Extract EXIF auto-orientation logic into a shared auto-orient module
used by both single-tool and batch routes. This ensures camera photos
display correctly after processing regardless of entry point.
Also expands e2e and integration tests significantly.
- Remove @fastify/swagger and @fastify/swagger-ui (API docs live on GitHub Pages)
- Run typecheck, build, and docker CI jobs in parallel instead of sequentially
Samsung Galaxy phones (and others) can have GPS EXIF tags with null
coordinate values when location is disabled. The server returned
_latitude: null, and the client guard used !== undefined which passed
for null, causing null.toFixed() to crash React with no ErrorBoundary.
- Server: validate GPS array values are actual numbers before computing
- Client: use != null guard (catches both null and undefined)
- App: add ErrorBoundary to prevent white screens from any future crash
Integrates feature/multi-image-ux branch with 20 commits including:
- Multi-image viewer with arrow navigation and filmstrip thumbnails
- Batch processing across all tool settings components
- File store rewrite with FileEntry model for multi-image support
- Resize settings redesigned with tab-based UI (presets, custom, scale)
- Side-by-side comparison for resize results
- Per-file metadata caching in strip-metadata
- Client-side ZIP extraction via fflate
- SSE progress correlation via clientJobId
Consolidate all access to localhost:1349 — Vite dev server serves on 1349
and proxies API calls to an internal dev port (13490). Production API
defaults to 1349. Also includes strip-metadata improvements, UI component
updates, and compress operation fixes.
# [0.3.0](https://github.com/siddharthksah/Stirling-Image/compare/v0.2.1...v0.3.0) (2026-03-23)
### Bug Fixes
* add SSE progress endpoint to public paths ([b3f590c](b3f590c8b3))
* apply continuous progress bar to erase-object and OCR ([8db84a7](8db84a753c))
* continuous progress bar (no 100%→0% reset) ([28cd950](28cd950ede))
* setError(null) was overriding setProcessing(true) ([b5cc452](b5cc452077))
### Features
* **ai:** add emit_progress() calls to all Python AI scripts ([7238429](723842988b))
* **ai:** add onProgress callback to all AI wrapper functions ([acb230c](acb230cc98))
* **ai:** rewrite bridge.ts to stream stderr progress via spawn ([7d74ddd](7d74ddd3a6))
* **api:** add SingleFileProgress type and SSE update function ([7eddac5](7eddac5119))
* **api:** wire AI route handlers to SSE progress via clientJobId ([27600a4](27600a4318))
* replace model dropdown with intuitive subject/quality selector in remove-bg ([9aa0371](9aa0371a14))
* **web:** add ProgressCard component ([01d5d66](01d5d66466))
* **web:** add ProgressCard to non-AI tool settings (Group A) ([5c64b30](5c64b306ea))
* **web:** migrate AI tool settings to ProgressCard ([dbd3bf7](dbd3bf737e))
* **web:** rewrite useToolProcessor with XHR upload progress and SSE ([60945fd](60945fd3b3))
The /api/v1/jobs/ endpoint was blocked by auth middleware.
EventSource doesn't support custom headers so auth tokens can't be
sent. The jobId is a random UUID (unguessable capability token), same
security model as the download endpoint.
Extract clientJobId from multipart form data in all 5 AI route handlers
(remove-background, upscale, blur-faces, erase-object, ocr) and forward
progress callbacks to the SSE system via updateSingleFileProgress.
- Set up semantic-release with zero-touch CI pipeline on push to main
- Add version sync script to keep all package.json files and APP_VERSION
constant in sync automatically
- Consolidate Docker publishing into single tag-triggered workflow that
pushes to both Docker Hub and ghcr.io with semver tags
- Add help dialog with keyboard shortcuts, getting started guide, and
resource links
- Sync all versions to 0.2.1 to match Docker Hub latest
- Add user management endpoints (register, list, delete, change password)
- Add API key management (create, list, delete)
- Add settings persistence endpoints (get, put)
- Wire settings dialog to real backend (People, API Keys, System, Security)
- Fix login auth flow (window.location.href for full reload)
- Fix download URLs returning 401 (make public since UUIDs are unguessable)
- Fix border tool shadowColor validation (accept 6-8 hex digits)
- Fix remove-bg alpha matting fallback (retry without on failure)
- Fix AI tool silent fallbacks (report errors instead of no-ops)
- Add checkerboard background to before/after slider for transparency
- Add progress bars to all AI tool components
- Add Playwright E2E test suite (131 tests across 9 test files)
- Rewrite Dockerfile for production (tsx runtime, pre-baked AI models)
- Add .dockerignore for faster builds
- Add proper accessible labels to login form
1. Home page file drop now shows quick-action tool selector
2. Auth disabled by default in dev (Docker still defaults to true)
3. Tool settings wrapped in forms - Enter key triggers processing
Add pipelines table to SQLite schema with Drizzle migration.
