v1.9.0 — Collection-Wide Stats & Total Bottles

What's New

Added

• "Total Bottles" stats card showing sum of all quantities across the collection
• collectionTotals field in GET /api/whiskeys and GET /api/whiskeys/search responses with collection-wide MSRP, secondary value, and bottle count
• getCollectionTotals() method on WhiskeyModel for efficient aggregate queries

Changed

• "Total Whiskeys" renamed to "Unique Whiskeys" to distinguish from total bottle count
• MSRP Value and Secondary Value stats cards now show collection-wide totals instead of only the current page

Fixed

• Statistics endpoint financial queries now multiply by quantity for accurate totals (MSRP, secondary, purchase price, market value)

Full Changelog: v1.8.0...v1.9.0

v1.8.0 — Pagination

Summary

Server-side pagination for whiskey list endpoints with full UI controls on the Dashboard.

Added

• Offset-based pagination for whiskey list endpoints with page and limit query parameters (#59)
• Pagination controls on DashboardPage with page size selector (10/25/50/100) and page navigation
• PaginationMeta response metadata (page, limit, total, totalPages) on GET /api/whiskeys, GET /api/whiskeys/search, and GET /api/admin/whiskeys
• Database index on whiskeys.created_at for efficient paginated queries (migration 018)
• 10 new backend tests for pagination across models and routes

Fixed

• @eslint/js peer dependency conflict with eslint 9.x causing CI failures
• Backup schedule interval validation test using a now-valid value (hourly)

Issues Resolved

• #59 — Add pagination to whiskey list endpoints

Full Changelog: v1.7.0...v1.8.0

v1.7.0 — AI-Powered Whiskey Lookup

AI-Powered Whiskey Lookup

This release adds AI-powered whiskey field auto-completion with support for three providers: Anthropic Claude, OpenAI, and Ollama (local).

Highlights

• Label scanning — snap a photo of a bottle label to auto-fill all fields using AI vision models
• Text lookup — type a whiskey name and get structured data (distillery, region, ABV, tasting notes, etc.)
• Three AI providers:
  • Anthropic Claude — cloud API with BYOK (Bring Your Own Key)
  • OpenAI — cloud API with BYOK
  • Ollama — fully local/offline lookups, no API key required
• Provider selection UI on Profile page with per-provider API key management
• Ollama status indicator showing connection state and available models
• API key encryption — user-provided keys encrypted at rest with AES-256

New Endpoints

• POST /api/whiskeys/lookup — AI whiskey lookup by name or label image
• GET /api/whiskeys/ollama/status — Check Ollama availability and models
• PUT /api/auth/ai-provider — Set active AI provider
• GET/PUT/DELETE /api/auth/api-key — Per-provider API key management

Configuration

New environment variables for Ollama:

• OLLAMA_BASE_URL (default: http://localhost:11434)
• OLLAMA_TEXT_MODEL (default: llama3.1:8b)
• OLLAMA_VISION_MODEL (default: minicpm-v)

Bug Fixes

• Fixed admin backup restore handling schema mismatches between backup and current database (#125)

Issues Resolved

• #100 — Add AI-powered whiskey field auto-completion
• #125 — Handle schema mismatches in admin backup restore
• #126 — Add OpenAI API support for AI whiskey lookup (BYOK)
• #128 — Add Ollama as local AI provider for whiskey lookup

Pull Requests

• #124 — Add AI-powered whiskey lookup with BYOK API key management
• #125 — Fix admin backup restore schema mismatch
• #127 — Add OpenAI API support for AI whiskey lookup (BYOK)
• #129 — Add Ollama as a local AI provider for whiskey lookup

Full Changelog: v1.6.0...v1.7.0

v1.6.0 — Backup & Restore System

What's New

Full backup and restore system for both users and admins.

Per-User Backups (Profile Page)

• JSON and CSV export of whiskeys, comments, and profile data
• Restore from JSON backups with dry-run preview and conflict resolution (skip/overwrite)
• Scheduled automatic backups (daily/weekly/monthly) via node-cron
• Backup history with download and delete

Admin Database Backup (Admin Panel)

• Full SQLite database backup using native db.backup() API
• Import previously downloaded .db backup files with validation
• Restore database from any backup via transactional ATTACH DATABASE
• Download and delete backup management

Other Improvements

• CSRF token auto-retry on 403 for seamless recovery after server restarts or database restores
• Rate limiting on backup endpoints (5 requests per 15 minutes)
• BACKUP_DIR and BACKUP_MAX_SIZE_MB environment variables

