v1.34.02026-07-14
River gauges and live flood status
- New gauges API: live water levels from about 900 river gauges across all states, polled from each state's own telemetry (WaterNSW, Victorian WMIS, Queensland water monitoring, Water Data SA) plus the Bureau's Water Data Online for WA.
- Each gauge carries the Bureau of Meteorology flood classification levels for that site, with a derived floodClass (below_minor, minor, moderate, major) computed from the latest reading. GET /gauges lists stations with filters for state, LGA, bounding box, and floodClass at-or-above.
- GET /gauges/summary answers "which gauges are at or above a flood level right now", grouped by state or local government area. Stale readings are counted separately and never enter the current flood counts.
- GET /gauges/{id} returns one station with its trailing six hours of readings on every plan. GET /gauges/{id}/readings is the paid history surface: raw for 30 days, hourly rollups for 90 days, daily forever, with full-resolution readings inside flood events kept permanently. interval=auto picks the finest available granularity; above=minor|moderate|major filters to threshold exceedances.
- The live map has a River gauges layer: stations coloured by flood class with latest level and thresholds in the popup.
- New /flood page with the live national picture, plus guides on the gauges API and understanding flood classifications.
- New feed: Queensland EMQ storm, flood, and cyclone warnings (CAP-AU).
- CAP warning feeds now derive a warning level from CAP severity when the source omits an explicit alert level, and carry the warning expiry in details.expires. Victorian warning features now report their real warning level (previously showed none).
v1.33.02026-07-13
Suburb narrowing and exact point lookup for declarations
- The declarations postcode lookup accepts an optional suburb parameter (ABS SAL geography) that narrows the result to the local government areas the suburb falls in. An unmatched suburb never fails the lookup: the full postcode result is returned with the postcode's known suburbs.
- New POST /declarations/point resolves an exact lat/lng against full-resolution ABS LGA 2022 boundary polygons and returns the declaration status of the containing local government area. Coordinates are never logged, stored, or echoed back, and responses are not cached.
- The /declarations lookup page accepts an optional suburb to narrow split-postcode results.
- Rate-limited (429) responses now correctly say monthly limit.
v1.32.02026-07-09
Business and Pro plans
- Two new self-serve plans: Business at A$99/month (750,000 requests/month) and Pro at A$299/month (2,000,000 requests/month, full historical archive with unlimited lookback). Annual billing at 25% off for both.
- Existing plans and the free tier are unchanged. Upgrade from the pricing page or the billing portal.
v1.31.02026-07-08
WA boundary polygons and a featureType filter
- WA DFES incident areas and warning areas are now available as boundary polygons on the map and API, with total fire ban zones appearing during the WA fire season.
- New featureType parameter on /incidents. The default response stays point incidents only, so boundary polygons never inflate your results or counts; request them with ?featureType=warning_area (or incident_area, fire_ban_area).
- New fire_ban event type for total fire ban zones, distinct from bushfire.
v1.30.02026-07-07
Wider SA and WA incident coverage
- SA aerial firefighting and water-bomber dispatches now surface as incidents on the map and API (agency BOMBER-PAGER), during fire season.
- WA DFES incidents now come from the DFES SLIP feed with real point geometry, replacing an approximate fallback location for incidents that were missing coordinates.
v1.29.02026-07-04
Security and reliability hardening
- API keys can now be restricted to specific website origins from your dashboard. A restricted key used from another site in a browser is rejected with 403; server-side requests, which send no Origin, are never blocked. Keys are unrestricted by default.
- Account pages (dashboard, login, settings) now serve a nonce-based Content-Security-Policy with strict-dynamic and no inline-script allowance, tightening the pages where your session and API keys live. Public pages are unchanged.
- SA pager feeds now fail loud and alert on an upstream format change, instead of silently publishing incidents pinned to the state centroid.
v1.28.22026-07-03
Ingestion reliability hardening
- Fixed scheduler races where a hot config reload could resurrect a removed feed or keep polling a stale config until restart.
