makiolaj/calendula
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Releases 7 Activity

release: v2.7.1 — privacy-respecting crash reporting #9

Open
makiolaj wants to merge 3 commits from feat/crash-report into main
pull from: feat/crash-report
merge into: makiolaj:main
Conversation 0 Commits 3 Files Changed 18 +661 -7
makiolaj commented 2026-06-18 15:18:20 +00:00
Owner
Copy Link

Adds on-device, privacy-respecting crash reporting (prod-readiness item 10; also closes item 7, issue templates).

If Calendula crashes, an uncaught-exception handler persists an allowlist-only report (app/Android/device version, locale, time, stack trace — no personal data or calendar content, never logcat) and offers, on next launch, to submit it as a Gitea issue. Nothing is uploaded automatically — the app has no INTERNET permission; the user reviews the full report and submits it by hand (clipboard + prefilled issues/new). A startup crash-loop routes to a minimal standalone CrashReportActivity kept clear of the Hilt graph.

Also audits our own throw sites so event/calendar content can't reach an exception message in the stack trace.

Verified on-device (Pixel 10) via am crash: single-crash dialog, dismiss/re-prompt, Report → prefilled Gitea issue, and the crash-loop route. Unit test guards the report against PII creep. Bumps committed version to 2.7.1 (20701); CI derives the published version from the tag.

🤖 Generated with Claude Code

Adds on-device, privacy-respecting crash reporting (prod-readiness item 10; also closes item 7, issue templates). If Calendula crashes, an uncaught-exception handler persists an allowlist-only report (app/Android/device version, locale, time, stack trace — no personal data or calendar content, never logcat) and offers, on next launch, to submit it as a Gitea issue. Nothing is uploaded automatically — the app has no INTERNET permission; the user reviews the full report and submits it by hand (clipboard + prefilled issues/new). A startup crash-loop routes to a minimal standalone CrashReportActivity kept clear of the Hilt graph. Also audits our own throw sites so event/calendar content can't reach an exception message in the stack trace. Verified on-device (Pixel 10) via `am crash`: single-crash dialog, dismiss/re-prompt, Report → prefilled Gitea issue, and the crash-loop route. Unit test guards the report against PII creep. Bumps committed version to 2.7.1 (20701); CI derives the published version from the tag. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
makiolaj added 3 commits 2026-06-18 15:18:21 +00:00
feat(crash): privacy-respecting crash reporting via Gitea issue 701077f25b 
Capture uncaught exceptions on-device and let the user submit them, by
hand, as a Gitea issue — no network access, no auto-upload (the app holds
no INTERNET permission). Closes prod-readiness item 10; the issue
templates also close item 7.

- CrashReporter: uncaught-exception handler installed first in
  CalendulaApp.onCreate so startup crashes are caught too. Persists an
  allowlist-only report (app/Android/device version, locale, time, stack
  trace — nothing else) to filesDir/crash, then chains to the previous
  handler so the process still dies normally. Crash-loop detection +
  markHealthy reset.
- buildCrashReport is pure/testable; CrashReportBuilderTest asserts the
  header is exactly the allowlisted lines (guards against PII creep).
- Surfacing: next-launch dialog showing the full report verbatim (the
  privacy backstop) with a dismissed-marker so it doesn't nag; a Settings
  "Report a problem" row; and a minimal standalone CrashReportActivity
  that MainActivity routes to on a startup crash-loop, kept clear of the
  Hilt graph / DataStore theme.
- submitCrashReport copies the report to the clipboard and opens the
  prefilled Gitea issues/new URL (long traces fall back to paste).
- .gitea/ISSUE_TEMPLATE: crash_report, bug_report, feature_request.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
fix(crash): keep event/calendar content out of exception messages 2431abe912 
Audit of our own throw sites, since exception messages land verbatim in
the stack trace a crash report carries. Redacts the three that could hold
user content; the rest only carry numeric ids/timestamps (metadata, kept
for debugging):

- create-local-calendar: drop the user-typed calendar name.
- toContentValues unsupported-type: log the value's type, never the value
  (a cell can be an event title/description/location).
- ics export open-failure: log only the Uri scheme, not the full Uri
  (which can embed the user's chosen filename).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
release: prepare v2.7.1 — privacy-respecting crash reporting
All checks were successful
CI / ci (push) Successful in 5m16s
Details
5ab3344f8c 
Bump committed versionCode/versionName to 2.7.1 (20701) and move the
crash-reporting entry under a 2.7.1 CHANGELOG heading. The tag remains the
source of truth; CI derives the published version from it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
All checks were successful
CI / ci (push) Successful in 5m16s
Required
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/crash-report:feat/crash-report
git checkout feat/crash-report
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate-bot weblate-bot makiolaj
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: makiolaj/calendula#9
Delete Branch "feat/crash-report"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?