PostGIS, threshold alerts, an MCP server, and a Terraform provider

Extensions: 13 on the list, and PostGIS is one of them

The allowlist grew from 7 to 13: postgis, unaccent, ltree, fuzzystrmatch, btree_gin, and btree_gist joined pg_stat_statements, pgcrypto, uuid-ossp, citext, hstore, pg_trgm, and vector. Yes, that means geospatial workloads run on CapyDB now.

It is still an allowlist, for the same reason as before — extensions run inside the database process, and a short audited list means a restore or import never lands on a host missing a library. But the list now covers the requests we actually kept getting.

Extensions also became manageable per database. Trusted extensions you can still CREATE EXTENSION yourself on a direct connection, like always. The superuser-managed ones (PostGIS, pg_stat_statements) — and all of them, if you prefer one consistent path — go through the new Extensions page in the dashboard, GET/POST/DELETE /v1/projects/{id}/extensions, or capydb extensions list|enable|disable. Enables and disables are async jobs, recorded only after the change actually succeeded on the host. Disable runs DROP EXTENSION without CASCADE, so it refuses to take your dependent objects down with it. Details in the extensions reference.

Threshold alerts

Hitting your storage limit used to be something you discovered. Now it is something you are told about: CapyDB evaluates storage and connection usage against your plan limits and opens an alert at 80% (warning) and 95% (critical), with hysteresis so usage hovering at a boundary cannot flap notifications — critical downgrades below 90%, and an alert fully resolves below 75%.

Alerts land in the dashboard, fire alert.triggered / alert.resolved webhook events, and email the org billing address when one is configured. An open alert re-notifies at most once every 24 hours; an escalation to critical notifies immediately. Acknowledging marks an alert as seen — it deliberately does not silence it, because the fix is reducing usage or raising the limit, not muting the messenger. Full mechanics in the alerts guide.

An MCP server, because your agent manages databases now

@capydb/mcp is the official Model Context Protocol server: 14 tools covering projects, preview databases, connection strings, backups, extensions, async job polling, and the Studio SQL runner. npx -y @capydb/mcp with a CAPYDB_API_KEY and Claude Code, Claude Desktop, Cursor, or any MCP client can create a clone-mode preview, run a query against it, and clean up after itself.

The security notes are written for the world we actually live in: use a project-scoped key, know that connection strings reach the model's context, and point agents at previews — they are disposable on purpose.

A Terraform provider

capy-base/capydb works with Terraform and OpenTofu: four resources (capydb_project, capydb_preview_database, capydb_api_key, capydb_webhook_endpoint) and four data sources, including capydb_project_connection for wiring the database URL into the rest of your stack. The provider handles CapyDB's async job model properly — it polls jobs with configurable timeouts and writes the resource id to state before waiting, so a timed-out apply never orphans a database.

One honest warning, stated in the docs because it is true of every provider like this: API key tokens, webhook signing secrets, and connection URLs are sensitive values that end up in Terraform state. Protect the state file.

The CLI kept growing

capydb picked up projects list, clusters list, orgs list|switch (credentials are now stored per organization), webhooks, api-keys, audit, extensions, alerts, doctor, config show, and version --check. A global --output text|json flag makes every command scriptable — in JSON mode stdout is only the document, and lists are always [], never null. There is a real exit-code table (auth failures are 3, not-found is 4, timeouts are 6), --wait-timeout on every job-queuing command, and shell completions for bash, zsh, fish, and PowerShell.

Smaller things you will notice anyway

• Project sidebar — project pages in the dashboard got a proper sidebar, so connections, previews, backups, Studio, observability, and settings are one click apart instead of a tab hunt.
• llms.txt — these docs now serve /llms.txt and /llms-full.txt, so the tools reading documentation on your behalf get clean Markdown instead of scraping HTML.
• Auth sync beyond Clerk — the capydb_auth.users mirror now also works with Auth0 and Better Auth. Same table, same ground rules, provider-appropriate webhook verification.

The product is still managed Postgres with a deliberately small surface. This release did not change that — it made the surface reachable from the tools you already use.