Console Tour
A visual tour of the OpenRun management console: creating a database service with its connection url stored as a secret, binding an app to it, deploying a containerized app from a git repo, and the operational pages. The screenshots follow the site theme - toggle light/dark to see the console in the other theme.
Create a service
Services are named backing resources (Postgres, MySQL) that apps connect to through bindings. The lock button encrypts the connection url into the secrets store; the service config keeps only the secret reference, so credentials never appear in config listings.

The created service shows on the bindings page with its config keys - the values stay server-side.

Create a binding
A binding gives apps access to a service. Creating it provisions a dedicated account (role and schema) on the database, so each binding is isolated.

Deploy an app
Apps deploy straight from a git repo (or a server directory). The spec dropdown picks the app type for sources without an app.star, parameters are passed as key/value pairs (lockable into the secrets store), and the service bindings dropdown attaches the binding - the app’s container gets the database credentials as environment variables.

Validate does a dry run: the source is fetched and checked, and the permissions the app will request are listed for review before anything is created.

After create, the app is live with a staging environment alongside prod.

The app detail page shows versions for prod and staging, the approved permissions, and links to open the running app.

Operate
Containers for the deployed apps, with lifecycle actions, stats and logs:

Every operation is audit logged, filterable by app, operation and status:

Declarative GitOps sources keep apps synced from a repo on a schedule:

The AI app builder creates apps from a prompt in an agent session:

Server configuration - auth, git, secrets, RBAC and system settings - is editable from the console, with staged versions and history:
