IntelliCoach Courses
Changelog
What shipped, day by day.
- v0.53.0
Forking story published; team content workflow moves forward
Day 53 publishes the conversation-forking story as a leadership lesson about low-cost experiments in AI work. It also ships the selected literal fork visual, keeps the JSON rollback source aligned with the CMS-backed content path, and prepares the Monday LinkedIn pickup folder for Maik's manual posting.
- ContentAdded the selected literal fork visual, blog hero, newsletter banner, LinkedIn pickup image, and paired fork image candidates.
- v0.52.0
Rewind story published; CMS-backed content path used for Day 52
Day 52 publishes the Claude Code rewind story as a leadership lesson about keeping AI working context clean. It also ships the selected pink-elephant visual, keeps the JSON rollback source aligned, and uses the CMS-backed content path now in production.
- ContentAdded the selected pink-elephant visual, blog hero, newsletter banner, LinkedIn pickup image, and paired image-candidate files.
- v0.51.0
AI span-of-control story published; image-candidate rule repaired
Day 51 focused on leading parallel AI-agent work as a new management discipline. The build-log story frames AI sessions as another inbox, uses span of control as the management lens, and ships the selected octopus visual after repairing the five-picture draft contract.
- OpsKept newsletter sending and manual LinkedIn posting as separate gates after the platform content ship.
- ContentAdded the selected octopus visual, blog hero, newsletter banner, and next-day LinkedIn pickup image.
- v0.50.0
Vision-and-plan checks added; staging platform advanced
Day 50 focused on the human skill stack behind AI-agent work. Systems thinking helps Maik ask better technical questions, while coaching skill helps him clarify goals, hold the vision, and judge whether the AI answer serves the outcome.
- OpsCreated a staging platform on the home server for safer testing before production changes.
- OpsBuilt a workflow to refresh staging with real live-platform user data.
- ContentPublished the Day 50 build-log story around systems thinking, coaching skill, and visible vision statements for AI work.
- v0.49.0
Plan-checking hooks active; first product source package advanced
Day 49 focused on continuity inside long AI sessions. A plan-checking hook now forces the AI to reread the case file before answering, while STARQ Feedback Mastery moved into real source work and the Synology staging path continued toward UAT readiness.
- OpsAdvanced the staging path: the Synology staging origin, protected public path, and repeatable production-to-staging refresh are in place, with browser access still the remaining blocker.
- ContentPublished the Day 49 build-log entry around the nurse handover and case-file metaphor for AI continuity.
- v0.46.0
ADR source-trace gate added; Day 46 content draft prepared
Day 46 focused on foundation work rather than feature shipping. The project added an ADR source-trace gate so future strand reports must cite relevant architecture decisions, re-grounded the paid-PDF plus executive-review preview standard, and prepared the Day 46 content draft around the wet-house foundation metaphor.
- OpsKept Day 45 LinkedIn, Day 45 newsletter resend, STARQ Product1 Think, and development strands closed for tonight's content-only route.
- DocsAdded the ADR source-trace gate so future DPP strand reports must cite topic-relevant architecture decisions before making product, platform, or governance claims.
- ContentPrepared the Day 46 blog, newsletter, changelog, and image-concept review packet from Maik's evening brain dump.
- v0.45.0
First break-in attempt caught; project router governance expanded
Day 45 brought the platform's first real break-in attempt. The attempt failed, the guardrails caught it, and an over-broad lockout triggered the monitoring check that surfaced it. The protection path was hardened, and DPP work now continues through the governed P-016 project router with proof-and-success framing required for non-trivial deliverables.
- SecurityFirst real break-in attempt detected and blocked; the affected access flow was hardened after review.
- OpsMonitoring caught an over-broad protection response when the hourly email check failed, proving the alerting path worked.
- DocsP-016 project-router framing now governs DPP daily work, with DPPG-R-009 requiring objective, boundary, proof target, success criteria, bigger-picture fit, and unproven items for non-trivial deliverables.
- ContentDay 45 content prepared for platform publication, with blog, changelog, newsletter, LinkedIn draft, and image assets moving through the governed content cycle.
