Changelog

Everything we ship

Every notable change to Growth Pilot — features, security and performance. Format inspired by Keep a Changelog.

Up next

Unreleased

Hardening and public-surface work: security first, then the SEO and platform assets.

Security
  • Row-level security enabled on all 24 tables — closing a PII exposure via the public Supabase REST API. Security advisor: 0 errors.
  • HTTP security headers (HSTS, X-Frame-Options, nosniff, Referrer-Policy, Permissions-Policy) and poweredByHeader disabled.
Added
  • Public /showcase gallery — an SEO directory of Growth Loops, filterable by type, seeded with 12 teardowns of famous loops.
  • Tracked referrals — a /r/[slug] route (REFERRAL_VISIT event credited to the org, attribution cookie, UTM) plus a “Built with Growth Pilot” watermark.
  • /mcp landing page for the MCP server — the agent-native wedge.
  • /api/health — health endpoint (DB ping) for uptime monitors.
  • JSON-LD structured data — Organization/WebSite/SoftwareApplication (global), ItemList (showcase), BlogPosting/CreativeWork/BreadcrumbList.
  • Error boundaries across the app.
  • “Book a demo” button (Calendly-backed, dormant until configured).
  • CI on GitHub Actions (lint + typecheck + tests + build) and Dependabot.
  • Playwright E2E suite — 18 tests covering public journeys and hardening.
  • Repo hygiene: professional README, SECURITY.md, LICENSE, CONTRIBUTING, .editorconfig, .nvmrc, Node ≥ 20 engines, PR template.
Performance
  • Covering indexes on 5 foreign keys (Supabase performance advisor).

v1.0.0

MVP — Epics 1 to 12

The full product base, shipped and deployed on Vercel.

Added
  • AAARRR Cockpit — all 6 sections live from GA4 and Stripe.
  • Growth Loops — visual builder, Monte-Carlo simulator, versioning and public loops.
  • A/B Testing with statistical significance.
  • Agile Missions — Kanban, sprints, burndown.
  • Editorial CMS and public blog.
  • Multi-tenant — Clerk Organizations, roles, strict anti-IDOR isolation.
  • Stripe Billing with self-serve checkout and customer portal.
  • Integrations (Clarity, Hotjar, GA4, Looker, Sheets) with token encryption.
  • Goals & Alerts — the proactive cockpit.
  • Platform: public REST API v1, MCP server, signed webhooks (Enterprise).

Watch your own metrics move next

Start free and see the cockpit on your own GA4 and Stripe data.

Start free