/features/source-data
Bumpgrade feature status, audience, expected capabilities, issue ownership, and agent contract notes.
Stable IDsfeatureId, issue
Volatile claimsFeature records must not be described as live unless status is live and issue/PR evidence supports it.
/roadmap/source-data
Public roadmap item status, blocker notes, next milestones, issue links, and public evidence.
Stable IDsroadmapItemId, featureId, issue
Volatile claimsRoadmap lane changes should come from merged issue work or explicit admin updates.
/compare/source-data
Competitor records, official source URLs, retrieval dates, SEO targets, and caveats.
Stable IDscompetitorId, sourceId, seoTargetId
Volatile claimsPricing, packaging, integrations, and feature availability require a fresh source refresh before citation.
/agent-docs/project-source-data
Public-safe admin roadmap, work-log, user-journey, and owner-attention records.
Stable IDsworkLogEntryId, userJourneyId, markAttentionId, roadmapItemId
Volatile claimsPrivate notes and owner-only decisions stay behind Better Auth or approved scripts.
/agent-docs/director-status-source-data
Director workstream rollups, briefing controls, executive queue lanes, and recent-change digests.
Stable IDsdirectorWorkstreamId, directorWindowId, directorQueueLaneId, directorBriefingControlId
Volatile claimsDirector rollups are summaries of public-safe admin records; raw private rows stay behind owner auth.
/agent-docs/project-roadmap-source-data
Owner-maintained roadmap records, status counts, issue links, PR links, and evidence links.
Stable IDsroadmapItemId, featureId, issue
Volatile claimsRoadmap status changes should come from merged issue work or explicit admin updates.
/agent-docs/project-work-log-source-data
Public-safe work-log entries for substantive agent work, shipped features, validations, and surface updates.
Stable IDsworkLogEntryId, roadmapItemId, featureId
Volatile claimsWork-log entries are audit evidence, not proof that a feature is live without issue, PR, and deploy context.
/agent-docs/user-journey-source-data
Named user journeys, owner/user goals, expected paths, edge cases, and evidence links.
Stable IDsuserJourneyId, featureId, roadmapItemId
Volatile claimsJourneys describe intended product paths and should be checked against live route evidence before public claims.
/agent-docs/owner-attention-source-data
Public-safe owner-attention summaries, blocker flags, due timing, and related issue or PR links.
Stable IDsmarkAttentionId, roadmapItemId, featureId
Volatile claimsOwner-attention summaries are coordination state and must not expose raw private notes or inbox bodies.
/commerce/source-data
Redacted commerce architecture, sandbox checkout offer, referral attribution evidence, review-only commission ledger evidence, owner review action boundaries, non-billing post-purchase decision evidence, payment tables, webhook rules, and billing write safety.
Stable IDsproductId, priceId, checkoutIntentId, referralClickId, referralAttributionId, commissionReviewActionId, reviewOnlyCommissionLedgerId, postPurchaseDecisionId, auditCorrelationId
Volatile claimsLive payment capability, one-click post-purchase charging, fulfillment, and payable commission state are not enabled until separate rollout and webhook smoke evidence prove them.
/pricing/source-data
Bumpgrade account-plan pricing, logged-out anonymous playground status, signed-in Free Build workspace status, paid go-live gates, setup add-on, and redaction policy.
Stable IDsfree-build-before-go-live, freeBuildCapabilityId, paidGoLiveGateId, pricingPlanSlug
Volatile claimsAnonymous playground persistence, browser-recovery save limits, owner-gated and scheduled cleanup controls, additive claim-to-private-draft and private claim-record creation, and signed-in Free Build workspace creation are live; paid go-live actions still require entitlement and confirmation.
/playground/source-data
Browser-scoped logged-out structured playground recovery, save route, save-limit policy, claim route, additive claim merge policy, owner-gated cleanup route, scheduled cleanup trigger, private draft creation, private claim-record creation, cookie and retention boundaries, redaction policy, and paid go-live gates.
Stable IDsanonymousPlaygroundId, anonymousPlaygroundRoute, anonymousPlaygroundGateId
Volatile claimsThe playground saves structured launch context before signup, limits rapid repeat saves per browser recovery workspace without raw IP or user-agent storage, can expire old anonymous recovery through owner or scheduled cleanup, and can create a private launch draft plus private offer/product/audience/importer-review records after verified-account claim; it is not public publishing, live checkout, subscriber sends, domain reservation, fulfillment, or product access.
/agent-docs/source-data
Agent doc links, read contracts, evidence routes, MCP plan, and write-safety rules.
