Bumpgradepublisher growth OS

bumpgrade.com/roadmap

Public roadmap from feature evidence.

This roadmap turns the feature catalog into public execution state. Shipped means merged and deployed. Active means Codex is working the issue. Blocked means the unblock condition is exact. Everything else stays honest as next or planned.

Feature catalogRoadmap JSON
Shipped13

Merged, deployed, and safe to describe as live public surface area.

Active7

Currently being implemented or validated in the Codex issue loop.

Blocked0

Known unblock condition is public-safe and specific.

Next0

Queued near-term because later work depends on it.

Planned0

Tracked parity work with an issue, but not active yet.

Shipped

Shipped

Merged, deployed, and safe to describe as live public surface area.

ShippedIssue #4

Launch app foundation

Core public routes, admin shell, screenshots, and deployment path for the first Bumpgrade launch surfaces.

Feature IDfeature-cloudflare-foundation
Next milestoneKeep using this as the base for every issue slice.
  • PR #23 merged.
  • Live route smoke checks recorded on PR #23.
ShippedIssue #5

Comparison hub and alternative pages

Shopify-inspired compare hub, nine alternative pages, source-linked competitor data, and `/compare/source-data`.

Feature IDfeature-compare-source-data
Next milestoneRefresh competitor sources when pricing or packaging copy is used in user-facing answers.
  • PR #25 merged.
  • Live edge checks and screenshot URLs recorded on PR #25.
ShippedIssue #6

Public feature catalog

Marketing feature hub with live and launch-preview badges, stable feature IDs, issue links, and `/features/source-data`.

Feature IDfeature-public-feature-catalog
Next milestoneKeep feature records current as product slices move from pending to shipped.
  • PR #26 merged.
  • Live edge checks and feature JSON parse checks recorded on PR #26.
ShippedIssue #7

Public roadmap from main feature set

Public roadmap lanes connected to the feature catalog, GitHub issues, public-safe blockers, and deploy evidence.

Feature IDfeature-public-roadmap
Next milestoneReplace shared static records with owner-backed admin state in #8.
  • Issue #7 owns this feature slice.
  • PR #27 carries the source, screenshots, validation, and deploy evidence for this issue.
ShippedIssue #10

Codex project email and reply monitor

Outbound shipped-feature notices and inbound reply monitoring from `codex@bumpgrade.com`.

Feature IDfeature-codex-email
Next milestoneHarden inbound Codex mail so only explicitly allowlisted and authenticated senders can steer Codex.
  • Issue #10 owns the Codex project email workflow.
  • Cloudflare Email Routing for bumpgrade.com is enabled and reported ready after MX, SPF, and DKIM records were installed.
  • D1/R2 contracts store outbound notice results, inbound reply metadata, and raw MIME storage keys.
  • A real delayed PR #40 notice was delivered from codex@bumpgrade.com and recorded in D1.
  • Cloudflare routes codex@bumpgrade.com to Worker bumpgrade for inbound capture and forwarding.
Mark asked that only m@rkmoriarty.com, mark@awesound.com, and markmoriarty@stripe.com can steer Codex, and that messages must pass sender authentication rather than trusting From text.
ShippedIssue #8

Owner-backed admin roadmap, work log, journeys, and for-Mark surfaces

Owner and agent coordination surfaces backed by D1 instead of static scaffold copy.

Feature IDfeature-admin-state
Next milestoneKeep private admin pages behind Better Auth while adding confirmed write APIs and richer agent contracts.
  • Issue #8 owns this D1 admin surface slice.
  • Admin source-data routes, D1 migrations, and append scripts are included in the issue #8 implementation.
ShippedIssue #9

Publisher and admin authentication

Better Auth email/password accounts, account sessions, API routes, login/signup UI, and owner-gated admin pages.

