Quiverstone
Roadmap
Feedback
Changelog

Changelog

Follow up on the latest improvements and updates.

RSS

improved

minor

feature

v1.3.7 - Dashboard insights + AWS Security Bulletins

We've made your dashboard a lot more useful and brought AWS security news right to your fingertips.
New dashboard widgets
  • Account Status breakdown — a color-coded bar showing how your accounts split across Active, Suspended, Pending Closure, and Closed at a glance.
  • Stale Accounts alert — flags accounts that haven't been updated in 30+ days, with quick links to jump straight to them.
  • Subscription Status — see your current plan, status, seat usage, and renewal date, with one click through to manage your subscription.
  • Recent Role Assumptions — your last few assumed roles are now saved for one-click re-assumption.
AWS Updates & Security feed
  • The news feed is now "AWS Updates and Security" with easy tabs for What's New, AWS Blog, and the brand-new Security Bulletins.
  • Official AWS Security Bulletins are now pulled in automatically. Recent, unacknowledged bulletins surface as notifications in your navbar so you never miss a critical advisory — acknowledge them individually or all at once.
  • News items now show a short description, and the Region Health Map highlights active global AWS service events.

new

minor

feature

v1.3.6 - AWS IAM Service Reference Browser

Browse, search, and filter IAM actions, condition keys, resources, and operations for all 400+ AWS services — directly from the Quiverstone dashboard.
  • Search and filter the full AWS service catalog with instant results
  • View actions with access level classification (List, Write, Permissions, Tagging, Read)
  • Explore condition keys, resource types with ARN patterns, and API operation mappings
  • Filter actions by access level with multi-select OR logic
  • Expandable action rows showing condition keys, resource types, and SupportedBy metadata
  • Virtualized lists and tables for smooth performance even on services with 700+ actions
  • Fully client-side — data sourced from the public AWS Service Reference API with in-session caching
Find it under Utilities > IAM > Service Reference.

fixed

minor

bug

v1.3.5 — Custom Account Fields & Team Lifecycle Improvements

Custom Account Details
  • Add custom fields, tags, and contract notes to any account
  • Role-aware visibility — show or hide custom fields based on the viewer's role
  • Tags and notes persist across inventory runs
Smarter Team Management
  • Deleting a team now cleans up everything in one shot: memberships, access lists, and dependent records
  • Team-type rules updated for the Consultant tier so plan limits match what you actually get
  • New confirmation dialog prevents accidental team deletions
Invitations Fixed
  • Resolved bugs where team-scoped invites didn't always wire up Cognito or membership correctly
  • New backfill job repairs missing memberships from previously invited users
Security Hardening
  • Group writes now validate that referenced users, teams, and roles belong to your tenant — blocking cross-tenant ID injection
  • Expanded secure-delete coverage to team resources

new

improved

minor

feature

v1.3.4 - Account, Organization, and Client View updates

Redesigned Account View
* New hero layout with a clickable Account ID (copy-to-clipboard), account-type badge, status, and join context at a glance.
*
Organizational Structure
sidebar shows every account's place in the hierarchy: Client → Organization → OUs → Account.
*
Applied Policies
tab surfaces every SCP, Tag, Backup, and related policy reaching the account — direct or inherited — with source badges so inheritance is obvious.
*
Delegated Services
tab flags Control Tower and AWS Backup delegations in context.
*
Assume Role
panel lists only the roles you're actually entitled to, with one-click assumption.
Account Add & Edit — parity with Organizations
* Three-step Add flow (Info · Inventory Role · Metadata) with post-create inventory status toast.
* Edit page now uses the same tabbed layout as Organizations: Information · Tags & Notes · Inventory Role · Access Roles.
* Chip-style tags, contract number, and notes preserved across inventory runs.
Clients
* Client list now shows per-client Organizations and Accounts counts.
* Client → Accounts tab hides "Switch Role" when you have no entitled role — no more dead-end clicks.
Security Hardening
* Inline access-role writes on Accounts and Organizations are now validated server-side: role-name, assumption type, External ID format, and intermediate-ARN tenant allowlist — the same rules the assume-role Lambda enforces at use time, now also applied at write time.
* Unknown fields on role entries are stripped with an audit-log entry, closing an injection surface.
* Updates to records missing an owner are rejected outright.
* Client mirrors the server validation so typos surface before the save.

