-
Notify Bridge 0.8.2
Stablealexei.dolgolyov released this
2026-05-22 22:54:00 +03:00 | 7 commits to master since this releasev0.8.2 (2026-05-22)
A production-readiness hardening release that follows up on v0.8.1 with six isolated, low-risk fixes surfaced by a parallel full-codebase review (backend, frontend, security, performance, UI/UX, bugs+features). No breaking changes; no migrations required.
User-facing changes
Security
- Provider
access_tokenmasked in API responses. The provider GET endpoints were leaking plaintext credentials — most importantly Home Assistant long-lived tokens — in their JSON payloads. The field is now masked on read and dropped on edit when the***placeholder is sent back, so the UI can show "set" / "unset" without ever round-tripping the secret. Centralized throughPROVIDER_SECRET_FIELDSso every call site stays in sync (2d59a5b) - Pre-auth resource-exhaustion amplifier closed on webhook ingest. The Gitea provider used to read the 1 MiB request body before checking whether a secret was even configured or whether the request had a signature header — an unauthenticated client could force a body read on every hit. The generic-webhook bearer-token path had the same shape: body read before Authorization check. Both now bail out before consuming the body when the auth precondition fails (2d59a5b)
Bug Fixes
- Home Assistant status-change events no longer silently lost.
ha_status_changedrows are written fromasyncio.create_task(...), butcreate_taskonly keeps a weak reference — the task was being garbage-collected before the row landed, so connection-flap events disappeared. The task handles are now held in a module-level set with adone_callbackto release them on completion (2d59a5b) - Telegram-webhook handler exceptions can no longer leak writes. The catch-all error path in the Telegram inbound endpoint now rolls back the request's SQLAlchemy session before returning, so a handler crash mid-transaction cannot bleed uncommitted state into the next request on the same connection (2d59a5b)
Accessibility
- Toast notifications now announced by screen readers. Added
role="region"on the snackbar container plus per-toastrole/aria-live/aria-atomicattributes, with a localized region name (snackbar.region) in bothenandru(2d59a5b) - Active sidebar link now has an accessible state.
aria-current="page"is now set on the matching nav item, so assistive tech can announce the active route (2d59a5b)
Development / Internal
Refactoring
- Last
provider.type === 'immich'check removed from components. The action-rule editor's "Auto-organize" affordance now consumes asupportsAutoOrganizecapability onProviderDescriptorinstead of branching on the provider type — bringing the rule editor under CLAUDE.md rule 8 (no provider-specific hardcoding in components) (2d59a5b)
Chores
- Synced
.facts-sync.jsonwithclaude-code-facts@cfdafa9. Both previously pending suggestions (venv install for monorepos + hatchling METADATA workaround) were applied upstream; the local queue is empty (a20635a)
Known gaps (tracked for follow-up)
The full-codebase review surfaced more ship-blockers than this release fixes. Each of the items below needs more than a mechanical edit and is tracked in
.claude/reviews/README.md:- Secret encryption at rest
- JWT moved into an HTTP-only cookie
- Alembic adoption (currently
create_all) - Webhook delivery idempotency
- Deferred-dispatch crash window
- Persisted Telegram update watermark
bridge_selfcounter lock
All Commits
Changelog
85a8f1echore: release v0.8.2
2d59a5bfix: production-readiness hardening from full-codebase review
a20635achore: sync .facts-sync.json with claude-code-facts@cfdafa9Downloads
- Provider