{"slug": "digitized-airplane-logbooks-open-sourced-it-and-looking-for-feedback-free", "title": "Digitized airplane logbooks – open-sourced it and looking for feedback (free)", "summary": "A developer has open-sourced MyTailLog, a digitized aircraft logbook and maintenance tracker for piston general aviation owners, and is seeking feedback. The tool uses AI to extract data from scanned logbook pages, providing searchable records, compliance forecasting, and reminders, while emphasizing that physical logbooks remain the official record.", "body_md": "Aircraft logbook digitization & maintenance tracker for piston GA owners — live at ** mytaillog.com**.\n\nThis tool is an index and decision-support layer, not the legal record.The physical logbooks remain the system of record per14 CFR 91.417. MyTailLog does not replace official maintenance records, does not constitute an airworthiness determination, and is not a maintenance sign-off. Every value it shows is derived from AI extraction or data you entered, and must be confirmed against the physical logbook before you rely on it.\n\nMyTailLog turns decades of paper airframe / engine / prop / avionics logbooks\ninto a **searchable, gap-auditable, compliance-forecasting index** — sized for a\nsingle piston GA owner (and the people they share a plane with), not a fleet. You\nphotograph or upload your logbook pages, AI reads them into structured entries,\nand the app tracks inspections, ADs, equipment, weight & balance, and flight\nhours — then reminds you before things come due.\n\nAI reads the page; you review it next to the original, with low-confidence fields flagged\n*(all shots are the demo aircraft — a fictional 1978 C172N every new account gets):*\n\n**More screenshots** — aircraft overview · Status grid · Ask your logbook · Timeline · Weight & Balance\n\n**Aircraft overview** — everything at a glance, color-coded by what needs attention\n\n**Status** — every inspection, item, and AD by urgency (with email reminders before they come due)\n\n**Ask your logbook** — plain-English answers that cite their source entries\n\n**Timeline & search** across all logbooks\n\n**Weight & Balance** — revision history + current empty weight/CG\n\n**Capture → extract → review**\n\n- Camera capture with automatic document edge-detection / deskew / crop, or upload scans (PDF / JPEG / PNG). Offline-friendly: pages queue on-device and upload when back online.\n- Vision-LLM extraction into structured entries (date, hours, work, parts,\nAD/SB refs, signature) with\n**per-field confidence**; a review screen shows the page image beside editable entries and flags low-confidence fields. - Five logbook types — airframe, engine, prop, avionics, and\n**Other**. **Find duplicates**— flags likely-duplicate scans and entries (by date, tach/hobbs, and work text) so re-captures and re-extractions don't pile up.\n\n**\"Other\" A&P documents (auto-applied)**\n\n- Scan a\n**Weight & Balance sheet**→ it creates a new W&B revision. - Scan an\n**AD compliance report**→ it becomes the ground truth for your AD state, corroborates matching tracked ADs (with a \"✓ A&P report\" badge), and adds any it lists that you weren't tracking.\n\n**Engine health**\n\n**Oil analysis**— import a lab report (Blackstone, AVLab, …) as a PDF or a photo; AI reads every sample in it (wear metals in ppm, oil properties, the lab's written comments), and each metal is charted over time against the lab's universal average — above it is flagged. Re-importing a report updates in place.\n\n**Understand & forecast**\n\n**Ask your logbook**— plain-English questions answered from your entries, with the source entries cited.