- Container health checks on the ingestion services are now heartbeat based: a wedged poller is detected within minutes and restarted automatically, instead of reporting healthy while stuck.
- Each ingestion service now authenticates with its own dedicated, individually revocable database key.
- Expanded behavioural test coverage over the poller scheduling core; a CI test gate now runs the full suite on every change.
v1.28.12026-07-02
Map layers and rate limit headers
- The /map page has a layer toggle panel: show or hide incident markers, warning areas, and a new opt-in satellite hotspot overlay (DEA hotspots, off by default).
- Rate-limited (429) responses now include RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset and Retry-After headers on every data endpoint, so clients know exactly when to retry.
v1.27.02026-06-27
Map locates you
- The /map page auto-centers on your location on load (with a locate button and live tracking), so you land on the incidents near you. Falls back to the Australia overview if location is unavailable or denied.
v1.26.02026-06-26
Live map rebuilt on MapLibre GL
- The /map page is rebuilt on MapLibre GL with a premium dark vector basemap (self-hosted Protomaps). Smooth GPU rendering with the same incident markers, warning-area polygons, category/type/state filters, and 30-second live refresh, on a layered architecture ready for future overlays.
v1.25.12026-06-26
Consistent category filtering
- /incidents/history now filters the category parameter against the stored event_category column, matching /incidents and /incidents/nearby. category=fire returns only fire types and excludes planned burns; filter category=planned for burn_off.
v1.25.02026-06-24
Per-endpoint request and response examples
- The /docs reference and /docs.md now show a ready-to-run example request (curl) for every endpoint, plus an example response where the spec defines one. Same content in the HTML reference and the markdown companion.
v1.24.02026-06-24
Server-rendered docs + machine-readable companions
- The /docs API reference is now server-rendered HTML (every endpoint, parameter, and response field, including the per-incident details object), so search crawlers and AI agents can read it, not just the browser. The interactive Scalar playground is still one click away.
- New machine-readable companions for agents and crawlers: /docs.md (markdown reference), a .md version of every guide, /llms.txt (the curated index per the llmstxt.org standard), and /llms-full.txt (the reference and guides in one file).
v1.23.02026-06-24
Per-feed incident details documented
- New guide at /guides/incident-details-fields documents the agency-specific details object for every feed: the extra fields (responding resources, decoded units, alarm and priority labels, official source links, dispatch IDs, fire size, and more), their types and meanings. The OpenAPI details schema now links to it.
v1.22.02026-06-24
Per-account monthly limit overrides
- Accounts can carry a custom monthly request limit that takes precedence over the tier and grandfather limits, used for special and founding customers. The dashboard shows the effective limit and a founding-customer badge where set.
v1.21.02026-06-23
Annual billing for Starter and Developer
- Annual plans for Starter and Developer at 25% off: A$81/year and A$261/year. Monthly request limits are unchanged.
- The pricing page now has a monthly/yearly toggle; checkout accepts a billing interval.
v1.20.02026-06-23
API usage limits are now monthly, not daily
- Usage limits changed from daily caps to monthly quotas. Free is now 5,000 requests/month, Starter 50,000/month, Developer 150,000/month, Enterprise custom. The quota resets on the 1st of each month (UTC).
- Accounts created before this release are grandfathered as founding members and keep their prior allowance (15,000 requests/month) indefinitely. Sponsored accounts are unchanged.
