Changelog

Track what’s new across Athenty. Entries are published at the end of each development day. Patch-level fixes roll up into “Various fixes and improvements.”

June 3, 2026

api@2.17.341 · app@2.17.367 · docs@2.1.105

Added

Client portal — external clients now sign in to a dedicated portal: see their matters, invoices with PDF + account-statement download, retainer balance & top-up, secure messaging & intake, and approve estimates/engagements — with a multi-organization switcher, role-based access (owner / billing / user), a staff-side control plane, portal notifications, and share-Critical-Dates-with-client. — API + Admin Portal
Team Calendar — a firm-wide calendar on the left menu showing who’s on vacation or away, plus firm holidays/events, with a toggleable overlay of matter court dates & deadlines everyone can see. Staff add their own time away; admins manage firm-wide events. — API + Admin Portal
Integrations oversight & Third-party hub — Settings → Integrations now gives admins oversight of the browser Extension, the Gmail/Outlook Add-ins, and the Companion app — versions, who’s active, and an org-level on/off — alongside a consolidated Third-party hub for QuickBooks/Xero + sync. — API + Admin Portal + Browser Extension + Smart Planner
Thread-level Discussions & disclosure ledger — matter messaging reworked into per-thread Discussions, a single canonical document-disclosure ledger with a Drive › Shared audit view, secure discussion attachments routed to Drive behind a malware-scan gate, and automatic close of portal access when a matter closes. — API + Admin Portal
Admin account recovery — owners/admins can reset a team member’s password or temporarily disable their 2FA (lost device / no backup codes). — API + Admin Portal
Global running timer — an always-available running timer with a timekeeper rate model and log-time-from-a-discussion. — API + Admin Portal
Bookkeeping Management add-on role — day-to-day accounting authority without full Owner/Admin. — API + Admin Portal

Improved

Org Settings, continued — new Matters (Hold + Sharing) and Envelopes groups, a combined Purge page, Lists split into tabs, an org Security page, Requisition Signers, Compliance regulator-report surfaces, and Precedents added under Settings → Library; on your profile, “Role” → “Access”, an approval-gated headshot picker, and the Calendar feed + Companion download moved under Profile → Integrations. — API + Admin Portal
Trusted-device window — a 14-day “remember this device” window for bookkeepers and HR/compliance managers. — API

Removed

Matter Templates — removed the dormant, unwired Matter Templates settings area. (E-signature Document Templates are unaffected.) — API + Admin Portal

Fixed

Various fixes and improvements — 8 patches.

June 2, 2026

api@2.17.336 · app@2.17.362 · docs@2.1.104

Added

Two-way calendar sync — deadline push — connect your Google or Microsoft 365 calendar under Settings → Integrations, and Athenty can now add your matter critical dates onto it as all-day events with reminders. One-way and opt-in: changes in Athenty re-sync to your calendar, while edits you make to those events in Outlook/Google never alter the deadline in Athenty. Completes two-way sync alongside the existing pull + free/busy sharing. — API + Admin Portal
Timekeeper accounting — a full set of timekeeper financials: a per-timekeeper revenue & performance view, fee attribution & realization, per-involvement credit splits on matter staff, and a configurable payment-application order for partial payments. — API + Admin Portal
Partner equity & draws — per-partner capital accounts with contributions, draws, and profit allocation, plus a Partner Equity report. — API + Admin Portal
Invoice write-offs & credit memos — write off uncollectible invoice balances (bad debt) and issue credit memos, with the impact tracked through attribution. — API + Admin Portal
Document Precedents — generate new documents from your precedent library or straight from Drive, with a DOCX engine behind it. — API + Admin Portal
Personal materials library & professional headshots — each team member gets a personal library for files and an HR-approved professional headshot (now unified to a single approved image), and the Org Library moves to its own top-level home. — API + Admin Portal
Software inventory & org Payroll method — track software assets (split out from hardware in the Assets nav) and set an org-wide payroll method that matters inherit. — API + Admin Portal

Improved

Settings reorganized — the Settings sidebar is re-grouped into sections that mirror the product’s modules, and Verification Defaults are clearer (de-duplicated, with step fields shown). — Admin Portal

Fixed

Various fixes and improvements — 9 patches.

May 30, 2026

api@2.17.329 · app@2.17.355 · docs@2.1.102

Added

Global search across everything — the Cmd / Ctrl + K palette (and the sidebar search box — same surface) is now a true global search. Start typing and it surfaces matching clients, matters, documents, and invoices first, with navigation and quick actions below; multi-word queries match in any word order. A new full Search page (the “See all results” view) lets you browse every match by type. Built keyboard- and screen-reader-first, and the palette now loads on demand so it doesn’t weigh down initial page load. — API + Admin Portal
Dedicated A/R reports — accounts receivable now has its own reporting home: invoice aging, client balances, and unbilled recoverable costs, kept distinct from the accounts-payable reports. — API + Admin Portal

Fixed

Various fixes and improvements.

May 27, 2026

api@2.17.324 · app@2.17.350 · docs@2.1.100

Improved

Accounts Payable refinements — vendor bills now label each line’s accounting treatment (firm expense vs. recoverable client asset); tax amounts are editable everywhere they’re entered — vendor bills, recurring bills, and hard/soft matter costs (matching PC Law and QuickBooks); a posted bill is corrected by voiding it (which reverses the whole entry, including the HST input tax credit) and re-entering, with a one-click Void & copy to new draft; default tax rates are now set per category (fees, time, hard/soft costs, and a new Purchases scope) with an optional default rate per vendor; and the unbilled-recoverable report now lists soft (estimated) costs alongside hard. — API + Admin Portal
Simpler vendor-bill entry — choose each line’s allocation first (firm overhead vs. a recoverable client cost); a recoverable cost is booked straight to the recoverable-asset account, so there’s no redundant expense-account step to get wrong. The Unbilled Recoverable report now lives under Accounting › Reports — it’s a client receivable, not a payable — with a link kept from A/P Reports. — Admin Portal
Consistent breadcrumb navigation across the accounting pages, replacing the one-off back button for a cleaner, more predictable way to move between screens. — Admin Portal
“Remember this device” two-factor sign-in now reliably skips the second step on a trusted device, with clearer labels for staff vs. administrators. — API

Fixed

Recoverable-asset account always present — the Client Disbursements Recoverable account now appears in every organization’s Chart of Accounts automatically, including organizations created before it was introduced, so recoverable client costs always post to a visible, system-managed account. — API

May 26, 2026

api@2.17.321 · app@2.17.348 · docs@2.1.98

Added

Accounts Payable — vendor bills, payments, and recoverable client costs — a complete A/P workflow: keep a vendor master, enter vendor bills split across firm-overhead and matter-recoverable lines, and pay them from the operating account (cheque/EFT, partial or batch). Costs advanced on a matter are booked as a recoverable asset and flow onto the client’s invoice automatically; recurring bills (rent, subscriptions) generate each period, and a one-click “Save & pay” handles one-off expenses. A/P aging, vendor balances, and unbilled-recoverable reports round it out. — API + Admin Portal
Trust reconciliation comparison (LSO By-Law 9 §10) — a monthly report comparing the trust bank balance against total client trust liabilities, flagging any month that doesn’t reconcile to zero. — API + Admin Portal
Sanctions screening on every payee, with flexible overrides — payments to anyone matched against a sanctions or terrorist watchlist are blocked across trust disbursements, vendor payments, and matter disbursements — now including freeform (non-participant) payee names. A blocked payment can be cleared with an audited, reasoned override: Owner, Admin, or anyone with the new Compliance Management add-on role can override org-wide, and (when an org enables it under Settings → Compliance) a matter’s responsible lawyer can override on that matter only — so screening never bottlenecks the desk. Politically exposed persons (PEPs) raise a non-blocking enhanced-due-diligence prompt rather than stopping the payment. — API + Admin Portal

May 25, 2026

api@2.17.318 · app@2.17.346 · docs@2.1.97

Added

Two-way calendar sync (Google + Microsoft) — connect a work calendar under Settings → Integrations and Athenty keeps it in sync both ways, mirroring matter events and reading free/busy. Per-user sharing scopes (Private · Selected people · Division · Organization) control who can see your availability, and only a label-less “Busy” block is ever exposed to permitted viewers. — API + Admin Portal
“Remember this device” for two-factor sign-in — on a trusted device you can skip the authenticator code for a set window (14 days for owners/admins, 30 days for staff); your password is still required every time. Trusted devices are listed and revocable under Profile → Security, an org-admin can turn the feature off org-wide, and a sign-in from a new country always re-prompts for the full code. — API + Admin Portal
Bill clients from work-in-progress — generate a draft invoice from a matter’s unbilled time, fees, and recoverable disbursements in one step. Each invoice gets a gapless number (INV-YYYY-NNNN) and per-line tax, a work-in-progress view keeps the same item from being billed twice, and issuing an invoice posts it to the general ledger (voiding reverses it cleanly). — API

Improved

Accurate financial statements after a reversal — reversing a manual journal entry no longer throws the Trial Balance, Balance Sheet, or Income Statement off by the entry amount; a reversed entry and its reversal now net to zero in every report. — API

May 24, 2026

api@2.17.316 · app@2.17.344 · docs@2.1.97

Improved

One consistent look for every accounting ledger and report — all accounting tables, on screen and in PDF, now follow a single presentation standard: two-line stacked column headers (a slightly larger, darker top line over a smaller, lighter second line) in one consistent font; entry numbers shown as plain numbers with no ”#” prefix (cleaner for sorting, filtering, and CSV export); and the Method/Reference column no longer repeats the method in front of the reference. Every column on the live trust ledgers is now sortable — money columns included — and the summary reports (Trial Balance, Trust Listing) gained sortable headers too. All existing colour cues are preserved: reversal and transfer links, partial-reversal markers, and negative amounts in red. — API + Admin Portal

