Production blockr hosting,
one binary.
Hardened session isolation, per-user credentials via OpenBao, unpinned deploys with live refresh, and built-in board storage. The full blockr stack as one binary.
Why Blockyard?
Hostile-by-default isolation
Every blockr session evaluates user-supplied R code. Per-container bridge networks, dropped capabilities, read-only root, seccomp profiles — and an optional Kata runtime for VM-grade isolation.
Per-user credentials via OpenBao
Short-lived, scoped tokens injected per request. The server itself can't read user secrets, so Sys.getenv() exfiltration that breaks env-var-based credentialing isn't possible by design.
Unpinned deploys with live refresh
Deploy without a lockfile — the server resolves R packages via pak. A refresh action re-resolves dependencies in place, with no redeploy and no code change. No other platform does this.
Live package installs
Users install packages at runtime. Hot-loaded if compatible, transparent session migration to a fresh container if not. Either way, the user keeps working without an image rebuild or redeploy.
OIDC + admin-controlled RBAC
OIDC sign-in with system roles assigned by admins, not derived from IdP groups. Per-app ACLs with public / logged_in / restricted visibility.
Board storage built in
First-class save, share and restore for blockr boards, with per-user ACLs. Not a bolted-on integration — wired into the auth and credential model from day one.