Stable IDsagentDocId, readContractId, mcpPlanId, evidenceRouteId
Volatile claimsThe manifest is discovery metadata; it does not grant write permission.
/content/source-data
Audience segments, resource hub records, pricing principles, planned pricing tracks, issue links, and agent boundaries.
Stable IDsaudienceSegmentId, resourceItemId, pricingPrincipleId, pricingTrackId
Volatile claimsExperiment, Grow, Enterprise, and White glove setup are the current public pricing records; future limits, trials, and usage-meter rates still need current source evidence before being cited.
/trust/source-data
Customer-proof approval policy, approved record counts, public redaction boundary, and the current absence or presence of approved testimonials, logos, metrics, case studies, and endorsements.
Stable IDscustomer-proof-approval-policy, customerProofRecordId, customerProofSourceId
Volatile claimsAgents must not invent customer names, logos, testimonials, revenue, conversion metrics, endorsements, or case studies. Only approved customer-proof records in this route may be cited as customer proof.
/account/source-data
Paid publisher tenant setup, Bumpgrade subdomain reservation rules, custom-domain DNS onboarding, D1 table boundaries, cross-subdomain auth configuration, and the no-domain-purchase launch policy.
Stable IDspublisherTenantId, publisherSubdomainReservationId, publisherCustomDomainId, publisherPlanEntitlementId, issue
Volatile claimsDefault Bumpgrade subdomain reservation and existing-domain DNS onboarding are live for paid accounts; Bumpgrade-hosted subdomains share the central identity session, custom domains use a Bumpgrade login handoff, and Bumpgrade does not sell or register domains today.
/funnels/source-data
Seeded funnel, ordered steps, page blocks, reusable funnel templates including webinar/resource page shapes, block-template library records, owner-session template-to-draft capability, owner-session checkout-link capability, owner-session checkout-unlink capability, owner-session resource delivery link capability, public and owner-session agent funnel resource delivery token capability, owner-session webinar event link capability, owner-session archived-draft purge capability, owner-session visual block style capability, owner-session block reorder capability, owner-session cross-step block move capability, public funnel checkout-start capability, aggregate owner product delivery-gate counts, revision ID, preview route, source-data route, published D1 funnel summaries, owner-gated draft capability, D1 table names, and confirmed-write boundary.
Stable IDsfunnelId, funnelStepId, funnelBlockId, funnelTemplateId, funnelBlockTemplateId, funnelCheckoutLinkId, funnelCheckoutUnlinkId, funnelResourceDeliveryLinkId, funnelResourceDeliveryTokenId, agentFunnelResourceDeliveryTokenId, funnelWebinarEventLinkId, funnelDraftPurgeId, funnelPurgeEventId, funnelDraftBlockVisualStyleId, funnelDraftBlockReorderId, funnelDraftBlockCrossStepMoveId, funnelWebinarResourceTemplateId, funnelRevisionId, funnelDraftId, funnelAuditEventId, checkoutIntentId, checkoutOfferStackId, offerId, productDeliveryGateLinkId
Volatile claimsThe public funnel contract exposes template and block-template records, webinar/resource page-shape records, owner-gated template-create, checkout-link, checkout-unlink, resource-delivery-link, public and owner-session agent funnel resource delivery token, webinar-event-link, archived-draft purge, visual block style presets, within-step block-reorder, cross-step block-move, editable draft, publish capability metadata, direct agent-safe visual style presets, reusable block add/remove, checkout linking/unlinking, resource-delivery linking, webinar-event linking, block movement, public publishing, archive/unpublish, and archived-draft purge metadata, public sandbox checkout-start rendering metadata, entitlement-safe resource access references, external webinar registration/replay references, and aggregate owner product delivery-gate counts; it does not expose unpublished private draft copy, direct agent template creation, unauthenticated public agent-created delivery tokens, direct agent non-archived or bulk purge, unauthenticated public agent publishing, live billing, live webinar scheduling, attendance tracking, replay hosting, arbitrary uploaded private asset delivery, signed URLs, live fulfillment automation, or unconfirmed agent edits.
/offers/source-data
Seeded checkout offer stack, primary offer, selectable order bump, optional referral-click attribution evidence, upsell, downsell, non-billing post-purchase decision contract, aggregate decision counts, aggregate owner product delivery-gate counts, checkout route, revision ID, and confirmed-write boundary.