May 23, 2026

api@2.17.315 · app@2.17.343 · docs@2.1.96

Added

Report Period filter across accounting reports and live ledgers — every accounting report (Trial Balance, Balance Sheet, Income Statement, Trust Listing, Trust Ledger, Bank Journals, Tax Liability) and the live trust-ledger views (a matter’s Trust tab and the firm-wide Trust Operations panel) now have a QuickBooks-style Report Period dropdown: This / Last / Next month, quarter, or year; fiscal-period variants; rolling ranges like “Last 30 days” and “Since 90 days ago”; year-to-date and more (44 presets) — or Custom for exact dates. Fiscal presets follow your organization’s fiscal year-end. On the live ledgers the filter is opt-in — a matter’s Trust tab shows full history by default, while the firm-wide Trust Operations panel defaults to the current year (faster to load, with All Dates one click away). — API + Admin Portal

Improved

Accounting reports & statements — presentation overhaul — every report PDF was reworked to read like a proper financial statement: a two-row column header matching the on-screen ledger (Date/Entry · Type/Account · Party/Matter · Method/Ref · GL/Description), a Prepared By line (the user who generated it) beside Prepared For, a total on every column, and the opening balance as the first row inside the table. Reports and transactional emails were also rebranded to the Athenty identity — the logo-gradient blue header with the Athenty icon, replacing the old flat navy. — API
Live trust ledgers now mirror the printed reports — the on-screen trust ledger (a matter’s Trust tab and the firm-wide Trust Operations panel) uses the same column language as the PDF: Date · Entry # · Type/Account · Party/Matter · Method/Ref · GL/Description · Receipt · Payment · Reversal · Balance, with the GL account code shown on every row. The GL code resolves the same way the printed report does, so the screen and the report always agree. Notes stays an on-screen hover field. — API + Admin Portal

May 22, 2026

api@2.17.309 · app@2.17.338

Added

#219 Open in Companion — building on yesterday’s handshake foundation, the Athenty Companion is now user-visible. Documents carry an Open in Companion action on the preview pop-up that hands the file off to the Companion desktop app for native editing, and an edit-helper save-back endpoint writes your changes straight back into Athenty using a single-use session upload token. If the Companion isn’t installed yet, the action routes you to Profile → Integrations to set it up. — API + Admin Portal

Improved

#306 Trust ↔ General Ledger posting reliability — the paired general-ledger entry behind every trust transaction is now self-healing. If a posting ever fails — or can’t yet resolve a primary client — it’s queued and retried automatically with backoff instead of being silently dropped, and a nightly reconciliation guard finds and backfills any trust entry missing its ledger pair, alerting on anything it genuinely can’t resolve. Recording trust money still always succeeds; the bookkeeping leg can no longer drift out of sync unnoticed. — API

Various fixes and improvements — 6 patches.

May 21, 2026

api@2.17.304 · app@2.17.336 · docs@2.1.92

Added

#290 Calendar subscribe URL — per-token scope filters — each personal .ics token can now be scoped to only emit a subset of your calendar. Pick one or more matters, participants, or event types per token; combine semantics are union (a token emits everything matching any selected filter). One token for “my hot files only” (matter list), another for “client-facing deadlines” (event-type list), subscribed to different external calendars. — API
#219 Athenty Companion — API foundation — the server-side handshake for the upcoming Athenty Companion desktop helper is in: short-lived token mint, single-use handshake redemption with audit, scope-bound to a specific user + matter. No user-visible surface yet; the Tauri scaffold (download / open / edit / save) lands next. — API

Various fixes and improvements — 1 patch.

May 20, 2026

api@2.17.303 · app@2.17.335 · docs@2.1.91

Added

#249 Last Activity column — every matter now tracks Last Activity separately from Last Updated. Last Updated is the column you edit (renames, field changes, status flips); Last Activity is anything that touched the matter — a posted trust entry, an envelope sent, a participant added, a document uploaded. Stale-matter triage and the dashboard “needs attention” queue use Last Activity, so a quiet rename no longer pretends a matter is alive. — API + Admin Portal

Improved

#249 Cleaner matter staff list — assigning the same person twice to a matter (e.g. Matter Responsible and Matter Assigned) no longer shows two rows for the same name. One row per person, with their roles rendered as chips you can X-out individually. The duplicate is gone from the data, not papered over in the UI — a partial unique index at the database layer locks the invariant, so it cannot regress through any future code path. — API + Admin Portal
#290 Calendar subscribe URL — multiple tokens with descriptions — the personal .ics calendar subscribe URL introduced yesterday now supports multiple live tokens per user, each with its own description. Keep one for your home calendar, one for your phone, one for the iPad — rotate any one in isolation without breaking the others. The description is yours to label them however you want. — API + Admin Portal

Various fixes and improvements — 3 patches.

May 19, 2026

api@2.17.301 · app@2.17.334 · docs@2.1.90

Added

#281 Calendar subscribe URL — every user now has a personal .ics subscribe URL they can paste into Google Calendar, Outlook, Apple Calendar, or any iCal-aware app. The external calendar polls the URL on its own schedule and renders your Athenty events — envelope due dates, matter deadlines, your own verification expiries — read-only alongside your personal calendar. One-way poll: no provider OAuth, no webhooks, nothing to break when a password changes. Generate, copy, and rotate the URL from Settings → Profile → Personal (rotation invalidates the old URL immediately so anyone you no longer want subscribed loses access in one poll cycle). Wrong URLs respond with a 404 even when the user exists — leak-resistant by design. Supersedes #203 for v1; two-way provider sync stays on the roadmap. — API + Admin Portal
#236 Live calendar — the calendar is no longer an empty scaffold. My Calendar now aggregates the time-bound work across your organization in real time: matter deadlines, e-signature envelope due dates, and approved identity-verification expiries. Day / Work week / Week / Month views; dated items sit in an All day lane (they’re deadlines, not timed meetings); colour-coded by source; click any item to jump straight to the underlying record. Computed live from the existing records, so it can never fall out of sync — and it adds no new data to maintain. Per-person filtering, calendar sharing, and client self-booking are sequenced next. — API + Admin Portal

Improved

#279 Per-matter notification overrides + editable retainer-low default — the matter Notifications tab now shows both the matter’s own notifications and the firm-wide and division-wide defaults that apply to it. Each inherited notification can be overridden for a single matter (customize the wording, audience, or channel) or disabled for a single matter (the notification simply won’t fire on that file). Same surface, with state badges so you can see at a glance what’s active, what you’ve overridden, and what you’ve muted. Underneath, the retainer-below-minimum client email is no longer hardcoded — every firm now has an editable Retainer below minimum template seeded with the existing copy. Tweak the wording in Settings → Notifications to match your firm’s tone, or mute it on a specific matter the way you’d mute any other notification. — API + Admin Portal
#236 Trust-accounting overhaul (complete) — the full trust-accounting program landed and is live. One unified Trust Ledger replaces the split receipts/payments tables, both per-matter and firm-wide: a single sortable, exportable (CSV / signature-ready PDF) table with a durable per-firm entry number, running balance, and consistent columns. Posted trust entries are now append-only — there is no delete; a reversal or a correction is the only audit-defensible unwind, and a correction can now restate the date, received-from, method, reference and description (not just the amount), with the original kept verbatim and the two entries cross-linked. Trust Receipt / Trust Payment is one shared form in your preferred field order: the currency now derives from the chosen bank account (no more separate currency picker), foreign-exchange is shown on posted entries, and a payor/payee participant can be attached. Matter-scoped payments route through the requisition flow with sub-threshold auto-approval. Payment methods that need electronic banking details are now flagged, with the banking-method form reworked accordingly (card / credit-transfer fields, beneficiary default with override; system methods locked). An editable per-matter retainer minimum with a low-balance indicator now notifies the primary client once (debounced) when the rolled-up retainer drops below it. Naming, icons and the global toolbar were unified throughout. — API + Admin Portal
#235 Matter subtitle — a matter’s header now shows its primary client’s name (resolved via a participant-name join), completing the matter header & identity redesign. — API + Admin Portal
#249 Matter attribution guardrails + Status cleanup — a matter’s primary client can no longer have their participant type silently changed from the matter Clients sub-tab (the change is now routed through the canonical Re-attribute flow, with a one-click affordance on the rejection toast); and the duplicate Status indicator was removed from the matter detail’s top action bar (the badge in the info row below the title is now the single source). — API + Admin Portal

Various fixes, internal release tooling and CI hardening — 31 patches.

