What's new in Envpilot

Share individual environment variables with external collaborators via encrypted, time-limited links — without giving them project access.

How it works

• Select any variable and click Share to generate a secure link
• Choose one-time view (burns after reading) or time-limited access
• Add recipient email addresses — they'll receive an OTP-verified link
• Optionally protect with a passphrase for an extra layer of security

What recipients see

• The full KEY=VALUE pair with syntax highlighting
• One-click copy to clipboard

Admin controls

• New Shared page in the project sidebar to manage all shares
• View share status: Active, Viewed, Expired, or Revoked
• See which recipients have viewed and when
• Admins and team leads can revoke access at any time

Security

• AES-256-GCM encryption — decryption key stays in the URL fragment, never sent to the server
• OTP email verification with brute-force protection
• Optional passphrase adds a second encryption layer
• All passphrases and OTPs are hashed before storage — never stored in plain text

Added seed data for 18 planned team features based on FEATURES.md, available as a one-click migration.

• 14 planned features: GitHub CI/CD, VS Code Marketplace, secret rotation, Docker injection, env diff, Slack notifications, and more
• 2 in-progress features: Webhook events, project-level .env templates
• 2 under-review features: GraphQL API, multi-region vault replication
• Idempotent seeding — safe to run multiple times without duplicates

The public wishlist roadmap columns (Planned, In Progress, Completed) now collapse to show the first 4 items by default.

• "Show N more" / "Show less" toggle with column-colored styling
• Smooth expand/collapse transitions
• Prevents the roadmap from becoming overwhelming as features accumulate

Complete rewrite of the admin feature requests page into a professional Kanban board with drag-and-drop, full-screen detail modals, and team feature creation.

Kanban Board

• Six status columns: Submitted → Under Review → Planned → In Progress → Completed → Declined
• Drag-and-drop powered by @dnd-kit — drag cards between columns to update status
• Animated drag overlay with column-matched theming, tilt effect, and target indicator
• Hover-reveal action icons on each card (open detail, delete)

Full-Screen Detail Modal

• Spacious two-column layout: description, "Move to" status buttons, admin notes on the left; metadata sidebar on the right
• State management via Zustand — unsaved admin notes persist across accidental closes
• Dirty-check guard with confirm dialog on backdrop click, Escape, or close button
• "Unsaved changes" indicator next to the Save button

Team Feature Creation

• "Add Feature" panel with title, description, category, status picker, and admin notes
• Zustand-managed form state with discard confirmation for dirty forms
• Features submitted as "Envpilot Team" on the public roadmap

Bulk Operations

• "Clear All" button with destructive confirm dialog to mass-delete all feature requests and votes
• Per-card delete with hover-reveal trash icon

Categorized Migrations UI

• Migrations page grouped into 4 categories: Feature & Tier System, Content Seeding, Destructive, One-Time
• Color-coded category headers with icons, descriptions, and count badges
• Priority ordering within groups, safety badges (safe to re-run / destructive / run once)
• Confirm dialogs for destructive and one-time migrations

CLI (1.3.4 → 1.4.0)

• envpilot pull --format <format> — export variables in 7 formats: .env, JSON, YAML, Docker Compose, AWS Parameter Store, Vercel, Netlify
• envpilot push --format <format> — import variables from any of the 7 formats
• --prefix <prefix> flag for AWS Parameter Store path customization
• Format-aware default filenames (e.g., development.yaml, docker-compose.yml)
• New shared format converter library (apps/cli/src/lib/format-converter.ts)

Web App (1.8.0 → 1.9.0)

• Export drawer — select format and environment, one-click download
• Import drawer — file upload or paste, auto-detect format, preview parsed keys, merge/replace modes
• Member role creates pending approval requests on import instead of direct writes
• Import API route (/api/projects/[id]/import) with auth, validation, and role-based flow
• Export API route extended to support all 7 formats via serialize()
• Buttons always visible; upgrade prompt shown inside drawer when feature is tier-restricted
• bulk_export and bulk_import gated independently

Feature Registry

• Added bulk_export feature (boolean, Variables category)
• Tier overrides: free → disabled, pro → enabled
• Mirrored in convex/admin.ts migration handlers
• Added to ACTION_TO_FEATURE_KEY mapping