Stable IDscheckoutOfferStackId, offerId, orderBumpId, upsellId, downsellId, checkoutRevisionId, referralClickId, postPurchaseDecisionId, productDeliveryGateLinkId
Volatile claimsThe checkout-offer contract now includes a confirmed sandbox checkout start for the seeded primary offer plus constrained order bump, optional referral-click attribution evidence, non-billing upsell/downsell decision evidence, and aggregate owner product delivery-gate counts; it is not live billing, one-click upsell charging, fulfillment, commission writes, price mutation, or direct agent write capability.
/products/source-data
Seeded product catalog, assets, access rules, entitlement templates, payment-plan records, sandbox webhook grant mappings, aggregate owner-entitlement inspection counts, aggregate owner-created product, test checkout, delivery-gate, and test grant counts, customer-safe lookup contract, private R2-backed fixture delivery contract, owner-confirmed private asset upload intent contract, owner-confirmed non-destructive revocation intent contract, protected content readiness, checkout-intent-scoped protected fixture delivery, redaction flags, preview route, revision ID, and confirmed-write boundary.
Stable IDsproductId, assetId, accessRuleId, entitlementTemplateId, productEntitlementInspectionId, customerProductEntitlementLookupId, productDownloadTokenId, productAssetUploadIntentId, productCreationIntentId, productTestCheckoutLinkId, productDeliveryGateLinkId, productOfferAccessGrantIntentId, productEntitlementRevocationIntentId, productProtectedContentId, productProtectedContentDeliveryId, productPaymentPlanId, subscriptionPlanId, fulfillmentId
Volatile claimsThe product/access contract includes seeded payment-plan read records, sandbox webhook-backed entitlement row grants, owner-only entitlement inspection, customer-safe checkout intent lookup, short-lived tokens that stream a seeded private R2 fixture, owner-created product test checkout links, owner product delivery-gate links, owner-confirmed private asset upload records, owner-confirmed non-destructive revocation intent records, protected content readiness, and checkout-intent-scoped seeded protected fixture delivery; it is not live payment-plan checkout, signed object URL access, customer delivery of arbitrary uploads, destructive revocation, subscription access mutation, live offer/funnel publishing, live charges, or live fulfillment automation.
/audience/source-data
Seeded audience automation workspace, opt-in form, consent-backed capture API, aggregate subscriber inspection counts, redaction flags, tags, segments, lead magnet, sequence, aggregate sequence delivery readiness, dry-run sequence schedule intent counts, dry-run sequence delivery-batch counts, dry-run sequence queue-message counts, dry-run sequence dispatch preflight counts, dry-run sequence dispatch attempt receipt counts, sequence Queue producer readiness counts, sequence Queue consumer readiness counts, sequence provider-call readiness counts, sequence delivery-attempt readiness counts, sequence delivery-result readiness counts, sequence delivery-status webhook readiness counts, sequence provider-polling readiness counts, sequence receipt-payload readiness counts, broadcast draft, broadcast readiness, dry-run broadcast schedule intent counts, broadcast preview safety, queue readiness, delivery-batch dry runs, queue-message dry runs, dispatch preflight dry runs, dispatch attempt receipts, sender-domain readiness gates, provider-event readiness gates, provider rate-limit readiness gates, provider response readiness gates, send-payload readiness gates, Queue producer readiness gates, Queue consumer readiness gates, provider-call readiness gates, delivery-attempt readiness gates, delivery-result readiness gates, delivery-status webhook readiness gates, provider-polling readiness gates, receipt-payload readiness gates, owner-confirmed import intent evidence, owner-confirmed import preflight evidence, aggregate export readiness evidence, and confirmed-write boundary.
