What's been built.

Area trustees now receive a single daily email summarizing all pending access requests in their region instead of individual notifications per request. Configurable per-trustee. Digest timestamp tracked on grant records.

The access model now tracks the full delegation path from original owner to each grantee. The UI shows who granted access to whom, making it clear how access flows through a grotto or survey team.

Collaborative workspaces for active survey teams. Each project links specific cave sites, has a shared file area, message board, trip calendar, and member roles (lead, member, observer). Public or invite-only.

Track landowner contacts, permission status, and lease expiration per site. Attach anchor inventories, rigging notes, and emergency contacts to any cave, accessible offline in the field.

Grottos and survey teams can create events (trips, training days, survey weekends, cleanup events) with registration, waitlists, and attendance tracking.

Entrance photos, thumbnails, and cave maps now enforce each site's access level. Unauthenticated users cannot retrieve photos for non-public sites. Archaeological files additionally require the view_archaeological permission.

The research page now searches for people by name, querying project members, claim observers, and document extractions in a single round trip. The query parser detects name-shaped queries automatically.

Every automatically extracted field now carries a confidence score. Low-confidence extractions are flagged for community review before being linked to site records.

Bulk-upload decades of grotto newsletters as PDFs. Every cave mention is extracted and indexed, building a searchable archive with source attribution back to the original issue.

Bounding-box map queries and county-level aggregations run 60–80% faster on large datasets. Added PostGIS GIST indexes on all geographic columns.

Addressed CVE-2024-33664 (JWT bomb denial-of-service). JWT signing and verification now uses PyJWT across the backend.