- The RateLimit-* response headers and the dashboard now report the monthly limit and the month-to-date total.
v1.19.22026-06-23
Declaration source links now resolve to the disaster page
- The official source link on each declaration record now resolves to the DisasterAssist page for that disaster, matched by AGRN. Previously NSW records linked to a raw data endpoint that returned JSON, and NEMA records all shared one generic dataset page. Applies to the /declarations lookup and the postcode, list, and AGRN API endpoints.
v1.19.12026-06-23
Dashboard Quick Test accepts your API key
- The dashboard Quick Test now has an API key field, so testing data endpoints works for returning users, not only right after creating a key. It is pre-filled when you create a key and paste-able otherwise. Data endpoints require a key; /v1/status does not.
v1.19.02026-06-23
Disaster declarations on the website: a public status lookup, use-case page, and guide
- New /declarations page: a free, server-rendered lookup that returns the disaster-declaration STATUS for an Australian postcode, with per-LGA detail and official source links. It is rate-limited, and reports declared-area status only, never eligibility.
- New /use-cases/disaster-declarations and /guides/australian-disaster-declarations explain the capability and how Australian declarations work (state declaration vs Commonwealth DRFA funding activation).
- The declarations API itself is unchanged and remains an enterprise capability gated by an account entitlement. The public lookup is a rate-limited demo, not a public JSON endpoint.
v1.18.02026-06-20
Decisive declaration status (activation_only) + enterprise access control
- The /api/v1/declarations/postcode/{postcode} response gains a new matchStatus value, activation_only: an Australian Government disaster funding activation (DRFA) is in force for the area but no qualifying state declaration was found. Cases that previously returned uncertain because funding was the only signal now return this clearer status. NSW declared/not_declared answers are unchanged.
- Each declaration record now carries a currencyConfidence band (strong, moderate, or weak) and a plain-English basis describing how its status was derived.
- The declarations endpoints now require a declarations entitlement on the account in addition to a valid API key. Keys without it receive 403. The underlying declarations data is restricted to the service layer.
v1.17.12026-06-18
Declaration responses now self-date (asAt)
- The /api/v1/declarations/postcode/{postcode} response now returns asAt as the effective date the status was evaluated against (the requested as_at, or today in AEST when omitted), instead of null when as_at was not supplied. A retained response is now self-dating, which matters when a practitioner documents a disaster-telehealth exemption at the time of service (MBS Note AN.1.1).
v1.17.02026-06-17
Disaster declaration status by postcode
- New /api/v1/declarations/postcode/{postcode} returns the disaster-declaration STATUS for a postcode (declared, partial, not_declared, uncertain, or unknown_postcode), with per-LGA detail and official source links. Reports declared-area status only; the billing decision rests with the practitioner.
- New /api/v1/declarations lists and filters declaration records (jurisdiction, status, instrument_type, disaster_type, active_on) with keyset pagination.
- New /api/v1/declarations/agrn/{agrn} returns one disaster event by Australian Government Reference Number, merged across sources with the full affected-LGA list.
- Sourced from DisasterAssist, NEMA DRFA activation history, NSW Spatial Services declarations, and the ABS postcode-to-LGA correspondence (ASGS LGA 2022).
v1.16.02026-06-09
Standards-validated CAP-AU output
- New ?format=cap-atom on /api/v1/incidents returns a standards-valid CAP Atom feed. Each entry inlines a full CAP-AU alert; incidents retracted in the last 7 days appear as Cancel messages with references back to the original alert. Validated against the OASIS CAP 1.2 schema and the CAP-AU Profile v3.0.
- New /api/v1/incidents/[id]?format=cap-au returns a single incident as a standalone CAP-AU alert document (application/cap+xml).
- The older ?format=cap-au list output, a non-standard alerts wrapper that did not validate as CAP, is now deprecated. It is unchanged for backward compatibility and returns a Deprecation header pointing at cap-atom.
v1.15.12026-06-03
Password reset reliability fix
- Fixed password reset: a valid reset link could fail as 'expired or invalid' because a stale refresh token cleared the recovery session a moment after it was verified. The reset page now uses an isolated session for the recovery flow, and tolerates a one-time token that was already consumed by an email link-scanner.
v1.15.02026-06-03
Coordinate precision flag and historical QLD geo-backfill
- location.precision now reports how a coordinate was derived: 'exact' (authoritative point from the source feed), or 'postcode' / 'lga' (approximate centroid for backfilled historical rows). Absent when no coordinates are available.
