Shipping update - 2026-03-09

Highlights

• Exception investigation in the assistant workflow now returns cleaner grouped results with better time boundaries, built-in filters, and direct dashboard jump points for deeper analysis.
• System-generated refresh tokens are now protected from deletion, and token listings now show who created each token so administrators can quickly separate human-managed and system-managed credentials.
• OAuth consent and callback pages were standardized by removing redundant per-page policy handling so authentication responses behave consistently across integration surfaces.

What this enables

• Faster triage during incidents because similar exceptions are grouped predictably and can be traced into deeper dashboards with less manual digging.
• Safer day-to-day operations for admins by preventing accidental revocation of critical system credentials.
• Clearer access audits by exposing token ownership context directly where token lifecycle actions happen.
• More reliable sign-in and authorization journeys because policy behavior no longer depends on page-specific overrides.

Technical wins

• Exception retrieval was migrated to a more consistent query strategy with stronger grouping keys, stable escaping, sorted/limited output, and expanded tests around query construction and formatting.
• Token protection is enforced at both API and UI layers, including explicit forbidden paths and UI guardrails, so blocked actions cannot bypass policy through direct calls.
• OAuth template handling was simplified across success, error, and consent responses, reducing drift and lowering the chance of edge-case regressions during future auth changes.