InstallHub combines governed export, intelligent import, and a built-in marketplace — every package operation versioned, checksummed, and fully auditable.
A production-ready export pipeline. Extract data from any source into versioned, dependency-tracked ZIP packages with a guided 4-step wizard.
Guided workflow: Source Selection, Field Mapping, Schedule, Review & Submit. Every step validated before proceeding — no misconfigured exports.
Connect to relational databases, file-based data, or any HTTP API. Multi-source exports combine data from different origins into a single versioned package.
All packages follow semver with a full lifecycle: Draft, Released, Archived. Each version carries independent release notes, assets, and checksums.
All packages are stored as versioned ZIP archives in Cloudflare R2. SHA256 checksums are computed and stored on every asset — tamper detection built in.
Every export operation, version state change, and field mapping decision is written to an immutable audit log. Full compliance evidence without any manual effort.
15,000+ lines of code backed by 84+ automated tests at 86% coverage. SOLID Principles Score 9.2/10. Architecture Score 9.5/10.
Upload any InstallHub package and let the system validate, resolve dependencies, handle conflicts, and import — all within a guided 4-step wizard.
Guided workflow: File Upload, Mapping, Conflict Resolution, Review & Start. The wizard surfaces every decision point clearly before any data is modified.
Every uploaded package is validated: manifest structure, SHA256 checksum verification, and archive integrity checks — before a single import handler runs.
FormHandler, TableHandler, ConfigHandler, TemplateHandler, ScriptHandler, DataHandler, ViewHandler, StoredProcHandler, TriggerHandler, IndexHandler, ConstraintHandler, RoleHandler, UserHandler, SecurityHandler, AuditHandler, MetadataHandler, SchemaHandler, RelationshipHandler, CustomHandler, and BaseImportHandler.
Merge (recursive intelligent merge), Overwrite (replace all existing records), Skip (keep existing, ignore incoming). Choose per-entity or apply globally across the import.
Topological sort determines the correct import order. Circular dependency detection at 99.9% accuracy. Missing dependency detection before the import starts — zero surprises mid-run.
BackupRestoreService creates pre-import database snapshots automatically. If anything goes wrong, a single command rolls back to the exact pre-import state.
BackupRestoreService takes a full database snapshot before every import begins. No manual steps — protection is automatic and always current.
All backups are GZip-compressed. Typical snapshots are 3 to 5 times smaller than raw data — lower storage cost, faster transfers, same reliability.
Every backup is fingerprinted with a SHA256 hash. Restoration refuses to proceed if the integrity check fails — corrupted backups are caught before they cause harm.
Set backup retention policies per-tenant. Retain as few as 7 days for low-risk imports or up to 730 days for regulated environments requiring long audit windows.
Both backup and restore operations are atomic — they either complete fully or leave the system unchanged. Partial restores are impossible by design.
Every import moves through documented states: Pending, Validating, Configuring, Reviewing, Importing, Completed, Failed, or RolledBack — each state change timestamped and logged.
A governed marketplace for publishing, discovering, and downloading reusable packages across teams and organisations — with admin oversight at every step.
Creators publish packages from the Creator App. Admins review and approve via the Admin App before any package becomes publicly available in the marketplace.
Search across package titles, descriptions, and tags. Filter by category, publisher, or rating. Sort by popularity, rating, or recency — find exactly what your team needs.
Downloads are served via time-limited signed URLs generated from Cloudflare R2. URLs expire after 60 minutes — no persistent public links, no unauthorised redistribution.
Every download is logged to MarketplaceDownloadLog. Trending packages surface by download count. Publishers see analytics on their package performance over time.
Users rate and review packages. Written reviews go through moderation before publishing. Verified purchase badge distinguishes reviews from actual users.
Publisher profiles display earned badges: Verified, Top Rated, Trending. Download stats and earnings tracking give creators visibility into their marketplace impact.
InstallHub automatically analyses every package's dependency graph before import begins — resolving order, detecting cycles, and identifying gaps before touching your data.
DependencyResolutionService builds a complete dependency graph from all package items — automatically, with no configuration required from the operator.
Topological sorting determines the exact sequence in which items must be imported. Dependents always arrive after the entities they depend on — no foreign key violations.
Cycle detection runs before import starts. Circular dependencies are flagged with a clear explanation of the cycle — operators can fix the package before any import attempt.
If a package references an entity that does not exist in the target system, InstallHub surfaces the gap before import starts — not mid-run when data is already partially modified.
The dependency graph is rendered in the import wizard — showing every entity, its dependencies, and the resolved import order — before the operator confirms the run.
Every package in InstallHub is fully versioned from creation to archive. Nothing is overwritten — every state is preserved.
All packages follow semantic versioning. Version numbers are enforced — no accidental overwriting of a released version with a draft.
Every version of every package is retained. Teams can browse, compare, or re-import any prior version without any special recovery procedure.
Each version carries its own release notes. Consumers understand exactly what changed before deciding to import a new version.
Packages progress through a defined lifecycle. Draft versions are invisible to importers until Released. Archived versions are preserved for audit but hidden from active discovery.
Multi-tenant isolation is enforced at the database layer — no configuration required. Every operation carries tenant context and is logged for compliance.
TenantID is applied as a query-level filter on every database operation. Cross-tenant data access is structurally impossible — not just configuration-dependent.
Every package asset — ZIP archives, exported files, backup snapshots — is fingerprinted with a SHA256 checksum. Integrity is verified at every import and restore.
All Cloudflare R2 download links are signed and expire after 60 minutes. No permanent public access to package files — every download requires a fresh authorised request.
Every package operation — export, import, version state change, marketplace approval, download — is written to an immutable audit log with actor, timestamp, and outcome.
No data is permanently destroyed on first delete. Soft delete preserves every record for recovery and audit. Hard purge is a separate privileged operation.
Marketplace publishing requires admin approval. No package reaches public discovery without an explicit review and sign-off from an authorised administrator.
InstallHub ships as three purpose-built applications — each scoped to a distinct user role with its own workflow and data access.
React, Zustand, React Query. Export wizard, import wizard, marketplace discovery and publishing, package management dashboard. The primary interface for data owners and integration engineers.
React. KPI dashboard with analytics, marketplace package approval, system configuration, audit log browser. Built for platform administrators overseeing the entire InstallHub estate.
Public-facing discovery interface. Browse featured and trending packages, search by category or publisher, download with signed URLs, and leave verified ratings and reviews.
Free to start as part of the BizFirstAi platform.