- Backfilled approximate postcode-centroid coordinates for 938,588 historical Queensland Fire archive incidents that previously logged no location. They were served as null geometry before and now return an approximate point flagged precision=postcode.
- Null-island coordinates ([0,0], a "location not logged" placeholder in some historical imports) now return geometry: null on read instead of a fake point in the ocean off Africa. Consumers should expect geometry to be null on some historical incidents.
- Signup now returns a clear message when a password is too weak or appears in a known data breach, instead of a generic failure, and the form shows the password requirements up front.
v1.14.22026-06-02
Security and contact hardening
- Hardened the Content-Security-Policy: added object-src 'none', base-uri 'self', form-action 'self', and upgrade-insecure-requests to both response-header blocks.
- Consolidated all site contact addresses to jack@seysolutions.com.au.
v1.14.12026-06-02
Reliability and security pages
- New /sla page: reliability targets, self-healing infrastructure, support response by tier.
- Rewrote /security as a self-assessment. Mozilla HTTP Observatory grade B+.
- Added an hourly feed-health snapshot for measured uptime reporting.
v1.14.02026-06-01
Historical snapshots
- /incidents/snapshot reconstructs point-in-time state from the historical archive for dates before 2026-04-08. Paid tiers, lookback gated by tier, state filter required.
- Archive snapshots expose EM-DAT fields (event dates, magnitude, impact) under properties.archive, plus meta.source (live or archive).
- Dense-period archive queries that exceed the timeout now return a 400 with guidance instead of a 500.
v1.13.42026-06-01
Quoll Brand Identity and Snapshot Fix
- New quoll brand mark across the site, including the header logo and a redesigned favicon. The old favicon was too small to appear in Google search results, which showed a generic globe instead. The new icon is built at the correct sizes so it shows up properly.
- Linked the web app manifest and moved to the standard Next.js icon layout, so browsers and search engines can discover the full icon set.
- Restored the apple touch icon at its default path so iOS stops falling back to an old cached icon when saving the site to the home screen.
- Fixed the snapshot endpoint ignoring the state filter when it was uppercase. A call with state=NSW now matches the same as state=nsw.
v1.13.32026-05-31
Nearby Endpoint Retraction Consistency
- The nearby endpoint now hides retracted incidents by default, matching the main incidents endpoint. Previously it returned retracted incidents that the rest of the API hides, so the two endpoints could disagree for the same area. Pass include_retracted=true to include them.
- Documented the status and include_retracted filters on the nearby endpoint, which were supported but missing from the API reference.
v1.13.22026-05-30
Homepage Counter and ACT Data Quality
- Homepage now reflects the full historical archive of 5.5 million plus incidents, combining live and archived records. Previously it showed only the recent slice.
- ACT incidents no longer carry a fabricated Minor severity. They now report Unknown when the source feed provides none, with urgency inferred from incident status.
v1.13.12026-05-29
Performance Overhaul, Security Hardening, Audit Fixes
- Bounding box filter now uses PostGIS spatial index instead of in-memory filtering. Previously fetched 1,000 rows and passed all polygons through regardless of location.
- Nearby endpoint uses PostGIS ST_DWithin with GiST index. Previously loaded all incidents into memory for Haversine calculation (3.4s down to 1.8s).
- Historical data endpoint no longer times out on broad queries. Composite indexes on archive_records reduced query time from 5.9 seconds to 3 milliseconds.
- ETag conditional requests now work correctly. Repeated requests for unchanged data return 304 Not Modified, saving bandwidth.
- Events endpoints now return rate limit headers, ETag, and plan tier (previously plain JSON with no standard headers).
- Supabase admin client now fails fast on missing service key instead of silently degrading to anon permissions.
