Windshift v0.5.7

Windshift v0.5.7

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Features

Action execution actor

Workspace actions no longer run with whichever permissions the triggering user happens to hold. Two new concepts address the gap:

• actor_user_id on actions — nullable override. When null the action continues to run under the triggering user, preserving prior behaviour. When set, every node executes under the named user's permissions and side-effects (comment authorship, item history, cascade events) are attributed to them.
• action.set_actor global permission — required to set or change actor_user_id. Seeded with no default role assignment; only system.admin or an explicit grant can configure an override. The permission is global-scope because an actor override grants cross-workspace reach and cannot be bounded by workspace-scoped action.manage alone.

The execution engine now centralises this as EffectiveActorID on ExecutionContext and threads it through every node executor (set_field column and custom, set_status, add_comment, notify_user, round_robin_assign, create_asset, update_asset), plus the downstream WorkflowService.PerformTransition, CommentService.Create, NotificationService.NotifyUsers, and cascade ActionEvent / AssetActionEvent emissions.

Per-node permission enforcement

Previously, node authorisation was inconsistent: create_asset / update_asset checked asset-set RBAC, but set_field, set_status, add_comment and round_robin_assign wrote through without a permission check. The effective actor is now checked against the workspace before each mutating node runs — item.edit for set_field, set_status, and round_robin_assign; item.comment for add_comment. Asset mutations still go through the existing asset-set check, unchanged. notify_user remains unchecked because it mutates no workspace state.

Authorisation failures fail the node, mark the action failed, and record the missing-permission error in the execution trace. A missing permission-service wiring refuses closed rather than silently skipping the check.

Action execution audit trail

action_execution_logs gains trigger_user_id and effective_actor_user_id so the per-run record distinguishes who caused the event from whose rights governed the run. Every set-or-change of an action's actor also writes a dedicated automation.set_actor entry to the generic audit log with the previous and new actor IDs and the administrator who made the change.

Enhancements

Action flow editor

• A run-as picker sits above the node palette. Users with action.set_actor can choose any user (or clear back to "run as triggering user"); users without the permission see a read-only label showing the currently configured actor or a hint explaining the default.
• New nodes added from the palette now land at the centre of the visible canvas rather than a fixed coordinate region that frequently sat outside the viewport. Placement is computed from the live viewport (tracked via onmove, keeping SvelteFlow in uncontrolled mode so defaultViewport still governs first render) and offset by half a node footprint. A small random jitter keeps successive clicks from stacking pixel-perfectly.
• The minimap now colour-codes nodes by type, mirroring the accent colours used on the canvas (trigger amber, set_field purple, set_status teal, add_comment orange, notify_user magenta, condition yellow, update_asset teal, create_asset green). The minimap shell itself picks up a surface-raised background, border, shadow and rounded corners so it reads as editor chrome rather than a bare overlay.

Security page

• API token creation exposes the full scope set as a grid with resource rows and read / write / delete columns. Preset buttons (Read-only, Read + Write, Clear) cover common picks; an Admin grid renders only for system administrators. The prior hardcoded three-scope default is pre-selected; Create is disabled until at least one scope is chosen.

Minor UX

• Service-user checkbox on the user-create modal no longer wraps its label when the descriptive hint is long; the hint is free to wrap below.
• Spacing fix on the user profile page.

Upgrade notes

• actions gains an actor_user_id column and action_execution_logs gains trigger_user_id and effective_actor_user_id. Existing rows migrate with these fields null; behaviour for actions without an override is unchanged.
• The new global permission action.set_actor is seeded on upgrade but not granted to any role. Assign it explicitly to administrators who need to configure actor overrides.
• Workspace actions that previously succeeded by relying on the triggering user's lack-of-enforcement on set_field / set_status / round_robin_assign / add_comment will now fail if the effective actor lacks the corresponding workspace permission. Review audit logs for automation.execute failures after upgrade; the most common fix is to grant the triggering user item.edit / item.comment on the workspace, or to set an explicit actor_user_id on the action.

