What shipped
All reposKey FrontendKeystoneKey Service Sites (KSL/GHK)Training Centre (STC/CPD)Key ProtosKeyflowCompany Backend (Strapi)Key Docs
All authorsJoshYG-TheKeyOwenTourlamainRhadamanthus1TheTomWardalex-wilson-the-keycpoteylunky84robin-agentsarahcthekeysnyk-io-eu[bot]
33 PRs · 4 repos · 9 contributors · 6 Jun – 6 Jul
Monday, 6 July 2026
Key Frontend
- JJoshYG-TheKeyThe frontend now displays AI-generated answers with styled source links to knowledge documents, enabling users to see where KeyGPT found its information.#2109 — feat(sources): PENG-3401 apply keydoc-aware source styling to KeyGPT messages
Key Service Sites (KSL/GHK)
- Rrobin-agentThe key_service_sites microservice now applies timeouts to all gRPC calls including page-rendering operations, preventing worker threads from getting stuck waiting for unresponsive backend services.#1983 — feat: PENG-3675 gRPC deadlines, 16MB limits, and django-q task retries
Keystone
- Rrobin-agentKeystone's gRPC calls now have timeouts to prevent workers from hanging indefinitely on slow services, retries for transient failures, and the assignment cleanup moved off the blocking request path.#1497 — feat: PENG-3675 gRPC deadlines, retries & async assignment cleanup (supersedes #1496)
Thursday, 2 July 2026
Key Frontend
- CcpoteyRestored a missing academic year filter that wasn't appearing when viewing school organization pages in group workspaces.#2120 — fix(3674): add missing academic year picker
- Rrobin-agentEnabled administrators to assign coming-soon training items in advance and fixed the My Training notification badge to exclude those items that aren't yet available.#2108 — feat: PENG-3648 make coming-soon items selectable and fix badge count
- TTheTomWardUpdated user-facing text on training records pages to provide clearer information to end users.#2119 — fix(update-copy): PENG-3603 Update copy for better info on training records
Key Service Sites (KSL/GHK)
- SsarahcthekeyConfigured the key_service_sites container to run as a non-root user for improved security in production environments.#1981 — feat(key_service_sites): run container as non-root user (PLA-380)
Keystone
- Rrobin-agentAutomatically deleted orphaned training assignments when a user account is permanently removed from the system to prevent data inconsistencies.#1494 — feat(signals): PENG-3643 delete assignments when KeyUser is deleted
Wednesday, 1 July 2026
Key Frontend
- Llunky84The frontend now includes a record ID in API requests for certificate retrieval, enabling the system to fetch certificates based on specific record identifiers.#2116 — PENG-3540 certificates from record id
Keystone
- Llunky84User authentication now bypasses caching during password resets so that login immediately validates against the new password hash instead of stale cached credentials.#1493 — PENG-3667 fix reset password stop caching KeyUser
Tuesday, 30 June 2026
Key Frontend
- Aalex-wilson-the-keyRemoved a temporary restriction on training assignment creation that is no longer needed.#2115 — Revert " PENG-3663 assign training academic year date restriction"
- Llunky84Fixed certificate downloads to match what's actually displayed in the table by reusing existing download logic instead of re-querying the server with different filters, and cleaned up orphaned code.#2114 — 3540 certificates download refinements
- Llunky84Added a restriction to prevent training assignments from being created beyond the current academic year.#2113 — PENG-3663 assign training academic year date restriction
- Llunky84Unified certificate downloads across multiple apps by routing them through the orchestration service and consolidated duplicated code into shared utilities.#2107 — 3540 call orca service for certificates
Friday, 26 June 2026
Key Frontend
- CcpoteyFixed CSS cascade ordering issues in Next.js by adding !important declarations to ensure styles apply correctly.#2110 — fix(3653): fix css in wrong order
- CcpoteyRestored the ability for logged-out users to return to their original training link after login by preserving and passing through the return URL across the authentication flow.#2101 — fix(3642): add return url chaining to training app correctly
Keyflow
