Release Notes

Product updates and improvements

Update Dev 126

27 February 2026

This release significantly enhances the application's security posture, refines core asset management workflows, and improves the robustness of Xero Practice Manager (XPM) integration. Key security improvements include hardening debug API routes with strict access controls and implementing a comprehensive Sentry error monitoring setup. The asset allocation page now provides a more flexible approach to managing assets by introducing an "unowned assets" state, allowing for better control over asset lifecycle. Furthermore, the XPM reconciliation and synchronization processes have been made more intelligent with structured error reporting and refined handling of complex relationship types.

Highlights

  • Security Hardening for Debug Routes: Implemented robust access controls, including production lockout, authentication, and admin role checks, for diagram tuning API routes, backed by new unit tests.
  • Comprehensive Sentry Integration: Added full Sentry client, server, and edge configurations, including error capturing for _error.tsx and a new smoke test API route with security guards.
  • Enhanced Asset Management Workflow: Reworked asset deletion logic in the UI to prevent automatic asset deletion when the last owner is removed, instead marking assets as 'unowned' and introducing a dedicated section for managing them, including bulk deletion.
  • Improved XPM Reconciliation Error Reporting: Introduced structured error details for reconciliation failures, enhancing the RunResultsPanel to display more informative messages for relationship import issues.
  • Refined XPM Relationship Sync Logic: Added sophisticated handling for 'Of' relationship types and cross-group shareholder relationships during XPM inbound and outbound sync, including reciprocal relationship filtering and deterministic deduplication.
  • Centralised Entity Type Constants: Introduced new constants (OWNER_ENTITY_TYPES, GUARANTOR_ENTITY_TYPES) to standardise entity type definitions across the application, improving consistency and maintainability.
  • Streamlined Data Loading in Asset Allocations: Optimised the initial data fetch for the Asset Allocations page by performing parallel requests for entities, assets, and relationships, reducing page flicker.
  • Updated Group Entity Counting: Modified database queries for group entity and asset counts to explicitly filter out soft-deleted entities and simplify asset counting to direct group assignments.
  • Removed Legacy Ownership Validation Service: Deprecated and removed the previous ownership validation service and its associated audit logging, reflecting the new asset management approach.
  • New Tenancy Audit Tooling: Introduced a suite of Python scripts for performing comprehensive tenancy audits across API routes, generating detailed reports in JSON and CSV formats.