Backend actions designer + automated runtime token rotation
Two big additions for Studio + the operations side: a real designer for server-side actions, and a one-click connection check that rotates the runtime token automatically when the dashboard and server drift out of sync.
- Studio · Backend actions: form-driven designer, draft persistence, live source preview, real save-to-repo via the same GitHub Contents API path schema commits use
- Dashboard · Environment: Studio↔runtime connection panel with one-click verify and automatic rotation through the new control endpoint baked into the deploy webhook
- Multi-server: centralized active-server resolver, persistent breadcrumb on every dashboard + Studio page, every cross-page link now carries the active server scope
- GitHub repo token: centralized validity checks, audit events on every write, fixed the silent placeholder bug that made Studio think it had a token when it didn't
- Schema designer: SSMS-style explorer with honest demo / repo / draft separation, CSV importer reads existing tables from the connected repo so append/replace works against real data
Domain attach + Let's Encrypt issuance
Connect a custom domain from the dashboard, mint a TXT record for DNS-01, watch the certificate land in real time. Renewal is automatic.
- DNS-01 challenge flow with TXT-record minting + verification poll
- Auto-renew via certbot on the Droplet, surfaced as a status pill in the dashboard
- Cloudflare-managed subdomains for accounts that don't bring their own DNS
Member invites + email delivery
Invite teammates, accept via magic link, role-bound dashboard access. Backed by Resend.
- Owner / Admin / Member / Viewer roles with per-section access enforcement
- Magic-link accept flow with HMAC-signed cookies
- Resend integration for invite emails (env-gated by RESEND_API_KEY)
Live log tail + replay
Server-side polling streams the runtime activity feed every five seconds. Replay reconstructs exactly what a share recipient saw.
- Live log tail on /dashboard/logs
- Replay surface for shares, including which fields the recipient could read
- Hash-chained ledger for tamper detection
Founding launch — managed dashboard for the open runtime
StealthQL Managed goes live. Launch a Droplet, attach a repo, ship.
- DigitalOcean Droplet provisioning with cloud-init bootstrap
- GitHub auto-deploy via webhook on every push to your configured branch
- Automatic backups to DO Spaces, every day, encrypted at rest
- CSV importer in Studio with type detection and PII flagging
- Open-source runtime (npm package) hits 0.1.0 alongside the managed launch