Skip to main content

Alpha → Production Release Report (2026-05-12)

Generated: 2026-05-16
Scope: attunelogic-api + attunelogic-service (web stack)
Promotion path: Merge alphamain (triggers production deploy via GitHub Actions)

Related QA matrix: Alpha → Production QA Matrix (2026-05-12)

Executive summary

RepoProduction (main) last promotedAlpha tipCommits main..alphaDiff size
API2026-04-26 (PR #168)2026-05-12 (88320fb)~95223 files, +20.7k / −2.6k lines
Service2026-04-02 (PR #160)2026-05-12 (a8a90630)~65260 files, +29.7k / −7.3k lines

Commit date range on alpha (not yet on main): 2026-03-16 → 2026-05-12

Open promote PRs (refresh before merge — alpha moved on 2026-05-12 after PRs opened 2026-05-05):

Not in this promotion: feature/tenant-roles-permissions (TenantRole, requirePermission are not on origin/alpha).

Mobile: origin/alpha vs origin/main is a separate, older delta—not part of this web release unless a separate EAS production build is scheduled. If mobile stays on an older build, validate API contract changes (e.g. legs mobileDashboard shape) against alpha before API-only prod deploy.

1. What has changed since last production deploy

API — since last prod (2026-04-26)

Production already includes the April 2026 beta cut: billing webhooks, MFA recovery scaffolding, trucking scheduler timing, onboarding tutorial, public leads, tier/seat-cap scaffolding, tenant-scoped legs, audit logs, and related hardening from the prior alpha promote.

New on alpha since that prod deploy (2026-05-02 – 2026-05-12):

AreaHighlights
Dynamic dashboardsNew Dashboard model, /api/v1/dashboards, widget/metric registry, feature-flagged rollout (dashboards.* flags, tier defaults)
Super-admin leadsAdmin leads inbox: list, notes, assignee, status, create customer from lead
Leads / onboardingSelf-serve onboarding, public onboarding routes, Turnstile fixes, CSV onboarding upload
TagsExpanded tag model/API; duplicate Tag model registration hotfix
Settings / securityUser tenant isolation in settings; template updates
Jobs / ratesStabilized dashboard + job rate updates
Deploy / CIDeploy env alignment, emergency deploy path, test inventory guards

Full alpha−main themes (2026-03-16 – 2026-05-12) also include: Stripe billing checkout/webhooks, MFA + refresh-token versioning, GDPR account endpoints, schedule timing alerts, feature-tier gating, public lead capture + webhooks, onboarding tutorial on User, mobile dashboard leg shape, search/approval scoping, and extensive test/CI restructuring.

Service — since last prod (2026-04-02)

Service production is ~6 weeks behind API production. This promote is a large UI/UX release.

AreaHighlights
Dashboard V2Builder UI, RTK Query integration (DashboardV2)
Dispatch / schedulerResource day view, timeline DnD, optimistic events, timing alerts UI, dispatch workspace upgrades
Super adminCustomer management, billing screens, leads inbox, audit-oriented admin surfaces
AuthLogin MFA challenge flows, password/MFA recovery pages
BillingCustomer billing management UI (pairs with API Stripe work)
JobsLeg create/show updates, job rates, leg audit on reports, job tags UI
OnboardingWalkthrough/tutorial (auto-tutorial flow adjusted in later commits)
Tags & settingsExpanded tags, settings updates, tenant isolation fix (mirrors API)
Tier gatingUI gates aligned with API feature flags
Help / feedbackGetting-started help, feedback page rename
InfraSocket auth centralization, app link association files, deploy workflow alignment

Version jump (on merge): 2.28.21 (prod) → 2.31.0 (alpha).

2. QA review and test plan

Test on alpha before merging promote PRs. API and service should be promoted together—service Dashboard V2 and billing UI depend on new API routes and models.

See the dedicated matrix: alpha-to-production-release-2026-05-12-qa-matrix.md.

P0 — must pass before prod

#FlowWhy
1Login / sessionRefresh-token versioning + MFA challenge/recovery; risk of unexpected logouts
2MFA enroll / verify / recoveryEmail + TOTP paths, locked-out recovery
3Tier-gated featuresStarter vs Growth vs Pro: dashboards, live updates, route optimization, saved reports
4Dashboard V2Create/edit layouts, widgets, role visibility; tier flags off/on per tenant
5Dispatch / trucking schedulerTiming alerts, resource day view, drag-drop, multi-day events
6Jobs — rates & legsJob show rates, leg create, leg audit on reports
7Settings → UsersTenant isolation (users must not leak across tenants)
8Super-admin → LeadsInbox, notes, status, assignee, create customer from lead
9Public lead capture/public/leads + Turnstile; rate limits; webhook if configured
10Billing / StripeCheckout, webhook-driven status on customer; super-admin billing views
11OnboardingSelf-serve signup path, tutorial progress persistence, CSV import
12TagsCreate/assign on jobs/customers; no API startup errors (post duplicate-Tag fix)

P1 — regression by module

  • Invoices / manifests / payouts — tutorial flags, manifest display, leg route isolation (re-verify with scheduler changes).
  • Search & approvals — scoped results after search tightening.
  • Chat — read receipts / conversation updates.
  • Reports — saved report limits vs tier; seat-cap behavior (monitor vs hard if enabled).
  • Mobile API consumers — legs mobile-dashboard triptych shape if mobile not redeployed.
  • GDPR — export/delete entry points if exposed in UI.