- v0.43.0
Mobile and accessibility coverage added; launch tracker updated from parallel worker results
Day 43 pulled two launch-confidence checks forward. Parallel worker sessions added mobile and tablet coverage plus an accessibility pass across flagship pages. The orchestrator accepted the scoped results, marked LS-C07 and LS-C08 complete, and carried the full-environment rerun plus visual contrast spot-check into tomorrow.
- Opsdocs/LAUNCH-SCOPE.md and docs/LAUNCH-READINESS.md updated: LS-C07 and LS-C08 now pass, while full-environment rerun and visual spot-check remain tomorrow follow-ups.
- Docsdocs/TESTING.md updated with the new mobile and accessibility coverage expectations.
- v0.42.0
Governance close-outs, four new launch items filed, first product content runway opened
Day 42 was a paper day. Two historical-gap tombstones added (Day 35 + 36 stay in the counter). A credential rotation moved from launch-blocker to post-launch sweep. Four new launch items got formal tracker entries: a new marketing homepage, a fine-print disclosure folded into the next legal review, a staging environment on the home server, and an additional pre-launch security scanner. The first product (STARQ Feedback Mastery) opened its multi-session authoring runway. No code shipped to production.
- SecurityLS-S11 Stalwart credential rotation accepted as post-launch sweep work alongside LS-S12 admin-endpoint hardening.
- SecurityLS-S13 Vercel DeepSec agent-driven SAST scan queued for pre-launch QA week, additive to the existing Semgrep + CodeQL + gitleaks + OSV scanners.
- FeatureLS-C11 new marketing homepage queued for the launch-week build slot. Replaces the current build-log-as-homepage; build log moves to /build-log.
- OpsLS-O06 Synology DS1525+ staging environment queued for the launch-week buffer slot.
- DocsQuick-path daily content workflow codified in the memory wiki — when Maik signals tired or one-shot mode, the standard cycle collapses into a single-turn produce-and-present.
- ContentTwo historical-gap tombstones added for Day 35 (Fri 5-1, Singapore Labour Day) and Day 36 (Sat 5-2, weekend DEV) — both days remain in the counter, framed honestly as 'no public entry.'
- ContentFirst product content authorship runway opened (LS-C10, STARQ Feedback Mastery). Multi-session build phase begins this week using parallel Opencode sessions; product subdirectories and content-status.json scaffolding committed.
- v0.41.0
Governance debt closed in a single sitting; new no-branching rule locks main as the only place changes land
Day 41 was a governance catch-up day. Two days of accumulated drift across version labels, records, and rules closed before lunch. ADR 058 locks the no-branching rule (every change goes to one place; no side copies). Newsletter sender hardened against unknown flags. Validator now exits non-zero on structural failures per ADR 050. ADR 052 amended to match the actual cron implementation. Memory wiki freshness gate back to green.
- Securityscripts/send-newsletter.ts hardened: rejects any unknown flag or extra positional argument with a clear error pointing to newsletter-template.ts for fragment-only previews. Closes the Day 41 --dry-run footgun that fired an unauthorized send to 4 EN subscribers.
- FeatureTag v0.40.1 created on main HEAD as the recovery release combining Day 40 evening UI work with the Day 41 governance close-out. v0.40.0 preserved as historical anchor for the Day 40 deploy state.
- Featureforce-dynamic on product + bundle pages so signed waiver-intent tokens mint per request once NEXT_PUBLIC_CHECKOUT_ENABLED flips. Closes the FIXME from b7162de.
- Ops17 stale local branches (claude/*, day26/*, worktree-agent-*, _a/_b/_c) and 4 stale remote branches deleted. 10 mounted worktree directories force-removed. Repo state: main only, local + remote.
- Opsscripts/validate-launch-scope.ts now exits 1 on structural failures (silent-pass placeholders) per ADR 050, not just on blocker check failures. Validator is now the gate ADR 050 specified.
- DocsADR 058 added: no branching, every commit lands on main. Supersedes the durable-branch isolation aspect of ADR 031. Locks tagging-only-on-main, deploy-only-from-main, and a session-start orphan-branch scan as MANDATORY.
- DocsADR 052 amendment: 09:00 SGT cron and in-repo docs/audit/ output path accepted as the binding implementation. ADR is now historical record; cron script run_dpp_codex_weekly_audit.sh is canonical.
