AO Accounting now lets any user change their own password at will, and requires users with admin-set temporary passwords to choose a new password before accessing the app.
View full change log
Added
- Forced password change on first login: users with admin-generated or reset passwords must set a new password before accessing the app.
- Voluntary password change: any authenticated user can change their own password at any time — treasurers via Settings → Security, admins via the sidebar.
Changed
- Password change page now shows context-aware heading and instructions depending on whether the change is forced or voluntary.
Fixed
- After a voluntary password change, users are redirected back to their dashboard instead of the login page.
- Profile photo file input no longer overflows its card in the treasurer Settings tab.
Roadmap
- Next: admin user settings page — personal settings area for admin users covering password change, display name, and preferences.
AO Accounting now includes the beta transaction-review fixes for Bonfire income classification, per-transaction drawer reset behavior, clearer adjustment/exclusion copy, credit-card merchant suggestion handling, and treasurer pullback workflow polish.
View full change log
Added
- Added Bonfire as an income Source Type option in the transaction review drawer.
Changed
- Clarified adjustment/correction copy so treasurers use it only for non-reporting exclusions and use refunds for income reversals, overpayments, refunds, or expense credits.
- Updated the roadmap for transaction-review polish, split transaction coding, credit-card payment drilldown, treasurer digest emails, and budgeting by revenue/expense account.
Fixed
- Reset transaction review drawer state before loading each record to stop sticky tag and review-field carryover.
- Initialized credit-card merchant mode before payee hydration and stopped silently auto-applying cached merchant hints.
- Improved the missing merchant warning to tell treasurers to select or create a merchant on the Payee step.
- Removed unsupported prompt() dependencies from pullback workflow actions and required notes directly in the drawer.
- Allowed saved drawer notes to count as the required pullback reason.
- Showed Pull Back to Pending on every pending-approval review drawer tab.
- Showed matching existing merchants immediately for imported card descriptions without requiring users to clear and retype.
Roadmap
- Next: split transaction coding, credit-card payment drilldown, treasurer digest emails, and account-level budgeting.
AO Accounting production now keeps both Fly app machines warm during deploys, reducing stopped-machine lease contention and making future releases more reliable.
View full change log
Changed
- Production machine policy now keeps both app machines running instead of auto-stopping them between requests.
Fixed
- Disabled Fly auto-stop and required two running app machines in production after the failed 1.7.0 rollout.
- Backfilled the missing production release metadata so the live version and release-notes APIs reflect the deployed payment hardening release line.
Roadmap
- Next: continue the email notification track and forced-password-change prerequisite work.
AO Accounting now includes the completed treasurer/admin payment request workflow, transaction linking, linked document reuse, and notification routing needed for reliable payment processing.
View full change log
Added
- Resettable local payment-request QA protocol and fixture-reset script for clean end-to-end validation.
Changed
- Payment requests now default to Drafts and admin processing collapses the old Approved bucket into Processing.
- Search, linking, notes history, and embedded notification routing now stay inside the correct admin and treasurer shells.
Fixed
- Payment request save and submit, receipt upload, attachment linking, linked-note carryover, and Mail Check address handling were hardened across the full treasurer/admin flow.
- Transaction linking now carries payment method and payee type, enforces same-payee and same-amount matches, and reuses linked request documents for approval.
Roadmap
- Next: email notification delivery and the forced-password-change prerequisite work.
Admins, approvers, and treasurers now have a cleaner workspace experience plus stronger user-management controls.
View full change log
Added
- Admin pages now consistently route through the v2 shell experience instead of legacy standalone screens.
- Treasurers now land directly in their assigned or preferred program, and approvers stay inside the correct admin workspace.
- User management now supports explicit MFA reset, admin-managed mailing addresses, and generated-password modal workflows.
Changed
- Legacy hamburger-era admin surfaces were retired in favor of the current shell and embedded hub structure.
- Session management now includes idle-timeout warning support and stronger authenticated-session handling.
- Local QA workflow now resets canonical dev accounts deterministically for safer release verification.
Fixed
- Password resets no longer silently clear MFA enrollment.
