Product changelog

Appearance

May 15, 2026 — Backend

Release date: Friday, May 15, 2026

Summary

This week the API gained device trust and session management for sign-in, a broad set of insurance workbook and renewal-year endpoints, and Naturskade price zones resolved from municipality. Building and insurance responsibilities were clarified (compliance vs storskade/factors), with seeds and env/email configuration updates for test and production setups.

Shipped

  • Auth — devices and sessions: Per-user devices with trust/forget flows, device cookie, session list/revoke, and admin revoke-all sessions for a user.
  • Auth — configuration: Frontend base URL and path env vars for login and device-management links; email footer and reply-to settings aligned with notification content.
  • Insurance — workbook: Insurance years, workbook profiles, object-value preview, coverage issuance/expiry, and automatic sync of workbook fields from the building domain on persist.
  • Insurance — Naturskade pricing: Municipality-to-zone reference data and runtime LOCATION resolution from municipality (workbook no longer stores priceZoneCode).
  • Insurance — reference and renewal: Price table lines by building type (buildingTypeId); renewal-year reference GETs and audited PATCHes for factors, deductibles, indexes, and tariffs on projected drafts.
  • Building / insurance split: Major-damage and storskade-related modeling moved toward insurance; building retains compliance-oriented risk flags.
  • Seeds: Demo properties and buildings; optional insurance-only seed mode for lean test databases.

Engineering (commit recap)

Backend — week of May 11 – May 17, 2026

Window: 2026-05-08 < commit date < 2026-05-16 (git log --no-merges).

Summary

Thirty-seven non-merge commits landed in the backend repo, focused on auth device trust and refresh-session APIs, insurance workbook and renewal surfaces, Prisma migrations for Naturskade zone tables, and a refactor that splits building compliance risk from insurance-owned storskade and factor mapping. Documentation, OpenAPI, http/api.http, and co-located tests were updated alongside the features they describe.

Themes

  • Device trust and session control: UserDevice model, refresh tokens linked to devices, trust moved to the device (not the token), HTTP APIs for list/trust/forget devices and list/revoke sessions, plus admin bulk session revoke.
  • Insurance workbook and coverage: Expanded building insurance profile and workbook PATCH rules, object-value preview, coverage GET and mid-term expiry, building-to-workbook sync on persist, and removal of redundant factor codes on profiles.
  • Naturskade price zones: New municipality price-zone map tables and seeds; LOCATION factor derived from municipality; priceZoneCode dropped from persisted workbook state.
  • Insurance year / renewal: Lifecycle with reference GETs and PATCH upserts for deductibles, factors, indexes, and tariffs on projected renewal years; tariff lookup by key documented.
  • Schema, seeds, and env: Migrations for insurance/building split and idempotent factor migration fixes; demo property/building seeds; insurance-only seed option; env refactor for frontend URLs and email configuration.

Notable fixes or risks (if any)

  • Production migrate: Backfill migration 20260512100100_auth_backfill_user_device_from_sessions uses gen_random_bytes and requires PostgreSQL extension pgcrypto before prisma migrate deploy on fresh servers.
  • Breaking API: Price table line listing uses query buildingTypeId (integer FK), not buildingTypeCode.
  • Sign-in emails and IP: Untrusted-device alerts depend on proxy X-Forwarded-For; Safari with iCloud Private Relay may show a relay IP instead of the user’s home address.