feat: multi-index monitoring, security hardening, changelog & bug fixes

Author: superzero11

CHANGELOG.md

@@ -0,0 +1,85 @@
+# Changelog
+
+All notable changes to OpenFarm will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+## [Unreleased]
+
+### Added
+- Changelog page visible in-app under sidebar navigation.
+- SAVI L factor displayed on layer cards in field detail sidebar.
+
+### Fixed
+- Index tab order on field detail page now matches sidebar order (NDVI → EVI → SAVI → NDWI).
+- "Start Processing" button no longer stays disabled after a completed analysis job.
+- SAVI L factor now persisted in `params_json` on raster layers during pipeline processing.
+- API response for raster layers now includes `params_json` field.
+
+---
+
+## [0.3.0] - 2026-03-16
+
+### Added
+- Multi-index vegetation analysis: EVI, SAVI (configurable L factor), and NDWI alongside existing NDVI.
+- Index-specific colormaps and rescale ranges powered by a centralized `INDEX_REGISTRY`.
+- Per-index alert thresholds and severity rules.
+- Index type selector on field detail page, share page, and alert filters.
+- Job step progress labels for all four index types.
+- English and Spanish translations for all new index-related UI strings.
+
+### Changed
+- Raster layer unique constraint now includes `layer_type` (migration `0003`).
+- Alerts table extended with `index_type` column (migration `0002`).
+- Share page reports grouped by index type with toggle selector.
+- Tile URLs use per-index colormap/rescale from registry instead of hardcoded NDVI values.
+
+### Fixed
+- Containers no longer run as root — both API and Tiler Dockerfiles use a dedicated `appuser`.
+- Upload endpoint now whitelists `image/jpeg`, `image/png`, `image/webp` content types only.
+- `httpx.AsyncClient` lifecycle managed via FastAPI lifespan (created on startup, closed on shutdown) instead of leaked global.
+- Farm soft-delete cascade is now atomic (single `UPDATE` statement instead of select-and-loop).
+- Shapely `is_valid` check added to field geometry creation/update to reject invalid polygons.
+- Pagination offset capped at 100,000 to prevent expensive sequential scans.
+- Next.js database pool increased from 3 to 10 connections.
+- Organization context errors now show user-facing toast instead of silent `console.error`.
+
+### Security
+- Documented JWT-in-tile-URL trade-off in `SECURITY.md` with mitigations.
+- Added rate limits (`10/minute`) to `create_invite`, `remove_member`, and `cancel_invite` org endpoints.
+- Added Alembic migration `0004` with database indexes on `alerts.field_id`, `field_stats.field_id`, `field_stats.layer_id`, `jobs.field_id`, and `scouting_observations.field_id`.
+- Web service healthcheck added to `docker-compose.yml`.
+
+---
+
+## [0.2.0] - 2026-02-01
+
+### Added
+- Share links with public field reports and tile proxy.
+- Scouting observations with photo uploads via presigned MinIO URLs.
+- Organization invites with email notifications (Resend).
+- Audit event logging for all sensitive operations.
+- Role-based access control: owner, admin, member, viewer.
+- Rate limiting on job creation and upload endpoints.
+
+### Changed
+- CORS configuration moved to environment variable.
+
+---
+
+## [0.1.0] - 2025-12-15
+
+### Added
+- Initial release of OpenFarm platform.
+- Google OAuth authentication with NextAuth and JWT bridge to FastAPI.
+- Multi-tenant organization support with workspace switching.
+- Farm and field CRUD with GeoJSON geometry and PostGIS storage.
+- NDVI vegetation index pipeline: Sentinel-2 STAC search, band download, COG generation, zonal statistics.
+- TiTiler integration for COG tile serving with colormap rendering.
+- MapLibre GL JS map with PMTiles basemap and field/raster overlays.
+- Time-series charts with Apache ECharts.
+- Alert system with threshold and drop-percentage rules.
+- Celery worker for async satellite data processing.
+- Docker Compose stack: PostgreSQL+PostGIS, Redis, MinIO, TiTiler, Caddy.
+- Internationalization with next-intl (English, Spanish).
+- Structured logging with structlog (API) and pino (web).

