terraincognita

Spanish released

Yes, will add soon. Thank you!

CSP is released.

I agree with you, therefore I also need contributors for that. It is difficult to run this on my own, as I have basic in coding, but not a tester, so I have to use agentic workflow to check after it was generated, so it is not just like hiding sh*t.

Thank you, I opened Discussions for that, fell free to communicate.

Thanks, this is really useful feedback.

The reminder part is already on the roadmap, and I’ve now added two more issues based on your note about irregular cycles:

• #17 Add irregularity factor tags for cycle tracking
• #18 Use recorded cycle factors to improve prediction context

The direction I’d want for Ovumcy is less “the app predicts the why” and more:

• users can log things like stress, illness, travel, sleep disruption, etc.
• the app can use that to give better context and reliability hints for irregular cycles
• without pretending to make hard medical claims

The anonymous scrubbed-submission idea is interesting too, but I’d treat that as much later, because it changes the privacy/trust model a lot.

Happy to keep talking about it, and future PRs would definitely be welcome.

Thank you! I am aware of it, but mine is slightly diffrent approaches to the privacy, allowing to access from multiple devices.

Worth to say, that this is an ongoing development, this is not even version 1, v 0.3.1

No, we didn’t ship it without security hardening.

We already hardened the main sensitive parts:

sealed auth/recovery/reset/flash cookies no auth or recovery secrets in URLs or JSON POST + CSRF logout basic browser security headers CodeQL, gosec, Trivy, and SBOM in CI What’s still missing is a strict CSP. That’s not a one-line switch here because the current frontend still needs some refactoring first.

No-no, you run your VPS and deploy it there. So you define your storage, it can be homeVPS

I agree, though there is a difference in case you rovided and mine. It is a human-directed work. Thousands of libraries, Kubernetes, Kubernetes still live and license is valid.

Thanks for the suggestions, those are good points.

CSP is something I plan to tighten over time, but enabling a strict policy right now would require refactoring some inline JS patterns used in the templates. It’s definitely on the roadmap as part of security hardening.

Regarding CORS, the application currently runs as a same-origin server-rendered app rather than a cross-origin API, so CORS headers aren’t enabled by default. If external clients or integrations are added in the future, I’d likely introduce a restricted allowlist for specific API routes.