Davvy v3.0.0

Summary

This release improves reliability and operator visibility for backup/export workflows when malformed ICS calendar objects exist in storage.

What’s Improved

Backups

• Backup runs now skip malformed calendar objects instead of failing the entire backup.
• Backup results now include:
  • resource_counts.skipped_malformed_objects
• Backup manifests now include:
  • counts.skipped_malformed_objects in manifest.json
• Backup success messaging now appends a skip summary when malformed objects were skipped.
• CLI backup runs now print a warning summary when skips occur.

Calendar Exports

• Single-calendar and all-calendars export now skip malformed objects instead of returning server errors.
• Calendar export responses now include:
  • X-Davvy-Skipped-Malformed-Objects header

Operator Observability

• Added warning log events for malformed-object skips:
  • backup_skipped_malformed_calendar_objects
  • calendar_export_skipped_malformed_objects

Validation

• Backend test suite: 332 passed
• Frontend test suite: 213 passed
• Additional live sanity pass confirmed:
  • backup skip counts are surfaced in result + manifest
  • export headers return expected skip count
  • warning events are emitted to application logs

Upgrade / Ops Notes

• No database migrations required.
• Change is additive and reliability-focused; no breaking API removals.
• If you have centralized logging/alerting, add/verify monitors for:
  • backup_skipped_malformed_calendar_objects
  • calendar_export_skipped_malformed_objects

Davvy v2.9.2

What's changed

This is a maintenance release focused on dependency upgrades and CI reliability.

• Upgraded frontend build tooling to Vite 8 (vite 7.3.2 → 8.0.0).
• Upgraded React Vite plugin to @vitejs/plugin-react 6.0.1.
• Upgraded laravel-vite-plugin to 3.0.1 for Vite 8 compatibility.
• Regenerated package-lock.json with npm 11.11 to fix npm ci lockfile sync issues in CI.
• Upgraded jsdom to 29.0.0.
• Upgraded laravel/tinker to 3.0.1.
• Included routine dependency maintenance:
  • npm non-major dependency group updates
  • GitHub Actions dependency group updates

Impact

• No new end-user features in this release.
• Improves build/CI consistency and keeps the toolchain current.

Davvy v2.9.1

This patch release improves CardDAV photo interoperability (especially for Apple clients), adds clearer required-field cues in contact editing, and cleans up Docker build steps.

Highlights

• Fixed CardDAV photo serialization to force embedded PHOTO values to VALUE=BINARY (instead of URI-like handling).
• Added PHOTO TYPE normalization/inference (JPEG, PNG, WEBP) when missing, including Apple compatibility mirror flows.
• Improved Apple compatibility mode handling for mirrored contacts so photo parameters are normalized more reliably.
• Preserved PHOTO VALUE during fallback copy paths in private working set syncing.
• Added required-field indicators in contact forms (first name, last name, and company).
• Simplified Docker dependency install layers by removing unused build cache mount configuration.

Test coverage

• Expanded feature tests for photo handling and Apple compatibility:
  • tests/Feature/ContactPhotoManagementTest.php
  • tests/Feature/AppleCompatAddressBookMirrorTest.php

Full changelog

Compare v2.9.0...v2.9.1

Davy v2.9.0

This release introduces async admin backup/restore operations, adds admin audit logging for high-risk actions, and improves container/release-image workflows.

Added

• Admin audit log system for sensitive admin actions.
• New admin_audit_logs table and model/service support.
• Async admin backup run flow with operation tracking:
  • POST /api/admin/backups/run now queues a run and returns operation_id.
  • GET /api/admin/backups/run/status for queued/running/completed state.
• Expanded audit coverage for admin share create/update/delete and settings/backup actions.

Changed

• Admin backup/restore flows are queue-backed with status polling patterns.
• Admin UI updated to handle queued backup execution and status polling.
• Docker runtime now supports queue worker startup via RUN_QUEUE_WORKER.
• Release image workflow reworked for stronger multi-arch build/publish flow (amd64 + arm64 manifests, better metadata/caching, dry-run cleanup).

Operational notes

• Ensure a real queue backend is configured (QUEUE_CONNECTION not sync) and queue workers are running.
• RUN_QUEUE_WORKER=true is now included in env examples/compose defaults.
• Run migrations during upgrade (new admin_audit_logs table).

API compatibility notes

• If you have scripts/tools calling admin backup endpoints and expecting immediate final results, update them to handle 202 queued responses and poll status endpoints.

Testing

• Added feature coverage for admin audit logging.
• Updated backup management tests for queued backup run + status polling.

Davvy v2.8.0

This release includes 19 commits since v2.7.1, focused on backup safety, admin/share management improvements, DAV privacy hardening, and mobile UX/PWA upgrades.

