// ROADMAP · LIVE · SAME SOURCE AS MISSION CONTROL

What ships, when.

This page is rendered from the same lib/roadmap.ts that drives Mission Control. When items move there, they move here. No spin, no marketing edits.

alpha 1

10/10

foundation

alpha 2

7/7

social + economy

alpha 3

15/15

production hardening

alpha 4

10/12

real product loop

beta 1

1/6

open invite

beta 2

1/5

scoring maturity

beta 3

0/7

quality polish

pre-release

1/8

money path

1.0

0/7

full release

post-1.0

0/6

ongoing iteration

alpha 1

you + Claude shipping the first usable surface

DONE Google OAuth + magic-link auth — Direct Google OAuth shipped — consent screen branded millefold.com (not the supabase.co project URL). Supabase fallback removed once verified. Magic-link still live as email-only fallback.
DONE Dashboard hero + KPI tiles + sparklines
DONE Assets + liabilities CRUD + CSV import
DONE Net-worth snapshots + history chart
DONE Multi-currency (Frankfurter ECB rates)
DONE Settings: country + default currency
DONE Mission Control + admin gate
DONE Newsletter sender + waitlist
DONE OG / L11 / L12-architect badges
DONE First security audit pass

alpha 2

first invited users

DONE Public profiles + slug + avatar upload
DONE Friends / opt-in shared tracking pages
DONE Wishlist (aspirational items)
DONE Saved pies (named portfolio views)
DONE Founder cohort + slot economy (50 base + 10/referral)
DONE Referral attribution via ?ref=<slug>
DONE Per-profile OG images for shares

alpha 3

infrastructure layer

DONE /privacy + /terms + /docs + /contact + /status pages
DONE GDPR data export + account deletion
DONE Per-user newsletter unsubscribe tokens
DONE Error pages (404 / 500 / global-error)
DONE Onboarding ladder on first dashboard load
DONE Email provider swap to Brevo + live usage panel
DONE Brevo: signup + domain + API key in Wrangler
DONE Mission Control password gate (24h HMAC session)
DONE Supabase service role key in Wrangler
DONE VAPID keys for Web Push
DONE Weekly digest cron via GitHub Actions
DONE Cloudflare WAF rate-limit + scanner-probe rules
DONE Admin role granted to business identity (hello@millefold.com)
DONE Full security audit pass (Supabase linter clean)
DONE Zero-knowledge encryption at rest (AES-256-GCM, per-user keys) — Every sensitive ledger value (asset/liability names + amounts, snapshot totals, wishlist, pies) is stored only as ciphertext — plaintext columns dropped 2026-06-01 after a verified read-switch. The DB / a service-role compromise / a subpoena yields ciphertext, not net worths. App decrypts per-user in the Worker; reads, writes, crons + GDPR export all encrypted-only.

