This roadmap turns the feature catalog into public execution state. Shipped means merged and deployed. Active means the work is underway. Blocked means the next unblock condition is explicit. Everything else stays honest as next or planned.
Easy importers from ClickFunnels and competitor platforms
Importer center, dedicated platform import paths, public redacted review maps, private draft creation, checkout rebuild readiness, private subscriber import records, owner-only private subscriber inspection, imported-pending audience review-list promotion, owner-only private subscriber CSV export, and reusable source-data contract for moving competitor platform context into private Bumpgrade launch workspaces before go-live.
Feature IDfeature-competitor-importers
Next milestoneParent importer scope is shipped; keep sequence enrollment and sends, live checkout creation, payment credential migration, account transfer, domains, and fulfillment parked behind their dedicated confirmed-write workstreams.
Issue #467 tracks easy importers from ClickFunnels and first-wave competitor platforms.
`/imports` lists supported importer paths.
Dedicated importer pages can show a redacted preflight review map before sign-in or private draft creation, including platform-specific source-guide readiness.
Public preflight review can parse small CSV, JSON, HTML, or text exports for structure without saving raw files, rows, file names, or pasted text.
Public preflight review now matches parsed export structure against platform-specific templates before private draft creation.
Dedicated importer pages now list platform-specific source guides for the URLs, exports, files, and notes Bumpgrade can use.
Dedicated importer pages support private Free Build import-plan creation.
Private importer writes now persist the safe importReview export analysis, platform export matches, and recognized match IDs on new private draft metadata.
Private importer writes now create structured private import records for matched offer, product, audience, checkout, funnel/page, sequence, and asset review areas.
Verified publishers can open a private importer record review route for their own importer-created plan after creation.
Verified publishers can mark private import records ready or needing cleanup without triggering buyer-facing changes.
Verified publishers can record checkout migration readiness on private checkout-offer and product-catalog records without creating checkout intents, Stripe sessions, live payment credentials, public checkout routes, account transfer, domains, fulfillment, subscriber sends, or go-live effects.
Private importer records now include safe extracted field plans that show owner-review target fields without raw row values or private source content.
Verified publishers can edit safe extracted field labels, review status, and prompts without storing raw extracted values or triggering buyer-facing changes.
Private audience import records now include safe subscriber import depth with aggregate row counts and identity, tag, consent, and sequence signals before any subscriber write exists.
Verified publishers can record subscriber import preflight decisions for private audience records without creating subscriber rows, sequence enrollments, sends, private exports, or go-live effects.
Verified publishers can create private importer subscriber records from a confirmed fresh upload or paste without sequence enrollments, sends, private exports, or go-live effects.
Verified publishers can inspect saved private importer subscriber records from the same-owner private review page while public source-data and unauthenticated responses expose counts only.
Verified publishers can add saved importer contacts to the audience review list as imported-pending subscriber rows without consent events, sequence enrollments, sends, private exports, or go-live effects.
Verified publishers can download owner-only private subscriber CSV files from saved importer contacts after exact confirmation while public source-data, unauthenticated responses, and JSON API responses expose counts and redaction rules only.
`/imports/source-data` exposes platform IDs, input kinds, platform-specific source checklists, export match templates, preflight signal labels, export-file parser fields, private structured import-record fields, extracted field plans, checkout migration readiness actions, subscriber import depth, subscriber import preflight actions, subscriber import creation actions, subscriber audience promotion actions, owner-only private subscriber record inspection rules, owner-only private subscriber export actions, private record review routes, review-action routes, extracted-field edit actions, saved private plan parts, preflight review routes, private-draft API routes, safety gates, limitations, and source evidence IDs for agents.
Private importer writes reuse an existing draft when the same platform, workspace, normalized title, and source URL or export file name match.
Private importer rollback routes archive private import plans without deleting saved plan content, structured private import records, steps, or audit history so the same source can be restarted.
Owner-visible project notifications and inbound project reply monitoring.
Feature IDfeature-codex-email
Next milestoneKeep inbound project mail limited to private runtime allowlists and authenticated sender evidence.
Issue #10 owns the project operations notification workflow.
Project email routing for bumpgrade.com is enabled and reported ready after required domain records were installed.
