**

v0.9.0 Release Notes – The Quantum Leap Edition

3 months, 1,957 commits, and countless cups of coffee later…

🚀 Major New Features

Inbound Email Integration 📥

We’ve introduced a complete inbound email pipeline, turning customer emails directly into actionable tickets.

Core Capabilities

• Email Provider Configuration: Connect Gmail or Microsoft 365 accounts for inbound email capture. Each provider can be added, tested, refreshed, or removed via a dedicated UI.

• Validation & Safety: A new validation service ensures provider data (client IDs, secrets, tenant IDs, mailboxes) are correct before setup. Helpful, user-friendly error messages guide admins through the process.

• Multi-Tenant Awareness: Providers are scoped by tenant, with secure storage of configuration and OAuth details.

• Auto Ticket Creation: Inbound emails are automatically processed into tickets, complete with subject/body parsing, as well as attachment handling.

• Custom Domains Supported: Beyond Gmail/Outlook, Google Workspace accounts with custom domains can be configured (e.g. support@company.com).

• Subscription Management: Supports watch subscriptions with refresh flows so that email streams stay active without manual intervention.

Advanced Features

• Folder & Label Filters: Admins can specify which folders or labels inbound messages are pulled from (e.g., “Inbox”, “Support”).

• Auto-Processing Controls: Choose whether inbound emails are auto-processed or stored for manual triage.

• Testing Tools: One-click “Test Connection” verifies provider setup end-to-end.

• Provider List Management: Centralized list of all configured providers with editing, refreshing, and error handling options built-in.

Projects Evolution 🗂️

We’ve completely reimagined projects into a powerful project management platform.

Core Capabilities

• Phases and Tasks: Projects now support natural progression with phases, each containing their own project tasks with kanban board visualization.

• Task Types & Priorities: Each individual task can have its own type, priority, and status.

• Dependencies & Critical Path: Add, validate, and visualize task dependencies.

• Ticket Linking: Tickets can be directly associated with projects, ensuring external requests and internal initiatives are tracked together.

• Documents for Tasks: Upload and associate documents directly with project tasks for full context.

Client Portal Revolution 🌎

A complete re-imagining of the client portal with enterprise-grade security, tighter onboarding, and safer account recovery.

Portal Core Features

• Multi-role Permission System: RBAC hardening across hundreds of server actions with dozens of new permission types enforced on financials, time tracking, user/role admin, and business data flows. Consistent authn/z patterns across API, UI, and workflows.

• Self-Service Onboarding: First-class invitation flow with invite history, secure tokens, email templates, and rate limiting (3/hour). Tokens are tenant-scoped, validated with constant-time checks, and consumed via transaction-safe server actions (atomic validate→consume).

• Portal Invitation System: Composite uniqueness on (tenant, token), automatic cleanup of expired tokens, and explicit tenant filters applied on all reads/writes.

• Company-Based Access Control: Current-user resolution and all related queries apply explicit tenant filters to preserve isolation on distributed (Citus) clusters.

• Ticket Management: Create, view, and track tickets from the portal.

• Document Access: Secure document sharing between MSP and clients.

• License Usage Visibility: Users page now shows how many licenses have been used vs. remaining.

• Support Screen: Centralized support area within the portal to streamline help and troubleshooting.

• Improved Invitations: Invite email and link options now available directly in the portal tab.

Account Recovery

• Password Reset System: Token-based reset with tenant isolation, hashed tokens at rest, rate-limited requests, dedicated Forgot/Reset pages, and email templates wired to server actions.

• Dedicated Forgot Password Page: Users can securely request and reset passwords through a streamlined UI.

• Integrated PSA Forgot Password Functionality: Unified handling across client and PSA systems for consistency.

Security & Registration

• Invite-Only Registration: Email-domain self-registration removed; sign-ups require an existing contact or invitation (smaller attack surface).

• Improved Validation: Fixed portal account creation issues and ensured secure client account setup.

Portal Administration

• Immutable admin protections, bulk user management, and a permission matrix that supports dual-mode viewing (by role and by resource) with inline editing and an “All Roles” overview.

