Release Notes

May 2026

AI Assistant: Multi-Domain Data Queries

  • The AI assistant can now answer questions across your entire account: compliance, DevOps, help desk, QA, tasks, incidents, sales, contacts, calendar, and notes.
  • Ask natural language questions like “What is the status of our current sprint?” or “Show me overdue tickets” and get instant answers from your live data.
  • Multi-turn conversations: ask follow-up questions and the AI remembers context from earlier in the conversation.
  • Tools shown to each user respect their role permissions and enabled features, ensuring data isolation.

AI Policy Writing Assistant

  • New AI panel in the compliance policy editor (sparkle icon in the toolbar).
  • Generate complete policy templates from a topic description with sections for purpose, scope, responsibilities, and procedures.
  • Refine existing policy content with quick actions: Shorter, More Detail, More Formal, Simplify, and Fix Grammar.
  • Custom instructions for specific refinements like “Add a section about data classification levels”.
  • Preview generated content before inserting at cursor position or replacing the entire document.
  • Streamed responses for real-time feedback as content is generated.

AI-Powered Compliance Search

  • Search your published policies and procedures using natural language questions.
  • AI responses include citations referencing specific policies by name.
  • Results are scoped exclusively to your account with multi-layer tenant isolation.

Email AI Improvements

  • Supports longer email threads and drafts without losing context.
  • Smarter summarization of long threads: recent messages kept in full, older messages condensed into key points.
  • Higher character limits for notes, content, and instructions.

New Permissions

  • “Compliance AI: Search” for searching policies and procedures via AI.
  • “Compliance AI: Generate” for generating templates and completing sections.
  • Available in role management under “Compliance and Security”.

Bug Fix: Account Activation Emails

  • Fixed an issue where account verification and invitation emails could silently fail during registration if the mail provider was temporarily unavailable.
  • All auth-related emails are now queued and automatically retried up to 3 times on failure.

General Bug Fixes

  • Fixed the account setup flow to validate invitation tokens on page load instead of only at form submission. Expired links now show a clear “Link Expired” state with the option to request a new invitation email, and already-activated accounts are directed to the password reset flow.

Reporting and Navigation

  • New Compliance Reports page: see requirements by status, controls by implementation, and overall compliance percentages at a glance.
  • New Sales Reports page: track deals by stage, pipeline value over time, lead conversion, and key sales metrics.
  • New Feedback Reports page: review feedback distribution by type, status, and priority, plus submission trends.
  • New Calendar Reports page: visualize events by day of week, source, and trends over time.
  • CSV export added to DevOps, QA, Task, and Incident reports (PDF was already available).
  • Smart filtering with the new token search bar across Compliance, Sales, Feedback, Calendar, and Incident reports, including support for “is” and “is not” filters.
  • Quick date range pills (7 Days, 30 Days, 90 Days, 1 Year) on all report pages.
  • New Reports permission group in role management for granular access control to each report type.
  • New MCP tools for pulling Compliance, Sales, Feedback, and Calendar report data into AI assistants and external integrations.
  • Help Desk Reports moved into the main Reports section so all reports live in one place.
  • Cleaner sidebar with the Automation group removed (workflows are still accessible from their dedicated pages).
  • Consistent Export CSV and Export PDF buttons across every report page.
  • Faster, more reliable filtering on report charts.

Workflow Triggers

  • Added scheduled, time-relative, inactivity, manual, webhook, and form-submission triggers alongside existing entity triggers.
  • Manual run button available on issue, ticket, task, lead, deal, opportunity, and contact detail pages.
  • Webhook workflows expose rotatable signing secrets via a reveal-once dialog.

Workflow Actions

  • New record actions: create, update, set field, transition status, add and remove tag, change assignee, archive, and delete.
  • New notification actions: email and in-app.
  • New helpdesk actions: create ticket, assign SLA, escalate, send canned response, and add internal note.
  • New calendar and activity actions: create calendar event, create note, and log sales activity.
  • New external actions: HTTP request and generate PDF.
  • New AI actions: summarize, classify, and draft response.
  • New control flow actions: branch, for-each loop, wait, and call sub-workflow.

Workflow Visual Editor

  • Guided expression builder dialog with pickers for trigger fields, related-entity fields, step outputs, loop items, and change sets.
  • Filter pipeline covering upper, lower, title, date, truncate, default, json, map, take, and join.
  • Branch and for-each editors now support Add Branch, Add Loop, Add Sub-workflow, and Add Action in place, with loop-item schema autocomplete threaded through nested dialogs.
  • Relational field pickers traverse allow-listed relationships automatically.