Private operational contracts store outbound notice results and inbound reply metadata without exposing trusted identities.
A delayed project notice was delivered and recorded in private operational evidence.
Project mail routes to the Worker for inbound capture and forwarding.
Owner policy requires private runtime allowlists and authenticated sender evidence before inbound email can influence project work; From text alone is not trusted.
Better Auth email/password accounts, account sessions, API routes, login/signup UI, and owner-gated admin pages.
Feature IDfeature-better-auth
Next milestoneKeep phone verification out of launch scope until a specific abuse, account-recovery, publisher-trust, or customer-communication need is recorded; if needed, build it through Better Auth with Cloudflare secrets, rate limits, and redaction.
Issue #9 owns the Better Auth foundation slice.
Login/signup, D1 auth tables, Better Auth API routes, and owner-gated admin pages are included in the issue #9 implementation.
Issue #55 adds owner verification resend UX and last-sent status for protected admin gates.
Issue #53 documents phone verification and SMS provider options before any phone collection, SMS OTP, or SMS marketing exists.
Signed-in, email-confirmed publishers with an active paid plan entitlement can reserve a unique default `*.bumpgrade.com` subdomain backed by D1 tenant, reservation, and audit records.
Feature IDfeature-better-auth
Next milestoneUse the paid-gated account and default subdomain foundation as the base for custom-domain DNS onboarding, domain purchase, and publisher site auth.
Issue #222 tracks the paid publisher tenant and default Bumpgrade subdomain slice.
`/account/setup` is the signed-in publisher setup surface.
`/account/source-data` exposes the public-safe tenant/subdomain contract.
`POST /api/account/publisher/subdomain` reserves a unique Bumpgrade hostname only after email verification and active paid-plan entitlement.
Better Auth is configured with the `https://*.bumpgrade.com` trusted origin pattern and `bumpgrade.com` cross-subdomain cookie domain in production.
Paid publishers can add an existing custom domain, receive deterministic CNAME instructions, and re-check DNS verification state from account setup without exposing private DNS credentials.
Feature IDfeature-better-auth
Next milestoneAdd custom-domain auth semantics in issue #224, then domain purchase decisions in issue #225.
Issue #223 tracks the custom-domain DNS onboarding slice.
PR #228 merged and deployed existing-domain DNS onboarding.
`/account/setup` is the signed-in publisher setup surface for custom domains.
`/account/source-data` exposes the public-safe custom-domain DNS contract.
`POST /api/account/publisher/custom-domain` starts onboarding and re-checks DNS for paid, email-confirmed publishers with a default Bumpgrade hostname.
Cloudflare Worker version `11dc5b0a-468a-44dd-9e8a-3e5769795076` deployed the route, screenshot asset, and wildcard route binding.
Customer login across Bumpgrade-hosted publisher sites
Bumpgrade-hosted publisher subdomains share the central Better Auth identity session while tenant access remains scoped per hostname, checkout, entitlement, and membership state.
Feature IDfeature-better-auth
Next milestoneDecide and expose the domain-purchase path in issue #225, then align pricing/signup copy in issue #226.
Issue #224 tracks the publisher-site auth boundary.
PR #230 merged and deployed the cross-subdomain customer auth contract.
`/account/source-data` exposes the Bumpgrade-subdomain session-sharing contract and custom-domain caveat.
Production Better Auth uses the `bumpgrade.com` cookie domain and `https://*.bumpgrade.com` trusted origin pattern.
Custom domains cannot receive the `bumpgrade.com` browser cookie directly, so they use a central Bumpgrade login handoff before returning to tenant-scoped access checks.
Cloudflare Worker version `cd663146-20c5-4899-a43f-5faec8c720a5` deployed the account source-data and Better Auth boundary update.
Stripe mode-specific secrets are stored in Cloudflare, Checkout Sessions are the first payment surface, and D1 commerce/audit tables now include optional referral-click attribution evidence, review-only commission ledger evidence, owner review/reversal actions, and read-only payout preparation before live payment or payout code.
Feature IDfeature-stripe-commerce
Next milestoneAdd private payout account, tax, and partner notification contracts only after read-only payout preparation stays stable.
Issue #11 owns this Stripe architecture slice.
