🚀 New Features

• Filter noisy dev logs instantly — The Stacktape dev UI now supports inline log search, so you can narrow output by workload, message text, quoted phrases, exclusions, or log level without leaving the terminal
• Faster multi-service rebuild flow — In dev mode, rebuilding is quicker when several workloads are running: you can rebuild the selected workload, pick a target from the UI, or trigger all rebuilds at once
• GitHub Deployments integration — Console-triggered and Git-driven deployments now report through GitHub Deployments, giving clearer environment-level status updates instead of generic commit checks
• Proactive API key expiry protection — New API keys now get a default expiration window, users receive warning emails before keys expire, and org admins can revoke a member’s active org API keys when access should end

✨ Improvements

• More adaptable terminal layout — The Stacktape dev UI is now organized around reusable route/context modules, which makes the interface more consistent and unlocks richer controls like fullscreen sidebar views
• Smoother dev UI interactions — Terminal rendering is more responsive, making live logs and status updates feel less jerky during active work
• Safer member offboarding — Removing a member or leaving an organization now revokes active org API keys so old credentials do not quietly remain usable

🔨 Bugfixes

• Runner-based deletes no longer depend on repo checkout — Remote delete flows now work even when source checkout is unnecessary, avoiding failures in EC2-runner cleanup paths
• Better GitHub repo URL handling — SSH-style repository URLs are now recognized correctly, which helps deployment reporting work reliably across more repository setups
• Correct deploy log links in GitHub messages — GitHub comments and status links now land on the right stage-specific console pages

Docs • Slack • X

🚀 New Features

• Dev TUI log filtering and workflow controls — Added log filtering and faster workflow controls to the dev mode terminal UI

Docs • Slack • X

🔨 Bugfixes

• Stack output idempotency — Stacktape-managed CloudFormation outputs (deploymentVersion, stackInfoMap) now use overwriteExisting mode, preventing "output already exists with different value" errors when prepareForDeploy runs more than once in the same session (e.g. during rollback flows)

Docs • Slack • X

🚀 New Features

• CDN canonical URL params — Added cdnCanonicalDomain and cdnCanonicalUrl as referenceable params on all CDN-enabled resources (load balancers, buckets, functions, HTTP API gateways), making it easy to reference the canonical CDN URL in config directives

🔨 Bugfixes

• Nested directive resolution — Replaced string-based directive substitution with a tree-walking node replacement algorithm that properly handles chained/nested directives (e.g. $ResourceParam() resolving to a value containing $Secret()). Removes the previous double-resolve workaround
• Stack trace cleanup — Internal Stacktape source frames are now filtered from user-facing error output
• npm binary entrypoint — Deduplicated spawnSync logic with consistent error/signal handling
• Path resolution — Fixed file path resolution issues in compiled binaries

✨ Improvements

• Build system consolidation — Centralized the OpenTUI/Solid build plugin into a single reusable module, replaced dynamic tsconfig generation with a static tsconfig.build.json, and simplified binary compilation to use Bun.build directly with a dedicated compiled-entry.ts entrypoint
• TypeScript config loading — Removed the runtime Bun.build bundling pipeline; Bun's native TS support with autoloadTsconfig now handles configs directly

🖥️ Console UI

• Monitoring form improvements — Alarm, budget, and notification creation modals now have better icons, default values, placeholder text, and validation (e.g. breachedPeriods <= evaluationPeriods, budget percentage validation, includeInHistory toggle)
• Human-readable summary pills — MultiValueSummary now shows "All projects" / "All stages" labels instead of raw * values across alarm, budget, and notification listing pages
• Navigation reorganization — AWS Accounts and Domains moved under the Configuration section for clearer grouping
• Role access hints — Member invite/update forms now show "This role has access to all projects" for OWNER and ADMIN roles
• Alert channel form polish — Access Token and Secret fields are now password-masked; webhook URL fields have descriptive hints

