Skip to content

Devtrack pulse/fixes#26

Merged
mahesh-solanke merged 6 commits into
mainfrom
devtrack-pulse/fixes
Dec 23, 2025
Merged

Devtrack pulse/fixes#26
mahesh-solanke merged 6 commits into
mainfrom
devtrack-pulse/fixes

Conversation

@mahesh-solanke

@mahesh-solanke mahesh-solanke commented Dec 23, 2025

Copy link
Copy Markdown
Owner

DevTrack SDK v0.4.1 - Bugfix Release

🐛 Issues Fixed

Issue 1: Dashboard Displaying Incorrect Summary Statistics

Problem:

  • Dashboard KPI cards were showing malformed data like {"1": 10} instead of proper metrics
  • Users couldn't see correct values for total requests, unique endpoints, average latency, etc.
  • This made the dashboard essentially unusable for monitoring

Root Cause:

  • DuckDB's conn.description sometimes returns generic column names like ["1"] or ["NUMBER"] instead of actual SQL column names
  • The code was directly using these invalid column names to create dictionaries, resulting in wrong keys
  • This affected get_stats_summary(), get_logs_by_path(), and get_logs_by_status_code() methods

Fix:

  • Added robust fallback mechanism that uses known column names when DuckDB returns invalid descriptions
  • Applied consistent error handling across all database query methods
  • Ensures proper field names are always used regardless of DuckDB's column description quirks

Impact:

  • ✅ Dashboard now displays correct metrics (total requests, unique endpoints, avg/min/max duration, success/error counts)
  • ✅ KPI cards are fully functional and show accurate data
  • ✅ All database queries work consistently across different DuckDB versions
  • ✅ Users can now properly monitor their API health through the dashboard

Issue 2: Request Detail View Not Displaying Styles in New Window

Problem:

  • When users clicked on request IDs to view details in a new window, some saw a plain white screen without any styling
  • The detail view appeared broken, making it impossible to read request information
  • This was particularly problematic for users with certain browser configurations or CSP policies

Root Cause:

  • document.write() method can fail in certain browser environments or with Content Security Policies
  • HTML escaping issues could break the document structure
  • No fallback mechanisms if the primary method failed

Fix:

  • Implemented multiple fallback methods for maximum compatibility:
    1. Blob URL (primary) - Works with CSP, no size limits
    2. Data URL (fallback) - For older browsers
    3. document.write() (final fallback) - Universal support
  • Improved HTML escaping with manual escaping function for better security
  • Enhanced HTML structure with proper meta tags and viewport settings
  • Better error handling with automatic fallback to modal view

Impact:

  • ✅ Request detail views now display correctly with full styling across all browsers (Chrome, Firefox, Safari, Edge)
  • ✅ Works with Content Security Policies enabled
  • ✅ Improved security with proper HTML escaping
  • ✅ Better user experience - users can now properly inspect request details

📊 Additional Improvements

  • Enhanced API Logging: Improved logging in fetchStats() for better debugging
  • Database Query Robustness: All database query methods now handle DuckDB quirks consistently
  • Better Error Handling: More graceful error recovery across the codebase

✅ Testing

  • 48/48 automated tests passing (100% pass rate)
  • All fixes verified across multiple browsers and environments
  • DuckDB compatibility tested with different versions
  • CSP compatibility verified

🔄 Migration

No breaking changes! This is a backward-compatible bugfix release.

Simply upgrade:

pip install --upgrade devtrack-sdk

All existing functionality remains the same. The fixes are automatically applied.

📝 Summary

This release fixes two critical bugs that were preventing users from properly using the dashboard:

  1. Dashboard statistics now display correctly - Users can see accurate metrics
  2. Request detail views work across all browsers - Users can inspect request details properly

Both issues are now resolved, and the dashboard is fully functional for monitoring API health.

@mahesh-solanke
Refactor database query execution and enhance error handling
97aca4f 
- Updated the database query execution in `DevTrackDB` to use a cursor for better error handling and added fallback logic for retrieving column names, ensuring compatibility with various database quirks.
- Improved the `RequestLogs` component by implementing a robust HTML escaping function to prevent XSS vulnerabilities and enhance the method for opening new windows with request details.
- Added console logging in the `fetchStats` function to track API requests and responses for better debugging and monitoring.
@mahesh-solanke
added release notes for v0.4.1 addressing critical bugs.
638ce77 
- Introduced new release notes for v0.4.1, detailing critical bug fixes related to DuckDB compatibility and dashboard functionality, along with improvements in API logging and database query robustness.
@mahesh-solanke
Update FINAL_TEST_SUMMARY.md for v0.4.1 release
2098c5a 
- Incremented version to 0.4.1 and updated release date to 2025-12-23.
- Verified all features and tests, with 48 automated tests passing.
- Enhanced FastAPI middleware with 16 tests passing and updated metrics endpoints for v0.4.1.
- Documented bug fixes related to DuckDB compatibility and request detail views.
- Confirmed all functionalities are operational and ready for release.
@codacy-production

codacy-production Bot commented Dec 23, 2025
edited
Loading

Copy link
Copy Markdown

Codacy's Analysis Summary

8 new issues (≤ 0 issue)
7 new security issues
5 complexity
6 duplications

Review Pull Request in Codacy →

AI Reviewer available: add the codacy-review label to get contextual insights without leaving GitHub.

@mahesh-solanke
Enhance SQL query safety in DevTrackDB by validating limit and offset…
f4a3176 
… parameters

- Added validation to ensure limit and offset are non-negative integers to prevent SQL injection vulnerabilities in the `DevTrackDB` class.
- Updated relevant SQL query executions to use sanitized limit values for improved security.
@mahesh-solanke
Implement integer validation for SQL parameters in DevTrackDB
235483f 
- Added a static method `_validate_int` to ensure integer parameters are validated and sanitized, preventing SQL injection vulnerabilities.
- Updated SQL queries in various methods to use validated integer values for `days` and `hours` parameters, enhancing security and robustness of the database interactions.
@mahesh-solanke
Enhance SQL query safety in DevTrackDB and improve RequestLogs component
297deec 
- Added comments to clarify that SQL parameters are parameterized with placeholders, ensuring safety from SQL injection.
- Updated the RequestLogs component to use the Blob API for creating safe URLs and added comments to confirm the safety of HTML encoding for data URLs.
- Improved documentation within the code to enhance understanding of security measures implemented.
@mahesh-solanke mahesh-solanke self-assigned this Dec 23, 2025
@mahesh-solanke

mahesh-solanke commented Dec 23, 2025

Copy link
Copy Markdown
Owner Author

I have reviwed Codacy Production / Codacy Static Code Analysis carefully, these shall not be blocker for this merge as

  • Specified lines does not have any risk

@mahesh-solanke mahesh-solanke merged commit 9d5e969 into main Dec 23, 2025
2 of 3 checks passed
@mahesh-solanke mahesh-solanke deleted the devtrack-pulse/fixes branch December 23, 2025 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mahesh-solanke mahesh-solanke

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mahesh-solanke