- ContentDay 41 build log entry shipped (Today I paid governance interest). Friday Lightbulb Moments Build Log recap drafted for Sunday 5-10 send.
- v0.40.0
Privacy + cookie + imprint shipped, launch moved to June 1
Day 40 closes the legal surface for launch. The privacy policy now lists every data-collecting service via iubenda, the cookie banner respects geography (full banner in the EU, none in Singapore), and a CCPA / CPRA chrome callout shipped. A new Imprint route went live in both languages, including the Baden-Württemberg format requirement that iubenda's scan flagged. Launch date moved from Tuesday 2026-05-12 to Monday 2026-06-01 to ship version one rather than beta one.
- Securitynext-intl bumped to ^4.11.0, clearing GHSA-4c35-wcg5-mm9h and GHSA-r27j-894h-3w3p in transitive icu-minify. Imprint route still HTTP 200 after redeploy.
- OpsLaunch date shifted from Tuesday 2026-05-12 to Monday 2026-06-01 (Day 57). Reason: one sick day plus the still-running audit list plus regulatory items the iubenda scan surfaced. Buffer is necessary but not sufficient.
- DocsADR 057 supersedes ADR 023, recording the launch-shift rationale and the version-one-not-beta-one principle.
- ContentDay 40 build log entry shipped (frog metaphor, launch-shift braided in, Baden-Württemberg quirk named explicitly). Day 39 placeholder entry shipped to keep the build-day count honest after a sick day.
- v0.39.0
Recovery day, no shipping
Day 39 was a second consecutive recovery day after Day 38's sick day. No code, no content shipped. The build day count stays honest by recording the day rather than skipping it.
- ContentDay 39 build log entry shipped (no shipping; second recovery day after Day 38 sick day, written for the count to stay honest).
- v0.38.0
Sick day. Build log entry only.
Day 38 ships only the daily build log entry. Maik called in a sick day after an unplanned morning with the kids and the heat tipping him over. No code, no LinkedIn post for tomorrow, no other artifacts. The project carries on without him for the day.
- ContentDay 38 build log entry shipped to content/roadmap/{en,de}.json. Headline: I had to admit defeat today. Stats bumped: daysIntoJourney 37 to 38, progressPercent 88 to 90.
- ContentLinkedIn post folder for tomorrow skipped per Maik's explicit instruction. Image-concepts task deferred. The Day 35 + Day 36 + Day 37 LinkedIn catch-up cycle rolls forward to the next session.
- v0.37.0
Three audit P1s shipped, backup MX live, password rotation, observability stack
Day 37 closes the three P1 findings from the external audit pipeline (consent-record reconciliation, signed waiver intent gate, per-subscriber transactional mail). The mail stack is now backup-MX-protected via DNSExit and observability ships off-host to Synology. A briefly exposed database password was rotated end-to-end. The blog records honest contemplation of whether the Tue 2026-05-12 launch date still holds.
- SecurityThree P1 audit findings shipped via parallel orchestrator-subagent dispatch: pre-checkout consent record now reconciles to the actual purchase via the canonical product id, the consent-record API is gated by a server-issued short-lived signed waiver intent, and the executive-summary preview email now sends per-recipient via Listmonk transactional rather than as a broadcast campaign.
- SecurityDPP database password rotated end-to-end after a brief plaintext exposure during a chat session. Postgres role updated, .env rewritten on VPS, dpp container recreated, live verified.
- SecurityRepo-level gitleaks allowlist (.gitleaks.toml) added for documentation cite-key slugs and unit-test fixture credentials. Reduces five recurring false positives to zero.
- OpsCodex weekly audit cron PATH bug fixed (Sunday 5-3 audit had failed exit 127 because /opt/homebrew/bin was not on the cron-spawned shell PATH). Sun 5-3 audit back-filled, captured the same 3 P1 findings.
- OpsBackup MX live for inbound mail via DNSExit Foundation tier on intellicoach.org + intellicoachcourses.com (LS-O05 closed). Loki + Grafana + Promtail observability stack live on Synology, mail-loop monitor running, Borg restore drill end-to-end pass (C-021 sessions 8-10).
