Right-Pane Drafts, Reliable Large Uploads, and Salesforce Invite to Quilia

Portal 2026.4.12 puts your draft in the right pane instead of taking over the page, fixes the silent failure on attachments larger than 10 MB by uploading straight to storage with a live progress chip, lets you drop an image or video right into the body of a case-page reply, adds underline and link buttons to the formatting toolbar, gives Salesforce and Litify firms the same one-click "Invite to Quilia" custom button Filevine already had, and appends a tamper-evident audit certificate to the back of every signed release.

Drafts Now Live in the Right Pane portal

Composing a reply used to take over the whole page. It now opens in the right preview pane, so the message list stays visible on the left while you type on the right.

• Side-by-side draft view: clicking a draft (or hitting Compose) mounts the editor in the preview pane. The old sticky title bar and full-page takeover are gone.
• Auto-save in the background: as you type, change the subject, or pick a recipient, the draft saves itself. There is no Save button to remember.
• Visible Discard action: drafts now have a clear Discard button, with the right permissions in place so the original sender can actually delete their own drafts.
• Edit-on-demand for scheduled and automated messages: scheduled and automated sends now render as a clean preview by default. You only enter edit mode when you actually need to change something, which keeps the list scannable.
• No more recipient bleed across drafts: the recipient picker now hydrates correctly when you open a scheduled message, and switching between drafts no longer drags the previous draft's recipient or body into the next one.

Large Attachments No Longer Drop Silently portal

The previous upload path on the case-page Sheet composer silently failed once a file crossed roughly 10 MB. The case-page composer now uploads the same way the global composer does: straight from the browser to Supabase Storage in resumable 6 MB chunks, with a 100 MB ceiling on the picker.

• Live upload progress on every attachment chip: the chip shows the actual percent complete, so you can tell when a large file is genuinely done before you hit Send.
• Resumable on flaky connections: if the network blips mid-upload, the upload picks back up from where it stopped rather than restarting from zero.
• Draft-first Sheet: the case-page Sheet now opens on a real draft and starts uploading to that draft from second zero. Send finalizes the draft, and an empty draft you close without sending discards itself.
• Storage cleanup on every delete path: when a message or its attachments are deleted, the underlying storage objects are removed in the same operation. No more orphan files left behind in storage after a delete.
• Filenames with spaces work: the upload path now accepts filenames containing spaces instead of erroring on them.

Inline Image and Video Drops on the Case-Page Composer portal

The per-case composer now handles inline media the same way the global composer does.

• Drop media on the editor body and it embeds: drag an image or video onto the body of the message and it renders inline.
• Drop other files on the footer attachment row: non-media files still land in the attachment row at the bottom, so PDFs and the like don't end up rendered as broken images in the body.
• Cursor lands somewhere typable: after the editor inserts an image or video, an empty paragraph is auto-inserted underneath so your cursor lands on a blank line ready to keep typing.

Underline and Link Buttons in the Formatting Toolbar portal

Both message composer surfaces (the global composer and the case-page composer) gained two long-missing toolbar buttons:

• Underline (Cmd+U): standard inline format, with the matching keyboard shortcut.
• Link with a popover editor: click the new link button to add or edit a URL on the selected text in place.
• Round-trips cleanly: the underline and link formats survive being saved as a draft and reopened, and survive being sent and viewed in the recipient's thread.

Polish Across the Messages List and Compose portal

A pile of small cuts that all add up:

• Independent scroll on the list and preview: the layout is now pinned to the viewport height, so the list and the preview pane each scroll on their own instead of the whole page scrolling.
• Row dividers on Drafts and Scheduled: the rows actually read as rows now.
• Drafts hidden from case Messages: drafts no longer show up in the per-case message thread. Scheduled-but-not-yet-sent messages get a Scheduled pill so you can still see them.
• List excerpts no longer mash words together: messages that crossed paragraph breaks used to render as "Isthis" in the list excerpt because the paragraph boundary was being eaten. Block boundaries are now preserved.
• Tab pills no longer wedge on rapid clicks: clicking quickly between Inbox, Sent, Drafts, and Scheduled no longer wedges the navigation, and the active tab no longer desyncs from the URL when you navigate via the sidebar.
• Cmd+B does not toggle the sidebar while you are typing: Cmd+B used to bold the selected text and toggle the sidebar in the same keystroke. The global sidebar shortcut now skips inputs, textareas, and the editor.
• Mail.app style refinement: the From, To, and Subject gutters were stripped down, the keyboard caption under Send now reads ⌘+Enter, and the template, save-template, and recipient pickers were unified into a single shared component across the global and case-page composers.

Salesforce: Invite to Quilia in One Click portal

Salesforce and Litify firms now get the same custom button to landing page to import-and-invite flow that Filevine already had.