Secret Rotation & Expiry (from commit 07dee29)

Web App

• Variable rotation frequency and expiry date fields in create/edit forms
• Rotation status indicators (active, expiring soon, expired)
• Expiring variables hook (useExpiringVariables)
• Dashboard expiry warnings on the main dashboard page
• Settings page updates

Backend (Convex)

• Schema changes: rotation/expiry fields on variables
• Cron job for rotation checks
• Email notifications for expiring/expired variables
• Variable version history enhancements

Admin Panel

• Tiers page revamp with full feature management UI
• Data browser with cell value rendering and row edit drawer
• Reusable UI components: Drawer, KebabMenu, PaginationControls, SearchInput
• Tiers store for state management
• Pagination improvements across messages, organizations, tickets, users pages

Version Bumps

Package	From	To
CLI	1.3.4	1.4.0
Web	1.8.0	1.9.0
Admin	(prev)	bumped
Root	(prev)	bumped

Secret Rotation & Expiry Lifecycle

Environment variables now support automatic rotation tracking. Set a rotation frequency between 30 and 365 days on any secret, and Envpilot will monitor its age, flag it when it's approaching expiration, and send email reminders when it's time to rotate.

• Configurable rotation frequency with preset options (30, 60, 90, 180, 365 days)
• Automated monitoring via hourly background scans that detect expiring and expired secrets
• Email reminders sent automatically when secrets need attention
• Tier-gated access — free plans can enable rotation on up to 7 variables, pro plans get unlimited
• Admin controls — all background jobs respect the global pause toggle for full operator control

Admin Panel v1.3.0 — Production-Ready Data Browser

The admin data browser has been rebuilt from the ground up to handle production-scale datasets.

• Paginated loading — data loads 50 rows at a time with cursor-based pagination instead of dumping everything at once
• Instant search — filter loaded rows by any text field with zero additional backend calls
• Column visibility — toggle columns on and off to focus on what matters
• Sortable columns — click any column header to sort ascending or descending
• Smart data display — booleans render as colored badges, timestamps show as relative time, arrays display as item counts, and IDs are cleanly truncated
• Dual-mode record editor — click any row to open a slide-in panel with two editing modes:
  • Form View for structured editing with typed inputs, toggles, tag editors, and datetime pickers
  • Raw JSON View for direct document access
• Safety guards — all destructive actions require confirmation, unsaved changes trigger a warning before closing

Web App v1.8.0

• Rotation frequency picker added to variable create and edit forms
• Rotation status and expiry dates visible on variable details
• Backend validation for rotation frequency bounds

Bug Fixes

• Fixed runtime errors when browsing certain tables in the admin panel
• Fixed rotation frequency not persisting on variable create and update
• Fixed query filters on optional rotation fields
• Object field editing now surfaces validation errors instead of silently failing

Fully dynamic, database-driven feature registry replacing all hardcoded feature flags. Every gatable feature in the platform is now managed through a central registry.

How It Works

• 18 platform features registered with key, display name, value type, category, and defaults
• Resolver chain: org → createdBy → userTiers → grace period → tierFeatures → defaults
• Backend enforcement: checkBooleanFeature and checkNumericLimit helpers in Convex mutations
• Frontend enforcement: <FeatureGate> component and useFeatureGate hook
• Auto-bypass: All enforcement disabled when Tier Enforcement admin toggle is OFF

Features Gated

• Version history, bulk delete, granular permissions, custom branding
• Keyboard shortcut customization, analytics retention, audit log retention
• SSO, priority support, and all resource limits (projects, variables, members)

Dynamic Pricing Page

• Feature comparison table populated from the database
• Terminal-themed UI matching the landing page

Grace Period Support

• Banner component warns users when their tier is about to expire
• Resolver respects grace periods before downgrading feature access

Fixed sitemap.xml and robots.txt returning 401 errors to search engine crawlers.

The auth middleware was blocking unauthenticated access to these routes. Added both paths to unauthenticatedPaths so Google Search Console and other crawlers can access them.

Vercel BotID bot detection added across 44 API mutation endpoints.

