QC Analytics Dashboard — In Development, Planned for July Release
🚧 Coming Soon
Admin-Lite · Audit-Admin · KPI Cards · Trend Charts · Outlet Ranking · Top Issues · Excel Export · Per-Period Deltas · Thai demo deployed
0
Before
→
✓
Live
A full QC Analytics Dashboard has been built and is in final development — gated by the QC_DASHBOARD feature flag, deployed for a Thai demo, and planned for org-wide release in July 2026.
Built from the ground up: KPI cards, trend charts over time, outlet ranking tables, top-issues heatmap, and server-side Excel export — all with per-period delta comparisons so teams can see if QC is improving week-over-week.
Built from the ground up: KPI cards, trend charts over time, outlet ranking tables, top-issues heatmap, and server-side Excel export — all with per-period delta comparisons so teams can see if QC is improving week-over-week.
What's on the Dashboard
- Overall QC Score, Passing Rate, and Issue Resolution Rate KPI cards with trend indicators
- Outlet Ranking table with weighted scores and per-period delta (valueDelta + trend direction)
- Top Issues heatmap — shows highest-frequency failure categories across sites
- Trend charts over time for all key metrics with customisable date ranges
- Distribution breakdowns by score band and category
- Paginated before lookups — fixes MongoNetworkTimeoutError for large orgs like Richeese
Export & Integrations
- Server-side Excel export via POST /dashboard/qc/analytics/export — all rows exported, one worksheet per metric
- Per-period delta comparison with opt-in compare flag — delta on distributions, valueDelta/trend on ranking
- Elapsed time exported as Excel-native time format ([h]:mm:ss) for XLSX and HH:MM:SS for CSV
- Avg IRT shows dash instead of "00 Minutes" when no resolved issues exist — cleaner UX
- QC Dashboard route integrated directly into audit-admin sidebar — no separate navigation
- completionTime format flag added to skip formatting in PDF/Excel download path
Impact
QC Dashboard — Planned for July Release
Excel Export
Per-Period Deltas
Outlet Ranking
Heatmap
Large-Org Paginated
Report Pipeline — Architecture & Performance
Delta Saves · GCS Bulk Download · Parallel Processing · Firebase Decoupling
Performance & Reliability
- New PATCH /update-answer endpoint for delta report saves — reduces per-save payload from ~8 KB to ~500 B, eliminating concurrent 500s under heavy autosave
- Bulk downloads now use GCS signed URLs via /bulk-download-url — bypasses the 32 MB Cloud Function response limit entirely
- Bulk download temp folders isolated per request — shared /tmp was producing corrupted ZIPs for concurrent downloads
- Parallel processing + DLQ in reportQueueHandler — issues and gallery data now available T+5 s instead of T+70 s after submission
- Report queue memory raised to 4 GB; Firebase RTDB writes reduced by ~75% via consolidated batch updates
Firebase Decoupling
- Statistics processing migrated from audit-functions to api-reports — cleaner ownership, no more Cloud Function dependency on submission path
- Synchronous RTDB write removed from check-in path — check-in is now fully non-blocking
- Report summary reconstructed from persisted MongoDB data on submit — eliminates a live Firebase read on the hot path
- Dead schedule notification functions removed (ADR-29) — scheduleNotifQueueMaker, notifyDeadline, and related handlers cleaned up
Impact
8 KB → 500 B Saves
No 32 MB Limit
T+5s Gallery
Reliability — Fleet-Wide Stability
MongoDB Pool Crisis · Query Timeouts · Richeese · Notification Events
MongoDB Fleet Incident (June 2)
- Stale TCP connections via GCP VPC NAT caused cascading 500s across all services — tuned socketTimeoutMS, maxIdleTimeMS, and heartbeatFrequencyMS fleet-wide across 20+ services
- Redis resilience hardened during HA failovers — enableOfflineQueue and maxRetriesPerRequest increased from 1 to 3
- MongoDB pool idle/heartbeat settings relaxed across all services to prevent stale connection cascades
Query Performance Fixes
- Notification events query fixed — collation was forcing full 16M-document scans; now uses compound index; $facet replaced with parallel countDocuments + aggregate
- Richeese 30-day consolidated report timeout fixed — removed unindexed $or + sections.questionnaire from download query and hardcoded index hint
- QC dashboard paginated before lookups — prevents MongoNetworkTimeoutError for large orgs
- Public API report and issue list lookups deferred past pagination — fixed 500s for Richeese
- Nimbly-cloud API gateway binary corruption fixed — Axios was mangling ZIP/PDF/XLSX byte streams in the proxy layer
Impact
Fleet Stabilised
16M Scan Eliminated
Richeese Timeouts Fixed
Echo Vision — AI Recording Platform
Deepgram · Calendar Home · Mic Picker · Password Reset
- Deepgram cutover complete — previous default language was Indonesian (id), silently producing empty transcripts for all non-Indonesian audio; now defaults to multi-language
- Month-calendar home view with per-day mic upload counts and day-detail drawer — gives managers visibility into recording coverage at a glance
- Unknown-mic detection: recordings with unresolvable mics now surfaced on calendar, counted in stats, and blocked from import until mic is chosen
- Animated "please upload" reminder popup fires when no uploads detected in 2 days
- Self-service forgot/reset password — app, admin, and API with rate-limited endpoints