Feature IDfeature-better-auth
Next milestoneKeep phone verification out of launch scope until a specific abuse, account-recovery, publisher-trust, or customer-communication need is recorded; if needed, build it through Better Auth with Cloudflare secrets, rate limits, and redaction.
  • Issue #9 owns the Better Auth foundation slice.
  • Login/signup, D1 auth tables, Better Auth API routes, and owner-gated admin pages are included in the issue #9 implementation.
  • Issue #55 adds owner verification resend UX and last-sent status for protected admin gates.
  • Issue #53 documents phone verification and SMS provider options before any phone collection, SMS OTP, or SMS marketing exists.
ShippedIssue #222

Paid publisher tenants and Bumpgrade subdomains

Signed-in, email-confirmed publishers with an active paid plan entitlement can reserve a unique default `*.bumpgrade.com` subdomain backed by D1 tenant, reservation, and audit records.

Feature IDfeature-better-auth
Next milestoneUse the paid-gated account and default subdomain foundation as the base for custom-domain DNS onboarding, domain purchase, and publisher site auth.
  • Issue #222 tracks the paid publisher tenant and default Bumpgrade subdomain slice.
  • `/account/setup` is the signed-in publisher setup surface.
  • `/account/source-data` exposes the public-safe tenant/subdomain contract.
  • `POST /api/account/publisher/subdomain` reserves a unique Bumpgrade hostname only after email verification and active paid-plan entitlement.
  • Better Auth is configured with the `https://*.bumpgrade.com` trusted origin pattern and `bumpgrade.com` cross-subdomain cookie domain in production.
ShippedIssue #223

Custom domain DNS onboarding and verification

Paid publishers can add an existing custom domain, receive deterministic CNAME instructions, and re-check DNS verification state from account setup without exposing private DNS credentials.

Feature IDfeature-better-auth
Next milestoneAdd custom-domain auth semantics in issue #224, then domain purchase decisions in issue #225.
  • Issue #223 tracks the custom-domain DNS onboarding slice.
  • PR #228 merged and deployed existing-domain DNS onboarding.
  • `/account/setup` is the signed-in publisher setup surface for custom domains.
  • `/account/source-data` exposes the public-safe custom-domain DNS contract.
  • `POST /api/account/publisher/custom-domain` starts onboarding and re-checks DNS for paid, email-confirmed publishers with a default Bumpgrade hostname.
  • Cloudflare Worker version `11dc5b0a-468a-44dd-9e8a-3e5769795076` deployed the route, screenshot asset, and wildcard route binding.
ShippedIssue #224

Customer login across Bumpgrade-hosted publisher sites

Bumpgrade-hosted publisher subdomains share the central Better Auth identity session while tenant access remains scoped per hostname, checkout, entitlement, and membership state.

Feature IDfeature-better-auth
Next milestoneDecide and expose the domain-purchase path in issue #225, then align pricing/signup copy in issue #226.
  • Issue #224 tracks the publisher-site auth boundary.
  • PR #230 merged and deployed the cross-subdomain customer auth contract.
  • `/account/source-data` exposes the Bumpgrade-subdomain session-sharing contract and custom-domain caveat.
  • Production Better Auth uses the `bumpgrade.com` cookie domain and `https://*.bumpgrade.com` trusted origin pattern.
  • Custom domains cannot receive the `bumpgrade.com` browser cookie directly, so they use a central Bumpgrade login handoff before returning to tenant-scoped access checks.
  • Cloudflare Worker version `cd663146-20c5-4899-a43f-5faec8c720a5` deployed the account source-data and Better Auth boundary update.
ShippedIssue #11

Stripe payments and checkout architecture

Stripe mode-specific secrets are stored in Cloudflare, Checkout Sessions are the first payment surface, and D1 commerce/audit tables now include optional referral-click attribution evidence, review-only commission ledger evidence, owner review/reversal actions, and read-only payout preparation before live payment or payout code.

