Built fast. Shipped honestly.

In-app support bubble. Floating "?" bottom-right of every authenticated page. Click → modal with type radio (Bug / Feature / Question / General feedback) + textarea. Submissions email support@aipersonamethod.com from jeff@aiprojectscoper.com with Reply-To set to the submitter (so admin replies route back). Bug reports auto-attach a 5-minute diagnostic blob: console errors, failed fetches, route history, viewport, browser, connection. Admin inbox at /admin/support.

Set / change password card on /dashboard/account. Closes the loop on the new "magic link is the primary sign-in" flow — users who got in passwordless can establish or update a password from inside the app.

Onboarding email sequence (4 emails). Day 1 / 3 / 7 / 14 with essay-style content (project briefs, the four-file pyramid, prompt patterns, multi-session workflows). Daily Vercel cron at 9 AM PT, smart backfill so existing users catch up gradually. Day 1 fired to 43 alpha users today.

Session refresh guard. Mounted in dashboard + admin layouts. Refreshes Supabase access tokens on tab focus + every 10 min while visible. Gracefully bounces to /login?next=... on terminal session loss.

Live Founder seat counter on the landing page. Mirrors the one on /pricing.

Real-revenue MRR / LTV / churn tracking. Replaces the list-price MRR estimate on /admin with three measured variants: Actual MRR (cash collected last cycle), Expected MRR (forward projection at current discount), List MRR (no discount). Discount cost rendered alongside. Adds Total LTV (gross paid minus refunds) and a "biggest customers" leaderboard. New app.invoice_events ledger backs all of it.

Promo code redemption tracking. /admin/promotions now shows who redeemed each code; /admin/users/[id] shows the promo on the active sub; /admin/subscriptions adds a Promo column.

Guardrails middleware on /api/chat + /api/render-plan. Input-side blocks prompt injection / extraction / jailbreak / data-exfiltration attempts. Output-side scans for system-prompt leakage, PII, API keys, internal paths. 18 default rules, /admin/guardrails audit log, 88 vitest tests.

/admin/support, /admin/guardrails admin pages.

Signup flow now skips the email-check step. Previously: fill form → "Check your inbox" → find email → click link → pricing. Most users dropped at the email step (zero of six recent unpaid signups had opened their welcome email). Now: fill form → redirected straight to /pricing, signed in. The welcome email still fires as a backup; it's no longer the only way in.

/login "Email me a sign-in link" is now a primary affordance. Closed-alpha users provisioned via Request Access have a server-generated random password they were never shown; password login fails with "Invalid login credentials." The magic-link button is the right entry point, surfaced prominently with a hint when password attempts fail.

/forgot-password rewired through the working magic-link endpoint. The previous Supabase reset-password flow emitted fragment-token URLs that our /auth/callback couldn't handle.

Magic-link destination routes paid users to /dashboard, unpaid to /pricing. Previously defaulted everyone to /pricing regardless of subscription state.

/admin/coupons link removed from admin nav. The page itself still resolves at the URL for historical inspection; it's no longer promoted in the UI since the redemption pathway was deprecated. Use /admin/promotions for active discount management.

Admin users couldn't render their own product. Admin accounts without a Stripe subscription were treated as free tier (limit = 0 renders), so every Generate Scaffold attempt hit 429 and fell back to a generic template zip. Admins now bypass the per-tier render cap.

Paywall bypass. The chat-view client's error catch built a template-based zip locally on any thrown error, including 429 (rate limited / over cap) and 403 (suspended). So anyone hitting the paywall still walked away with a working starter zip. Closed: 429 and 403 now surface clear "upgrade" / "contact support" messages and skip the template fallback. Other errors (timeouts, partial streams) still degrade gracefully.

"Tailored render failed - building from templates instead" error trace pointed to multiple causes — the admin tier issue above is the dominant one tonight.

Stale test-mode subscription orphaned in app.subscriptions was throwing on every Stripe backfill. Removed.

Magic-link confirmation for vastafferai+aaicc@gmail.com and 5 other affected users via fresh sends from the fixed endpoint after the magic-link routing fix.

/api/auth/magic-link rate-limit cooldown mid-incident (Surbs hit it during the 6-user catch-up; resent via fire-launch-to-leads.mjs script).

Render token cap raised from 8K → 64K with surface-on-cap error so users see truncation instead of mystery silence.

CRON_SECRET env var had a trailing newline causing every Vercel build after the env-add to fail with "leading or trailing whitespace not allowed in HTTP header values." Removed and re-added with printf instead of echo.

40 apology emails to unpaid users about the morning's sign-in friction (response: most ignored, a couple converted).

43 Day 1 onboarding emails triggered manually before the 9 AM PT cron's first scheduled run.

Migrations 006 (guardrail_events), 008 (subscription promo tracking), 009 (revenue / LTV / churn), 010 (support_messages), 011 (support_messages.diagnostics jsonb).

lib/guardrails/, lib/billing/ledger.ts, lib/admin/mrr.ts, lib/support/diagnostics.ts, components/auth/session-refresh-guard.tsx, components/support/support-bubble.tsx, components/support/diagnostic-collector.tsx.

web/scripts/backfill-subscription-promos.mjs, web/scripts/backfill-invoice-history.mjs, web/scripts/fire-apology-to-unpaid.mjs.

vitest 2.1.9 added; 88 tests on guardrails module passing.

Vercel Cron (vercel.json) added for daily onboarding at 16:00 UTC.