Product & Engineering Update

June 2026 · Internal Company Update

June 2026
📊
QC
Analytics Dashboard — Planned for July Release
KPI cards · Trend charts · Outlet ranking · Heatmap · Excel export · Thai demo deployed
🛡️
45K
Sentry Events Silenced — AuthGuard Spinner Fixed
45,723 events · 10,893 affected users · Cold start spinner since Jan 2026
10×
Schedule Progress Speed — O(N) Rewrite
~600 ms vs 7–10 s for large orgs · 289 schedules · Timeout eliminated
📄
Report Pipeline — Architecture & Performance
Delta Saves · GCS Bulk Download · Parallel Processing · Firebase Decoupling
  • New PATCH /update-answer endpoint for delta report saves — reduces per-save payload from ~8 KB to ~500 B, eliminating concurrent 500s under heavy autosave
  • Bulk downloads now use GCS signed URLs via /bulk-download-url — bypasses the 32 MB Cloud Function response limit entirely
  • Bulk download temp folders isolated per request — shared /tmp was producing corrupted ZIPs for concurrent downloads
  • Parallel processing + DLQ in reportQueueHandler — issues and gallery data now available T+5 s instead of T+70 s after submission
  • Report queue memory raised to 4 GB; Firebase RTDB writes reduced by ~75% via consolidated batch updates
  • Statistics processing migrated from audit-functions to api-reports — cleaner ownership, no more Cloud Function dependency on submission path
  • Synchronous RTDB write removed from check-in path — check-in is now fully non-blocking
  • Report summary reconstructed from persisted MongoDB data on submit — eliminates a live Firebase read on the hot path
  • Dead schedule notification functions removed (ADR-29) — scheduleNotifQueueMaker, notifyDeadline, and related handlers cleaned up
Impact
8 KB → 500 B Saves No 32 MB Limit T+5s Gallery
🔥
Reliability — Fleet-Wide Stability
MongoDB Pool Crisis · Query Timeouts · Richeese · Notification Events
  • Stale TCP connections via GCP VPC NAT caused cascading 500s across all services — tuned socketTimeoutMS, maxIdleTimeMS, and heartbeatFrequencyMS fleet-wide across 20+ services
  • Redis resilience hardened during HA failovers — enableOfflineQueue and maxRetriesPerRequest increased from 1 to 3
  • MongoDB pool idle/heartbeat settings relaxed across all services to prevent stale connection cascades
  • Notification events query fixed — collation was forcing full 16M-document scans; now uses compound index; $facet replaced with parallel countDocuments + aggregate
  • Richeese 30-day consolidated report timeout fixed — removed unindexed $or + sections.questionnaire from download query and hardcoded index hint
  • QC dashboard paginated before lookups — prevents MongoNetworkTimeoutError for large orgs
  • Public API report and issue list lookups deferred past pagination — fixed 500s for Richeese
  • Nimbly-cloud API gateway binary corruption fixed — Axios was mangling ZIP/PDF/XLSX byte streams in the proxy layer
Impact
Fleet Stabilised 16M Scan Eliminated Richeese Timeouts Fixed
🎙️
Echo Vision — AI Recording Platform
Deepgram · Calendar Home · Mic Picker · Password Reset
  • Deepgram cutover complete — previous default language was Indonesian (id), silently producing empty transcripts for all non-Indonesian audio; now defaults to multi-language
  • Month-calendar home view with per-day mic upload counts and day-detail drawer — gives managers visibility into recording coverage at a glance
  • Unknown-mic detection: recordings with unresolvable mics now surfaced on calendar, counted in stats, and blocked from import until mic is chosen
  • Animated "please upload" reminder popup fires when no uploads detected in 2 days
  • Self-service forgot/reset password — app, admin, and API with rate-limited endpoints
  • Safe-to-unplug modal on ready-to-sync screen; REC filename timestamp parser dates audio by recorder clock, not upload time
  • Org context Markdown editor in org create/edit forms — provides meeting context to AI models
Impact
Deepgram Live Calendar Coverage Self-Service Password
🗓️
Schedule & Notifications
ADR-044 Geofencing · ADR-27 Cloud Tasks · Timezone Fixes
  • Geofencing decision moved server-side (ADR-044) — server now authors isLocationRequiredForCheckIn on the schedule list; client no longer computes this locally
  • Report-due notification migrated from Firebase Cloud Functions to Cloud Scheduler + Cloud Tasks (ADR-27) — named task deduplication, OIDC auth, and DLQ observability
  • Deprecated POST /report-due route and dead auditor/schedule notification handlers removed (ADR-29) — significant Cloud Functions cleanup
