Changelog

Catalog now renders ONE card per use case instead of separate cards per engine variant. Fork creates a single company blueprint carrying both Pulumi and Terraform code. At deploy time, pick which engine to run alongside the profile and Cloud Account. Code editor includes an engine toggle that preserves unsaved edits per engine.

Company blueprint cards show PULUMI / TF badges based on which engine codes are stored on the row. Dual-engine forks display both; single-engine shows one. Visible at a glance without opening the detail drawer.

Five Terraform starters added to the catalog matching their Pulumi siblings resource-for-resource: VPC (24 resources), EC2, S3 Static Website, RDS Postgres, and Lambda Function. Plus a new Pulumi Lambda starter to complete the pair. Cluster under unified concept cards in the catalog.

Stack drift panel now shows the green 'No drift detected' state whenever zero resources are drifted, regardless of underlying status. Previously, edge-case statuses (failed, checked, unknown) with 0 drift rendered as red 'Fix Drift' — now correctly shows healthy.

Filtered AWS-computed post-create attributes (instance IDs, ENI associations, EIP allocations) from TF drift output. Empty-string-to-AWS-value transitions are no longer flagged as drift. Eliminates false-positive drift entries on fresh TF deploys.

Terraform drift remediation no longer wipes the S3 state prefix when remediating whole-resource deletions. State file is preserved; remediate restores missing resources via terraform apply without recreating the entire stack from scratch.

Blueprints now hold per-profile configs (Non-prod, Production). PE configures different defaults, locked fields, and required fields per profile using the Profile toggle in the editor. Deploy modal loads the matching profile when the user picks an environment. Drift detection reads the right profile baseline. One blueprint, two configs.

Cloud Accounts now carry an environment tier (Dev / Staging / Prod) with color-coded badges in Settings, the Stack page, and the Deploy modal. Deploying to a Prod-tagged account automatically requires approval through the existing Approvals page — no manual policy needed.

Save your AWS, Azure, or GCP credentials once. Select from a dropdown at deploy time — no more pasting. PE/Owner adds saved accounts in Settings → Cloud Accounts; any deploy-authorized user picks one in the deploy modal. AssumeRole by default (no long-lived keys stored on Archie's side); access keys available on dedicated instances. KMS-encrypted at rest. Devs see only the friendly name + cloud tag — never the actual credentials. "Use custom credentials" stays as the on-demand fallback for one-off deploys.

Bring your existing Terraform modules to Archie unchanged. Paste TF code or fetch from GitHub/Azure DevOps/GitLab, parse variables, add governance (lock fields, mark required, set defaults), and publish. Your team deploys with the same governance, drift detection, and remediation you get on Pulumi blueprints — no conversion, no rewrite.

Deploy an AI agent on AWS Bedrock AgentCore from the blueprint catalog. The agent can list stacks, check drift, view stack details, and browse blueprints — all through natural language. Powered by Claude Sonnet 4. Includes IAM, ECR, CloudWatch, Memory, and Code Interpreter resources. Authenticate the agent with an Archie API key.

New docs/WRITING_BLUEPRINTS.md in the templates repo. Give it to any AI tool (Claude, ChatGPT, Copilot) and it produces templates that pass Archie's validator. Covers class structure, 7 golden rules, config schema, pillar format, and publish checklist.

New 'AI Agents' category in the catalog filter bar. AI agent templates grouped under aws-ai-agents-group with dedicated sort order.

Minimize the deploy or destroy modal while it runs. A floating status bar shows progress — click it to reopen the full modal. On completion, auto-navigates to the stacks page. Work on other things while infrastructure deploys.

Tag related stacks with an App Group (e.g. 'easyfun'). Dashboard and deployments page group VPC + DB + Compute layers together. Group by App is on by default — toggle off for a flat list.

All AWS composed templates (RDS, Aurora, ALB, EKS, EC2, Redis) auto-detect existing VPC. Toggle Brownfield, paste a VPC ID — template skips network creation and looks up subnets dynamically. Azure templates accept existing Resource Group and VNet.

Stack detail header now shows AWS Account ID, Azure Subscription ID, or GCP Project ID — depending on which cloud the stack is deployed to.

All operational modals share the same visual language — status header with icon, progress bar, resource timeline with animated cards, collapsible live logs. Destroy and drift remediation now match the deploy modal.

Resource timeline now properly shows creating/deleting spinners before transitioning to created/deleted checkmarks. Fixed duplicate event parsing that was hiding the transition.

Failed and cancelled deploys now auto-clean all Pulumi state (stack, backups, history) from S3. Same stack name can be reused immediately — no more stale lock files.

Import Terraform from GitHub, Azure DevOps, or GitLab repos. Browse file tree, select a path, pick tfvars for defaults. No git clone — files downloaded via API. Sample repo pills for quick testing.

Deploy into existing infrastructure. Greenfield/Brownfield toggle on every template. Fill in existing Resource Group, VNet, or VPC — Archie deploys app resources inside without touching the network. On destroy, only Archie-created resources are removed.

pulumi convert output wrapped deterministically — no AI rewriting of resource code. AI only generates metadata (title, features, config fields). Zero property corruption. Both pulumi_azure and azure-native SDKs supported.

Factory resolves ANY Pulumi resource type dynamically — no hardcoded map. If the SDK has it, the factory supports it. Works across AWS, Azure, GCP, and Kubernetes.