- Approval and treasurer navigation issues in the refreshed admin shell were resolved during rollout.
- Soft-deleted users are now blocked cleanly from login, impersonation, and default admin listings.
Roadmap
- Next up: payment system hardening, admin overview polish, and the remaining roadmap cleanup and deploy follow-through.
AO Accounting 1.5.1 fixes validation-drawer draft saves, tightens release-process documentation, and reduces security-scan noise without changing the broader workflow model.
View full change log
Changed
- Canonical docs were reconciled after the v1.5.0 release so roadmap and reset-plan docs now reflect the shipped state.
- Security documentation now matches the actual current scanning setup, and the roadmap now tracks the remaining security-scanning hardening work.
Fixed
- Removed the stale Open processing queue button from the admin Overview page.
- Reduced security-scan CI noise by limiting dependency scanning on pull requests to dependency-related file changes.
- Validation-drawer draft and progress saves no longer fail when short description is blank; that requirement now applies only to non-draft progression and approval paths.
Roadmap
- Next: harden the security scanning system beyond dependency monitoring.
AO Accounting now includes in-app feedback reporting for treasurers and admins, along with workflow hardening across payee review, storage handling, and release discipline.
View full change log
Added
- In-app feedback widget in the admin and treasurer shells for bug reports and feature requests, with a super-admin Feedback review tab in Administration
- W-9 review now shows submitted payee details alongside each verification checkpoint, with pending approval badges and automatic W-9 submission during payee creation
- Google Cloud Storage is now the active backend for receipts, payee documents, IRS uploads, program logos, and payment request attachments, with migration tooling for historical files
Changed
- Feedback now defaults to the visible subpage context, supports triage statuses, and shows new-item badge rollups in the admin shell and Administration tab
- Local QA handoff now requires agents to prepare the correct worktree, local server, login route, and QA credentials before browser testing
- Repo discipline now keeps the long-lived main checkout clean and requires real roadmap/spec/process docs to be published intentionally on branches
Fixed
- Feedback badges and review-list state now update live across nested admin shells and clear once an item leaves the new state
- Payee and W-9 review flows now behave correctly across TIN updates, address display, pending badge refresh, and admin deep links
- Local SQLite migration and release-note normalization fixes keep python3 main.py, /api/version, and /api/release-notes working during the Phase 7 gate
Roadmap
- Hosted staging should be reassessed before the next higher-risk release because this deployment still relies on local validation plus production smoke
AO Accounting now runs on a cleaner release model with safer storage handling, smoother payee and W-9 review workflows, and the completed reset-plan guardrails needed for disciplined future releases.
View full change log
Added
- Admin W-9 review now shows submitted payee details alongside each verification checkpoint and pending approval badge counts in Payments
- W-9 uploads submitted during payee creation now auto-submit for admin review, and W-9 notifications deep-link into the Payments workspace
- Google Cloud Storage is now the active backend for receipts, payee documents, IRS uploads, program logos, and payment request attachments, with migration tooling for historical files
- The project now has active release-manager, production-ops, and repo-hygiene guardrails plus a formal Phase 7 quality gate for future releases
Changed
- Payee creation now relies on entity type instead of a separate tax-classification field
- Attachment and document reads honor each record's stored backend so legacy S3 files remain readable while new writes use Google Cloud Storage
- The repo now enforces main/dev release discipline, canonical docs, and the lightweight deferred-staging decision for the first reset-completion release
- Historical repo and workspace clutter was archived or documented so the active AO Accounting surface is easier to navigate
Fixed
- Payee updates no longer fail when TIN-related production secrets are configured correctly
- W-9 review address display, pending badge refresh, and admin overview program links now behave correctly
- Receipt uploads no longer double-submit, and larger PNG uploads no longer hit the earlier 502 path from avoidable memory spikes
- Local SQLite release-note date normalization now keeps /api/release-notes and /api/version usable during the Phase 7 local gate
Roadmap
- Hosted staging will be reassessed before the next higher-risk release if the current local-plus-production gate stops providing enough confidence
Major expansion of financial management capabilities including an in-app payment request system, transaction pullback and correction workflows, AO income classification, CSV export, MFA page redesign, and a suite of data quality improvements.