Workflow Summarize and Email Pattern

  • New scheduled digest pattern: pull recent records, summarize with AI, render a PDF, and email as an attachment.
  • Dynamic date placeholders like {{now}}, {{now -7d}}, and {{now -1w}}, plus relative-date filters on for-each query sources.
  • Loop aggregation exposes an items array for downstream map and join filters.
  • Email attachments can come from earlier step outputs, and record-content PDFs are supported for notes, tasks, issues, incidents, user stories, policies, and procedures.
  • New entity-agnostic digest PDF template with a matching weekly-digest entry in the gallery.

Workflow Template Gallery

  • Added templates: classify inbound ticket, data-breach 72-hour reminder, deal-won celebration, new-issue-to-sprint, overdue task reminder, policy-published acknowledgement, sprint-start welcome, test-execution failure issue, and weekly stale tickets digest.
  • Fixed template instantiation so schedules, nested for-each and branch children, trigger config, mailbox bindings, rate limits, alerting thresholds, and custom object bindings are preserved.
  • Templates still create workflows in a disabled state for review.

Workflow Management

  • Export and import workflows as portable JSON with multi-tenant rebinding.
  • Versioning captures every definition change and supports restore.
  • Audit log tracks who changed what.
  • Dry-run mode executes against real or synthetic entities with no side effects.
  • Metrics dashboard shows success rate, execution count, and average duration per workflow.

Workflow Reliability

  • Execution correctness: after-commit dispatch, proper wait and retry state propagation, cycle detection on sub-workflow graphs, batched context writes for large loops, and chunked inactivity sweeps.
  • Scheduling: atomic schedule claim prevents duplicate runs, and rate-limit drops now alert with cooldown.
  • Security and validation: bulk ID validation on mutation endpoints, webhook payload sanitization, and cross-account binding validation on import.
  • Versioning and data: version-number uniqueness, transactional restores, and MongoDB entry ID handling.

Workflow Mailbox Dependencies

  • Email-sending workflows now require an explicit shared mailbox (no default fallback).
  • Workflows depending on a deactivated, deleted, or disconnected mailbox are auto-disabled with author notification.

Workflow Scheduling Cadence Floor

  • Scheduled workflows enforce a minimum of every 5 minutes, and inactivity thresholds in minutes must be at least 15 minutes.
  • Interval picker, custom cron input, and inactivity threshold input reflect the floors with updated hints and validation.
  • Existing sub-floor workflows keep running, but any save submitting a sub-floor cadence is rejected.

MCP Server for AI Clients

  • workflows tool rewritten to reach parity with the Angular console.
  • New resources for workflow metrics and the template gallery.
  • New operations: bulk enable, disable, delete, webhook rotation, dry-run, manual run discovery and dispatch, audits, version history, restore, export, import, and import-placeholder extraction.
  • New reference-data endpoints: trigger sources, entity-relation allow lists, object types, mailboxes, forms, callable workflows, SMS and email recipients, and placeholder validation.
  • Tool description documents every placeholder form, filter, and action type with examples, plus the full scope and feature-flag matrix, and surfaces the new cadence floors.

Compliance Framework

  • Policy attestation flow reworked: publishing creates attestation records for every assigned user group, version transitions are handled cleanly, and attestation thresholds are respected.
  • Frameworks, requirements, and procedures gained soft deletes and filter indexes.
  • Attestation records are now properly account-scoped, and compliance status recalculations fire at the right moments.
  • Evidence and procedure recurrence handling is more robust.

Role-Based Access Control

  • Permission and role services resolve assignments and edge cases more consistently.
  • Admin role bootstrap command covers previously missing paths.
  • Account-user metadata gained fields for future role-scoping, and the frontend permission directive and service were updated to match.

PDF Output

  • Cleaner layouts, consistent typography, better long-content handling, and improved tables and sanitized HTML across digests, default template, incident reports, and record-content exports.
  • German and Spanish translations backfilled for PDF labels.