Docs • Slack • X

🔨 Bugfixes

• TypeScript config loading — Removed the runtime Bun.build bundling pipeline for TS configs in compiled binaries. Bun's native TypeScript support now handles configs directly, with autoloadTsconfig enabled at compile time so path aliases resolve correctly
• Stack trace cleanup — Internal Stacktape source frames (from src/, shared/, scripts/) that don't exist on disk are now filtered out of user-facing error stack traces
• npm binary entrypoint — Deduplicated spawnSync logic into an executeBinary helper with consistent error and signal handling for both global-binary and downloaded-binary code paths

Docs • Slack • X

🚀 New Features

• Native tunnel client — Replaced the external bore binary with a pure Node.js implementation of the bore wire protocol. Eliminates platform-specific binary distribution, reduces package size, and improves reliability of dev mode tunneling
• TypeScript config from compiled binaries — Stacktape configs written in TypeScript now work when running from compiled binaries (not just raw Bun). Configs are bundled to CJS via Bun.build with mtime-based caching

🔨 Bugfixes

• Alarm permission limits — Consolidated per-alarm Lambda permissions into a single shared wildcard permission, preventing CloudFormation resource limit errors in stacks with many alarms
• Hook failure visibility — Deployments with failed after:deploy hooks now correctly show as failed in the TUI with a count of hook failures, instead of falsely showing success
• Zod codegen — Fixed z.record(z.never()) being emitted for empty additionalProperties schemas (now correctly emits z.any())

✨ Improvements

• Script-run TUI feedback — The script:run command now shows a completion message in the TUI with the script name
• Event output lines — Deploy TUI event rows can now display output lines beneath them for richer feedback
• Phase list visibility — The TUI phase sidebar can now be conditionally hidden for simpler command views

🖥️ Console UI

• Alerting schema bootstrap — New idempotent DDL script creates BudgetAlert, AlertEvent, and AlertDelivery tables directly, wired into afterDeploy hooks alongside the existing alert channel migration

Docs • Slack • X

🚀 New Features

• Version-based rollback — rollback now deploys a previous version's CloudFormation template reusing existing artifacts (no rebuild), supporting --targetVersion, --rollbackSteps, and --listVersions. The old CloudFormation-native rollback is preserved as cf:rollback
• Centralized alert system — Notifications rearchitected from client-side dispatch to server-side event routing. Alarm Lambda and CLI both report structured events to the console API, which handles routing to all channels with delivery tracking
• Discord and Webhook alarm channels — Alarms now support Discord (embeds) and generic Webhook (with HMAC-SHA256 signing) in addition to Slack, MS Teams, and email
• Budget alerts (server-side) — Budget monitoring moved from in-stack CloudFormation resources to the console. Set monthly thresholds (per-stack or per-org) with percentage-based triggers routed through alert channels. The budgetControl config option is removed
• Alarm history and resolved events — Alarms now track both ALARM_TRIGGERED and ALARM_RESOLVED transitions. includeInHistory controls whether alarms appear in the alert history
• Preview changes rewrite — preview-changes now groups CloudFormation changes under their parent Stacktape resource, strips deployment noise, includes property values, and highlights replacements
• RBAC permission guards — CLI enforces role-based permissions before deploy/delete operations, with project-scoped access checks. info:whoami and org:list display human-readable role labels and permission summaries
• Structured CLI output & MCP automation — Added JSONL output mode and MCP client with search_docs tool for AI agent workflows
• Aurora Serverless v2 readers — Added reader instance support and reader-aware SQL debugging
• SSR web CDN cache overrides — Added controls for overriding CDN cache behavior on SSR web resources
• Source maps for helper lambdas — Enabled source maps in helper Lambda builds for better error diagnostics