Feature IDfeature-stripe-commerce
Next milestoneAdd private payout account, tax, and partner notification contracts only after read-only payout preparation stays stable.
  • Issue #11 owns this Stripe architecture slice.
  • Cloudflare now stores mode-specific Stripe secret names without repo secret values.
  • D1 tables define products, prices, checkout intents, subscriptions, webhook idempotency, and payment audit events.
  • Issue #34 owns the first sandbox checkout and webhook implementation.
  • Issue #111 adds checkout referral attribution evidence without commission or payout mutation.
  • Issue #113 creates review-only commission ledger evidence without payout mutation.
  • Issue #115 adds owner-gated commission review, hold, and reversal actions without payout mutation.
  • Issue #195 adds affiliate payout preparation as read-only readiness evidence without Stripe payouts.
ShippedIssue #12

Agent-ready docs, manifests, APIs, and MCP

Public agent docs, source evidence, `/agent-docs/source-data` manifest, server-side read contracts, and future MCP resources.

Feature IDfeature-agent-ready-contracts
Next milestoneImplement the first MCP resource server on top of the documented read contracts.
  • Tracked by issue #12.
  • `llms.txt`, `/features/source-data`, `/compare/source-data`, `/commerce/source-data`, and `/agent-docs/source-data` are live inputs.
  • The MCP roadmap is documented on `/agent-docs/bumpgrade-mcp` and stays read-only until confirmed-write APIs exist.
ShippedIssue #20

Users, developers and agents, resources, pricing, and blog surfaces

Use-case page, developer/agent page, resource and blog hub, pricing direction, metadata, sitemap entries, and `/content/source-data` contract.

Feature IDfeature-resources-use-cases-pricing
Next milestonePromote planned migration guides, launch playbooks, and blog posts into dedicated pages as funnel, checkout, automation, and analytics slices ship.
  • Tracked by issue #20.
  • `/users`, `/developers-and-agents`, `/resources`, and `/pricing` are live navbar destinations.
  • `/content/source-data` exposes stable audience, resource, and pricing-direction records for agents.

Active

Active

Currently being implemented or validated in the Codex issue loop.

ActiveIssue #13

Publisher admin apps for iOS and Android

Shared mobile-admin contract, live public-safe dashboard source-data, plus iOS, Android, and Expo scaffolds that live-read the dashboard route with fixture fallback.

Feature IDfeature-mobile-admin
Next milestoneAdd mobile auth and confirmed-write UX in follow-up slices after the read-only live dashboard stabilizes.
  • Tracked by issue #13.
  • iOS app slice tracked by issue #67.
  • Android app slice tracked by issue #68.
  • Live dashboard source-data slice tracked by issue #153.
  • Mobile dashboard scaffold rendering tracked by issue #155.
  • Mobile dashboard live network hydration tracked by issue #157.
  • `/mobile-admin/source-data` exposes the shared mobile contract and no-installable-app caveat.
  • `/mobile-admin/dashboard/source-data` exposes the public-safe dashboard digest for mobile clients.
  • `/mobile-admin/ios/source-data` exposes the iOS scaffold, fixture, simulator smoke command, and screenshot path.
  • `/mobile-admin/android/source-data` exposes the Android scaffold, fixture asset, emulator smoke command, and screenshot path.
ActiveIssue #14

Funnel and page builder MVP

Multi-step funnel model, source-data contract, read-only seeded preview scaffold, owner-gated editable draft scaffold with step edit/reorder controls, owner-gated private preview, exact-confirmed public publishing, reusable template and block-template library records including webinar/resource page shapes, owner-confirmed template-to-draft creation, owner-confirmed private draft duplication, owner-confirmed checkout-offer linking on private draft steps, public sandbox checkout start rendering from published linked checkout blocks, owner-confirmed archive/unpublish lifecycle actions, and safe draft proposals.