• Cleaner Configuration: Removed unused outbound email config screens for hosted clients.

Tag System Power-Up 🌟

A full-featured tagging system across tickets, projects, documents, and more.

Core Capabilities

• Create, edit, and delete tags from a centralized interface.

• Apply tags to projects, tasks, tickets, and documents.

• Bulk tag management with mass add/remove.

• Tag filtering in list views with multi-select and smart search.

Advanced Features

• Color-coded tags for quick identification.

• Tag usage statistics to track adoption.

• Role-based access: who can manage vs. apply tags.

• Cross-feature support — use tags consistently across modules.

Onboarding Wizard 🧙

Wizard Enhancements

• 6-Step Guided Process with visual progress and completion status.

• Smart Defaults: Boards/Statuses have explicit single defaults; imports auto-resolve conflicts; dynamic open/closed labels; clear one-click ⭐ controls.

• Validation at Every Step with real-time feedback and error prevention.

• Seed Data Integration and Password Management with secure initial setup and reset tracking.

• Service Type Flexibility: Adding service types allows multiple entries and provides walkthrough support.

• Board Selection Control: Users can choose which boards to include during onboarding.

Technical Improvements

• Transaction-safe operations with rollback, Temporal workflow integration, and progress persistence across sessions.

• Connection lifecycle simplification: single connection per code path with safe cleanup to reduce churn and cross-tenant leakage risks.

• Wizard Enhancements for Clarity: Improved step navigation, optional/required labeling, and walkthrough prompts.

Interaction Management System

A new backbone for capturing client touches across channels—tightly connected to time tracking and ticketing.

Core Capabilities

• Multi-Channel Support: Email, phone, meeting, chat, and custom types.

• Time Tracking Integration: Direct time entry from interactions.

• Status Workflows: Customizable interaction lifecycles.

• Company & Contact Linking: Full relationship mapping.

• Smart Filtering: Time-, company-, and type-based filters.

• Icon System: 35+ curated icons for visual identification.

• Bulk Operations: Mass updates and status changes.

• Automatic Dialog Handling: Closing the “add new entry” dialog now auto-saves correctly.

• Improved Navigation: Going back to a board from a ticket preserves filter state.

Advanced Features

• Interaction→ticket conversion, email thread tracking, meeting duration tracking, follow-up scheduling, and template responses.

• Activity Insights: Better visibility into user activities, automation hub updates, and system events through PostHog feature flags.

Extension System Enterprise

Complete rebuild of the extension architecture with Knative hosting, Registry v2, and tenant-scoped storage.

Infrastructure

• Knative Service Hosting: Preflight provisioning, automatic DomainMappings with create/patch semantics, treating 404 as “create”, compact host labels (≤63 chars), and normalization of legacy -- in names. Optional CDC; surfaced HTTP status/body for provisioning errors.

• Registry v2: Idempotent version creation, streamed uploads via server actions, retry-friendly finalize, and consistent tenant install writes end-to-end.

• Tenant-Scoped Storage: Dedicated bundle bucket; HeadBucket preflight; staging→canonical object verification during finalize; end-to-end contentLength propagation to satisfy S3-compatible providers and prevent decode-length errors.

• Presigned GET: Runners fetch bundles via presigned S3 GET when credentials are available.

Security & Authentication

• Runner Authentication: ALGA_AUTH_KEY carried as x-api-key (masked in diagnostics). Allow-list tolerant to trailing slashes/case. Extensions own request-time auth; full tracing across validate/cache/fetch/extract/serve.

UI Improvements

• DataTable integration, sticky action columns, 2-column action grids, bundle path visibility, refined status badge placement, and canonical object metadata surfaced via a server action.

Time Tracking Overhaul ⏱️

Time Tracking

• Log time directly from interactions and project tasks. Non-billable state persists correctly. Configurable minimum time requirements. Multi-level approvals. Bulk time entry. Strict RBAC across entries, sheets, and approvals.

• Improved Usability: Default sort by date created (descending), better save/cancel flows, and auto-addition of work items.

