Locked Down and Leveled Up — Billing Security, Tenant Isolation, and Pro/Basic Classification
New Features
No new features in this release.
Feature Updates
- AC-Driven Tenant Lifecycle Provisioning: Tenant lifecycle endpoints now provision new tenants atomically — creating the Tenant, an optional starter Scrum, and seating the supplied owner email as a TenantMembership admin in a single call, with an invitation token minted and the standard invitation email sent for new addresses.
Feature Enhancements
- Superuser-Gated Billing Permissions: The allow_billing_read and allow_billing_write flags are now restricted to superusers across all surfaces. The External API Keys create and edit forms hide these switches from tenant admins, the API Tester hides the Billing Telemetry and Tenant Lifecycle option groups from non-superusers, and the AC2 OAuth exchange silently strips both billing scopes from any submitted scope list.
- Pro/Basic Tenant Classification: Added tenant_is_pro and tenant_plan helpers to classify tenants by plan level. Pro status is determined by an active Pro scrum or a companies_enhanced_enabled override. A post-save signal automatically enables the flag on first Pro scrum creation as a sticky upgrade, with a backfill migration applied to all existing tenants with active Pro scrums. The CRM & Projects sidebar gate and navbar Pro/Basic badge now share the same predicate and can never disagree. tenant_plan is also exposed in the Period Summary external API response.
Bug Fixes
- Fixed tenant data leakage on Companies, Services, and Labels admin pages where filtering on is_demo only was allowing non-demo tenants to see each other's rows. All querysets, get-or-create calls, and POST-side saves now apply explicit tenant scoping. LabelConfig unique constraint updated to unique_together(tenant, slot) with a backfill migration for NULL-tenant rows.
- Fixed Doppelganger sessions retaining the superuser's stale tenant_id, causing impersonated tenant admins to see "Tenant: Master" in the navbar. Doppelganger start now stashes the original tenant selection and reseats the session in the target's primary TenantMembership; stop restores the saved selection.
Release List
-
Read First, Edit When Ready — Smarter Markdown Preview Behavior
-
More Power in Every View — Dataset Interactivity and Scrum Role Overrides
-
No More Ghost Tasks — Orphaned Work Items Are Now Manageable
-
Always in the Know — Live Alert Polling and Project Short Descriptions
-
Tidying Up — Code Cleanup
-
Messages, Front and Center — Smarter Notification Routing in the Alerts Panel
-
Quiet but Critical — Targeted Stability Fixes
-
Hardened, Cleaner, and More Capable — Security, Code Quality, and New Workflow Features
-
Velocity, Visibility, and Smarter Linking — A Power Release for Teams
-
Keeping the Lights On — AC2 Callback Fix
-
Smarter AI, Richer Projects, and a Fully Redesigned Alert Experience
-
Priority Clarity — Industry-Standard P1 Convention, Smarter Projects, and Cross-Context Work Items
-
Icons Rendered, Cache Cleared — FontAwesome Kit Cache Busting
-
See the Whole Picture — Kanban Views, Stakeholders, and Billing Telemetry
-
No More Accidental Saves — Smarter Button State in Work Item Modals
-
Deeper Knowledge — Glossary Domains, Footnotes, and Markdown Resources
-
Knowledge at Your Fingertips — Introducing the Resources Section
-
Approval First — Client Prerequisites, Priority Accountability, and Webhook Reliability
-
Smarter Badges, Scoped Keys — Source Tracking and API Permissions Get an Upgrade
-
Clean Queue, Clear Controls — Ticket Archiving, Deletion, and Integration Fixes
-
Know Your Customer — Intelligent Company Resolution and CSM Auto-Assignment
-
No More Timeouts — Background Webhooks and Smarter Integration Controls
-
Attach More, Organize Better — Expanded Attachments and Support Form Categories
-
Precision Under the Hood — Metrics Accuracy and Sprint Board Performance
-
Deliver Faster, Adapt Smarter, Grow with Impact — Welcome to scrumRithm™ 2.0
