Bootspring v2.7.0: NLU Brain, Smart Dashboard, and Enterprise Security

We're excited to announce Bootspring v2.7.0, our biggest release yet. This update brings natural language understanding to the CLI, a production-ready web dashboard, persistent telemetry, and enterprise-grade security — all shipping in a single 322KB npm package.

NLU Brain: Talk to Your Tools#

The new NLU Brain is a unified natural language router that understands plain English commands and routes them to the right skill, workflow, agent, or pipeline.

Under the hood, it uses a 3-stage cascade:

1. Exact match — known command patterns
2. Semantic similarity — TF-IDF classifier trained on 200+ phrases
3. Keyword fallback — graceful degradation for novel inputs

The brain learns from corrections. When a route misses, tell it the right target and it updates its model for next time.

New CLI commands: bootspring brain route, brain status, brain analytics, brain reset

New MCP tool: bootspring_brain — natural language to dispatched action with confidence score

Smart Dashboard: 20 Pages, Fully Wired#

The Next.js dashboard went from prototype to production-ready:

• 13 data-driven pages connected to real API endpoints via JWT-authenticated API client
• 7 new UI components — Modal, Toast, Dropdown, Table, Pagination, Chart, Tabs
• 3 detail pages — drill into individual projects, agents, and build tasks
• Dark mode — class-based toggle with system preference detection
• Keyboard shortcuts — g+d for dashboard, g+p for projects, ? for shortcuts overlay
• Loading skeletons and error boundaries on every page
• Responsive sidebar with mobile hamburger menu
• Code splitting — heavy components lazy-loaded via next/dynamic

Every button either does something or was removed. No dead UI.

Database-Backed Telemetry#

Session intelligence now persists across restarts with PostgreSQL-backed storage:

• 4 tables — sessions, events, cost records, sync snapshots
• Batch insert with configurable flush intervals
• Retention policy with automatic cleanup
• CSV/JSON export for offline analysis

Use bootspring session stats, session suggest, and session recall to query your build history.

Enterprise Security Hardening#

Security got serious attention:

• CSRF protection — double-submit cookie pattern on all mutating endpoints
• Per-route rate limiting — 5 tiers (auth: 5/min, brain: 30/min, build: 60/min, export: 5/min, default: 100/min)
• Content-Security-Policy — Next.js middleware with CSP, X-Frame-Options, Referrer-Policy
• security.txt — RFC 9116 security contact at /.well-known/security.txt
• Zod validation — 14 schemas added to 6 previously unvalidated routes
• strictNullChecks — enabled across all 20 tsconfig.json files
• Password minimum increased from 8 to 12 characters

What's Next#

v2.7.0 lays the foundation for our next wave:

• Integration activation — connecting GitHub App, Slack bot, and Linear sync to live APIs
• Extension publishing — Chrome Web Store and VS Code Marketplace submissions
• Onboarding improvements — streamlined bootspring go one-command setup

Get Started#

Full changelog at github.com/girardmedia/bootspring/blob/main/CHANGELOG.md.