May 15, 2026

api@2.17.288 · app@2.17.319

Added

#230 Tax rate groups — combine component taxes (GST + PST, or state / county / city) into a single customer-facing invoice line while each component still posts to its own GL and reports separately per agency. A rate can belong to multiple groups (many-to-many); a derive-on-post calculator splits the tax per component with independent rounding; no combined rate is stored — the effective rate is summed live from members so a component rate change flows through with no group edit. Managed from a new panel under Settings → Accounting → Tax Rates with component chips. — API + Admin Portal
#231 Consolidated accounting reports suite — a full firm-wide reporting surface under Settings → Accounting → Reports: Trial Balance (Opening / Movement / Closing), Trust Listing (all / by-client / by-matter, GL-sourced — ties to the Balance Sheet), Consolidated Trust Ledger (all / by-client, operational-ledger-sourced, with a new GL cross-check column and per-section tie-out badge so it reconciles line-for-line against the General Ledger), Bank Journals (per-bank cash book, GL-sourced), and Tax Liability grouped by collecting agency. Every report exports to CSV and a signature-ready PDF. — API + Admin Portal
#235 Matter header & identity redesign — re-attributing a matter now excludes the current primary client from the picker and keeps the replaced client attached as a regular participant instead of dropping it; the Matter ID is provisional only while a matter is a draft and frozen once it leaves draft (re-attribute to change it after that); every matter is created with a mandatory Responsible and Assigned staff member (defaulting to its creator); the matter banner now summarizes Responsible / Assigned / Introducing; and the redundant “Ref:” subtitle was removed in favour of the dedicated Matter ID box. — API + Admin Portal
#232 Trust transfer requisition authorization — the designated trust-signer roster now sits directly alongside the requisition + dual-signer thresholds it gates (inline approver toggle bound to the same per-member flag — one source of truth, editable here or on the member’s Accounting tab; reactive warning when fewer than two signers exist). Two new org-level segregation-of-duties controls join it, both off by default and composable with the dual-signer rule: a Matter-Responsible authorization override (a matter’s Responsible may sign that matter’s requisitions without the global signer flag) and “requisitioners cannot approve their own” (the requisition’s creator cannot be its approver or dual signer). — API + Admin Portal

Improved

#199 Two-factor enrollment hardened (security audit) — the forced-2FA enrollment flow is now sound end to end. The “enable 2FA on your own account first” case shows an inline alert instead of a silent dismiss; the enrollment intercept no longer clobbers the auth store and bounce the user back to an empty login form; recovery codes stay on screen until the user explicitly continues (no more one-frame flash); recovery codes are bcrypt-hashed (existing codes still validate); the enrollment token is single-use; and no real session exists until a short-lived acknowledgment token is exchanged on “Continue” — so the pre-Continue state is genuinely unauthenticated server-side, not just UI-gated. — API + Admin Portal
#231 Trial Balance is now an as-of report — it previously summed only activity inside the selected period, so accounts with opening balances and no in-period movement vanished and the Trial Balance never tied to the Balance Sheet on any organization with prior history. It now reports every account’s cumulative balance through the period-end date. — API + Admin Portal
#226 Trust-accounting guards & bank-account ↔ GL integrity — operating (firm-funds) accounts can no longer be linked to a matter’s trust accounting (server-enforced and filtered out of the picker) so client trust can’t be commingled with firm money; the accounting drill-down pages (Trust Operations, Journal, Manual Entries, Reconciliations) gained a history-aware Back button so clicking through an accounting row no longer strands you; the Add/Edit Bank Account dialog no longer stacks a modal-over-modal (inline GL create), gained a read-only detail view and operating-row parity; and a bank account now requires a dedicated, fresh, correctly-coded asset GL at creation — an existing GL can only be linked if it has no posted entries and sits in the right chart range, and the link locks once postings exist. — API + Admin Portal

Various fixes and improvements — 2 patches.

May 14, 2026

api@2.17.270 · app@2.17.298

Added

#226 Accounting Settings cleanup — terminology sweep, Tax Rates tab, GL picker on Trust Accounts, Rate Classes catalog, Payroll Frequency wiring, Polymorphic Banking — multi-phase rebuild of the Accounting Settings module across the day. Phase A sweeps all user-facing copy to drop law-firm framing (“Firm” → “Organization”) and external-tool references (“PC Law” → generic accounting convention) so Athenty reads as a regulated-services platform rather than legal-only. Phase B ships four inline data/UI fixes including the long-standing multi-matter receipt mis-tagging bug — the chip now requires ≥2 distinct matters in the transaction (server-side count(DISTINCT matter_id)), not any 2-row group; a 2-row transaction allocated twice to the same matter no longer wears the chip. Phase C / C1 promotes Tax Rates from a button to a Settings → Accounting tab with agency name, granular applies-to (fixed-fee / time / hard-costs / soft-costs as a multi-select array), and an Org-default flag. C5 adds a GL-account picker on the Trust Account form so bookkeepers can pin a non-default sub-account under 1000/1100; the inline + Create GL account button arrives pre-selected with type=Asset and parent locked to the right subtree (Operating Bank Accounts under 1000 or Trust Bank Accounts under 1100) so the new account stays inside the numeric chart. C9 P1–P3 ships the Rate Classes catalog: a new rate_classes table + tab under Settings → Accounting (org-level CRUD), per-Division opt-in for which classes a division uses, and a multi-class Billable Rate matrix on the Team Member page so a single timekeeper can carry different hourly rates per class (Real Estate vs Estates Litigation). C10 P1–P2 lands Payroll Frequency wiring (org-level default with Division-level override + per-user setting at the salary widget) and a polymorphic Banking Methods sub-panel on the Team Member HR tab (multiple banking methods per user, primary toggle, full audit log) — API + Admin Portal
#225 clients table renamed to polymorphic participants directory — three-phase rename of the legacy clients table to participants to match Athenty’s polymorphic identity model (a participant can be a client on one matter, a counterparty on another, a third-party witness on a third). Phase 1 renames participant_banking_methods.client_id → participant_id. Phase 2 renames the clients table itself along with 16 FK columns across matters, requests, envelopes, verifications, audit logs, and the trust ledger; the matter primary-client relationship becomes matters.primary_participant_id. Phase 4 is the full sweep: every reference in the API service layer, TypeScript types, UI hooks, route paths, and breadcrumbs migrate in lockstep. The legacy /clients REST route stays alive as a thin alias through this release so in-flight integrations don’t break — new code should target /participants directly. Multiple same-day hot-fixes address a participants-tab route collision, raw SQL still referencing the pre-rename column, a write-path alias gap on first-time primary assignment, CommandPalette search path, and a CI-only typing miss — API + Admin Portal
#228 Correct-entry wizard — atomic reverse + replacement for posted trust entries — one-screen wizard reachable from the kebab menu on each trust-receipt and direct-payment row. Pre-fills a reversal of the original (full amount) plus a replacement with the bookkeeper-corrected amount; both post in a single Drizzle transaction so partial failures aren’t possible and the audit trail can never end up half-corrected. The resulting pair renders with a small ↩︎ corrected chip linking the entries so reviewers can trace the audit chain at a glance. New POST /matters/:matterId/trust-entries/:entryId/correct endpoint with audit log emitting a single entry.corrected event carrying both entry IDs — API + Admin Portal
#222 follow-up — lookup-first when adding a participant to a matter — replaces the freeform name/email/phone form on the Add Participant sheet with a search combobox that hits the polymorphic participants directory by name / email / phone / participant ID. Existing clients, counterparties, and third-parties surface as inline suggestions with type badges; staff hits are filtered (managed via the matter Staff tab), and participants already attached to the matter are excluded so a row can’t be added twice. Selecting a directory hit links the row via canonical participantId so it joins back to the participant for downstream KYC/IDV history, conflict detection, and de-duplication. When no match exists, an Add new participant CTA in the dropdown falls through to the freeform form with the search query pre-filled into the Name field. After a successful add, the sheet stays open with Send IDV intake + Send KYC intake CTAs that open the existing /verifications/new flow with matterId + participantId + type pre-selected — Admin Portal

Improved

#227 Phase 4.5 — derive matter-participant primary status from the matter, drop the cache column — the matter_participants.is_primary column was a denormalized cache of matters.primary_participant_id that could drift if either side was updated without the other. Phase 4.5 switches the read path to derive isPrimary server-side via a JOIN at query time. Phase 4.5b stops writing the cache column entirely (verify-only migration logs any drift as a Postgres NOTICE rather than failing the deploy); column is dropped in the same release window via #229’s column-drop migration. Net: one source of truth for which participant is primary on a matter, no more cache-coherency bugs — API + Admin Portal
#143 — file row actions always visible on touch viewports — file row Preview + More icons were rendered with opacity-0 group-hover:opacity-100 unconditionally, leaving them invisible on touch devices that have no hover affordance. They now stay visible below the md breakpoint for touch; the hover-reveal pattern only applies at md and up so desktop keeps the clean at-rest row — Admin Portal

Various fixes and improvements — 21 patches.