Diagram Builder

  • The Diagram Builder received a comprehensive round of robustness improvements covering over 20 bug fixes. Container shapes (mobile frames, dialogs, web pages) now correctly handle child shape lifecycle during duplication, deletion, rotation, and undo/redo operations. Rotating a container properly rotates all child shapes and their connection points together. Connector routing was improved with better orthogonal path previews during reconnection, automatic waypoint cleanup, and accurate label positioning on multi-segment paths. Group transforms no longer accumulate rotation incorrectly, and dragging grouped containers now moves their children along. Keyboard shortcuts (Ctrl+Shift+Z for redo, Delete key) work more reliably, grid lines maintain consistent thickness at all zoom levels, diagram list pagination is corrected, and export no longer crashes on orphaned connectors. Saving diagrams with rotated shapes is now handled gracefully on both frontend and backend.

April 2026

  • The main dashboard has been completely redesigned with a customizable, widget-based architecture. Users can now personalize their dashboard by toggling widgets on or off, reordering them via drag-and-drop, and choosing from seven role-based templates (Developer, QA Engineer, Support Agent, Compliance Officer, Sales Rep, Manager, and All Widgets). Quick Actions have been moved to the top of the page for immediate access, and a new “My Work” widget shows issues, tasks, and tickets assigned to the current user. Five new widgets bring previously hidden data to the dashboard: Help Desk Overview (open tickets, SLA breaches, priority breakdown), Compliance Status (overall compliance percentage, framework health), Sales Pipeline (open deals, pipeline value, win rate), Upcoming Calendar Events, and Notifications Summary. Each widget supports collapse/expand with lazy loading, skeleton loading animations, and 7-day trend sparkline charts. An auto-refresh feature lets users set a 5, 15, or 30 minute interval that pauses when the browser tab is hidden.
  • The Diagram Builder received a major code refactoring that consolidated 18,800 lines of duplicated rendering code across the list, view, and edit pages into shared utility modules, making the codebase significantly easier to maintain and extend. Orthogonal connector routing was improved so that manually adjusted line paths are preserved when shapes are moved, and connector selection was fixed to work reliably. A new JSON export/import feature was added, allowing diagrams to be exported as structured JSON files (alongside the existing PNG and PDF options) and imported back into the application as new diagrams, accessible from all three diagram pages with full English, Spanish, and German language support. The JSON import pipeline includes comprehensive security validation on both the frontend and backend, covering file size limits (10 MB), shape and connector count caps, structural validation of all shapes and connectors, string length enforcement, numeric bounds checking, duplicate ID detection, dangling connector reference detection, and HTML tag sanitization to prevent XSS.
  • Fixed attestation progress showing 100% when no users have completed attestation. Policies with no assigned users or empty groups now correctly display 0% instead of 100%.
  • Added a Compliance Mapping section to the policy view page. When a policy has linked controls, the section displays each control with its identifier, title, and implementation status, along with the mapped requirements (showing reference code, title, and parent framework) and linked procedures. Requirement and procedure chips are clickable and navigate to their respective detail pages.
  • A new “General Business Policies” compliance framework template is now available alongside ISO 27001 and GDPR, giving business owners a ready-made set of 25 draft policies covering governance, HR, health and safety, IT, and financial operations, with 18 step-by-step operational procedures and 25 controls, all pre-linked. All three framework templates now scaffold operational procedures with practical step-by-step guidance (15 for ISO 27001, 15 for GDPR, 18 for General Business) and automatically create an “All Staff” user group with the relevant staff-facing policies pre-assigned, so after reviewing and publishing policies, you only need to add your team members to the group for them to receive attestation requests.
  • The User Groups dialog in the Compliance module has been enhanced with full policy visibility and management. When viewing a user group, the dialog now uses a tabbed interface with separate Details, Members, and Policies tabs, making it easy to see which policies are assigned to the group along with their status, category, and due dates. When editing or creating a user group, a new Policies tab lets you search, filter, and select policies to assign, with a token search bar that supports filtering by framework, status, and category. The policy category filter across the application (including the main Policies list page and the policy edit form) now dynamically derives its options from the categories actually in use rather than showing a static list, so categories like “Governance” or “Health and Safety” from scaffolded frameworks appear correctly. The General Business Policies framework has also been moved to the top of the scaffold template list for easier access.