Windshift v0.5.6

Windshift v0.5.6

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Features

CLI onboarding

• ws can now complete its first-time authorization against a running server via a short-lived code exchange. Schema adds cli_auth_codes; the new /cli/authorize page confirms the pairing before issuing credentials.
• New ws config command groups the previously scattered configuration flags.

Item transitions

• New item-transition endpoint captures status changes through a dedicated path so dependent rules (notifications, actions, workflow conditions) see a single, typed event instead of reverse-engineering intent from a generic update.

Item context service

• services/item_context centralizes the "resolve an item and everything the rendering/notification code needs around it" lookup. Replaces several ad-hoc joins in handlers and action execution.

Enhancements

Email receiver

• Per-channel OAuth refresh is now serialized through a sync.Map of mutexes. Concurrent scheduler ticks can no longer both hit an expired token, both refresh, and both overwrite each other — which with Microsoft's rotating refresh tokens used to leave a dead token in the database.
• Encryption failures during token refresh now propagate instead of silently writing an empty ciphertext; a failure no longer wipes the stored refresh token and forces manual re-auth.
• Incoming HTML is now sanitized with bluemonday instead of a regex scrub of <script>/<style>. The previous implementation was trivially bypassed by case or whitespace tricks.
• Incoming items created from email now go through the same validation, type-allowlist, status-resolution and priority-resolution the REST API uses. The local duplicates (hardcoded "Open" fallback, no workspace filter) are gone.
• Subject, From.Name and To.Name headers are RFC 2047-decoded; =?utf-8?Q?…?= encoded-words render as native characters.
• Attachments are written through an atomic temp-file + rename; a crash mid-write can no longer leave a truncated file that the UI would later serve. If the database insert fails after the file lands, the orphan is removed.
• Portal-customer and processed-email upserts use ON CONFLICT DO NOTHING RETURNING id, so a race or retry against the unique constraints no longer surfaces as a hard failure.
• The poller now halts at the first message that fails to parse or process instead of logging it and moving on. A stuck UID holds up the queue (surfaced via errorCount/last_error) until it's addressed; previously a later success persisted LastUID past the failure and the bad message was searched past on the next tick.
• UIDVALIDITY is now tracked in email_channel_state. On a mismatch (mailbox restore, quota reset, folder migration) sinceUID resets to 0 so we neither skip new messages below the stale LastUID nor reprocess old ones.

Security

• Integration OAuth redirect_uri is built exclusively from the configured baseURL. The X-Forwarded-Host / Host header fallback is removed: an unconfigured base URL now returns 503 on StartOAuth and a redirect-with-error on callback rather than silently generating a redirect through an attacker-controlled host.
• SCIM PATCH error responses no longer embed raw driver error text (constraint names, FK messages) in the SCIM body. The full error is logged server-side with the token prefix for IdP correlation; the client sees a generic Patch operation failed.
• Unknown SCIM PATCH paths emit an <unsupported> breadcrumb in the aggregate audit row instead of a silent no-op, so IdP misconfiguration leaves a grep-able trail.
• asset_action_service.executeSetField no longer interpolates field names into SQL via fmt.Sprintf. The whitelist is preserved but the write radius has no interpolation.
• The Milkdown link sanitizer now blocks protocol-relative URLs (//evil.com). The previous isSafeUrl returned true for any value without a colon, and browsers resolve protocol-relative URLs against the current scheme.

SCIM audit trail

• Group create/replace/patch now emit per-member add/remove audit events, including which (if any) users failed FK or permission checks.
• User and group PATCH capture per-attribute old/new values in details.changes for forensic replay.
• When a SCIM request deactivates a user (DELETE, PUT active=false, PATCH active=false) the change cascades to owned agents, API tokens and app tokens. An in-app notification is raised for every active system admin so integrations can be re-pointed before credentials go stale.

