May connected the operating layer that the April update made visible. April added persisted configuration, dashboards, migration tooling, identity-backed access, and operational metrics. May made those pieces speak the same install, upgrade, security, telemetry, and release languages.

App templates stopped being duplicated metadata. Onebox and Cloudly started sharing the same runtime model. DcRouter and RemoteIngress moved toward authenticated, observable, binary-distributed edge infrastructure. idp.global gained MFA and passkeys. GitZone made releases and remote workspaces more structured. New product surfaces landed around home automation, digital signing, and finance/compliance data.

The common May pattern was ownership boundaries becoming explicit: who can install, who can upgrade, which gateway client owns a route, which VPN identity can reach a target, which tenant owns storage, and which tool is allowed to run an interactive process.

serve.zone: App Store and hosted runtime converge

The largest May story across serve.zone was the move from app hosting as a local feature to App Store-driven runtime management shared by Onebox and Cloudly.

Shared App Store contracts. @serve.zone/appstore introduced a resolver client for linked servezone.appstore.json manifests, digest-tracked Docker image resolution, and curated template metadata in the 0.2.x line. @serve.zone/interfaces renamed the older app catalog contracts into App Store contracts, added upgrade preview and operation tracking, then extended the model with hosted app lifecycle and parent upgrade contracts.

Onebox becomes a stronger single-server PaaS. Onebox moved from the 1.25.x line to 3.0.0 in May. It gained dcrouter gateway client support for domains, DNS records, and route ownership; managed local dcrouter mode; grouped dashboard navigation; dedicated Admin UI domain routing; App Store support for declared volumes and raw published ports; runtime update prompts; self-upgrades launched safely outside the service cgroup; digest-tracked App Store images; upgrade progress tracking; interactive workspace processes; hosted app lifecycle; SmartData persistence; configurable storage classes; strict service deletion cleanup; Valkey naming; and a runtime migration from Deno to Node.js.

Cloudly consumes the same runtime model. Cloudly moved through the 5.6.0 to 6.4.3 line with grouped SPA navigation, service detail pages, live deployments, runtime actions, deployment IDE access, node jump codes, Spark telemetry ingestion, App Store browsing and installation, upgrade previews, async upgrade progress, hosted app lifecycle reporting, and parent upgrade controls when Cloudly itself runs as a hosted service.

Templates become operational objects. The App Store work went beyond catalog presentation. Templates now carry source provenance, resolved manifests, upgrade strategy, digest-pinned image data, volume declarations, published-port declarations, platform requirements, and hosted lifecycle expectations. Redis naming was replaced with Valkey across templates, platform requirements, contracts, UI labels, and runtime data migrations.

Onebox and Cloudly now point at the same application operations layer: one manifest model, one install flow, one upgrade model, and one hosted app lifecycle protocol across single-server and cluster deployments.

Ecosystem note. serve.zone is the hosting and operations product line in the foss.global stack. Onebox covers the single-server runtime, Cloudly covers clustered deployments, and App Store manifests give both the same install and upgrade contract.

dcrouter and RemoteIngress: authenticated edge operations

@serve.zone/dcrouter stayed one of the most active infrastructure projects in May. April expanded what the gateway could manage. May hardened who can manage it, how it is installed, and how operators can inspect live traffic.

Gateway client ownership. DcRouter 13.26.0 through 13.28.0 added persistent gateway client management, scoped gateway-client tokens, token-bound route and DNS ownership, hostname restrictions, allowed route targets, and dashboard administration for gateway clients. This gives systems like Onebox a narrower way to synchronize routes and DNS records without sharing a broad admin token or spoofing another client.

Admin bootstrap and API token auth. OpsServer moved toward persisted account-based administration. The May release line added first-admin bootstrap endpoints, database-backed admin accounts, optional idp.global login, admin user create/delete flows, environment-managed admin API token rotation, and scoped API token authorization across config, logs, stats, security, VPN, RADIUS, remote ingress, users, API tokens, and related handlers.

VPN authorization moves to authenticated metadata. DcRouter and the underlying smartproxy and smartvpn stack shifted VPN route authorization away from simple IP allow-list mutation. SmartVPN can now forward real client source IPs and authenticated VPN metadata through trusted PROXY v2 headers, while SmartProxy enforces VPN client ID and assigned-IP grants per connection. DcRouter maps target profiles to those grants and keeps live client source IPs visible as status data.

Network intelligence and RADIUS. DcRouter added queued IP intelligence observation, filtered retrieval for security views, top connected ASN activity, active connection snapshots from SmartProxy, and RADIUS integration backed by smartradius network secrets, including CIDR-based secret resolution and additional RADIUS attributes.

RemoteIngress performance and distribution. RemoteIngress 4.18.0 through 4.22.3 reduced TCP/TLS tunnel copy overhead, deferred upstream connects until first client data, added first-data and client-write timeouts, introduced server-first port handling, fixed stale-frame and QUIC stream exhaustion cases, and added Linux binary builds plus a one-line installer. DcRouter consumed those changes, added per-edge performance overrides, exposed hub settings management, and added its own CLI binary distribution and installer documentation.