- CcpoteyEnsured the local development database doesn't restore a stale deprecated validation URL when reset, preventing authentication issues during testing.#68 — fix(db): PENG-3645 clear MYKEY authorisation_redirect_url in set-data…
Keystone
- CcpoteyRemoved a stale redirect URL from the MYKEY application record that was causing login flows to hit a deprecated endpoint instead of returning users to their intended destination.#1490 — fix(auth): PENG-3645 clear MYKEY authorisation_redirect_url via data …
Thursday, 25 June 2026
Key Frontend
- Rrobin-agentThe expired assignment feature is now enabled in production, allowing users to see assignments marked as expired at the end of the academic year instead of overdue.#2105 — feat: enable SHOW_EXPIRED_ASSIGNMENTS in production
- Llunky84Staff members with in-progress courses now appear in the course result table filter under their current academic year instead of being hidden when their completion date is missing.#2106 — PENG-3647 course result table date filter fix
- Rrobin-agentAdmins assigning training courses now receive warnings when selecting courses being replaced, the extend assignment feature has been removed from the UI, and expiry messaging has been updated to reflect the new academic year-end expiration model.#2104 — feat(training): course end date restrictions and expired assignment updates
- Llunky84An empty commit was created to resolve a technical pipeline issue unrelated to functionality.#2102 — chore: empty commit to trigger pipeline
- Aalex-wilson-the-keyThe training app was refactored to use a new orca service for handling certificates instead of the previous implementation.#2093 — PENG-3540 certificates via orca service
- CcpoteyA timing fix prevents training data from being incorrectly recorded under the wrong organization when workspace switches fail.#2100 — fix(3636): tiny tweak to switch and start ordering
Wednesday, 24 June 2026
Key Frontend
- SsarahcthekeyUpdated the protobufjs library to patch 7 high-severity security vulnerabilities that were affecting multiple parts of the application through its dependencies.#2099 — fix(deps): PLA-411 bump protobufjs to 7.6.4 to fix 7 high-severity CVEs
Key Service Sites (KSL/GHK)
- Rrobin-agentMade text and messaging updates to the website for ticket 3635 to improve user-facing copy.#1978 — 3635 copy tweaks
Tuesday, 23 June 2026
Key Frontend
- OOwenTourlamainThe dashboard now groups overdue and expired assignments under a single 'Overdue' label while keeping separate visual indicators in tables, and fixes progress bars to show the combined proportion of overdue work in red and expired work in dark red.#2084 — feat: PENG-3480 expired assignment status
- Rrobin-agentSocket.IO WebSocket connections from the browser to the assistant tunnel on rentabot are now proxied through the frontend domain to avoid being blocked by Cloudflare Access restrictions.#2095 — fix: PENG-3498 proxy Socket.IO through frontend domain on rentabot
Key Service Sites (KSL/GHK)
- CcpoteyImages no longer silently disappear from articles when the Wagtail editor encounters rendering errors, preventing accidental data loss when users save pages after editing.#1976 — 2fix(rich_text): PENG-3622 Preserve image embed data when editor rende…
- RRhadamanthus1Unused application settings and the context processor module that served no active purpose have been removed as part of cleanup operations.#1977 — chore(settings): PENG-3499 prune unused settings
- RRhadamanthus1Obsolete OIDC middleware that was designed for the old user-facing Django template system has been removed since the application is now a headless backend.#1972 — chore(middleware): PENG-3499 remove unused oidc middleware
- RRhadamanthus1The single-access-session middleware and related functionality have been removed because no new tokens of this type have been created in years and stakeholders confirmed it is unused.#1974 — Peng 3499 remove single access session middleware
- RRhadamanthus1The redirect middleware has been removed because its functionality is now handled by Kubernetes infrastructure-level redirect rules that are already in place.#1973 — chore(middleware): PENG-3499 remove redirect middleware