--- title: "Week of April 17-24, 2026" slug: "platform-update-2026-04-24" date: "2026-04-24" tag: "Application" summary: "External service proxy foundation, multi-server deployment topology, OIDC rate limiting, AI memory categories, and comprehensive agent configuration skills." author: "ibl.ai Engineering" --- ## Frontend ### API Changes - **Memory Status API:** Added `getMemsearchStatus` query for `/api/ai-mentor/orgs/{org}/users/{user_id}/memsearch-status/` endpoint with student and admin access, enabling user Profile memory tab visibility gating via memsearch-status instead of memsearch-config - **Data Reports API:** Enhanced analytics report generation with configurable date picker and obvious regeneration buttons that appear post-download via enriched API responses - **Buy Flow API:** Implemented complete buy page with `/buy/[id]` route and product purchase API integration supporting platform authentication flows ### UI Components - **Skills Profile SDK:** Migrated skills profile components and course content sub-tabs to common SDK components with comprehensive test coverage (95%+ line coverage across flagged files) - **Course Content Framework:** Added full course content layout system including course access guard, content loading states, tab page navigation, outline drawer, and timed exam components with EdX iframe integration - **Memory Management UI:** Implemented ManageCategoriesModal for add/rename/delete memory categories, wired via new "Categories" button in memory tab with anonymous/embed mode gating - **Audit Log Analytics:** Added audit log statistics component with Command UI for filtering and data visualization in mentor analytics ### Data Model - **Pagination Component:** New ibl-pagination component with comprehensive test suite for data navigation - **Memory Categories:** CRUD operations for memory categories with real-time conversational assessment producing structured GradeResult objects ## Backend ### API Changes - **External Service Proxy:** Phase 1 foundation with config-driven proxy models for services, endpoints, credential policy, request execution, and async jobs under `/api/ai-proxy/` gateway namespace with default ElevenLabs and HeyGen configurations - **Global Memory Filtering:** Added session_id filtering and case-insensitive content search to user global memory list endpoint via standardized UserGlobalMemoryFilterSet with start_date/end_date filtering and UserGlobalMemory.source_session index - **Chat History Transformers:** Pluggable system for provider/model-specific message normalization with GPT-5 family transformer that strips Responses-API ephemeral kwargs and flattens annotated content blocks to prevent 400 "missing index" errors ### Data Model - **External Proxy Models:** Complete data model with ExternalService, ExternalEndpoint, ExternalCredentialPolicy, ExternalRequest, and ExternalJob entities supporting service registry resolution, credential resolution, and runtime orchestration - **Audit Logging:** Enhanced audit log infrastructure with ReportTask.created_at field distinguishing request time from Celery pickup time, retry_selected_reports admin action for bulk failed report retry - **Monetization Integration:** Configurable on_successful_payment redirect URLs on paywall configs with checkout redirect enrichment including platform_key, subscription_id, and email query params ### Security Capabilities - **OIDC Token Rate Limiting:** Two-layer throttle system on `/openid/token` with per-IP DoS cap (default 200/min) and per-(ip,client_id) failure-only counter (default 10/min) reading client_id from form body or HTTP Basic auth - **Magic Link Security:** CSPRNG-based 6-digit verification codes via secrets.choice() with per-token failed-attempt lockout using failed_code_attempts field and configurable MAGIC_LINK_MAX_FAILED_CODE_ATTEMPTS - **Authentication Hardening:** Per-account login throttling on OAuth token endpoint to prevent credential stuffing with configurable ACCOUNT_LOGIN_THROTTLE_RATE (default 5/min) and 429 response when budget exhausted ### Infrastructure - **Chat History Middleware:** Graph agent ChatHistoryMiddleware packs intermediate tool-calling AI messages and tool results into final AIMessage's additional_kwargs["__intermediate_messages__"] with session detail endpoints exposing additional_kwargs and tool_calls - **Client Context RAG:** Enhanced vector similarity search with client_context metadata integration for improved retrieval relevance in multimodal runners, call agents, and quiz customizer ## Infrastructure ### Deployment - **Multi-Server Topology:** New deployment architecture option with VPC containing 4 subnet tiers, NAT gateways, N app EC2 instances, 1 services EC2, optional RDS MySQL/PostgreSQL, Redis ElastiCache, and EFS shared storage supporting 2-10 app servers - **Placeholder Key Protection:** Automated IBL_FERNET_KEY rotation in service-update to prevent LMS crash-loops when placeholder keys are detected, with secure key generation and backups directory creation ### Security Capabilities - **Content Security Policy:** Report-Only baseline implementation with default-src, script-src, style-src, img-src, font-src, connect-src, object-src, and base-uri directives across LMS/CMS/MFE/Notes nginx configurations, flag-gated via IBL_REVERSE_PROXY.ENABLE_CSP_BASELINE_REPORT_ONLY - **CORS Configuration:** Environment-configurable CORS policy for Data Manager with CORS_ALLOW_ALL_ORIGINS, CORS_ALLOWED_ORIGINS, and CORS_ALLOWED_ORIGIN_REGEXES replacing hardcoded allow-all pattern - **OAuth Provider Consolidation:** Absorbed 58 OAuth settings into managed ibl-edx-base-oauth-sso-backend plugin with 49 new defaults under IBL_EDX.IBL_EDX_BASE_OAUTH_SSO_BACKEND namespace ### Infrastructure - **Progress Tab Configuration:** Configurable ENABLE_PROGRESS_TAB_STUDIO_LINK via MFE_CONFIG for deployment-specific Studio link visibility control replacing CSS-based hiding - **Redis TLS Support:** Complete Redis TLS connection support with ssl_cert_reqs=CERT_REQUIRED for Celery broker/result backend URLs and Django cache CONNECTION_POOL_KWARGS ## Vibe ### Skill Framework - **Agent Configuration Skills:** Comprehensive skill set for agent management including iblai-agent-access, iblai-agent-api, iblai-agent-datasets, iblai-agent-disclaimers, iblai-agent-embed, iblai-agent-history, iblai-agent-llm, iblai-agent-memory, iblai-agent-prompts, iblai-agent-safety, iblai-agent-search, iblai-agent-settings, and iblai-agent-tools - **UI Component Skills:** Navigation skills including iblai-navbar for platform navigation with real page integration, iblai-profile with complete metadata and media upload API information, and iblai-marketing-landing for product presentation ## Documentation ### Developer Guides - **External Service Proxy:** Complete documentation with ElevenLabs and HeyGen integration examples, error handling patterns, and implementation guidance for service proxy system — [https://ibl.ai/docs/platform/external-service-proxy/](https://ibl.ai/docs/platform/external-service-proxy/) - **RBAC System:** Comprehensive developer guide explaining role-based access control mechanics with all endpoints for permission management, global roles configuration, and team sharing patterns — [https://ibl.ai/docs/platform/rbac/](https://ibl.ai/docs/platform/rbac/) - **Notification System:** Detailed application-level notification system documentation covering event handling, delivery mechanisms, and integration patterns — [https://ibl.ai/docs/platform/notifications/](https://ibl.ai/docs/platform/notifications/) ### API Documentation - **Chat Metadata:** Updated API endpoints for metadata fetching with current implementation patterns and integration examples — [https://ibl.ai/docs/api/chat-metadata/](https://ibl.ai/docs/api/chat-metadata/)