Notes from the team
Product launches, engineering deep dives, and the security thinking behind the choices we make.
More from the team
-
Stripe webhooks, the boring way
How WRNexus processes Stripe webhooks idempotently, replays them safely, and never silently drops an invoice.paid event.
May 13, 2026 6 min read -
Introducing WRNexus: identity, workspaces, and billing that just work
Why we built WRNexus, what it ships with on day one, and how it fits into your stack.
May 12, 2026 4 min read -
Why we ship WRNexus as a single-VM Docker Compose stack
A single VM running docker compose powers the WRNexus reference deployment — and it is the same stack we run in production. Here is why.
May 11, 2026 5 min read -
Why we default to passkeys (and not SMS) for MFA
SMS-based 2FA is better than nothing, but it has well-known weaknesses. Here is why WRNexus leads with passkeys.
May 10, 2026 5 min read -
Impersonation, done safely
How the WRNexus staff console lets engineers help customers without ever silently spoofing their identity — and the cookie design behind it.
May 9, 2026 5 min read -
Inside the WRNexus audit log: a tamper-evident hash chain
How we build an append-only, auditor-friendly trail of every sensitive action — and why we chose a hash chain over a signed-row scheme.
May 8, 2026 6 min read -
SCIM 2.0 provisioning, end to end
A walkthrough of the WRNexus SCIM 2.0 endpoint — how to wire it to Okta, Azure AD or Google Workspace, and what we did to keep the integration boring.
May 6, 2026 7 min read -
Introducing the WRNexus Audit Log API
A first-class audit log shipped with every workspace, queryable from the dashboard, the API, and your warehouse — with the same JSON shape everywhere.
Apr 28, 2026 5 min read -
Stripe billing best practices for B2B SaaS
Nine hard-won rules for wiring Stripe into a B2B product without painting yourself into a corner — from price IDs to proration to dunning.
Apr 18, 2026 7 min read -
OAuth vs Magic Links: which one should you ship?
Both reduce password friction. They do not reduce the same friction, and they fail in different ways. A practical comparison.
Apr 4, 2026 6 min read -
Designing multi-tenant workspaces that actually scale
Schema choices, row-level isolation, and the seam between identity and product data — what we learned shipping multi-tenant from day one.
Mar 22, 2026 7 min read -
Hardening SSO with MFA: a step-by-step playbook
Turning on SSO is the easy part. Configuring MFA defaults, recovery flows, and admin overrides so the whole org is safer is where the work hides.
Mar 10, 2026 6 min read -
Building a public status page that nobody hates
Why we built our own status page, the three signals it actually shows, and how we keep it honest when the rest of our stack is on fire.
Feb 28, 2026 5 min read -
Choosing feature flags: build, buy, or use the built-in?
A grown-up look at when to roll your own flags, when to pay for a vendor, and when the basic flags built into your platform are all you need.
Feb 14, 2026 6 min read -
API keys: rotation, scoping, and the things people forget
Five concrete patterns we ship in WRNexus to make API keys boring to operate — including the rotation flow that prevents downtime.
Jan 30, 2026 6 min read -
Zero-downtime Postgres migrations: our checklist
The eight rules WRNexus engineers follow to ship schema changes during business hours without locking a table or paging the on-call.
Jan 15, 2026 7 min read