Sign Dashboard Redesign, Folder Status Filters & AI Tools Settings

This week's release brings a major refresh to the Sign dashboard, sharper folder navigation with status filters, a reorganized settings area built around AI Tools, and a wave of Locker reliability and security fixes.

Propper Sign Enhancements

Dashboard

• Redesigned Sign Dashboard with Tabbed Inbox. The separate Inbox and Active Agreements sections have been combined into a unified tabbed panel. The Inbox tab shows agreements awaiting your signature with sender name, action buttons, and expiration info — urgent items expiring today are highlighted in red. The Active Agreements tab shows what you've sent with status badges, an expandable recipients list, and quick external links. The Drafts section now shows last action ("You created", "You modified") in a Google Docs–style format, and panels gain a 650 px max height with a scroll indicator for long lists.
• Folder Sidebar with Status Filters and Inline Creation. The agreements sidebar now includes status filters (Drafts, In Progress, Completed, Voided) with color dots so you can drill into a slice of your folder tree with one click. Folder creation is now inline — click the plus icon, type a name, hit Enter — and hover actions expose rename and delete without opening a modal. A new multi-select Status dropdown above the agreements table stays in sync with the sidebar filters. Learn about folders and filtering
• Accurate Status on Dashboard List. The Sign dashboard now displays the real IN_PROGRESS status instead of a phantom ACTIVE value, so the badge shown on the dashboard matches the badge shown on the agreement detail page.

Settings & Platform

• AI Tools Settings Section. The Integrations area has been renamed AI Tools and surfaces an MCP Connect Guide that walks admins through configuring MCP through Claude.ai connector settings. Tool cards for Claude Desktop, Claude Code, and Cursor appear when your org has the OAuth-client-creation entitlement. A matching AI Tools quick-action card has been added to the organization dashboard. Set up the Propper MCP Server
• Cleaner Developer Routes. Settings paths under /organization/settings/developers/* have been flattened up to /organization/settings/*. Old URLs continue to redirect to the new locations, so existing bookmarks keep working.
• Feature Gating Across Settings. The settings page now respects both your organization's entitlements and feature flags — Integrations and Developer sections automatically hide when nothing inside them is available, eliminating the empty-state cards that used to appear for orgs without those features.
• Friendlier Labels for OAuth Clients. Dynamically registered OAuth clients (DCR) now show the bound user and app name instead of RFC 7591 jargon, so the Developers list is readable at a glance.

Sign API

• New Locker Document Upload Endpoint. POST /v1/locker/documents/upload now accepts base64-encoded document content in a JSON body, decodes and stores it, creates the database record, and triggers AI ingestion when enabled. The new endpoint is gated behind a dedicated locker.api.upload entitlement so administrators can independently control API-driven uploads. API reference
• Alias-Based Recipient Matching for Templates. When sending an agreement from a template that uses the same role for multiple slots (e.g., two "Signer" recipients), the API now matches recipients by alias so the right person ends up in the right slot. This eliminates the ambiguity that previously caused recipients to be merged or assigned to the wrong role.
• Recipient Validation Aligned Across UI and API. Duplicate recipient (email, order) combinations now return a clean 400 error from the API, matching the UI's existing behavior. Recipient business logic is now shared across sign-api, bff, and web so validation rules behave identically wherever recipients are created.
• Search and Pagination on Templates Endpoint. The BFF /sign/templates endpoint now honors search, page, and limit query parameters end-to-end, so paginated and filtered template lists return the expected results instead of a full unfiltered set.
• Richer Template Detail Response. The template-by-id endpoint now exposes recipient slot and email fields, giving API consumers everything needed to render a template's recipient configuration without an extra round trip.
• Unified sign:admin Scope. OAuth tokens with the sign:admin scope are now treated as a superset of sign:read, sign:write, and sign:send, so administrative integrations no longer need to request every scope individually.

Locker

• Reliable PDF Previews. The document detail page now shows a loading skeleton while previews load and a clear error state if rendering fails, replacing the silent blank panes some users hit. A Content Security Policy adjustment ensures the preview iframe is no longer blocked by stricter browser policies. File-size displays that occasionally showed NaN B for documents with missing size metadata now render correctly.
• Hardened Document Uploads. POST /documents is now protected by Zod validation on every field, requires the locker.upload entitlement, and uses a new org-scoped blob-reference check that rejects file URLs pointing outside your organization's storage — guarding against path traversal, signed-URL abuse, and dangerous URL schemes.
• Cross-Org Isolation on Obligation Extraction. The extract-obligations flow now verifies document ownership before processing, ensuring obligations can only be extracted by the org that owns the source document.
• Audit Trail for Document Access. Document view and download events are now recorded to a per-org access log, giving administrators visibility into who is opening which Locker documents.
• DocuSign-Sourced Documents Always Stored. Documents arriving from DocuSign Connect are now always stored in Locker; AI ingestion is gated separately by the locker.ai.enabled entitlement so storage and AI features can be enabled independently.

Security & Reliability

• Sessions Invalidated on Bulk Revocation. When an administrator bulk-revokes user sessions, the BFF session validity cache is now flushed immediately so revoked sessions can no longer authenticate against cached entries.
• SSO Sign-In Falls Back to Email. Admin SSO sign-in now resolves users by email when an ID-based lookup fails, fixing rare cases where a user could not sign in after their underlying identity provider record was rotated.
• OAuth Client Lifecycle Management. Dynamic Client Registration (DCR) now includes lifecycle controls that prevent unbounded client proliferation, with administrative tooling to manage client state.

See these improvements in action. Book a demo to learn how Propper Sign streamlines your agreement workflows, or start your free trial to get started today.