** Timeline & search**across all logbooks;** Status**grid (color-coded, at a glance);** Maintenance forecast**(Part 91 recurring items, hours- and date-based);** AD/SB compliance**with official FAA reference lookup (Federal Register + DRS fallback);** Installed equipment**reconstructed from the logs;** Weight & Balance**history with a stale-since-last-equipment-change flag;** Records gap audit**.\n\n**Flight hours & reminders**\n\n**MyFlightBook integration**(per-user OAuth) pulls your latest hobbs/tach so the forecast reflects real hours.- A\n**daily job** auto-syncs hours (once/day) and emails**reminders** before due items — annual, oil, ADs, and more, each with a configurable lead time.\n\n**AI keys & cost control**\n\n- Extraction and Q&A run on the app's shared Anthropic key by default, bounded by\na\n**per-user daily call cap** and a**global daily-$ ceiling**(both env-tunable). - Owners can\n**bring their own Anthropic API key**(stored encrypted) to bill AI usage to their own account and get a much higher limit; the Profile page shows their calls, tokens, and estimated cost so far.\n\n**Own your data**\n\n- Print/PDF and CSV exports, plus a full\n(records + scans) you can`.zip`\n\nbackup**re-import**. **Sharing**(viewer / contributor),** ownership transfer**, and delete.- In-app\n**Help** documenting every feature and how the pieces affect each other.\n\n**Next.js 15 (App Router) + TypeScript + Tailwind**— server components, server actions, and route handlers in one deployable unit; a capture PWA (service worker + IndexedDB queue) for offline capture.**Supabase**— Postgres + Auth + object Storage.** Row-level security is the enforcement boundary**, funneled through a single`has_aircraft_access()`\n\n/`can_edit_aircraft()`\n\nchoke point; every table and storage object is scoped to the users who own or are shared on the aircraft.**Anthropic**— a strong vision model (`claude-opus-4-8`\n\n) for handwriting/image extraction (`EXTRACTION_MODEL`\n\n), and a cheap text model (`claude-haiku-4-5`\n\n) for text-only reasoning — Q&A, equipment/maintenance detection (`TEXT_MODEL`\n\n). Every AI route funnels through one gate (`prepareAi`\n\n) that resolves the caller's key (shared or their own), enforces the caps, and meters usage into a**server-authored**`ai_usage`\n\nledger (written only by the service role, so the budget guard can't be forged). The per-request key is carried via`AsyncLocalStorage`\n\n, so no call site needs a key parameter.**Secrets encrypted at rest**— third-party credentials (MyFlightBook OAuth client secret + tokens) and each user's own Anthropic key are AES-256-GCM encrypted (`src/lib/crypto.ts`\n\n,`ENCRYPTION_KEY`\n\n); RLS isolates them, encryption defends against a backup/replica leak. Decryption is server-only; nothing sensitive is read back to the browser.**Defense-in-depth headers**— global CSP,`X-Frame-Options: DENY`\n\n, HSTS,`nosniff`\n\n, Referrer/Permissions policies; the public origin is pinned to`NEXT_PUBLIC_SITE_URL`\n\nrather than reflected from a request header.**All image processing is browser-side**(thumbnails, PDF rasterization, zip build/read) — the server never touches image bytes, keeping hosting at ~zero marginal cost.**Firebase App Hosting**(Cloud Run) for the app,** Cloud Scheduler**for the daily job, and** Resend**for reminder email.