💰 Calculate your AI costs📅 Book a 30-min Demo📞 Call/text (571) 293-0242
Back to Updates

Week of May 8–15, 2026

ibl.ai EngineeringMay 15, 2026
Application

Watcher notification system, monetization UI with paywall configuration, agent sandbox management tabs, voice transcription abstraction, skills monetization platform, and comprehensive security hardening.

Frontend

Watcher Notification System

  • AlertsTab Component — new AlertsTab with full subscription management, event filtering, and notification preferences UI; backed by 1,000+ tests covering subscription CRUD, filter persistence, and real-time update flows
  • Notification Preferences UI — per-user global preference controls with per-type toggles and tag-based filtering, surfaced through a unified preferences panel integrated into user settings

Monetization UI

  • Paywall Configuration — complete paywall management with PaywallDetail component for editing paywall rules, PaywalledItemsList for managing gated content, and WizardStepIndicator guiding administrators through multi-step paywall setup workflows
  • Skills Monetization Platform — paywall guards for individual skills with 300+ Playwright end-to-end tests covering purchase flows, access control enforcement, and subscription state transitions

Agent Sandbox Management

  • New Configuration Tabs — added Settings, Sandbox, Skills, and Prompts tabs to the agent configuration panel with conditional visibility based on feature flags and user permissions, providing a structured interface for comprehensive agent customization
  • Responsive Navigation Improvements — dynamic max-width constraints on LLM name display prevent overflow in constrained viewports, improving readability across screen sizes

Backend

Notification & Watching Infrastructure

  • Watched Groups CRUD Endpoints — new WatchedGroupViewSet with full RBAC enforcement, inline watcher management, and user assignment controls; supports group-level subscription scoping for targeted notification delivery
  • Notification Preferences API — per-user global preference storage with per-type toggle granularity and tag-based filtering, enabling fine-grained control over which events trigger notifications and through which channels

AI & Agent Capabilities

  • Voice Transcription Provider Abstraction — configurable transcription provider layer supporting OpenAI, Google, and Groq backends with automatic fallback on provider failure, decoupling transcription from a single vendor dependency
  • LangChain Tool Output Sanitization — HTML stripping, content wrapping, and recursive sanitization applied to all LangChain tool outputs, preventing malformed or malicious content from propagating into agent responses
  • Message Content Validation — agent message handler now rejects empty or whitespace-only messages with a 400 response before invoking LLM inference, reducing unnecessary compute and improving API predictability

Security Hardening

  • XSS Prevention in XBlocksbleach.clean() with an explicit tag allowlist applied to all XBlock-rendered HTML, preventing cross-site scripting via user-supplied course content
  • Email Template SSTI ProtectionSafeEmailFormatter with field-level validation replaces direct template rendering, blocking server-side template injection through email template fields
  • OAuth Account Takeover Hardening — email verification requirements enforced on OAuth-linked account changes with audit logging of all account association events, closing account takeover vectors via social auth flows

OpenClaw Integration

  • Usage & Cost Data Exposure — new /usage/ and /usage/full/ endpoints expose per-session OpenClaw usage and cost data with session attribution, enabling platform-level cost monitoring and per-tenant billing analysis

Infrastructure

Database & Backup Operations

  • TimescaleDB-Aware Backup Restoration — backup restoration pipeline updated to handle hypertables and continuous aggregates, ensuring TimescaleDB-managed tables restore correctly without data loss or constraint violations
  • PostgreSQL Client Version Pinning — explicit client version pins in backup tooling prevent silent client/server version mismatches that caused intermittent restore failures
  • Read Replica Kill Switch — new operational control to suspend all read replica traffic during active restore windows, preventing stale reads and replica lag from affecting production queries during maintenance

Documentation

  • Agent Sandbox Documentation — comprehensive SDK docs for SandboxConfig, AgentConfigPrompts, and AgentSkills covering configuration schema, API contracts, and integration patterns
  • Enhanced Testing Guides — updated guides covering E2E coverage tracking methodology, SSO auth setup for test environments, and Playwright test organization best practices
  • Security Assessment & Hardening Skills — new security assessment skills with accompanying validation scripts for auditing XSS, SSTI, OAuth, and credential handling across platform deployments

Deployment

  • Next.js Server-Side Deploymentiblai-app-cli v1.4.0 adds auto-detection of Next.js server-side rendering requirements, selecting the appropriate deployment mode without manual configuration

REST API — New Endpoints

  • GET /api/core/orgs/{org}/usage/ — OpenClaw session usage summary with cost attribution per session
  • GET /api/core/orgs/{org}/usage/full/ — full OpenClaw usage detail including model breakdowns and session metadata
  • GET/POST/PUT/PATCH/DELETE /api/core/orgs/{org}/watched-groups/ — watched group subscription management with RBAC
  • GET/PUT/PATCH /api/core/users/{username}/notification-preferences/ — global and per-type notification preference management
Next →Week of May 1–8, 2026