Linear Expansion, Workflow Improvements, and Security Patches

Integrity Error when deleting a Linear board with linked components has been fixed. Cascading deletion of Linear boards has been corrected: when a board is deleted, all linked components and labels are now automatically removed from Linear, foreign key constraint conflicts have been eliminated, and dependency handling at the database level is now correct. Support for deleting legacy records, including inherited data with components, has also been added.

Cascading deletion of Linear integrations with automatic cleanup of related data. When a board is removed from a project through the interface, all associated data is automatically deleted from the database: tasks, worklogs, comments, statuses, and activity records. The operation is executed atomically with correct foreign key constraint handling. A deletion progress indicator has been added to the interface.

Automatic Linear token monitoring with manager notifications on access issues. Linear token validity checks have been integrated into the existing monitoring process. Alongside Jira, GitLab, GitHub, and Notion, the system now automatically verifies that Linear API tokens are current. When an invalid or expired token is detected, an alert is created in the activity feed, and a personal notification is sent via messenger (Slack or Telegram, according to project settings) to the project's PM and DM, specifying which board needs to be reconnected. This ensures a unified health monitoring system across all integrations.

A "Fetch Statuses" button has been added for manual task status synchronization. A button has been added to the Linear integration management interface, allowing users to manually trigger a task status fetch via the API. The retrieved data is saved in the format required for Agile metrics calculations (lead time, cycle time, throughput), with statuses correctly mapped to workflow stages for subsequent analytics.

"Fetch missing worklogs" option added for flexible worklog synchronization management. After the first successful sync, the system records the date and time of the last data fetch for each board. In the settings for a specific board, this value can be manually adjusted to re-fetch data from a chosen date. At the project level, a global "Fetch missing worklogs" option allows bulk resetting of the sync start date across all connected boards at once, enabling recovery of historical data or closing gaps in synchronization.

Full Linear sprint integration for Ongoing dashboards and PM Agent. Linear Cycles are now treated as the equivalent of sprints: the system parses and stores the name, start and end dates, task list with statuses, and progress. Data is available in the Ongoing dashboard for sprint planning and team velocity tracking, and has been integrated into the PM Agent context for answering questions about the current sprint, progress, and closed story points. An incremental update mechanism has been implemented: if a completed sprint's name, dates, or task list changes, the system automatically syncs the latest data on the Enji side.

Meeting deletion with a transcript, with protection against accidental removal. A full meeting record deletion flow has been implemented: a delete icon has been added to each row in the Meetings table. Clicking it opens a confirmation dialog showing the meeting name and a warning that the action is irreversible and the transcript will be lost. The dialog is controlled by "Cancel" and "Confirm" buttons, with a loading indicator during processing. After successful deletion, a notification reading "The {meeting_name} meeting has been deleted" is displayed, and the meeting list updates automatically. Error handling with corresponding notifications is in place. The dialog closes when clicking outside it or pressing "Cancel" without deleting.

Meeting deletion directly from the meeting card. A delete icon has been added to the header of the Meeting info card. Clicking it opens the same confirmation dialog used in the list view, with a transcript loss warning and "Cancel" and "Confirm" buttons with a loading indicator. After successful deletion, the user is automatically redirected to the Meetings page, where a notification reading "The {meeting_name} meeting has been deleted" is displayed. The UX behavior is consistent with deletion from the list.

Bulk project assignment for meetings. After selecting multiple meetings via checkboxes, the "Delete" and "Assign project" buttons appear in the bottom panel. Clicking "Assign project" opens a "Project Assignment" dialog with a table containing the following columns:

1. "Meeting" — the meeting name with date and time
2. "Current project" — the current project assignment or "Not defined"
3. "New assignment" — a dropdown for selecting a new project

A "Same for all" toggle applies one project to all selected meetings, syncing all dropdowns simultaneously. Available actions are "Clear selection," "Cancel" (closes without changes), and "Confirm" with a loading indicator that sends PATCH requests. After a successful application, a notification reading "{number} meetings have been reassigned to other projects" appears in the top right corner for 3-5 seconds, and the meeting list updates automatically.

Project assignment and reassignment from the meeting card. In the right panel of the Meeting info card, the "Project" block displays the currently assigned project with its icon and name, along with an edit icon. If no project is assigned, a "+ Assign project" button is shown instead. Clicking the button, the edit icon, or the project name opens a dropdown with a search field for filtering projects by name in real time and a list of all available projects with colored icons and names; the current project is also included in the list. When a project is selected, a PATCH request is sent, the dropdown closes, and the "Project" block updates. On initial assignment, a notification reading "Meeting has been assigned to project" is displayed; on reassignment, "Meeting has been reassigned to another project."

Informative placeholder states for the Summary and Transcription sections. A set of states has been implemented for various scenarios:

• "Processing in progress" – displayed while generation is running immediately after the meeting ends.
• "Meeting processing in progress" – when the exact time cannot be determined.
• "Oops! Something went wrong" – on loading or generation errors.
• An empty meeting list states with additional information about connecting to the service.

Protection against bypassing the Day Off limit through multiple requests. A consecutive day-off control system has been implemented to prevent limit bypass through separate requests; employees can no longer take more than two consecutive days off, regardless of how many requests they submit. For example, it is not possible to file a request for August 1-2 and then a separate request for August 3. The next day off can be taken no earlier than 3 working days after the last one; when a new request is created, the system checks all approved and pending requests for that employee. Protection against filing a day off on weekends has also been added. HR users are exempt from these restrictions and can create any sequence of day-off requests. When a rule is violated, the system displays an informative error message specifying the nearest available date.

