A running record of every significant addition, fix, and change to the platform.
Collaborative workspaces for active survey teams. Each project links specific cave sites, has a shared file area, message board, trip calendar, and member roles (lead, member, observer). Public or invite-only. Replaces the older expedition and research group models.
Track landowner contacts, permission status, and lease expiration per site. Attach rescue anchor inventories, rigging notes, and emergency contacts to any cave — accessible offline in the field.
Grottos and survey teams can now create events — trips, training days, survey weekends, cleanup events — with registration, waitlists, and attendance tracking.
Admins can now restore deleted sites or reverse individual field edits within 72 hours of the change. Reverts are logged to the audit trail. Site geometry is restored automatically via the INSERT trigger.
Entrance photos, thumbnails, and cave maps now enforce the site's access level and visibility setting. Unauthenticated users cannot retrieve photos for non-public sites. Archaeological site files additionally require the view_archaeological permission.
The research page now searches for people by name — querying project members, claim observers, and document extractions in a single round trip. The query parser automatically detects name-shaped queries and routes them correctly.
Every automatically extracted field now carries a confidence score. Low-confidence extractions are flagged for community review before being linked to site records.
Bulk-upload decades of grotto newsletters as PDFs. Every cave mention is extracted and indexed, building a searchable archive with source attribution back to the original issue.
Bounding-box map queries and county-level aggregations now run 60–80% faster on large datasets. Added PostGIS GIST indexes on all geographic columns.
Replaced python-jose (CVE-2022-29217) with PyJWT 2.8.0. Tightened CORS from wildcard methods to an explicit verb whitelist. Added security headers to nginx (X-Frame-Options, X-Content-Type-Options, etc.). Disabled source maps in production builds.
The harvester's source URL creation now validates all URLs: HTTPS-only, blocks private IPs, loopback addresses, and cloud metadata endpoints. Redirects are not followed at fetch time.
Admins can now delete site records via the API. Deletions are logged to the audit trail with a full snapshot of the record, enabling revert within 72 hours.
Discovery alerts now run automatically every 6 hours on startup — no manual trigger required. Alert check logic is shared between the scheduler and the on-demand endpoint.
Nginx now serves a robots.txt that allows public-facing pages and blocks /api from indexing.
The validation queue now shows a MapLibre mini-map for each extracted coordinate, replacing a broken Mapbox placeholder. Reviewers can visually verify location before approving.
The database page toolbar now includes a batch status change dropdown — select multiple records and update their verification status in one action.
Automated harvesters for 121 cave databases across 6 tiers. Preview results before any database write, then export or merge with skip/merge controls per record.
Added test_http.py — 50 async HTTP integration tests covering auth, site CRUD, search, exports, and access control. Run against a live PostgreSQL instance in Docker.
Drop in a .dat, .srv, or .th file. The parser extracts station counts, total surveyed length, and links the survey file to the correct site record.
Full platform launch. Everything below shipped together as the foundation.
Nothing is overwritten. Every depth, name, and coordinate is a timestamped claim with an author and source. Corrections supersede — they don't erase. Full version history accessible per site.
MapLibre GL JS map with USGS topo quads (current and vintage), LiDAR hillshade, karst geology, land ownership, satellite imagery, and state karst GIS layers. GPX overlay, polygon draw tool, and a dynamic legend.
Extracts cave names, coordinates, depths, lengths, species observations, person names, and citations from PDF, DOCX, GPX, KML, and CSV uploads. Scanned PDFs handled via vision model. All extractions flagged for human review before being linked to site records.
Type a plain-language query — "caves deeper than 200ft in Eddy County" — and the query parser converts it to structured filters. No syntax to learn.
Admin, Trustee (state/county scope), Regional Lead (polygon scope), User, and Pending. Per-site visibility levels (public, logged-in, private, admin-only). Geographic access zones drawn as polygons. Group-based document sharing. Explicit per-site grants with optional expiration. 11 granular custom permissions.
Installable as a web app on any device. Sites, documents, and photos cache to IndexedDB. Offline write queue syncs automatically when connectivity is restored. GPS autofill and camera capture.
12 genesis types, 20 passage morphologies, 22 surface feature types, access conditions, hazard flags, verification status, and special designations. Aligned with UIS and ASTM D8512-23 standards.
CSV, KML, KMZ, GPX, GeoJSON, PDF field cards, Compass .dat, Walls .srv, and bibliography PDF. Every export is scoped to your access level. Bulk exports of sensitive locations require trustee or admin privileges.
Custom group types for grottos and organizations. Trip planning tied to projects or standalone. Community directory (opt-in). Validation game with points and leaderboards. Discovery alerts with polygon subscriptions.
Fuzzy name matching and proximity search across 121 external databases, uploaded documents, and existing site records. "Bear Hollow Cave" matches "Bear Hollow Cavern." All matches are proposed, not automatic — human confirmation required.
Show caves are public by default and visible to all users including unauthenticated visitors. Pre-loaded with names, coordinates, and basic metadata as a starting reference set.
Full audit trail with version history. Daily automated database backups. Data quality scoring, duplicate detection, orphan flags, and coordinate checks. Merge candidates queue. User approval workflow.