• Custom button on the Salesforce case page: clicking it kicks off the matter import in Quilia (or fires just the invite SMS if that case has already been imported), and redirects to a live status page so you can see the import progress.
• Copy-paste link builder in integration settings: the integration settings page now exposes a builder so a firm's Salesforce admin can wire the button into their own Salesforce page layouts without needing a Quilia engineer in the loop.
• Cleaner client names: the Salesforce case importer now prefers the composed first name plus last name over the raw Account.Name field, since firms often munge that field with date of injury or matter number for their own list views.

Signed Releases Now Include an Audit Certificate portal

Signed PDFs come back with a one-page audit certificate appended after the composited signature page, modeled on the trailing audit pages from Dropbox Sign and DocuSign.

• Tamper-evident: the certificate captures signer name and email, the signed-at timestamp, the signer's IP address and browser, the envelope ID for that submission, and a SHA-256 hash of the source PDF.
• Captured everywhere it can be: the public sign-in-the-browser path captures the signer's IP and browser at sign time; the in-app signing path captures the same from the app's request; and the attorney-side regenerate path stamps the envelope ID and timestamp from the original submission.

Quilia Directory: Accounts Can Hold Multiple Listings directory

The directory now models providers as having many listings, instead of forcing each provider account to a single canonical entry.

• New /dashboard route: every signed-in provider lands on a dashboard with their listings as cards plus a recent-cases preview. The post-sign-in landing target that previously 404'd is now wired up.
• Sign up without being forced to claim: sign-up takes a practice or business name plus a personal name and creates the provider account in a single step. New providers land on the dashboard with a real session, with no "claim a listing" gate up front.
• "Add another listing" on the dashboard: once an account has two or more listings, the header gets a switcher so the provider can flip between listings, and the active listing is remembered across sessions.

Quilia Directory: Full Dark Mode Across Auth, Claim, and Onboarding directory

The directory app shipped its color tokens wired to the OS-level dark mode preference, but several auth shells and alert banners had hardcoded light-mode backgrounds, so cards stayed white while the inputs around them darkened. The mismatch is fixed across:

• The auth layout and the sign-in, sign-up, forgot-password, and reset-password cards
• Red, yellow, and green alert banners on every auth, claim, and onboarding screen
• The "NPI verified" pills on listings and similar-providers blocks
• The password strength indicators

Stability and Reliability Fixes portal

• April 28 background-task gap was a Supabase incident: SmartAdvocate, Filevine, and message-attachment background tasks went silent for several hours on April 28. The root cause was a platform-wide 403 errors for PostgREST requests incident on Supabase's API Gateway, identified at 21:36 UTC and resolved at 23:31 UTC. Tasks recovered as soon as their side resolved.
• Defensive fix for outbound tracing headers: while the April 28 outage was happening, we also turned off Sentry's automatic trace headers on outbound HTTP calls so an unrelated set of upstream firewalls would stop bot-scoring them. That fix takes care of the persistent MyCase 403 errors that had been accumulating since April 23. Same defensive fix landed on the mobile app side.
• Cold-start sign-in could not find an account on a small set of users: a phone-normalization migration on April 19 wrote 220 phone numbers in the format the database column accepts, but Supabase's auth layer normalizes phone numbers a different way before it matches them, so those users got a "couldn't find an account" error any time they cold-started the app. Existing logged-in sessions kept working. The phone column has been rewritten to match what Supabase's auth path actually expects, and the affected rows have been backfilled.
• Broken-image thumbnails in message preview on sandbox: attachment thumbnails on the staging environment were showing as broken images because the image host whitelist did not include preview-branch hostnames. Fixed via a wildcard on the storage host.
• Combobox popovers grow with their content: dropdown popovers no longer clip their own list.
• Discard click visibly does something: the Discard button on a draft now gives feedback the moment you click instead of looking inert.
• Compose click keeps the sidebar tab in place: clicking Compose no longer flips the sidebar tab away from where you were.
• Avatar fallback initial scales with the avatar: when the avatar circle is large (for example on the case detail screen), the fallback letter inside it now scales up with the circle instead of staying small.

Privacy and Security portal

• Storage cleanup ordering on message delete: the message delete path was removing the storage objects before the row delete, which on a failed delete could orphan attachments on a row that survived. The order is reversed so storage cleanup only runs against rows the database actually deleted.
• Cross-org case lookups locked down: the case-detail cache layer now scopes every lookup to the calling user's organization, so an admin client cache path cannot load a case from a URL UUID that belongs to another firm.
• Provider merge decisions table locked down at the row level: the audit table that records provider merge decisions is now locked down at the row level, matching the same pattern already used on the sync outbox table.