May 13, 2026

api@2.17.247 · app@2.17.279

Added

Form 9A Trust Transfer Requisitions — full state machine, e-signature integration, anti-fraud audit, and on-demand banking capture (#224, Phases A through 3b) — three-day arc lands the LSO By-Law 9 Form 9A workflow end-to-end. Org-level toggles (per-currency requisition threshold, dual-signer threshold, and a Trust Transfer Approver flag on team members) sit on a new Settings → Accounting → Requisition Thresholds tab. The matter Trust Accounting tab gains a Trust Transfer Requisitions panel with state machine (draft → pending_signatures → signed → posted) plus a Void path. Drafts above the org’s threshold auto-route from the regular “Pay from trust” form into the requisition draft dialog with trust account / amount / counterparty pre-filled, so a back-dated direct payment can’t sneak past the signing requirement. Submit fires a real envelope auto-create with a generated Form 9A PDF + paged signing flow; envelope completion auto-marks the requisition signed; an org-wide Signatures Required inbox (with top-bar badge) surfaces every active requisition across matters. Per-requisition signer status popover on pending rows resolves the approver + optional dual signer in real time. Saved banking methods now live on the Payee’s Participant profile (new participant_banking_methods table — renamed mid-arc from client_banking_methods to match the canonical Participant taxonomy), with an append-only audit log on every create / update / delete and a 30-day rolling amber “Banking changed N days ago by X” warning chip on the requisition payee-method dropdown for anti-fraud cross-check. Three new shared components — BankingMethodFormDialog, PayeeBankingMethodPicker, PayeeParticipantPicker — plug into three surfaces: Draft Requisition dialog, single-matter “Pay from trust” Sheet, and the multi-matter disbursement dialog at /accounting/trust-operations. Each picker offers inline ”+ Add new method…” so the bookkeeper never has to leave the screen to capture a payee’s banking on first use; on save, the create mutation invalidates the methods query, the dropdown re-fetches, and the new method auto-selects. Service auto-fills counterparty from the picked Participant’s businessName ?? "First Last" when freeform is empty. Banking-method FK is dropped server-side on receipts so a stray value can’t bind. Form 9A PDF renders structured banking rows when a saved method is picked instead of the freeform fallback. Migration 0155 renames the brand-new tables and FK constraints in lockstep (using DO blocks to handle Postgres’s 63-char auto-name truncation variance); migration 0156 adds optional counterparty_client_id + counterparty_banking_method_id columns to both matter_trust_entries and trust_transactions. The companion certificate service’s WinAnsi unicode crash on envelope finalize is fixed inline (drops the ✓ glyph to ASCII “Signed”) — API + Admin Portal
Per-timekeeper revenue routing — sub-GL plumbing + Accounting Roles UI + Billable Rate widget (#220 PR1–PR3 + Phase 1.5 + Phase 2) — full timekeeper revenue stack lands. New timekeepers schema with per-user accounting role tagging (Timekeeper / Working Partner / Originating Partner / Responsible Partner / HR Manager) and per-timekeeper sub-GL routing on time entries + fee invoices — revenue posts split by timekeeper instead of bucketing into a single 4000 fees account. Sub-GL codes use dot notation (4001.JCHEN, 4002.JCHEN) per PC Law convention rather than hyphens; both displayed live on the matter Accounting tab under the Timekeeper + Partner toggles. Accounting Roles UI moves to the per-user Team Member settings page (was Access Levels) with an HR Management bypass so HR Managers can view timekeeper attribution without other elevated permissions. New Billable Rate widget on the Team Member page maintains a per-timekeeper rate history (effective date + currency + amount), drives invoice-line calculations downstream, and shows the active vs queued rates inline — API + Admin Portal
Trust ledger upgrades — partial reversals, matter-to-matter transfers, multi-matter consolidation, and as-of-date negative-balance check (#217 PR7–PR27) — multi-PR arc remakes the matter Trust Accounting tab around real PC Law conventions. Partial reversals let staff reverse a fraction of an entry (e.g. reverse $5 of a $1000 receipt) — backend computes per-entry remaining-reversable; the ledger renders partial-reverse rows with a treatment-D indicator + “Reverses #N · partial” tooltip distinct from full reversals; UI prompts owner/admin to confirm via the same negative-balance override gate when the partial leaves the matter trajectory below zero. Matter-to-matter trust transfers (same-client) ship as a paired-row primitive: two matter_trust_entries rows with a shared transfer_group_id, one debit on the source matter and one credit on the destination, both auditable from either side via a ↔ Transfer to/from <Matter> link. Atomic reverse-transfer pairs both rows in one transaction; inline edit for matter-to-matter transfers ships as a reverse-and-replace flow. Multi-matter trust transactions (parent trust_transactions table with N child allocations on matter_trust_entries) are now hosted at /accounting/trust-operations as a global surface; the per-matter Trust tab embeds the parent-and-allocations summary inline rather than carrying its own multi-matter panel. The shared MoneyInput component rejects > 2 decimal places at input time (was silently coercing 1000.001 → 1000 before). As-of-date negative-balance check evaluates the trajectory across the window from occurredOn through current date, not just the current balance — so a back-dated payment between earlier receipts can’t sneak through; owner/admin override flow lets the org explicitly allow it when policy permits. Smaller polish: Retainer chip → tinted indigo with tag icon, “Add Estimate” → “Add Recovery” on the Soft Costs panel, “Pay from trust” rename to disambiguate from Disbursements’ “Add expense”, transfer-row Type cell renders the linked matter’s display ID inline — API + Admin Portal
Matter numbering with division prefix + inline client quick-create (#222 PR1–PR3) — matter display IDs now carry a division-level numbering prefix (e.g. 011-RE-001 for Real Estate), configurable via a new Numbering Prefix field on the Add Division dialog. The Add Matter dialog gains an inline Quick-create client flow (with primary-client validation + Edit-full-profile link on the success state so the bookkeeper can fill in IDV details later); fixes a latent path where a brand-new matter ended up without a primary client because the initial assignment used POST instead of PATCH — API + Admin Portal

Various fixes and improvements — 11 patches.

May 10, 2026

api@2.17.220 · app@2.17.244

Improved

PC Law-style trust ledger view on the matter Trust Accounting tab (#217 PR6) — replaces the single-Amount divide-y list with a proper Client Trust Ledger table per PC Law User Guide convention. New columns: Date · # · Type · Counterparty · Description · Receipts · Reversals · Balance, with a bottom totals row showing Receipts / Reversals / Net side by side instead of a misleading single number. Reversal rows render their Type cell as a clickable Reverses #N link that scrolls to and highlights the original entry; reversed originals render struck-through with a “Reversed by #N” tooltip so the pairing is obvious from either direction. Running balance is computed per row and rendered red when it goes negative (defensive UX layered on the existing overdraft hard-block). Both panels — Trust Receipts and Direct Payments On Behalf — get the same treatment for consistency. Backend getEntrySummary() rewritten to split receipts and reversals via CASE statements so the header totals match what the ledger now displays — API + Admin Portal

Fixed

2FA login recovery path + clock-skew tolerance (#199 follow-up) — closes the gap that left a 2FA-enrolled user unable to sign back in. The /login two-factor challenge now offers a Use a recovery code instead toggle that accepts the codes generated at enrollment in any form a real user might type (with or without hyphen, any case, stray whitespace) — the backend normalizes before lookup so historical codes keep working. TOTP code verification window widened from ±30s to ±60s (window: 1 → 2) so legitimate authenticator codes survive routine phone/server clock drift — the previous window failed cleanly-running Microsoft Authenticator, Google Authenticator, and Authy in real-world conditions. The enable2FA setup endpoint now reuses an in-flight secret instead of rotating it on every call, so a UI re-mount mid-setup no longer silently invalidates a QR the user has already scanned — API + Admin Portal

May 7, 2026

api@2.17.196 · app@2.17.220 · docs@2.1.71

Added

Retainers unified into the trust ledger + per-matter minimum-balance indicator (#215 Phase 3.5d) — the standalone matter_retainers table is decommissioned in favour of an is_retainer flag on individual matter_trust_entries. A matter’s retainer balance is now the signed sum of its retainer-flagged receipts and direct payments — no parallel record to keep in sync, retainer draw-downs flow through the same reverse-and-replace correction path as every other ledger entry, and a single retainer pot can span a non-pooled matter-specific account + a pooled IOLTA. The Trust Receipts and Direct Payments On Behalf forms gain a “Mark as retainer” toggle (with direction-aware copy — adds funds vs draws funds) and a per-matter minimum-balance input that persists to the matter. The matter detail top-box replaces the placeholder In/Out widgets with Trust (cross-account total) and Retainer (signed retainer-only balance) widgets that click through to the Trust Accounting sub-tab — Retainer renders red when the rolled-up balance drops below matters.retainer_minimum_balance. New GET /v2/matters/:id/balances returns trust + retainer + threshold in a single round-trip. The is_retainer flag is immutable after insert (extends the existing trust_entries_append_only trigger); reversals inherit the flag so the aggregate cancels correctly. Retainer-flagged receipts continue to fan out the existing retainer_received notification — API + Admin Portal
Page help slide-outs + docs portal across the entire admin portal (#211) — every customer-facing page in the portal (dashboard, matters, verifications, envelopes, participants, RON sessions, all settings sub-pages, all profile sub-pages) now ships with an in-app help drawer (slide-out from the page header) and a matching docs reference page on the marketing/docs site. New shared building blocks land alongside the rollout: <PageHeader> becomes the canonical header (replaces all bespoke <h1> instances), with helpSlug + docsSlug props that drive a help drawer + an “Open docs” button uniformly. Glossary terms are bold-marked in help md files and harvested into the www glossary. ~50 pages converted in this drop; subsequent phases handle nested sub-pages and the public-facing flows — Admin Portal + Docs
Trust receipts/disbursements may post to any active org trust account (#216) — staff can record a trust receipt or trust-paid disbursement against any active trust account in the org, not just ones already linked to the matter. When an unlinked account is chosen the system auto-creates the matter link as a side effect and audits it as implicitlyLinked: true so historical drill-through reports stay intact. The new shared trust-account picker groups accounts as Linked to this matter (with (default) badge on the matter’s primary linked account) and Other org trust accounts under a divider. Non-pooled single-matter exclusivity is preserved (a non-pooled account already attached to a different matter still rejects with 409). Disbursement form reordered so Paid via + Trust account lead the form, mirroring the receipts layout — API + Admin Portal
Sent Currency Conversion on disbursements (#214c) — symmetric FX block on the disbursement form for cross-currency payments (e.g. paying a USD invoice from a CAD trust account). New original_currency + original_amount + fx_adjustment columns on matter_disbursements; server enforces original_amount + fx_adjustment === amount. Labels read in payment direction (Sent currency, Sent amount) vs the receipts block’s source-direction labels. FX delta is informational only — both gl-trust-posting and gl-operating-posting post only the post-conversion native amount, matching what actually entered or left the bank — API + Admin Portal
Settings → Accounting: Chart of Accounts + Journal Entries viewers (#213 PR 1a) — first slice of GL UI surface lands as two new Settings → Accounting sub-tabs. Read-only Chart of Accounts viewer (numbered chart 1000-9999, organized by account class — assets, liabilities, equity, revenue, expenses) and Journal Entries log viewer (paired debits/credits per posted journal, drill-through to source rows). Internal admin/audit tooling — full CRUD lands in subsequent phases — API + Admin Portal
Payment Method managed list across all money-movement forms (#214 Phase 3.5b) — new payment_method managed list type lands per @jlevy spec, seeded with 14 banking instruments (cheque, certified cheque, wire, EFT, EMT, account-to-account transfer, bank draft, credit transfer, direct deposit, debit card, credit card, cash, money order, other). Replaces the legacy free-text method field on trust receipts, trust disbursements, and operating disbursements. New matter_disbursements.method column distinguishes the banking instrument from paid_via (the fund source) — API + Admin Portal
Trust Account form rewrite with structured Canadian bank routing (#212 Phase 3.5) — Settings → Trust Accounting create/edit form rewritten with discrete fields for institution number, transit number, account number, and full branch address (line1/line2/city/state/postal/country) — replacing the legacy free-text bank_ref. Pooled IOLTA accounts now require an explicit governance acknowledgment with audit trail (confirmation timestamp, confirming user, text version). Trust-entry FX schema added (original currency / original amount / signed FX adjustment) for cross-currency deposits — API + Admin Portal
Profile area renamed to /profile with a 4-menu IA (#209) — user-area routes renamed from /account/* to /profile/* and reorganized under a clearer 4-menu information architecture: Profile, Security, Notifications, and Add-ins. Eight existing pages preserved; only the Digital Assets sub-area moved out to /settings/assets. Add-ins + Browser Extensions consolidated under one menu — Admin Portal

Various fixes and improvements — 2 patches.