P2 — admin / ops

  • Super-admin customer tabs, API key/email modals.
  • Audit log listing (new admin route).
  • Emergency deploy workflow (ops only).

Suggested QA environments

LayerWhere to test
APIAlpha API host (per deploy workflow / APP_URL vars)
Web appAlpha service host (paired with alpha API)
StripeTest mode keys + webhook endpoint pointed at alpha
TurnstileSite keys for alpha/public lead forms

Known gaps for QA

  • API has many tests classified needs-review in tests/test-inventory.md; CI runs test:non-db on deploy, not the full DB suite—manual exploratory testing on alpha is important.
  • Service had periods of tests disabled for deploy in branch history; rely on alpha smoke + P0 matrix.

3. Dev team: DB models, scripts, and breaking changes

New or materially changed models (API)

Model / areaChangeDev action
Dashboard (new)Tenant-scoped saved dashboards/widgetsEnsure indexes; run seeds if using system defaults
Customerbilling subdocument, tags[], grandfatherFullAccess, enforcementModeOptional: node scripts/backfill-billing-customers.js (dry-run first)
Usermfa, refreshTokenVersion, tutorialProgress, uiPreferences, metadataExisting users default safely; MFA via enroll flow
LeadPublic + super-admin lead flowsVerify indexes for list/filter
TagExpanded taggingConfirm no duplicate model registration on deploy
AuthChallengeMFA challengesMonitor collection growth; TTL/index if configured
AuditLog (new)Admin audit trailIndex customerId / createdAt for admin UI
Job / Leg / othersMinor fields for dashboards, timing, tagsReview diffs for any required backfill

Not in alpha: TenantRole, permission middleware, backfill-tenant-roles.js (local feature/tenant-roles-permissions only).

Scripts and ops (runbook)

ScriptWhen
scripts/backfill-billing-customers.jsIf prod tenants need customer.billing synced from Stripe
scripts/manage-indexes.js / scripts/manage-atlas-indexes.jsAfter schema changes; confirm Atlas search indexes
scripts/seed-dev.js / dashboard seedsDev/staging unless controlled prod seed plan exists
scripts/verify-seed.jsPost-seed validation in non-prod

Environment variables to verify in production

  • Stripe: STRIPE_SECRET, price IDs, STRIPE_BILLING_WEBHOOK_SECRET
  • Public leads: Turnstile secrets, NEW_LEAD_WEBHOOK_URL (optional)
  • Seat caps: SEAT_CAP_HARD_ENFORCE and per-customer billing.enforcementMode (monitor vs hard)
  • Feature flags / tiers: planTier, grandfatherFullAccess, betaAllowlist on Customer
  • MFA / auth: email delivery for challenges; refresh cookie behavior behind load balancers

Breaking / behavior-change risks

RiskDetailMitigation
Refresh token versioningOlder sessions may invalidate on login/refresh churnCommunicate “re-login once” if auth errors spike
Legs tenant scopingCross-tenant leg IDs return 404 (not 403)Clients must not misread 404
Mobile dashboard API shapeLegs mobileDashboard triptych sectionsConfirm mobile build version or accept API-only risk
Tier gatingFeatures hidden by planSet grandfatherFullAccess for VIP tenants if needed
Dashboard feature flagsOff by default per tierEnable via config/flags before announcing Dashboard V2
Stripe webhooksBilling state driven by eventsRegister prod webhook URL before go-live; replay failed events
Duplicate Tag modelStartup crash on beta (fixed in PR #185)Confirm fix is in promote commit
Service/API skewService 2.31.0 expects newer APIDeploy API to prod before or with service; never service-first

Deployment mechanics

  1. Merge refreshed alpha → main PRs (API + service).
  2. Workflows deploy on push to main (unless [no deploy] in commit message).
  3. API runs standard-version on prod merge (patch bump + [no deploy] version commit).
  4. Use production GitHub environment approvals if configured.
flowchart LR
  A[QA sign-off on alpha] --> B[Refresh alpha→main PRs]
  B --> C[Merge API main]
  C --> D[Verify API health + webhooks]
  D --> E[Merge Service main]
  E --> F[Smoke prod: login, jobs, dashboard, billing]
  1. Complete P0 QA on alpha.
  2. Update or recreate promote PRs so they include 2026-05-12 commits.
  3. Merge API → verify health, Stripe webhook, public leads.
  4. Merge service → smoke Dashboard V2, dispatch, super-admin.
  5. Monitor auth errors, 404 on legs, and Stripe webhook logs for 24–48 hours.

Out of scope for this promote

  • Tenant roles & permissions (in-progress; not on alpha).
  • Mobile native/OTA (separate repo; validate API contract if mobile stays on older build).
  • attunelogic-landing (not reviewed for this report).

Metadata

  • Source repos: ferda-tech/attunelogic-api, ferda-tech/attunelogic-service
  • Comparison: origin/main..origin/alpha as of 2026-05-16
  • Owner: engineering
  • Last updated: 2026-05-16