What's shipped, in progress, and planned.

Currently shipping

Shipped

Recent milestones, with dates from CHANGELOG.md.

Customer-meaningful product milestones. For the full per-release history (including low-level fixes), see /changelog.

• Landing page visual polish — 30 issues across desktop/tablet/mobile

  2026-05-20

  Playwright-evidenced audit produced 30 findings; 7 critical, 13 important, 10 polish. Resolves nav text-bleed, hero parallelism, mobile comparison table cut-off, code-block overflow, and pricing card heights across 320px–1920px viewports.

• Playwright regression suite for marketing public routes

  2026-05-20

  Auto-discovers every page.tsx under src/app/(marketing)/ and asserts four invariants per route (200 status, no /auth/login redirect, text/html content-type, non-empty title). 17 routes covered today, count grows automatically with new pages.

• /compare/orb — Orb (withorb.com) comparison page

  2026-05-14

  22-row aspect comparison, TLDR, custom-pricing-tier mapping, 8-bullet honest assessment, and when-to-choose grids. Every Orb claim sourced from a 2026-05-14 WebFetch with verification anchor in the subtitle.

• SDK entitlement helper + license expiry filter + bulk delete (audit gaps G-09/G-10/G-12)

  2026-05-14

  hasEntitlement() helper in both Python and TypeScript SDKs. Expiration-date filter on the license list dashboard. Bulk delete added to the dashboard bulk-action bar with audit-logged succeeded/failed counts.

• Webhook hardening + OpenAPI parity — integrator 360° audit

  2026-05-11

  events field on webhook-endpoint create now enum-constrained (typos fail at subscribe time). Test endpoints use the same envelope as production deliveries. Scalar 'Try It' panel and code-generated SDKs now work against /api/v1 with the correct License Authorization scheme.

• Machine lifecycle hardening — TOCTOU rollback + DELETE idempotency + heartbeat re-check

  2026-05-11

  Same business condition (machine limit exceeded) now returns the same HTTP 422 / MACHINE_LIMIT_EXCEEDED regardless of race timing. DELETE on already-deactivated machines is idempotent. Heartbeat refuses on non-active licenses, freeing floating-license slots on revocation.

• GDPR Article 20 — support_attachments added to data export

  2026-05-11

  Closes a real GDPR compliance gap: customer-uploaded support-ticket attachment metadata is now included in the Article 20 portability export (already in the Article 17 erasure cascade).

• PyPI publish — licentric 0.1.0

  2026-04-26

  Python SDK available via pip install licentric. Two-line integration for license validation against the Licentric API.

• Sentry observability — DSN wired across cron routes + 24 src/ files

  2026-04-27

  Production + Preview environments configured with full Sentry DSN/ORG/PROJECT/AUTH_TOKEN. All 8 cron routes wrapped, captureError invoked across 24 source files for structured error tracking.

• Self-hosted /status page (W-046)

  2026-04-27

  Dynamic snapshot of /api/health rendered at licentric.com/status — eliminates third-party status-page hosting + subprocessor.

• UptimeRobot external uptime monitoring

  2026-04-28

  True external-vantage-point uptime probe (cannot be self-hosted on Vercel without probing ourselves). 5-minute interval against /api/health.

• DNS hardening — DMARC enforce + CAA + DNSSEC

  2026-04-28

  Email-spoofing protection enforced (DMARC p=reject), Certificate Authority Authorization restricted to authorized issuers, DNSSEC enabled for licentric.com.

• Stripe products live — Starter + Growth tiers

  2026-03-15

  $5/$50 (Starter monthly/annual) and $29/$290 (Growth monthly/annual) live with Stripe Checkout, customer portal, and 21-event webhook handler at /api/integrations/stripe/webhook.

In progress

(none currently in progress)

The docs/BACKLOG.md "In Progress" section is currently empty. This is an honest disclosure (per our Pillar 5 Truthfulness commitment) rather than backfilling with in-flight drafts. Work in the Open backlog is still being picked up by priority — see /changelog for what landed most recently.

Planned next

Phase milestones — sourced verbatim from VISION.md §10.

Timelines are stated as VISION.md states them (relative, not absolute). We do not commit to absolute dates we haven't measured against KPIs.

Compliance & trust

Standards we hold, standards we're pursuing.

Sourced verbatim from VISION.md §12. Certifications and standards are claimed only where we've actually completed them.

• GDPR + CCPA

  P0

  Pre-launch (per VISION.md §12)

  Done — Article 17 erasure cascade + Article 20 export verified

• PCI DSS SAQ A

  P0

  Pre-launch (per VISION.md §12)

  Done — Stripe Checkout reduces scope to SAQ-A

• SOC 2 Type II

  P1

  Months 6-12 (per VISION.md §12)

  SOC 2 not yet certified — Type II audit pursued on the timeline above. Estimated cost $20-60K per VISION.md §12.

• EU AI Act readiness

  P1

  Phase 3 (per VISION.md §12)

  Built into platform — audit logs + agent evidence tables already shipped; full enforcement on the regulatory timeline (Aug 2026 phased deadline).

• ISO 27001

  P2

  Year 1-2 (per VISION.md §12)

  Planned (no date committed). EU enterprise requirement driver.