improved

minor

feature

v1.3.3 - UI/UX Enhancements

A series of changes to enhance the user experience and views.
A few security fixes with role, group, and team list access to users invited into teams

new

improved

fixed

minor

bug

feature

v1.3.2 — Role Library & Pre-Approved Role Assignment

Role Library
  • Create and reuse roles across resources. Define each access role once in the library — role name, assumption type (Browser Session / Federated Direct / Federated Chained), target External ID, intermediate role ARN for chained assumption, and session naming — then attach it to any Organization or Account.
  • Pre-approved roles for Accounts and Organizations. When adding or editing a resource, pick from the list of roles already in your library instead of filling out the full form. Overrides remain available on the resource itself for one-off exceptions.
  • Consistent role configurations tenant-wide. Every resource that references a library role inherits the same trust boundary — updates to the library role surface everywhere it's used (manual re-apply today, automated propagation in a follow-up).
  • Library-role audit trail. Every assumption of a library-backed role is logged against its source role, so you can trace usage by role and not just by resource.
Group-Based Role Visibility (Pro & Enterprise)
  • Gate role visibility by Group membership. Link a library role to one or more Groups — only members of those Groups see the role in the Assume Role modal on any resource that uses it.
  • Server-enforced at assumption time. The visibility filter applies on both the client and the server, so a role that a user isn't entitled to via Group membership cannot be assumed even via direct API calls.
  • "Hidden roles" hint in the Assume Role modal. When roles are filtered out for the current caller, a non-leaking banner shows the count so the user understands the distinction between "no roles configured" and "you don't have access to the configured roles." Role names and identities are never disclosed.
Security Hardening
  • Server-authoritative role resolution. Target External IDs and intermediate role ARNs are now resolved from the tenant's stored role configuration rather than trusted from client input. Drift between client and server values is logged at the SECURITY level.
  • TeamMembers model lockdown. Direct create / update / delete GraphQL mutations on the - TeamMembers model are disabled. All membership writes now flow through tier-checked Lambdas with sentinel-stamped audit trails.
  • Tighter cross-tenant isolation on intermediate account allowlists and inline role queries. DynamoDB queries are now tenant-scoped at the service boundary rather than relying solely on post-hoc application-level filtering.

new

minor

feature

v1.3.1 - AWS Region Capabilities Lookup

What's New
Explore AWS service availability across all regions directly from Quiverstone. Find this new tool under Utilities > Infrastructure > Region Capabilities.
Features
  • Service availability matrix — See which AWS services are available in which regions at a glance, powered by live data from AWS
  • Region comparison — Select specific regions to compare side-by-side with dynamic table columns
  • Service comparison — Pick multiple services to compare their regional availability
  • Search & filter — Quickly find services by name and filter by region
  • Export — Download your filtered results as CSV or JSON for offline analysis and reporting
  • Auto-refresh — Data is cached for 1 hour with manual refresh available
Details
Data is sourced directly from the official AWS Regional Services List and requires no additional configuration. The tool is 100% client-side with no backend dependencies.