Feature IDfeature-funnel-builder
Next milestoneAdd physical deletion policy, drag-and-drop block editing, live webinar integrations, private resource delivery, live checkout rollout, and direct agent-safe edit/duplicate/archive tools on top of D1 draft funnels.
  • Tracked by issue #14.
  • Issue #79 adds the first `/funnels/source-data` contract and `/funnels/indie-launch-sandbox` preview scaffold.
  • Issue #91 adds owner-gated `/admin/funnels`, `/api/admin/funnels/drafts`, and D1 draft/audit tables.
  • Issue #93 adds owner-gated step title, goal, kind, and order editing on private D1 drafts.
  • Issue #95 adds owner-gated private draft preview from current D1 draft state.
  • Issue #135 adds exact-confirmed public publishing from D1 draft funnels to stable public `/funnels/{slug}` routes.
  • Issue #159 adds reusable funnel templates and block-template library records to `/funnels/source-data` and the seeded preview route.
  • Issue #161 adds owner-confirmed template-to-draft creation from reusable funnel templates.
  • Issue #163 adds owner-confirmed checkout-offer linking to private draft checkout blocks.
  • Issue #165 adds public sandbox checkout start rendering on published funnel checkout blocks with owner-confirmed checkout links.
  • Issue #213 adds webinar and resource funnel template/block contracts plus D1 step-kind storage readiness.
  • Issue #215 adds owner-confirmed private draft duplication with checkout-link metadata stripped by default.
  • Issue #341 adds owner-confirmed archive/unpublish lifecycle actions that preserve audit evidence and remove published routes from source data.
ActiveIssue #15

Checkout, order bump, upsell, and downsell MVP

Stripe-backed checkout flows, confirmed sandbox checkout start with a constrained order bump, optional referral-click attribution evidence, review-only commission ledger evidence, owner review/reversal actions, non-billing post-purchase upsell/downsell decision evidence, subscriptions, coupons, and audit trails.

Feature IDfeature-checkout-offers
Next milestoneAdd explicit post-purchase billing contracts and payout preparation only after decision evidence, public-safe partner reports, and owner review boundaries stay stable.
  • Tracked by issue #15.
  • Depends on Stripe architecture in #11.
  • Issue #81 adds the first `/offers/source-data` contract and `/offers/indie-launch-stack` preview scaffold.
  • Issue #99 adds confirmed sandbox checkout start support for the seeded primary offer plus pre-payment order bump.
  • Issue #111 adds public-safe referral-click attribution evidence to checkout intent creation.
  • Issue #113 creates review-only commission ledger evidence from trusted checkout attribution.
  • Issue #115 adds owner-gated review/reversal actions for commission evidence.
  • Issue #117 records non-billing post-purchase upsell/downsell decisions from trusted checkout evidence.
  • Issue #133 gates the checkout success CTA on trusted webhook state before opening the post-purchase path.
  • Issue #165 renders the existing sandbox checkout start surface from published linked funnel checkout blocks.
ActiveIssue #16

Products, downloads, courses, memberships, and subscriptions

Digital product records, product/access source data, sandbox webhook-backed entitlement grants, owner entitlement inspection, customer entitlement lookup, private R2-backed fixture delivery with redemption revalidation, owner-confirmed private asset upload intents, owner-confirmed non-destructive revocation intents, protected content readiness, checkout-intent-scoped protected fixture delivery, subscription-backed membership access, fulfillment task evidence, access rules, and subscriptions.