View full change log
Added
- In-app payment requests: submit, review, and approve payment requests directly in the platform, with payee selection, line-item amounts, purpose categories, and a full approval workflow
- Transaction pullback requests: treasurers can request to recall a submitted transaction for corrections before it is finalized
- Short description field on transactions for plain-language annotation alongside the raw bank description
- Fiscal Sponsor Contribution income type for classifying pass-through contributions from fiscal sponsors
- AO income source classification: tag income as AO-managed or member-generated with de-duplication support to prevent double-counting
- MFA enrollment and login pages redesigned with the v2 visual style for visual consistency with the rest of the platform
- CSV export in the Admin → Data Management interface: export filtered transaction data to a spreadsheet with one click
- Payee created-by tracking: each payee record now logs which admin user created it for accountability
- Validation data backup system: automated snapshots of transaction validation state to support audit recovery
Changed
- Adjustment and correction transactions are now excluded from program income and expense totals so that bookkeeping entries do not inflate reported figures
- IRS category fields are locked once a fiscal year is finalized, preventing retroactive changes to categorized transactions
- Payment reconciliation now writes audit ledger entries for 1099-K and AO-1099 tracking whenever a payment request is linked to a bank transaction
Fixed
- Adjustment amounts no longer inflate program income or expense totals
- Duplicate payee alias check now enforces uniqueness correctly across all programs
Cosmetic and display improvements across the admin interface.
View full change log
Changed
- "Leagues" tab renamed to "Program Slugs" in Administration nav
Fixed
- Duplicate program cards caused by concurrent render calls
- Programs container not filling full width inside admin iframe
- Release notes not displaying newest entries first
- User account indicator incorrectly shown on MFA verification screen
Platform-wide security improvements including CSRF protection, XSS prevention, stricter access control enforcement, and financial data precision upgrades.
View full change log
Added
- CSRF protection (Flask-WTF) on all forms and API routes
- XSS escaping for user-supplied content in admin and treasurer interfaces
- Soft delete for transactions (is_deleted / deleted_at fields)
- Status field validators on transactions and payment requests
- MFA requirement enforced on all batch API operations
- CRITICAL log warning when MFA dev bypass is active outside development
Changed
- Financial amount columns upgraded to Numeric(19,2) for precision
- All migration files standardized to use shared DB engine
Fixed
- Open redirect vulnerability in login and impersonation flows
- Missing access control on batch API endpoints
- Cross-program data leakage in programs API
- Float arithmetic on financial amounts replaced with exact Decimal
Resolved admin data management issues with batch deletion and database table scrolling.
View full change log
Fixed
- Database table now supports horizontal scrolling in the admin embed; batch deletion now cleans up related records and delete-all uses the correct endpoint.
Updated the MFA code entry screen to match the v2 AO Accounting styling for a consistent sign-in flow.
View full change log
Changed
- MFA verification UI now uses the v2 login layout and visual system.
Admin v2 styling and merchant management upgrades, plus reporting/admin tab consolidation.
View full change log
Added
- Administration now embeds Programs/Users/Leagues/Release Notes in v2 tabs.
- Reporting tab embeds IRS Reporting with full v2 layout.
- Merchants now support edit + add-alias actions with alias chips and full list visibility.
- Payments tab shows pending W-9 and processing count badges.
Changed
- Payment Methods UI unified to the Payment Admin panel styling.
- Admin Whats New nav label and page styling aligned to treasurer.
- Section header bands tightened to treasurer v2 sizing across admin embedded panels.
Fixed
- Merchants API now returns full list and alias arrays, plus supports merchant rename updates.
- Legacy header/table styles normalized in Users/Leagues/Release Notes.
- Removed extraneous merchant refresh UI and aligned create/search spacing.
Merchant selections now persist after refresh, and the credit-card merchant field is a single unified control.
View full change log
Added
- Merchant quick-create now uses the same field as merchant search.
- Pullback request placement refined for approved transactions.
Changed
- Merchant mode no longer clears saved selections on load.
