resource bumpgrade://features
Expose feature IDs, statuses, issues, evidence, and agent-contract notes.
Backed by/features/source-data
SafetyRead-only; feature status changes still happen through issue/PR/admin workflows.
resource bumpgrade://roadmap
Expose roadmap lanes, public evidence, blockers, and next milestones.
Backed by/roadmap/source-data
SafetyRead-only until a confirmed roadmap update API exists.
resource bumpgrade://importers
Expose importer platform IDs, competitor mappings, input kinds, platform-specific source checklists, export match templates, preflight signal labels, redacted sourceChecklistReview maps, exportFileAnalysis fields, platformExportMatches, private structured import-record contracts, safe extractedFields plans, subscriberImportDepth metadata, subscriberImportPreflight actions, subscriberImportCreation actions, subscriberAudiencePromotion actions, owner-only privateSubscriberRecords inspection rules, owner-only subscriberPrivateExport actions, private record review routes, review-action routes, extracted-field edit actions, saved private plan parts, duplicate-review statuses, rollback routes, limitations, and safety gates.
Backed by/imports/source-data
SafetyRead-only; public export parsing returns redacted structure only. Public source-data exposes the importRecords, extractedFields, subscriberImportDepth, subscriberImportPreflight, subscriberImportCreation, subscriberAudiencePromotion, owner-only privateSubscriberRecords inspection contracts, and owner-only subscriberPrivateExport contracts but not private record content, raw values, or private subscriber emails. Confirmed promotion creates imported-pending audience review rows only; confirmed private subscriber export returns contact values only in a same-owner CSV download. No raw public export storage, public publishing, checkout migration, consent event creation, sequence enrollment, subscriber send, public export, domain, fulfillment, or account-to-account transfer may be performed by this resource.
resource bumpgrade://commerce
Expose redacted commerce architecture, sandbox checkout status, referral attribution evidence, and billing write rules.
Backed by/commerce/source-data
SafetyNo live billing, commission write, payout mutation, or destructive action may be performed by this resource.
resource bumpgrade://pricing-policy
Expose pricing plans, logged-out anonymous structured playground state, browser-recovery save limits, anonymous cleanup controls including the scheduled trigger, signed-in Free Build workspace state, and paid go-live gates.
Backed by/pricing/source-data
SafetyRead-only pricing resource; anonymous structured playground saves are browser-scoped and rate-limited per browser recovery workspace, cleanup is owner-gated or scheduled and redacted, claim creates or reuses the verified account's Free Build workspace and adds private draft work plus private claim records, signed-in Free Build workspace creation uses authenticated account setup APIs, and public publishing, live checkout, subscriber sends, domains, and fulfillment remain behind paid entitlement.
resource bumpgrade://anonymous-playground
Expose the logged-out structured playground recovery, save-limit, claim, owner-gated cleanup, scheduled cleanup, private claim-record, redaction, retention, and go-live gate contract.
Backed by/playground/source-data
SafetyNo public publishing, billing mutation, subscriber send, domain reservation, fulfillment, private claim-record disclosure, expired draft disclosure, cleanup actor disclosure, cookie disclosure, or token-hash disclosure may be performed from this resource.
resource bumpgrade://content-surfaces
Expose personas, resource records, pricing caveats, and content-surface issue evidence.
Backed by/content/source-data
SafetyRead-only; public resource and pricing claims still require source evidence or shipped product proof.
resource bumpgrade://funnels
Expose seeded funnel, published D1 funnels, ordered steps, blocks, reusable templates including webinar/resource page shapes, block templates, owner-gated draft duplication capability, owner-gated block-edit capability, owner-gated visual block style capability, owner-gated bounded canvas layout capability, owner-gated block add/remove capability, owner-gated block reorder capability, owner-gated cross-step block move capability, owner-gated archive/unpublish capability, owner-gated archived-draft purge capability, owner-gated bulk archived-draft purge capability, checkout-link capability, checkout-unlink capability, resource-delivery-link capability, public and owner-session agent funnel resource delivery token capability, webinar-event-link capability, public funnel checkout-start capability, revision IDs, owner-gated draft capability, and write-safety boundaries.