Implement POST /api/v1/pipeline/execute (sequential multi-tool processing),
POST /api/v1/pipeline/save, GET /api/v1/pipeline/list,
DELETE /api/v1/pipeline/:id. Pipeline execution validates all tool IDs
and settings before processing, chains output of each step as input
to the next.
- Add replace-color tool with pixel-level color replacement and tolerance
- Register all 19 new Phase 3 tools in routes/tools/index.ts
- Map all new tool IDs to settings components in tool-page.tsx
- Add PDF, ZIP, ICO, JSON content types to download route
- Install qrcode, jsqr, potrace, pdfkit dependencies
Add 6 tools for format conversion and optimization extras:
- svg-to-raster: SVG to PNG/JPG/WebP at custom resolution
- vectorize: raster to SVG via potrace (B&W and color modes)
- gif-tools: animated GIF resize, frame extraction, optimization
- bulk-rename: pattern-based file renaming with ZIP output
- favicon: generate all favicon/app icon sizes with manifest.json
- image-to-pdf: combine images into PDF using pdfkit
Add 3 layout and composition tools with API routes and frontend settings:
- collage: multi-image grid layout with configurable gap and background
- split: image grid splitting with ZIP output (reuses archiver pattern)
- border: borders, rounded corners via SVG mask, padding, and shadows
Add 4 watermark/overlay tools with API routes and frontend settings:
- watermark-text: SVG text overlay with tiling, position, opacity, rotation
- watermark-image: logo/image watermark with position, opacity, scale
- text-overlay: styled text on images with shadow and background box
- compose: layer images with position, opacity, and blend modes
Backend: POST /api/v1/tools/:toolId/batch accepts multiple files +
settings, processes via p-queue with CONCURRENT_JOBS concurrency limit,
streams ZIP response using archiver. Tool registry in tool-factory
enables batch to reuse any registered tool's process function. SSE
endpoint at GET /api/v1/jobs/:jobId/progress provides real-time updates.
Handles partial failures gracefully, preserves filenames, deduplicates
collisions. Frontend: use-batch-processor hook handles upload, SSE
progress tracking, and automatic ZIP download.
Seven tool route files using the createToolRoute factory, registering 10 API
endpoints total (color adjustments covers 4 tool IDs). Also fixes the tool
factory generic to properly infer Zod output types and clamps the compress
binary-search quality to 1-100.
- createToolRoute<T> factory: handles multipart parsing, file validation,
Zod settings validation, workspace management, and error handling
- Each tool only needs to provide toolId, settingsSchema, and process function
- Registers POST /api/v1/tools/:toolId routes automatically
- Tool registry stub at routes/tools/index.ts ready for tool implementations
- Catches Sharp errors and returns clean API error envelopes (422)
- Register @fastify/multipart plugin with size limits from env config
- Workspace manager: createWorkspace, getWorkspacePath, cleanupWorkspace
- File validation: magic byte detection, format check, megapixel limit
- POST /api/v1/upload: multipart upload with validation, returns jobId + file metadata
- GET /api/v1/download/:jobId/:filename: serve files with Content-Disposition
- Path traversal guards on all file-serving endpoints
- Add @stirling-image/image-engine and sharp as API dependencies
- Add apiUpload, getDownloadUrl, apiDownloadBlob to web client
Implement custom auth using crypto.scrypt password hashing and UUID
session tokens. Includes login/logout/session endpoints, preHandler
middleware that skips public routes, and automatic default admin
creation on first startup.