Coverage

• Variables, projects, organizations, billing, templates, vault, and user operations
• Client-side route config aligned with server-side handlers

UI Improvements

• Custom dark-themed checkboxes and radios with green accent
• Custom scrollbars and centered full-page loading states
• Integrations settings updated with Cursor, Antigravity, and Open VSX support

Replaced hardcoded free/pro tiers with a fully dynamic, database-backed tier system.

Dynamic Tier System

• New tierDefinitions table with name, display properties, pricing, and feature limits
• Tier CRUD endpoints: create, update, delete, seed defaults
• Tier enforcement toggle for pre-alpha mode
• All hardcoded tier types replaced with dynamic string-based tier names

Admin Dashboard

• Analytics section with platform-wide metrics
• Tier management: create, edit, and delete tiers
• User controls and platform configuration
• All admin panel components properly typed with Convex types

Improved search engine visibility with proper SEO infrastructure.

• Dynamic sitemap generation for all 8 public pages with appropriate change frequencies
• robots.txt allowing crawling of public pages while blocking protected routes
• Open Graph and Twitter Card meta tags on root layout
• Canonical URLs and Google bot directives with rich snippet support

Projects can now use real framework logos instead of generic icons.

Supported Frameworks

28+ options including Next.js, Flutter, Convex, Rails, Django, Laravel, Astro, Svelte, Vue, Angular, T3 Stack, PostHog, and more.

How It Works

• Framework logos stored as "framework:<type>" prefix — no schema migration needed
• Inline SVGs for select logos, SVGL CDN for the rest
• Logos render without background color for clean visual distinction

Project Creation Redesign

• Template selection auto-sets the framework logo
• Single-page master-detail layout: template selector left, sticky form right
• "Switch to custom icon" option for manual selection

Moved all tier enforcement from client-side to server-side for security.

• Created separate locked-down organizationTiers table
• Stripe webhook mutations converted to internalMutation with a single public gateway
• Replaced client-side NEXT_PUBLIC_ENFORCE_TIER_LIMITS with server-side ENFORCE_TIER_LIMITS
• All API routes and React components now query tier data from the backend
• Data migration to move tier field from organizations table to dedicated table

Comprehensive analytics dashboard with 6 visualization sections.

Charts

• Activity Overview — daily event area chart
• Most Active Projects — event count bar chart
• Variable Changes — stacked bar chart (create/update/delete per project)
• Top Team Members — user activity horizontal bar chart
• Security Insights — security metrics card grid
• Resource Breakdown — resource type donut chart

Access Control

• Analytics restricted to admin and team lead roles
• Members automatically redirected, nav item hidden
• Optimized to single unified query (eliminates duplicate data fetches)

Replaced ad-hoc fetch patterns with structured data fetching via TanStack Query v5.

• Typed API client with centralized error handling
• Query hooks for all endpoints with proper cache invalidation
• Type-safe query key factory for cache management
• Smart retry: 4xx never retries, 5xx/network retries once
• Three-layer Sentry integration: network failures, query errors, breadcrumbs
• Error pages only show when truly no cached data exists

Customizable keyboard shortcuts and bulk variable management.

Keyboard Shortcuts

• 10 built-in shortcuts for navigation, actions, and selection
• Rebindable in Settings > Customization tab
• Bindings sync across devices via Convex database
• Help dialog accessible via Shift+?

Bulk Operations

• Multi-select with checkboxes on variable rows
• Floating action bar for bulk deletion with RBAC enforcement
• Select all / deselect all controls

Other

• Favorite projects with star toggle and sort option
• Enhanced audit log export with date range presets (24h, 7d, 30d, 90d, all time)

Compare environment variables across dev, staging, and production with a GitHub-style diff interface.

• Side-by-side comparison with inline difference highlighting
• Expandable detail panels for each variable
• Global reveal toggle for on-demand batch decryption
• "Compare" button added to project header
• Mobile responsive card-based layout
• Smooth Framer Motion animations for loading, filtering, and expanding

Multi-project workflows for both CLI and VS Code extension, plus a new one-command setup.