Cloudflare now stores mode-specific Stripe secret names without repo secret values.
Multi-step funnel model, source-data contract, read-only seeded preview foundation, owner-gated editable draft foundation with step edit/reorder controls, granular block title/body editing, reusable block add/remove controls, owner-session visual style controls, bounded owner-session canvas layout controls, owner-session within-step block reordering, owner-session cross-step block moves, owner-gated private preview, exact-confirmed public publishing, reusable template and block-template library records including webinar/resource page shapes, owner-confirmed template-to-draft creation, owner-confirmed private draft duplication, owner-confirmed checkout-offer linking on private draft steps, public sandbox checkout start rendering from published linked checkout blocks, owner-confirmed archive/unpublish lifecycle actions, owner-confirmed archived-draft purge and bulk archived-draft purge with tombstone evidence, owner-confirmed resource delivery links to product/access catalog assets, funnel-scoped private download-token delivery from published linked resource blocks, redacted resource-delivery receipt evidence after successful private download redemption, owner-confirmed webinar event/replay links to public-safe external URLs, and safe draft proposals.
Feature IDfeature-funnel-builder
Next milestoneKeep arbitrary uploaded private asset delivery, live fulfillment automation, full webinar integrations, unauthenticated public agent-created delivery tokens, and unauthenticated public agent publishing in issue #417; keep live publisher-offer billing in issue #219.
Tracked by issue #14.
Issue #79 adds the first `/funnels/source-data` contract and `/funnels/indie-launch-sandbox` preview foundation.
Issue #91 adds owner-gated `/admin/funnels`, `/api/admin/funnels/drafts`, and D1 draft/audit tables.
Issue #93 adds owner-gated step title, goal, kind, and order editing on private D1 drafts.
Issue #95 adds owner-gated private draft preview from current D1 draft state.
Issue #135 adds exact-confirmed public publishing from D1 draft funnels to stable public `/funnels/{slug}` routes.
Issue #159 adds reusable funnel templates and block-template library records to `/funnels/source-data` and the seeded preview route.
Issue #161 adds owner-confirmed template-to-draft creation from reusable funnel templates.
Issue #165 adds public sandbox checkout start rendering on published funnel checkout blocks with owner-confirmed checkout links.
Issue #213 adds webinar and resource funnel template/block contracts plus D1 step-kind storage readiness.
Issue #215 adds owner-confirmed private draft duplication with checkout-link metadata stripped by default.
Issue #341 adds owner-confirmed archive/unpublish lifecycle actions that preserve audit evidence and remove published routes from source data.
Issue #430 adds owner-session granular block title/body editing while preserving block IDs, kinds, ordered step structure, and checkout-link metadata.
Issue #432 adds owner-session block add/remove controls from the reusable block library while refusing checkout-linked block removal.
Issue #409 links owner-created product test checkout links to the seeded offer/funnel delivery gates without live billing or private fulfillment delivery.
Issue #417 adds owner-confirmed checkout unlinking, owner-confirmed resource delivery links, funnel-scoped private download-token delivery from published linked resource blocks, owner-session agent-created resource delivery tokens for published linked resource blocks, redacted resource-delivery receipt evidence after successful private download redemption, owner-confirmed webinar event/replay links, owner-session visual block style controls, owner-session bounded canvas layout controls, owner-confirmed archived-draft purge and bulk archived-draft purge with tombstone evidence, owner-session within-step block reordering, owner-session drag/drop block placement through existing move endpoints, owner-session cross-step block moves, and owner-session direct agent-safe draft writes for block copy edits, visual style presets, bounded canvas layouts, reusable block add/remove, checkout linking/unlinking, resource-delivery linking, webinar-event linking, block movement, duplication, public publishing, archive/unpublish, archived-draft purge, and bulk archived-draft purge while tracking remaining full webinar integrations, live fulfillment automation, arbitrary uploaded private asset delivery, unauthenticated public agent-created delivery tokens, and unauthenticated public agent publishing after the MVP closeout.
Stripe-backed checkout flows, confirmed sandbox checkout start with a constrained order bump, optional referral-click attribution evidence, review-only commission ledger evidence, owner review/reversal actions, non-billing post-purchase upsell/downsell decision evidence, subscriptions, coupons, and audit trails.