Hierarchy integrity

• Parent-id cycle detection now runs inside the same transaction that writes the new parent, using SELECT … FOR UPDATE on Postgres. Two concurrent reparents can no longer each pass their individual check and together create a cycle.
• ItemFieldValidator gains a cycle-check hook (wired up by default for user-facing updates) so parent changes made through ValidateAndApplyUpdates are now also rejected when they'd create a cycle or self-parent.
• Every recursive CTE in HierarchyService (GetAncestors, GetDescendants, CountDescendants, GetRoot) is capped at a shared depth ceiling. GetRoot now surfaces depth exhaustion as an error rather than a silent nil so callers cannot confuse it with "no parent".

Frontend

• Added a shared CopyButton component and utils/clipboard.js utility with a legacy-browser fallback. Nine call sites (token views, settings, portal URL badges, form-integration panel, etc.) migrated to it; removes hand-rolled navigator.clipboard.writeText wrappers with inconsistent feedback and an incidental shared-state bug in the form integration panel.
• Ten hand-rolled empty states migrated to the shared EmptyState component (email log, test sets, form builder, organisation detail, notification tray, execution trace modal, chat panel, Security credentials and API tokens, test template detail, SSO provider list, repository picker).
• Four hand-rolled alert banners migrated to AlertBox (theme manager, hierarchy-level manager, channel SMTP/webhook test-result panels).
• Asset relationship graph now themes the Svelte Flow chrome (background, controls, minimap, attribution, edge labels) with design-system tokens instead of the library's bright-white defaults.
• BoardConfiguration.GetByCollection at the workspace-default path returns an empty default configuration on first load instead of 404.
• AI Features save no longer fails when a feature had no prior config — setConnectionId and setSchedule now default mode to the same value the UI renders.
• Dropped a no-op "Help" button from the WorkItemFilter QL panel.

Backend / internal

• Permission middleware: RequireGlobalPermission, RequireWorkspacePermission and RequireAnyWorkspacePermission now share a single requireWithCheck scaffold.
• actionutil.UpdateActionGraph wraps the "begin tx + UPDATE row + replace node/edge graph + commit" transaction used by the action, asset-action and logbook-action repositories.
• LLM clients (httpClient for llama.cpp, openaiClient) share a baseChatBody request assembler and a postChatCompletion marshal+POST helper. Each client only adds its provider-specific field (grammar for llama.cpp, response_format for OpenAI).
• scm.refreshItemSCMLink unifies RefreshItemSCMLink and RefreshItemSCMLinkForUser; credential resolution picks the workspace or user strategy off an optional userID.
• middleware.requireWithCheck, HandlerPlugins.invokeEnabledPlugin, BaseHandler.requireWorkspaceIDAndID(ForWrite), CommentHandler.requireEditableComment, AssetTypeHandler.requireAssetTypeViewAccess, IntegrationItemLinksHandler.requireItemEditAuth, MilestoneHandler.requireMilestoneMutateAccess, scanTestRun, scanProvider, scanLinkIDs, queryCapabilities, respondConditionSets, respondTimeProjects, resolvePortalBySlug, resolveRuleForItem, resolveActionableToken, queryProviders, appendCustomScreenFields, applyGitHubAppCredentials, applyRequestTypeVisibility, unmarshalIntIDs: new shared helpers replacing per-handler copy-paste scaffolds.
• Plugin manager: shared types and With* options moved to manager_common.go so the real and noplugins stub builds don't diverge. Fixes a pre-existing build break where go build -tags noplugins ./... failed because manager.go lacked its !noplugins build tag.
• Repository: dropped an unused duplicate DynamicUpdateBuilder type.
• AvailableField + appendCustomScreenFields hoisted to internal/handlers/base.go so asset_reports.GetAvailableFields and request_types.GetAvailableFields don't each carry the same inline type and 30-line screen-fields SELECT.

CLI

• ws init can now complete authorization interactively against a running server.
• ws config groups the previously scattered configuration flags.

Upgrade notes

• The email-receiver schema adds a uid_validity column to email_channel_state (INTEGER on SQLite, BIGINT on Postgres). Both fresh-install schemas and the existing-database migration lists carry it.
• The CLI onboarding flow adds a cli_auth_codes table; migration is automatic.
• noplugins builds: if you build with -tags noplugins, this is the first release in which that build is again functional.

