JLP Scheduler - Release notes

2.1.5 (2026-04-22)

Installer hardening: WriteClientConfig in installer_clean.iss ora aborta l'installazione con messaggio critico se client.config non può essere scritto (permessi mancanti, antivirus interference, dir non creabile, file troncato). Niente più installazioni "a metà" che risultano in "licenza invalida" a runtime. Richiede sempre Esegui come amministratore.
Pre-flight HMAC secret check a startup: App.xaml.cs verifica HmacUtil.TryGetSecret() all'avvio. Se %APPDATA%\JlpScheduler\client.config manca o è invalido, mostra un dialog chiaro in italiano ("Configurazione licenza mancante — Reinstallare come Amministratore") e termina il processo prima di tentare l'activation. Sostituisce il precedente crash criptico con "signature mismatch (possible MITM)".
Fix %LOCALAPPDATA% placeholder non espanso: il MessageBox di fallimento attivazione in LicenseActivationWindow.xaml.cs mostrava la stringa letterale %LOCALAPPDATA%\JlpScheduler\logs\ al posto del path reale. Ora usa Environment.GetFolderPath(SpecialFolder.LocalApplicationData).
Admin dashboard — hard delete licenza: nuovo bottone 🗑 Elimina nella row di /admin/licenses. Chiede di incollare la chiave completa come conferma, poi cascade-elimina License + Activations + Events, lasciando un Event di audit tombstone con LicenseKey="(deleted) JLP-XXXX", EventType=admin.delete e Details (customer, org, status pre-delete).
HmacUtil message: quando il secret non è configurato, il messaggio d'errore ora include il path esatto atteso (espanso runtime) + istruzione di reinstallare come Administrator, così un operatore può diagnosticare senza leggere il codice.

2.1.4 (2026-04-17)

HMAC X-Signature on /api/sync/ requests*: server RequestSigningFilter (lenient by default — accepts unsigned with warn for v2.1.3 compat; strict mode via JLP_REQUIRE_REQUEST_SIGNATURE=true). Client CloudSyncService.PushChangeAsync signs body bytes via shared HmacUtil (single source of truth across LicenseServerClient + CloudSyncService).
Auto-purge sync_records >90 days: hosted background service SyncRecordsPurgeService runs every 6h, retention configurable via JLP_SYNC_RECORDS_RETENTION_DAYS (min 7, default 90).
Pagination cursor on GET /api/sync/{org}: ?after=<recordId>&limit=N (limit clamped 1-1000, default 500). Response includes X-Sync-Next-Cursor header. Client GetChangesAsync auto-follows up to 20 pages.
HMAC contract regression test suite in JlpScheduler.Tests/HmacContractTests.cs — 7 xUnit tests pin secret-as-UTF8-bytes, catch any reintroduction of Convert.FromHexString shortcut (the v2.1.2 bug).

2.1.3 (2026-04-17)

Server-side enrichment of save paths: /api/sync/{org} now stores structured OperatorName, EntityType, EntityId, Description, ModifiedAtUtc columns alongside the legacy opaque payload.
GET returns JSON array matching client SyncChangeRecord schema (was {records:[...]} wrapper) — client no longer needs the synthetic-wrap fallback.
Self-suppression: callers can pass X-Machine-Fingerprint header so they don't see notifications for their own writes.
Auth header on sync calls: client now sends X-License-Key on GET (was missing) — sync notifications previously silently empty even when records existed.
AuditLogger fire-and-forget cloud push: every local audit log entry is mirrored to cloud sync best-effort, so other operators in the same Organization see the change on their next poll.
Idempotent ALTER TABLE on server boot — additive columns applied to existing SQLite DB without migration bundle.

2.0.1 (2026-04-14)

License system rewrite: unified offline (RSA 4096 signed .dat) + online activation flow.
HMAC-SHA256 verify on every server response (anti-MITM).
DPAPI LocalMachine encryption of client license profile at rest.
Cross-product sync by organization: /api/sync/{organization} GET/POST.
Admin dashboard with licenses, activations, sync, events, download management.
Rate limiting per IP: check/heartbeat 300/h, activate 10/h, issue 20/h.
GUI polish: refreshed palette, hover/focus states, rounded inputs, smooth animations.
Deprecated and removed the legacy LicenseGenerator project (replaced by JLP_LicenseIssuer.exe).
Fixed malformed appsettings.json, NotImplementedException converter, secrets moved to env vars.

1.0.0 (initial GA)

First production release.
Online activation + heartbeat against api.oleven-group.ru.
Cross-install sync per organization.
HMAC-SHA256 signed responses.