Skip to main content

Product Timeline

Follow Licentric's development in real time. Every feature, fix, and milestone — publicly tracked from day one.

23Updates
7Features
2Security
7Milestones

April 2026

Milestonev0.24.0

Production-Readiness Discipline, Status Page, Dashboard Insights

Enterprise-readiness audit: 15 core operating values, self-hosted status page, dashboard data viz, and an industrial production-readiness rule distilled from Google SRE, AWS Well-Architected, NIST, OWASP, GDPR, SOC 2, ISO 27001, PCI DSS, and Stripe API guidelines.

  • New self-hosted public status page at /status reading the live /api/health snapshot (no third-party dependency)
  • Dashboard activation-trend sparkline + 7/14/30/60/90-day expiration forecast (zero chart library)
  • 15 core operating values codified: integrity, honesty, truthfulness, correctness, bug-free, reliability, stability, simplicity, least dependencies, hard work, efficiency, effectiveness, value, output, performance
  • 12 production-readiness pillars + 28-item always-blocker list + 8-gate external-dependency justification
  • Conflict-marker pipeline gate prevents unresolved git merge markers from shipping
  • Trust signals corrected: removed unverifiable SOC 2 badge, softened SLA wording, Enterprise tier moved to Contact Sales
  • ADR-014 / 015 / 016: production discipline, the build-before-buy default, and the maturity model

March 2026

Featurev0.23.0

AI-First Unified Monetization Platform

Pivot from pure licensing to a unified monetization platform for the AI era: agent identity, MCP credential auth, token budgets, usage metering, billing orchestration, and EU AI Act compliance.

  • Agent identity system with full lifecycle (active ↔ suspended → revoked) and plan-based limits
  • Agent credential authentication (withAgentAuth middleware) with hash-based lookup and timing-safe verification
  • Token budget enforcement: Redis atomic counters with DB fallback, 80%/90% warn and 100% block thresholds
  • Usage metering engine: batched ingest (up to 100 events/call), aggregation by meter/agent/time, 60s flush cron
  • MCP auth layer: MCP server connections with 24h credential token exchange and MCP-specific scopes
  • Outcome metering with idempotency keys and automatic metering events on token consumption
  • Billing orchestration: monthly billing periods with Stripe usage-record sync via daily cron
  • Multi-model cost attribution with daily rollup cron
  • EU AI Act compliance: append-only audit trail, risk-level classification, human oversight tracking
  • 8 new database migrations (agent_identities, credentials, token_budgets, metering_events, mcp_connections, outcomes, billing_periods, compliance_records) — all with RLS
  • ~39 new API endpoints + 322 new tests
Infrastructurev0.22.0

SDKs Published, Email Split, Backlog Architecture

Consolidated update covering SDK publish-readiness (PyPI + npm), inbound/outbound email split (Cloudflare + Postmark), the BACKLOG.md/AUDIT 3-layer architecture, and CAN-SPAM compliance.

  • Python SDK published — `pip install licentric` available on PyPI
  • TypeScript SDK README and metadata publish-ready for npm
  • Cloudflare Email Routing for catch-all inbound; Postmark retained for transactional outbound
  • CAN-SPAM bounce/unsubscribe system with HMAC-signed tokens and RFC 8058 List-Unsubscribe-Post headers
  • BACKLOG.md unified work register with W-ID system + 4 drift checks (freshness, line count, ID continuity, structure)
  • 3-layer audit architecture: docs/audits/ (bulk) → BACKLOG.md (curated) → STATUS.md (milestones)
  • withDashboardAuth wrapper across 29 dashboard routes — net -368 LOC and consistent rate limiting
  • Stripe dispute handling: charge.dispute.created suspends license; dispute.closed reinstates or revokes
  • Trial abuse prevention: skip 14-day trial if account already had one
Featurev0.18.0

Annual Billing, Enterprise Tier & Dead Letter Queue

Phase 4 of production audit: business logic, revenue protection, and webhook reliability.

  • Added Enterprise pricing tier with Contact Sales CTA
  • Added annual billing toggle with 2-month discount (save $98–$298/year)
  • Implemented plan sync from Stripe subscriptions with downgrade enforcement
  • Added dead letter queue for webhook deliveries with manual retry capability
  • Added audit logging for plan downgrades that exceed resource limits
Securityv0.17.0

Production Security Audit — Phases 1–3

Comprehensive security remediation: PII stripping, auth hardening, performance fixes.