Highlights

• Backup restores now run asynchronously.
• Admin restore requests are queued and tracked by operation ID.
• Added restore status polling endpoint: GET /api/admin/backups/restore/status.
• Added restore archive safety guardrails to reduce zip-bomb/oversized archive risk.
• DAV client traffic logging no longer stores raw request/response payloads (PII-safe logging).
• Admin users and admin share listings now support server-side search, filters, and pagination.
• Dashboard share target lists now support search + pagination.
• Private Working Set panel now supports a dismissible quick guide (persisted in local storage) and cleaner section behavior.
• Improved mobile support with safe-area insets and iOS input auto-zoom prevention.
• Added web app manifest and expanded icon set for better installability/PWA support.
• Removed redundant UI reloads after key admin/dashboard actions for snappier interactions.

API and behavior changes

• POST /api/admin/backups/restore now returns 202 Accepted with queued operation metadata instead of completing synchronously in-request.
• New restore polling endpoint:
  • GET /api/admin/backups/restore/status?operation_id=<id>
• New backup restore configuration knobs in config/services.php:
  • BACKUPS_RESTORE_MAX_ENTRIES
  • BACKUPS_RESTORE_MAX_ENTRY_UNCOMPRESSED_BYTES
  • BACKUPS_RESTORE_MAX_TOTAL_UNCOMPRESSED_BYTES
  • BACKUPS_RESTORE_MAX_COMPRESSION_RATIO
  • BACKUPS_RESTORE_LOCK_SECONDS
• DAV debug log fields changed:
  • removed raw request_body / response_body
  • added request_body_bytes / response_body_bytes

Test coverage added/updated

• Feature tests for:
  • async backup restore queue + polling lifecycle
  • restore archive size-limit enforcement
  • admin user list search/filter/pagination
  • admin share list search/filter/pagination
  • dashboard share target search/pagination
  • DAV logging payload redaction behavior
• Frontend tests for:
  • Private Working Set quick-guide show/hide persistence
  • conditional "Show recipients" toggle rendering in admin/dashboard sharing panels

Maintenance

• Updated screenshots and minor UI polish updates.
• Minor codebase consistency cleanups (including quote normalization in JSX).
• README cleanup.

Full changelog

• v2.7.1...v2.8.0

What’s fixed

• Fixed an integration gap when Apple Contacts compatibility mirroring and Private Working Set (PWS) are both enabled.
• Mirrored-card edits now correctly trigger PWS source upsert reconciliation, so linked private cards stay in sync for non-overridden fields.
• Mirrored-card deletes now correctly trigger PWS source delete reconciliation, cleaning up linked PWS links/cards.

Reliability improvements

• Added explicit source-coordinate capture before mirrored operations, ensuring reconciliation still runs even if mirror link cleanup occurs during the operation.
• Added new integration coverage for:
  • edit via mirrored card while PWS is active
  • delete via mirrored card while PWS is active

Compatibility

• No API changes.
• No schema/migration changes.
• No breaking behavior changes outside this reconciliation fix.

Upgrade note

• Recommended patch upgrade for deployments using Apple mirroring and PWS together.

Davvy v2.7.0

Highlights

• Added global admin control for Private Working Set (PWS), including quarantine behavior when disabled.
• Expanded PWS workflow with better governance, safer promotion/review behavior, and improved dashboard usability.
• Upgraded admin and sharing UX with search/filter/grouping improvements and better visibility controls.

Added

• Global PWS toggle in Admin Control Center.
• New admin API endpoint: PATCH /api/admin/settings/private-working-set.
• New PWS settings:
  • include_owned_sharable_sources
  • require_review_for_self_promotions
  • effective self-review policy handling
• New PWS guide docs and troubleshooting coverage.

Changed

• PWS dashboard behavior now supports simple/advanced options, sync hints, and promotion history.
• Share management UI now supports:
  • user/share search and filters
  • grouped shares by resource
  • bulk expand/collapse behavior
  • improved recipient visibility and resource labeling
• Auth/bootstrap payload now includes private_working_set_enabled.
• PWS API payload shape expanded with governance and source metadata fields.

DAV / Sync / Export

• Quarantined PWS books are hidden from dashboard/DAV discovery when PWS is globally disabled.
• PWS-restricted operations now correctly return 403 when globally disabled.
• Export and address book mutation paths now respect PWS quarantine state.
• Apple Contacts compatibility section visibility fix in UI.

Fixes

• Improved outgoing share display to include resource names.
• Improved moderation and promotion guardrails for private-working-set flows.
• Localized new admin/dashboard strings for all supported locales.

