Live Change Log

After successful auth (manual or auto-login), consume the apex-domain sp_checkout_plan cookie left by kamo-register and redirect the buyer to the brand /subscri...

When a member signup originates from a paid pricing CTA (?plan=pro|business), drop an apex-domain sp_checkout_plan cookie on completion. kamo-login consumes it ...

ESigService now validates X-Internal-Auth against the same shared secret APIService presents **************** from the *** k8s secret), hardening the programmat...

Picks up the new canonical templates esign.signer_verification + esign.signer_invite so seedForOrg can seed them on first send.

Add two platform-wide canonical email templates seeded lazily per org: - esign.signer_verification (step-up OTP: {{code}}, {{name}}) - esign.signer_invite (sign...

EsignMeterSubmissionService needs EsignUsageRecordRepository, but @EnableJpaRepositories didn't scan com.kamo.z.shared.esign.repos, so the context failed to sta...

#4 metering: - EsignMeterSubmissionService (@Scheduled daily): aggregates API-origin EsignUsageRecords per org+period; first 40/period included, the rest subm...

Add the E-Signature API scope to the org API-key manager so staff can grant Business orgs programmatic e-sign access. Usage beyond the included monthly allotmen...

Add /api/public/esign/** to PublicApiController: validates the org API key, requires the API_SIGNATURE scope, rate-limits, and forwards to ESigService's interna...

- EsignInternalController (/api/esig/internal/*): X-Internal-Auth + X-Org-Id authed, called by APIService after it validates the API_SIGNATURE-scoped key; r...

Additive, no version bump: - ApiKeyScope.API_SIGNATURE — gates the programmatic e-signature API (Business) - EsignGenericEnvelope.origin (EsignUsageOrigin, null...

Add a 'Send for signature' button to the template editor header that opens a dialog to send the document to recipients and track signing status, calling the new...

Add the OTK-authed /api/esig/envelopes API kamo-internal drives to send documents for signature, reusing the same shared-lib entities the public signing API rea...

Implement the /api/esig/public/* signing API the kamo-signer app calls, turning the live signer from preview-stub into a working backend. - validate (recipient...

Stripe (>= 2025-03-31.basil) rejects the legacy usage_type+aggregate_usage metered model ('metered prices must be backed by meters'), so USAGE_BASED add-on pric...

Surface the platform-product designation where it belongs — Platform → Organizations. Adds a gated Switch per org (disabled for the top-level org), a confirmati...

PlatformAccountSummary exposes isPlatformProduct + hasSubscriptionMarket; new PUT **************** (platform-admin gated) sets the flag and invalidates the org'...

Replace the derived 'owns a SUBSCRIPTION market' heuristic with an explicit, admin-set ownership flag. A platform product (e.g. sign.pink) is a white-label prod...

KamoCRM owns several markets **************** so resolveProductMarket must pick the SUBSCRIPTION-type (platform-access) market rather than the first active one....

A customer org (e.g. BluEleven) owns its OWN business markets (RETAIL/MORTGAGE) to run its company while remaining a customer of the KamoCRM platform — its memb...

EntitlementService now resolves each member's entitlement root via EntitlementRootResolver (nearest market-owning ancestor-or-self) instead of walking to the to...

Introduce EntitlementRootResolver: the nearest market-owning ancestor-or-self of an org (its product root), falling back to the platform top-level. This decoupl...

/network re-fired fetchNetworks on every background session refresh and hid the whole list on any fetch error, so a transient blip or a stale hasPlatformAdminAc...

Check in the in-progress esign model: EsignEnvelopeRecipient (+repo), EsignFieldValue (+repo), EsignRecipientStatus, and an ESignSignerType update. Additive; no...

New append-only usage entity (mirrors AiUsageRecord) emitted at signature completion. Only API-origin signatures count toward a plan's monthly included quota + ...

User reports email-preview link clicks still do nothing AND text selection is killed mid-drag. Right-click and hover both work, so the anchor element is intact ...

Favicon PNG/ICO frames were produced with keepAspectRatio(false), stretching any non-square logo into a distorted square. Center-fit the logo on a transparent s...

provisionUpdate (run on every custom-labeling save) wrote config/css/manifest but never regenerated favicons — those were only produced by provisionFull. An org...

provisionUpdate (run on every color save) rewrote the org's css/globals.css in place, but that object only exists once provisionFull has copied it from the defa...

The branding tab built logoFullUrl as logo-full.svg on mount, ignoring the org's logoFullExt. Full logos uploaded as png/jpg/etc. live at logo-full.{ext} in Min...

update_tls_store() only ran at startup and on shared-storage imports, so a cert freshly issued by cert-manager (HTTP-01) was Ready with a tls-* secret but never...

Traefik v3 disables an IngressRoute router with services: [] when allowEmptyServices is off (as it is here), so the domain-agnostic HTTP->HTTPS redirect router ...

Custom org domains (e.g. login.sign.pink) returned Traefik's bare "404 page not found" over plain HTTP: the only port-80 redirect router was hardcoded to *.kamo...

sign.pink is a new apex domain (consumer e-signature brand / white-label Kamo tenant org). Pre-seed apex + www so a Let's Encrypt cert exists before first HTTPS...

Both the template and regular upload conversion pipelines swallowed Docs conversion failures (logged only), leaving is_converted=false with no recorded reason —...

LoanProductForm was a single narrow column (maxWidth: 880) with hardcoded English everywhere. Now uses the same enterprise pattern as the offer page: Layout: -...

The new-offer page was a tall narrow column on wide screens — wasted half the viewport. Now uses CSS Grid with the form on the left (5fr) and a live "Offer Prev...

You asked for full real estate, modern, polished — last refactor put a single-column form inside a full-width shell, which is exactly the wide half-page-of-empt...

Three UX gaps the offer page had after the prior refactor: 1. Empty state. When a market has no Loan Products yet, the dropdown used to silently render empt...

Spring Data JPA derives the repository bean name from the interface's simple class name, not from the @Repository("...") qualifier value, so the prior workaroun...

The QuickActionsBar "New Loan Offer" action pointed at /commerce/personal-loans/new but no such page existed, so Next.js routed to the dynamic [loanId] page wit...

Adopts the modern enterprise pattern (gradient header + breadcrumbs + back arrow + full-height flex shell + card-grouped content on light gray canvas) used else...

The SecurityService image at 761019b was built before shared-lib d14dc54 (which renamed the personal-loans Loan entity to JPA name "PersonalLoan" to resolve the...

Adds PERSONAL_LOANS to the COMMERCE_TYPES and EngagementType lists so the new KamoLOS personal-loans market can be created from the markets/new and markets/edit...

KamoInitializerService failed to boot because two @Entity classes named 'Loan' and two repository classes named 'LoanRepository' both wanted to register the sam...

Frontend polish (T6): - New lib/format.ts: locale-aware Intl helpers — formatCurrency / formatDate / formatDateTime / formatPercentBps. Replaces hardcoded t...

- New LoanChargeOffReasonCode enum (A_BANKRUPTCY..H_OTHER) per IRC §6050P - Loan.chargeOffReasonCode column - **************** multi-filter @Query for regulator...

Used by **************** to reactivate an existing PAUSED plan instead of creating a duplicate row that orphans the paused one.

When LOS_PROXY_HMAC_SECRET env var is set, the proxy now computes **************** secret) and sends X-Proxy-Signature + X-Proxy-Timestamp alongside the X-Org-I...

- LoanRepository: countByStatus / countByOrganizationAndStatus + Page<Loan> findByStatus(...) / **************** / **************** + **************** for...