May 6, 2026

api@2.17.180 · app@2.17.164 · www@2.2.1 · status@0.1.2

Added

Full IOLTA trust accounting subsystem (#121 phase 2 — closes the epic) — the production-grade trust-account abstraction lands. Three new tables (trust_accounts, matter_trust_account_links, trust_reconciliations) plus FK columns on matter_trust_entries and matter_disbursements. Pooled IOLTA accounts hold many matters’ funds; non-pooled accounts hold one. Recording a deposit or trust-paid disbursement now requires picking a destination account that is linked to the matter; the service layer rejects mis-routed entries before they hit the ledger and rejects trust-paid disbursements that would overdraw the matter’s per-account balance (commingling violation). New Settings → Trust Accounting tabs: Dashboard (totals by currency + anomaly flags for overdrafts, stale balances, and unreconciled accounts with severity tiers), Trust Accounts (admin CRUD with create/edit dialog, archive flow blocked when balance≠0), and Reconciliations (per-account list, draft → submit flow with statement balance + adjustments + system balance + difference, submitted reconciliations are immutable and offer a CSV export sized for LSO trust audits). Append-only enforcement is now at the DB layer via two PostgreSQL triggers: matter_trust_entries blocks UPDATE on every financial / audit-defining column (entry type, amount, occurred date, matter, counterparty, description, reference, etc.) — corrections must use the new reverse-and-replace flow that records a paired reversal entry with reverses_entry_id + is_reversal=true; trust_reconciliations becomes immutable once status flips to submitted or discarded — API + Admin Portal
Trust ledger purge eligibility + two-admin approval flow (#121 phase 1c) — closes out the IOLTA destructive-action surface. New Settings → Trust Accounting sub-tabs Purge Eligibility (read-only list of matters past your retention window with un-soft-deleted trust + disbursement counts) and Pending Requests (second-admin approve/reject queue). Requesting a purge requires a typed reason + irreversible-acknowledgement checkbox; approving requires a different admin AND a final acknowledgement. Litigation hold blocks at three layers — eligibility query, request creation, and inside the approval transaction via SELECT … FOR UPDATE so a hold flipped on mid-flight aborts the soft-delete cleanly. Approval soft-deletes both matter_trust_entries + matter_disbursements in a single transaction and emits a TRUST_PURGE_EXECUTED audit row with the snapshot list of every deleted ID. A new daily cron at 03:30 ET hard-deletes rows soft-deleted >90 days ago — that 90-day window is the support recovery buffer. New matters.closed_at column lands the precise close timestamp the retention window counts from (vs the noisy updated_at proxy that would have reset on any subsequent edit). 597/597 backend tests pass — API + Admin Portal
Client portal SMS MFA (#208 phase 2c — closes Phase 2 of the client portal) — orgs can now require a second factor on top of email OTP for client portal sign-in. New Client Portal toggle on Settings → General turns on org-wide enforcement; sessions issued after the email OTP land with mfa_satisfied=false and the middleware blocks every protected route until /v2/client-portal/auth/mfa-verify completes. Phone source: pulled JIT from matter_participants.contactPhone joined on (orgId, lower(contactEmail)) — most-recent matching row wins, capped at 50 rows. (Different from the participant portal, which pulls phone via the IDV chain — client portal users have no IDV.) New /client-portal/mfa SPA page mirrors the participant portal MFA flow with auto-fire of the first send on arrival + resend + cancel. Existing sessions hit by a mid-flight org-toggle auto-redirect to the challenge page rather than seeing a generic error. New client_portal_mfa_codes table + organizations.client_portal_require_mfa column ship as migration 0131. Closes Phase 2 of the client portal — all 7 sub-phases (2a-2g) shipped today — API + Admin Portal
Client portal actions in the staff Audit Log (#208 phase 2d) — Settings → Audit Log now surfaces every CLIENT_PORTAL_* row that Phase 1/2 has been writing since the portal launched, with the actor resolved against the client_portal_users table when the row was driven by a client (e.g. document downloads). New filter dropdown entries for CLIENT_PORTAL_TOGGLED, INVITE_SENT, ACCESS_GRANTED, ACCESS_REVOKED, and DOCUMENT_DOWNLOADED. Portal-actor rows show a UserCircle icon + portal suffix in the User column so staff can distinguish them at a glance from their own actions. The new actorType field ('staff' | 'client_portal' | 'system') and actorEmail are returned by the audit list endpoint for any future UI that wants finer rendering — API + Admin Portal
Client portal access snapshot on matter close (#208 phase 2e) — when a matter transitions to closed or archived, Athenty now snapshots the list of client portal users who had access — and the staff who invited them — into the existing matters.client_portal_archived_access jsonb. The snapshot includes everyone who was ever invited, including participants whose has_portal_access was revoked before close, with a hadActiveAccess flag per row so compliance audits can tell the two apart. Idempotent: re-closing a previously-closed matter preserves the original snapshot. Phase 1 created the column; this phase ships the writer — API
Per-org client portal sender (#208 phase 2f) — each firm can now configure its own custom-domain From address for client portal invite + sign-in code emails (e.g. client-portal@acme.law instead of the platform default). New Client Portal section on Settings → General with a single email input. Three-tier resolution: per-org override → deployment-wide env var → mailer’s display-name default. Stayed in the existing organizations.settings jsonb (vs adding a column) to avoid migration ordering risk with parallel #121 phase 2 work; can be normalized later without touching the API contract — API + Admin Portal
Cross-org client portal sign-in (#208 phase 2g) — same email at multiple firms now works. POST /v2/client-portal/auth/request is dual-mode: with orgSlug it sends an OTP (anti-enumeration unchanged); without orgSlug it returns { orgs: [{ slug, name }] } and the SPA renders a picker. Single-firm matches auto-pick + send the OTP; zero matches show a generic “we sent a code if your email is on file” message that doesn’t leak invite state. Phase 1 invite-link flow (?email=&orgSlug=) is unchanged for recipients clicking through invite emails — API + Admin Portal
PDF watermarking on client portal downloads (#208 phase 2b) — every PDF a client downloads from their portal now carries a footer line on every page reading Downloaded by <email> · <ISO timestamp> · via <Org Name> on Athenty. Server-side via pdf-lib, applied just-in-time so the text is always fresh and there’s no watermarked-copy bucket to clean up. Non-PDF files (Word, Excel, images) stream as-is. Corrupt or unsupported PDFs fall back to streaming the original — degraded > blocked. The download contract switched from presigned R2 URL to streamed binary so the api can inject the watermark inline; the SPA does fetch + Blob URL + Save-As anchor click to keep the bearer token attached. Audit row metadata gains watermarkApplied + downloadedAt for the upcoming staff audit-log surface — API + Admin Portal
Client portal SPA + read endpoints (#208 phase 2a) — turns the Phase 1 invite emails into a working sign-in flow. New /client-portal/sign-in and /client-portal/verify pages mirror the participant portal pattern (email + org slug, both pre-filled from the invite link, then 6-digit OTP). Authenticated users land on a matter list, drill into a matter to see documents grouped by folder, and download via presigned R2 URLs (~15 min TTL). Backend adds client-portal-read.service.ts (list matters scoped to the user’s email/clientId, list shared documents excluding quarantined/non-clean/deleted, download handler that re-checks every access gate and throws 404 on failure to avoid leaking document existence). Every download writes a CLIENT_PORTAL_DOCUMENT_DOWNLOADED audit row with client_portal_user_id populated — the Phase 1 audit column finally gets used. Invite links now include &orgSlug=<slug> so recipients don’t have to type it — API + Admin Portal
Trust-ledger retention policy + Settings → Trust Accounting page (#121 phase 1a + 1b) — new org-level setting that documents your firm’s trust-accounting compliance stance: retention window of 5/7/10 years (default 10, covers every Canadian provincial bar) or permanent Hold. Settings → Trust Accounting page (admin-only) renders the dropdown plus an inline explainer of how retention layers with litigation hold and the two-admin manual purge workflow (now live in Phase 1c — see above). Athenty never auto-purges — this is policy guidance + audit trail only. Shortening the window triggers an explicit warning modal showing from/to values and confirming future-only effect; every change emits a TRUST_RETENTION_POLICY_CHANGED audit row with the from/to metadata so the LSO auditor can answer “who shortened retention from 10 to 5 years?”. A new trust_purge_requests table backs the Phase 1c two-admin approval flow — API + Admin Portal
Client Portal Phase 1 backend (#148) — full backend surface for the client portal. Schema: three new tables (client_portal_users, client_portal_sessions, client_portal_otps) plus four access-control toggles (matters.client_portal_enabled, matter_folders.is_shared_with_client, matter_participants.has_portal_access, audit_log.client_portal_user_id). Runtime: org-scoped email OTP (10-min TTL, 5-attempt cap, 5/hr rate limit), 24-hour bearer-token sessions, and an idempotent invite blast that fires on portal-enable. New staff endpoints PATCH /v2/matters/:id/client-portal (toggle + optional auto-invite) and GET /v2/matters/:id/client-portal/invite-candidates, plus the public auth surface at /v2/client-portal/auth/{request,verify,me,logout}. Stripping per-row has_portal_access immediately revokes any active sessions and writes a CLIENT_PORTAL_ACCESS_REVOKED audit row. Two new transactional emails (invite + OTP). The entire Phase 2 punch list (SPA, watermarking, MFA SMS, audit-log staff UI, close/archive snapshot writer, per-org sender, cross-org sign-in) shipped same-day across #208 phase 2a-2g — API
Public status page at status.athenty.com (#206) — new @athenty/status package, ported from SIPSTACK and rebranded for Athenty. Static Handlebars site rendered from data/status.json with a Python Textual TUI for incident + scheduled-maintenance management; deployed to Cloudflare Pages (athenty-status in the Athenty CF account, custom domain on the athenty.com zone). Monitors 10 services across two groups: Core Platform (API, Admin Portal, OCR/ML, Document Storage US/CA) and Notifications, Sites & Billing (Email, SMS, Payments, Website, Docs). The admin Dashboard now polls status.athenty.com/status.json every 60s and shows a dismissable banner above the greeting when overall status ≠ operational or maintenance is active — dismissal is keyed by alert id so a new incident re-shows the banner. Marketing site Resources nav (mobile, desktop, footer) gain a Status link. The TUI’s notification endpoint (POST /v2/internal/status-event for email + in-app fan-out) is deferred to a follow-up — current TUI no-ops cleanly without it. Manual one-time setup (CF Pages project + custom domain + DNS CNAME) was scripted via API — Status Page + Admin Portal + Marketing Site