README.md

@@ -36,7 +36,8 @@ Open source self-hostable and reproducible Crop Intelligence Platform
 
 ## Why OpenFarm
 - Self-hostable stack with clear service boundaries (Next.js ↔ FastAPI ↔ TiTiler ↔ MinIO ↔ PostGIS)
-- Reproducible NDVI pipeline with provenance (Element84 STAC → COG → TiTiler tiles)
+- Multi-index vegetation monitoring — NDVI, EVI, SAVI (configurable L factor), and NDWI from Sentinel-2 imagery
+- Reproducible pipeline with provenance (Element84 STAC → COG → TiTiler tiles)
 - Tenant isolation via `X-Org-Id` + JWT; RBAC (`owner`/`admin`/`member`/`viewer`)
 - MapLibre + PMTiles (no Mapbox token needed), ECharts for time series
 - Open, permissive BSD-3-Clause license
@@ -50,7 +51,7 @@ Open source self-hostable and reproducible Crop Intelligence Platform
 ## Architecture
 ```
 apps/web/       → Next.js 14 + NextAuth (Google OAuth) + Tailwind + shadcn/ui + MapLibre + ECharts
-services/api/   → FastAPI + SQLAlchemy 2.0 (async) + Alembic + Celery tasks (NDVI)
+services/api/   → FastAPI + SQLAlchemy 2.0 (async) + Alembic + Celery tasks (NDVI/EVI/SAVI/NDWI)
 services/tiler/ → TiTiler COG tile server (shared JWT auth)
 docker-compose.yml → Postgres/PostGIS, Redis, MinIO, API, Celery worker, TiTiler, Web
 ```
@@ -138,14 +139,15 @@ ruff format --check .
 - Geometry stored as `MultiPolygon(4326)`; polygons auto-wrapped
 - Audit events on key actions (e.g., field_created)
 
-## Feature Overview (MVP)
-- Auth: Google OAuth via NextAuth → JWT bridge (`/api/auth/token`)
-- Orgs & RBAC: owner/admin/member/viewer
-- Farms & Fields: draw/upload GeoJSON/KML, area calc, soft delete
-- NDVI Monitoring: STAC search → NDVI COG → TiTiler tiles → time-series stats
-- Alerts: ndvi_drop / ndvi_threshold
-- Scouting: geotagged notes, optional photo
-- Sharing: read-only field health report via share links
+## Feature Overview
+- **Auth**: Google OAuth via NextAuth → JWT bridge (`/api/auth/token`)
+- **Orgs & RBAC**: owner/admin/member/viewer with audit logging
+- **Farms & Fields**: draw/upload GeoJSON/KML, area calc, soft delete
+- **Vegetation Monitoring**: NDVI, EVI, SAVI (configurable L factor), NDWI — STAC search → COG → TiTiler tiles → time-series stats
+- **Per-Index Alerts**: configurable threshold and drop-percentage rules for each index
+- **Scouting**: geotagged observations with optional photo upload
+- **Sharing**: read-only field health reports via share links with multi-index toggle
+- **Changelog**: in-app changelog page with version history
 
 ## Quality & CI
 - GitHub Actions: lint + type-check (`.github/workflows/ci.yml`)

ROADMAP.md

@@ -1,16 +1,14 @@
 # Roadmap
 
-> Last updated: February 2026
+> Last updated: March 2026
 
 This document outlines where OpenFarm is today and where it's headed. If you'd like to contribute to any of these areas, check the [Contributing Guide](CONTRIBUTING.md) and look for issues labeled [`help wanted`](https://github.com/superzero11/OpenFarm/labels/help%20wanted) or [`good first issue`](https://github.com/superzero11/OpenFarm/labels/good%20first%20issue).
 
 ---
 
 ## Current Status
 
-OpenFarm **Phase 1 MVP is complete**. The platform delivers end-to-end satellite-powered crop intelligence: auth, org management, farm/field CRUD, NDVI monitoring pipeline, alerts, scouting observations, shareable field health reports, and production-grade security hardening — all functional and deployed.
-
-**179 of 182 tasks complete (98%).** The only remaining items are automated testing (API, frontend, E2E).
+OpenFarm **Phase 2 (Multi-Index) is complete**. The platform delivers end-to-end satellite-powered crop intelligence with four vegetation indices (NDVI, EVI, SAVI, NDWI), auth, org management, farm/field CRUD, configurable monitoring pipelines, per-index alerts, scouting observations, shareable field health reports, and production-grade security hardening — all functional and deployed. The focus now shifts to testing, documentation, and expanding the platform with new data sources and intelligence capabilities. See [Future Ideas](#future-ideas-post-mvp) for what's next.
 