Document Management Evolution

New Capabilities

• Video Support with HTTP range requests.

• Large File Handling up to 500 MB.

• Preview Generation with automatic thumbnails.

• Block-Based Storage for efficient chunking.

• Transaction Support with ACID semantics on reads/writes and downloads.

Enhanced Features

• File System Access API integration, modal previews, download with original names, batch operations, tag-based organization, and per-document access control.

• Improved Uploads: Fixed size limit calculation issues, enhanced preview generation, and ensured downloads preserve authentication and naming.

Security & Authentication 🔐

Authentication

• Password Reset: Token-based with SHA-256 hashing and per-tenant isolation.

• Rate Limiting: Abuse prevention on all endpoints (consistent error surfaces).

• Session Management: Multi-tenant session handling.

• API Key Management: Scoped keys with rotation.

• OAuth Hardening: Hosted detection via server config (NEXTAUTH_URL), unified popup handling, and server-action initiation to eliminate pre-auth races.

Security Features

• Vault integration for secrets, composite secret providers, environment-specific encryption, audit logging, RBAC enforcement across services, HMAC-verified webhooks with backoff/retry, and SQL-injection prevention.

• Microsoft Webhooks: Subscription lookup by ID, strict clientState validation, and token-preserving upsert semantics for config saves.

• Unified Auth Verify: Central endpoint for tenant credential verification with rate limits and observability.

• Improved Client Security: Fixed edge cases in portal registration, role assignment, and password reset loops.

Platform Improvements 🔨

Database & Infrastructure

Citus Compatibility

• Replaced all knex.fn.now() with literal timestamps.

• Removed brittle triggers and optimized joins for distributed queries.

• Introduced composite unique indexes and explicit tenant filters.

• Staged query patterns for distributed↔local joins.

• Safer migrations and transaction patterns across code paths.

Kubernetes & Deployment

• Helm Chart Enhancements: Production-ready charts, including a dedicated workflow-worker.

• Vault Agent Integration: Automatic secret injection; Istio sidecar exclusions configurable (Vault 8200 excluded by default).

• ConfigMap Management and dynamic configuration.

• Resource Limits: Hosted code-server defaults to 16 GiB RAM.

• Health Checks: Liveness and readiness probes.

• Horizontal Scaling: Autoscaling support.

• Hosted/Values: Clear separation of hosted configs; DB host may be provided via secretRef.

Temporal Workflows

• Tenant creation automation; onboarding seed workflows; customer/license propagation from the store via webhook worker; email processing; domain mapping; richer error detail from Kubernetes activities (status/body surfaced); DomainMapping upgraded to serving.knative.dev v1beta1 with JSON Merge Patch.

Performance Optimizations

Frontend

• Server-side rendering optimizations, lazy loading, code splitting, memoization strategies, image optimization, and trimmed initial bundles (e.g., deferring Monaco until the workflow editor opens).

Backend

• Query optimization (N+1 elimination), connection pooling, Redis caching, batch processing, stream processing for large files, and async job orchestration.

Database

• Index and query plan improvements, materialized views, partitioning strategies, vacuum scheduling, and statistics updates.

Developer Experience

Build System

• Webpack configuration improvements, TypeScript 5 migration, ESLint rule updates, Prettier formatting, HMR fixes, and a ~40% faster build pipeline.

• NodeNext/ESM import correctness, stabilized path-alias resolution, and a fix-imports script to normalize imports across packages.

Testing

• Expanded Playwright suite; higher unit coverage (~75%); comprehensive E2E scenarios; performance benchmarks; load testing; regression automation.

• Reduced flakiness with Redis/PgBouncer resets and tenant-consistency waits. Major “Tickets” and “Projects” suites are green.

🧪 Email Integrations

• Gmail Watchers: Single-init orchestration via a dedicated marker column to avoid duplicate subscriptions; reliable refresh flow.

• Microsoft Graph: Subscription persistence switched to upsert semantics to avoid token loss on UI saves; strict clientState validation after lookup.

