Per docs/decisions/0001-platform-fallback-deferred.md, instance DNS
automation no longer silently falls back to v3/platform/cloudflare-token.
Tenants without a configured CF token get a clear error at instance
create instead of pretending to work via shared infrastructure.
The platform Vault entry stays seeded for future revival.
Backend: UpdateTenantSettingsReq → pointer fields. Each card saves
only its own keys without clobbering the other card.
Frontend:
- 'Save Domain & DNS' button inside the Domain & DNS card
- 'Save Backups target' button inside the S3 card
- Wildcard host hidden behind 'Advanced — customize wildcard host'
disclosure. Default is shown as read-only display under Domain so
the operator sees what URLs their instances will land at.
- Removed the global Save settings button (each card now self-saves)
Replace event-based 'touched' flag with computed isCustomWildcard.
Empty wildcard or wildcard==derived → 'auto-derived', auto-fills
on domain change. Different from derived → 'custom', sticks.
Fixes the empty-after-delete trap that kept touched=true forever.
- new GET /api/tenants/{id}/dns/records endpoint lists A+CNAME records
in the tenant's CF zone matching the wildcard pattern (read-only)
- TenantSettingsTab.vue: 'Live DNS records' panel with refresh button
- wildcard host auto-derives from domain (visible value, not placeholder)
- placeholder text now generic *.tenants.example.com
Placeholder text (*.tenants.acme-erp.com) was prescriptive and
indistinguishable from the saved value. Now wildcard auto-derives
from the domain field as a real value (visible, savable, editable).
'reset to default' button surfaces when user customises.
Tenant owners had no nav link to their own tenant settings page.
Adds a 'Tenant' workspace link visible to authenticated members
of any tenant. Super-admins still use /admin/tenants list (which
shows all tenants and lets them switch).
Fixes signup race: verify→/me 401 because activate ran async-reload
and lost the race with the very next /me call. Sync reload eliminates
the window. ~50ms slower per write, much cleaner.
0.57.0 had a Go ServeMux ambiguity between /api/servers/{name}/capacity and /api/servers/connect-token/{token}. Moved the new endpoints to /api/connect-tokens/* to break the wildcard collision.
Adds SSH-key + token-installer auth methods to Connect Server (188d). Three-tab drawer; one-time URL primitive shared with Teardown (188e). All previous behavior preserved — password tab is the default.
The original 0.56.0 backend image had a stripped-binary ldflag quirk that left the substrate endpoint reporting tower=dev. b25ffbe switches to TOWER_VERSION env (chart-injected from image tag) — this bump rolls the pod onto the new image so the env-var path takes effect.
Frontend stays at 0.56.0 — nothing changed there.
Lets the substrate endpoint surface the running tag without depending on Go ldflag tricks. Single source of truth: bumping the chart tag automatically bumps what the UI displays.