Windshift v0.5.5

Windshift v0.5.5

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Features

• Added migration paths for postgres databases, missing from 0.5.4 release

Windshift v0.5.4

Windshift v0.5.4

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Features

• No new features in this release, only needed backend maintenance

Enhancements

• Added review tags to identify manually reviewed code sites
• Centralized ENV and command line args handling to avoid silently ignoring options
• Added http support to enable easily getting started on Dokploy (Do not use http unless you are on a fully private network)

Windshift v0.5.3

Windshift v0.5.3

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Features

Agent Management

• User-managed agents: create, edit and assign permissions to agents through the UI. These agents inherit the users permissions and can be tied to user accounts, providing a clear identification trail for any changes.
• Permission invalidation propagates to agents when roles or groups of the connected user change
• Schema and runtime migrations add the required columns on upgrade

Asset reports

• New form mode for asset reports with configurable report fields
• Customise which fields are exposed per report type

Public REST API

• Added a v1 milestone progress endpoint

Editor

• Code blocks in the Milkdown editor are now syntax-highlighted via Shiki

Portal Hub

• Open-request count now appears as a badge on the hub Inbox button, matching the badge shown on individual portals

Enhancements

Frontend

• Replaced remaining native alert() calls with the shared error toast
• Replaced the theme cycle button with an explicit accordion picker; new accordion type available in the DropdownMenu component
• Localized status-category delete errors and fixed a plural-syntax issue in translations
• Assorted modal and layout fixes

Backend

• Consolidated all asset SQL behind AssetRepository
• Routed the remaining workspace, homepage, personal, portal, configuration-set and asset-link handlers through ItemRepository, removing the last inline item SQL
• Extracted dedicated repositories for test coverage, test runs, test sets, test folders, test run templates and test summaries
• Repository extensions for CQL lookup, everyone-role helpers and item consolidation queries
• Dropped a broken asset-reports route and tidied hub.go imports
• Refactored the analytics linear-forecast path for clarity

CLI

• Several improvements to cmd/ws

Windshift v0.5.2

Windshift v0.5.2

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Enhancements

Frontend

• Removed duplicate code, pulled more code into standard components
• Hub Inbox did not display Requests correctly
• Replace all javascript navigation function with native links or fallbacks to native links so that Ctrl / Click works across the app
• Make dates more timezone safe

Backend

• Hardened Item Linking permission so that Asset and Test Case permissions are also respected
• Added missing audit events (portal customer related)
• Persists is_enabled flag for assets correctly
• Added cycle detection to item hierarchy (would lead to endless loops when connecting items incorrectly via api)
• Hardened portal registration (added options for domain whitelist and no-signup option)

Windshift v0.5.1

Windshift v0.5.1

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

New Features

Form Channels

• Public form submission channel type — Create public-facing forms that submit directly into work items. Configure a slug, theme, brand color, logo, success message, and redirect URL per channel.
• Embeddable widget — A lightweight JavaScript widget for embedding forms on external websites.
• Portal integration — Reuses portal session and customer management for optional authenticated submissions.

Notion Integration

• OAuth-based workspace integration — Connect Notion workspaces via OAuth with encrypted credential storage and CSRF-protected state tokens.
• Item linking — Link work items to Notion pages and databases from the item detail view.

AI Assistant

• Comment tools — The AI chat assistant can now list and add comments on work items, with workspace access checks and audit trail.

---

Enhancements

Frontend

• Design system tokens — Replaced hardcoded dark mode color ternaries with centralized design system CSS variables across portal and hub components.
• Icon selector improvements — Added a colorOnly mode for standalone color selection, injectable icon maps, compact color-swatch trigger, and improved search.
• Color picker consolidation — Removed the standalone ColorPicker component in favor of the updated IconSelector with color-only mode.
• Command palette — Added additional navigation entries.
• Locale additions — New i18n strings for channels, forms, workspaces, and navigation.

