SGApps Labs SRL — Hosted, versioned, browser-edited configuration store for ERPs and business backends.
<div class="cta-row">
Launch the app →
API reference</div>
Stop hand-editing JSON files on production. Move your ERP-side configuration(pricing rules, taxonomies, user roles, environment settings) into a hostedstore with a real editor, real history, and a real API.
| Property | Detail |
|---|---|
| Editor | Monaco (the VS Code engine), running in your browser |
| Storage | GridFS-backed, path-scoped per user |
| Versioning | Automatic snapshot on every save (PUT) |
| Rollback | One-click restore of any past version (creates pre-rollback snapshot first) |
| API for clients | GitLab v4 compatible — list branches, tree, raw files |
| Authentication | Session cookie for the UI; PRIVATE-TOKEN for external clients |
Ctrl+S.PUT creates a numbered version in
.history/{branch}/v{NNNN}-…. No commit hygiene required from the team./site-builder/api/erp-config/projects/{repo}/repository/... with a
PRIVATE-TOKEN header. Existing GitLab API clients work unmodified.X-Instance-Id
fingerprint binding to defend against token theft.staging and master branches
side-by-side. Promote between them via copy or rollback. Branch names
are validated to a safe lowercase alphabet.Three roles: you (the operator browsing configs), the editor(this app, in your browser), and the ERP instance (your backendreading configs).
From the file manager, create a folder under/apps/site-builder/user/{you}/. Each project is a self-contained configrepo with its own branches and history.
Click any file — JSON gets syntax highlighting and inline validation.Save with Ctrl+S or the toolbar Save button. A snapshot iscreated automatically.
On the project overview, click + New token, scope it to the rightrepo(s), set an expiry. The token value is shown once — paste it intoyour ERP's secret store right then.
On boot or refresh, the ERP fetches its config tree and files.commit.short_id only changes when content changes, so polling stayscheap regardless of frequency.
All data lives in GridFS under predictable paths:
/apps/site-builder/user/{owner}/{repoId}/branch/{ref}/{relPath}
/apps/site-builder/user/{owner}/{repoId}/.history/{ref}/v{NNNN}-{iso-ts}/{relPath}{owner} — user ID (MongoDB ObjectId){repoId} — project name (validated, lowercase + dots/hyphens){ref} — branch name (e.g. master, staging){relPath} — relative path inside the branch.history/ — auto-snapshots, one folder per save, isolated per branchWhy this matters. The path scheme is the source of truth — there's no separate metadata table. Listing branches is a directory listing. Listing history is a directory listing. Reading a snapshot is reading files. Operationally this means GridFS tooling (mongofiles, mongoexport) works directly on configs without going through this app.
| Surface | Auth | Mutability |
|---|---|---|
Admin API (/site-builder/api/projects/...) | Session cookie | Read/write — owner only |
Read API (/site-builder/api/erp-config/...) | PRIVATE-TOKEN header | Read-only — scoped per token |
Token CRUD (/site-builder/api/tokens) | Session cookie | Read/write — owner only |
{owner} == session.user._id so users can neveraccess another user's projects. The read API resolves the token to itsowner+repos list and refuses paths outside that scope.X-Instance-Id fingerprintbinding when issuing a token — a leaked token then only works from theoriginal ERP instance (the client sends the same fingerprint header onevery request; the server compares with crypto.timingSafeEqual).