Google Sign-In, Custom Fields Security & Performance
This release adds Google OAuth sign-in to the registration and login flows, hardens custom field permissions with project-scoped authorization, and fixes several performance and data correctness issues in the reporting layer.
- Google Sign-In added to the registration and login screens — one tap to join or return
- Custom fields now enforce project-scoped ownership checks — a project manager in Project A can no longer mutate fields belonging to Project B
- Custom field routes now require role-based authorization at the route level (
requireProjectRole), preventing unauthorized reads and writes - Project overview report now correctly counts open issues (unresolved) vs all issues — the counts were previously identical due to a duplicated query
- Issue dependency link endpoint corrected — previously resolving to a non-existent route
- Subscription management UI in Profile screen now shows plan limits, current usage, and upgrade prompts
- Plan tier enforcement tightened — Starter org project and member caps now applied consistently at creation time