Backend

• Condition set fallback — Condition set lookups now fall back to the default configuration set (with item type override) when no workspace-specific set is configured.
• Analytics query — Cumulative flow chart now resolves the workspace workflow or falls back to the default workflow, fixing empty charts for workspaces using default configuration.
• Script engine — User-authored condition scripts with top-level return statements are automatically retried wrapped in an IIFE, preventing syntax errors.
• Condition filter logging — Condition filtering errors are now logged with item and condition set context instead of being silently swallowed.
• Condition config scanning — Fixed JSON deserialization of condition config when loading condition sets for editing.

Code Quality

• Codebase deduplication — Systematic extraction of shared helpers across auth, SSO, WebAuthn, repositories, services, REST API handlers, CLI, plugins, and middleware. Reduced duplication while improving consistency.

---

Security

• Personal workspace isolation — Personal workspaces are now excluded from implicit "Everyone" permissions. Previously, users could access other users' personal workspaces through the implicit Viewer/Editor/Tester grant. Personal workspace owners retain full access through dedicated ownership checks across permission caching, workspace listings, and fallback queries.

---

Windshift v0.5.0

Windshift v0.5.0 — Clear Horizon

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

New Features

Condition Sets

• Rule-based transition restrictions — Define conditions that control when workflow transitions are available. Supports role checks, group membership, field regex matching, and sandboxed JavaScript scripts.

Recurring Tasks

• RRULE-based recurrence — Attach recurrence rules to items with configurable frequency (daily, weekly, monthly, yearly), lead time, and timezone.

Public Boards

• Shareable public links — Share a read-only board view via public link. No login required for viewers.
• Property display — Shows status, priority, type, assignee, due date, story points, and labels on public items.
• Public board attachments — Embedded images in descriptions load on public boards via a new unauthenticated endpoint. Image-only, with path traversal protection.

Internal Comments

• Workspace setting — New internal_comments_enabled workspace setting for internal/private notes outside portal requests.
• Settings UI toggle — Enable or disable internal comments from workspace settings.

Custom Field Options Migration

• ID-based options — Select and multiselect custom fields now use ID-based options instead of raw strings.
• Automatic migration — Legacy string-array options are auto-migrated on startup. Stale references are cleaned up on option delete.

---

Enhancements

Performance

• Rate limiter improvements — Per-user keying on authenticated routes prevents shared-IP exhaustion. New --disable-ip-rate-limit flag for unauthenticated requests. AI endpoint limit raised to 20/min.
• Logbook upload rate limiting — Rate limits applied to logbook upload endpoints.

Item Detail & Sidebar

• Collapsible Scheduling section — New collapsible section in the item detail sidebar for scheduling-related fields.
• Revamped content layout — Improved item detail sidebar structure and content organization.

Collections & Roadmap

• Roadmap fixes — Fixed orphaned parent items, improved link fetching, and added a settings panel.
• Collection breadcrumbs — Improved breadcrumb navigation for collections.
• Iteration timeline — Iteration timeline widget for visualizing iteration progress.
• Upcoming deadlines — Enhanced upcoming deadlines widget.

---

Security & Hardening

• Fix user email exposure — Resolved an issue where user emails were exposed in portal comments and the V1 REST API.
• Public board item limit — Reduced public board item limit from 1000 to 500.
• Upload validation hardening — Stricter file upload validation for attachments and logbook entries with additional content-type and size checks.
• Permission hardening — Additional permission checks across label, asset link, comment, and diagram handlers.

Windshift v0.5.0-rc2

Windshift v0.5.0-rc2

---

Suitable for small-scale production use.

Windshift is maturing and can now be used for small-scale production workloads. Be aware that APIs, data formats, and configuration may still change between releases without guaranteed migration paths. We recommend keeping backups and testing upgrades in a staging environment before applying them.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

What's New in rc2

Security

• Fix user email exposure — Resolved an issue where user emails were exposed in portal comments and the V1 REST API.
• Public board item limit — Reduced the public board item limit from 1000 to 500.

Internationalization

• Chinese locale support — Added Chinese (zh-CN) locale.

Time Tracking

• Customer required for projects — Customer is now a required field when creating or editing projects.

