yourspace
pricingdocslog inhome
blog

yourspace 1.0.2 — scoped tokens, second instance, and the rest of the polish

Nine weeks after v1.0.1 stopped being projected and started being the shipped reality, v1.0.2 closes a set of gaps that were either load-bearing on growth or noticeable enough that customers had asked twice.

What shipped

1. Scoped tokens + per-user identity

The single-operator-key shape that carried v1.0 retires this release. Per-user identity (DE-0003 Phase 1) lets a token be narrowed to specific sites and specific verbs — deploy on my-blog only, read on every site, mint-token revoked entirely from agent-issued tokens. The dashboard mints, scopes, revokes; the CLI's yourspace login flow drops into the same substrate.

Multi-tenant preview opens behind it on invite. The first cohort is a few dozen accounts; a wider preview follows after we've confirmed the abuse-prevention posture holds at small numbers.

2. Second instance online

Bundle distribution + cert coordination ran on a real look-then-promote sequence between the original region and the new one. The operator playbook for adding instance three is in the docs; the substrate is genuinely two-region-ready, not single-region-with-a-failover-stub.

The "single-node service" framing retires this week. The home page keeps the small shape it's always had, but the language behind the home page is a network now.

3. Idempotent deploys

Re-uploading the same bundle produces the same version; a mid-flight retry stops minting duplicates. Pairs with the second-instance work — the substrate the multi-region story sits on. You can't run a deploy through two regions credibly without this; we held the multi-region launch until it landed.

4. Edge functions — private preview

The edge: route field has been reserved in the schema since v1.0. This release fills it: small functions at the node level for auth checks, redirects, and header transforms.

// edge/auth-gate.ts
export default async function handler(req, ctx) {
  const cookie = req.headers.get("cookie") ?? "";
  if (!cookie.includes("session=")) {
    return ctx.redirect("/login");
  }
  return ctx.next();
}

# yourspace.yml
routes:
  - path: /admin/*
    edge: auth-gate
  - path: /*
    target: edge-nearest

CPU budget is single-digit milliseconds; outbound fetches stay out of scope for the first wave, alongside KV, queues, and durable storage. Those are the v1.2 wave.

5. MCP server

mcp.yo.urspace.net opens to preview alongside this release. Five tools (yourspace_deploy, yourspace_list_sites, yourspace_get_site, yourspace_delete_site, yourspace_create_token) over the same REST endpoints; Streamable HTTP transport; bearer-token auth via the scoped-token model the CLI already uses.

The tool surface stays narrow on purpose — five tools is selection-reliable; twenty would not be.

6. Brotli + per-content-type negotiation

Brotli rotation lands alongside gzip and zstd; the picker negotiates per content type at the edge. HTML and JSON lean on brotli for smaller payloads on the first paint; pre-built immutable assets keep zstd where its cost-to-ratio wins.

Measured on the docs site, median HTML payload dropped 14%. Median TTFB didn't move. The shape of win we wanted: smaller bytes, same latency.

7. Language server for yourspace.yml

yourspace lsp ships alongside the v1.0.2 CLI. VS Code and Neovim integrations cover completion, jump-to-definition, and rename-safe edits. Hover over a target: to see the resolved mode; jump from a redirects.from to its declared to and back.

8. Public /status Phase 2

The public status page picks up a markdown-driven incident log alongside the live tiles. Operators write a markdown file when something happens; the page renders it with an RFC-3339 timestamp and severity tag. No probe fleet yet — that fires when customers ask about historical regional health; for v1.0.2, the existing in-memory aggregator carries the live shape.

A grant-application surface ships in the same release. The first cohort opens once the multi-tenant preview steadies; OSS maintainers and students can apply from the dashboard.

What didn't make it

Honesty about the unshipped is part of the v1.0.2 contract:

  • Route-scoped KV. Holds for v1.2 — needed edge functions to land first.
  • Checkpoints + rollback. Substrate work too large for the v1.0.2 horizon.
  • DNSSEC for delegated zones. Needs in-house authoritative DNS first; carries past v1.0.2.
  • Probe fleet. Stays gated on customer ask.
  • Team accounts + billing tiers. Per-user identity is the unblock; the billing UX lands at v1.1.

Try it

go install yo.urspace.net/cli/cmd/yourspace@latest brings down v1.0.2; yourspace --version confirms. New accounts mint a scoped token at signup; existing accounts can rotate to a scoped shape from the dashboard.

The full reference at /docs/cli covers every flag and the new edge-functions section under /docs/edge-functions.