Grove · · 4 min read

Grove 1.2.1 — a rollback that actually explains itself

Grove 1.2.1 makes sandboxed writes legible: every agent-run migration or SQL statement now comes back with its blast radius — the SQL it ran, the mail it sent, and the metrics — so keeping or rolling back isn't a leap of faith.

Grove 1.2.1 — a rollback that actually explains itself

There's a small lie of omission in every "safe" undo button.

In Grove 1.1 we shipped something we were proud of: agent-safe write tools. You could let an AI assistant run a migration, and Grove would snapshot the database first and automatically roll back if anything went wrong. Safe. Reversible. The kind of thing that lets you finally say "yeah, go ahead, apply it."

But a good friend put their finger on the gap, and it stuck with us:

A rollback that can't tell you what a change touched is just a nicer undo button.

They were right. Snapshot-and-restore protects you from disaster, but it doesn't teach you anything. You run the migration, it works, you keep it — and you still have no idea that it quietly fired fourteen statements and tried to send an email from a seeder. The safety net had no dashboard.

Grove 1.2.1 adds the dashboard. Every sandboxed write now reports its own blast radius.

What changed

When you run grove_migrate_sandboxed or grove_sql_sandboxed, the result no longer stops at "success" and a schema diff. It now comes back with a chain — the SQL the operation actually ran, and any mail it sent, correlated to the exact window the operation occupied:

{
  "schema_diff": { "added_tables": ["invoices"] },
  "chain": {
    "queries": [
      "create table `invoices` (...)",
      "insert into `migrations` (`migration`, `batch`) values (...)"
    ],
    "emails": [],
    "metrics": { "query_count": 14, "email_count": 0, "duration_ms": 180 }
  },
  "rolled_back": false
}

Now the decision to keep or roll back isn't a leap of faith. You (or your assistant) can look at exactly what happened and then decide. The sandbox stopped being a nicer undo and became something you can actually reason about.

How it works — and why only Grove can do it cheaply

The trick is that Grove already sits in the middle of everything. In 1.1 we built a per-request causal chain — the ability to tie a request to the SQL and mail it produced, purely by time window, because Grove is the proxy and it owns the mail catcher and the database service. No app instrumentation. No Debugbar.

1.2.1 just generalizes that: we pulled the correlation logic out so it works for any time window, not only a request's. Then the sandbox does the obvious thing:

  1. It notes the moment right before it runs your migration.

  2. It runs it.

  3. It notes the moment right after.

  4. It asks Grove: "what SQL and mail happened in that window?"

Because Grove owns the MySQL service, it can even switch query capture on for the duration of the operation and quietly restore your previous setting afterward — so the blast radius is populated automatically, no flags to remember.

Under the hood that's one new IPC command, ChainForWindow, and a small refactor so the request causal chain and the sandbox blast radius share the exact same code. High-leverage, low-surface — the best kind of feature.

Try it

grove mcp --allow-write

Then ask your assistant to apply a migration, and watch it come back with the full story: the schema delta, the statements it ran, the mail it sent, the metrics. Prefer a pure dry run? Pass roll_back: true and Grove will run it, show you the blast radius, and roll back even on success — a rehearsal with the lights on.

One more thing: the updater got honest

While we were here, we fixed a papercut that had nothing to do with features and everything to do with trust. The macOS/Linux auto-updater had been building latest.json with GitHub API URLs, which are rate-limited to 60 requests an hour per IP — so in-place updates could intermittently fail with a 403 Forbidden. 1.2.1's release pipeline now rewrites those to the public, un-rate-limited download URLs, automatically, on every release. Updates just work.

(We also stopped shipping Intel-Mac builds. Apple Silicon and Linux are covered; Intel notarization was flaky and demand was near zero. If you're on an Intel Mac, building from source still works.

The quiet theme

1.1 was about giving your local environment to your AI safely. 1.2.1 is about making that safety legible — so "safe" doesn't mean "opaque." A snapshot protects you; the causal chain teaches you. Now the sandbox does both.

Grove auto-updates in place, or grab it from the 1.2.1 release. The core is, and stays, free and open source. 🌱