• Improved Email Handling: Expired login email links and template issues resolved, ensuring reliable delivery.

🐞 Major Bug Fixes (433 total)

Critical Fixes

Data Integrity

• Fixed transaction aborts in distributed queries, race conditions in concurrent updates, cascade deletion issues, foreign-key constraints, duplicate-key violations, and deadlock scenarios.

Authentication & Security

• Fixed session persistence across redirects; token validation edge cases; permission check bypasses; CORS configuration; XSS and CSRF vulnerabilities.

UI/UX

• Corrected dialog z-index stacking, form validation errors, infinite scroll edge cases, responsive breaks, modal backdrops, and animation glitches.

• Fixed ticket list age display and ensured consistent ordering.

Infrastructure & Storage

• Finalize/abort routes target the bundle bucket; ContentLength set explicitly to prevent S3 decode errors; missing assets return 404 (not 413); PersistentVolumeClaim volumeName preserved across upgrades to avoid immutability failures.

🎨 UI/UX Enhancements

Design System Updates

• Color Palette: Updated priority colors and status indicators.

• Typography: Improved readability and scaling.

• Spacing: Consistent padding and margins.

• Icons: 35+ new Lucide icons with categories.

• Components: 20+ new reusable components.

• Animations: Smooth transitions and micro-interactions.

Layout Improvements

• Responsive Design: Better mobile/tablet support.

• Grid Systems: Flexible layouts with CSS Grid.

• Sticky Elements: Headers, sidebars, and action bars.

• Scrolling: Independent column scrolling with visible scrollbars.

• Full Height: Correct viewport usage.

• Dark Mode Prep: CSS variables for theming.

• Improved Dialog Handling: Closing modals behaves predictably and consistently.

Form Enhancements

• Validation: Real-time checks with clear messages.

• Required Fields: Visual indicators with asterisks.

• Auto-Save: Draft preservation.

• Smart Defaults: Context-aware prefill.

• Keyboard Navigation: Full keyboard support.

• Accessibility: ARIA labels and descriptions.

Centralized Views & Quick Drawers 

• Consistent Actions: “Edit” now always navigates to the full page, while “Quick View” always opens a drawer with essential details. No more guessing what each button does.

• Client & Contact Parity: Clients and contacts now follow the same action patterns, reducing confusion and making the platform feel more predictable.

• Quick Access to Data: From any list or grid, open a quick view drawer to see key details—names, roles, associations—without losing your place.

• Pop-Out to Full Page: Each drawer comes with a one-click “pop-out” option, letting you expand into the full record when you need to go deeper.

🌍 Internationalization

Multi-Region Support

• Tax Regions: Country-specific tax rules.

• Currency Support: Multiple currencies.

• Date/Number/Phone/Address: Locale-aware formats.

🔧 Technical Debt Reduction

Code Quality

• TypeScript Coverage: ~95% types.

• Linting: Zero ESLint errors.

• Dead Code: 10,000+ lines removed.

• Duplication: 30% reduction.

• Complexity: 200+ functions simplified.

• Dependencies: Major updates across packages.

Architecture Improvements

• Modularization and clearer separation of concerns.

• Service Layer for business logic.

• Repository Pattern for consistent data access.

• Event-Driven improvements across workflows.

• Caching Strategy: Multi-level caching.

• Error Handling: Centralized and standardized.

⚠️ Breaking Changes

• Public Sign-Up Removed: Registration is invite-only for both MSP staff and client users.

• Literal Timestamps: All server/database timestamps are literal values (no knex.fn.now()), affecting custom triggers and legacy migrations.

• Audit Log Behavior: Invoice finalize/unfinalize/credit issue temporarily skip audit logging while multi-tenant audit is redesigned.

“And down the rabbit hole we go, where database functions become literal tea-time dates!” 🐇⏰☕️

Version: v0.9.0
Release Date: August 27, 2025
Commits: 1,957
Changed Files: 2,000+
Added Lines: +760,000
Removed Lines: −330,000

For detailed commit history, see the full changelog.

**

Full Changelog: v0.8.0...v0.9.0