Beta Testing Resumes: Security Complete, Firebase Next

Hey beta testers,

Short version: Security fortress is complete (24 vulnerabilities eliminated), I’m fixing Firebase and Sentry integrations today, and we’re back on track for production stress testing this week.

What Just Happened

Last 2 weeks:

• March 31: axios supply chain attack (we were safe)
• April 1: Added .npmrc protection layer
• April 3: Last known npm attacks
• April 14 (today): Comprehensive security audit + fixes

Results:

• ✅ 24 vulnerabilities eliminated (2 critical, 9 high-severity)
• ✅ GitHub Dependabot alerts: 30 → 1 (97% reduction)
• ✅ Found and fixed critical duplicate overrides bug in package.json
• ✅ All protection layers verified active

Full transparency blog post: https://3mpwrapp.pages.dev/blog/2026/04/14/security-fortress-complete-24-vulnerabilities-eliminated/

What’s Next (This Week)

Today (April 14):

• Fix Firebase integration (dependency conflicts from security updates)
• Set up Sentry error monitoring (production-grade logging)

Tomorrow (April 15-16):

• Run full regression testing
• Fix any remaining test failures
• Final pre-production smoke tests

April 17 (Deadline - Still On):

• Beta testing deadline as previously announced
• Training sessions schedule released

April 20 - May 31 (Estimated):

• Production stress testing phase
• Real-world usage with beta testers
• Performance monitoring, bug fixes, iteration

Why the Delay Was Worth It

We could have rushed. We chose not to.

After axios supply chain attack (March 27-31), we waited 11 days before running npm operations. That conservative waiting period meant:

1. No panic fixes - Everything was resolved with automated npm audit fix
2. No new attacks - Ecosystem stabilized, no new compromises
3. Found critical bugs - Discovered duplicate overrides configuration issue
4. Stronger foundation - 7 protection layers now verified working

We don’t cut corners on security, even when it delays beta testing.

Training Sessions

What: Zoom/Discord sessions to walk through 3mpwrApp features
Why: Zero responses to previous beta emails = we need to meet you where you are
When: Schedule coming April 15-16 (you’ll get a separate email)
Mandatory? Yes, at least one session (recorded if you can’t attend live)

Topics:

• Evidence Locker: How to organize medical records securely
• Letter Generator: Creating appeal letters that actually work
• Benefits Navigator: Understanding what you’re entitled to
• Community Features: Forums, peer support, mutual aid

Duration: 30-45 minutes per session, multiple time slots offered

What You Can Do Right Now

1. Check the blog post (link above) - Full transparency on what we fixed

2. Confirm you’re still in - Reply to this email with “IN” if you’re still interested in beta testing

3. Mark your calendar - April 17 deadline, training sessions soon

4. Ask questions - Reply to this email, DM me on Discord, or email directly

Zero questions is not normal. If something’s unclear, ASK. This is your app, built for your needs.

Why Firebase and Sentry Matter

Firebase: Real-time data sync, cloud backups (optional - BYOC is default)
Sentry: Error monitoring so I know when something breaks before you tell me

Both broke after npm security updates (dependency version conflicts). Not a security issue, just need reintegration.

Priority: Get these working, then resume beta testing. No compromises.

Transparency Promise

You’ll always know:

• What we’re fixing (like today’s 24 vulnerabilities)
• Why it’s taking time (like 11-day axios waiting period)
• What’s next (Firebase/Sentry, then production prep)
• When things go wrong (duplicate overrides bug we found)

No marketing spin. No hiding problems. No “everything’s fine” when it’s not.

If I find a bug, you’ll read about it in the blog. If a deadline slips, you’ll know why. If a security issue happens, you’ll get the full technical breakdown.

That’s the deal.

April 17 Deadline Still Stands

Commitment deadline: April 17, 2026
What it means: Confirm you’re ready for production stress testing (April 20-May 31 estimated)
What happens if you miss it: You’ll be moved to next beta cohort (June onwards)

Why the deadline matters:

• Training sessions need confirmed attendees
• Production stress testing needs active participants
• Firebase/Sentry capacity planning needs accurate numbers
• Requirement to get app listed on app stores

Questions I’m Expecting

Q: Is the app safe now?
A: Yes. 0 critical/high vulnerabilities, 7 protection layers active, BYOC architecture means most data never touches our servers.

Q: Will training be recorded?
A: Yes. Live Zoom sessions recorded and posted to Discord for anyone who can’t attend.

Q: Can I still back out?
A: Absolutely. Reply “OUT” and I’ll move you to next cohort, zero hard feelings.

Q: When’s actual production launch?
A: June 2026 estimated, after successful stress testing phase. No fixed date - it’s ready when it’s ready.

Q: What if I find bugs during testing?
A: PLEASE report them. That’s what beta testing is for. Email, Discord, GitHub issues - whatever works for you.

Final Thought

Thank you for your patience.

I know you signed up for beta testing months ago and are still waiting. The axios attack + conservative security response added 2 weeks to the timeline.

Worth it? Yes. the app is too important to rush.

Next update: (April 17) with training session schedule.

Questions? Reply to this email or DM me anytime.

Let’s build this thing right.

—Lissa

Lissa Beaulieu
Founder, 3mpwrApp
empowrapp08162025@gmail.com
Discord: @LissaBeaulieu
Mastodon: @3mpwrApp@mastodon.social
Bluesky: @3mpwrapp.bsky.social

P.S. If you haven’t responded to ANY previous beta emails, please reply to this one. Even just “got it” helps me know you’re still receiving these. Zero responses makes me worried emails are going to spam.

P.P.S. If you know someone else who’d be a good beta tester (injured worker, person with disability, community advocate), forward this and have them email empowrapp08162025@gmail.com. We’re aiming for 30 active testers.

P.P.P.S. All security fixes are documented publicly on GitHub. If you’re technical and want to audit the code, here’s the repo. Pull requests welcome.