CLI — New Commands

• envpilot sync — one command does everything: login, select org/project/env, pull variables, protect files, install commit guard
• init --add — link additional projects (admin/team_lead only)
• envpilot unlink — remove a linked project
• pull --all / pull --project — pull all or specific linked projects
• push --project — push to a specific linked project
• switch --active — switch between linked projects
• list linked — show all linked projects

VS Code Extension

• Multi-project linking for admin and team lead roles
• Project picker UI for ambiguous actions
• Status bar, tree view, and sync flows handle multiple linked projects

Security

• Pre-commit hook blocks all .env* files from being committed (worktree-aware)
• Role-based file protection: chmod 444 for non-admin/team_lead roles
• Default output changed to .env.local for consistency

Version checking is now active across all client surfaces.

• Web dashboard: Terminal-themed notification banner, polls every 5 minutes
• CLI: Update notice after commands (throttled to once per hour)
• VS Code extension: Info notification on activation (throttled daily)

All checks are non-blocking and fail silently on network errors.

Centralized error tracking across all three client surfaces via Sentry.

Coverage

• Web app: Browser, server, and edge initialization with error boundary integration
• CLI: Async error handling with Sentry flush before process exit
• VS Code extension: Command wrapping with error capture and sourcemap generation
• API routes: All errors captured via handleApiError()

Privacy

• beforeSend hooks scrub secrets, tokens, authorization headers, and file paths
• Free tier optimization: sampling and session replay disabled
• Expected errors (auth redirects, validation) filtered from reporting

Eliminated 502 Bad Gateway errors when switching between organizations.

Root Cause

Race condition between cookie update, React state, and server-side Convex queries caused doubled requests during org transitions.

Fix

• Removed redundant router.refresh() from org switcher
• Added 100ms delay before navigation for auth state propagation
• Auto-retry (up to 2 attempts) in error boundaries for transient failures
• Graceful error handling in dashboard layout for Convex query failures

Complete lifecycle management for projects and organizations.

Organization Operations

• Ownership transfer — preserves all data (projects, variables, members, settings)
• Organization deletion — full cascading cleanup of all related data
• Branded email notifications for ownership transfers and membership changes

Project Operations

• Project deletion with cascading cleanup (variables, versions, permissions, tokens)
• Project move between organizations with data preservation
• Variable export in .env and .json formats, filtered by environment

Navigation Redesign

• Collapsible sidebar with smooth transitions
• Context-aware navigation: org-level vs project-level items
• Org admins shown in project members list with "implicit access" badge

Global Search (Cmd+K)

• Vercel-style command palette for searching variables across all organizations
• Full RBAC enforcement — users only see variables they have access to
• Environment filter chips, keyboard navigation, debounced search

Account Settings

• Profile save, session management with bulk revocation
• Notification preferences with 4 toggle categories
• Connected account info card

Introduced the tier limits enforcement system with a usage dashboard.

Tier Limits

• Free tier: 3 projects, 50 variables, 3 team members
• Pro tier: Unlimited (coming soon)
• Server-side enforcement in Convex mutations with clear error messages
• Client-side UI gates with upgrade prompts
• Feature flag to disable enforcement during pre-alpha (ENFORCE_TIER_LIMITS)

Usage & Plan Dashboard

• Resource meters showing current usage vs limits
• Per-project variable breakdown
• Feature availability matrix per tier
• Zustand store with WebSocket-synced caching to reduce database pressure

CLI & Extension

• New envpilot usage command showing tier status and resource consumption
• Usage endpoints for both CLI and VS Code extension

VS Code Extension Sign-In Fix

• Fixed critical bug where empty server URL config produced file:/// URLs instead of HTTP
• Clipboard-first URL opening — always copies the auth URL before attempting to open browser

Comprehensive UX polish across the dashboard.

Pagination & Animations

• Client-side pagination (10 per page) with smooth staggered entrance animations
• Applied across 7 dashboard list views: projects, variables, orgs, audit logs, members, and more
• Terminal-styled pagination controls with page indicators

Variable Operations

• Eye button reveals encrypted values via Vault API (decrypt on demand)
• Copy button for revealed values
• Edit variable modal converted to drawer style for consistency
• Delete confirmation dialogs

Audit Logs (Now Live)

• Connected to real Convex backend with server-side pagination
• Summary stats: total events, security events, sensitive access count
• Filter by category and date range
• CSV export of current view, JSON export of full date range
• Animated rows with severity color coding

New session management dashboard and security hardening across all clients.