Backed by/funnels/source-data
SafetyPublic resource stays read-only; published linked checkout blocks can render the sandbox checkout start surface, published resource-linked blocks can render entitlement-safe product access references and mint funnel-scoped private download tokens only after checkout intent and entitlement scope match, published webinar-linked blocks can render external event/replay references, and owner-session draft create/seed/template-create/duplicate/update/reorder/block-edit/block-style/block-canvas-layout/block-add/block-remove/block-reorder/block-cross-step-move/checkout-link/checkout-unlink/resource-delivery-link/webinar-event-link/archive/purge/bulk-purge, drag/drop block placement through existing move modes, webinar/resource template-to-draft, private preview, exact-confirmed publish, exact-confirmed archive/unpublish, exact-confirmed archived-draft purge, and exact-confirmed bulk archived-draft purge exist in admin UI. The owner-session /api/agent/funnels/draft-writes JSON API now allows direct agent-safe block copy edits, curated visual style presets, bounded canvas layouts, reusable block add/remove, checkout-offer linking, checkout unlinking, resource-delivery linking, webinar-event linking, block reordering, cross-step block moves, private draft duplication, public publishing, archive/unpublish, archived-draft purge, and bulk archived-draft purge after exact confirmation, idempotency, current revision or per-target archived revisions, and audit correlation checks. The owner-session /api/agent/funnels/resource-delivery-tokens API can create a funnel-scoped resource delivery token for a published linked resource block after exact confirmation, idempotency, current published revision, checkout intent, entitlement, and audit correlation checks, with replays redacted because raw tokens are not stored. Agent style writes store only curated style IDs, agent canvas layout writes store only bounded numbers, and both preserve block metadata. Direct agent publishing creates a public route mutation with archive-draft rollback and no billing mutation. Direct agent archived purge and bulk archived-draft purge record tombstones first and do not delete audit rows, product assets, R2 objects, buyer records, or billing state. Direct agent template creation, unauthenticated public agent-created delivery tokens, non-archived purge, unauthenticated public agent publishing, live billing, live webinar scheduling, attendance tracking, replay hosting, arbitrary uploaded private asset delivery, signed URLs, live fulfillment automation, and unbounded arbitrary CSS/script layout editing require future confirmed-write contracts.
resource bumpgrade://checkout-offers
Expose seeded checkout offer stack, primary offer, constrained order bump, optional referral attribution evidence, upsell, downsell, aggregate post-purchase decision evidence, aggregate owner product delivery-gate counts, revision IDs, and billing boundaries.
Backed by/offers/source-data
SafetyRead-only for agents; the public UI can start a sandbox checkout only after exact confirmation and can record non-billing follow-up decisions after trusted checkout state, while owner product delivery-gate writes require owner auth and live billing, offer writes, fulfillment, commission writes, and post-purchase charges require confirmed-write contracts.
resource bumpgrade://product-access
Expose seeded products, assets, access rules, entitlement templates, payment-plan records, revision IDs, aggregate owner-entitlement inspection counts, aggregate owner-created product, test checkout, delivery-gate, and test grant counts, customer-safe checkout intent lookup, short-lived private R2-backed download-token boundaries with redemption revalidation, owner-confirmed private asset upload-intent boundaries, owner-created product test checkout and offer/access grant boundaries, owner-created product delivery-gate boundaries, owner-confirmed non-destructive revocation intent boundaries, protected content readiness, and fulfillment boundaries.
Backed by/products/source-data
SafetyRead-mostly for public agents; payment-plan records are seeded read semantics without live amounts, Stripe Price creation, Checkout Sessions, customer records, or provider IDs. Customer lookup requires a checkout intent reference and redacts buyer/provider/private asset data. Token delivery streams only the seeded fixture through Bumpgrade. Owner product creation, owner-created product test checkout links, owner-created product delivery-gate links, and owner-created product test grants require owner auth, exact confirmation, idempotency, stale-state checks where applicable, and redaction. Owner-upload intents require owner auth, exact confirmation, idempotency, catalog revision checks, and redaction. Owner revocation intents require owner auth, exact confirmation, idempotency, current entitlement status checks, and redaction, but still do not mutate entitlement state. Protected-content records remain constrained to checkout-scoped fixture delivery; customer delivery of arbitrary uploads, real protected body delivery, subscription access changes, destructive revocation, live offer/funnel publishing, live charges, and fulfillment actions remain unavailable.