  • ISO Mate now includes Sales Pipeline Management, giving your team a complete toolkit for tracking prospects from first contact to closed revenue. Create custom pipelines with configurable stages, capture leads and progress them through New, Contacted, Qualified, and Converted statuses, then convert them to opportunities with win probability and close dates. When an opportunity is ready, convert it to a deal with product line items, quantity, unit pricing, and discount calculations. Visualize your deals on a drag-and-drop Kanban board, manage a product catalog with price books for different markets, and link contacts to any record with roles like Decision Maker, Influencer, and Technical Evaluator. Connect tasks, calendar events, notes, and emails to any lead, opportunity, or deal for a complete interaction history, all tracked automatically in the activity timeline. Monitor performance with the Sales Dashboard, featuring pipeline distribution, weighted revenue forecasting, win rate tracking, conversion metrics, and a funnel summary across all three record types. Export leads, opportunities, deals, and products to CSV or PDF, and control access with granular permissions across Leads, Opportunities, Deals, Pipelines, and Products.
  • The Notifications page now uses the same token search bar found across all other list pages, replacing the old filter dropdowns with inline chip-based filters for status (read/unread) and category, complete with “is” and “is not” operators and date range filtering. Additionally, every token search bar throughout ISO Mate now remembers your filter selections. When you set filters on any list page (tasks, issues, notifications, test cases, deals, incidents, compliance, and more), navigating away and returning will automatically restore your previous filter configuration, so you never have to re-apply filters after switching between pages.
  • Fixed an issue where emails in the mailbox inbox could appear out of order after syncing by adding a stable secondary sort to prevent emails with identical timestamps from shifting position.
  • Notification sounds now have a 30-second cooldown to prevent rapid-fire alerts when multiple notifications arrive in quick succession. The first notification in a burst plays the sound as usual, and any further notifications within the next 30 seconds are silent. After the cooldown expires, the next incoming notification will trigger the sound again.
  • Fixed an issue where the AI Email Assist feature would fail with a validation error when including email thread context for draft generation, particularly with longer or HTML-rich emails like newsletters. The thread context is now stripped of HTML markup and trimmed to only the most recent message before being sent to the AI, significantly reducing payload size and improving response quality. A warning indicator now appears when the thread context is large and will be truncated. Additionally, the system will automatically retry with reduced context if the AI service encounters an error, rather than surfacing a generic failure message.
  • Issue descriptions with large or richly formatted content were being silently truncated when saved. The storage limit has been increased to support longer descriptions without data loss.
  • Fixed an issue where events synced from Google Calendar could appear on the wrong day for users in certain timezones, particularly those with large UTC offsets like New Zealand or South Africa. Also resolved a problem where removing individual occurrences from a recurring event in Google Calendar wasn’t reflected in ISO Mate, leaving deleted events still visible on the calendar. Additionally, deleting a single instance of a synced recurring event from within ISO Mate now correctly syncs the removal back to Google Calendar, so the event no longer reappears after the next sync.
  • Fixed an issue where Google mailboxes and Git repository connections (GitHub, GitLab, Bitbucket) would permanently disconnect after a single transient error, such as a network timeout or temporary API outage. Previously, any failed token refresh or API error immediately marked the connection as requiring manual reconnection, even when the underlying credentials were still valid. Connections now track consecutive failures and automatically retry on the next sync cycle, only requiring manual intervention after three consecutive failures. Successful syncs reset the failure counter, so brief disruptions resolve themselves without user action. Permanent errors like revoked tokens or insufficient permissions continue to disconnect immediately as expected.
  • Help desk agents can now select which shared mailbox to send ticket replies from, with the reply section adapting based on mailbox availability.
  • The workflow builder gains three new features for email triggers: an Email Classification condition that distinguishes new inbound emails from replies to existing tickets, an Extract Ticket References action that scans email subjects and bodies for ticket reference numbers using configurable regex patterns, and a Link Email to Ticket action that creates entity links between emails and matched tickets. Tickets created from email workflows are now automatically linked to the originating email, and linked entities on the ticket view page display with proper icons, labels, and clickable navigation for all entity types including emails.