Session Management

• Expandable sessions panel showing active CLI and extension sessions per team member
• Selective revocation of individual tokens with real-time cleanup
• Email notifications sent to affected users on revocation

Security Fixes

• Critical: CLI tokens are now properly revoked when a member is removed from the organization
• Copy/paste blocking for protected .env files (non-writable roles)
• Synced secrets automatically deleted when the VS Code extension deactivates

Backend

• New Convex mutations for session queries and revocation with full audit logging
• Real-time permission revocation events via WebSocket subscriptions

Fixed a critical bug where projects created in one organization would silently land in a different organization.

Root Cause

React state wasn't updating when the active organization cookie changed, causing a stale org context during project creation.

Fix

• Event-driven auth state sync via custom DOM events on cookie change
• Org context refresh on navigation and project creation
• Active org name indicator added to project form for visual confirmation
• organizationId now explicitly passed through all API calls across web, CLI, and extension

Three major UX improvements to the web dashboard.

Lucide SVG Project Icons

• Replaced emoji-based project icons with Lucide React SVGs
• Consistent rendering across all platforms and browsers
• Legacy emoji mapping preserved for backward compatibility

Slug-Based Organization URLs

• URLs now use human-readable slugs instead of database IDs
• Example: /organizations/my-org instead of /organizations/kd72yqb94a0f...
• Server-side slug resolution — internal systems still use Convex IDs

Variable Creation Drawer

• Vercel-style slide-out drawer replaces the centered modal
• Single-variable entry and bulk .env paste modes
• Real-time parsing, preview, and per-entry error handling
• Cmd/Ctrl+K keyboard shortcut to open

Completed project-level RBAC propagation to CLI, VS Code extension, and web dashboard.

Server-Side Enforcement

• All variable write endpoints enforce project-level roles
• Hard blocks for viewers, request workflows for developers
• Project managers can approve variable requests for their projects

Client Updates

• CLI commands display project roles alongside org roles
• VS Code extension shows roles in tree view headers
• Dashboard sidebar shows pending requests badge for admins and team leads
• CLI default API URL set to production (envpilot.dev)

Extended access control from organization-level to project-level with three tiers.

Project Roles

• Viewer — Read-only access to assigned projects
• Developer — Can submit variable change requests
• Manager — Full project control, can approve variable requests

Changes

• Members now see only projects they're explicitly assigned to
• Admins can restrict whether team leads can create projects
• Projects and roles can be assigned during team member invitation
• Email delivery now shows visible error feedback instead of failing silently

Added role-based access control awareness to the CLI, completing the backend enforcement already in place.

Role Awareness

• CLI displays user's role per organization
• Pre-push warnings for members with confirmation prompt
• Enhanced feedback for pending requests
• Member-specific notices on pull/list operations

Safety Checks

• Blocks push/pull if .env files are tracked by git
• Auto-suggests git rm --cached commands
• Warning on init if .env files are already tracked

Release Infrastructure

• Standalone binary builds for 5 platforms (macOS arm64/x64, Linux x64/arm64, Windows x64)
• Curl install script with automatic platform detection

Replaced hardcoded localhost URLs in the VS Code extension with build-time environment injection.

• ENVPILOT_SERVER_URL environment variable injected at build time via esbuild
• Falls back to http://localhost:3000 for local development
• Users can override via VS Code setting envpilot.serverUrl
• Enables publishing to the VS Code Marketplace without localhost dependencies

Extended the terminal-dark theme across all public-facing pages.

Pages Updated

• Changelog — Terminal-style filter buttons with timeline display
• Wishlist — Feature request cards with upvote functionality and Kanban roadmap view
• Privacy Policy — Sticky sidebar TOC with active section highlighting, covers GDPR, CCPA, and Asia-Pacific regulations
• Terms of Service — Same interactive sidebar navigation
• Consistent green accents, monospace fonts, and command-style labels throughout

Automated Convex backend deployments to production.

• GitHub Actions workflow automatically deploys Convex functions when convex/ files change on main
• Environment variables declared in turbo.json to resolve Vercel build warnings
• Uses CONVEX_DEPLOY_KEY secret for secure automated deployments

Major VS Code extension upgrade with three new features.