Feature IDfeature-checkout-offers
Next milestoneKeep live publisher-offer billing separated in issue #219 until the first live package, amount, and webhook secret are confirmed; one-click post-purchase charging and fulfillment remain future confirmed-write work.
Tracked by issue #15.
Depends on Stripe architecture in #11.
Issue #81 adds the first `/offers/source-data` contract and `/offers/indie-launch-stack` preview foundation.
Issue #99 adds confirmed sandbox checkout start support for the seeded primary offer plus pre-payment order bump.
Next milestoneKeep live product payment-plan checkout, Stripe Price creation, first package/amount selection, webhook-secret confirmation, Customer Portal actions, and live fulfillment tracked separately in issue #219.
Tracked by issue #16.
Issue #83 adds the first `/products/source-data` contract and `/products/indie-launch-library` preview foundation.
Issue #101 adds idempotent sandbox entitlement rows and fulfillment task evidence from trusted paid checkout webhook events.
Issue #139 adds `/admin/products` owner entitlement inspection and aggregate public redaction flags.
Issue #141 adds `/products/entitlements` and `/api/products/entitlements` for customer-safe checkout intent entitlement lookup.
Issue #143 adds one-use download tokens for active file entitlements without exposing private R2 keys or signed object URLs.
Issue #146 adds a seeded private R2-backed fixture delivery path through one-use Bumpgrade tokens.
Issue #147 revalidates current entitlement status, checkout intent linkage, trusted checkout state, and asset scope before token redemption.
Issue #151 adds owner-confirmed private product asset upload records backed by PRODUCT_ASSETS without exposing object keys, signed URLs, upload bodies, or private metadata.
Issue #251 adds owner-confirmed non-destructive revocation intent records with exact confirmation, idempotency, stale-state checks, and public redaction.
Issue #403 adds owner-confirmed draft product creation records without Stripe product/price creation or fulfillment mutation.
Issue #405 adds owner-confirmed test offer/funnel links and direct test access grants for owner-created products.
Issue #407 adds owner-confirmed buyer-facing test checkout links and public test checkout completion for owner-created products without Stripe Checkout Sessions, live charges, or public buyer exposure.
Issue #409 links owner-created product test checkout links to the seeded offer/funnel delivery gates with stale-state checks and aggregate public redaction.
Issue #16 exposes seeded pay-in-full, installment, and subscription payment-plan read records without live amounts, Stripe Price creation, Checkout Sessions, or customer data exposure.
Issue #16 is ready to close after PR #412 merged, deployed, and verified product payment-plan readiness.
Next milestoneKeep custom analytics schemas beyond the current seeded boundary, winner selection, notification execution, Queue producer/consumer execution, provider calls, delivery results, raw exports, and agent-safe write tools in issue #422 instead of reopening more isolated readiness-gate slices.
Tracked by issue #18.
Issue #87 adds the first `/analytics/source-data` contract and `/analytics/indie-launch-dashboard` preview foundation.
Issue #105 adds `POST /api/analytics/events` with seeded event validation, idempotency, hashed request evidence, and aggregate-only source-data reporting.
Issue #107 adds `POST /api/analytics/assignments` with seeded experiment validation, deterministic weighted variant assignment, hashed visitor evidence, and aggregate-only assignment reporting.
Issue #119 adds aggregate funnel conversion report rows from captured test events without exposing raw analytics rows.
Issue #121 adds browser-side funnel page-view beacons with server-side bot and preview suppression.
Issue #123 attaches deterministic seeded assignment evidence to captured funnel page views and exposes aggregate variant counts.
Issue #125 attaches normalized UTM/source attribution to captured funnel page views and exposes aggregate source counts.
Issue #127 renders aggregate source attribution rows in the analytics dashboard preview.
Issue #129 adds fixed all-time, 24-hour, 7-day, and 30-day aggregate source and conversion windows to source-data and the dashboard preview.
Issue #261 adds owner-confirmed experiment decision evidence without routing traffic, assigning cookies, selecting automated winners, exposing raw event rows, or exposing raw assignment rows.
Issue #263 adds aggregate report export metadata and fixture cohort comparison definitions without raw analytics exports.
