The Complete Forms Runtime & Inbox Workflow Engine.
Stop rebuilding form handlers, spam filters, and admin inboxes for every project. Drop in a production-ready Go microservice that handles dynamic JSON Schema forms, direct-to-cloud uploads, CAPTCHA, multi-tenant inbox workflows with assignments and integrations — accessible via REST, gRPC, and native MCP server.
The Problem: “Just Add a Contact Form” Never Stays Simple
Every SaaS starts with a simple form endpoint. Three months later, you are drowning in scope creep: Can we validate fields server-side? We need file uploads. Marketing wants a different form per landing page. Support needs an inbox to triage submissions. Legal requires GDPR export tools. The CEO wants spam filtering. Building all of this from scratch costs engineering months you do not have.
The Solution: A Platform-Grade Forms & Inbox Engine
The Launch Rail Submissions Service provides the entire form lifecycle out of the box. A public edge API lets untrusted clients embed forms anywhere using a publishable key. An admin API gives your operations team a powerful inbox with search, assignment, status workflows, internal comments, webhook integrations, and compliance-ready export tooling — all multi-tenant from day one.
Core Capabilities Out-of-the-Box
From public form rendering to admin inbox triage — every piece is production-ready.
Dynamic JSON Schema Forms
Define form fields, validation rules, and UI hints entirely from the server. Publish versioned configurations and your frontend renders the right form automatically — no redeployment needed.
Direct-to-Cloud File Uploads
Generate pre-signed URLs for secure, direct-to-S3 uploads. Clients upload file bytes without touching your backend, then finalize to trigger antivirus scanning and link attachments to submissions.
Intelligent Spam Defense
Plug in reCAPTCHA v3, Turnstile, or hCaptcha with a single config toggle. Submissions exceeding the quarantine threshold are held for review — not silently dropped.
Full Inbox Workflow
Track every submission through a lifecycle: New, In Progress, Done, Spam, Quarantined, Archived. Assign owners, attach labels, leave internal comments, and trigger integrations at each transition.
Architectural Superpowers: Secure & Extensible
Two isolated API surfaces, real-time streaming, versioned configurations, pluggable integrations, and privacy tooling that satisfies compliance from day one.
Live Inbox Metrics & Streaming
Power your dashboard with instant inbox counts via a REST snapshot, then subscribe to a server-streaming ConnectRPC endpoint that pushes live metric updates over HTTP/2 whenever a submission changes state.
GetInboxMetrics
GET /v1/admin/submissions/metricsReturns a snapshot of inbox counts — total new, in-progress, done, spam, quarantined. Ideal for initial dashboard loads and polling fallback.
WatchInboxMetrics
stream WatchInboxMetricsResponseServer-streaming ConnectRPC endpoint. Subscribe once and receive pushed metric payloads over a persistent HTTP/2 connection whenever submission state changes.
Dual API Surface
Public edge API for untrusted clients (no auth — identify by public_key or slug) and a separate Admin API behind RBAC. Tenant isolation at every layer.
Versioned Form Configs
Every schema change creates a new FormVersion. Publish when ready, roll back if needed. Submissions are permanently linked to the version that validated them.
Pluggable Integrations
Attach Webhooks, Email, Slack, or Ticket actions to any form version. Each has its own retry policy with exponential backoff, jitter, and full debug logs.
GDPR & DSAR Built-In
Delete submissions by identity_id, email, or phone. Configurable data retention per form. Async CSV/JSON exports with signed download URLs.
Developer Experience: Extend with Absolute Confidence
When you own the source code, reliability is everything. Submissions is built to be customized safely.
Idempotent by Design
Every public submission accepts an idempotency_key. Network drops, client retries, and double-clicks are safely deduplicated — the server returns the existing submission instead of creating a duplicate.
Pre-Instrumented Observability
Ships with native OpenTelemetry tracing and structured slog logging. Trace a submission from the edge gateway through spam scoring, schema validation, and webhook dispatch.
Async Export Engine
Trigger exports spanning thousands of submissions without blocking your admin UI. Poll the ExportJob status, then download a signed CSV or JSON archive when it is ready.
Comprehensive Audit Trail
Every form change, status transition, assignment, and comment is recorded in a queryable audit log. Filter by actor, resource, event type, and time range for full compliance visibility.
AI Agents Talk to Submissions Natively
Every Launch Rail service ships with a built-in MCP server. Your AI agents can discover tools, read resources, and execute actions—no wrappers, no custom integrations.
MCP Tools
Actions agents can execute
submit_formSubmit a payload to a public form with validation and spam scoring
search_submissionsQuery the inbox with status, assignee, label, and full-text filters
update_statusTransition a submission through workflow stages (New, In Progress, Done, Spam)
assign_submissionDelegate a submission to a specific team member or operator
MCP Resources
Data agents can read
submissions://forms/{id}Form definition with active schema, versions, and integration config
submissions://submissions/{id}Full submission with payload, attachments, status, and audit history
submissions://forms/{id}/inboxPaginated inbox view of all submissions for a specific form
In Practice
What this looks like
“Find all unassigned submissions marked as quarantined on the Enterprise Contact form and assign them to the Tier 2 support team”
Calls search_submissions with status=QUARANTINED, assignee_id=empty, form=Enterprise Contact. Returns 12 results. Calls bulk_assign to delegate all to Tier 2 operator. Confirms assignment complete.
Real-World Value: Submissions in Action
See how teams across industries use Submissions to ship faster, reduce costs, and deliver enterprise-grade experiences from day one.
Enterprise Lead Capture & Routing
Embed dynamic contact forms on marketing pages using the public edge API. Submissions flow into a shared inbox where sales ops assign leads by territory, attach labels like 'Enterprise' or 'SMB', and trigger Slack notifications on high-value entries.
Patient Intake & Document Collection
Render HIPAA-compliant intake forms with JSON Schema validation. Patients upload insurance cards and lab results via direct-to-cloud pre-signed URLs. Attachments pass through antivirus scanning before clinical staff can review them in the admin inbox.
Customer Support Inbox
Capture support requests with order metadata linkage. The admin inbox lets agents search by order_id, assign tickets, leave internal comments, and transition submissions through resolution workflows — with webhook-triggered email confirmations at each step.
KYC Document Submission
Collect identity documents with strict file type validation and size limits. Quarantine suspicious uploads automatically. Use DSAR tooling to purge all submissions by email or identity_id when a customer exercises their right to erasure.
Why Buy the License? (The ROI)
Building a secure multi-tenant forms engine with JSON Schema validation, cloud uploads, spam defense, a full admin inbox with assignments, integrations, and GDPR export tooling takes a dedicated team 3+ months.
Buy the Launch Rail Submissions module today and get the complete, production-ready Go codebase.
K8s Ready
Deploy to Kubernetes or Cloud Run with provided configs.
Total Compliance
DSAR purge tools, audit trails, and configurable retention built in.
Native Ecosystem
Seamlessly connect to Identity, Notifications, and other Launch Rail modules.