Skip to main content

Blueprint Sep–Dec 2025 — Introducing Foundation, flexible UI, faster DX

· 3 min read
Matthew M
Matthew M
Blueprint Lead
Alison Y
Alison Y
Software Engineer
João R
João R
Software Engineer
Maxime D
Maxime D
Software Engineer
Michal W
Michal W
Software Engineer

Happy New Year from the Blueprint team! 🎉

This quarter brought some big architectural changes — a consolidated Foundation app and a shift toward tooling agnosticism — alongside important security updates.

An unopinionated foundation

We've consolidated our multi-region app architecture into a single Foundation app. Previously, we maintained separate consumer site apps for each region (GB, FR, IT, etc.) to showcase features with their correct API endpoints, leading to duplicated code and maintenance overhead. Foundation is a tooling-agnostic, production-ready consumer site configurable for any region and Kraken endpoint via environment variables and app.config.ts.

As part of the consolidation, we have migrated our UI layer to Radix UI, a mature, open-source design system that provides accessible, unstyled primitives. This shift gives Blueprint greater flexibility and aligns with our tooling-agnostic philosophy — teams can now build on a well-maintained, community-driven foundation with comprehensive component coverage and excellent TypeScript support.

As part of this shift, we've removed opinionated third-party integrations — Storyblok (CMS) and Google Analytics (tracking) are no longer bundled. Teams can now bring their own CMS and analytics solutions without having to rip out our defaults first.

Next up, we're prototyping a UI abstraction layer for true agnosticism — a "bring your own stack" model — and we're also exploring Kraken CMS integration. 👀 More on this later in the year!

Fun fact

The name "Foundation" draws inspiration from Isaac Asimov's classic sci-fi series — we thought it was a perfect fit for a flexible, forward-thinking framework that empowers teams to build their own futures. 📚

Under the hood

Auth improvements:

The auth middleware now handles MWRefreshToken cookies for mobile webview sessions, and SessionState includes a new isScopedSession flag for magic-link or pre-signed-key sessions. We also added structured logging via BP_AUTH_LOG_LEVEL for easier debugging.

Bundling and compatibility:

All packages now use tsdown's unbundle mode, so proper tree-shaking actually works. If you've noticed larger-than-expected bundles, a fresh pnpm install should help.

Security updates:

  • Upgraded Next.js peer dependencies to 15.5.7 and 15.5.9 to address critical security vulnerabilities
  • Bumped @sentry/nextjs to v10.27.0 to fix known vulnerabilities
  • Login responses now redact error details that could help bad actors probe for valid accounts

Fresh coat of paint

We've given our homepage a refresh to better communicate what Blueprint is and what we offer. Take a look!

Blueprint homepage hero Our new homepage hero, highlighting our core value propositions.

Getting started with Blueprint Getting up and running with Blueprint is faster than ever.

Thanks for reading

Questions, feedback, or want a pairing session? Drop us a message in #ext-oe-blueprint-feedback — we're always happy to help.

We're still updating our docs to reflect all these changes — if you spot anything out of place, let us know! 🙌