Feature IDfeature-products-access
Next milestoneExtend beyond seeded subscription membership, protected fixtures, and non-destructive revocation intents only after Customer Portal/self-service actions, destructive access removal, progress/audit records, real protected storage, and private media redaction stay enforced.
  • Tracked by issue #16.
  • Issue #83 adds the first `/products/source-data` contract and `/products/indie-launch-library` preview scaffold.
  • Issue #101 adds idempotent sandbox entitlement rows and fulfillment task evidence from trusted paid checkout webhook events.
  • Issue #139 adds `/admin/products` owner entitlement inspection and aggregate public redaction flags.
  • Issue #141 adds `/products/entitlements` and `/api/products/entitlements` for customer-safe checkout intent entitlement lookup.
  • Issue #143 adds one-use download tokens for active file entitlements without exposing private R2 keys or signed object URLs.
  • Issue #146 adds a seeded private R2-backed fixture delivery path through one-use Bumpgrade tokens.
  • Issue #147 revalidates current entitlement status, checkout intent linkage, trusted checkout state, and asset scope before token redemption.
  • Issue #151 adds owner-confirmed private product asset upload records backed by PRODUCT_ASSETS without exposing object keys, signed URLs, upload bodies, or private metadata.
  • Issue #179 adds owner-visible revocation intent readiness without destructive entitlement mutation.
  • Issue #181 adds protected content readiness metadata.
  • Issue #185 adds protected fixture delivery only after entitlement, product/template scope, and trusted checkout-state checks.
  • Issue #187 syncs checkout-linked membership access from trusted Stripe Billing subscription state.
  • Issue #251 adds owner-confirmed non-destructive revocation intent records with exact confirmation, idempotency, stale-state checks, and public redaction.
ActiveIssue #17

Email marketing, list growth, CRM-lite, and automations

Subscriber segments, live consent-backed opt-in capture, unsubscribe/suppression evidence, owner CRM timeline notes, aggregate sequence delivery readiness, broadcast draft readiness, dry-run broadcast schedule intents, preview/footer safety records, queue readiness contracts, delivery-batch dry runs, dry-run queue-message evidence, dispatch preflight evidence, dispatch attempt receipts, sender-domain readiness gates, provider-event readiness gates, provider rate-limit readiness gates, provider response readiness gates, send-payload readiness gates, Queue producer readiness gates, Queue consumer readiness gates, owner-confirmed import intents, owner-confirmed import preflights, lead magnets, tags, draft sequence enrollment evidence, broadcasts, sequences, consent, and CRM-lite state.

Feature IDfeature-email-automation-crm
Next milestoneAdd real contact imports, sequence scheduling, Cloudflare Queue producers, and consumers only after sender-domain, provider-event, provider rate-limit, provider response, send-payload, Queue producer, Queue consumer, import redaction, unsubscribe footer, suppression, audit checks, sequence delivery-readiness, delivery-batch gates, queue-message gates, dispatch preflight boundaries, and dispatch-attempt receipts stay explicit.
  • Tracked by issue #17.
  • Issue #85 adds the first `/audience/source-data` contract and `/audience/indie-launch-waitlist` preview scaffold.
  • Issue #103 adds `POST /api/audience/opt-in` with normalized subscriber, consent, tag, and draft sequence enrollment rows.
  • Issue #137 adds `/admin/audience` owner subscriber inspection and aggregate public redaction flags.
  • Issue #167 adds `POST /api/audience/unsubscribe` with idempotent unsubscribe/suppression evidence and no list-membership leak.
  • Issue #169 adds owner-gated private audience CRM timeline notes with aggregate public redaction.
  • Issue #171 adds suppression-aware broadcast draft readiness without send queues or provider message IDs.
  • Issue #173 adds owner-confirmed dry-run broadcast schedule intents without recipient payloads, send queues, or provider message IDs.
  • Issue #175 adds broadcast preview and unsubscribe-footer safety records without personalized bodies, send queues, or provider message IDs.
  • Issue #177 adds broadcast delivery queue readiness contracts without live queue producers or provider sends.
  • Issue #183 adds broadcast delivery-batch dry runs without recipient payloads, queue messages, or provider sends.
  • Issue #189 adds dry-run delivery queue message evidence without Cloudflare Queue dispatch, recipient payloads, provider sends, or provider message IDs.
  • Issue #191 adds dispatch preflight dry runs without Cloudflare Queue dispatch, recipient payloads, provider sends, or provider message IDs.
  • Issue #197 adds dispatch attempt receipts without Cloudflare Queue producers, queue payload bodies, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #199 adds sender-domain readiness gates without private DNS credentials, Cloudflare Queue producers, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #201 adds provider-event readiness gates without provider secrets, raw provider payloads, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #203 adds provider rate-limit readiness gates without provider secrets, provider limit secrets, raw provider payloads, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #205 adds provider response readiness gates without provider secrets, raw response bodies, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #207 adds send-payload readiness gates without raw recipient identity, recipient payloads, personalized bodies, raw payload bodies, provider sends, provider responses, or provider message IDs.
  • Issue #209 adds Queue producer readiness gates without enabling Cloudflare Queue producers, Queue messages, queue payload bodies, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #211 adds Queue consumer readiness gates without enabling Cloudflare Queue consumers, Queue message consumption, acks, retry/dead-letter rows, queue payload body reads, recipient payloads, provider sends, provider responses, or provider message IDs.
  • Issue #253 adds owner-confirmed import intent records without creating contacts, storing raw rows/emails, enrolling sequences, or sending email.
  • Issue #259 adds owner-confirmed import preflight evidence without creating contacts, storing raw rows/emails, creating subscriber rows, exporting private data, enrolling sequences, or sending email.
  • Issue #347 adds aggregate audience export readiness without creating export files, exposing raw emails, subscriber IDs, or export URLs.
  • Issue #351 adds aggregate sequence delivery readiness without scheduling steps, creating recipient payloads, personalized bodies, unsubscribe URLs, queue payloads, provider sends, or provider message IDs.
  • Codex project email in issue #10 is separate from publisher/customer email workflows.
ActiveIssue #18