Issue #265 adds owner-reviewed cohort comparison evidence without raw analytics exports, automated winners, or revenue claims.
Issue #267 adds owner-reviewed alert threshold and anomaly-review evidence without automated alerts, traffic routing, automated winners, or revenue claims.
Issue #269 adds owner-reviewed notification delivery readiness evidence without alert sends, inbox writes, traffic routing, automated winners, or revenue claims.
Issue #271 adds owner-confirmed notification inbox records without owner email sends, queue dispatch, customer alerts, recipients, email bodies, traffic routing, automated winners, or revenue claims.
Issue #292 adds owner-reviewed queue-producer readiness records without enabling Queue producers, creating queue messages or queue payload bodies, dispatching queues, calling providers, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
Issue #294 adds owner-reviewed queue-consumer readiness records without enabling Queue consumers, consuming or acknowledging Queue messages, creating retry/dead-letter rows, reading queue payload bodies, calling providers, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
Issue #297 adds owner-reviewed provider-call readiness records without enabling provider sends or calls, configuring providers, storing provider secrets or sender credentials, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
Issue #299 adds owner-reviewed delivery-attempt readiness records without enabling provider sends or calls, attempting delivery, configuring providers, storing provider secrets or sender credentials, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
Issue #301 adds owner-reviewed delivery-result readiness records without enabling provider sends or calls, attempting delivery, creating delivery results, processing status webhooks, polling providers, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, creating delivery receipts, sending owner email, exposing recipients, or making revenue claims.
Issue #303 adds owner-reviewed delivery-status-webhook readiness records without enabling provider sends or calls, attempting delivery, creating delivery results, processing delivery-status webhooks, polling providers, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, creating delivery receipts, sending owner email, exposing recipients, or making revenue claims.
Issue #305 adds owner-reviewed provider-polling readiness records without enabling provider sends or calls, attempting delivery, processing delivery-status webhooks, polling providers, creating delivery receipts, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
Issue #307 adds owner-reviewed receipt-payload readiness records without enabling provider sends or calls, attempting delivery, polling providers, processing status webhooks, creating delivery receipts, exposing receipt payloads, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
Issue #309 adds owner-reviewed delivery-receipt readiness records without enabling provider sends or calls, attempting delivery, polling providers, processing status webhooks, creating delivery receipts, exposing receipt payloads, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
Issue #311 adds owner-reviewed provider-status reconciliation readiness records without enabling provider sends or calls, attempting delivery, polling providers, processing status webhooks, processing delivery receipts, reconciling provider statuses, exposing receipt payloads, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
Issue #422 routes the sandbox opt-in hero copy through public-safe source/campaign rules first, then seeded session assignment with a baseline holdout and without cookies, and tracks the remaining live analytics automation, custom/non-seeded event schemas, winner selection, notification execution, and direct agent-safe write parity as one post-MVP execution bucket.
Issue #424 adds owner-confirmed fraud enforcement records without payable commission state, Stripe payouts, payout accounts, tax data, partner sends, provider calls, buyer data, raw rows, private fraud signals, or direct agent writes.
Issue #424 still tracks live payout execution, partner notifications, private payout/tax data, authenticated private partner portals, payable statement creation, and direct agent-safe write parity as one pending post-MVP execution bucket.
Users, developers and agents, resources, pricing, and blog surfaces
Use-case page, developer/agent page, resource and blog hub, pricing direction, metadata, sitemap entries, and `/content/source-data` contract.
Feature IDfeature-resources-use-cases-pricing
Next milestonePromote planned migration guides, launch playbooks, and blog posts into dedicated pages as funnel, checkout, automation, and analytics slices ship.
Tracked by issue #20.
`/users`, `/developers-and-agents`, `/resources`, and `/pricing` are live navbar destinations.
`/content/source-data` exposes stable audience, resource, and pricing-direction records for agents.
Issue #466 now tracks the Free Build pricing policy and paid go-live gates.
Defines the $0 private-building path, logged-out browser playground recovery, signed-in Free Build workspace creation, paid go-live gates, and the handoff before public, billing, sending, domain, or fulfillment actions are treated as live.