By the end of May, dcrouter was no longer only a configured gateway service. It was becoming an installable edge product with scoped client ownership, identity-aware route security, live connection visibility, and tunable tunnel behavior.

Ecosystem note. dcrouter is the serve.zone edge control plane for routes, DNS, certificates, VPN access, RADIUS, and remote ingress. The May ownership work narrows what each gateway client can change.

push.rocks: network, storage, and AI substrate

The serve.zone work depended on a broad May round of push.rocks library releases.

SmartProxy and SmartVPN. @push.rocks/smartproxy gained authenticated VPN route security from trusted PROXY v2 metadata in 27.11.0, active connection snapshots with per-connection byte counters and protocol metadata in 27.12.0, CA-chain preservation for provisioned certificates, mixed port-range route matching, dedicated WebSocket lifecycle timeouts, and effective-client-IP rate limiting after PROXY parsing. @push.rocks/smartvpn added PROXY v2 real-source forwarding with authenticated VPN metadata TLVs. That directly supports dcrouter's new authorization path.

RADIUS and VM networking. @push.rocks/smartradius gained VLAN tunnel attributes, server secret management APIs, CIDR secret resolution, reusable secret resolver helpers, and richer request parsing. @push.rocks/smartvm added managed Firecracker base image bundles, per-VM ephemeral runtime staging, configurable egress firewall policies, and WireGuard-based host routing. The dedicated SmartVM dispatch covers the Firecracker control layer in more detail.

SmartDB and SmartStorage. @push.rocks/smartdb added database tenant management, health reporting, and export/import APIs, then refactored service API logic into shared Rust and TypeScript types. @push.rocks/smartstorage added persisted bucket-scoped tenant credentials, tenant isolation, bucket export/import support, health and metrics APIs, and safer lifecycle rollback and validation. Onebox, Cloudly, Corestore, and hosted services increasingly rely on local operational storage that can be inspected, migrated, backed up, and restored.

Migration and npm tooling. @push.rocks/smartmigration added a bridge target-version strategy so ledgers can be stamped to app versions even when no explicit migration step exists, plus cleaner heartbeat shutdown. @push.rocks/smartnpm modernized npm registry file handling and package extraction APIs with safer handling of missing metadata, versions, tarballs, and search results.

AI tooling. @push.rocks/smartai added typed OpenAI reasoning options, getModelSetup() provider options, OpenAI and ChatGPT subscription authentication helpers, unified prompt caching helpers, and a Mistral OCR subpath export. @push.rocks/smartagent added prompt caching options, cache token reporting, provider options passthrough, structured tool-call records, validation retries, streamed reasoning summary callbacks, reusable shell/filesystem/browser execution contexts, and MCP tool integration. That became the base for GitZone's remote IDE and agent tooling work.

CLI and shell ergonomics. @push.rocks/smartcli introduced live terminal task rendering, progress reporting, lifecycle helpers, optional timers, and spinners. @push.rocks/smartshell added cwd/env execution options, structured strict-mode errors, safer process-tree termination, and inherited stdio support for trusted interactive CLIs.

May's push.rocks work made the shared substrate more explicit: authenticated network identity, tenant-aware storage, stronger local process tooling, and AI agents that can operate with real execution contexts.

Ecosystem note. push.rocks packages are shared infrastructure libraries. Changes to smartproxy, smartvpn, smartdata, or smartstorage usually surface downstream in serve.zone and lossless.zone products.

idp.global and api.global: safer identity and typed APIs

Identity work in May focused on making idp.global easier to integrate and harder to compromise.

SDK extraction. @idp.global/sdk became the canonical browser/server integration path, with browser-side typed request wrappers, server-side account and auth helpers, default hosted https://idp.global endpoint behavior, and expanded usage documentation. The idp.global app removed its legacy in-repo client and switched to the published SDK.

MFA and passkeys. @idp.global/interfaces added TOTP, backup code, MFA challenge, passkey credential, and WebAuthn challenge contracts. @idp.global/sdk added request helpers and an IdpMfaRequiredError. @idp.global/catalog added connected MFA controls for authenticator app enrollment, backup codes, passkey registration, passkey revocation, and MFA disablement. The app followed with backend MFA work and dashboard administration flows.

Typed API safety. @api.global/typedrequest sanitized unexpected handler and middleware errors before returning typed responses while preserving intentional TypedResponseError messages. It also improved binary virtual stream chunk reconstitution. @api.global/typedsocket initialized correlation IDs for requests without existing metadata, fixing stream-control cases such as virtual stream messages.

The boundary is cleaner: identity integrations use published SDKs and interfaces, while the typed RPC layer has safer defaults for errors and streaming payloads.

GitZone: developer operations and remote IDEs

GitZone work in May made development and release operations more structured.

Target-based release flows. @git.zone/cli split commit and release behavior into target-based workflows, added pending changelog handling, introduced first-class git/npm/Docker release targets, added gitzone tools for managing global @git.zone tooling, added guided project/CLI/release/doctor configuration flows, delegated Docker release targets to tsdocker, and added repair paths for legacy release configuration.