alpha 4

5-20 invited users actually using it daily

DONE Real scoring algorithm — replace stub — Flexible discipline score live (lib/scoring.ts computeDisciplineScore): weighted average over only the inputs applicable to each user — inapplicable ones (no debt, income/dividend tracking not wired, <3-day history) drop out and their weight is redistributed, so nobody is penalised for a feature they don't use. net_worth_ratio / debt_quality / allocation_spread / habit_consistency compute today; savings_rate + reinvestment light up when income/dividend tracking lands. Weights 25/20/15/20/10/10. Displayed breakdown + the number are one source of truth.
DONE Snapshot history filling out + insights surfacing — Range toggle (7d/30d/90d/all), milestones crossed list, biggest swing callout — all live on dashboard.
DONE Error monitoring (Sentry vs PostHog vs Highlight) — PostHog EU live — server-side captures via fetch in instrumentation.ts ($exception_list format), client-side via posthog-js with capture_exceptions. Vendor picked, smoke-tested, key in Wrangler.
DONE Donate button (instead of paid tier for now) — Buy Me a Coffee live at /support — slug buymeacoffee.com/millefold. Donate link in landing footer + dedicated /support page in megaeth-raw aesthetic. Defers monetization until product is mature.
IN_FLIGHT Dashboard design polish (Snowball + StockEvents inspired) — Shipped sparklines + KPI tiles + Upcoming + holdings table + donut + bottom mobile nav. Iteration based on actual usage.
DONE Portfolio history backfill — manual + CSV — /dashboard/history: pick past date + assets/liabs OR upload date,net_worth CSV. Bulk upsert. Existing-date rows overwrite.
DONE Long-range projection chart (20-40y) — ProjectionPreview now a curve chart with horizon slider (5-40y), monthly contribution + return inputs, milestone cards at +10/+20/+30/+40y.
IN_FLIGHT Per-category history + projection filter — History filter SHIPPED — encrypted per-category breakdown captured per snapshot (Option A: breakdown_enc JSON blob) + capture-on-mutation; history chart filters by asset category. Remaining: projecting a single category forward (needs per-category growth assumptions — folds into the PAID personal-projection work).
DONE Personal projection — weighted historical return from your holdings (PAID) — Shipped + verified live 2026-06-09. lib/personal-projection.ts computes the blend — broker-ticker holdings get a real 10y price CAGR (Yahoo Finance dailies cached in market_price_history, price-only ex-dividends; Stooq demoted to fallback after its anti-bot wall was found to have silently broken ALL price fetching), the rest use stated per-class assumptions; weights are FX-converted values, computed server-side (values encrypted at rest). PERSONAL preset (PAID badge) + holding-by-holding breakdown table on /dashboard/projection. Gate = paid plan OR founder cohort (lib/entitlements.ts); locked /pricing upsell otherwise. Trial-countdown mechanics live in the pre-release paid-tier definition item.
DONE Custom portfolio sandbox — what-if path comparison (PAID) — Shipped + verified 2026-06-09: /dashboard/sandbox races CURRENT vs ALT A vs ALT B on one chart + end-state table (final value, Δ vs current). Slices from your holdings (keep their HIST/ASSUMED rates), asset classes (stated assumptions), live ticker lookup (real 10y price CAGR via server action — Yahoo-backed, verified end-to-end from prod egress), or custom rates; weight inputs + normalize-to-100. Same entitlement gate as PERSONAL. Engine + edge cases verified via scripts/verify-sandbox.mts. Not yet: drag-and-drop, saving portfolios.
DONE Account email verification + recovery flow polish — Callback returns specific error codes, login page surfaces them, check-email state shows the address + resend cooldown + lost-access escape hatch.
DONE Activity feed for friends (level-ups visible) — activities table + SECURITY DEFINER feed function. /dashboard/activity shows my events + followees' level-ups / OG claims / follows.

beta 1

first 100-1000 founders (cohort filling)

TODO Frictionless onboarding flow (3-step max)
IN_FLIGHT Founder cohort filling milestone tracking + visible counter
DONE Pagination + optimistic UI on lists
TODO First-1000 L8+ OG badges starting to fan out
IN_FLIGHT Public roadmap iterated from real user feedback
TODO Bug bash from observed errors (after error monitoring lands) — Unblocked — error monitoring (PostHog EU) is live. Triage real captured exceptions once invited users generate traffic.

beta 2

active 1000-cohort users

BLOCKED Real scoring algorithm tuned with first-1000 data
TODO Score insights — what's driving your number + how to improve
DONE Web Push activated (notifications on level-up + OG claim) — Verified end-to-end in Firefox 2026-05-20 — VAPID JWT + RFC 8291 aes128gcm via Web Crypto, real notification landed via Mission Control test. Fires on level-up + OG claim via Next after(). Chrome has its own FCM connectivity quirks on some devices; Firefox path is the reliable reference.
IN_FLIGHT Weekly digest emails firing to opted-in subscribers — Cron live, route works, no scheduled sends yet because no eligible subscriber history
TODO More category nuance + sub-categories