- Safe-to-unplug modal on ready-to-sync screen; REC filename timestamp parser dates audio by recorder clock, not upload time
- Org context Markdown editor in org create/edit forms — provides meeting context to AI models
Impact
Deepgram Live
Calendar Coverage
Self-Service Password
Schedule & Notifications
ADR-044 Geofencing · ADR-27 Cloud Tasks · Timezone Fixes
- Geofencing decision moved server-side (ADR-044) — server now authors isLocationRequiredForCheckIn on the schedule list; client no longer computes this locally
- Report-due notification migrated from Firebase Cloud Functions to Cloud Scheduler + Cloud Tasks (ADR-27) — named task deduplication, OIDC auth, and DLQ observability
- Deprecated POST /report-due route and dead auditor/schedule notification handlers removed (ADR-29) — significant Cloud Functions cleanup
- Schedule progress endpoint rewritten O(N) — 600 ms vs 7–10 s for users with 289 schedules; timeout eliminated for large orgs
- Site and org timezone now used in check-in future date validation — was using server timezone, causing wrong rejections
- Schedule custom timezone fallbacks fixed for statistic timezone computation
Impact
Server-Side Geofencing
Cloud Tasks Migration
10× Progress Speed
WhatsApp & Notifications
Twilio Migration · PubSub Subscriber · SendGrid Failures
- AiSensy replaced with Twilio for WhatsApp notifications — more reliable delivery, better API support
- New PubSub subscriber entry point in api-whatsapp — dual API + PubSub delivery paths; notification subscriber decoupled from nimbly-cloud monolith
- Permanent email failure handling from SendGrid — 4xx errors acknowledged and persisted to notification-errors instead of re-queued
- ADV templates migrated to dynamic media URLs — no more hardcoded CDN paths
- PubSub body parser limit raised to 10 MB — was rejecting bulk notification payloads
- pubsubNotification subscriber removed from nimbly-cloud monolith — fully owned by api-whatsapp now
Impact
Twilio Live
PubSub Subscriber
Failure Handling
Security & Bug Fixes
Fleet-Wide Injection Protection · Escalation Fix · AuthGuard · Escalation Data Patch
Security
- NoSQL injection protection applied fleet-wide — express-mongo-sanitize middleware deployed across all API services (api-issues, api-users, api-schedules, api-questionnaires, api-statistics, api-bulk-operations, api-departments, api-nps, api-customer-feedback, api-skus, and more)
- Email regex lookup escaped in api-users — prevents ReDoS on activation and password-reset paths
- Phone number removed from Firebase Auth storage — was causing auth/phone-number-already-exists errors on user updates
- 4-eyes human reviewer enforcement added to api-users and api-auth production deploy workflows
- PDF.js pinned to v3 in audit-admin and CVE-2024-4367 mitigated — critical XSS vulnerability in the PDF renderer
Bug Fixes
- AuthGuard spinner stuck on cold start fixed in audit-lite — decoupled useAuthedUser query key from authStatus; silenced 45,723 Sentry events across 10,893 users since January 2026
- Escalation shared-object mutation fixed (Modinity) — escalateIssuesV2 was adding all 7–8 Area Supervisors instead of 1, polluting 427 issues across 6 orgs; data cleaned via script
- Login blocked for orgs with stringified feature flags (e.g., "true" string for SALES_TARGET_TRACKER) — now correctly tolerates string booleans
- Issue message reaction update failing on cold Cloud Function instances fixed — pre-fetch with once('value') to warm SDK cache
- NPS submit cooldown enforced against submission history — dismiss action was incorrectly clearing the cooldown window
- Audit-web completed schedule navigation aligned with audit-lite — same bottom sheet UX, "View Report" routes to Reports list
Impact
Fleet Injection-Protected
CVE-2024-4367 Fixed
45K Sentry Events Gone
427 Issues Patched
Infra, Gateway & Deprecations
API Gateway · Circuit Breaker · Org Single-Writer · RTDB Tests · Feature Deprecations
API Gateway
- Nimbly-Go-API gateway deployed to Firebase Hosting with a full CI/CD pipeline — /v1/ping health route live; reports routed through Cloud Run to bypass 32 MB limit
- Automatic failover + circuit breaker integrated in admin-lite via Cockatiel — graceful degradation when gateway is unreachable
- Device timezone header added to CORS in the gateway — fixes timezone-aware requests from mobile clients
- Non-AI human reviewer approval required to deploy gateway to production
Organisation Single-Writer Migration
- api-organizations now owns org creation with a new POST /organizations/:id endpoint and direct MongoDB sync — replaces the Firebase organizationMongoHook trigger
- organizationPrefix field added to superadmin org editor; organizationPrefix type corrected from Number to String in entity-node
Firebase RTDB Integration Tests
- Firebase RTDB emulator integration tests added across 8 services — api-issues, api-users, api-questionnaires, api-organizations, api-reports, api-schedules, api-skus, and entity-node all now have real emulator coverage
Feature Deprecations
- Broadcast messaging, Sales Target Tracker, and Customized Marketing formally deprecated — documented in Compass and hidden behind feature flags in admin sidebar; organisations can no longer access these features
- Auto-mapping users to department option removed from audit-admin
- LMS quiz bulk upload template updated to point to the correct GCS bucket
Impact
Gateway Live
Circuit Breaker
Single-Writer Org
8 Services RTDB-Tested
3 Features Deprecated