[1.3.56] — 2026-07-03

[1.3.55] — 2026-07-03

[1.3.54] — 2026-07-03

[1.3.53] — 2026-07-03

[1.3.52] — 2026-06-19

[1.3.51] — 2026-06-19

[1.3.50] — 2026-06-19

[1.3.49] — 2026-06-19

[1.3.48] — 2026-06-19

[1.3.47] — 2026-06-18

[1.3.46] — 2026-06-18

[1.3.45] — 2026-06-18

[1.3.44] — 2026-06-18

[1.3.43] — 2026-06-18

[1.3.42] — 2026-06-18

[1.3.41] — 2026-06-18

[1.3.40] — 2026-06-13

[1.3.39] — 2026-06-11

[1.3.38] — 2026-06-08

[1.3.37] — 2026-06-08

[1.3.36] — 2026-06-08

[1.3.35] — 2026-06-07

[1.3.34] — 2026-05-18

[1.3.33] — 2026-05-18

[1.3.32] — 2026-05-13

[1.3.31] — 2026-05-12

[1.3.30] — 2026-05-12

[1.3.29] — 2026-05-11

[1.3.28] — 2026-05-08

[1.3.27] — 2026-05-08

[1.3.26] — 2026-05-08

[1.3.24] — 2026-05-08

[1.3.23] — 2026-05-08

[1.3.22] — 2026-05-08

[1.3.21] — 2026-05-08

[1.3.20] — 2026-05-08

[1.3.19] — 2026-05-08

[1.3.18] — 2026-05-08

[1.3.17] — 2026-05-08

[1.3.16] — 2026-05-08

[1.3.15] — 2026-05-08

[1.3.14] — 2026-05-07

[1.3.13] — 2026-05-07

[1.3.12] — 2026-05-07

[1.3.11] — 2026-05-06

[1.3.10] — 2026-05-06

[1.3.9] — 2026-05-06

[1.3.8] — 2026-05-06

[1.3.7] — 2026-05-06

[1.3.6] — 2026-05-06

[1.3.5] — 2026-05-06

[1.3.4] — 2026-05-06

[1.3.3] — 2026-05-06 — 🚀 Launch

Promoted from v1.3.3-rc1 after virtual_smoke_test passed 18/18 against production Lambda. Builds on v1.3.2 with 27 deploys of panel-driven hardening across 9 hunt rounds. 20 panel-found bugs caught and fixed before public launch; 3 systemic detectors active to prevent regression of those bug classes; 4 panel critical fixes complete (#1 manual smoke-test → automated as virtual_smoke_test.py; #2 comment sweep clean; #3 audit-log coverage on every state-mutating route; #4 cron alerting end-to-end via SNS; #5 Stripe webhook subscription expanded + recovery tier-restore).

Highlights since v1.3.2

Security (CHG-0099, 0101, 0102, 0103) - HSTS header (1y, includeSubDomains) - Session cookie Secure + HttpOnly explicit (F53) - Register + forgot-password rate-limit (F51, F52) - Error-response leak fix — 'details': str(e) removed (F50) - Portal route tier guard (AB-defense)

Reliability (CHG-0106, 0109) - Share-link cross-container fix — DynamoDB-primary storage so doctor-scan QR works regardless of which Lambda container handles the request (F59 — was structurally broken since the share feature shipped) - Past-due → recovery now restores tier via invoice.payment_succeeded handler (F64) - Stripe webhook subscription expanded to all 9 needed event types (F65 — refund/dispute handlers were dead code)

DoS hardening (CHG-0104) - /import upload size cap 5MB, gzip-bomb decompression cap, row-count cap 10K (F56/57/58)

Privacy & UX (CHG-0096, 0099) - Family-member /account panel + Leave Family button + Contact Owner mailto - Family-member /billing shows "you're a member" not broken Manage Billing CTA (F49) - Dunning banner now also fires for canceled state (F48) - API endpoints enforce free-tier 30-day clamp (F60)

