1. PII in git: Removed 324MB AI/ directory (1012 files of user workout
data) from git history via git-filter-repo. Added AI/ to .gitignore.
2. Python 3.9 EOL: Upgraded Dockerfile from python:3.9.13 to
python:3.12-slim. Added build-essential and libpq-dev for C
extension compilation. Changed netcat to netcat-openbsd (slim compat).
3. Stale dependencies: Updated all packages from 2023 pins to latest
compatible versions. Django 4.2→5.2 LTS, celery 5.3→5.4+,
gunicorn 20→23+, redis 4.6→5.0+, DRF 3.14→3.15+, whitenoise 6.4→6.7+,
debug-toolbar 4.1→4.4+. Switched to >= ranges with upper bounds on
major versions for celery, kombu, redis, and Django.
4. Retry loop cap: Reduced FINAL_CONFORMANCE_MAX_RETRIES from 4 to 2,
capping worst-case recursive calls from 15 (3×5) to 9 (3×3).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
AI/ contains 324MB of user workout data exports with personal information.
Added to .gitignore to prevent re-addition. History scrub follows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Additional fixes from parallel hardening streams:
- exercise/serializers: remove unused WorkoutEquipment import, add prefetch docs
- generator/serializers: N+1 fix in GeneratedWorkoutDetailSerializer (inline workout dict, prefetch-aware supersets)
- generator/services/plan_builder: eliminate redundant .save() after .create() via single create_kwargs dict
- generator/services/workout_generator: proper type-match validation for HIIT/cardio/core/flexibility; fix diversify type count to account for removed entry
- generator/views: request-level caching for get_registered_user helper; prefetch chain for accept_workout
- superset/serializers: guard against dangling FK in SupersetExerciseSerializer
- workout/helpers: use prefetched data instead of re-querying per superset
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Next.js rewrites to proxy API calls through same origin (fixes login/media on werkout.treytartt.com)
- Fix mediaUrl() in DayCard and ExerciseRow to use relative paths in production
- Add proxyTimeout for long-running workout generation endpoints
- Add CSRF trusted origin for treytartt.com
- Split docker-compose into production (Unraid) and dev configs
- Show display_name and descriptions on workout type cards
- Generator: rules engine improvements, movement enforcement, exercise selector updates
- Add new test files for rules drift, workout research generation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add rules_engine.py with quantitative rules for all 8 workout types
- Add quality gate retry loop in generate_single_workout()
- Expand calibrate_structure_rules to all 120 combinations (8 types × 5 goals × 3 sections)
- Wire WeeklySplitPattern DB records into _pick_weekly_split()
- Enforce movement patterns from WorkoutStructureRule in exercise selection
- Add straight-set strength support (single main lift, 4-6 rounds)
- Add modality consistency check for duration-dominant workout types
- Add InjuryStep component to onboarding and preferences
- Add sibling exercise exclusion in regenerate and preview_day endpoints
- Display generator warnings on dashboard
- Expand fix_rep_durations, fix_exercise_flags, fix_movement_pattern_typo
- Add audit_exercise_data and check_rules_drift management commands
- Add Next.js frontend with dashboard, onboarding, preferences, history pages
- Add generator app with ML-powered workout generation pipeline
- 96 new tests across 7 test modules
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