Improved

Matter detail page consistency pass (#196 phase 8) — three new shared scaffolds (TabEmptyState, TabLoadingRows, MatterAccountingSection) replace 4 hand-rolled empty-state JSX blocks (Drive › Shared, Messages › Client, Workflow › Kanban, Due Diligence) and 4 inline pulse skeletons (Participants, Trust, Disbursements, Drive Shared) across the matter detail tabs. Participants / Trust / Disbursements / Billings now show the same icon + title + description empty-state treatment as everywhere else (was text-only before), and Billings sub-sections share the same header structure as Trust + Disbursements. Closes the Phase 8 triage punch-list — Admin Portal

Various fixes and improvements — 4 patches.

May 5, 2026

api@2.17.163 · app@2.17.149

Added

Edit-participant flow with Roles + Critical Dates widget on Overview (#196 phase 6) — the Matter Participants sub-tabs (Clients · Counterparties · Third-parties) get a row-level Edit pencil that opens a sheet for changing the participant’s name / email / phone, matter Role (sourced from the org’s managed Roles list — all 11 default entries already populated), and Participant Type. Re-classifying a row (e.g. flipping a third-party to counterparty) re-runs the conflict gate from #114e and surfaces the same waiver modal if a new conflict trips. The Overview Summary tab gains a Critical Dates widget above the existing Dates list — next 5 dates as colour-coded cards (red=overdue, amber=today/this-week, blue=this-month) so imminent deadlines surface without scrolling. The most-recent overdue item stays pinned so a missed milestone never disappears from view — API + Admin Portal
Org logo + sidebar restructure across the admin portal (#191) — header now leads with the org logo + name on the left (was centered, with the logo often missing entirely); the search bar moves into the sidebar above the nav items where it lives in most modern admin tools. Underneath, the org-logo URL is resolved consistently across every public-facing surface — system emails, the envelope-signing welcome screen, the public CCR verification flow, the document-share download page, and the embedded email signature — so the tenant’s branding actually renders instead of shipping a raw R2 storage key. Settings → General re-uploads now refresh in-place without a page reload — API + Admin Portal
Matter Participants split + Map demoted inline (#196 phases 4 + 6a) — the Matter Participants tab now has four functional sub-tabs (Clients · Counterparties · Third-parties · Assigned Staff) instead of two functional + two placeholders; counts and the Add CTA localize per type. The Map sub-tab is demoted into an inline section at the bottom of the Overview Summary card, retiring it as a peer of Summary + Activity. Old ?tab=map URLs redirect cleanly to Summary — Admin Portal
Field-level audit trail in the participant History tab (#186 phase 6) — replaces the synthetic created + notes timeline with the canonical audit feed Phase 2 has been writing since 2026-04-30. Each row shows the humanized field name (e.g. “First name”, “Address line 1”), old → new diff, source-verification id when the change came from an IDV/KYC submission, the actor name, and the reject reason if present. Anyone with access to the participant page can read; the new GET /clients/:id/audit-log endpoint enforces tenant scope via a getClient() precheck — API + Admin Portal
SMS second factor for the participant portal (#199) — when an org sets Settings → General → Document Sharing → Require MFA, portal access now requires an SMS code to the participant’s verified phone after the email OTP. The challenge auto-fires on landing, the masked phone hint shows last-4 only (full number never leaves the API), 5-minute TTL with a 5-attempt cap. Existing portal sessions hit by a mid-flight MFA toggle are auto-redirected to the challenge page rather than getting a useless error — API + Admin Portal
Matter participant rail in the share-creation dialog (#201) — share any matter document directly with a known matter participant instead of typing their email. The dialog now toggles between Email address and Matter participant; the participant rail lists everyone on the matter (with role + contact email) so the share follows their portal access when they have one. Backend already supported both rails since #198 — this closes the UI gap — Admin Portal
Document share audit retention enforcement (#200) — the per-org share_audit_retention_days window (default 7 years, configurable from Settings → General → Document Sharing) is now actually enforced. A new daily cron at 2:45am ET hard-deletes document_share_events rows older than each org’s retention window. Until now the column existed but was inert, so audit rows accumulated indefinitely — API
Matter folders polish + share-page co-branding + persistent org branding (#143) — Drive › Files table redone: file names truncate cleanly instead of overflowing, columns finally align with their headers, the Status column drops in favor of inline scanning/quarantined badges, action icons stay inside the row, and a new Move to folder… menu item lets you reparent a single file. Folder ellipses gets the missing Pencil icon on Rename and standardizes on FolderPlus everywhere. Header reflows into two rows so the breadcrumb gets full width and stops scrolling. The public document-share download page now leads with the firm’s logo + name and an via ATHENTY lockup. The admin portal header carries the same [OrgLogo] [OrgName] / by ATHENTY block on lg+ screens — API + Admin Portal
4-tier access-level model groundwork (#114b) — completes the access-level rename started in #142. A new roleAtLeast(role, 'admin') helper replaces ~32 role === 'agent' deny checks across the API, so adding a new role tier won’t mean hunting through routes and services. Fixes a latent regression where new users created via the invite flow defaulted to the deprecated 'agent' role instead of 'general'. Pre-#142 JWTs that still claim 'agent' keep working — they’re transparently treated as 'general' rank — API + Admin Portal
Trust-anchor install guide for Athenty-signed PDFs (#88) — new docs page at Athenty Secure → Verifying Signed PDFs walks counterparties and IT admins through installing the Athenty root CA so signed envelope PDFs no longer show a yellow “identity unknown” warning. Covers Adobe Acrobat Reader DC + Pro, Windows certmgr.msc + PowerShell + Group Policy / Intune, macOS Keychain + Terminal + MDM, NSS for Linux, plus a 5-question FAQ. Includes the published SHA-256 fingerprint of the root CA for out-of-band verification. Required workaround until AATL submission completes (#70) — Docs
Public R2 bucket for org logos + user avatar headshots (#116) — splits public-by-default branding (org logos, member headshots) from private-by-default IDs/signatures/envelope PDFs. Logos at logos/{orgId}.{ext} and avatars at avatars/{userId}.jpg resolve to a stable CDN URL with no expiry, so PAdES-embedded headshots and email-signature avatars stop breaking after 7 days when archived/forwarded. Avatars are always re-encoded to a 256×256 JPEG (~20–50KB) on upload. Per-org publicAssetsOptOut flag keeps everything residency-bound for orgs with stricter policies. Code deploys gracefully ahead of bucket provisioning — falls back to the existing residency flow when R2_PUBLIC_BUCKET is unset. A migrate-public-assets.ts script copies existing data after the bucket lands — API + Admin Portal
Geocoded pins on Directory + Matter maps (#114f) — replaces the empty-state map scaffolding shipped earlier with live data. New roleAtLeast-style geocoding-cache service computes a stable address fingerprint, calls Nominatim only when an address actually changes (caches lat/lng + addressFingerprint on clients and org_locations), and stays under Nominatim’s 1 req/sec fair-use ceiling. Two new endpoints — GET /v2/maps/directory (org locations, HQ marked) and GET /v2/maps/matter/:id (matter participants) — feed the wired-up DirectoryMap + MatterMap. New uploads geocode inline; the backfill-geocodes.ts script catches up existing rows at a 1.1s/req cadence. Property pins (real-estate matters) deferred until a matter_properties table exists — API + Admin Portal
Conflicts detection at add-participant time (#114e) — block-with-acknowledgement compliance gate per LSO Rule 3.4. Two seed conflict shapes: same person/entity is a Client on one matter and a Counterparty/Third-party on another (symmetric; covers former clients on closed matters too); an org user assigned to one matter (matter_staff) showing up as a Counterparty on another. The Add Participant flow now asks for Participant Type (Client / Counterparty / Third-party) and, when conflicts are detected, returns HTTP 409 with the conflict list — the new dialog surfaces the flagged matters and requires a waiver reason before proceeding. Acknowledgements are recorded in a new matter_participant_conflicts audit table (who acked, when, with what reason) so the LSO trust auditor has a defensible paper trail. Phase-2 corporate-rep cross-references deferred until the unified Participant model lands — API + Admin Portal

Improved

Public asset bucket live in production (#116 follow-on) — the athenty-public R2 bucket described in the earlier #116 entry is now provisioned (pub-c5d075a1dbba488dbb64178f9f74ad14.r2.dev) and existing org logos + user headshots have been migrated to the new short-key layout. PAdES-embedded headshots and email-signature avatars now serve from a stable CDN URL instead of 7-day presigned URLs that broke when an envelope was archived or forwarded — API

Various fixes and improvements — 5 patches.

