Highlights
- Installable mobile PWA support with a manifest, home-screen icons, and install prompt for supported mobile browsers
- Stronger security automation with CodeQL, gosec, Trivy filesystem/image scans, CycloneDX SBOM generation, and Codecov reporting
- Baseline browser hardening headers on HTTP responses
- Backend quality improvements with lower cyclomatic complexity and broader regression coverage
- Cleaner public documentation and a more product-oriented README
Notes
- Mobile PWA support is currently install-only. Offline mode and service workers remain deferred pending a dedicated privacy review.
- SQLite remains the baseline default storage engine. Postgres stays available as an advanced self-hosted path.