Audit + observability (CHG-0107, 0108) - 13 state-mutating routes now emit log_event - All burt crons wrapped with cron_runner.sh → SNS alert on failure (F55, F63) - Stripe webhook handlers added for charge.refunded, charge.dispute.created, charge.dispute.closed

Detection infrastructure - E-harden: CSP-vs-template origin drift detector in correction_engine — F36/F45 class blocked at SVT gate - H-harden: 3 audits refactored to DOM-driven POSTs via _audit_helpers.py — F30/F43 class can't recur - Cron→SNS alerting + IAM policy applied — cron rot now visible

Documentation - docs/launch-smoke-test.md — 13-section, 60-item manual checklist - docs/launch-readiness-audit-coverage.md — gap analysis - scripts/virtual_smoke_test.py — automation covering ~80% of the manual checklist

Status

Promoted to v1.3.3 final on 2026-05-06 after virtual_smoke_test ran 18/18 PASS against production Lambda (CSP, HSTS, cookie flags, F44 regression net, F45 qrserver, F48 banner, F51 rate-limit, F60 API clamp, email enumeration safety, open redirect, free-tier gates). Backer sign-off recorded.

[1.2.81] — 2026-05-06

[1.2.80] — 2026-05-06

[1.2.79] — 2026-05-06

[1.2.78] — 2026-05-06

[1.2.77] — 2026-05-06

[1.2.76] — 2026-05-06

[1.2.75] — 2026-05-06

[1.2.74] — 2026-05-06

[1.2.73] — 2026-05-06

[1.2.72] — 2026-05-06

[1.2.71] — 2026-05-06

[1.2.70] — 2026-05-06

[1.2.69] — 2026-05-06

[1.2.68] — 2026-05-05

[1.2.67] — 2026-05-05

[1.2.66] — 2026-05-05

[1.3.2] — 2026-05-05 — Phase IV correctness release

Patch on top of v1.3.1. Phase IV audit work caught two more latent C1/C2 production bugs before customers hit them. Plus 9 audit scripts wired into nightly_qa.sh so the same bug class cannot silently recur.

Critical fixes

Permanent regression nets (CHG-0078)

9 audit scripts wired into nightly_qa.sh to run unattended every night at 2am UTC: - account_lifecycle_audit.py (T1-T11, 36 assertions) - lifecycle_extended_audit.py (G1 test_clock + G3 owner-deletes + G4 Checkout) - pass6_authenticated_ux.py (authenticated real-browser walk — caught F35) - email_deliverability_audit.py (SES + DNS + suppression + outbound test) - self_host_install_audit.py (Docker pull + run + register on rpulse.local) - admin_endpoint_audit.py (gating across 9 routes × 3 identity classes) - family_tier_backfill.py (dry-run; F30 historical-impact regression net) - phase2_pass4_a11y_perf_conv.py (static a11y/perf scan) - phase2_pass5_real_browser.py (FCP/console/viewport sweep)

Phase IV gap closures

Gap Status
G1 — time-driven Stripe (test_clock period-end cancel) ✅ 7/7
G3 — owner-deletes-with-active-family ✅ 5/5
G4 — Checkout Session path ✅ 4/4
G5 — Pass 6 authenticated UX ✅ 0 C1; F35+F36 fixed; F37-F40 tracked
G7 — email deliverability + manual round-trip ✅ 12/12 + backer-confirmed
G8 — self-host Docker install ✅ 7/7 on rpulse.local
G9 — admin endpoint gating ✅ 18/18 deny-path

Total bugs caught + fixed today (v1.3.0 → v1.3.2)

7 latent C1/C2 production bugs caught before customer impact: 1. 2× P1 in dynamo_integrity.py (CHG-0022) 2. F1 demo-prod parity (CHG-0028) 3. F26 stripe customer_id storage (CHG-0054) 4. F30 family-tier dispatch (CHG-0055) 5. F35 reportlab missing — premium PDF feature (CHG-0082) 6. F36 CSP blocking Tailwind (CHG-0083)

Deploy track record

11 consecutive flawless deploys through the hardened pipeline (v1.2.55 → v1.2.65). Zero retries, zero false positives, zero rollbacks, zero production alerts.