resource bumpgrade://audience-automation
Expose seeded opt-in forms, lead magnets, tags, segments, sequences, broadcasts, automation rules, aggregate subscriber inspection counts, aggregate suppression counts, aggregate CRM timeline counts, aggregate sequence delivery readiness from issue #351, dry-run sequence schedule intent counts from issue #354, dry-run sequence delivery-batch counts from issue #358, dry-run sequence queue-message counts from issue #360, dry-run sequence dispatch preflight counts from issue #362, dry-run sequence dispatch attempt receipt counts from issue #364, sequence Queue producer readiness counts from issue #366, sequence Queue consumer readiness counts from issue #368, sequence provider-call readiness counts from issue #370, sequence delivery-attempt readiness counts from issue #372, sequence delivery-result readiness counts from issue #374, sequence delivery-status webhook readiness counts from issue #376, sequence provider-polling readiness counts from issue #378, sequence receipt-payload readiness counts from issue #380, broadcast readiness counts, dry-run broadcast schedule intent counts, preview/footer safety records, queue readiness records, delivery-batch dry runs, queue-message dry runs, dispatch preflight dry runs, dispatch attempt receipts, sender-domain readiness gates, provider-event readiness gates, provider rate-limit readiness gates, provider response readiness gates, send-payload readiness gates, Queue producer readiness gates, Queue consumer readiness gates, provider-call readiness gates, delivery-attempt readiness gates, delivery-result readiness gates, delivery-status webhook readiness gates, provider-polling readiness gates, receipt-payload readiness gates, owner-confirmed import intent evidence, owner-confirmed import preflight evidence, aggregate audience export readiness from issue #347, redaction flags, consent boundaries, unsubscribe boundaries, owner-note boundaries, and owner sequence-schedule/sequence-delivery-batch/sequence-queue-message/sequence-dispatch-preflight/sequence-dispatch-attempt/sequence-Queue-producer-readiness/sequence-Queue-consumer-readiness/sequence-provider-call-readiness/sequence-delivery-attempt-readiness/sequence-delivery-result-readiness/sequence-delivery-status-webhook-readiness/sequence-provider-polling-readiness/sequence-receipt-payload-readiness/broadcast-schedule/delivery-batch/queue-message/dispatch-preflight/dispatch-attempt/import-intent/import-preflight boundaries.
Backed by/audience/source-data
SafetySeeded public opt-in capture, public-safe unsubscribe/suppression evidence, owner-gated subscriber inspection, owner-only CRM notes, aggregate sequence delivery readiness, owner-confirmed dry-run sequence schedule intents, owner-confirmed dry-run sequence delivery batches, owner-confirmed dry-run sequence queue-message evidence, owner-confirmed dry-run sequence dispatch preflight evidence, owner-confirmed dry-run sequence dispatch attempt receipts, owner-reviewed sequence Queue producer readiness, owner-reviewed sequence Queue consumer readiness, owner-reviewed sequence provider-call readiness, owner-reviewed sequence delivery-attempt readiness, owner-reviewed sequence delivery-result readiness, owner-reviewed sequence delivery-status webhook readiness, owner-reviewed sequence provider-polling readiness, owner-reviewed sequence receipt-payload readiness, read-only broadcast readiness, preview/footer safety, queue readiness, sender-domain readiness, provider-event readiness, provider rate-limit readiness, provider response readiness, send-payload readiness, Queue producer readiness, Queue consumer readiness, provider-call readiness, delivery-attempt readiness, delivery-result readiness, delivery-status webhook readiness, provider-polling readiness, receipt-payload readiness, owner-confirmed dry-run broadcast schedule intents, owner-confirmed delivery-batch dry runs, owner-confirmed queue-message dry runs, owner-confirmed dispatch preflight dry runs, owner-confirmed dispatch attempt receipts, owner-confirmed import intents, owner-confirmed import preflights, and aggregate export readiness are live; real imports, raw contact row storage, subscriber creation from imports, real sequence scheduling, real sends, private DNS/provider setup, provider webhooks, Cloudflare Queue dispatch, Queue producer execution, Queue consumer execution, Queue message consumption or acknowledgements, queue payload bodies, delivery queue rows, retry/dead-letter rows, provider calls, delivery attempts, delivery results, webhooks, webhook payloads, provider polling, provider polling payloads, polling results, receipt payloads, delivery receipts, recipient payloads, personalized bodies, body templates, unsubscribe URLs, provider responses, provider message IDs, private exports, export files, export URLs, CRM automation, and direct public agent subscriber writes require confirmed-write contracts.