Rename deployed stacks from the detail drawer. Display name is cosmetic — Pulumi stack name stays untouched for all operations.

Org-level naming pattern in Admin settings. Set a pattern like {org}-{project}-{env}-{type} — Key Vault, SQL Server, Storage Account names auto-fill in the deploy form. PE sets the convention once, every deploy follows it.

Globally unique resource names (Key Vault, SQL Server, ACR, Storage Account, App Service) exposed as config fields across all Azure templates. PE names resources — no more random suffixes.

PE can revert a blueprint to any previous version from the Versions tab. Full state restored: code, config fields, governance, metadata. Published as new version for full audit trail.

Every config value and resource output is automatically exported by the base template class. Stack detail shows full visibility: SKU, runtime, team, environment — everything the PE and dev need.

Forked and imported blueprints use the exact same code path for deploy, upgrade, rollback, and drift. One path, no special cases. Previous config values pre-fill on upgrade.

Locking a field auto-removes required. Requiring a field auto-unlocks it. No more confusing state where a field is both locked AND required.

Edit title, description, features, use cases, cost estimate, deploy time, and tags directly in the UI. No code editing needed to customize blueprint cards.

Terraform import now uses Pulumi's native converter for accurate property mapping, then AI wraps in Archie framework. Sample code pills for all clouds and formats. Azure tenant_id auto-injected from credentials.

Azure templates and heavy workloads (EKS, Aurora) auto-route to ECS Fargate — 8GB memory, no timeout. AWS/GCP stay on Lambda for fast cold starts. Zero config for PE.

Platform Engineers add, remove, and edit deploy form fields without touching code. Add custom fields like team_name with type, default, group, and help text.

Pulumi state locks from Lambda timeout or OOM are automatically cleared before every deploy. No more 'stack is locked' errors on retry.

3-Tier Web App (App Service + SQL + Key Vault + Insights), Container App (ACR + Log Analytics), and Functions Stack (Storage + Insights). Stacks tab in catalog.

App Service (web hosting with managed identity), Key Vault (secrets management with RBAC), and SQL Database (with TDE encryption and firewall rules). Azure template count: 4 → 7.

Drift detection, noise filtering, and compliance checks now work on Kubernetes alongside AWS, Azure, and GCP. 5 K8s compliance rules: no :latest tag, resource limits, no privileged containers, network policies, labels.

Full approval flow for production deploys. Dev submits → PE reviews with full context (blueprint, config, cost, compliance) → approves or rejects with comment → dev clicks Deploy Now with config pre-filled. Dashboard cards show pending/approved status for both roles. Devs can cancel pending requests.

Drift detection works end-to-end on Azure. Detects modified resources (tag changes, rule changes) and deleted resources (subnet removed, NAT gateway deleted). Azure NSG noise filtered out.

Sign in with Microsoft alongside Google. Multi-tenant Azure AD support — enterprise teams can use their existing Microsoft accounts. Same session, same org auto-provisioning.

Export audit logs as JSON or CSV from the admin page. Owner and Platform Engineer role only. For compliance reporting and security reviews.

New 'What's New' page in the sidebar. See all recent features, fixes, and improvements with unseen count badge.

Platform Engineers can now mark fields as 'Required' separately from 'Locked'. Required fields must be filled at deploy time — existing stacks are prompted to fill them on upgrade.

Environment and region are auto-populated from earlier steps — no more duplicate inputs. Target environment pre-selected from template name (-nonprod → Dev, -prod → Prod).

Studio AI now generates Azure, GCP, and Kubernetes templates with cloud-specific imports, resource types, and naming conventions. No more AWS-only output.

Templates published by external users go to their company catalog (not the starter library). Code edits create new versions instead of overwriting the original.

Each deploy gets a unique 4-character suffix to prevent accidental overwrites when deploying the same template twice.

Fixed DynamoDB injection risk, silent error handling, shared utility deduplication, hardcoded regions replaced with env vars, TypeScript types strengthened.

Platform page now groups users by organization with collapsible rows showing member count, plan, and total deploys.

4 new Azure templates: VNet Non-Prod, VNet Prod, Virtual Machine, and Application Gateway. All follow the Archie framework with factory.create() and cfg() helper.

Security architecture documentation available for enterprise evaluations. Covers credential handling, tenant isolation, audit trail, and compliance.

Pre-deploy compliance scanning with 22 rules across AWS (10), Azure (7), and GCP (5). Critical violations block deploys. Owner/PE can override.

Pulumi plugins (AWS, GCP, Azure Native, K8s) pre-installed in Docker image. Eliminates 800MB+ download on cold start for Azure deploys.

Convert Terraform HCL to Archie framework, push to GitHub, create company blueprint with enriched metadata. Full governance lifecycle on imported templates.

Acknowledge drift with reason (category + expiry). Deploy blocked on unresolved drift. Humanized drift values — ingress rules shown as readable text.

Roll back to any previous successful deploy from the History tab. Rollback preview shows resource changes, Slack notification on completion.

Blueprint version upgrades with safe-change detection. Outputs injection prevents resource replacement. Preview matches actual deploy.

Platform Engineers lock fields and set values per environment. Locked values enforced at deploy time — developers cannot change them.

Role-based onboarding: Guest (11 steps), Platform Engineer (9 steps), Developer (5 steps). Help button with tour trigger.

Real-time notifications to #archie-activities for deploy, destroy, drift detected, and drift remediated events.