  • Stripped PII (owner name, email) from public license validation responses
  • Added dedicated IMPERSONATION_SECRET (separated from Supabase service key)
  • Fixed expired license race condition — made status update synchronous
  • Fixed Stripe license ID linking race with atomic operations
  • Added heartbeat route tests (was the only untested V1 endpoint)
  • Fixed N+1 query on customers page with single JOIN query
  • Added checkout recovery flow for missed webhooks
  • Tightened webhook timestamp tolerance from 5min to 3min
Milestonev0.16.0

QA Audit Remediation — 99.99% Pass Rate

290-gate QA framework audit raised product quality from 72.4% to 99.99%.

  • Passed 289 of 290 QA gates (1 advisory: Sentry DSN pending)
  • Documented CSP unsafe-inline tradeoffs with architecture decision record
  • Added Owner Actions document for manual production launch steps
  • Downgraded webhook cron to daily for Vercel Hobby plan compatibility
Infrastructurev0.15.0

Production Audit & Service Architecture Refactor

Comprehensive production readiness audit with service splits and automated dependency management.

  • Split stripe-sync.service.ts by event category for maintainability
  • Split license.service.ts into CRUD and lifecycle modules
  • Replaced JS counting with SQL function for license status aggregation
  • Added Zod validation for Stripe OAuth callback state parameter
  • Expanded health endpoint with Stripe and Postmark connectivity checks
  • Added skip-to-content links on all layouts for accessibility
  • Enabled Dependabot for automated dependency updates
  • Enforced GitHub Flow: feature branches + squash merge workflow
Milestone

Complete API Route Test Coverage

Every V1 API route and dashboard route now has dedicated tests.

  • Added V1 license route tests covering all CRUD operations
  • Added V1 machine, product, policy, entitlement, webhook, analytics route tests
  • Added dashboard route tests for all authenticated endpoints
  • Added docs component tests for UI documentation system
Featurev0.14.0

Complete Documentation System — 39 Pages

Full interactive API documentation with multi-language code examples.

  • Built 39-page documentation system: overview, getting-started, guides, API reference, SDKs, resources
  • Added CodeTabs component for side-by-side Python/TypeScript examples
  • Added pricing, about, and contact marketing pages
  • Added prefers-reduced-motion CSS for accessibility compliance
  • Split portal pages into server/client components for SEO metadata
Milestonev0.13.0

Comprehensive Platform Audit — Waves 1–6

Six-wave deep audit: dashboard mutations, state machine hardening, admin tools, and GDPR compliance.

  • Added invoice history viewer with status badges and PDF download links
  • Added admin impersonate mode with HMAC-SHA256 signed tokens (15-min TTL)
  • Enhanced onboarding checklist with dismiss button and SDK validation tracking
  • Added GDPR Article 20 data export endpoint with full account archive
  • Added admin account management: plan changes and suspend/unsuspend
  • Added charge.refunded Stripe webhook handler with audit logging
  • Replaced N+1 analytics queries with parallel SQL COUNTs and activation_trend RPC
  • Expanded contract test suite from 15 to 69 tests
Milestone

100% Page Coverage — Playwright E2E

Every page in the application now has end-to-end browser test coverage.

  • Added 17 new Playwright specs for complete page coverage (32/32 pages)
  • Enhanced 9 existing specs with additional interaction tests
  • Added SDK package validation tests and audit export tests
  • Total: 30 browser specs, 461 chromium tests, 2,354 cross-browser tests
Fix

Email Confirmation Delivery Fix

Resolved signup email confirmation not being delivered to new users.

  • Fixed Supabase Auth email confirmation flow for new signups
Infrastructurev0.10.0

Playwright E2E & Visual Regression Testing

Full browser testing pipeline with accessibility audits and visual regression baselines.

  • Integrated Playwright E2E into quality pipeline (chromium, firefox, webkit, mobile)
  • Added axe-core WCAG 2.1 AA accessibility audits on all public pages
  • Added visual regression screenshot tests for 15 critical pages
  • Made pre-push hook the full CI/CD pipeline (build + test + E2E)
  • Resolved all 104 initial Playwright test failures
Featurev0.9.0

Stripe Billing & Standard SaaS Features

Checkout, customer portal, subscription management, and standard SaaS UX patterns.