new

minor

feature

v1.3.0 — Teams, Users, Groups & Roles

Teams & Users:
  • Team Types Simplified — Replaced the legacy team types (Admin, Developer, ReadOnly, Custom) with two purpose-driven types: Settings and Access. Settings Teams manage platform administration (creating teams, inviting users, managing groups and roles). Access Teams grant users access to accounts, organizations, and customers.
  • Team Member Invitations — Invite users to your teams by email. New users receive an automatic invite email through Cognito; existing users receive an SES notification. Invitations follow a PENDING → ACTIVE → REMOVED lifecycle with full audit trail.
  • Role-Based Team Management — Owners and Admins can manage team members, update roles, transfer ownership, and remove members. Members gain access to shared resources without management capabilities.
  • Ownership Transfer — Team Owners can transfer ownership to another team member in a single atomic operation. The current owner is automatically demoted to Admin.
  • Tier-Enforced Seat Limits — Team creation and member invitations are enforced server-side against your subscription tier. Consultant plans are limited to 1 team with up to 3 seats. Pro plans support unlimited teams with up to 10 seats. Enterprise plans have no limits.
Groups & Roles:
  • Roles — Create named Role records representing preconfigured AWS access roles. Roles can be assigned to Groups to define what level of access users receive. Full CRUD with search, sort, and pagination.
  • Groups — Groups are the binding entity that connects Roles to users, Access Teams, and resources (Organizations, Accounts, Customers). Assign multiple roles, users, and resources to a single Group for streamlined access management. Full CRUD with a multi-selector interface for managing assignments.
Subscription Management:
  • Team-Based Subscription Sharing — Team members automatically inherit the subscription tier of their team's owner. No separate subscription setup needed for invited users.
Other Improvements:
  • Admin Navigation — New sidebar section for Teams, Users, Groups, and Roles under the Admin menu.
  • Multi-Selector Component — New reusable component for selecting multiple items (users, teams, roles, resources) with search filtering and keyboard accessibility.

new

improved

minor

feature

🚀 v1.2.1: Real-Time AWS Intelligence

This update brings the power of global infrastructure visibility directly into Quiverstone. We’ve built a suite of tools designed to help you monitor AWS health and stay ahead of service updates without ever leaving your dashboard.
🗺️ AWS Region Health Map
Visualize your global footprint with our new interactive AWS Health Map.
Complete Coverage: View health status across all AWS Regions, Edge Locations, and Local Zones.
Proximity Awareness: You can now toggle Customer Locations to see exactly where your users sit relative to your active AWS infrastructure.
Real-time Alerts: If a region experiences an outage or degradation, it will now trigger an immediate notification in your panel, color-coded by severity (Normal, Impacted, Degraded, or Disrupted).
📰 AWS Intelligence Feed
Stay in the loop with the latest from the cloud ecosystem. We’ve added a dedicated news sidebar that pulls in:
AWS Service Release News: Instant updates on new features and service availability.
AWS Blog Integration: Keep up with technical deep dives and architectural best practices.
Search & Filter: Easily find news related to specific services like Lambda, OpenSearch, or Timestream.
Tip: Check out the new "Map Layers" toggle in the top left of the Health Map to customize your view between Customers and Edge Locations!

new

improved

fixed

minor

feature

v1.2.0: Better Security & Streamlined Support

🚀 Quiverstone v1.2.0: Better Security & Streamlined Support
We’re excited to roll out v1.2.0, focusing on a more robust infrastructure and a significantly better way for you to get help and share your feedback. This update is all about making Quiverstone faster, safer, and more collaborative.
💳 Infrastructure & Security
Production-Ready Payments: We’ve officially migrated to our updated payment processing backend. This transition ensures faster transaction speeds and a more reliable checkout experience.
Hardened Security: Your data safety is our priority. This release includes enhanced security protocols across the entire platform to keep your workspace protected against evolving threats.
🗣️ New Feedback Structure
We heard you—the old feedback board was getting a bit crowded! To make sure every voice is heard and every issue is tracked accurately, we’ve split our Canny Feedback into two dedicated channels:
Feature Requests: For all your "what ifs" and "I wish it coulds."
Bug Reports: For the things that aren't working quite right, so our team can squash them faster.
🛠️ Enhanced Support
Freshdesk Integration: We’ve launched our new Freshdesk Support Portal. Whether you need a quick answer or deep technical assistance, our new ticketing system and knowledge base are now live to provide you with seamless support.
Load More