Analytics, A/B testing, and conversion tracking

Privacy-safe analytics event capture, session-idempotent funnel page-view beacons with deterministic variant and normalized source attribution evidence, dashboard-visible fixed-window aggregate source breakdowns, deterministic seeded experiment assignment, aggregate funnel conversion reports, aggregate report exports, owner-reviewed cohort comparison evidence, owner-reviewed alert threshold/anomaly-review evidence, owner-reviewed notification delivery readiness evidence, owner-confirmed notification inbox records, owner-confirmed dispatch preflights, owner-reviewed provider/domain readiness records, owner-reviewed content/consent readiness records, owner-reviewed send-payload readiness records, owner-reviewed queue-producer readiness records, owner-reviewed queue-consumer readiness records, owner-reviewed provider-call readiness records, owner-reviewed delivery-attempt readiness records, owner-reviewed delivery-result readiness records, owner-reviewed delivery-status-webhook readiness records, owner-reviewed provider-polling readiness records, owner-reviewed receipt-payload readiness records, owner-reviewed delivery-receipt readiness records, owner-confirmed experiment decision evidence, attribution boundaries, and source-linked reporting.

Feature IDfeature-analytics-testing
Next milestoneAdd analytics notification provider-status reconciliation readiness only after delivery-receipt readiness keeps provider sends/calls, provider responses, provider message IDs, delivery receipts, status webhooks, provider polling, raw receipt payloads, provider secrets, sender credentials, recipients, email bodies, queues, customer alerts, and sends disabled.
  • Tracked by issue #18.
  • Issue #87 adds the first `/analytics/source-data` contract and `/analytics/indie-launch-dashboard` preview scaffold.
  • Issue #105 adds `POST /api/analytics/events` with seeded event validation, idempotency, hashed request evidence, and aggregate-only source-data reporting.
  • Issue #107 adds `POST /api/analytics/assignments` with seeded experiment validation, deterministic weighted variant assignment, hashed visitor evidence, and aggregate-only assignment reporting.
  • Issue #119 adds aggregate funnel conversion report rows from captured test events without exposing raw analytics rows.
  • Issue #121 adds browser-side funnel page-view beacons with server-side bot and preview suppression.
  • Issue #123 attaches deterministic seeded assignment evidence to captured funnel page views and exposes aggregate variant counts.
  • Issue #125 attaches normalized UTM/source attribution to captured funnel page views and exposes aggregate source counts.
  • Issue #127 renders aggregate source attribution rows in the analytics dashboard preview.
  • Issue #129 adds fixed all-time, 24-hour, 7-day, and 30-day aggregate source and conversion windows to source-data and the dashboard preview.
  • Issue #261 adds owner-confirmed experiment decision evidence without routing traffic, assigning cookies, selecting automated winners, exposing raw event rows, or exposing raw assignment rows.
  • Issue #263 adds aggregate report export metadata and fixture cohort comparison definitions without raw analytics exports.
  • Issue #265 adds owner-reviewed cohort comparison evidence without raw analytics exports, automated winners, or revenue claims.
  • Issue #267 adds owner-reviewed alert threshold and anomaly-review evidence without automated alerts, traffic routing, automated winners, or revenue claims.
  • Issue #269 adds owner-reviewed notification delivery readiness evidence without alert sends, inbox writes, traffic routing, automated winners, or revenue claims.
  • Issue #271 adds owner-confirmed notification inbox records without owner email sends, queue dispatch, customer alerts, recipients, email bodies, traffic routing, automated winners, or revenue claims.
