Changelog
A summary of updates, fixes, and new features shipped to Tolstack.
Feature
Implement client-side caching with SWR
06606ba3- Converted useOrganizations, useProfile, useOrganization, and useAnalysisSharing hooks to SWR
- Configured 60-second deduping interval to reduce redundant API calls
- Maintained optimistic updates for mutations across all hooks
Feature
Enhance canvas selection tools and implement client-side caching
38f901d7- Implemented marquee selection when clicking or dragging on empty space
- Added support for additive selection using Shift+Drag, including within chain drawing mode
- Refined click vs drag detection logic to improve mode switching accuracy
- Fixed scoping issues for Shift-key detection in gap and drawing modes
- Migrated all data-fetching hooks to use SWR for client-side caching and request deduplication
- Reduced API call frequency and improved application responsiveness through state memoization
- Added loading skeletons to the dashboard and analysis pages to improve perceived performance
- Updated the changelog to display GitHub commit hashes and removed internal session references
Feature
Add loading skeletons to dashboard and analysis pages
9c31ea1e- Added skeleton loaders to the Dashboard and Analysis pages to provide visual feedback during data fetching
- Eliminated blank screens during initial page loads to improve perceived performance and UI responsiveness
Improvement
Implement optimistic updates across all data-mutating hooks
38f901d7- Implemented optimistic updates in useOrganizations for createOrganization() and joinOrganization()
- Added optimistic updates in useOrganization for updateOrganization(), updateMemberRole(), and removeMember()
- Added optimistic updates in useProfile for updateProfile() and createProfile()
- Added optimistic updates in useAnalysisSharing for all mutation functions
- Implemented automatic rollback on errors to prevent showing stale data
- Consistent error handling pattern across all hooks
Fix
Add validation schemas and sanitize API inputs
38f901d7- Created centralized Zod validation schemas in lib/schemas/index.ts for all API inputs
- Added validation for feedback submissions, organization creation, profile updates, and analysis metadata
- Implemented runtime validation on feedback API endpoint with structured error messages
- Verified API error responses sanitize sensitive data patterns (API keys, tokens, connection strings)
- Added required field checks, optional field handling, format validation, and length constraints
Fix
Add duplicate membership validation
38f901d7- Added pre-insert membership check in useOrganizations joinOrganization() function
- Query checks existing membership before inserting new records to prevent constraint violations
- Returns descriptive error: 'You are already a member of this organization'
- Prevents silent duplicates and database errors from duplicate join attempts
Improvement
Refactor Supabase client to use shared context
38f901d7- Created lib/supabase/context.tsx with SupabaseProvider component and useSupabase() hook
- Added SupabaseProvider to root layout to provide shared Supabase client instance
- Updated all hooks (useOrganizations, useOrganization, useProfile, useAnalysisSharing) to use shared client
- Removed inline createClient() calls from all hooks
- Added supabase to useEffect dependency arrays where appropriate
- Reduced multiple client instances to single shared context instance
Improvement
Extract StepBadge component for reusability
38f901d7- Created components/ui/step-badge.tsx with StepBadgeProps interface and JSDoc documentation
- Updated toolbar.tsx to import StepBadge from new location
- Removed inline component definition from toolbar
Improvement
Centralize brand color and create glow utility
38f901d7- Created --brand-glow CSS variable in app/globals.css for the brand teal color
- Created .hover-glow utility class for standardized box-shadow glow effect
- Updated 17+ component files to use var(--brand-glow) instead of hardcoded values
- Enables easy future theme changes from a single CSS location
Fix
Add missing slug column to organizations table
38f901d7- Created migration adding slug text not null unique column to organizations table
- Added index on slug column for query performance
- Created lib/utils/slug.ts utility with slug generation and validation logic
- Updated useOrganizations hook to use slug field
- Slug generation handles URL-safe characters and uniqueness constraints
Fix
Execute pending crop rect migration
38f901d7- Added original_image_src text column to tolerance_analyses table
- Added last_crop_rect jsonb column to tolerance_analyses table
- Re-enabled crop rect fields in saveToDb function
- Updated useEffect and useCallback dependency arrays to include new fields
- Verified crop rect serialization and deserialization functionality
Fix
Add foreign key constraint on profiles table
38f901d7- Added foreign key constraint on profiles.id references auth.users(id)
- Configured ON DELETE CASCADE to automatically remove profiles when users are deleted
- Prevents orphaned profile records in database
Improvement
Add composite index for dashboard queries
38f901d7- Added composite index on tolerance_analyses (user_id, created_at DESC)
- Optimized primary dashboard query pattern for fetching user analyses
- Reduces query scan time for users with large analysis libraries
Fix
Increase organization join code entropy
38f901d7- Increased default join code length from 8 to 12 characters
- Expanded possible combinations from ~2.8 trillion to ~4.7 sextillion
- Mitigates brute-force attacks on join codes
Fix
Add rate limiting to feedback API
38f901d7- Implemented Upstash Redis rate limiting at 10 requests per minute per IP
- Added 429 response status for rate-limited requests
- Included Retry-After header in rate limit responses
- Error responses properly sanitized for security
Fix
Restrict profiles table SELECT policy
38f901d7- Updated Supabase RLS SELECT policy to restrict profile access
- Users can only read their own profile or profiles of members in shared organizations
- Prevents enumeration of email addresses and user information
- Verified by comprehensive RLS policy tests
Improvement
Improve canvas UI affordances and interactions
38f901d7- Added SVG <title> elements to arrow labels for native browser tooltips
- Tooltips display 'Click to reposition, double-click to reverse direction'
- Added double-click handlers to arrow labels for direction toggling
- Updated crop mode status indicator with cyan 'Cropping image...' badge
- Corrected status indicator color from incorrect green to proper cyan
- Fixed status badge priority during crop mode
Improvement
Add password requirements guidance and form improvements
38f901d7- Added helper text to password fields: 'Minimum 8 characters, must contain letters, numbers, and symbols.'
- Updated sign-up minLength attribute from 6 to 8 to match requirements
- Updated sign-up placeholder text from 'Min 6 characters' to 'Min 8 characters'
- Applied consistent password requirements guidance across login and sign-up pages
Improvement
Reduce label size slider maximum to 2X
38f901d7- Reduced annotation scale slider maximum from 3X to 2X
- Prevents labels from scaling beyond practical limits
- Improves canvas visibility while maintaining zoom flexibility