Stable IDssubscriberSegmentId, subscriberId, subscriberInspectionId, optInFormId, leadMagnetId, emailSequenceId, sequenceEnrollmentPauseId, sequenceDeliveryReadinessId, sequenceScheduleIntentId, sequenceDeliveryBatchId, sequenceDeliveryQueueMessageId, sequenceDispatchPreflightId, sequenceDispatchAttemptId, sequenceQueueProducerReadinessId, sequenceQueueConsumerReadinessId, sequenceProviderCallReadinessId, sequenceDeliveryAttemptReadinessId, sequenceDeliveryResultReadinessId, sequenceDeliveryStatusWebhookReadinessId, sequenceProviderPollingReadinessId, sequenceReceiptPayloadReadinessId, automationRuleId, broadcastReadinessId, broadcastScheduleIntentId, broadcastPreviewSafetyId, broadcastQueueReadinessId, broadcastDeliveryBatchId, broadcastDeliveryQueueMessageId, broadcastDispatchPreflightId, broadcastDispatchAttemptId, broadcastSenderDomainReadinessId, broadcastProviderEventReadinessId, broadcastProviderRateLimitReadinessId, broadcastProviderResponseReadinessId, broadcastSendPayloadReadinessId, broadcastQueueProducerReadinessId, broadcastQueueConsumerReadinessId, audienceImportIntentId, audienceImportPreflightId, audienceExportReadinessId
Volatile claimsThe audience automation contract includes consent-backed opt-in capture, aggregate owner-inspection evidence, unsubscribe/suppression evidence, unsubscribe-paused sequence enrollment aggregates, aggregate sequence delivery readiness from issue #351, dry-run sequence schedule intents from issue #354, dry-run sequence delivery batches from issue #358, dry-run sequence queue-message evidence from issue #360, dry-run sequence dispatch preflight evidence from issue #362, dry-run sequence dispatch attempt receipt evidence from issue #364, sequence Queue producer readiness from issue #366, sequence Queue consumer readiness from issue #368, sequence provider-call readiness from issue #370, sequence delivery-attempt readiness from issue #372, sequence delivery-result readiness from issue #374, sequence delivery-status webhook readiness from issue #376, sequence provider-polling readiness from issue #378, sequence receipt-payload readiness from issue #380, private owner-note counts, broadcast readiness, dry-run broadcast schedule intent counts, preview/footer safety, queue readiness, delivery-batch dry runs, queue-message dry runs, dispatch preflight dry runs, dispatch attempt receipts, sender-domain readiness, provider-event readiness, provider rate-limit readiness, provider response readiness, send-payload readiness, Queue producer readiness, Queue consumer readiness, provider-call readiness, delivery-attempt readiness, delivery-result readiness, delivery-status webhook readiness, provider-polling readiness, receipt-payload readiness, owner-confirmed import intents, owner-confirmed import preflights, and aggregate export readiness evidence from issue #347; it is not contact import, raw import row storage, raw email storage, subscriber creation from imports, real sequence scheduling, live email sending, private export, export file creation, private DNS/provider setup, provider webhook processing, webhook payload reading or creation, provider polling, provider polling payload reading or creation, provider polling result creation, receipt payload creation, delivery receipt creation, Cloudflare Queue dispatch, Queue producer execution, Queue consumer execution, queue payload body creation or reading, Queue message consumption, Queue message acknowledgements, ack/retry/dead-letter row creation, provider calls, delivery attempts, delivery results, webhooks, receipts, delivery queue row creation, recipient payload creation, raw payload body storage, provider response creation, provider message creation, personalized body generation, unsubscribe URL creation, body template exposure, or direct public agent subscriber write capability.
/analytics/source-data
Seeded analytics event taxonomy, event capture API, browser-side page-view beacon boundary, dashboard-visible aggregate source attribution rows, fixed time-window metadata, aggregate event counts, aggregate variant event counts, aggregate source attribution counts, assignment API, aggregate assignment counts, aggregate funnel conversion reports, aggregate report export metadata, owner-reviewed cohort comparison evidence, owner-reviewed alert threshold/anomaly-review evidence, owner-reviewed notification delivery readiness evidence, owner-confirmed notification inbox records, owner-confirmed dispatch preflight evidence, owner-reviewed provider/domain readiness evidence, metric formulas, experiment variants, assignment rule, owner-confirmed experiment decision evidence, and confirmed-write boundary.
Stable IDsanalyticsEventId, analyticsEventIngestionId, analyticsPageViewBeaconId, analyticsEventVariantAggregateId, analyticsEventSourceAggregateId, experimentAssignmentId, analyticsExperimentDecisionId, analyticsReportExportId, analyticsReportExportSectionId, analyticsCohortFixtureId, analyticsCohortComparisonId, analyticsCohortReviewId, analyticsCohortReviewStatus, analyticsAlertThresholdId, analyticsAnomalyReviewId, analyticsAnomalyReviewStatus, analyticsNotificationReadinessId, analyticsNotificationChannelId, analyticsNotificationReadinessStatus, analyticsNotificationInboxRecordId, analyticsNotificationInboxStatus, analyticsNotificationDispatchPreflightId, analyticsNotificationDispatchPreflightStatus, analyticsFunnelConversionReportId, analyticsTimeWindow, analyticsExperimentTrafficRoutingId, analyticsExperimentHoldoutRoutingId, utmSource, utmMedium, utmCampaign, referrerHost, metricId, experimentId, variantId, assignmentRuleId
Volatile claimsThe affiliate/referral contract includes seeded click capture, checkout attribution evidence, review-only commission ledger evidence, owner review/reversal action boundaries, aggregate counts, public-safe partner reports, public-safe partner portal status pages, public-safe partner statement snapshots, read-only payout preparation, owner-confirmed payout preparation records, owner-reviewed fraud review records, owner-confirmed fraud enforcement records, owner-reviewed partner notification readiness records, owner-reviewed partner notification send preflight records, and owner-reviewed notification provider readiness records; it is not cookie assignment, buyer attribution finalization, payable statement creation, payable commission state, private fraud signal exposure, tax collection, partner notification sends, provider-send enablement, provider configuration, provider secret storage, provider calls, send payload creation, queue dispatch, authenticated private partner portal access, direct agent review automation, or Stripe payout capability.