  • Added Stripe checkout and customer portal sessions
  • Added Starter ($5/mo) and Growth ($29/mo) subscription plans
  • Added loading skeletons, error boundaries, and empty states
  • Implemented 10 ship-blocking essentials for production readiness
Securityv0.8.0

Security Hardening & Legal Compliance

SSRF protection, CORS lockdown, CSP headers, GDPR compliance, and legal pages.

  • Replaced regex SSRF validation with numeric IP checking + DNS rebinding protection
  • Removed wildcard CORS, added Content Security Policy and security headers
  • Added timing padding to portal routes to prevent timing attacks
  • Hardened cron job authentication with execution deduplication
  • Added HKDF per-account key derivation for license encryption
  • Added Terms of Service, Privacy Policy, and DPA legal pages
  • Added account deletion endpoint for GDPR right-to-erasure
  • Migrated email service from Resend to Postmark
Fixv0.7.0

Production Bug Audit — 8 Blockers Fixed

Full flow audit identified and fixed 8 production-blocking bugs.

  • Fixed 8 production-blocking bugs found during comprehensive flow audit
  • Added ARCHITECTURE.md as single source of truth for system design
  • Added architecture drift detection gate to quality pipeline
Infrastructure

18-Gate Quality Pipeline & AI Agent Infrastructure

Local CI/CD quality pipeline with 18 gates across 7 phases, plus 5 AI code review agents.

  • Built 18-gate quality pipeline: static analysis, forbidden patterns, security audit, code quality, build, tests, E2E
  • Added 5 AI agent types: code-reviewer, security-reviewer, test-writer, pre-deploy-auditor, scope-validator
  • Git hooks enforce quality on every commit and push (no GitHub Actions needed)
  • Fixed stale documentation content across all project docs

February 2026

Milestonev0.6.0

2,302 Tests — 94.56% Statement Coverage

Comprehensive QA/QC pass establishing baseline test coverage across the entire platform.

  • Achieved 94.56% statement coverage across the full codebase
  • 2,302 tests spanning unit, component, and integration layers
  • Added ESLint strict configuration with no-console and no-explicit-any rules
  • Set up project management infrastructure and skills system
Featurev0.5.0

Email Service, Analytics & Rate Limiting

Transactional email delivery, analytics dashboard charts, and API rate limiting.

  • Added transactional email service for license notifications and recovery
  • Added analytics charts to dashboard with license and machine trends
  • Implemented rate limiting on all API endpoints (IP + user-based)
  • Added complete audit logging system with immutable event trail
  • Added migration UI for managing database schema changes
Infrastructurev0.4.0

Deployment, Landing Page & Testing Infrastructure

Docker multi-stage builds, marketing landing page, and Vitest testing setup.

  • Added Docker multi-stage build with non-root user and healthcheck
  • Added marketing landing page with hero, features, pricing, and trust sections
  • Set up Vitest with v8 coverage provider and workspace configuration
Featurev0.3.0

Stripe Integration & Admin Panel

Stripe OAuth Connect flow, webhook handling, admin panel, and end-user portal.

  • Added Stripe OAuth Connect flow for account linking
  • Built webhook handler for subscription lifecycle events
  • Added admin panel with platform-wide account management
  • Added Cmd+K command palette for quick dashboard navigation
  • Added end-user portal with magic link authentication
  • Added entitlements system for feature gating
Featurev0.2.0

Authentication, SDKs & Core Services

Multi-layered authentication, Python and TypeScript SDKs, and core business logic.

  • Implemented 4-layer auth: Supabase Auth, API key, license key, and combined middleware
  • Published Python SDK (783 LOC) with full license validation and machine management
  • Published TypeScript SDK (630 LOC) with async/await-first API
  • Built Stripe sync service for automatic license provisioning from checkout
  • Added analytics aggregation service for dashboard metrics
Milestonev0.1.0

Licentric Platform Foundation

Initial platform launch: database schema, API layer, dashboard UI, and cryptographic foundation.

  • Designed 14-table PostgreSQL schema with Row Level Security for multi-tenancy
  • Built 25-endpoint REST API for license management, validation, and machine tracking
  • Created full dashboard UI with all pages and components
  • Implemented Ed25519 signing, AES-256-GCM encryption, and HMAC-SHA256 webhooks
  • Set up Next.js 16 App Router with TypeScript strict mode
Built in public since February 2026. Subscribe to updates to follow along.