Skip to main content
Version: v0.0.49

v0.0.39 — Honeyframe Cloud Phase 2/3, dashboards-as-product, three-tier lock

Released: 2026-05-04

40 commits across three themes:

  1. Three-tier product model locked. Honeyframe is one product across Cloud / Enterprise / Self-Hosted. The previous "service tiers" page is superseded by Deployment Tiers.
  2. Honeyframe Cloud — Phase 2 + 2.5 + 3. New hub-control-plane peer service plus a Launchpad UI scaffold turn <slug>.app.honeyframe.io into a real signup-to-running flow.
  3. Dashboards iteration. Looker-style parameters, full revision history, AI-suggested parameters, AI-from-screenshot, scheduled snapshots, end-to-end toolbar filters, multi-card selection, card templates library, first-class section divider.

Features

Honeyframe Cloud (control plane)

  • hub-control-plane FastAPI service on port 8004, own control_plane.* schema, shares the PaaS JWT secret + Postgres. Surface: signup/login, create/list/retry/suspend/resume/delete spaces, paginated event feed, admin fleet view.
  • Launchpad UI scaffold at controlplane/frontend/ (React 19 + Vite 6 + Tailwind v4). Login, Spaces list with 5s polling, Create Space wizard, Space Detail with 2s event polling and retry-on-failed.
  • Two provisioner paths:
    • Cloud tier — shared multi-tenant on the existing PaaS install. ~30s end-to-end via SQL inserts (org → users → subscription → projects → nginx vhost → reload). No new VM, no SSH.
    • Enterprise tier — per-VM via asyncssh. SFTP-uploads install.conf, runs setup-customer.sh --json-events, streams events live, 4-hour wall-clock cap.
  • Tenant-branded login on <slug>.app.honeyframe.io — the platform login page reads the hostname and overlays per-org logo + primary color.
  • Admin fleet page/api/v1/admin/spaces with filter-by-status; one-off audited remote exec per space.

Dashboards

  • Looker-style {{name}} parameters. Define once at the dashboard, bind from the toolbar (or request body). Named-bind substitution under the hood — type-coerced, escape-safe across every supported DB driver. Empty toolbar input falls through to the configured default.
  • AI-suggested parameters from card SQL. One click extracts hardcoded literals (WHERE col = 'literal', LIMIT N, BETWEEN) into {{params}} across every card. Skips primary-key comparisons and projection literals.
  • Version history. Full revision drawer with one-click restore and a diff view. Storage: honeyframe.dashboard_revisions (one JSONB snapshot per revision). Editor autosave is rate-limited to one revision per 30s; manual snapshot is forced.
  • Scheduled snapshots. New scenario step type snapshot_dashboards (see Scheduler) — wires nightly cron to checkpoint every dashboard in a project, with a skip_hours window so re-runs don't churn.
  • AI dashboard from screenshot. Paste or upload a Figma/PowerPoint mockup; the LLM (forced to vision-capable openai:gpt-4o) mirrors the visual layout while staying schema-grounded.
  • Drilldown polish — source card gets a purple-violet ring while drill is active; Esc clears; toolbar pill shows Drilled: col = value from <card title>.
  • Multi-card selection in edit mode — shift-click toggles, plain click replaces, teal ring on selected; floating bulk Hide / Show / Delete bar.
  • Card templates library — org-scoped reusable card configs (new honeyframe.dashboard_card_templates table). GET/POST /api/dashboards/card-templates, POST /card-templates/{id}/insert.
  • Toolbar filters end-to-end. Debounced (300 ms) auto-rerun on any filter change; total-count active-filter pill; single-click Clear all; per-card filter-applied badge that mirrors the backend's word-boundary check.
  • First-class section_divider card. Replaces the text-card-as-divider workaround. Card config { label, level: h1|h2|h3 }, no SQL, no chrome.
  • KPI conditional formatting upgrade. Semantic thresholds (warn_below, danger_below, target) plus kpi_direction (higher_is_better | lower_is_better) so error-rate cards go green when low. Target renders as a target N line under the value.

Installer

  • --json-events mode. Newline-delimited JSON {ts, step, status, message} to stdout; stderr stays human-readable. Used by the control plane to ingest provisioning state. --yes is implied.
  • Idempotent re-runs. Three resume-safety bugs fixed in setup-customer.sh:
    • Step 5 admin upsert no longer resets the password (ON CONFLICT DO NOTHING) — protects rotated bootstrap admins.
    • Step 6 no longer rewrites .env files if they exist — preserves operator's post-install secret edits. Override: FORCE_ENV_REWRITE=true.
    • Step 9 install_service switched from systemctl start to restart — running units now pick up new templates / binaries on re-run.

Static assets

  • GeoJSON moved to /data/honeyframe/_assets/ with an nginx alias — fixes geo-card fetch on deployed servers.

Fixes

  • Silenced chart ResponsiveContainer width(-1)/height(-1) warnings on first paint.
  • Text cards: chrome stripped in view mode, canonical content storage at the API boundary, fallback to card_config when sql is empty, value-aware AI prompt.
  • KB search-results region got a stable data-testid.
  • Cloud provisioner: license_tier='starter' (the constraint allows starter|professional|enterprise, not 'cloud').
  • Tenant URLs skip the marketing landing page and go straight to login.
  • Controlplane admins can now open any space (was 404).
  • Schema loader: value-sampling default limit bumped 10 → 30.
  • @types/react-dom pinned to ^19.2.3 (^19.2.4 was never published).

Build / CI

  • GitHub Actions release workflow disabled — CircleCI is now the sole builder.
  • CircleCI verify-step false-negative fixedset -o pipefail had grep -q exiting 141 on success; the check now handles the SIGPIPE exit.

Infrastructure / nginx

The repo's nginx configs now own port 443. HTTPS server blocks for platform.example.com, *.app.honeyframe.io, and controlplane.honeyframe.io are version-controlled; certbot --nginx no longer mutates them. Renewals run via --webroot. Reduces "the cert worked but nginx is serving the old vhost" failure modes.

Upgrade notes

  • Schema migrations — two new tables in honeyframe.*:
    • dashboard_revisions (autosave + manual snapshots)
    • dashboard_card_templates (org-scoped reusable card configs)
  • New schemacontrol_plane.* (only on installs that run the new hub-control-plane.service):
    • users, spaces, provisioning_events, audit_log, licenses
  • Self-Hosted upgrade is unchanged. setup-customer.sh is idempotent now, so re-running on a half-finished install resumes cleanly. The one observable behavior change: re-runs no longer rewrite paas/.env. Force the old behavior with FORCE_ENV_REWRITE=true.
  • Cloud / Enterprise tiers are not yet open to existing customers in v0.0.39. The control plane is shippable but Phase 4 (billing, suspension actions, automated wildcard cert renewal) lands in v0.0.40+. Today's signups are invite-driven.

Known issues

  • AI from screenshot is gpt-4o-only — Ollama-only installs see the upload button but fall back to text-only. Add OPENAI_API_KEY to enable it.
  • Wildcard cert for *.app.honeyframe.io is HTTP-01 per-slug today; DNS-01 wildcard is deferred. Tenant fleet > ~50 will hit Let's Encrypt rate limits.
  • Card templates library does not yet enforce a per-org cap.
  • Dashboard-revisions retention is unlimited today. A "keep last N + last M days" GC job lands in v0.0.40.