v1.4.40 closed the architecture-level Critical+High audit findings and shipped the iOS PB30 backend prerequisites. v1.4.41 is the follow-up: one user-visible perf hotfix on the iOS-facing insights endpoints (consolidated into a shared timeout-stub helper that now backs all seven status routes), three remaining soft-delete reader-tier gaps closed, type-consolidation across analytics + backups, a four-branch iOS-onboarding discovery endpoint with per-IP rate-limiting, and a code-hygiene pass that retires the v1.4.39 W-SUM legacy-NULL UNION discovery arm, extracts the today-intake projection helper, and trims a batch of dead exports.
Added
POST /api/auth/check-user— four-branch discovery endpoint for iOS onboarding (not_found/passkey_only/email_fallback/exists). Per-IP rate-limited (30 / 15 min); identifier matched verbatim so a mixed-case registration resolves through the route.src/lib/insights/persist-timeout-stub.ts— one shared helper for the timeout-stub persist + cache short-circuit pattern, now backing all seven*-statusroutes (bmi, blood-pressure, weight, pulse, mood, medication-compliance, general). Replaces ~120 LOC of duplicateprisma.auditLog.create({ … timeout: true })blocks.src/lib/medications/scheduling/project-today-intakes.ts— single canonical home for the today-intake projection + idempotentcreateMany+ per-(med, day)compliance recompute. ~200 inline lines collapse to a 145-line helper + two short call sites.
Changed
- Types consolidated into
src/types/analytics.ts(four named per-surface shapes) andsrc/types/backups.ts. Prompts unified undersrc/lib/ai/prompts/. queryKey factory expanded withauth,notifications,aboutmigrations. - queryKey factory enforcement promoted from the test-guard substitute to a real ESLint rule for fail-fast IDE/CI feedback.
/streak/*formally deprecated per the SB-9 follow-up.- Operator documentation: pg.Pool sizing guidance for multi-container deploys.
- Per-tile Suspense fallback on the dashboard tile-strip is now a layout-stable placeholder div (CLS prevention for future RSC hoist).
Fixed
- Insights status routes — recurring ~14 s warm response on iOS. All seven
*-statusroutes now route through the sharedpersistTimeoutStubAndReturnhelper; the next-mount cache short-circuit eliminates the per-day re-race. Response envelopes byte-compatible — iOS v0.5.4 contract preserved. /api/auth/check-useridentifier mismatch. Route now queries the identifier verbatim againstusername+email; aMixedCase@Example.comprobe resolves correctly instead of routing to sign-up.- Soft-delete invisibility in three remaining reader tiers (
/api/exportbundle,/api/gamification/achievements, doctor-report PDF aggregator). Integration tests pin all five W-DELETED-2 reader tiers. - Tree hygiene — v1.4.39 W-SUM legacy-NULL UNION discovery arm retired; per-day missing coverage remains the sole discovery anchor.
- Five
@typescript-eslint/no-unused-varswarnings cleared; three rollup helpers lose their unused optionaltx?parameter; thirteen knip-flagged dead exports trimmed (48 → 35 unused exports).
Performance
- Seven insights
*-statusroutes: subsequent-mount path 14–20 s → ~50 ms. Once the AI provider has stalled once that day, the timeout-stub short-circuit eliminates the re-race for the rest of the day. The first-of-day stall still spends the 20 s budget (same as bmi-status pre-v1.4.41).
Operator notes
- No migration, no env-var change, no API contract break for iOS v0.5.4.
- AP-2 .p8 key install is now closed — SB-5 time-sensitive APNs (shipped in v1.4.40) is effective as of v1.4.41 deploy.
/api/dashboard/widgets422 on iOS is an iOS payload-shape mismatch, not a server validator gap. v1.4.42 will land multi-issue Zod-error diagnostics.- Knip exports/types tier remains staged. Post-v1.4.41 baseline: 35 unused exports + 52 unused exported types;
--includeflip to enforcing mode deferred to v1.4.42 once the ignore block has been triaged. pnpm test --rungreen at 4732 passing / 1 skipped (4733 total).pnpm typecheck,pnpm lint,pnpm knip --include files,dependencies,binaries,unlistedall green.