resource bumpgrade://analytics-experiments
Expose seeded event taxonomy, browser-side page-view beacon boundaries, public-safe custom routing rules, seeded sandbox funnel copy routing, owner-confirmed winner rollout evidence, dashboard-visible aggregate source attribution rows, fixed time-window metadata, aggregate event counts, aggregate source attribution counts, aggregate variant event counts, aggregate assignment counts, aggregate conversion report rows, aggregate report export metadata, owner-reviewed cohort comparison evidence, owner-reviewed alert threshold/anomaly-review evidence, owner-reviewed notification delivery readiness evidence, owner-confirmed notification inbox records, owner-confirmed dispatch preflight evidence, owner-reviewed notification delivery-status webhook readiness evidence, owner-reviewed notification provider-polling readiness evidence, owner-reviewed notification receipt-payload readiness evidence, owner-reviewed notification delivery-receipt readiness evidence, owner-reviewed notification provider-status reconciliation readiness evidence, owner-confirmed experiment decision evidence, metric formulas, experiment variants, assignment rules, and sample-size caveats.
Backed by/analytics/source-data
SafetySeeded event capture, browser-side page-view beacons with deterministic variant evidence and normalized source attribution, deterministic assignment, public-safe custom source/campaign routing rules, seeded sandbox funnel copy routing, owner-confirmed winner rollout and rollback evidence, dashboard-visible fixed-window aggregate source rows, aggregate conversion reporting, aggregate report export metadata, owner-reviewed cohort comparison evidence, owner-reviewed alert threshold/anomaly-review evidence, owner-reviewed notification delivery readiness evidence, owner-confirmed notification inbox records, owner-confirmed dispatch preflight evidence, staged notification readiness through provider-status reconciliation evidence, and owner-confirmed decision evidence are live; cookie assignment, raw visitor tracking, raw referrer/query reporting, raw routing URL storage, raw analytics exports, contact analytics, automated alert sends, owner email sends, provider sends, provider calls, delivery attempts, delivery results, delivery status webhooks, status webhooks, provider polling, receipt payload capture, delivery receipt creation, provider status reconciliation, queue dispatch, customer alerts, custom events beyond the seeded boundary, and public decision writes require confirmed-write contracts.
resource bumpgrade://analytics-winner-rollouts
Expose owner-confirmed analytics winner rollout and rollback evidence from issue #422.
Backed by/analytics/source-data
SafetyThis resource reads aggregate winner rollout counts, active rollout public metadata, selected treatment variant IDs, current rollout revisions, selected fixed windows, sample-size caveats, and redaction flags only. It must not expose raw event rows, raw assignment rows, visitor keys, contact analytics, raw routing URLs, private notes, actor emails, actor hashes, raw/private exports, provider sends, Queue execution, public agent writes, or revenue claims.
resource bumpgrade://analytics-report-exports
Expose aggregate analytics report export metadata, fixture cohort comparison definitions, and owner-reviewed cohort comparison evidence from issues #263 and #265.
Backed by/analytics/source-data
SafetyThis resource reads aggregate report sections, selected fixed windows, sample-size caveats, and redaction flags only. It must not expose raw analytics event rows, raw experiment assignment rows, visitor keys, contact analytics, raw referrer URLs, raw query strings, private notes, traffic routing, automated winners, or revenue claims.
resource bumpgrade://analytics-alert-reviews
Expose owner-reviewed alert threshold and anomaly-review evidence from issue #267.