- WA DFES parser correctly reports centroid confidence when using Perth fallback coordinates.
- Snapshot endpoint returns proper 500 for internal errors instead of masking as 400.
- Sensitive credentials removed from committed agent files.
v1.13.02026-05-28
Tree Down Event Type and Hazard Category
- New tree_down event type for fallen tree incidents. Previously classified as storm or other regardless of cause.
- New hazard category groups physical hazard incidents that are not weather-dependent. Filter with ?category=hazard.
- Improved event type matching catches SA SES-PAGER variants where address text was causing misclassification.
- ACT "Storm or Tree Damage" incidents now correctly classified as tree_down instead of other.
- Backfilled 81,000+ historical records across incidents, incidents_history, and archive_records tables.
v1.12.32026-05-28
Schema Discovery, OpenAPI Completeness, Filter Fixes
- New /api/v1/schema endpoint returns all valid enum values (event types, categories, states, warning levels, etc.) with category-to-type mapping. No auth required.
- OpenAPI spec now documents all filter parameters: category, urgency, certainty were previously undocumented
- Added burn_off and alarm to the eventType enum (were supported but not documented)
- Added eventCategory enum to the response schema with full category list
- Fixed category filter on /incidents/nearby (was silently ignored)
- Added category, severity, urgency, certainty, warningLevel, status, and agency filters to /incidents/history
v1.12.22026-05-27
Historical Data Endpoint, Source Identifiers, Tier Improvements
- New /v1/incidents/history endpoint: access 4.8M+ historical incident records spanning 1840 to 2026 across all Australian states and territories
- Historical data is tier-gated: Starter gets 1 year lookback, Developer gets 5 years, Enterprise gets the full archive
- WA DFES incidents now include CAD dispatch ID, upstream record ID, and deep link URL to Emergency WA website in the details object
- Source ID mapper infrastructure added so future feeds can expose agency identifiers via YAML config
- New API keys now inherit the tier from the user profile instead of defaulting to free
- New /about page with business details, Supply Nation registration, and contact information
v1.12.02026-05-22
Event Categories, Severity Inference, Lifecycle Model, SAAS Notes
- Event category filter on /incidents and /map pages with cascade logic (selecting Fire narrows Type dropdown to bushfire, structure fire, etc.)
- Map legend grouped by category with live counts
- Shared categories module centralises event colours, labels, and formatting across all pages
- Severity/urgency inference chain resolves Unknown values using warning level, resource count, and incident status (severity Unknown reduced from 8.2% to 4.5%)
- Inference applied to both standard and custom-parsed feeds (7 feeds previously bypassed the logic)
- Event category API filter (?category=fire) and event_category column on incidents table (migration 027)
- SAAS operational notes decoder extracts safety flags, police co-response markers, time constraints, and priority overrides from raw pager addresses
- Incident lifecycle model captures state transitions (status, warning level, severity, urgency, resource count) before each poll cycle overwrites the active row
- is_latest flag on incidents_history enables clean single-row-per-incident queries across the 728K+ row archive
v1.11.12026-05-17
SA Geocoding Overhaul, Event Type Fixes, New Guides
- SA geocoding: 196,566 centroid incidents resolved to street or grid-cell level (98% resolved). UBD bounding boxes recalibrated from 30 physical map pages using Redfearn's formulae
- SA Atlas town maps: 11 regional town maps calibrated (Mount Gambier, Whyalla, Angaston, Ardrossan, Balaklava) with 250m grid-cell accuracy for 233 incidents
- SA pager parser fixes: grid refs were being silently discarded for 3-digit page numbers, extractGridRef now searches anywhere in the address string, grid ref takes priority over suburb-level Nominatim