  • Schedule progress endpoint rewritten O(N) — 600 ms vs 7–10 s for users with 289 schedules; timeout eliminated for large orgs
  • Site and org timezone now used in check-in future date validation — was using server timezone, causing wrong rejections
  • Schedule custom timezone fallbacks fixed for statistic timezone computation
Impact
Server-Side Geofencing Cloud Tasks Migration 10× Progress Speed
💬
WhatsApp & Notifications
Twilio Migration · PubSub Subscriber · SendGrid Failures
  • AiSensy replaced with Twilio for WhatsApp notifications — more reliable delivery, better API support
  • New PubSub subscriber entry point in api-whatsapp — dual API + PubSub delivery paths; notification subscriber decoupled from nimbly-cloud monolith
  • Permanent email failure handling from SendGrid — 4xx errors acknowledged and persisted to notification-errors instead of re-queued
  • ADV templates migrated to dynamic media URLs — no more hardcoded CDN paths
  • PubSub body parser limit raised to 10 MB — was rejecting bulk notification payloads
  • pubsubNotification subscriber removed from nimbly-cloud monolith — fully owned by api-whatsapp now
Impact
Twilio Live PubSub Subscriber Failure Handling
🔒
Security & Bug Fixes
Fleet-Wide Injection Protection · Escalation Fix · AuthGuard · Escalation Data Patch
  • NoSQL injection protection applied fleet-wide — express-mongo-sanitize middleware deployed across all API services (api-issues, api-users, api-schedules, api-questionnaires, api-statistics, api-bulk-operations, api-departments, api-nps, api-customer-feedback, api-skus, and more)
  • Email regex lookup escaped in api-users — prevents ReDoS on activation and password-reset paths
  • Phone number removed from Firebase Auth storage — was causing auth/phone-number-already-exists errors on user updates
  • 4-eyes human reviewer enforcement added to api-users and api-auth production deploy workflows
  • PDF.js pinned to v3 in audit-admin and CVE-2024-4367 mitigated — critical XSS vulnerability in the PDF renderer
  • AuthGuard spinner stuck on cold start fixed in audit-lite — decoupled useAuthedUser query key from authStatus; silenced 45,723 Sentry events across 10,893 users since January 2026
  • Escalation shared-object mutation fixed (Modinity) — escalateIssuesV2 was adding all 7–8 Area Supervisors instead of 1, polluting 427 issues across 6 orgs; data cleaned via script
  • Login blocked for orgs with stringified feature flags (e.g., "true" string for SALES_TARGET_TRACKER) — now correctly tolerates string booleans
  • Issue message reaction update failing on cold Cloud Function instances fixed — pre-fetch with once('value') to warm SDK cache
  • NPS submit cooldown enforced against submission history — dismiss action was incorrectly clearing the cooldown window
  • Audit-web completed schedule navigation aligned with audit-lite — same bottom sheet UX, "View Report" routes to Reports list
Impact
Fleet Injection-Protected CVE-2024-4367 Fixed 45K Sentry Events Gone 427 Issues Patched
🏗️
Infra, Gateway & Deprecations
API Gateway · Circuit Breaker · Org Single-Writer · RTDB Tests · Feature Deprecations
  • Nimbly-Go-API gateway deployed to Firebase Hosting with a full CI/CD pipeline — /v1/ping health route live; reports routed through Cloud Run to bypass 32 MB limit
  • Automatic failover + circuit breaker integrated in admin-lite via Cockatiel — graceful degradation when gateway is unreachable
  • Device timezone header added to CORS in the gateway — fixes timezone-aware requests from mobile clients
  • Non-AI human reviewer approval required to deploy gateway to production
  • api-organizations now owns org creation with a new POST /organizations/:id endpoint and direct MongoDB sync — replaces the Firebase organizationMongoHook trigger
  • organizationPrefix field added to superadmin org editor; organizationPrefix type corrected from Number to String in entity-node
  • Firebase RTDB emulator integration tests added across 8 services — api-issues, api-users, api-questionnaires, api-organizations, api-reports, api-schedules, api-skus, and entity-node all now have real emulator coverage
  • Broadcast messaging, Sales Target Tracker, and Customized Marketing formally deprecated — documented in Compass and hidden behind feature flags in admin sidebar; organisations can no longer access these features
  • Auto-mapping users to department option removed from audit-admin
  • LMS quiz bulk upload template updated to point to the correct GCS bucket
Impact
Gateway Live Circuit Breaker Single-Writer Org 8 Services RTDB-Tested 3 Features Deprecated