🔨 Bugfixes

• CloudFront distribution overrides — Cache behavior and root object overrides now apply to all CloudFront distributions, not just the first one
• Dev mode reliability — Rewrote dev proxy to raw TCP for WebSocket support, added global port reservation to prevent conflicts, hardened startup/shutdown lifecycle and terminal restoration, fixed AGENT_READY parsing from JSONL-wrapped stdout
• Bundler fixes — Fixed tsconfig resolution to use project cwd instead of process.cwd(), only externalize @aws-sdk/client-* in CJS Lambda bundles, preserve identifiers correctly
• Parallel packaging — Switched to Promise.allSettled with first-rejection pattern to surface packaging errors instead of silently failing
• TUI output — Batched console writes to prevent interleaving, increased JSONL result data limit to 512KB, suppressed plain summary in JSONL mode to avoid duplicate output
• S3 lifecycle — Fixed expiration lifecycle rules using wrong property (NoncurrentVersionExpirationInDays vs ExpirationInDays)
• Post-deploy hooks — Tolerate post-deploy hook failures without aborting the deploy flow
• Zod codegen — Fixed z.record(z.never()) being emitted for empty additionalProperties (now correctly emits z.any())
• TUI log normalization — Handle OSC, DCS escape sequences and carriage-return line overwrites in dev TUI logs

✨ Improvements

• TUI migrated to SolidJS — Deploy and dev terminal UIs migrated from React to SolidJS via @opentui/solid for better reactivity and smaller footprint
• S3 versioning for directoryUpload — Buckets with directoryUpload automatically enable S3 versioning (for rollback support) with a 30-day non-current version lifecycle
• CLI telemetry — Migrated from Mixpanel to PostHog

🖥️ Console UI

• Granular RBAC — New DEVELOPER and VIEWER roles with a permission matrix across ~35 actions. Users can be scoped to specific projects. All API routes enforce permissions; UI elements conditionally hidden/disabled based on role
• Alert system overhaul — Replaces Integration model with AlertChannel supporting Slack, MS Teams, Discord, Email, and Webhook. Source-specific dispatchers (notification/alarm/budget) with delivery channel snapshots and status tracking (SENT/FAILED/PARTIAL/PENDING)
• Budget alerts — New page for creating budget alerts with monthly thresholds, percentage-based triggers, required AWS account selection, and per-stack or per-org scoping
• Per-source alert history — Dedicated history pages for notifications, alarms, and budgets with shared AlertChannelSummary and delivery status components
• Notifications overhaul — 18 granular event types (deploy, delete, rollback, git, scripts, secrets) replace old coarse-grained types; event types now required; enabled toggle added
• API key management — Keys support optional expiration dates and soft-revocation instead of hard delete. Status badges show Active/Expired/Revoked
• One-click rollback — Rollback button in the stage activity table triggers version-based rollback with confirmation modal
• Metrics dashboard — Time range toolbar with presets (1h–30d), loading/error states per chart, stats overlay (avg/max/min), chart type toggle (area/line), CloudFront metrics enabled
• Config editor — New resource cards view for visual resource management, guided "Add Web Service" modal wizard
• Domains page — Redesigned with improved add-domain wizard and detail modals
• Member management — Redesigned invite/update forms with role picker, color-coded badges, and project-scope selector for DEVELOPER/VIEWER roles
• Monitoring navigation — Restructured nav with Channels as top-level item and Config/History sub-routes for notifications, alarms, and budgets
• EC2 runner fix — GitOps webhook handlers now await runner completion in Lambda contexts to prevent mid-flight kills

Docs • Slack • X

🔨 Bugfixes

• NPM binary install integrity — Fixed a race/corruption scenario where Stacktape could run with a partially extracted bin directory and fail with missing helper-lambda ZIP files
• Helper lambda availability checks — Launcher now validates required helper-lambda artifacts before reusing cached binaries
• Global binary safety check — Global binary shortcut now verifies helper-lambda artifacts before execution, preventing invalid cache reuse

✨ Improvements

• Race-safe installation — Added installation lock handling to avoid concurrent extraction conflicts on first run
• Self-healing cache behavior — Added install marker validation and automatic cleanup/reinstall for incomplete cache states
• Resilient bootstrap flow — Added retry path for failed/partial installs to improve reliability across CI and local environments

Docs • Slack • X

Version: 3.5.7

✨ Minor changes

• Allow having multiple config files in the same repository. The precedence is: stacktape.ts > stacktape.yml > stacktape.json.

Docs • Slack • X