Two-Factor Auth, Billing & Mention Center

Security gets a boost with Two-Factor Authentication, the Admin Panel gains full billing management with Stripe integration, and the Notification & Mention Center receives a complete refactor with bulk operations.

New Features

Two-Factor Authentication

Added two-factor authentication (2FA) for login, providing an extra layer of security for user accounts:

• TOTP-based authentication with QR code setup
• Improved implementation with secure token handling
• Seamless integration into the existing login flow

Admin Panel — Billing & Permissions

Significant expansion of the admin panel with billing and access control:

• Permission groups — create and manage admin permission groups with category-based access control (#2430)
• Secure auth wizard — guided account setup with password generation confirmation
• Account management — admin user creation and management with last access tracking
• Billing dashboard — analytics overview with key billing metrics and workspace context
• Transaction tracking — dedicated dashboard for transaction history with admin endpoints (#2434)
• Subscriptions management — manage workspace subscriptions with billing controls
• Upcoming invoices — invoice management dashboard with handling for 100% discount coupons
• Feature flags management — admin dashboard for feature flag configuration
• Server management — monitoring dashboard with server metrics, platform information, and platform version tracking
• Broadcast updates — endpoint for broadcasting web app version updates to connected users

Billing — Stripe Integration

• Transaction tracking — backend service with Stripe webhook queue processing for tracking all payment events
• Coupons and add-ons — management system for discount coupons and subscription add-ons
• Payment failure handling — improved webhook processing with Stripe charge details for better error reporting

Mentions & Notifications

Complete refactor of the Notification and Mention Center (#2413):

• Bulk operations — mark all mentions as read and hide all with a single action
• Queue-based synchronization — mentions are synchronized via a dedicated queue for reliability
• Message type tracking — added messageType field to track mention sources
• Improved data freshness — enabled refetch on focus and optimized stale time settings
• Bulk update queries — optimized database queries for bulk read/hide operations

Other Features

• SuperTeam — new team management feature (#2430)
• Inbox email signature — create and manage email signatures (#2424)
• Workload — new workload view feature with feature flag integration and table view dialog (#2389)
• Feature usage tracking — register feature usage for meeting channels, doc sign, and office features
• Task email notifications — notify task comment participants via email (#2434)

Bug Fixes

• Board: fixed automation type action enum (#2467), resolved Sentry errors (#2433)
• Live save: fixed live save behavior, mention toggle, and system notification issues (#2436)
• Webhooks: improved payment failure handling with detailed Stripe charge information
• MentionCenter: fixed horizontal scrollbar in the virtualized list
• Docs comments: improved error handling and simplified participant filtering
• Notifications: improved reduce pattern and simplified preference checks

Improvements

• API imports — reorganized model imports to use consistent ~ path alias, removing unused @ alias
• Notifications — moved notification services to internal directory for better organization
• Environment config — consolidated environment configuration and simplified local/dev environment checks
• CI — optimized pnpm caching strategy, added Cloudflare connecting IP header for accurate client IP logging