March 2026

New Features

  • The ISO Mate MCP server now supports 12 tool providers, giving AI assistants and IDE tools full access to your account. In addition to the existing issue management tools, you can now manage sprints, releases, user stories, and features (DevOps), test cases, test cycles, test executions, and test environments (QA), tasks and recurring tasks, incidents with status workflows and audit logs, compliance frameworks, requirements, controls, policies, procedures, evidence, and attestations, help desk tickets and canned responses, notes with folders and tags, custom object types and entries with schema validation, workflow automations with execution history and configuration discovery, and contacts. Read-only billing tools are also available for viewing subscription and invoice details. All tools are secured with scoped API tokens and follow the resource/operation pattern for consistent usage across providers.
  • ISO Mate now supports project-based issue organization and Git repository integrations. Create projects with unique key prefixes (e.g., PROJ, API, WEB) to group issues under a shared namespace, then connect GitHub, GitLab, or Bitbucket repositories using personal access tokens, fine-grained tokens, or repository access tokens. A background sync runs every 15 minutes to match issue keys in branch names, commit messages, and PR titles, automatically linking Git activity to the correct issues. From the issue detail page, you can view all linked branches, commits, and pull requests grouped by repository, create branches and draft pull requests directly in connected repos, and manage linked items with unlink, delete, or close actions. A manual refresh button on the Git Activity card lets you trigger an on-demand sync without waiting for the next scheduled run. Projects also include a dedicated view page showing project details with associated issues, and improved CSV/PDF exports that include repository connections and issue counts.
  • Get instant answers about ISO Mate directly inside the platform. The new AI Support Chat is a built-in assistant powered by Amazon Bedrock that can answer questions about features, workflows, and configuration using the ISO Mate knowledge base. To ensure fair usage, AI chat is limited to 20 messages per hour per user.
  • Compose emails faster with the new AI-powered drafting and refinement tools built into the email editor. Describe what you want to say, pick a tone (professional, friendly, formal, or concise), and let AI generate a polished draft for you. Already have content? Use the Refine tab to make it shorter, longer, more formal, friendlier, or fix grammar with one click, or provide custom instructions for more specific changes. AI-generated content can be inserted at your cursor position or used to replace the editor content entirely. Responses stream in real time so you can see the output as it’s being written. Available in English, Spanish, and German.

Feature Updates

  • Issues can now be prioritized using Impact, Confidence, and Ease scores (1 to 10). The system auto-calculates a composite ICE score factoring in issue type weight and source multiplier (internal vs external). Includes a sortable ICE column on the list page, inline editing, source filtering, and export support.

Improvements

  • List filters are replaced with token-based search bars with “is” / “is not” operators, so you can include or exclude values (e.g., “Status is not Done”).
  • Free-text search is built right into the same token-based search bar with debounce.
  • Sort field and direction controls sit alongside the token-based search bar, and stay in sync with table column header sorting.
  • Each search token can be removed individually, or you can clear all filters at once.
  • The token-based search bar is consistent across all pages, same interaction pattern everywhere.
  • Improved the dashboard issues summary widget to exclude Epics and Subtasks from counts, showing only actionable work items (Stories, Tasks, Bugs). Added a breakdown by issue type for better workload visibility.
  • Task list now defaults to showing only incomplete tasks (pending, in progress, cancelled) on load, keeping the focus on actionable items. Users can still view completed tasks by changing the filter.
  • Shortened token expiry durations for improved security. Password reset tokens now expire after 30 minutes (was 60), email verification after 1 hour (was 24 hours), and user invitations after 4 hours.
  • Added the ability to drag-and-drop reorder mailboxes in the email sidebar. Sort order is stored per user so each user can customize their own mailbox arrangement.

Bug Fixes

  • Fixed email folder unread counts showing stale values after marking emails as read/unread or archiving. Label folders now recalculate counts correctly alongside the primary folder.
  • Fixed issue comments not displaying on the issue detail page. Added full CRUD support for issue comments including API endpoints, frontend service, and UI.
  • Fixed an issue where “Reply All” only sent to the original sender, ignoring CC recipients and backend have been corrected.
  • Revoked API tokens no longer appear in the token list. The backend now filters out revoked tokens, and the success snackbar positioning has been corrected to match app-wide standards.
  • The assignee button and selector on subtasks now works correctly when editing an issue.
  • Inbound email counts now refresh in real-time while navigating the app, without requiring a manual reload.
  • Mailbox sync now reports the correct number of emails processed.
  • Super admins can now view feedback screenshots in the admin console. Added thumbnail display with click-to-enlarge functionality.
  • Overdue day calculations on tasks now round correctly.

Security

  • SVG file uploads in chat are now sanitized to strip malicious content (scripts, event handlers, foreignObject elements). A restrictive Content-Security-Policy header is also applied when serving SVGs.