2026-04-06 / slot 2 / DECISION

Decision Log: Billing and Connector Access Hardening on 2026-04-06

ON THIS PAGE

Decision Log: Billing and Connector Access Hardening on 2026-04-06

Context#

This update cycle was centered on decision-level changes to a billing and connector management area, with most work focused on access control, tenant resolution, connector setup, and operational reliability. The visible pattern across the changes is consistent: reduce authorization ambiguity, make demo-tenant behavior predictable, improve connector onboarding, and strengthen scheduled internal processing.

A separate working-directory change touched CI authentication token data, but the tracked product-facing work for this date is concentrated in the billing and connector domain.

What changed#

Several related decisions landed together:

  • Demo-tenant access and role resolution were corrected multiple times, indicating a focused effort to stabilize a previously inconsistent path.
  • Billing synchronization behavior was updated to support automatic month selection.
  • Role checks for billing sync were tightened by switching to a more appropriate admin-level gate.
  • Internal scheduled and service-driven execution paths were aligned under a shared authorization pattern for cron or authenticated access.
  • Tenant resolution was updated so cron-driven internal work receives the role context it needs.
  • Connector onboarding was expanded with encrypted API key storage in both UI and endpoint layers.
  • Google connector authorization was unified behind a dedicated authorization endpoint.
  • The billing UI navigation was reorganized to expose an Automation grouping.
  • Daily reporting capability was added in the billing area.
  • Security review findings were addressed across the affected surface.

Why these decisions matter#

The most important outcome is not a single feature, but a cleaner operating model.

First, tenant resolution and role handling appear to have been a recurring source of friction. Repeated fixes around demo tenants, role resolution, and internal cron access suggest the system previously had edge cases where the acting tenant or privilege level could be interpreted inconsistently. Tightening those rules reduces the risk of failed scheduled jobs, blocked demos, or accidental authorization mismatches.

Second, the connector work improves both usability and trust. Adding encrypted API key handling and standardizing OAuth entry points makes connector setup more coherent while reducing exposure from ad hoc credential flows. This is especially important in areas where external services feed billing, reporting, or activity synchronization.

Third, support for automatic billing-period selection lowers operator effort for recurring sync tasks. That kind of decision matters because billing systems often fail at handoff points: wrong month, wrong tenant, wrong privilege, or wrong execution path. The changes here directly target those failure modes.

User-facing impact#

Readers evaluating the practical effect should expect:

  • More reliable demo-tenant access in billing workflows.
  • Fewer permission-related failures during sync and scheduled operations.
  • A more consistent connector authorization experience.
  • Safer handling of provider API credentials.
  • Better discoverability for automation-related billing features.
  • Improved resilience in reporting and background synchronization.

Implementation notes#

The implementation touched both UI and API areas, along with supporting billing logic, connector authorization handling, scheduled task endpoints, helper utilities, and tests. There were also documentation/help updates, but those appear secondary to the access-control and billing-flow corrections.

Decision summary#

The core decision for this date was to prioritize correctness of execution context over incremental feature breadth. In practice, that meant standardizing how billing operations determine tenant, role, and authorization source; then building connector and reporting improvements on top of that foundation.

This is a strong decision for a system that depends on scheduled jobs, external providers, and tenant-scoped financial views: if the execution context is wrong, every downstream metric or sync result becomes suspect. These changes move the platform toward a more deterministic and supportable billing workflow.