  • Issue #284 adds owner-confirmed notification dispatch preflights without owner email sends, provider calls, queue dispatch, customer alerts, recipients, email bodies, provider message IDs, queue payloads, traffic routing, automated winners, or revenue claims.
  • Issue #286 adds owner-reviewed provider/domain readiness records without provider configuration, provider secrets, sender credentials, private DNS credentials, provider sends, provider calls, queue dispatch, customer alerts, recipients, email bodies, provider message IDs, queue payloads, traffic routing, automated winners, or revenue claims.
  • Issue #288 adds owner-reviewed content/consent readiness records without body templates, unsubscribe URLs, owner email sends, provider sends, provider calls, queue dispatch, customer alerts, recipients, email bodies, provider message IDs, queue payloads, traffic routing, automated winners, or revenue claims.
  • Issue #290 adds owner-reviewed send-payload readiness records without creating recipient payloads, personalized bodies, raw payload bodies, queue messages, provider responses, owner email sends, provider sends, provider calls, queue dispatch, customer alerts, recipients, email bodies, provider message IDs, queue payloads, traffic routing, automated winners, or revenue claims.
  • Issue #292 adds owner-reviewed queue-producer readiness records without enabling Queue producers, creating queue messages or queue payload bodies, dispatching queues, calling providers, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
  • Issue #294 adds owner-reviewed queue-consumer readiness records without enabling Queue consumers, consuming or acknowledging Queue messages, creating retry/dead-letter rows, reading queue payload bodies, calling providers, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
  • Issue #297 adds owner-reviewed provider-call readiness records without enabling provider sends or calls, configuring providers, storing provider secrets or sender credentials, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
  • Issue #299 adds owner-reviewed delivery-attempt readiness records without enabling provider sends or calls, attempting delivery, configuring providers, storing provider secrets or sender credentials, creating provider responses, sending owner email, exposing recipients, or making revenue claims.
  • Issue #301 adds owner-reviewed delivery-result readiness records without enabling provider sends or calls, attempting delivery, creating delivery results, processing status webhooks, polling providers, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, creating delivery receipts, sending owner email, exposing recipients, or making revenue claims.
  • Issue #303 adds owner-reviewed delivery-status-webhook readiness records without enabling provider sends or calls, attempting delivery, creating delivery results, processing delivery-status webhooks, polling providers, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, creating delivery receipts, sending owner email, exposing recipients, or making revenue claims.
  • Issue #305 adds owner-reviewed provider-polling readiness records without enabling provider sends or calls, attempting delivery, processing delivery-status webhooks, polling providers, creating delivery receipts, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
  • Issue #307 adds owner-reviewed receipt-payload readiness records without enabling provider sends or calls, attempting delivery, polling providers, processing status webhooks, creating delivery receipts, exposing receipt payloads, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
  • Issue #309 adds owner-reviewed delivery-receipt readiness records without enabling provider sends or calls, attempting delivery, polling providers, processing status webhooks, creating delivery receipts, exposing receipt payloads, configuring providers, storing provider secrets or sender credentials, creating provider responses, exposing provider message IDs, sending owner email, exposing recipients, or making revenue claims.
ActiveIssue #19

