|
| 1 | +# Changelog |
| 2 | + |
| 3 | +All notable changes to ProStaff API will be documented in this file. |
| 4 | + |
| 5 | +--- |
| 6 | + |
| 7 | +## [1.0.3] - 2026-03-23 |
| 8 | + |
| 9 | +### Added |
| 10 | + |
| 11 | +#### Support System |
| 12 | +- Full support ticket lifecycle: create, view, update, close, reopen |
| 13 | +- Support ticket messages with types: `user`, `staff`, `system`, `chatbot` |
| 14 | +- Staff dashboard with real-time stats (open, in_progress, waiting_user, urgent, unassigned, my tickets) |
| 15 | +- Staff analytics: tickets created/resolved, avg response time, avg resolution time, resolution rate, trending issues by category |
| 16 | +- Ticket assignment and resolution by staff members with audit logging |
| 17 | +- Chatbot integration (OpenAI) on ticket creation with FAQ suggestions and LLM solution |
| 18 | + |
| 19 | +#### File Attachments (Supabase S3) |
1 | 20 | - `POST /api/v1/support/uploads` — authenticated file upload endpoint |
2 | 21 | - Supabase S3-compatible storage via `aws-sdk-s3` |
| 22 | +- Validation: allowed MIME types (image/*, PDF, TXT, CSV), max 10MB per file |
| 23 | +- Pre-signed URL generation (1h expiry) on message serialization |
| 24 | +- Attachments stored as JSONB on `support_ticket_messages` |
| 25 | + |
| 26 | +#### Internal Messenger |
| 27 | +- Real-time team chat via Action Cable (WebSockets) |
| 28 | +- JWT authentication over WebSocket query param |
| 29 | +- Organization-scoped message streams |
| 30 | +- REST endpoint for message history |
| 31 | + |
| 32 | +#### Mailer |
| 33 | +- Contact form email delivery via SMTP |
| 34 | +- Conditional mailer (no-op when SMTP not configured) |
| 35 | + |
| 36 | +#### Feedback |
| 37 | +- `POST /api/v1/feedbacks` — user feedback submission |
| 38 | +- `POST /api/v1/feedbacks/:id/vote` — upvote feedback items |
| 39 | + |
| 40 | +#### AI Intelligence Module |
| 41 | +- Draft analysis and insights powered by OpenAI |
| 42 | +- Aggressive timeout (<10s) to prevent blocking requests |
| 43 | + |
| 44 | +### Changed |
| 45 | + |
| 46 | +- Support ticket `category` validation now includes `getting_started` |
| 47 | +- Support ticket `status` field uses `waiting_user` (renamed from `waiting_client`) |
| 48 | +- `SupportTicketMessage#create_system_message` falls back to ticket owner when no staff assigned |
| 49 | +- `tickets_controller` serializer now includes `attachments` with signed URLs on all messages |
| 50 | +- `message_params` strong params updated to accept structured attachment objects (`%i[key filename content_type size]`) |
| 51 | + |
| 52 | +### Fixed |
| 53 | + |
| 54 | +- `SupportTicket#ticket_number` — removed unsafe navigation chain causing RuboCop `SafeNavigationChainLength` offense |
| 55 | +- `StaffController#calculate_dashboard_stats` — corrected `waiting_client` to `waiting_user` key |
| 56 | +- `UploadsController` — corrected `unless` modifier style per RuboCop `Style/IfUnlessModifier` |
| 57 | +- Mail logger warning in production (conditional SMTP setup) |
| 58 | + |
| 59 | +### Security |
| 60 | + |
| 61 | +- Upload endpoint requires authentication (`authenticate_request!` via `BaseController`) |
| 62 | +- File type whitelist enforced server-side (rejects `application/octet-stream` and other binary types) |
| 63 | +- S3 credentials stored exclusively in environment variables, never in source code |
| 64 | + |
| 65 | +--- |
| 66 | + |
| 67 | +## [1.0.2] - 2026-02-25 |
| 68 | + |
| 69 | +### Added |
| 70 | +- Failure mode analysis documentation (FAILURE_MODE_ANALYSIS.md) |
| 71 | +- Redis identified as SPOF for ActionCable, Sidekiq, Rack::Attack, and cache subsystems |
| 72 | + |
| 73 | +### Changed |
| 74 | +- Real-time messaging (Action Cable) with JWT auth and organization isolation |
| 75 | +- Lograge structured JSON logging |
| 76 | + |
| 77 | +### Fixed |
| 78 | +- Data loss incident protections: guard in `rails_helper.rb` aborts tests if `DATABASE_URL` points to production |
| 79 | +- `.env.test` created with local PostgreSQL exclusively for tests |
| 80 | +- Daily backup script: `scripts/backup_database.sh` (cron 3AM, 30-day retention) |
| 81 | + |
| 82 | +--- |
| 83 | + |
| 84 | +## [1.0.1] - 2025-10-25 |
| 85 | + |
| 86 | +### Added |
| 87 | +- k6 load testing suite (smoke, load, stress scenarios) |
| 88 | +- OWASP security test suite |
| 89 | +- CI/CD workflows: security scan on every push, nightly full audit |
| 90 | +- Redis caching on dashboard/stats (5min TTL) |
| 91 | +- 8 database indexes on hot query paths |
| 92 | + |
| 93 | +### Changed |
| 94 | +- Code quality overhaul: Codacy issues reduced from 1,569 to 219 (86% reduction) |
| 95 | +- Grade improved from C to A- |
| 96 | +- YARD documentation added to 22 files |
| 97 | + |
| 98 | +### Fixed |
| 99 | +- N+1 queries via `.includes()` on player and match endpoints |
| 100 | +- RuboCop offenses across analytics, scouting, and auth modules |
| 101 | + |
| 102 | +--- |
| 103 | + |
| 104 | +## [1.0.0] - 2025-09-01 |
| 105 | + |
| 106 | +### Added |
| 107 | +- Initial release |
| 108 | +- JWT authentication with refresh tokens and token blacklist |
| 109 | +- Multi-tenant organization structure |
| 110 | +- Player management with Riot API sync (Sidekiq jobs) |
| 111 | +- Match history via Riot API + PandaScore |
| 112 | +- VOD reviews with timestamps |
| 113 | +- Team goals tracking |
| 114 | +- Player scouting and watchlist |
| 115 | +- Analytics and performance metrics |
| 116 | +- Full-text search via Meilisearch |
| 117 | +- Pundit authorization |
| 118 | +- Rack::Attack rate limiting |
| 119 | +- Swagger/Rswag API documentation |
0 commit comments