Day Off and Sick Leave requests are blocked for employees in their first 3 months. The system now blocks day-off and sick leave requests for employees who have not completed their probationary period. When attempting to create a request, the user receives an informative warning explaining the reason for the block and the date when the feature will become available. Validation is enforced at both the client and server levels.

Discrepancy between Absence Overview and the employee profile was resolved with a unified calculation system. A critical vacation balance calculation error has been fixed: the "Current balance" column in Absence Overview now displays the actual value, matching the data shown in the employee profile, instead of duplicating the "Balance at start of year" value. The vacation accrual system has been rewritten with unified calculation logic for all employee types; an accrual and deduction history has been added to the employee profile. A global vacation recalculation button for all employees has been added to "Absence Settings" to correct historical data. Edge cases involving late work record entries and simultaneous vacation start and accrual have also been fixed.

Custom absence rules are now applied in chronological order by start date. A critical bug in the custom absence rule application logic in Personal Settings has been fixed: rules are now applied strictly in chronological order by the "Start date" field, regardless of the order in which they were created in the interface. Automatic end date calculation has been implemented for records without an explicit "End date" when a new rule with a later start date is added. Edge cases with hard period overlaps have been handled, and rules in the table are now sorted by start date in descending order. Balance recalculation runs only when new rules are created and does not affect existing data retroactively.

Automatic Jira task creation on absence approval has been disabled. When vacation, day-off, or sick leave requests are created and approved, Jira tasks are no longer generated; the entire request handling process now takes place entirely within Enji. The flow is as follows: an employee creates a request → it appears for HR and approvers in Enji → the request is approved → the status is updated in Enji, with no intermediate tasks in an external tracker.

Critical cross-project data leak vulnerability via vector search has been fixed. A security issue has been resolved (CWE-284: Improper Access Control, HIGH severity): the is_chat_agent=True flag in execute_query() was completely disabling the setting of the copilot.projects_ids session variable, causing SQL queries to execute without any project-level filtering. Fail-closed protection checks have been added at three critical points: when project_ids is absent or empty, functions now immediately return an empty result with a warning in the logs instead of searching the entire database. Nine unit tests covering all protection scenarios have been added.

IMPACT: A vulnerability has been closed where a PM Agent request submitted without project_ids or with an empty project list would trigger a search across the entire vector database, including documents, chats, metadata, and thread references from other users' and companies' projects, representing a direct confidential data leak.

Critical vulnerability fixed: chat and conference agent SQL queries were ignoring project scope. A security issue has been resolved (CWE-284: Improper Access Control, HIGH severity) in the SQL paths of chat and conference agents. Project scope is now enforced for all agents, including chat_agent and conf_agent; the parameters = None bypass mechanism has been removed; mandatory WHERE project_id = ANY(...) filtering has been added at the database level, and view behavior has been changed from permissive-by-default to deny-by-default when no explicit project is specified.

IMPACT: A vulnerability that allowed access to chats and meeting records from other projects has been closed. Previously, data isolation depended entirely on the prompt sent to the language model, which could be ignored or manipulated, rather than being enforced at the database level. The deny-by-default principle is critical for SOC 2 Type II and ISO 27001 compliance and for protection against insider threats in organizations with separated teams and hundreds of projects.

PM Agent request submission error on mouse click has been fixed. The "Input data should be a string" (400 Bad Request) error that occurred when submitting a request by clicking instead of pressing Enter has been resolved. Data is now correctly serialized and validated server-side regardless of the submission method.

Single-item selection bug in global filters has been fixed. The "All" state detection logic in the filter component has been corrected: the system now always uses the full list to determine whether all available options are selected, rather than the filtered list. This eliminates the erroneous activation of "All" mode when selecting the only item found in a search and ensures correct filter behavior regardless of the number of items in the filtered list.

GitLab Self-hosted commit parsing fixed when the branch list changes. A GitLab Self-hosted parsing issue has been resolved: when the set of tracked branches in a repository changes (for example, from the default branch to .*? for all branches), the last parsed date in the Group table is now automatically reset, and the checkpoint is removed from the gitlab.repository.commit.forward.<repository_id> settings. This ensures a full re-parse of commits from the beginning, including historical commits from newly added branches that were previously ignored due to a stale last-sync date being retained.

An informative placeholder state is added to the AI Summarizer widget when the PM Agent is unavailable. In the AI Summary widget on the "Activities" tab of the employee profile, the static placeholder text that previously imitated real analytics has been replaced with a clear message indicating that PM Agent is not connected to the organization or that the service is unavailable. When PM Agent is present and accessible, the widget operates normally, displaying real analytical data.

Smart dropdown added for PM Site selection when connecting integrations in the project creation wizard. On the "Add integrations" step, the URL text input field has been replaced with a dropdown that automatically loads existing PM Sites for the current organization, filtered by source type: when connecting Jira, only Jira PM Sites are shown; YouTrack shows only YouTrack PM Sites, and so on. When a PM Site is selected from the list, the URL and instance type are automatically populated in the form. If the required PM Site does not yet exist, it can be created directly in the input field; on form submission, a new PM Site will be created with the corresponding source type. Placeholder states for cases where no matching PM Sites exist have also been implemented. Backward compatibility is maintained: when no PM Sites exist at all, the field behaves as a standard URL input.