Backed by/analytics/source-data
SafetyThis resource reads aggregate threshold review prompts, selected fixed windows, sample-size caveats, owner review state, and redaction flags only. It must not expose raw analytics rows, visitor keys, contact analytics, raw referrer URLs, raw query strings, private notes, customer alerts, traffic routing, automated winners, or revenue claims.
resource bumpgrade://analytics-notification-readiness
Expose owner-reviewed analytics notification delivery readiness evidence from issue #269.
Backed by/analytics/source-data
SafetyThis resource reads future owner-notification readiness, channel metadata, dependency IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not send alerts, write inbox rows, expose recipients, expose email bodies, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-inbox-records
Expose owner-confirmed analytics notification inbox record evidence from issue #271.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification inbox record counts, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not expose recipients, expose email bodies, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-dispatch-preflights
Expose owner-confirmed analytics notification dispatch preflight evidence from issue #284.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification dispatch preflight counts, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not expose recipients, expose email bodies, expose provider message IDs, expose queue payloads, dispatch queues, send email, call providers, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-provider-domain-readiness
Expose owner-reviewed analytics notification provider/domain readiness evidence from issue #286.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification provider/domain readiness counts, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not configure providers, store provider secrets, store sender credentials, expose private DNS credentials, verify sender domains, expose recipients, expose email bodies, expose provider message IDs, expose queue payloads, dispatch queues, send email, call providers, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-content-consent-readiness
Expose owner-reviewed analytics notification content/consent readiness evidence from issue #288.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification content/consent readiness counts, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not expose body templates, expose unsubscribe URLs, expose recipients, expose email bodies, expose provider message IDs, expose queue payloads, dispatch queues, send email, call providers, configure providers, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-send-payload-readiness
Expose owner-reviewed analytics notification send-payload readiness evidence from issue #290.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification send-payload readiness counts, content/consent readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, expose provider responses, expose provider message IDs, create queue messages, expose queue payloads, dispatch queues, send email, call providers, configure providers, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-queue-producer-readiness
Expose owner-reviewed analytics notification queue-producer readiness evidence from issue #292.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification queue-producer readiness counts, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable Queue producers, create Queue messages, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, expose provider responses, expose provider message IDs, dispatch queues, send email, call providers, configure providers, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-queue-consumer-readiness
Expose owner-reviewed analytics notification queue-consumer readiness evidence from issue #294.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification queue-consumer readiness counts, queue-producer readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, expose provider responses, expose provider message IDs, dispatch queues, send email, call providers, configure providers, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-provider-call-readiness
Expose owner-reviewed analytics notification provider-call readiness evidence from issue #297.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification provider-call readiness counts, queue-consumer readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, configure providers, create provider responses, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, expose provider message IDs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-delivery-attempt-readiness
Expose owner-reviewed analytics notification delivery-attempt readiness evidence from issue #299.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification delivery-attempt readiness counts, provider-call readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, configure providers, create provider responses, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, expose provider message IDs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-delivery-result-readiness
Expose owner-reviewed analytics notification delivery-result readiness evidence from issue #301.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification delivery-result readiness counts, delivery-attempt readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, create delivery results, create delivery receipts, expose receipt payloads, process status webhooks, poll providers, configure providers, create provider responses, expose provider message IDs, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-delivery-status-webhook-readiness
Expose owner-reviewed analytics notification delivery-status webhook readiness evidence from issue #303.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification delivery-status webhook readiness counts, delivery-result readiness IDs, delivery-attempt readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, create delivery results, process delivery-status webhooks, create delivery receipts, expose receipt payloads, process status webhooks, poll providers, configure providers, create provider responses, expose provider message IDs, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-provider-polling-readiness
Expose owner-reviewed analytics notification provider-polling readiness evidence from issue #305.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification provider-polling readiness counts, delivery-status-webhook readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, create delivery results, process delivery-status webhooks, poll providers, create delivery receipts, expose receipt payloads, process status webhooks, configure providers, create provider responses, expose provider message IDs, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-receipt-payload-readiness
Expose owner-reviewed analytics notification receipt-payload readiness evidence from issue #307.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification receipt-payload readiness counts, provider-polling readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, create delivery results, process delivery-status webhooks, poll providers, create delivery receipts, expose receipt payloads, process status webhooks, configure providers, create provider responses, expose provider message IDs, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-delivery-receipt-readiness
Expose owner-reviewed analytics notification delivery-receipt readiness evidence from issue #309.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification delivery-receipt readiness counts, receipt-payload readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, create delivery results, process delivery-status webhooks, poll providers, create delivery receipts, expose receipt payloads, process status webhooks, configure providers, create provider responses, expose provider message IDs, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://analytics-notification-provider-status-reconciliation-readiness
Expose owner-reviewed analytics notification provider-status reconciliation readiness evidence from issue #311.
