Changelog

Rename deployed stacks from the detail drawer. Display name is cosmetic — Pulumi stack name stays untouched for all operations.

Org-level naming pattern in Admin settings. Set a pattern like {org}-{project}-{env}-{type} — Key Vault, SQL Server, Storage Account names auto-fill in the deploy form. PE sets the convention once, every deploy follows it.

Globally unique resource names (Key Vault, SQL Server, ACR, Storage Account, App Service) exposed as config fields across all Azure templates. PE names resources — no more random suffixes.

PE can revert a blueprint to any previous version from the Versions tab. Full state restored: code, config fields, governance, metadata. Published as new version for full audit trail.

Every config value and resource output is automatically exported by the base template class. Stack detail shows full visibility: SKU, runtime, team, environment — everything the PE and dev need.

Forked and imported blueprints use the exact same code path for deploy, upgrade, rollback, and drift. One path, no special cases. Previous config values pre-fill on upgrade.

Locking a field auto-removes required. Requiring a field auto-unlocks it. No more confusing state where a field is both locked AND required.

Edit title, description, features, use cases, cost estimate, deploy time, and tags directly in the UI. No code editing needed to customize blueprint cards.

Terraform import now uses Pulumi's native converter for accurate property mapping, then AI wraps in Archie framework. Sample code pills for all clouds and formats. Azure tenant_id auto-injected from credentials.

Azure templates and heavy workloads (EKS, Aurora) auto-route to ECS Fargate — 8GB memory, no timeout. AWS/GCP stay on Lambda for fast cold starts. Zero config for PE.

Platform Engineers add, remove, and edit deploy form fields without touching code. Add custom fields like team_name with type, default, group, and help text.

Pulumi state locks from Lambda timeout or OOM are automatically cleared before every deploy. No more 'stack is locked' errors on retry.

3-Tier Web App (App Service + SQL + Key Vault + Insights), Container App (ACR + Log Analytics), and Functions Stack (Storage + Insights). Stacks tab in catalog.

App Service (web hosting with managed identity), Key Vault (secrets management with RBAC), and SQL Database (with TDE encryption and firewall rules). Azure template count: 4 → 7.

Drift detection, noise filtering, and compliance checks now work on Kubernetes alongside AWS, Azure, and GCP. 5 K8s compliance rules: no :latest tag, resource limits, no privileged containers, network policies, labels.

Full approval flow for production deploys. Dev submits → PE reviews with full context (blueprint, config, cost, compliance) → approves or rejects with comment → dev clicks Deploy Now with config pre-filled. Dashboard cards show pending/approved status for both roles. Devs can cancel pending requests.

Drift detection works end-to-end on Azure. Detects modified resources (tag changes, rule changes) and deleted resources (subnet removed, NAT gateway deleted). Azure NSG noise filtered out.

Sign in with Microsoft alongside Google. Multi-tenant Azure AD support — enterprise teams can use their existing Microsoft accounts. Same session, same org auto-provisioning.

Export audit logs as JSON or CSV from the admin page. Owner and Platform Engineer role only. For compliance reporting and security reviews.

New 'What's New' page in the sidebar. See all recent features, fixes, and improvements with unseen count badge.

Platform Engineers can now mark fields as 'Required' separately from 'Locked'. Required fields must be filled at deploy time — existing stacks are prompted to fill them on upgrade.

Environment and region are auto-populated from earlier steps — no more duplicate inputs. Target environment pre-selected from template name (-nonprod → Dev, -prod → Prod).

Studio AI now generates Azure, GCP, and Kubernetes templates with cloud-specific imports, resource types, and naming conventions. No more AWS-only output.

Templates published by external users go to their company catalog (not the starter library). Code edits create new versions instead of overwriting the original.

Each deploy gets a unique 4-character suffix to prevent accidental overwrites when deploying the same template twice.

Fixed DynamoDB injection risk, silent error handling, shared utility deduplication, hardcoded regions replaced with env vars, TypeScript types strengthened.

Platform page now groups users by organization with collapsible rows showing member count, plan, and total deploys.

4 new Azure templates: VNet Non-Prod, VNet Prod, Virtual Machine, and Application Gateway. All follow the Archie framework with factory.create() and cfg() helper.

Security architecture documentation available for enterprise evaluations. Covers credential handling, tenant isolation, audit trail, and compliance.

Pre-deploy compliance scanning with 22 rules across AWS (10), Azure (7), and GCP (5). Critical violations block deploys. Owner/PE can override.

Pulumi plugins (AWS, GCP, Azure Native, K8s) pre-installed in Docker image. Eliminates 800MB+ download on cold start for Azure deploys.

Convert Terraform HCL to Archie framework, push to GitHub, create company blueprint with enriched metadata. Full governance lifecycle on imported templates.

Acknowledge drift with reason (category + expiry). Deploy blocked on unresolved drift. Humanized drift values — ingress rules shown as readable text.

Roll back to any previous successful deploy from the History tab. Rollback preview shows resource changes, Slack notification on completion.

Blueprint version upgrades with safe-change detection. Outputs injection prevents resource replacement. Preview matches actual deploy.

Platform Engineers lock fields and set values per environment. Locked values enforced at deploy time — developers cannot change them.

Role-based onboarding: Guest (11 steps), Platform Engineer (9 steps), Developer (5 steps). Help button with tour trigger.

Real-time notifications to #archie-activities for deploy, destroy, drift detected, and drift remediated events.