- Regional town fallback: 55 SA town codes resolve to town centroid when no grid-cell data is available
- New alarm event type for fire alarm activations (previously classified as other)
- Domestic gas incidents now correctly classified as hazmat
- SAAS ambulance priority no longer triggers emergency warning level (P1 ambulance is urgent, not a disaster warning)
- New guides: bushfire season 2026-27 preparation, emergency management landscape, EM-DAT schema mapping
- ACT ESA suburb extraction fix (was NULL for all 201 records)
- T340 historical archive: 832K additional rows imported (Phase 3b)
v1.11.02026-04-30
6 New Feeds, Location Search, Historical Data Archive
- 6 new feeds: WA SLIP incident/warning/TFB polygon boundaries, ACT allincidents.json (120 incidents vs 32), TAS theList warning polygons, NSW RFS CAP enrichment with fire perimeters
- Feed count: 27 to 33 across all 8 states plus national sources
- Incidents page: location search with geocoding (search by suburb, filter by radius), severity/warning/agency filter dropdowns
- Incidents page: expanded detail panel now shows first reported time, urgency, certainty, and agency details (fire size, resources, aircraft)
- T340 historical archive: 3.98M rows normalised into archive_records table with EM-DAT international standard fields
- Home Assistant integration built (JackDempsey9/homeassistant-emergencyapi) with geo_location map pins, binary_sensor alert trigger, and incident count sensors
- Fixed event_id schema mismatch on incidents_history (migration 021)
- Geocode proxy at /api/geocode for Nominatim location search
v1.10.02026-04-26
Event Intelligence (D3)
- PostGIS native geometry column with GiST spatial index on incidents table
- Spatial clustering groups related incidents into events using ST_ClusterDBSCAN
- New /v1/events endpoint returns clustered events as GeoJSON with boundary polygons
- New /v1/events/:id endpoint with ?include_incidents=true for drill-down to individual incidents
- Auto-generated event titles (e.g. "Cherry Gardens bushfire") and structured summaries
- Estimated hectares calculated from event boundary polygon area
- Events table with lifecycle tracking and archival to events_history
- Poller integration with 5-minute clustering timer and dirty flag optimisation
v1.9.02026-04-24
Retraction Support, SA Pager Decoder
- Incident retraction system: when upstream feeds stop publishing an incident, it is now marked as retracted instead of silently removed
- Retracted incidents stay visible for 24 hours as tombstones so polling consumers see the retraction signal
- New query parameter ?include_retracted=true to retrieve retracted incidents
- CAP Cancel detection: upstream cancellation signals are detected and surfaced
- CAP-AU output now emits Cancel message type for retracted incidents
- SA pager messages now decode MFS unit call signs (station name + appliance type)
- SA pager messages now decode SAAS priority codes (life-threatening, urgent, routine, etc.)
- SA pager alarm levels decoded to human-readable descriptions (Advice, Watch and Act, Emergency Warning)
- AIDR Warnings Republisher compliance: 11 of 12 obligations now satisfied
v1.8.12026-04-24
Durable Rate Limiting, Security Hardening
- IP rate limiting now survives Vercel cold starts (dual-layer: in-memory + Supabase)
- Domain approval system for new signups (auto-approve major providers, manual review for custom domains)
- Auth route security hardening (redirect validation, RLS tightening, webhook idempotency)
- CAP-AU validator compliance fixes (profile code, timestamp format, language, eventCode, expires)
- Monthly emergency incidents report at /reports with auto-generated breakdowns
- Google Analytics 4 tracking integrated
- Font self-hosted (ChiCZago.woff2), loading skeletons for ISR routes, WebAPI JSON-LD schema
v1.8.02026-04-22
Interactive Map, Stripe Payments, Audit Trail