Testing

• 74 new backend tests across 4 test files (523 total)

Issues Closed

• #89 — Scheduled automatic backups and on-demand backup/restore
• #77 — JSON import/export for collection backup
• #35 — User data export (GDPR compliance)

Full Changelog: v1.5.0...v1.6.0

v1.5.0 — Milestone 1: Security & Stability Complete

Security

• Milestone 1: Security & Stability — Complete. All 8 issues resolved, establishing a hardened security baseline for the application.
• Add Helmet middleware with strict Content Security Policy and HSTS (#46)
• Add express-rate-limit to auth, password reset, and contact endpoints (#43)
• Add CSRF token validation via double-submit cookie pattern on all state-changing requests (#45)
• Add express-validator to all routes that accept user input — params, body, and query fields (#47)
• Enforce stronger password policy: 12+ characters, 3/4 character types, Have I Been Pwned breach check (#52)
• Replace in-memory session store with persistent SQLite-backed store (#44)
• Validate required environment variables (SESSION_SECRET, FRONTEND_URL) at startup in production (#49)

Added

• SECURITY.md with vulnerability disclosure policy and supported versions (#51)
• docs/security-hardening.md with pre-deployment checklist, security architecture overview, environment variable reference, and known limitations (#51)
• Shared validate middleware to eliminate repeated validation boilerplate across routes
• Security section in CLAUDE.md referencing the new security documentation

v1.4.0

What's New

Community Page

• New /community page listing all public user profiles with interactive cards
• Profile cards show avatars, display names, member dates, and collection stats (bottles, avg rating, distilleries)
• Client-side search/filter by username or name
• Navigation links added to the landing page navbar and site footer

Discord Bot Integration Plan

• Comprehensive Discord bot architecture documented in Discord.md
• Milestone 6 (Discord Bot Integration, 6 issues) added to the development roadmap

Seed Data

• Community seed script with two public-profile demo users: whiskey_wanderer (25 bottles) and cask_hunter (38 bottles)

Bug Fixes

• Fixed footer tagline capitalization ("Track, Taste, and Treasure your Whiskey collection")

Tests

• 17 new frontend tests for CommunityPage covering all states and interactions

v1.3.0

What's New

Added

• Contact Us page with form submission at /contact
• Contact form email endpoint via Resend with rate limiting (5 per IP per 15 min)
• Input validation on contact form (name, email, subject, message) with express-validator
• Subject categories for contact form (General Inquiry, Bug Report, Feature Request, Account Issue, Other)
• Confirmation copy sent to the sender's email alongside the site contact address
• Backend and frontend unit tests for contact form (295 new test lines)
• Beta environment setup documentation
• Prioritized development roadmap covering all open issues (ROADMAP.md)

See CHANGELOG.md for full history.

v1.2.0

What's New

Added

• Public/private profile visibility toggle with collection stats on public profiles
• Public profile pages accessible at /u/:username
• Collection statistics on public profiles (total bottles, average rating, distilleries, countries, type breakdown)
• Comprehensive test coverage for profile visibility feature (78 new tests)

Test Coverage

• Backend: 397 tests
• Frontend: 160 tests

See CHANGELOG.md for full details.

v1.1.0

What's New

Added

• Client-side filtering system for whiskey collections with support for type, distillery, region, and country dropdowns
• Tri-state toggle filters for limited edition, chill filtered, natural color, and opened status
• Range filters for age, ABV, rating, and price
• FilterPanel component with collapsible UI and filter count badge
• "Danger Zone" section on Profile page with Clear Collection functionality
• Comprehensive test coverage for FilterPanel (57 tests) and ProfilePage Clear Collection (20 tests)
• Currency formatting utilities (format.ts)
• Vitest setup for jest-dom matchers

Changed

• Moved Clear Collection button from Dashboard to Profile page for safer access to destructive actions
• Simplified Dashboard bulk actions to only show when items are selected
• Statistics now update based on filtered results

Full Changelog: v1.0.0...v1.1.0

v1.0.5

Added

• Proof field to whiskey UI components (WhiskeyForm, WhiskeyCard, WhiskeyTable, WhiskeyDetailModal)
• Accounting format for currency display with parentheses for negative values
• Bulk delete functionality for whiskey collection
• Tests for auth, admin, and comments routes
• Tests for User model and whiskey route error handling
• Tests for profile photo upload and delete routes
• Codecov coverage badge to README
• GitHub Actions test status badge to README

Changed

• Use secondary market prices in collection value calculations