** FAA data**comes from the** Federal Register API**(source of truth for post-1994 ADs —`src/lib/faa/federalRegister.ts`\n\n) with a reverse-engineered**DRS fallback** for legacy ADs (`src/lib/faa/drs.ts`\n\n). Access model:- The\n**Federal Register** fetch runs**client-side, in the browser**. GPO's origin nginx IP-blocks Cloud Run's datacenter egress with a bare`403 Forbidden`\n\n(works from a laptop, fails in prod). The FR API is CORS-enabled (`access-control-allow-origin: *`\n\n) and our client is isomorphic, so it runs from the user's residential IP. Server actions only supply DB inputs (`getExploreTargets`\n\n) and persist results (`saveAdReference`\n\n,`trackCandidate`\n\n); the module's`user-agent`\n\nheader is gated to server calls (browsers forbid setting it). **DRS** runs**server-side**(`enrichViaDRS`\n\n) —`drs.faa.gov`\n\ndoes*not*block our egress, and it needs a minted session cookie + browser-like UA (see the client header comment). It's a best-effort scraper, not an API.\n\n- The\n\nData model (Postgres, migrations `supabase/migrations/00*`\n\n): `aircraft`\n\n→\n`logbook`\n\n→ `page`\n\n→ `log_entry`\n\n, plus `ad_compliance`\n\n/ `ad_reference`\n\n,\n`component`\n\n/ `equipment_proposal`\n\n, `maintenance_item`\n\n, `weight_balance`\n\n,\n`scanned_document`\n\n, `document`\n\n, `oil_analysis_sample`\n\n, `aircraft_share`\n\n,\n`mfb_connection`\n\n/ `hours_reading`\n\n, `reminder_log`\n\n, `ai_usage`\n\n/ `user_ai_key`\n\n,\nand `profile`\n\n.\n\nTargets **~zero marginal cost**: Firebase App Hosting (scale-to-zero) and Supabase\nfree tiers cover a personal deployment, and all image work is client-side. The\none metered line item is **LLM calls** — bounded (cents per page for the one-time\nbacklog, then a trickle) and split so the cheap model does the high-volume text\nwork. The operator sets an `ANTHROPIC_API_KEY`\n\n; usage on it is capped **per user\nper day** (`AI_SHARED_USER_DAILY_CALLS`\n\n) and by a **global daily-$ ceiling**\n(`AI_SHARED_DAILY_USD`\n\n). Any user can also **bring their own key** to bill their\nown account and lift the limit.\n\n```\nnpm install\ncp .env.example .env.local     # fill in Supabase URL + anon key, ANTHROPIC_API_KEY, etc.\n# Apply supabase/migrations/*.sql in order via the Supabase dashboard SQL editor\nnpm run dev                    # http://localhost:3000\n```\n\nSee [ .env.example](/iiamit/MyTailLog/blob/main/.env.example) for all config (required vs optional) and\n\n[for the schema + RLS model.](/iiamit/MyTailLog/blob/main/supabase/README.md)\n\n`supabase/README.md`\n\nMyTailLog runs as a Next.js server on **Firebase App Hosting** (Cloud Run, builds\non every GitHub push, global CDN) over a **Supabase** project. Config is in\n[ apphosting.yaml](/iiamit/MyTailLog/blob/main/apphosting.yaml).\n\n**Prerequisites:** a Firebase project on the **Blaze** plan (App Hosting requires\nit; metered but ~$0 at personal scale — set a budget alert) and the Firebase CLI.\n\n**1. Secrets** (Cloud Secret Manager, referenced by name in `apphosting.yaml`\n\n):\n\n```\nfirebase apphosting:secrets:set NEXT_PUBLIC_SUPABASE_URL\nfirebase apphosting:secrets:set NEXT_PUBLIC_SUPABASE_ANON_KEY\nfirebase apphosting:secrets:set ANTHROPIC_API_KEY\nfirebase apphosting:secrets:set ENCRYPTION_KEY        # AES key for at-rest secret encryption; `openssl rand -base64 32`\nfirebase apphosting:secrets:set SUPABASE_SECRET_KEY   # Supabase → API Keys → \"Create secret key\" (also writes the ai_usage ledger)\n# For the daily reminder/sync cron (optional but recommended):\nfirebase apphosting:secrets:set RESEND_API_KEY        # for reminder email\nfirebase apphosting:secrets:set CRON_SECRET           # random string; gates the cron endpoint\n```\n\nNon-secret config in [ apphosting.yaml](/iiamit/MyTailLog/blob/main/apphosting.yaml):\n\n`NEXT_PUBLIC_SITE_URL`\n\n(pins the public origin), `EXTRACTION_MODEL`\n\n/ `TEXT_MODEL`\n\n, and the AI cost caps\n(`AI_SHARED_USER_DAILY_CALLS`\n\n, `AI_OWN_USER_DAILY_CALLS`\n\n, `AI_SHARED_DAILY_USD`\n\n).\n**— a value encrypted under one key can't be decrypted under another.**\n\n`ENCRYPTION_KEY`\n\nmust match between prod and any local `.env.local`\n\nthat shares\nthe same database**2. Backend** — Firebase console → **App Hosting → Get started** → connect the\nGitHub repo + `main`\n\nbranch. Every push to `main`\n\nbuilds and rolls out.