Final state at cut


[1.2.65] — 2026-05-05

[1.3.1] — 2026-05-05 — Account-correctness + defense-in-depth release

Patch release on top of Gold v1.3.0. Every change in this cut is post-Gold hardening — driven by Phase III account-lifecycle audit and the panel's deferred maintenance items. Two latent C1 bugs (one of which had been live since family-plan launch) caught and fixed before causing customer impact.

Critical fixes (account correctness)

Lifecycle E2E audit (NEW permanent regression net)

scripts/account_lifecycle_audit.py — full T1-T11 transition matrix verified end-to-end against real Stripe (test mode) + real Lambda webhook + real DynamoDB. 36/36 PASS: - T1 register → free - T2 free → Solo (Stripe monthly subscribe) - T3 Solo → free (cancel — customer_id preserved) - T4 free → Family (Stripe family-monthly subscribe) - T5 Family + 2 members via single-use invite tokens - T6 Family → free (cancel + member fan-out) - T7 owner kicks member (/family/remove-member) - T8 member self-deletes (soft-delete pending_deletion_at) - T9 Solo → Family upgrade via Subscription.modify (price change without cancel/recreate) - T10 Family → Solo downgrade with member revocation - T11 cap-reached blocking (4 members succeed, 5th rejected)

Family plan correctness

Defense-in-depth security headers

Frontend performance

Documentation

docs/ITIL-PRACTICES.md — comprehensive runbook of the 8 active ITIL 4 practices (Change Enablement, Service Validation & Testing, Deployment Management, Release Management, Continual Improvement, Problem Management, Service Configuration Management, Knowledge Management), the deploy lifecycle, the operator runbook procedures, and the active observability stack.

Bugs caught + fixed by today's audits (all pre-merge)

Deploy track record

9 consecutive flawless deploys through the hardened deploy pipeline (CHG-0016): v1.2.55 → 1.2.56 → 1.2.57 → 1.2.58 → 1.2.59 → 1.2.60 → 1.2.61 → 1.2.62 → 1.2.63 → 1.2.64. Strict version-match assertions, auto-republish version.json + changelog, --lambda-only WARN banner, all firing as designed. Zero retries. Zero false positives. Zero rollbacks.

Final state at cut


[1.2.64] — 2026-05-05

[1.2.63] — 2026-05-05

[1.2.62] — 2026-05-05

[1.2.61] — 2026-05-05

[1.2.60] — 2026-05-05

[1.3.0] — 2026-05-05 — 🥇 Gold release

The first release-readiness Gold cut. Two-phase audit completed in a single intensive session. All 8 Gold readiness criteria met (zero open C1, zero open C2, all 8 personas pass primary journey, demo-prod parity, WCAG 2.2 AA strict via real-browser harness, performance budget met, 5th consecutive flawless deploy).

Phase I — Account self-heal blueprint (panel of 2026-05-02)

36 expert-panel recommendations across 5 layers all closed: - L1 architectural seams (1.1–1.7): removed entry-data _query_cache, moved reset-tokens to DynamoDB, unified user-identity helper, moved CSRF to a before_request enforcer with allowlist, soft-delete grace + reaper, Stripe webhook idempotency via event.id dedup, sparse GSIs for family-invite + family-owner. - L2 login-time heals (2.1–2.6): per-user Stripe customer-id heal at login, 15-min TTL on pending-2FA session keys, lockout clamp to 24h ceiling, session fingerprint binding (UA + IP /24) via CHG-0020, ConsistentRead=True on write-then-read user paths via CHG-0019, selfheal.{name} audit-event channel. - L3 background reconcilers (3.1–3.6): daily grace-period reaper, 15-min Stripe ↔ DynamoDB tier reconciler, dynamo_integrity.py --fix with allowlist + circuit breaker (CHG-0022 caught two latent P1 bugs that would have deleted ~5,200 production rows had --fix been enabled unsupervised), synthetic password-reset probe every 30 min (CHG-0026), synthetic Stripe checkout roundtrip (CHG-0027), partial-deletion retry reaper. - L4 admin tooling (4.1–4.8): Account State Bundle endpoint, per-user health badges, reset-token replay tool, force-tier-reconcile button, request outcome tagging, auth-pathway tagging, class-aware audit retention (365d security / 180d operational), permanent deletion-audits sink with hashed-email survivability. - L5 UX (5.1–5.7): three-state reset-token error messages, lockout flash with reset-password CTA, support-error includes rp_customer_id, family-invite explicit failure messaging, one-time self-heal toast, anti-enumeration register flow, "export-and-delete" combo button.

