v1.3.0-beta — 2026-04-21¶

UI layer for the DNS providers expansion. Sub-phase B closes the loop between the sub-phase A backend (encrypted credentials + inline Option 2 pipeline) and the operator — you no longer need curl to configure cloudflare or route53.

What landed¶

Settings → DNS providers¶

New section on the existing Settings page. Cards grid, one per supported provider (Cloudflare, Route 53). Each card renders:

Enabled toggle.
Configured / Not configured badge so you see at a glance which providers have credentials stored.
One input per credential field from the catalogue (1 field for Cloudflare / Hetzner-style providers; 2-3 for Route 53 / Porkbun; more for OVH / acmedns in later sub-phases).
Secret fields use type=password + the __UNCHANGED__ sentinel on already-configured providers: the input shows a masked placeholder with an Edit button, so you can rotate one field without retyping others.
How to get credentials → link to the provider's docs.
Trust-boundary callout above the grid: credentials are decrypted in the panel and streamed plaintext through Caddy's admin API (which is never published outside the argos_net Docker network).

Saving triggers an automatic reconcile. A post-save banner inside the card surfaces the exact Caddy error when reconcile rejects the new value (e.g. Cloudflare's syntactic "API token appears invalid" check) while the DB write itself succeeded — you see both states explicitly.

Settings DNS providers

The TLS challenge radio group in the host form gains a DNS provider selector, visible only when DNS-01 is picked. Three states:

One enabled → auto-selected with a caption "Using <provider> from Settings" and a deep link.
Multiple enabled → native <select> with only the enabled + configured providers. Default = the host's currently-saved value or cloudflare.
None enabled → amber warning with a deep link to Settings; the form blocks Save client-side (the backend would reject too with a 400, but catching here keeps the UX clean).

Editing a host whose saved provider was disabled AFTER creation shows a "(not enabled)" option in the dropdown with a yellow note, so the drift is visible rather than silently rewritten.

Host form DNS provider dropdown

Docs¶

DNS providers rewritten to lead with the UI flow; the API surface stays documented for scripting and automation.
Add a host step 3 covers the new DNS provider field, including the three picker states.
Screenshot placeholders settings-dns-providers.png and host-form-dns-provider-dropdown.png added to docs/screenshots/README.md with the capture checklist entry.

No backend changes¶

Zero Go code changes since v1.3.0-alpha. The API surface (GET /api/dns-providers, GET /api/dns-providers/{name}, PUT /api/dns-providers/{name}) and the host validation path (validateDNSProvider) are unchanged. The UI talks to the endpoints that already shipped.

Migration¶

cd argos-edge
git pull
docker compose build
docker compose up -d

No migrations run. No env-var changes. If you configured credentials via curl during the alpha, the Settings page will show them as Configured on first visit.

DNS providers — feature reference with the UI + API paths side by side.
v1.3.0-alpha release notes — backend + Option 2 pipeline story.
dns-providers-analysis.md — scoping doc with the Tier 1 / Tier 2 split; sub-phase C expands the catalogue with gandi / desec / ovh / duckdns / porkbun / hetzner / digitalocean / acmedns.