/affiliates/source-data
Seeded affiliate program, partner records, referral links, public-safe partner reports, public-safe partner portal status pages, public-safe partner statement snapshots, read-only payout preparation, owner-confirmed payout preparation records, owner-reviewed fraud review records, owner-confirmed fraud enforcement records, owner-reviewed partner notification readiness records, owner-reviewed partner notification send preflight records, owner-reviewed notification provider readiness records, referral click capture API, checkout attribution evidence, review-only commission ledger evidence, owner review/reversal actions, aggregate counts, attribution rules, commission rules, ledger fixtures, payout batch, review flags, and confirmed-write boundary.
Stable IDsaffiliateProgramId, affiliatePartnerId, affiliatePartnerPortalId, affiliatePartnerStatementSnapshotId, affiliatePartnerReportId, payoutPreparationId, payoutPreparationRecordId, payoutPreparationRecordStatus, fraudReviewRecordId, fraudReviewRecordStatus, partnerNotificationReadinessRecordId, partnerNotificationReadinessRecordStatus, partnerNotificationSendPreflightRecordId, partnerNotificationSendPreflightRecordStatus, partnerNotificationProviderReadinessRecordId, partnerNotificationProviderReadinessRecordStatus, referralLinkId, referralClickId, checkoutIntentId, referralAttributionId, reviewOnlyCommissionLedgerId, commissionReviewActionId, commissionRuleId, commissionLedgerId, payoutBatchId
Volatile claimsThe affiliate/referral contract includes seeded click capture, checkout attribution evidence, review-only commission ledger evidence, owner review/reversal action boundaries, aggregate counts, public-safe partner reports, public-safe partner portal status pages, public-safe partner statement snapshots, read-only payout preparation, owner-confirmed payout preparation records, owner-reviewed fraud review records, owner-confirmed fraud enforcement records, owner-reviewed partner notification readiness records, owner-reviewed partner notification send preflight records, and owner-reviewed notification provider readiness records; it is not cookie assignment, buyer attribution finalization, payable statement creation, payable commission state, private fraud signal exposure, tax collection, partner notification sends, provider-send enablement, provider configuration, provider secret storage, provider calls, send payload creation, queue dispatch, authenticated private partner portal access, direct agent review automation, or Stripe payout capability.
/mobile-admin/source-data
Mobile jobs-to-be-done, iOS and Android child issues, live dashboard source-data route, API dependencies, stack decision, and write boundaries.
Stable IDsmobileJobId, mobileApiDependencyId, platformIssue, mobileDashboardCardId
Volatile claimsThe mobile contract and live public dashboard digest are live, but installable iOS and Android app claims require #67 and #68 smoke evidence.
/mobile-admin/dashboard/source-data
Public-safe mobile dashboard digest with feature counts, roadmap counts, recent work-log metadata, attention counts, commerce table counts, agent-readiness counts, and platform source-data routes.
Stable IDsmobileDashboardCardId, featureId, roadmapItemId, workLogEntryId, markAttentionId, agentReadContractId
Volatile claimsThe dashboard is a public-safe read contract with owner-session and confirmed-action requirements, not private mobile rows, push notifications, live confirmed writes, App Store distribution, or Play Store distribution.
/mobile-admin/ios/source-data
iOS app-foundation path, generated fixture, simulator target, validation command, smoke command, and screenshot evidence.
Stable IDsplatformIssue, fixturePath, simulatorBundleId
Volatile claimsThe iOS simulator smoke target renders owner-session and confirmed-action requirements, but it is not App Store distribution, push notification support, private mobile rows, or live confirmed-write capability.
/mobile-admin/android/source-data
Android app-foundation path, generated fixture asset, native package, emulator target, validation command, smoke command, and screenshot evidence.
Stable IDsplatformIssue, fixturePath, nativePackage, defaultAvd
Volatile claimsThe Android emulator smoke target renders owner-session and confirmed-action requirements, but it is not Play Store distribution, push notification support, private mobile rows, or live confirmed-write capability.