May 4, 2026

api@2.17.146 · app@2.17.134

Added

Document sharing rail (#198) — share any matter document with an external recipient via signed link or an IDV-verified participant portal. Created from Drive › Files → Share (recipient email + expiry up to 60 days + optional note). The recipient gets an invite email and downloads via app.athenty.com/document-share/<token>; the sender gets a download confirmation email with IP and user agent. Repeat clients with completed IDV can sign in at app.athenty.com/portal/login (email OTP, 24-hour sessions) and see all their shares across all matters with one-click download. Every share lifecycle event — created / sent / viewed / downloaded / revoked / expired — surfaces in the new Drive › Shared sub-tab on each matter with full forensic attribution. Configurable per-org defaults at Settings → General → Document Sharing (default expiry, MFA enforcement, audit retention window) — API + Admin Portal
Matter detail page 7-tab IA (#196) — collapsed the previous 11-tab strip into Overview · Participants · Accounting · Drive · Messages · Workflow · Due Diligence, each with its own sub-tabs. Accounting is fully wired with Trust Accounting (retainer + non-retainer receipts + direct payments on behalf), Disbursements (soft estimated costs + hard paid costs), and Billings (fees + time logs + invoicing placeholder). Drive splits into Files / Envelopes / Emails / Shared. Backwards-compat URL redirects keep older bookmarks like ?tab=fees and ?tab=comments working — API + Admin Portal
Participant Confirmations queue (#186 phases 2 + 4) — when an IDV/KYC verification completes, every field that differs from the canonical participant record auto-queues for staff confirmation. The new Confirmations tab on the participant detail page lists pending updates per field with old → new diff, source-verification deeplink, and one-click confirm (writes through to canonical), reject, or confirm-with-edit override. Every action audit-logged. Schema covers ~30 KYC/IDV fields across person / contact / address / business / financial — API + Admin Portal
Participant detail page redesign (#186 phases 3 + 4) — replaces the bare summary card with a structured header (avatar + composed full name with middle/suffix + Acting-as tagline + Representative subline + Introducer dropdown + Referred by + timestamps) and a 10-tab content layout (Personal · ID · Agency · Business · Financial · Confirmations · Matters · Envelopes · Notes · History). Existing Verifications data table folds into ID; KYC sections distribute to their proper domain tabs. Focused Edit header sheet for the four header fields keeps the full Edit profile form available for everything else — API + Admin Portal

Various fixes and improvements — 6 patches.

May 2, 2026

api@2.17.110 · app@2.17.110

Added

Multi-record signatures and footers with org & division defaults (#189) — Settings → Notifications → Signatures and Footers tabs are now multi-record. Each scope (org-wide or per-division) can hold multiple templates; one is marked Default with an atomic flip, and system-generated emails resolve the default with the fallback chain matter’s division → org → none. Notification creation pickers show <name> · <scope> so multiple templates sharing a scope are easy to disambiguate — API + Admin Portal

Improved

Settings → Notifications unified hub + scope-first creation form (#188) — Email Signatures renamed to Staff Signatures (and its Division dropdown bug fixed). Email Templates and Notifications merged into one Notifications page with three tabs (Notifications / Signatures / Footers). The notification creation form is rebuilt scope-first: pick Org / Division / Matter, then Audience (Clients / Counterparties / Third-parties / Assigned Staff) and Roles narrowing. Signature + Footer pickers default to Use organization default — API + Admin Portal
List-view UX standardization + envelope subject rename — verifications, requests, matters, envelopes, and managed-list pages share a consistent toolbar, row actions, and filter UX. Envelope title renamed to subject end-to-end — API + Admin Portal

Various fixes and improvements — 6 patches.

April 30, 2026

api@2.17.70 · app@2.17.65

Added

Self-view Activity tab (#176) — team members can view their own audit trail at Account → Activity: every login, profile update, credential change, and document action they have performed, paginated with date/time and metadata — API + Admin Portal
Credential file attachment (#175) — credentials can have a PDF or image attached directly (alongside external URL links). A paperclip icon on the credential row opens an inline viewer so the document never needs to be downloaded — API + Admin Portal
Employment Agreement upload (#175) — HR can upload a pre-signed agreement on the Employment tab; the team member sees it read-only with the same inline viewer. Agreements stored in a dedicated employee-docs/ prefix, isolated from org assets and matter files — API + Admin Portal

Improved

Participants list (#164) — Type column shows multi-bubble badges for all roles a person has held (e.g. Client and Counterparty). “Staff” renamed to “Assigned Staff”. “Last Matter” renamed to “Current Matter”. Participation count column removed. Eye icon at row end navigates to the profile. Counterparty and third-party entries now have dedicated profile pages (Profile + Matters tabs). Clients sidebar item removed — /clients redirects to Participants — API + Admin Portal
Matter detail page (#152) — “Folders” tab renamed to Drive; envelopes now appear inside Drive (standalone Envelopes tab removed). Staff section merged into Participants tab (standalone Staff tab removed). New Activity tab shows matter audit events. Summary card replaced with a horizontal stats bar: Matter ID · Created · Last Active · Status · Conflicts · In/Out — API + Admin Portal
Software assignments (#144/#168) — software name field is now a dropdown backed by the “Software Name” Managed List (no more free text). Username field added to assignments, pre-fills from the member’s Athenty login email and is independently editable — API + Admin Portal
Home Address moved to Personal tab (#171) — Home Address fields on the team-member profile and /account/profile now live under Personal instead of Employment — Admin Portal

Various fixes and improvements — 2 patches.

April 28, 2026

api@2.17.61 · app@2.17.57

Added

Hardware Inventory at Settings → Assets → Hardware (#167) — central org-level inventory for laptops, phones, monitors, VoIP phones, headsets, and any custom hardware type. Per-type rollup cards (total / available / assigned), filterable list of every unit with manufacturer / model / serial / MAC, and “Add hardware” defaults to Unassigned so HR can stock the pool first and assign later. Editing a unit lets you change the holder; deleting closes the assignment cleanly — API + Admin Portal
Team-member Add Hardware → Assign from inventory (#167) — the team-member Assets tab no longer creates one-off hardware records. Instead it opens a picker filtered by Hardware Type, lists currently-available units in inventory, and one click assigns to the member. Empty states deep-link to Settings → Assets → Hardware so HR can add stock without losing context — Admin Portal
Hardware Type wired to Managed Lists (#167) — the Type dropdown on every hardware surface now reads from the per-org asset_hardware_type Managed List. The legacy hardcoded enum (laptop / phone / monitor / voip_phone / headset / other) is seeded on migrate so existing assets render unchanged; orgs can rename, archive, or add new types from Settings → Managed Lists — API + Admin Portal

April 25, 2026

api@2.17.43 · app@2.17.40

Added

Compliance gate: matter required on every verification and envelope — both creation flows now refuse to advance without a matter, satisfying PCMLTFR s.86–88 / NI 31-103 s.13.2 / LSO By-Law 7.1 / PIPEDA Principle 4.4 / 5-year retention. New compliance doc explains the rationale per regulator. Athenty Snap was already enforcing the same rule, so the platform is now consistent end-to-end. Note: API clients calling /v2/api/requests or /v2/api/envelopes without matterId will now receive HTTP 400 — API + Admin Portal
Work locations multi-assign (#135) — HR can now assign a team member to multiple offices, mark one as the default, and toggle “Able to work remotely.” Member-initiated default change routes through the existing employment-change-request flow. The legacy users.work_location_id column is mirrored from the chosen default so the People Directory keeps working until consumers migrate to the new join table — API + Admin Portal
Primary-client picker on matter-create (#130) — searchable combobox between Reference and Description on the New Matter sheet. On save, files a follow-up POST to /matters/:id/participants with isPrimary=true. Matter is still created if the participant attach fails (toast tells you to add it from the Participants tab) — Admin Portal
Verification wizard matter step now supports inline matter creation (#87) — replaced the plain dropdown with the same Combobox + “Create new matter” picker used in envelope-create and Athenty Snap. Search, see open matters, or create one without leaving the wizard — Admin Portal
“Prior field” / “Next field” smart navigation on the signing page (#94) — signers now see field-aware nav buttons alongside the page-numeric nav at top + bottom of the PDF. Jumps to your next/prior unfilled field across page boundaries, with a “Field N of M” counter so you know where you are in the to-do list. Page navigation stays unchanged — these are peers, not replacements — Admin Portal
Auto-file badge on Folders tab (#131) — when a matter has email auto-file enabled (via the Matter Planner add-in), a navy “Auto-file ON · Emails landing in /Correspondence/Emails” badge now shows in the Folders tab header. Click → popover with a “Disable auto-file for this matter” toggle so you don’t have to bounce back to the add-in — API + Admin Portal
Folders keyboard shortcuts (#125) — F2 (rename), Del/Backspace (delete), Ctrl/Cmd+N (new folder), Esc (clear selection), Enter (preview). Shortcuts are scoped to the Folders tab and suppressed while a dialog is open or an input is focused — Admin Portal
Address autocomplete on profile (#132b) — the Home Address section now offers a quick-fill autocomplete that files change requests for all populated address fields (line 1, city, state, postal code, country) in one suggestion. Per-field manual edits still work — Admin Portal
Directory shows each member’s work location (#132e) — the People Directory card now populates the location badge from the member’s current workLocationId assignment. Updates to the daily/default selection model land in #132c–d — API