- Interactive /map page with Leaflet and OpenStreetMap, colour-coded by event type, filterable by state and category
- Emergency warning visual hierarchy with banner, larger markers, and white borders
- Polygon area rendering for fire boundaries and flood zones
- Stripe payment integration with 4 paid tiers (Developer, Team, Professional, Enterprise)
- Pricing page with Mac System 7 styled tier cards and Stripe Checkout
- Subscription management via Stripe billing portal from the dashboard
- /api/v1/incidents/snapshot endpoint for audit trail queries at any point in time
- Latitude and longitude now included in all incident API responses
- Incidents page redesigned as single rolling table with click-to-expand detail panels
- Improved severity and urgency inference from resource counts and incident status
- Burn-off event types corrected (permitted burns, fuel reduction burns, cultural burns now classified as burn_off)
- SA pager geocoding now validates coordinates land within SA state bounds
- 32x32 PNG favicon for Google search results
- CSP updated to allow OpenStreetMap tile servers
v1.7.02026-04-21
SEO Overhaul, Live Incidents Page, Use-Case Pages
- Live /incidents page showing active emergencies across all states, server-rendered with 30s ISR
- 8 per-state incident pages (/incidents/nsw through /incidents/nt) for state-specific SEO
- 4 use-case landing pages: developers, insurance, media, utilities
- Use-cases hub page with cross-linking between all use-case pages
- Dynamic OG image (1200x630) matching the retro Mac design
- Canonical URLs, per-page OpenGraph metadata, and Twitter card upgrade on all pages
- Custom 404 and error pages with navigation back to key sections
- robots.ts, font preconnect, docs iframe accessibility fix
- Switched homepage and quickstart to Next.js Link components for client-side navigation
- Homepage use-case cards now link to dedicated pages
- Satellite hotspot feed excluded from showcase page (still available via API)
- Header, footer, and homepage CTA now link to /incidents
- Sitemap expanded from 8 to 22 pages with real last-modified dates
- SEO score improved from 68/100 to 83/100
v1.6.12026-04-20
Timestamp Fix, WA SLIP Migration, Auth Repair
- Fixed timezone bug where SA and WA ArcGIS feeds returned local-time epochs treated as UTC (106 future-dated incidents resolved)
- New timezone-aware transforms: epochToISOPerth (AWST, UTC+8) and epochToISOAdelaide (ACST/ACDT, DST-aware)
- WA DFES incidents migrated from legacy API to SLIP FeatureServer with Esri token auth
- Signup email verification fixed. Client-side callback page replaces broken server-side route handler
- ACT ESA CAP feed disabled due to 79% event-type misclassification and duplication with primary ACT feed
- Per-feed Uptime Kuma monitors deployed (27 keyword monitors, 120s interval, Gmail alerts)
- PostGIS and pgvector extensions enabled on prod Supabase
- Feed count corrected to 27 active feeds
v1.6.02026-04-17
Adaptive ETL Engine, Production Cutover
- Legacy hand-coded poller retired; the Adaptive ETL Engine is now the sole prod writer
- Feed count expanded from 12 to 27 live feeds across all 8 states and territories
- New national coverage: Digital Earth Australia (GA-HOTSPOTS) satellite hotspots, 36,000+ incidents ingested
- SA now runs 7 feeds (CFS, MFS, SES, CFS-PAGER, SES-PAGER, SAAS-PAGER, BOMBER-PAGER)
- VIC expanded to 5 feeds (EMV, EMV-FIRE, EMV-FLOOD, CFA-FDR, SES)
- Multi-agency correctness: feed_status now keys on (state_code, agency) so every feed has its own row
- Homepage State Coverage + /api/v1/status now report per-feed rather than collapsing by state
- Batched upserts (500 rows/chunk) fix Postgres statement_timeout on large feeds like GA-HOTSPOTS
- Segregation-check warnings no longer block engine startup (were blocking on Alpine where `ps` is unavailable)
- YAML-driven feed configs replace bespoke per-feed code. Adding feeds is now a config change, not a code change
v1.5.02026-04-14
Expanded Data Coverage