Backed by/analytics/source-data
SafetyThis resource reads aggregate owner-notification provider-status reconciliation readiness counts, delivery-receipt readiness IDs, send-payload readiness IDs, provider/domain readiness IDs, dispatch preflight IDs, inbox record IDs, readiness IDs, channel IDs, selected fixed windows, sample-size caveats, and redaction flags only. It must not enable provider sends or calls, attempt delivery, create delivery results, process delivery-status webhooks, poll providers, process delivery receipts, ingest receipt payloads, reconcile provider statuses, expose provider responses, expose provider message IDs, store provider secrets, store sender credentials, expose private DNS credentials, enable Queue producers, enable Queue consumers, create Queue messages, consume Queue messages, acknowledge Queue messages, create retry/dead-letter rows, read Queue payload bodies, create Queue payload bodies, expose queue payloads, expose recipients, create recipient payloads, create personalized bodies, store raw payload bodies, expose email bodies, expose body templates, expose unsubscribe URLs, dispatch queues, send email, alert customers, route traffic, select winners, or make revenue claims.
resource bumpgrade://affiliate-referrals
Expose seeded affiliate programs, partner records, referral links, public-safe partner reports, public-safe partner portal status pages, public-safe partner statement snapshots, read-only payout preparation, owner-confirmed payout preparation records, owner-reviewed fraud review records, owner-confirmed fraud enforcement records, owner-reviewed partner notification readiness records, owner-reviewed partner notification send preflight records, owner-reviewed notification provider readiness records, aggregate click counts, checkout attribution evidence, attribution rules, commission fixtures, payout review, and fraud flags.
Backed by/affiliates/source-data
SafetySeeded referral click capture, checkout attribution evidence, review-only commission evidence, owner review actions, public-safe partner reports, public-safe partner portal status pages, public-safe partner statement snapshots, read-only payout preparation, owner-confirmed payout preparation records, owner-reviewed fraud review records, owner-confirmed fraud enforcement records, owner-reviewed partner notification readiness records, owner-reviewed partner notification send preflight records, and owner-reviewed notification provider readiness records are live; buyer attribution finalization, payable statement creation, payable commission writes, tax handling, payout account access, partner notification sends, provider-send enablement, provider configuration, provider secret storage, provider calls, send payload creation, queue dispatch, and Stripe payouts require confirmed-write contracts.
resource bumpgrade://publisher-account
Expose paid publisher tenant, Bumpgrade subdomain setup, custom-domain DNS onboarding, and publisher-site auth boundaries from issues #221, #222, #223, and #224.
Backed by/account/source-data
SafetyRead-only MCP resource for setup policy; reserving a subdomain or starting custom-domain onboarding requires authenticated publisher context, active paid-plan entitlement, idempotency, audit correlation, DNS verification state, and redaction. Shared Bumpgrade identity never bypasses tenant-scoped access checks.
resource bumpgrade://mobile-admin
Expose the shared iOS and Android mobile admin plan, jobs, API dependencies, and confirmed-write boundaries.
Backed by/mobile-admin/source-data
SafetyRead-only; mobile writes require a future confirmed-write action API and authenticated actor.
resource bumpgrade://mobile-admin/dashboard
Expose the public-safe mobile dashboard digest, including the redacted Director workstream brief, that iOS, Android, web, and agents can share.
Backed by/mobile-admin/dashboard/source-data
SafetyRead-only; no private admin rows, raw attention bodies, raw work-log bodies, write tokens, R2 object keys, signed URLs, or secret values.
resource bumpgrade://mobile-admin/ios
Expose the first iOS app slice, simulator smoke command, fixture path, and screenshot evidence.
Backed by/mobile-admin/ios/source-data
SafetyRead-only; native mobile writes and private account data remain unavailable.