Fixed

Office Online preview banner on localhost dev (#129) — the inline Office viewer in the matter-folders previewer no longer renders a permanently-spinning iframe when the document URL is on localhost. Falls back to a banner pointing at the Download button (Office Online can’t reach localhost; production preview unchanged) — Admin Portal

Fixed

Profile change requests now show the actual person’s name (#133) — pending and historical rows on /account/profile and /settings/team/[member] no longer mislabel HR counter-proposals as coming from the staff member (or vice versa). Service joins on the requester / reviewer to surface real names; the broken reviewedBy === requestedBy heuristic in the timeline panel has been replaced with a subject-aware author resolver — API + Admin Portal
Sessions tab button overlap (#132h) — the Revoke / Sign-out-all controls no longer overlap user-agent text on narrow viewports; layout now wraps cleanly — Admin Portal

Improved

Settings → General consolidation (#132g / #139) — “Office Address” renamed to “Main Office Location” (with full phone / fax / email contact details). The lower “Locations” section is now “Other Office Locations”, reads from the same canonical org_locations store as Settings → Locations, and links there for any add / edit. The legacy duplicate Add-Location form (which was missing fax + email and clipped on the modal) has been removed — single source of truth, no more form divergence — Admin Portal
Work contact label clarified: the team-member “Extension” field is now “Office Line and Extension” to match how organizations actually format the value — Admin Portal
Notary + RON audit columns now use native PostgreSQL jsonb — replaces the runtime-parse Band-Aid shipped two days ago for the notary jurisdictions Sentry crash. Schema-level fix means TypeScript catches the bug class at compile time on every future read site, not just the one we patched. Same treatment applied pre-emptively to ron_sessions.audit_events to close the matching latent risk — API

April 24, 2026

api@2.17.24 · app@2.17.19 · snap@1.3.0

Fixed

Headshots now persist correctly and propagate to the team directory and org chart — resolved R2 key→URL resolver was missing from the org-explorer service — API + Admin Portal
Renamed the envelope list “Closed” tab to “Voided” for clarity (covers declined, canceled, and expired envelopes) — Admin Portal

Improved

Athenty Snap 1.3.0 — contact card email overflow fix; Settings flyout verification-type control clarified — Browser Extension

April 23, 2026

api@2.17.7 · app@2.17.2 · snap@1.2.1

Added

Universal participant lookup in Athenty Snap: the per-card search now spans clients, staff, counterparties, and third-parties across your whole org, with colour-coded type badges on every result; picking a match pre-fills name/email/phone and links to the backing client or staff record when available — API + Browser Extension
Staff added as a fourth participant role on the per-card selector — verifications tagged as staff IDV flow through the internal-user subject path — API + Browser Extension
Self-view Employment / Compensation / Health tabs on /account/profile — every team member can now see their own employee profile, salary band, and health record in read-only mode; inline suggest-edit is coming next — API + Admin Portal
Team member profile promoted to its own page at /settings/team/:userId — HR managers get a full detail page instead of a cramped 512px drawer; deep-linkable, scrollable tabs, room to grow — Admin Portal
Snap + Add-ins moved from Settings → Account: per-user pairing surfaces now live at /account/extensions and /account/add-ins, with org-wide toggles remaining in Settings; old URLs redirect automatically — Admin Portal
Signer page-nav mirror + actions bar: signers can jump to any page on the PDF and always see the core decline / draft / submit actions pinned as they scroll — API + Admin Portal
Athenty Snap manual entry, client lookup, and inline matter create: every card now has editable name/email/phone (no longer limited to what was on the page), a client-lookup search, and a required matter picker with inline “Create new matter” — Browser Extension

Various fixes and improvements — 10 patches.

April 19, 2026

api@2.17.0 · app@2.16.0

Added

Adopt-and-Sign: draw your signature once and apply it to all signature fields in one tap; same for initials; text and date fields with matching labels propagate with a single checkbox — Admin Portal
Live field overlay during signing: every assigned field is rendered directly on the PDF — unfilled fields appear as labeled placeholders, the active field pulses with a primary border, and filled fields show the captured signature image, initials, date, or text in-place — Admin Portal
Clicking any field on the PDF while signing jumps the right-hand panel directly to that field — Admin Portal
Page navigation toolbar on the signing PDF lets signers freely browse all pages to review completed fields without leaving the guided-fill flow — Admin Portal
Drag, resize, and draw signature fields in the envelope creation wizard: drag a placed field to move it, drag a corner/edge handle to resize, or drag on empty PDF canvas to draw a custom-sized box — Admin Portal
Creator can download signed (or original) PDFs directly from the envelope detail page — Admin Portal
Signers receive a countersigned interim copy immediately on the completion screen even while other signers are pending — Admin Portal
Pre-submit review step lets signers verify every filled value grouped by document and page before locking their signature, with one-click jump-back to edit any field — Admin Portal
Signers receive a per-signature receipt email immediately after they sign, with a 1-hour link to their countersigned PDF — no more waiting for all parties to finish — API
Certificate of Completion: every completed envelope generates a one-page audit trail PDF (envelope ID, all signers with timestamps, IPs, and identity assurance level, per-document SHA-256 hashes); downloadable from the envelope detail page and linked in the completion email — API + Admin Portal

Various fixes and improvements — 1 patch (field navigation skip bug).

April 18, 2026

api@2.6.15 · app@2.4.9 · snap@1.0.6

Fixed

Production envelope list endpoints returned HTTP 500 (column "version" does not exist) due to migrations 0037–0043 not being registered in the Drizzle journal; journal repaired — all pending migrations (editable envelopes, observer signers, acknowledgements, document templates, conversion tracking, comments, notaries/RON) will apply automatically on the next deploy — API

Various fixes and improvements — 1 patch.

April 17, 2026

api@2.4.1 · app@2.3.0 · snap@1.0.6

Added

Send envelopes for e-signature: new Envelopes tab in the sidebar with a step-by-step creation wizard — add documents, configure signers (parallel or sequential), and send in one flow — Admin Portal
Recipients sign via a branded magic-link page: review all documents, accept the ESIGN/UETA/PIPEDA disclosure, and click to sign — no account required — Admin Portal
Multi-signer support with parallel (all at once) and sequential (one at a time) modes; each signer receives a unique invite link — Admin Portal
IDV gate on the signing page: if identity verification is required for a signer, they are prompted to complete it before they can proceed — Admin Portal
Completion screen shows download links for all signed documents once every party has signed; partial-completion state shows a waiting indicator — Admin Portal
Signers can optionally decline with a reason; the sender is notified and the envelope is closed — Admin Portal

Various fixes and improvements — 0 patches.

April 16, 2026

api@2.4.1 · app@2.1.4 · snap@1.0.6

Added

Matter Planner add-on now wired into Stripe — activating on a Professional or Business plan creates a prorated subscription item on your existing plan invoice — API + Admin Portal
Confirmation dialog before Matter Planner activation shows the prorated charge — Admin Portal
Starter plan orgs see a disabled Matter Planner tile with an upgrade prompt — Admin Portal
Matter clients tab on each matter lists all contacts who have verification requests linked to it — Admin Portal

Improved

Verification invite emails now include the sending organization’s name in the subject and body — API
All captured IDV images and signature files are watermarked; originals are stored in an isolated private S3 bucket — API
Each contact card in Snap now has its own IDV / KYC toggle — send a mix of verification types in one batch — Browser Extension
Matter picker inline above the Send button lets you link all outgoing verification requests to an existing matter via debounced search — Browser Extension
Snap now groups detected names, emails, and phones into contact cards — all deselected by default, so you explicitly choose who receives a verification request — Browser Extension
Multiple contacts can be selected and sent as separate requests in one click, with a per-contact progress indicator and aggregate summary — Browser Extension
Field slots on each contact card can be overridden via inline dropdowns, and unassigned detected fields can be moved to any contact or used to create a new one — Browser Extension
Matter Planner icon state in browser extension background worker now handles tab-close race conditions without surfacing false errors — Browser Extension
Document camera now prefers landscape aspect ratio and raises the detection confidence threshold to reduce false auto-captures — Admin Portal
Liveness check left/right turn counter is explicitly reset at each phase transition, preventing count bleed from stalling the sequence — Admin Portal

Various fixes and improvements — 9 patches.

April 15, 2026

api@2.2.83 · app@2.0.96 · snap@1.0.1 · planner-gmail@0.1.0 · planner-outlook@1.0.0

Added

Matter Planner Gmail Add-on — link emails to Athenty matters from Gmail — Matter Planner (Gmail)
Matter Planner Outlook Add-in — link emails to Athenty matters from Outlook — Matter Planner (Outlook)
Matter Planner pairing flow in the Admin Portal — Admin Portal + Matter Planner
Document-first verification step order with OCR prefill for faster form completion — API + Admin Portal
Phone verify, second document, and estate verification step types — API
Six FINTRAC KYC compliance verification steps — Admin Portal
Estate tab, FINTRAC document labeling, and phone verified status on verification requests — API + Admin Portal
Phone verification status persisted to contact records on completed verifications — API
Browser Extension available on all plans including free — Browser Extension
One-time pairing code authentication for the browser extension — Browser Extension

Improved

PII detection coverage on non-Athenty websites raised from ~35% to ~60%, catching more name, email, and phone field patterns — Browser Extension

Various fixes and improvements — 15 patches.