Webview Dashboard Panel

• Terminal-inspired dark UI matching the web app
• Project stats: linked projects, directories, variable counts
• Directory cards with sync status and quick action buttons

Dual-Layer Env Commit Guard

• Layer 1: Auto-unstages .env files via Git Extension API
• Layer 2: Pre-commit hook prevents .env commits from outside VS Code
• Both layers are idempotent and respect existing hooks

Enhanced Tree View

• CodeLens annotations above .env files showing sync status and variable counts
• Directory icons color-coded by sync staleness (green < 1hr, amber > 1hr, gray never)
• Structured logging with timestamps via shared output channel

Launched the production landing page with a terminal-inspired dark theme.

Design

• 10 different landing page variants explored — terminal theme selected as the final design
• Real CLI commands integrated with accurate flags and descriptions
• Comprehensive documentation page covering CLI, VS Code Extension, Web Dashboard, Security, and RBAC
• Pricing section with free alpha tier and upcoming pro tier
• All icons standardized to Lucide React for professional consistency

Replaced HTTP polling in the VS Code extension with persistent WebSocket subscriptions — reducing API costs from ~744 calls/hour/user to near-zero.

Performance

• Revocation detection and variable metadata monitoring now use reactive Convex WebSockets
• Fixed N+1 queries in audit logs, permissions, project access, and invitations
• Added database indexes for audit log filtering and scheduled cleanup

Security Hardening

• User search scoped to organization level (prevents cross-org enumeration)
• CLI session codes strengthened: 12 characters, 5-minute expiry
• Rate limiting with token bucket and fixed window strategies
• Cron jobs for automatic cleanup of expired tokens and sessions

Complete rebrand across the entire platform — 60+ files updated.

What Changed

• Package names: @env-connect/* → @envpilot/*
• CLI binary: env-connect → envpilot
• Config directory: .envconnect → .envpilot
• Domain: envconnect.app → envpilot.dev
• All user-facing text, metadata, cookie names, and email templates updated
• VS Code extension: ~80 command IDs and configuration sections renamed

Restructured the entire codebase from a flat directory layout into a unified monorepo.

Architecture

• Web app, CLI, and VS Code extension moved into apps/
• Shared configuration packages (TypeScript, ESLint, Prettier) in packages/
• Convex backend remains at root (required by Convex CLI)

Tooling Changes

• Package manager: npm → Bun (faster installs, native workspace support)
• Build orchestration: Turborepo with task pipelines for build, dev, lint, typecheck
• ESLint: Migrated to ESLint v9 flat config with shared presets
• CLI: Upgraded from Zod v3 to Zod v4

Import System

• All 111 relative Convex imports replaced with @convex/* path alias
• Single .env.local at monorepo root with symlink to apps/web/

Comprehensive hardening pass across the entire platform for organization-scoped security.

Member Variable Request Workflow

• Members can no longer directly modify variables — they submit requests instead
• Full request lifecycle: pending → approved / rejected / cancelled
• Complete audit trail for every request state change

Access Control

• Enforced member read-only behavior with request-based write access
• CLI and extension tokens are now automatically revoked when a membership is removed
• Org-scoped routing hardened across all dashboard and API flows

VS Code Extension — Read-Only Enforcement

• After syncing .env.local, member files are set to read-only (chmod 444)
• File watchers detect edits, show a warning notification, and automatically revert changes
• New "Request Variable" command lets members submit access requests from the editor
• Pending requests visible in the Variables tree view

Envpilot is live with its foundational architecture — a secure environment variable management platform with three client surfaces.

Web Dashboard

• Organization and project management with full CRUD operations
• Environment variable management with development, staging, and production scoping
• Team member invitation and management system
• Real-time data via Convex database with reactive queries

CLI Tool

• envpilot login — authenticate via browser-based OAuth
• envpilot init — initialize and link a project directory
• envpilot pull — download environment variables to .env file
• envpilot push — upload local environment variables to the platform
• envpilot list — view all variables for the current project
• envpilot switch — switch between environments (dev/staging/prod)
• envpilot logout — end the current session

VS Code Extension

• Authenticate directly from the editor
• Link projects and sync .env files
• View variables in the sidebar tree view

Security

• All secrets encrypted via WorkOS Vault (AES-256) — Convex only stores vault reference IDs, never plaintext
• Authentication via WorkOS AuthKit (email + Google OAuth)
• Three-tier RBAC: Admin, Team Lead, Member