Tests

• Added/expanded backend and frontend coverage for:
  • PWS CardDAV behavior
  • admin user/share management
  • dashboard sharing and PWS panel behavior
  • registration/auth state mapping updates

Upgrade notes

• Run database migrations (includes new nullable PWS config columns).
• If you already rely on PWS, explicitly enable it after upgrade:
  • set ENABLE_PRIVATE_WORKING_SET=true (or enable via admin setting)
• Without enabling PWS globally, existing PWS configs/data are preserved but remain quarantined/inactive.

Davvy v2.6.0

Private Working Set v2 is now available, introducing a suggestion-driven workflow for shared contact promotion from private overrides.

Highlights

• Added Suggested Promotions in the dashboard for private working set cards.
• Users can now Dismiss suggestions until relevant fields change again.
• Promotions still follow existing moderation rules (queued vs immediate apply).

Backend/API

• Dashboard payload now includes:
  • private_working_set.suggested_promotions[]
• New endpoint:
  • POST /api/address-books/private-working-set/suggestions/{link}/dismiss
• Added persistent dismiss tracking on private working set links via migration.

UI + Localization

• Dashboard now shows suggested promotions with promote/dismiss actions.
• Added localization coverage for new strings across:
  • English, German, Spanish, French, Italian, Japanese, Portuguese, Chinese.

Documentation

• Updated API and user guide docs for suggested promotions + dismiss flow.
• Updated landing pages to reflect v2 private working set behavior.

Upgrade notes

• Run database migrations during deploy.
• No known breaking changes; release is additive.

Davvy v2.5.0

This release introduces Private Working Set v1, enabling per-user private contact edits for shared address books with explicit promotion back to shared sources.

Highlights

• Added Private Working Set v1 for shared contacts:
  • Per-user private copies of shared cards
  • Preserve user-specific overrides (for example notes/photos)
  • Explicit Promote to Shared Source flow
• Promotion integrates with moderation:
  • Applies immediately when allowed
  • Returns queued review flow when moderation is required

Dashboard & API

• New dashboard panel and controls for private working sets:
  • Enable/disable
  • Select shared source books
  • Optional hide of selected shared source books from DAV discovery
  • Pull latest values (respect overrides)
  • Force pull (use server values)
  • Promote linked private cards
• Added endpoints:
  • PATCH /api/address-books/private-working-set
  • POST /api/address-books/private-working-set/pull
  • POST /api/address-books/private-working-set/promote/{card}
• GET /api/dashboard now includes private_working_set payload data

DAV/Sync Behavior

• Added private-working-set-aware CardDAV handling and guardrails.
• Selected hidden shared source books are blocked from direct write paths for that user when configured.

Localization & Docs

• Completed locale coverage for new private working set keys/messages across supported languages.
• Updated:
  • API docs
  • User guide
  • Troubleshooting
  • Landing pages/features copy

QA & Reliability

• Added/updated feature tests for private working set and CardDAV sync scenarios.
• Added mobile sync + review queue QA fixture tooling.

Upgrade Notes

• Run migrations:
  • php artisan migrate
• No new required environment variables.
• Feature is additive and opt-in; existing setups continue to work unchanged until enabled.

Davvy v2.4.0

Highlights

• Added contact categories with a new tag editor in the React UI, with end-to-end CardDAV/vCard support via CATEGORIES.
• Improved Apple Contacts interoperability for mirrored address books, including client-aware mirrored-card visibility handling and smoother Apple compatibility save flow.
• Added dashboard delete controls for calendars and address books, including milestone-calendar cleanup behavior.
• Added CalDAV support metadata for VEVENT component sets to improve client compatibility.
• Streamed backup and export payload generation (cursor/chunk-based) to reduce memory pressure on large datasets.
• Hardened DAV principal PROPPATCH account updates with stricter validation, conflict handling, and auth-aware update behavior.
• Refactored backup/restore and contact orchestration into focused services for clearer separation of responsibilities.
• Migrated Railway deployment config from railway.toml to railway.json.
• Updated docs for mail/onboarding environment configuration and deployment guidance.
• Included dependency updates for Laravel/composer, npm packages, and GitHub Actions.

Testing and Reliability

• Expanded backend/frontend coverage for high-risk flows, including:
• Apple compatibility mirrored address-book behavior
• backup management and resource export
• DAV principal PROPPATCH behavior
• contact CardDAV sync and contact management
• milestone calendar and dashboard sharing behavior
• new backup utility unit tests

Upgrade Notes

• Railway users should switch to railway.json (the old railway.toml was removed).
• If onboarding emails are expected in production, verify MAIL_* and ONBOARDING_* environment variables are configured.

Full Changelog

• v2.3.1...v2.4.0