Changelog
Everything we ship
Every notable change to Growth Pilot — features, security and performance. Format inspired by Keep a Changelog.
Up next
UnreleasedHardening and public-surface work: security first, then the SEO and platform assets.
Security
- Row-level security enabled on all 24 tables — closing a PII exposure via the public Supabase REST API. Security advisor: 0 errors.
- HTTP security headers (HSTS, X-Frame-Options, nosniff, Referrer-Policy, Permissions-Policy) and
poweredByHeaderdisabled.
Added
- Public /showcase gallery — an SEO directory of Growth Loops, filterable by type, seeded with 12 teardowns of famous loops.
- Tracked referrals — a
/r/[slug]route (REFERRAL_VISIT event credited to the org, attribution cookie, UTM) plus a “Built with Growth Pilot” watermark. - /mcp landing page for the MCP server — the agent-native wedge.
- /api/health — health endpoint (DB ping) for uptime monitors.
- JSON-LD structured data — Organization/WebSite/SoftwareApplication (global), ItemList (showcase), BlogPosting/CreativeWork/BreadcrumbList.
- Error boundaries across the app.
- “Book a demo” button (Calendly-backed, dormant until configured).
- CI on GitHub Actions (lint + typecheck + tests + build) and Dependabot.
- Playwright E2E suite — 18 tests covering public journeys and hardening.
- Repo hygiene: professional README, SECURITY.md, LICENSE, CONTRIBUTING, .editorconfig, .nvmrc, Node ≥ 20 engines, PR template.
Performance
- Covering indexes on 5 foreign keys (Supabase performance advisor).
v1.0.0
MVP — Epics 1 to 12The full product base, shipped and deployed on Vercel.
Added
- AAARRR Cockpit — all 6 sections live from GA4 and Stripe.
- Growth Loops — visual builder, Monte-Carlo simulator, versioning and public loops.
- A/B Testing with statistical significance.
- Agile Missions — Kanban, sprints, burndown.
- Editorial CMS and public blog.
- Multi-tenant — Clerk Organizations, roles, strict anti-IDOR isolation.
- Stripe Billing with self-serve checkout and customer portal.
- Integrations (Clarity, Hotjar, GA4, Looker, Sheets) with token encryption.
- Goals & Alerts — the proactive cockpit.
- Platform: public REST API v1, MCP server, signed webhooks (Enterprise).
Watch your own metrics move next
Start free and see the cockpit on your own GA4 and Stripe data.
Start free