Feature IDfeature-resources-use-cases-pricing
Next milestoneParent scope is shipped; future expansion belongs in the relevant paid go-live workstream for publishing, checkout, subscriber sends, domains, fulfillment, or billing changes.
Issue #466 tracks the Free Build pricing model and optional anonymous playground.
`/playground` lets logged-out visitors save structured offer, audience, product, opt-in, checkout, delivery, follow-up, and migration-starting-point progress in this browser.
Claiming a browser playground reuses an existing Free Build workspace when present and adds a private launch draft without replacing existing workspace work.
`/api/playground/cleanup` is an owner-gated cleanup route for expiring old anonymous recovery without exposing private draft content.
A Cloudflare Cron trigger runs the same expired-recovery cleanup boundary daily without touching claimed private records or go-live state.
`/pricing` explains the build-first message in plain public copy.
`/pricing/source-data` exposes the Free Build design, live anonymous playground state, and paid go-live gates.
`/account/setup` lets verified signed-in users create a private Free Build workspace before payment.
`/account/source-data` exposes the signed-in Free Build workspace contract and paid go-live gates.
`/content/source-data` ties the pricing policy into audience and resource discovery records.
Current follow-up for installable private mobile admin parity after the completed read-only dashboard, Director workstream digest, iOS foundation, Android foundation, live-hydration, owner-session/confirmed-action contract, owner-gated private-row inspection, low-risk private-row workflow actions, owner-confirmed Director workstream reviews, owner-confirmed commerce-health reviews, owner-gated audit-only action-intent API, and push/distribution readiness-boundary slices.
Feature IDfeature-mobile-admin
Next milestoneAdd higher-risk billing, fulfillment, publishing, and other production confirmed-write APIs, physical-device proof, private APNs/FCM credential/device-token plumbing, and actual App Store/TestFlight or Play Store/internal-testing evidence without claiming parity early.
Current active follow-up tracked by issue #414.
Original foundation contract tracked by issue #13.
iOS app slice tracked by issue #67.
Android app slice tracked by issue #68.
Live dashboard source-data slice tracked by issue #153.
Mobile dashboard foundation rendering tracked by issue #155.
Mobile dashboard live network hydration tracked by issue #157.
Issue #414 renders the owner-session and confirmed-action contract in the Expo, iOS, and Android app foundations while keeping production mobile mutations disabled.
Issue #414 now adds owner-gated GET /api/mobile-admin/private-rows for read-only private mobile row inspection through the shared Better Auth owner session.
Issue #428 now adds owner-gated POST /api/mobile-admin/private-rows/actions for low-risk private-row workflow actions with exact confirmation, idempotency, stale row revision, stale-state token, audit-correlation, and redaction checks.
Issue #414 now adds owner-gated POST /api/mobile-admin/director-reviews for low-risk Director workstream acknowledgements with exact confirmation, idempotency, current Director generated-at checks, stale-state token, audit-correlation, and redaction checks.
Issue #414 now adds owner-gated POST /api/mobile-admin/commerce-reviews for low-risk commerce-health acknowledgements with exact confirmation, idempotency, current commerce generated-at checks, stale-state token, audit-correlation, and redaction checks.
Issue #414 now adds owner-gated POST /api/mobile-admin/actions for audit-only action intents with exact confirmation, idempotency, stale-state, contract revision, source-route, audit-correlation, and redaction checks.
Issue #414 now exposes the public-safe Director workstream digest inside /mobile-admin/dashboard/source-data for mobile CEO-style nesting.
Issue #414 now exposes a public-safe push-notification boundary for APNs/FCM requirements, disabled send status, blockers, and redaction flags.
Issue #414 now exposes a public-safe distribution boundary that separates simulator/emulator proof from physical-device, App Store/TestFlight, and Play Store/internal-testing claims.
`/mobile-admin/source-data` exposes the shared mobile contract, private-auth boundary, private-row API summary, private-row action API summary, Director review API summary, commerce review API summary, action-intent API summary, push boundary, distribution boundary, confirmed-action requirements, and no-installable-app caveat.
`/mobile-admin/dashboard/source-data` exposes the public-safe dashboard digest plus the redacted Director workstream brief and redacted private-row, private-row action, Director review, commerce review, and action-intent summaries for mobile clients.