UI Fixes

• Dark mode fix in asset manager — Corrected styling issues in the asset manager under dark mode.
• Public board improvements — Various polish and usability improvements to public boards.

Internal

• Workspace handler refactor — Workspace handler refactored to the repository pattern.
• About page scope reduced — Trimmed the about page to essential information.

---

Highlights (rc1)

Workspace Analytics

• Analytics dashboard — New workspace analytics page with cumulative flow, cycle time, and velocity charts.
• Monte Carlo forecast — Forecast panel using Monte Carlo simulation to project completion dates based on historical throughput.

Public Boards

• Shareable public links — Share a read-only board view via public link. No login required for viewers.
• Item detail modal — Two-column layout with description and comments on the left, properties sidebar on the right.
• Property display — Shows status, priority, type, assignee, due date, story points, and labels on public items.

Rate Limiter Improvements

• Per-user keying — Authenticated routes now key rate limits by user ID instead of IP address, preventing shared-IP users (NAT, office networks) from exhausting each other's buckets.
• Configurable IP limiting — New --disable-ip-rate-limit flag to disable IP-based rate limiting for unauthenticated requests.
• AI rate limit increase — AI endpoint rate limit raised from 5/min to 20/min.

Internal Comments

• Workspace setting — New internal_comments_enabled workspace setting for internal/private notes outside portal requests.
• Settings UI toggle — Enable or disable internal comments from workspace settings.
• Plugin comment creation — Host functions for plugin comment creation with SuppressNotifications option.

Upload Validation Hardening

• Stricter upload checks — Hardened file upload validation for attachments and logbook entries with additional content-type and size checks.

Collections & Navigation

• Collection breadcrumbs — Improved breadcrumb navigation for collections.
• Iteration timeline — New iteration timeline widget for visualizing iteration progress.
• Upcoming deadlines — Enhanced upcoming deadlines widget.

Permission Hardening

• Broader permission coverage — Additional permission checks across label, asset link, comment, and diagram handlers.

Windshift v0.5.0-rc1

Windshift v0.5.0-rc1

---

Not recommended for production use.

Windshift is an early release that is still undergoing internal testing. APIs, data formats, and configuration may change between releases without migration paths. We publish this release to invite early exploration, testing, and feedback - not to support production workloads.

If you encounter issues or have ideas, please open an issue. Your feedback at this stage is incredibly valuable.

---

Highlights

Workspace Analytics

• Analytics dashboard — New workspace analytics page with cumulative flow, cycle time, and velocity charts.
• Monte Carlo forecast — Forecast panel using Monte Carlo simulation to project completion dates based on historical throughput.

Public Boards

• Shareable public links — Share a read-only board view via public link. No login required for viewers.
• Item detail modal — Two-column layout with description and comments on the left, properties sidebar on the right.
• Property display — Shows status, priority, type, assignee, due date, story points, and labels on public items.

Rate Limiter Improvements

• Per-user keying — Authenticated routes now key rate limits by user ID instead of IP address, preventing shared-IP users (NAT, office networks) from exhausting each other's buckets.
• Configurable IP limiting — New --disable-ip-rate-limit flag to disable IP-based rate limiting for unauthenticated requests.
• AI rate limit increase — AI endpoint rate limit raised from 5/min to 20/min.

Internal Comments

• Workspace setting — New internal_comments_enabled workspace setting for internal/private notes outside portal requests.
• Settings UI toggle — Enable or disable internal comments from workspace settings.
• Plugin comment creation — Host functions for plugin comment creation with SuppressNotifications option.

Upload Validation Hardening

• Stricter upload checks — Hardened file upload validation for attachments and logbook entries with additional content-type and size checks.

Collections & Navigation

• Collection breadcrumbs — Improved breadcrumb navigation for collections.
• Iteration timeline — New iteration timeline widget for visualizing iteration progress.
• Upcoming deadlines — Enhanced upcoming deadlines widget.

Permission Hardening

• Broader permission coverage — Additional permission checks across label, asset link, comment, and diagram handlers.