- QLD now covers all incident types (structure fires, rescues, MVAs, hazmat) via ESCAD, not just bushfires
- TAS incidents now include real geographic coordinates (previously placeholder geometry)
- WA warnings feed added (CAP-AU format with alert polygons and circles)
- Geoscience Australia earthquake data added nationally (Australian earthquakes, magnitude 2.0+)
- Feed count increased from 10 to 12
- Poller resilience improved with Docker health checks and log rotation
- NT duplicate incident ID issue resolved
- Terms of Service agreement checkbox added to signup
- Attribution endpoint updated with all data sources including SA pager feeds and GA earthquakes
v1.4.02026-04-13
SEO and Analytics
- Open Graph and Twitter card meta tags for link previews
- XML sitemap (emergencyapi.com/sitemap.xml)
- Canonical URLs and structured metadata (19 keywords)
- Vercel Analytics for visitor tracking and page view metrics
v1.3.22026-04-13
Production Polish
- Landing page stats are now live from the database (not hardcoded)
- State coverage table pulls real-time feed status, incident counts, and last polled timestamps
- Agency labels show all agencies per state (not just primary feed)
- WA and NT event type mapping improved (25+ new types, reduced "other" count)
- Status values standardised to "healthy/degraded/down/unknown" across all code
- Better sample JSON response on landing page
v1.3.12026-04-13
Security Hardening and Next.js 16
- Full security audit: 20 findings identified, 11 fixed in code
- Removed service key from client-side bundle
- IP-based rate limiting on auth routes (login 5/min, signup 3/hr)
- Signup no longer reveals if an email is already registered
- Auth callback redirect validated against path allowlist
- Max 10 API keys per user account
- Password change now requires current password verification
- Docker container runs as non-root user
- Cursor pagination validates input format
- Feed status endpoint no longer exposes internal error details
- Upgraded from Next.js 14 to 16, React 18 to 19 (zero code changes needed)
v1.3.02026-04-12
SA Pager Feed Integration
- Integrated SA CFS/MFS and SES pager feeds from urgmsg.net RSS
- Dispatch-level data: exact addresses, units dispatched, incident details
- Automatic deduplication between government and pager feed data
- Address token matching merges pager enrichment into government incidents
v1.2.02026-04-12
Auth System and Dashboard
- Email/password signup with Supabase Auth email verification
- User dashboard with API key management (create, name, revoke)
- Live feed status panel showing all 10 feeds (8 government + 2 SA pager)
- Quick test panel to try API endpoints from the dashboard
- 7-day usage history tracking
- Settings page with profile editing and password change
- Forgot/reset password flow
- Per-user rate limiting across all API keys (500 requests/day shared)
v1.1.02026-04-12
Design System and Landing Page
- Retro Macintosh System 7 design aesthetic
- Chicago font, Mac window chrome, teal desktop background
- Design system document (DESIGN-SYSTEM.md) for consistency
- Security headers: CSP, X-Frame-Options, X-Content-Type-Options
- robots.txt and security.txt (RFC 9116)
v1.0.02026-04-10
Initial Launch
- 8 Australian state feeds: QLD, NSW, VIC, SA, WA, ACT, TAS, NT
- 6 API endpoints: incidents, incidents/:id, incidents/nearby, states, status, attribution
- GeoJSON FeatureCollection responses aligned with CAP-AU standards
- Cursor-based pagination, bbox filtering, geo-radius search
- Poller deployed on Raspberry Pi 4B with Docker
- Resilience: cockatiel retry/circuit breaker, email alerting, stale detection
- API deployed on Vercel at emergencyapi.com
- 212+ tests passing
v0.1.02026-04-07
Project Kickoff
- Monorepo scaffolded with pnpm workspaces
- Database schema designed and deployed to Supabase
- Unified incident type definitions aligned with CAP-AU and GeoJSON RFC 7946
- First two feed parsers: QLD QFD and ACT ESA
- Research completed: competition, legal, technical feasibility, pricing, demand