URL examples for ntfy, Pushover, Gotify, Discord, Telegram
Closes feature request for Pushover support.
* fix(ui): improve Export/Import section layout and styling
- Redesign as two-column card layout with icons
- Remove CAPSLOCK from labels
- Add proper descriptions for export and import sections
- Improve checkbox and button styling
- Make responsive for mobile
* fix(ui): clean up Export/Import section design
- Remove ugly folder icons
- Replace hint text box with info tooltip on title
- Cleaner h3 styling with uppercase letters
- Better visual hierarchy
* feat: add data export/import functionality
- Add /export and /import API endpoints with schema-independent JSON format
- Export includes: medications, dose history, settings, share links
- Uses _exportId references for medications, remapped on import
- Images exported as base64 data URLs
- Optional sensitive data inclusion (shoutrrr URLs, etc.)
- Import replaces all existing data with confirmation warning
- Add comprehensive test coverage
- Add English and German translations
- Add frontend UI in Settings page with export/import controls
* fix: correct JSX structure and TypeScript types
- Fix modal placement outside ternary expression in Settings
- Add type assertion for request.body in import route test
* docs: translate copilot-instructions to English
- Add explicit rule that English is the primary language
- Translate all German sections to English
- User may communicate in German, but all project artifacts must be English
* ci: prevent duplicate test runs - tests only on PRs, inline tests for builds
* docs: add testing and CI/CD documentation
* security: fix CodeQL vulnerabilities (SSRF, XSS, rate limiting)
- Add URL validation to prevent SSRF attacks on notification endpoints
- Block private IPs (10.x, 172.16-31.x, 192.168.x, 169.254.x)
- Block localhost and internal hostnames
- Only allow HTTP/HTTPS protocols
- Add HTML escaping for medication names in email templates (XSS)
- Add stricter rate limiting for auth routes (5 req/15min for login/register)
- Add SSRF protection tests (405 tests total)
* security: add rate limiting to remaining auth routes
* chore: add CodeQL config to suppress rate-limit false positives
Rate limiting IS implemented via @fastify/rate-limit plugin:
- Global: 100 req/min (index.ts)
- Auth routes: 5-10 req/min via config.rateLimit option
CodeQL doesn't recognize Fastify's plugin-based rate limiting pattern.
* ci: switch to CodeQL Advanced Setup
- Add custom codeql.yml workflow
- Configure to use codeql-config.yml
- Exclude js/missing-rate-limiting rule (false positive)
Rate limiting is implemented via @fastify/rate-limit plugin
* ci: add explicit permissions to workflows
Fixes CodeQL 'Workflow does not contain permissions' warnings.
Sets minimal 'contents: read' at top level.
* ci: add manual trigger to CodeQL workflow
* ci: add explicit permissions to all workflow jobs
* build(deps): bump esbuild, @vitest/coverage-v8 and vitest in /backend
Bumps [esbuild](https://github.com/evanw/esbuild) to 0.27.2 and updates ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). These dependencies need to be updated together.
Updates `esbuild` from 0.21.5 to 0.27.2
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.21.5...v0.27.2)
Updates `@vitest/coverage-v8` from 2.1.9 to 4.0.16
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.16/packages/coverage-v8)
Updates `vitest` from 2.1.9 to 4.0.16
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.16/packages/vitest)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.2
dependency-type: indirect
- dependency-name: "@vitest/coverage-v8"
dependency-version: 4.0.16
dependency-type: direct:development
- dependency-name: vitest
dependency-version: 4.0.16
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
* docs: add GitHub issue templates
- Bug report template with deployment type, browser info, logs
- Feature request template with affected area, priority
- Config with link to discussions and README
- Optimize test.yml to skip tests for non-code changes
* Initial plan
* Remove database schema duplication by creating shared schema-sql.ts module
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com>
* Refactor frontend date formatting to eliminate duplication
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com>
* docs: Add branch protection warning and PR workflow to instructions
* ci: remove paths filter from test workflow to fix branch protection
* fix: add .js extension to schema-sql imports for ESM compatibility (#15)
* feat: add setting to skip reminders for taken doses
- Add skipRemindersForTakenDoses setting to database schema
- Extend settings API to save and load new setting
- Update intake reminder scheduler to filter taken doses
- Add frontend toggle in settings with i18n (EN/DE)
- Only check doses from today (timezone-aware)
- Update all test schemas with new field
- All 405 tests passing
* feat: add repeat reminders for missed doses
- Add repeatRemindersEnabled and reminderRepeatIntervalMinutes settings
- Refactor intake reminder state from array to object with sendCount tracking
- Update scheduler to send repeated reminders at configurable intervals
- Only remind for today's doses (timezone-aware filtering)
- Add frontend toggle and interval input (5-480 minutes) in settings
- Maintain backward compatibility for old state file format
- Update all test schemas and assertions
- All 406 tests passing
* feat: add nagging reminders with max limit and ENV defaults
- Add maxNaggingReminders setting to limit repeat reminders (1-20)
- Add ENV defaults for all user settings (DEFAULT_*)
- Add ALTER TABLE migrations for backward compatibility
- Add smtpConfigured/shoutrrrConfigured to health endpoint
- Fix Push toggle to allow enabling without existing URL
- Disable skip/repeat toggles when no notifications enabled
- Add Pocket ID button to registration page
- Add getTodaysIntakes() for repeat reminder logic
- Update translations (en/de) for new settings
- Add comprehensive tests for new features
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com>
- Bug report template with deployment type, browser info, logs
- Feature request template with affected area, priority
- Config with link to discussions and README
- Optimize test.yml to skip tests for non-code changes
Daniel Volz
Copilot
dependabot[bot]