Phase II — UX/QA/release-readiness audit (panel of 2026-05-05)

5-pass expert-panel audit closing every Gold-blocking finding: - Pass 1 — Link & page integrity sweep: crawled 91 URLs across landing/demo/prod surfaces. Real findings F1–F9. - Pass 2 — 8-persona click-path matrix: Marcus (hypertension), Priya (privacy), James (post-cardiac, low literacy), Homelabber (Docker-native) deep-dives + Daniela (gestational), Linda+Rosa (caregiver), Garmin Refugee, Skeptic light passes. Findings F10–F15. - Pass 2.5 — methodology re-validation: corrected probe artifacts; closed F10/F14/F15 plus dissolved Marcus #7 false alarm. - Pass 4 — static a11y/perf/conversion: WCAG 2.2 AA structural checks across all surfaces. Findings F18–F25. - Pass 5 — real-browser harness (Playwright + Chromium): 11 pages × 3 viewports (360/768/1280). 0 C1, 0 C2, 0 C3. Every page FCP < 828ms ("Good" Web Vitals), 0 JS console errors, 0 broken sub-resources, 0 mobile-viewport overflow.

Deploy-pipeline hardening

Observability shipped

CHG-0028 — F1 demo-prod parity (the last Gold-blocker)

Demo's /login, /register, /forgot-password now render real auth forms (parity with prod). Auto-login on / is preserved for frictionless preview. Implementation via DEMO_AUTH_UI_PATHS allowlist in app.py:demo_auto_login before_request handler. Discovered + corrected the 3-week drift on rangepulse-demo Lambda (deploy.sh historically only updated rangepulse-app); follow-up CHG-0053 will fix the pipeline gap permanently.

What's deferred (post-Gold maintenance release)

See changes/GOLD-1.3.0-RELEASE-MANIFEST.md for the full readiness-gate evidence.


[1.2.59] — 2026-05-05

[1.2.58] — 2026-05-05

[1.2.57] — 2026-05-05

[1.2.56] — 2026-05-05

[1.2.55] — 2026-05-04

[1.2.54] — 2026-05-04

[1.2.53] — 2026-05-04

[1.2.52] — 2026-05-04

[1.2.51] — 2026-05-04

[1.2.50] — 2026-05-04

[1.2.49] — 2026-05-04

[1.2.48] — 2026-05-04

[1.2.47] — 2026-05-04

[1.2.46] — 2026-05-04

[1.2.45] — 2026-05-02

[1.2.44] — 2026-05-02

[1.2.43] — 2026-05-02

[1.2.42] — 2026-05-02

[1.2.41] — 2026-05-02

[1.2.40] — 2026-05-02

[1.2.39] — 2026-05-02

[1.2.38] — 2026-05-02

[1.2.37] — 2026-05-02

[1.2.36] — 2026-05-02

[1.2.35] — 2026-05-02

[1.2.34] — 2026-05-02

[1.2.33] — 2026-04-20

[1.2.32] — 2026-04-19

[1.2.31] — 2026-04-19

[1.2.30] — 2026-04-19

[1.2.29] — 2026-04-19

[1.2.28] — 2026-04-19

[1.2.27] — 2026-04-19

[1.2.26] — 2026-04-19

[1.2.25] — 2026-04-19

[1.2.24] — 2026-04-19

[1.2.23] — 2026-04-19

[1.2.22] — 2026-04-19

[1.2.21] — 2026-04-19

[1.2.20] — 2026-04-19

[1.2.19] — 2026-04-19

[1.2.18] — 2026-04-18