 ---
 
@@ -57,19 +55,49 @@ OpenFarm **Phase 1 MVP is complete**. The platform delivers end-to-end satellite
 
 ## Milestone 4 — Polish, Security & QA ✅
 
-- [x] Viewer role enforcement — write endpoints restricted to member+ across all routers
-- [x] Rate limiting (slowapi) — 120 req/min default, tighter limits on jobs and uploads, Redis-backed
+- [x] Viewer role enforcement across all routers
+- [x] Rate limiting (slowapi) — Redis-backed, per-endpoint limits
 - [x] Pagination consistency — all list endpoints use `PaginatedResponse` envelope
 - [x] Audit log UI in settings page — event icons, search, pagination
 - [x] Frontend structured logging (pino)
 - [x] Celery worker health check in Docker Compose
 - [x] Backup script (`deploy/backup.sh`) — automated daily pg_dump, 7-day retention
-- [x] MinIO bucket versioning documentation
-- [x] WAL archiving / PITR documentation
+- [x] MinIO bucket versioning + WAL archiving/PITR documentation
 - [ ] API unit/integration tests
 - [ ] Frontend component tests
 - [ ] E2E acceptance tests
 
+## Milestone 5 — Multi-Index Vegetation Analysis ✅
+
+- [x] Index registry (`INDEX_REGISTRY`) — pluggable formula, bands, colormap, rescale, alert defaults
+- [x] EVI pipeline: `2.5 × (B08−B04) / (B08 + 6×B04 − 7.5×B02 + 1)`
+- [x] SAVI pipeline: `((B08−B04)/(B08+B04+L)) × (1+L)` with configurable L factor (0–1)
+- [x] NDWI pipeline: `(B03−B08)/(B03+B08)` for water stress detection
+- [x] Per-index colormaps (rdylgn for NDVI/EVI/SAVI, rdbu for NDWI)
+- [x] Per-index alert rules with configurable thresholds and drop percentages
+- [x] Generalized job endpoint (`POST /fields/{id}/jobs/index`) + backward-compatible NDVI alias
+- [x] Index selector UI on field detail page with floating map toggle
+- [x] Multi-index job submission from single form
+- [x] Per-index chart, legend, layer list, and map overlay
+- [x] Share page with index toggle for multi-index reports
+- [x] Full i18n translations (English + Spanish) for all index UI strings
+
+## Milestone 6 — Security Hardening & Code Quality ✅
+
+- [x] Non-root containers (API + Tiler Dockerfiles)
+- [x] Upload content-type whitelist (JPEG, PNG, WebP only)
+- [x] JWT-in-tile-URL security trade-off documented in SECURITY.md
+- [x] httpx client lifecycle via FastAPI lifespan
+- [x] Missing FK indexes added (alerts, field_stats, jobs, scouting)
+- [x] Shapely geometry validation with descriptive error messages
+- [x] Atomic farm soft-delete cascade
+- [x] Pagination offset cap (100,000)
+- [x] Rate limits on invitation/member management endpoints
+- [x] Shared `wkb_to_geojson()` utility to reduce code duplication
+- [x] Index task map derived from registry (single source of truth)
+- [x] SAVI L factor stored in layer `params_json` and displayed in UI
+- [x] In-app changelog page with parsed Keep a Changelog rendering
+
 ---
 
 ## Future Ideas (Post-MVP)
@@ -81,7 +109,6 @@ These are under consideration but not yet committed. Grouped by theme and roughl
 - **Direct API integration** — stable, versioned public API with API keys for integrating OpenFarm into existing farm management software
 - **Boundary detection** — automatic field boundary detection from satellite imagery
 - **Crop detection and classification** — ML-based crop type identification from spectral data
-- **Additional vegetation indices** — EVI, SAVI, NDWI alongside NDVI
 - **Multi-satellite support** — Landsat, Planet (currently Sentinel-2 only)
 
 ### Agricultural Intelligence
@@ -94,7 +121,7 @@ These are under consideration but not yet committed. Grouped by theme and roughl
 - **Advanced analytics and reporting framework** — customizable dashboards, scheduled reports, and data export
 - **Field comparison** — side-by-side health comparison across fields
 - **Historical analytics** — season-over-season trend analysis
-- **Advanced workflows** — rule-based automation (e.g., auto-trigger NDVI on new imagery, scheduled monitoring)
+- **Advanced workflows** — rule-based automation (e.g., auto-trigger analysis on new imagery, scheduled monitoring)
 - **Webhook/notification system** — email, Slack, or SMS on alerts
 