`/mobile-admin/ios/source-data` exposes the iOS foundation, fixture, simulator smoke command, owner-session contract, private-row API panel, private-row action API panel, Director review API panel, commerce review API panel, action-intent API panel, confirmed-action cards, and screenshot path.
`/mobile-admin/android/source-data` exposes the Android foundation, fixture asset, emulator smoke command, owner-session contract, private-row API panel, private-row action API panel, Director review API panel, commerce review API panel, action-intent API panel, confirmed-action cards, and screenshot path.
Advanced funnel editing, resource delivery, and agent-safe writes
Active post-MVP funnel parity for visual funnel editing, resource delivery, webinar integrations, and agent-safe writes; owner-confirmed checkout unlinking, resource delivery links, funnel-scoped private download-token delivery, owner-session agent-created resource delivery tokens, redacted resource-delivery receipt evidence, webinar event/replay links, visual block style controls, bounded canvas layout controls, archived-draft purge, bulk archived-draft purge, within-step block reordering, drag/drop block placement through existing move endpoints, cross-step block moves, and owner-session direct agent-safe draft writes including block add/remove, canvas layout, public publishing, archived-draft purge, and bulk archived-draft purge are now part of this bucket's shipped evidence.
Feature IDfeature-funnel-builder
Next milestoneDesign arbitrary uploaded private asset delivery, live fulfillment automation, full webinar integrations, unauthenticated public agent-created delivery tokens, and unauthenticated public agent publishing as one coherent post-MVP workflow instead of more single-gate readiness slices.
Issue #417 tracks the advanced funnel parity bucket after issue #14 MVP closeout.
Issue #430 moves granular existing-block title/body editing into the owner-session builder while keeping direct agent block edits pending.
Issue #432 moves reusable block add/remove controls into the owner-session builder; issue #417 now exposes those block add/remove semantics through the owner-session agent draft-write contract.
Issue #417 adds owner-confirmed checkout unlinking from private draft blocks while preserving block IDs, kinds, title/body copy, step order, and audit evidence.
Issue #417 adds owner-confirmed resource delivery links from private draft resource/delivery blocks to public-safe product/access catalog assets without private R2 keys, signed URLs, buyer records, arbitrary uploaded asset delivery, or live fulfillment automation.
Issue #417 adds funnel-scoped private download-token delivery from published linked resource blocks after checkout intent, entitlement, product, and file asset scope match.
Issue #417 adds owner-session agent-created resource delivery tokens through /api/agent/funnels/resource-delivery-tokens after exact confirmation, idempotency, current published revision checks, entitlement checks, and audit correlation.
Issue #417 records redacted resource-delivery receipt evidence after successful private download-token redemption without exposing buyer data, raw checkout IDs, raw entitlement IDs, tokens, R2 keys, signed URLs, raw rows, arbitrary uploaded asset delivery, or live fulfillment automation.
Issue #417 adds owner-confirmed webinar event/replay links from private draft webinar blocks to public-safe external URLs without provider secrets, attendance tracking, reminder automation, or replay hosting.
Issue #417 adds owner-session visual style presets for existing private draft blocks while preserving block IDs, copy, checkout/resource/webinar metadata, and audit evidence.
Issue #417 adds bounded owner-session canvas layout controls for existing private draft blocks while preserving block IDs, copy, checkout/resource/webinar metadata, and audit evidence.
Issue #417 adds owner-session drag/drop block placement in /admin/funnels by replaying the existing block reorder and cross-step move endpoint modes with fresh revisions.
Live analytics automation, experiment routing, notification execution, and agent-safe writes
Active post-MVP execution bucket for custom/non-seeded analytics event schemas beyond the current seeded boundary, winner selection, rollback and audit logs, automated alert/notification execution, Cloudflare Queue producer and consumer execution, provider calls, delivery attempts, results, webhooks, polling, receipts, raw/private exports, and direct agent-safe analytics write APIs. Public-safe source/campaign rules and seeded sandbox funnel copy routing with a baseline holdout are now live through the existing assignment API.
Feature IDfeature-analytics-testing
Next milestoneContinue the remaining analytics execution work as one coherent workflow with privacy review, idempotency, audit correlation, stale-state checks, redaction, Queue/provider safety, rollback, sample-size caveats, and confirmed-write checks.