- Payee/merchant helper text streamlined for credit-card transactions.
Fixed
- Merchant field duplication removed; search/create hides after selection.
Treasurer login routing, payment request lifecycle controls, and MFA enrollment styling updates.
View full change log
Changed
- Treasurer login now routes to a program overview (last program if available, otherwise first alphabetically).
- Pending Validation section defaults open in the treasurer overview.
- Cancel now returns a submitted request to draft; delete is a soft delete that moves drafts into History.
Fixed
- MFA enrollment page restyled to match the new forest theme.
- Removed pull-back button in favor of a single cancel action for submitted requests.
Major treasurer workflow enhancements, server-side search, 1099 logic refinements, and UI consistency across payees, validation, and release notes.
View full change log
Added
- Global transaction search from treasurer view (server-side across all FYs) with pop-down results; clicking jumps to the transaction (switches FY, scrolls, highlights).
- What's New? tab in treasurer navigation.
- Treasurer Payees tab reworked to match new treasurer layout (Create/Directory sub-tabs).
Changed
- Validation wizard: 1099 reportability now reflects reimbursement + IRS line 13 + original payment method (1099-K for card/PayPal/Venmo G&S), plus cleaned original payment method options/labels.
- Validation wizard UI cleanup (docs/notes helper text removed, buttons aligned; redundant receipt indicators removed).
- Payment request tab badges on Drafts/Active/History with program/FY scoping.
Fixed
- Treasurer Transactions CSV export now returns all transactions for selected FY.
- Search no longer filters the current page; now uses server results only.
- Payee creation layout overflow and clearer "select or create a payee" validation.
- Release notes version prefix no longer duplicated (v instead of vv).
Simplified user roles to reduce confusion and align access rules across the app.
View full change log
Added
- Role cleanup migration to normalize legacy assignments.
Changed
- Admin/approval access now uses super_admin and approver only.
- Program/treasurer access consolidated under league_treasurer.
Fixed
- UI role lists now match backend enforcement.
Refined the transaction validation tutorial with clearer guidance, improved highlighting, and income/expense-aware steps.
View full change log
Added
- Tutorial now adapts to income vs. expense details.
- Guidance added for when there are no pending transactions.
Changed
- Tutorial copy now emphasizes validation and submitting for approval.
- Pending validation section auto-expands during the tutorial.
Fixed
- Highlighting now targets the review modal instead of the table row.
Internal transfers for fiscal sponsor contributions, stronger refund handling, and a clearer review experience.
View full change log
Added
- Fiscal sponsor contribution income/expense types with internal transfer accounting.
- Refund linking with search plus refunded status badges.
- Receipt exemption request + admin approval workflow with persistent flags.
Changed
- Transaction review modal reorganized with collapsible sections and short descriptions.
- Approved income/expense totals now reflect approved-only transactions.
- Flag and refund handling syncs validation notes and status updates.
Fixed
- Flag counts and visual indicators on treasurer/admin lists.
- Refund/adjustment validation and receipt exceptions.
- Save/submit status errors in treasurer/admin review flows.
Roadmap
- Treasurer CSV export with filters.
- Annual budgeting line items and progress views.
- Payment request feature for leagues.
Baseline overview of core admin and treasurer workflows now available in AO Accounting.
View full change log
Added
- Admin dashboard with program financial summaries, fiscal year controls, and audit activity log.
- CSV import workflow with batch tracking, duplicate detection, and normalized transactions.
- Program + league management with role-based access control and MFA.
- Transaction review workflow: validation notes, tags, receipts, receipt exemptions, and admin flags.
- Refund linking and adjustment/correction handling with status indicators.
- IRS reporting views, transaction exclusions, and database browser.
- Treasurer overview with approved income/expense totals, bank balance, and validation queues.
- Treasurer transaction review with receipts, flags, and refund linking.
- Automated backups of validation data with Google Drive storage.
- Release notes management with Whats New highlights on key pages.
Roadmap
- Payment request workflow for treasurers.
- Annual budgeting with line items and progress tracking.
- Treasurer CSV reporting exports.