 ### Ecosystem & Integrations

SECURITY.md

@@ -34,3 +34,24 @@ We will not pursue legal action against researchers who:
 - Engage in good faith to test and report vulnerabilities
 - Avoid privacy violations, data destruction, and service disruption
 - Provide us a reasonable time to remediate before public disclosure
+
+## Known Limitations & Mitigations
+
+### JWT in Tile URL Query Parameters
+
+MapLibre GL JS does not support `Authorization` headers on tile requests. As a
+result, tile endpoints receive the JWT via `?access_token=<token>` query
+parameter (see `apps/web/src/lib/map-auth.ts`).
+
+**Risk:** Tokens may appear in server access logs and browser history.
+
+**Mitigations in place:**
+- JWTs have a 1-hour TTL; leaked tokens expire quickly.
+- The share-link tile proxy mints its own 5-minute service JWT, so public share
+  pages never expose user tokens.
+- Caddy reverse proxy is configured not to log query strings in production.
+- Tile endpoints only serve read-only raster data; no mutation is possible.
+
+**Planned improvements:**
+- Evaluate short-lived, tile-specific tokens with a narrower scope (e.g., per
+  field, read-only) to reduce exposure if a token is logged.

apps/web/Dockerfile

@@ -3,7 +3,7 @@ FROM node:20-alpine AS base
 # Install deps
 FROM base AS deps
 WORKDIR /app
-COPY package.json ./
+COPY apps/web/package.json ./
 RUN npm install
 
 # Build
@@ -19,7 +19,9 @@ ENV NEXT_PUBLIC_TITILER_URL=$NEXT_PUBLIC_TITILER_URL
 ENV NEXT_PUBLIC_PROTOMAPS_URL=$NEXT_PUBLIC_PROTOMAPS_URL
 
 COPY --from=deps /app/node_modules ./node_modules
-COPY . .
+COPY apps/web/ .
+# Copy CHANGELOG.md into public/ so the API route can read it at runtime
+COPY CHANGELOG.md ./public/CHANGELOG.md
 RUN npm run build
 
 # Production

apps/web/messages/en.json

@@ -15,7 +15,8 @@
         "dashboard": "Dashboard",
         "farms": "Farms",
         "alerts": "Alerts",
-        "settings": "Settings"
+        "settings": "Settings",
+        "changelog": "Changelog"
     },
     "sidebar": {
         "workspaces": "Workspaces",
@@ -209,7 +210,7 @@
         "edit": "Edit",
         "delete": "Delete",
         "tabInfo": "Info",
-        "tabNdvi": "NDVI",
+        "tabNdvi": "Monitor",
         "tabAlerts": "Alerts",
         "tabScouting": "Scouting",
         "tabShare": "Share",
@@ -283,6 +284,36 @@
         "title": "NDVI",
         "fieldRange": "Field range"
     },
+    "monitoring": {
+        "indexName": {
+            "NDVI": "NDVI",
+            "EVI": "EVI",
+            "SAVI": "SAVI",
+            "NDWI": "NDWI"
+        },
+        "indexDesc": {
+            "NDVI": "Normalized Difference Vegetation Index",
+            "EVI": "Enhanced Vegetation Index",
+            "SAVI": "Soil-Adjusted Vegetation Index",
+            "NDWI": "Normalized Difference Water Index"
+        },
+        "jobStep": {
+            "computeNdvi": "Computing NDVI",
+            "computeEvi": "Computing EVI",
+            "computeSavi": "Computing SAVI",
+            "computeNdwi": "Computing NDWI"
+        },
+        "alertMessage": {
+            "ndviDrop": "NDVI dropped {pct}% below rolling average",
+            "ndviThreshold": "NDVI fell below threshold ({value})",
+            "eviDrop": "EVI dropped {pct}% below rolling average",
+            "eviThreshold": "EVI fell below threshold ({value})",
+            "saviDrop": "SAVI dropped {pct}% below rolling average",
+            "saviThreshold": "SAVI fell below threshold ({value})",
+            "ndwiDrop": "NDWI dropped {pct}% below rolling average",
+            "ndwiThreshold": "NDWI fell below threshold ({value})"
+        }
+    },
     "scoutingTab": {
         "title": "Scouting Observations",
         "addObservation": "Add Observation",
@@ -355,12 +386,14 @@
         "fieldInfo": "Field Information",
         "area": "Area",
         "cropType": "Crop Type",
+        "timeSeries": "Time Series",
         "ndviTimeSeries": "NDVI Time Series",
         "recentAlerts": "Recent Alerts",
         "recentScouting": "Recent Scouting Notes",
         "noAlerts": "No alerts",
         "noScouting": "No scouting observations",
         "noNdviData": "No NDVI data available",
+        "noIndexData": "No {index} data available",
         "linkExpired": "This share link has expired or been revoked.",
         "linkNotFound": "Share link not found.",
         "loading": "Loading report...",
@@ -371,5 +404,10 @@
         "label": "Language",
         "en": "English",
         "es": "Español"
+    },
+    "changelog": {
+        "title": "Changelog",
+        "description": "Latest updates and improvements to OpenFarm",
+        "unreleased": "Unreleased"
     }
 }