Issue #422 tracks this pending post-MVP execution bucket.
Issue #18 remains the shipped analytics MVP for privacy-safe events, deterministic assignments, aggregate conversion reporting, fixed-window attribution, owner decision evidence, aggregate exports, and notification readiness proof.
Seeded sandbox funnel copy routing now applies public-safe source/campaign rules first, then uses the same deterministic assignment API and session-scoped anonymous key as the page-view beacon, with a 10% baseline holdout for unmatched traffic.
The issue #18 closeout deliberately stops creating more single-gate proof slices unless they directly unlock live execution.
Blocked
Blocked
Known unblock condition is public-safe and specific.
Next
Next
Queued near-term because later work depends on it.
Planned
Planned
Tracked parity work with an issue, but not active yet.
Pending live-mode publisher-offer billing after the first package, amount, Stripe Price policy, and live webhook secret are confirmed. Bumpgrade account-plan self-serve checkout remains separate.
Feature IDfeature-checkout-offers
Next milestoneConfirm the first live publisher package/amount and STRIPE_WEBHOOK_SECRET_LIVE, then add live-mode checkout and signed webhook proof without exposing provider IDs.
Issue #219 tracks the live publisher-offer billing decision and rollout.
Production publisher-offer checkout remains sandbox-only until the first live package, amount, live Stripe Price policy, and live webhook secret are confirmed.
`/pricing` self-serve Bumpgrade subscription checkout is separate from customer-facing publisher-offer billing.
Live email delivery, automation execution, and agent-safe writes
Pending post-MVP execution bucket for owner-only sequence and broadcast test sends, sender/domain/provider setup, Cloudflare Queue producer and consumer execution, recipient payload generation, provider calls, delivery attempts, results, webhooks, polling, receipts, live imports, exports, automation execution, and direct agent-safe write APIs.
Feature IDfeature-email-automation-crm
Next milestoneDesign and ship the real broadcast and sequence execution path as one coherent workflow with consent, suppression, unsubscribe, sender-domain, provider, Queue, idempotency, audit, redaction, retry, dead-letter, webhook, receipt, and confirmed-write checks.
Tracked by issue #420.
Issue #17 remains the shipped email automation MVP for consent-backed opt-ins, unsubscribe/suppression, owner subscriber inspection, CRM-lite notes, dry-run broadcast and sequence readiness, and source-data contracts.
The first #420 slices add owner-only sequence and broadcast test sends without subscriber delivery, Queue messages, recipient payloads, provider message IDs, or public agent sends.
The issue #17 closeout deliberately stops creating more single-gate proof slices unless they directly unlock live execution.
Live affiliate payout execution, partner notifications, fraud enforcement, and agent-safe writes
Pending post-MVP execution bucket for payable commission finalization, private payout account and tax boundaries, Stripe payouts/transfers/reversals/receipts/reconciliation, payable statement creation, partner notification execution, provider configuration and sends, authenticated private partner portals, buyer attribution finalization, and direct agent-safe affiliate/referral write APIs. Owner-confirmed fraud enforcement records, public-safe partner portal status pages, and public-safe partner statement snapshots are live as non-payout #424 slices.
Feature IDfeature-affiliates-referrals
Next milestoneDesign and ship live affiliate execution as one coherent workflow with payable statement creation, payout safety, tax/private-data boundaries, idempotency, audit correlation, stale-state checks, redaction, refund-window checks, provider/payment safety, fraud-review safety, rollback/dispute paths, and confirmed-write checks.
Issue #424 tracks this pending post-MVP execution bucket.
Issue #424 adds public-safe partner portal status pages for aggregate partner report, payout-readiness, fraud, and notification status without private payout, tax, buyer, provider, or raw-row data.
Issue #424 adds public-safe partner statement snapshots for review-only partner totals, payout-preparation blockers, fraud status, notification readiness status, and redaction flags without payable statement creation.
The issue #19 closeout deliberately stops creating more single-gate proof slices unless they directly unlock live payout, notification, fraud, private portal, or agent-write execution.
Public contract
Roadmap state is useful only when it stays falsifiable.