Docker, Deno, and process management. @git.zone/tsdocker added cached builds during tsdocker push and automatic Buildx cleanup to prevent unbounded builder cache growth. @git.zone/tsdeno added self-extracting compile targets and safer package.json sanitization during Deno compilation. @git.zone/tspm added runtime isolation through TSPM_DIR, reliable lifecycle handling, file-watch restarts, explicit no-autorestart behavior, daemon identity metadata, protocol version checks, configurable service enablement, and process environment support.

Remote IDE shell. git.zone/ide moved from scaffold to remote project launcher shell: SSH launcher, cached remote runtime, local Theia loading, SmartAgent runtime integration, ChatGPT auth, agent model and reasoning controls, streamed reasoning summaries, live session updates, SmartAgent tool contexts, attachment-aware agent chat, and a dark remote workspace theme.

The direction is clear enough from the release notes: releases, builders, processes, and remote workspaces are becoming managed workflows rather than ad hoc commands.

smarthome.exchange: TypeScript-native home automation

May introduced the foundations of smarthome.exchange as a package ecosystem.

New packages landed for agents, API, catalog, CLI, hub, interfaces, SDK, and integrations. The most substantial early work was @smarthome.exchange/integrations, which owns discovery, configuration flows, vendor clients, mappers, events, normalized service calls, and generated integration descriptors.

The integrations package already registers 65 handwritten integrations and tracks 1,394 generated Home Assistant port skeletons. Handwritten replacements cover local ecosystems and services such as Hue, Sonos, Roku, Cast, MQTT, Z-Wave JS, HomeKit Controller, Matter, UniFi, Shelly, Fritz, Plex, Synology DSM, ONVIF, Pi-hole, Yeelight, ZHA, and others. The generated descriptors are TypeScript classes, not Python wrappers, and are designed to be replaced by real TypeScript runtimes as each port matures.

The architecture is separated deliberately: the hub owns canonical home state, approvals, automations, dashboards, and persistence; integrations normalize vendor reality into shared contracts and runtime primitives.

dees-catalog: guided updaters and portable workspaces

After April's large UI component push, @design.estate/dees-catalog had a narrower May with direct relevance to runtime operations.

dees-updater was rebuilt around native dees-stepper phases. Instead of rendering a nested timeline, updater phases became real steps with compact progress status, viewport-bounded stepper tiles, explicit warning and error outcomes, retry and close actions, configurable app metadata, update sources, impact items, custom phases, and callbacks.

The workspace terminal also became more portable. Execution environments can now provide their native shell command metadata, keeping WebContainer terminals on jsh while allowing backend or mock environments to provide a different shell command, label, args, and prompt.

A packaging fix included the postinstall Monaco helper script in the published package, improving install reliability. The connection to the rest of May is straightforward: updater UX for Onebox/Cloudly-style runtime upgrades, and terminal portability for browser-backed and backend-backed workspaces.

signature.digital and fin.cx: product workflows and compliance data

May also moved several domain products forward.

signature.digital. @signature.digital/catalog moved from the legacy contract editor toward a responsive signing workspace with inbox, compose, sign, audit, developers, templates, team, and settings views. Compose and sign views now accept document, recipient, and field state through properties and emit field, recipient, and routing events. Signing gained validation, field-signed and signing-complete events, SVG/timestamp data, safeguards against empty submissions, and browser coverage. The app began owning routing, inbox data, document selection, compose fields, and recipient routing state. The tools package shifted interface exports to the shared @signature.digital/interfaces package.

fin.cx. @fin.cx/fee-schedules was introduced and then moved to generated JSON payloads with packaged local data before remote fallback, making regulated fee schedule data easier to consume across environments. @fin.cx/einvoice published a major release for SEF-only Schematron validation and lazy-loaded PDF/Saxon runtimes. @fin.cx/csvparser standardized provider parsers on portable monetary transactions. @fin.cx/skr updated invoice parsing and generation for eInvoice 6. @fin.cx/calculation isolated Decimal precision per calculator instance so rounding settings no longer leak across calculations.

The common thread is product workflow backed by typed events, shared interfaces, compliance-grade validation, packaged reference data, and arithmetic that does not share precision state across callers.

What May changed

May connected the operational pieces that April made inspectable. App Store metadata became shared contracts. Onebox and Cloudly started using the same installation, upgrade, and hosted lifecycle model. DcRouter and RemoteIngress became easier to install and safer to operate. SmartProxy and SmartVPN carried authenticated identity into route enforcement. SmartDB and SmartStorage added tenant-aware export/import primitives. idp.global added MFA and passkeys across interfaces, SDK, UI, and backend. GitZone moved releases and remote workspaces toward managed workflows. smarthome.exchange opened a TypeScript-native integration surface.

The useful measure is that systems started operating each other. Hosted apps report lifecycle state to their parent runtime. Gateways trust scoped clients. VPN identity flows through the proxy layer. Storage exposes tenant operations. Developer tools coordinate releases, processes, and remote agents.

That connective tissue defined May.

code.foss.global is hosted by Task Venture Capital GmbH, Bremen, Germany.