Shipping log — May 2026: 47 commits, 1 outage, and one feature I regret
A monthly recap of what shipped on Pickleloonies in May 2026 — features, fixes, the outage, and what got cut.
May 2026 was the heaviest shipping month of the year so far. Forty-seven commits, four features in, one out, one outage, and a 24-post content push. Here's the honest recap.
Highlights
- Field Notes blog grew 9x. From 3 posts to 27, all categorized, all with hero images, all with FAQ schema and BlogPosting JSON-LD. The SEO/AEO push from the audit finally has content to point at.
- HSTS preload eligibility achieved. The apex→www redirect was carrying short HSTS; we fixed that via direct domain config and submitted to the preload list.
- Demo mode rewritten to stop using
router.push()between routes (see the demo post for the gory details). - Polls feature killed. Reduces the in-app feature surface by ~6%.
What I shipped
The four features that landed:
- Per-session guest disable. Pod admins can now flip a per-session toggle to disallow new guest invites. Useful for packed playoff nights.
- Wager settlement screenshots. You can now attach a Venmo screenshot to the "I paid" button. The receiving party gets a notification with the image.
- Bigger chat reactions panel. More emoji, sorted by recency. Trivial change, surprisingly liked.
- Field Notes infrastructure. TL;DR blocks, FAQ schema, hero images, SVG illustration library, BlogPosting JSON-LD with publisher and image — everything documented in the plan that produced this post.
What broke (and what I learned)
The outage. May 12, 11:18 PM Pacific. An RLS migration on sessions restricted SELECT to admins only by mistake (auth.uid() should have been auth.uid() OR is_member_of_pod(pod_id)). All reads failed silently in the app — the UI showed "no sessions" rather than an error.
Recovery: 22 minutes from detection to rollback. The fix was a one-line policy patch.
Lesson: smoke-test every RLS migration. We're adding a post-migration health check that hits /api/health and verifies a known-good session row is readable as a non-admin. If that fails, the migration auto-rolls back.
Also from the lessons file, already in place: never await a Supabase auth call in a user-blocking flow. That one has saved us multiple times. (Worth reading if you're building on Supabase — the Supabase docs have the background.)
What I'm killing next month
The bigger demo seed dataset I keep talking about — I'm going to ship it or stop mentioning it. June is the deadline.
Also: the rarely-used "wager standings" page. Wagers don't aggregate well over time, and the page is confusing. Going to fold those stats into the pod home screen.
The numbers
- 47 commits to main
- 0 force pushes
- 4 RLS migrations (3 clean, 1 rollback)
- 22 minutes of read outage
- 24 new Field Notes posts in a single push
- 1 feature retired (polls)
- 1 lesson added to
lessons.md("smoke test RLS migrations")
If anything here was surprising, the privacy policy and security overview are the right places to dig into how we approach this stuff at a more operational level. June recap will land mid-July.
Frequently asked questions
+What broke during the outage?
An RLS migration accidentally restricted SELECT on the sessions table to admins only. Reads failed across the board for 22 minutes until we caught it and rolled back.
+How did you catch it?
Sentry error spike alert at 11:18 PM Pacific. The migration ran at 10:56 PM Pacific. Median time to detection was ~22 minutes, which is too long — we're adding a smoke test that runs after every migration.
+Why kill polls?
Two pods used them, one used them once. Group chat with @-mentions does 90% of what polls did with 10% of the UI complexity. The feature was dragging maintenance cost without earning its keep.
+What's in the queue for June?
Native iOS build (Expo, target App Store submission in late June), per-court fee splits, and the bigger demo seed dataset.