beta 3

beta users + a11y testers

IN_FLIGHT i18n full translation rollout (LT first, then NB/PL/SV/DE) — Scaffold + EN/LT dictionaries shipped. Translation of every public page coming.
TODO Customizable / draggable dashboard layout — Users move widgets around interactively (or via settings) — what to show on top, what to hide. Trading-212-style flexibility.
IN_FLIGHT Mobile responsive 3rd pass + tap-target audit
TODO Accessibility audit (WCAG AA)
TODO Performance audit (Lighthouse, edge caching, image sizes)
IN_FLIGHT Help docs expanded with workflows + screenshots
TODO Public feedback form on /roadmap

pre-release

founders + invited beta — gating starts

BLOCKED Stripe signup + product + price IDs + secrets in Wrangler
TODO Paid tier definition — PERSONAL projection + custom portfolio sandbox — First paid features: weighted-CAGR personal projection + what-if portfolio comparison. Free trial 3-7 days then gated. Trial countdown UI + paid-only badges on relevant chart buttons.
DONE Stripe checkout + webhook + plan enforcement (code already shipped) — Activates the moment STRIPE_SECRET_KEY + STRIPE_PRICE_ID_PRO land in Wrangler.
TODO Donate button removed; subscribe replaces it
TODO Plan-aware slot enforcement (paid = unlimited or higher cap)
TODO Refund + cancellation flow tested end-to-end
TODO Pricing page + comparison table
TODO PDF upload + AI extraction (PAID) — Paid-tier feature: upload broker / bank PDFs (annual statements, transaction PDFs from sources that don't expose CSV) and extract structured rows via Claude API. Cost stays variable — only billed when a user actually uploads. Per-page cost ~€0.005-0.05 on Haiku/Sonnet depending on accuracy tier. Build the upload-pipeline carcass now, wire AI later. Free tier stays CSV-only. See Inbox/(C) PDF upload paid feature.

1.0

anyone

BLOCKED Connected broker accounts (SnapTrade or Plaid)
BLOCKED Verified L11 arbitrage mechanic activates (real broker data)
TODO Live market prices replacing manual current_value
TODO Dividend events calendar (Snowball-style)
TODO Public launch — content + SEO + marketing site polish
IN_FLIGHT Customer support flow scaled (status page + support inbox)
IN_FLIGHT Backup + disaster recovery runbook drilled

post-1.0

all users

TODO User-requested features triaged via feedback loop
TODO Cross-product ecosystem integration (friend's prices/strategy site)
TODO Tax framing + locale-aware capital gains math
TODO Mobile native apps (if web tells us they're needed)
TODO Family / household tracking (multi-user portfolios)
TODO AI advisor / coaching (opt-in)

Ship log (most recent)

Dividends page goes real — received, same-book history, expectedfeature · 2026-06-10

// {entry.detail}

Read-switch hotfix — the dashboard had been running on empty since the plaintext dropsecurity · 2026-06-10

// {entry.detail}

Market data actually flows — Yahoo primary, Workers-budget-aware sweepsinfra · 2026-06-09

// {entry.detail}

Portfolio sandbox — race your mix against alternatives (PAID)feature · 2026-06-09

// {entry.detail}

PERSONAL projection live — weighted historical CAGR from real holdingsfeature · 2026-06-09

// {entry.detail}

Paid-tier hook + 5-button scenario selector on projectionfeature · 2026-05-17

// {entry.detail}

Portfolio history backfill + long-range projection chartfeature · 2026-05-17

// {entry.detail}

Alpha 4 unblocked sweep — email polish + activity feed + snapshot insightsfeature · 2026-05-16

// {entry.detail}

Roadmap restructured + demo-seed panel + WAF confirmed liveinfra · 2026-05-16

// {entry.detail}

Phase 4 manuals — Brevo + MC password + service role + VAPID + cron + WAF livesecurity · 2026-05-16

// {entry.detail}

Cron route fix — drop edge runtime + inline Brevo callinfra · 2026-05-16

// {entry.detail}

Waitlist fix — SECURITY DEFINER RPC + await sendEmailinfra · 2026-05-16

// {entry.detail}