Internal Tools Platform Open beta

Ship internal tools
with production governance.

Deploy deterministic, versioned releases with org-scoped access control, audit-backed operations, and DEV/TEST/PROD promotion paths.

Start building How It Works
StockLevels.tsx
AlertService.ts
relpin.config.ts
1import { useQuery } from '@app-builder-platform/data'
2import { Badge, TableView } from '@app-builder-platform/ui'
3
4export function StockLevels() {
5 const { data, isLive } = useQuery(
6 'inventory.stock_levels',
7 { where: { quantity: { lt: 100 } } }
8 )
9
10 return (
11 <TableView
12 rows={data}
13 pinned={isLive}
14 columns={[
15 { key: 'sku', header: 'SKU' },
16 { key: 'name', header: 'Product' },
17 { key: 'qty', header: 'Qty' },
18 { key: 'status', render: (r) => (
19 <Badge variant={r.qty < 20
20 ? 'critical' : 'warning'}>
21 {r.status}
22 </Badge>
23 )},
The Shift

Everyone's building apps now.
Nobody's governing them.

AI tools and low-code platforms turned every team into app builders. The risk is not app creation itself; it is production data access without clear release, audit, and access-control boundaries.

42%
of enterprise apps are shadow IT
Productiv, 2023
75%
of knowledge workers use AI at work
Microsoft Work Trend Index, 2024
78%
bring their own AI tools to work
Microsoft Work Trend Index, 2024
275
SaaS apps per enterprise avg
Zylo SaaS Management Index, 2025
Builder Tools
  • Generate UI from a prompt
  • Deploy to a public URL
  • Single-user editing
  • No environment separation
  • No audit trail
What Governance Requires
  • RBAC per environment and resource
  • Immutable, versioned releases
  • Full mutation audit logging
  • Server-side secrets with scoped access
  • Promotion gates: DEV → TEST → PROD
Governance posture · Auditability · Access boundaries
The Problem

Internal tools break.
Every. Single. Time.

bash — ~/ops
$
FRI 16:42 DEPLOYsarah.ops pushed query update to production
FRI 16:43 WARNINGResponse time degraded to 8.2s on /api/metrics
FRI 16:51 ERROROOM killed — dashboard loading 847,291 rows client-side
FRI 17:02 OUTAGECEO dashboard down — 23 active users affected
SAT 09:15 ESCALATECTO requests rollback — no release history exists
SAT 09:47 BREACHRaw PII exposed via unscoped API response
MON 08:30 AUDITCompliance: who approved this change? No trail found.
MON 11:00 LEGALAudit response required — review window started FRI 16:51
$

One unreviewed change can become an outage, a data-quality issue, or an audit gap.

Governed Releases

Pinned. Promoted. Audited.

Every publish is content-addressed: the bundle is canonicalized and SHA-256 hashed, then pinned to exact schema versions. Promote the same artifact through environments behind approval gates, and record every governed deployment and lifecycle change.

01
Content-addressed releases

Every publish is canonicalized and SHA-256 hashed, then pinned to exact schema versions — the build you tested is byte-for-byte what ships.

02
Approval gates

TEST requires one approval, PROD requires two with separation of duties — approvals bind to the exact artifact hash, so re-planning invalidates them.

03
Promotion gates

DEV → TEST → PROD clones the same artifact and fails closed on schema drift, re-verified at apply time as tenant audit entries.

Releases
Release History
v2.1.0DEPLOYED
Schema migration #47
Mar 12 · 14:32 · 14 tables · 0 pending
v2.1.1PINNED
Hotfix: filter reset
Mar 14 · 09:15 · 14 tables · 0 pending
v2.2.0STAGING
New bulk actions
Mar 18 · 11:03 · 15 tables · 1 pending
Content-addressed releases pinned to exact schema versions
Approval gates: TEST needs one, PROD needs two with separation of duties
Promotion clones the same artifact and fails closed on schema drift
Release and deployment activity recorded as tenant audit events
Content-addressed artifacts · Schema-version pinning · Approval-gated promotion
Governance

Private by default.
No public app drift.

Every deployed app stays behind Relpin authn/authz. Account, organization, app, and environment access are checked before the app runtime receives traffic.

01
Private routes

Deployed apps stay behind Relpin authn — no app URL is reachable without an authenticated session.

02
Org membership

Organization checks run at the route boundary before the app runtime sees a single request.

03
Server-side secrets

Connector credentials and secrets stay server-side — never proxied through the browser.

Governance
Roles
4
Users
17
Policies
12
Violations
0
Role-Based Access Control
RoleDeploySecretsAuditUsers
Admin1
Developer4
Viewer12
Relpin account required before deployed app access
Organization membership checked at the route boundary
Capability-based access control per app and environment
Secrets and connector credentials stay server-side
Private-by-default routes · Org membership checks · Server-side secrets · Fail-closed paths
Data Architecture

Your database. Your rules.
Your speed.

Relpin is built around a DB-per-org data plane. Tenant queries run server-side with SQL pushdown, while external connector work stays governed and server-side.

01
Server-side SQL

Filters, sorts, and pagination compile to Postgres. Publish fails if the query would evaluate in the browser.

02
DB-per-org

Every organization gets a dedicated Postgres with environment-scoped schemas and ownership.

03
Governed connectors

External connector calls run server-side, capability-gated, and audited through the same trail.

Data Architecture
Query Time
47ms
Rows Scanned
100,000
Returned
25
Cache Hit
94%
Query Execution Pipeline
PARSE2ms
SELECT * FROM orders WHERE status = 'active'
FILTER8ms
B-tree index scan on status
SORT12ms
ORDER BY created_at DESC
PAGINATE3ms
LIMIT 25 OFFSET 0
RETURN22ms
25 rows serialized → JSON
Total execution47ms
SQL-level filtering — sorts and pagination pushed to Postgres
DB-per-org baseline with environment schemas and an enterprise DB-per-env path
Tenant DB access stays server-side and env-backed
Connector execution is server-side, capability-gated, and audited
Server-side queries · Tenant-isolated · Env-backed DB access · Governed connectors
The Platform

Code it. Ship it. Govern it.

Code-first development with deterministic releases and governed execution. Write real TypeScript, pin every artifact to a schema snapshot, and give your team a control plane they can trust.

Platform
OrderTable.tsx
export function OrderTable({ data }) {
const filtered = data.filter(
row => row.status === "active"
)
return <Table rows={filtered} />
}
Real TypeScript components — not canvas widgets or config files
Code-first authoring with a governed SDK — queries execute server-side
Every release content-addressed and pinned to exact schema versions
Publish-time gates — no silent client-side evaluation
Code-first · Deterministic deploys · Governed execution · Server-side queries
Get Started

Stop shipping tools
you can't operate.

Code-first speed with platform-grade release, data, and access boundaries. Build quickly without making the browser the authority for production behavior.

Start building Explore the platform

Open beta · Demo workspace included · Governance-focused

Pinned releases. Governed execution. Built to operate.