Affiliate and referral management

Affiliate/referral contract, partner profiles, referral links, privacy-safe click capture, checkout attribution evidence, review-only commission ledger evidence, owner review/reversal actions, public-safe partner reports, read-only payout preparation, owner-confirmed payout preparation records, owner-reviewed fraud review records, owner-reviewed partner notification readiness records, owner-reviewed partner notification send preflight records, owner-reviewed notification provider readiness records, attribution boundaries, payout review, and fraud checks.

Feature IDfeature-affiliates-referrals
Next milestoneAdd private payout account, tax, partner notification provider-send configuration, provider secret storage, and eventual fraud-enforcement contracts only after owner-reviewed notification provider readiness records stay redacted and non-sending.
  • Tracked by issue #19.
  • Issue #89 adds the first `/affiliates/source-data` contract and `/affiliates/indie-launch-partners` preview scaffold.
  • Issue #109 adds `POST /api/affiliates/clicks` with seeded referral link validation, idempotency, hashed request evidence, and aggregate-only click reporting.
  • Issue #111 attaches validated referral click evidence to sandbox checkout intents without creating commissions.
  • Issue #113 creates review-only commission ledger evidence from trusted checkout attribution without making commissions payable.
  • Issue #115 adds owner-gated review, hold, and reversal actions without creating payout state.
  • Issue #193 adds public-safe partner reports without exposing buyer, payout, tax, Stripe, raw click, raw checkout, or private actor data.
  • Issue #195 adds read-only payout preparation without Stripe payouts, payout account storage, tax collection, partner notifications, payable commission finalization, or direct agent writes.
  • Issue #273 adds owner-confirmed payout preparation records without payable commission state, Stripe payouts, payout account storage, tax collection, partner notifications, buyer data, raw ledger rows, fraud enforcement, or direct agent writes.
  • Issue #275 adds owner-reviewed fraud review records without fraud enforcement, payable commission state, Stripe payouts, payout account storage, tax collection, partner notifications, buyer data, raw ledger/click/checkout rows, private fraud signals, or direct agent writes.
  • Issue #277 adds owner-reviewed partner notification readiness records without partner sends, provider calls, queue dispatch, recipient emails, message bodies, provider message IDs, fraud enforcement, payable commission state, Stripe payouts, payout accounts, tax data, buyer data, raw rows, private fraud signals, or direct agent writes.
  • Issue #279 adds owner-reviewed partner notification send preflight records without partner sends, provider-send enablement, provider calls, send payloads, queue dispatch, recipient emails, message bodies, provider message IDs, fraud enforcement, payable commission state, Stripe payouts, payout accounts, tax data, buyer data, raw rows, private fraud signals, or direct agent writes.
  • Issue #281 adds owner-reviewed notification provider readiness records without provider configuration, provider secrets, sender credentials, partner sends, provider-send enablement, provider calls, send payloads, queue dispatch, recipient emails, message bodies, provider message IDs, fraud enforcement, payable commission state, Stripe payouts, payout accounts, tax data, buyer data, raw rows, private fraud signals, or direct agent writes.

Blocked

Blocked

Known unblock condition is public-safe and specific.

Next

Next

Queued near-term because later work depends on it.

Planned

Planned

Tracked parity work with an issue, but not active yet.

Public contract

Roadmap state is useful only when it stays falsifiable.

Source data

Issue backed

Every item has a GitHub issue. Future admin data should update these records rather than forking the story.

Agent readable

/roadmap/source-data exposes the same IDs, status, evidence, and Mark-attention caveats for agents.

No private leakage

Public roadmap notes summarize blockers without exposing secrets, raw provider data, or private inbox content.