\n(`apphosting.yaml`\n\nsets scale-to-zero, `maxInstances: 2`\n\n, 1 vCPU / 1 GiB.)\n\n**3. Supabase auth URLs** (fixes magic links landing on `localhost`\n\n):\nSupabase → **Authentication → URL Configuration** → **Site URL**\n`https://mytaillog.com`\n\n, **Redirect URLs** `https://mytaillog.com/auth/callback`\n\n.\nConfigure custom SMTP (e.g. Resend) to lift the built-in email rate limit.\n\n**4. Custom domain** — App Hosting → **Add custom domain** → add the DNS records;\nGoogle provisions a managed TLS cert.\n\n**5. Migrations** — run `supabase/migrations/*.sql`\n\n**in order** via the dashboard\nSQL editor (the repo isn't CLI-linked). Enum-adding migrations (e.g.\n`0004`\n\n/`0017`\n\n) must be run and committed **before** the migration that uses the\nnew value.\n\n**6. Daily reminders (optional)** — create a **Cloud Scheduler** job that does a\ndaily `POST https://mytaillog.com/api/cron/daily`\n\nwith header\n`Authorization: Bearer <CRON_SECRET>`\n\n.\n\n**App Hosting / Cloud Run:** scale-to-zero → ~$0 idle; Cloud Run free tier covers personal traffic. Blaze has no hard cap — set a budget alert.**Request timeout:** Cloud Run default 300s covers extraction and full-history scans (`maxDuration`\n\nin the routes is a Vercel-only hint, ignored here).**Supabase free:** 1 GB storage (scans), 500 MB DB, pauses after 7 days idle, no automatic backups (use the in-app`.zip`\n\nexport, or Supabase Pro).\n\nThe app also deploys to **Vercel** (Hobby caps functions at 60s and is\nnon-commercial); Cloud Run avoids both.\n\nEvery record belongs to the users who own or are shared on its aircraft, enforced\nby Postgres row-level security — not just app code. Aircraft records (tail\nnumbers, serials, owner names, home base) are treated as **sensitive personal\ndata**. Sharing is by email with viewer/contributor roles. Per-user secrets\n(MyFlightBook OAuth client secret + tokens, and a user's own Anthropic key) are\n**encrypted at rest** (AES-256-GCM) and only ever decrypted server-side — never\nsent to the browser. Responses carry defense-in-depth security headers (CSP,\nframe/HSTS/nosniff), and redirect origins are pinned to a configured value rather\nthan a request header. The elevated (RLS-bypassing) code paths — the daily cron\nand the `ai_usage`\n\nledger write — use a Supabase secret API key: the cron is\nscoped to its endpoint behind a shared-secret gate, and the ledger write exists\nso the shared-key cost guard can't be forged by a client.\n\neSignatures (keeps us in \"index of the physical record\" territory, avoiding AC 120-78A), parts procurement/inventory, work orders, flight scheduling, and MRO multi-fleet management.", "url": "https://wpnews.pro/news/digitized-airplane-logbooks-open-sourced-it-and-looking-for-feedback-free", "canonical_source": "https://github.com/iiamit/MyTailLog", "published_at": "2026-07-08 13:48:09+00:00", "updated_at": "2026-07-08 14:00:10.698065+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-products", "ai-tools", "computer-vision", "natural-language-processing"], "entities": ["MyTailLog", "Anthropic", "Blackstone", "AVLab", "FAA", "MyFlightBook", "Cessna 172N"], "alternates": {"html": "https://wpnews.pro/news/digitized-airplane-logbooks-open-sourced-it-and-looking-for-feedback-free", "markdown": "https://wpnews.pro/news/digitized-airplane-logbooks-open-sourced-it-and-looking-for-feedback-free.md", "text": "https://wpnews.pro/news/digitized-airplane-logbooks-open-sourced-it-and-looking-for-feedback-free.txt", "jsonld": "https://wpnews.pro/news/digitized-airplane-logbooks-open-sourced-it-and-looking-for-feedback-free.jsonld"}}