estøkad

— changelog

What we've shipped.

Reverse chronological. Customer-facing impact, not the engineering detail. Every milestone listed here corresponds to a tagged release in the source repository — the changelog is the marketing-honest summary, not the canonical record.

  1. May 2026

    Phase 7 — production-grade auth, approvals, residency cron

    The platform reaches feature-complete for an alpha launch. Six headline shipments alongside the polish that closes the production-readiness gap.

    • Members & invites UI in the Studio. Workspace owners can invite teammates by email; the invitee lands directly in the inviting workspace on first sign-in.
    • Developer section at /develop. Pre-filled code snippets across Next.js, Nuxt, SvelteKit, vanilla TypeScript, plus cURL — using your active workspace and first content type.
    • Visual schema builder reaches feature-complete. Create new types, edit metadata, delete, handle migration conflicts inline with a Force-push option.
    • Object Storage backend for assets. Production-grade storage with imgproxy + Bunny CDN compatible URLs.
    • Webhook delivery layer with durable retries. HMAC-signed payloads, exponential backoff (30s → 6h, six attempts), per-delivery audit history, auto-disable past 100 failures, Studio UI.
    • Per-user session-bound API auth. The Studio now passes the Auth.js session JWT as bearer; per-user revocation works without rotating a master key.
    • Approval workflows with the four-eyes rule. Module-gated by advanced_rbac. Editor sidebar surfaces the workflow inline; the publish button gates on an unconsumed approval.
    • Daily residency-proof scheduler. Every workspace gets a signed proof per UTC day without operator intervention.

  2. April 2026

    Phase 6 — polish + launch readiness

    Everything needed to take payments and serve a regulated alpha customer. Auto-deploy, observability, runbook, and the documentation site.

    • Auto-deploy to Scaleway via GitHub Actions on every merge to main.
    • Sentry observability across api, studio, and marketing — EU residency on de.sentry.io.
    • Operator runbook (docs/runbook.md) with a bootstrap script and an incident playbook.
    • Studio theming polish: graphite + cyan dark theme as default, paper light theme as opt-in.
    • Job queue with S3 backend for DORA pack generation, audit validation, usage rollups.
    • Field-level RBAC: schema, engine, /settings/roles UI.
    • Asset pipeline: imgproxy URL builder, Cache-Control + ETag, variant-URL endpoint.
    • Multi-workspace switcher in the Studio sidebar.
    • Documentation site (docs.estokad.com) with 15 pages covering schema, API, visual edit, compliance, auth, CLI.
    • Marketing comparison pages: /vs/contentful, /vs/storyblok, /vs/sanity.

  3. March 2026

    Phase 5 — billing + Stripe + module gating

    Pricing as code, à la carte modules, preset bundles, marketing-driven signup → Stripe → workspace provisioning.

    • Stripe catalog as code in packages/billing.
    • Public pricing page with preset cards + module list + usage meters.
    • Self-serve signup: pick a preset, enter email, pay, workspace provisioned via webhook.
    • Module gates throughout the API: schemas requiring advanced features 412 if the module is inactive.
    • Subscription management UI in /settings/subscription with proration preview.
    • Stripe customer portal link for invoice history + payment method updates.
    • WorkOS integration for SAML/SCIM (activated per-customer when first paid).

  4. February 2026

    Phase 4 — compliance core

    The DORA-defensible surface that turns Estøkad from a CMS into a procurement asset.

    • Append-only audit log with hash chains and daily Merkle roots.
    • Sub-processor register UI in /settings/compliance.
    • DORA evidence pack generator (PDF + JSON) covering ICT risk, third-party register, incident log, BCP results, exit plan.
    • Residency proof endpoint with regional KMS signing.
    • Belgium residency provisioning when a Belgium-paying customer signs up.
    • Exit plan export across schemas + content + assets + audit log.

  5. December 2025 → January 2026

    Phases 1–3 — the platform

    Schema authoring, content APIs, visual edit. The product surface a developer can actually integrate.

    • @estokad/schema with defineType() and defineEmbedded(); 16 field types.
    • CLI (estokad init / push / status) round-tripping schemas to the API.
    • GraphQL endpoint via Pothos; REST endpoints generated from the same IR.
    • @estokad/sdk + @estokad/next with auto-tagging components and draft mode.
    • Multi-space + multi-locale modules with cross-space references.
    • Visual edit overlay (apps/overlay) with postMessage protocol.
    • WebSocket sync between editor and overlay.

  6. November 2025

    Phase 0 — foundation

    Monorepo, CI/CD, single-region Scaleway deploy, auth, base schema migrated.

    • Turborepo + pnpm workspace skeleton.
    • Auth.js v5 with Drizzle adapter; magic links via Resend.
    • Scaleway deployment via Helm; single Frankfurt region.
    • Brand tokens generated from brand.json.
    • Studio shell with the four navigation surfaces (placeholder content).

Cadence target: monthly. Subscribe via the contact form (topic · other, mention "changelog") and we'll mail summaries when substantive shipments land.