- DocsADR 054 locks the Stalwart-VPS-as-DPP-dependency relationship; ADR 055 locks the LS-L07 reconciliation key (product id, not plan id) with a regression-guard test. LS-S12 added (medium, post-launch) for two Stalwart admin-endpoint hardening findings the Borg drill surfaced.
- DocsDay 37 blog records that the launch date Tuesday 2026-05-12 is under serious contemplation. Sitting with the still-open audit items has Maik reconsidering whether that Tuesday is the right Tuesday. No decision yet.
- ContentVoice-learnings doc seeded L-004 from yesterday's published Day 34 LinkedIn post: nine candidate patterns including tool-name precision (Claude Code vs Claude), no markdown in LinkedIn comments, and self-bio numbers computed from the project anchor date.
- v0.34.0
Founding Members surface, Article 16 consent capture, and Codex audit response
Six of the eight remaining urgent pre-launch items shipped today via parallel specialist work. The Founding Members surface is live, the Article 16(m) consent gate is wired into checkout, and the response to yesterday's external audit landed across credential rotation, five ADRs, and three sister skills.
- SecurityStalwart feedback@ password rotated and shared agent skill files redacted after yesterday's external audit found a plaintext credential. Gitleaks history sweep confirmed no further exposures.
- FeatureArticle 16(m) digital-goods consent gate wired into the pre-checkout flow, plus an extended-preview alternative form for buyers who want more before paying.
- FeatureFounding Members surface live: first-50 signup counter, 30% bundle promo code, founding-member badge, and the entitlements column that backs all three.
- FeatureMy Account skeleton with five tabs (Dashboard, Purchases, Subscriptions, Profile, Settings) and authentication gating in place. Deeper per-tab content lands tomorrow.
- InfraNew Status Card PDF reference card auto-generates a multi-page status overview at every session open, written to a new DPP/Project Status folder.
- OpsThree sister skills scaffolded for the three-week product cycle (think, build, sell), with the first flagship product seeded for the launch-day Build week.
- DocsFive new architecture decision records landed (049 through 053): iubenda integration, validator placeholder discipline, Codex as permanent second voice, Sunday Codex audit cadence, three-week product cycle.
- ContentVoice-learnings doc seeded two new long-term rules from yesterday's published LinkedIn post: a publish-time tense pass on every LinkedIn draft, and a humble-voice principle that anchors every blog and post.
- v0.33.0
External AI audit during forced Claude break: Codex as permanent second voice
Weekly Claude allowance ran out before refill. Rather than lose the day, gave OpenAI's Codex full access to four to six weeks of Claude conversations and the entire project for an outside read. Returned a list of significant findings, including one real exposed access password in a shared agent skill file. Codex stays as a permanent second voice alongside Claude. Newsletter image format and DPP image quality bar codified. Block-leave facts corrected in skill memory.
- SecurityExternal Codex audit identified one plaintext access password in a shared agent skill file (line 657 of agent-commons/skills/maik-dpp/SKILL.md). Redaction and rotation queued for Day 34
- OpsExternal AI audit pattern locked: when main development tool is unavailable, ask the secondary tool for an outside read of the whole project
- DocsBlock-leave facts corrected in skill memory: practice applies to specific regulated roles only (traders, settlements), two consecutive weeks, two stated reasons (wellbeing plus control by absence), not an audit, no presumption of guilt
- ContentNewsletter image format standard codified: crop the HBR top band off, 600px wide JPEG at 80% quality, target under 80KB, banner under the navy header (cite-key dpp-newsletter-image-format)
- ContentDPP image quality bar codified: LinkedIn keeps HBR band 1024px+, newsletter banner per Standard 1, blog inline 1024-1600px WebP at 80%, mobile-LTE under 1.5s render bar (cite-key dpp-image-quality-bar)
- v0.32.0
AI co-lead added, three-way researcher pattern, voice-learnings governance seeded
Brought in OpenAI's Codex 5.5 as a project-management partner alongside Claude, with a shared notes folder for the two of them. Built a small researcher that fans the same question out to Codex, Gemini, and Claude in parallel, then asks Claude to compare the three answers. UI fix batch shipped: invisible Turnstile, asymmetric login button, Manrope display font, footer responsive. Voice-learnings governance file seeded as canonical. Notion publication trail cleaned up across four historical gaps.
- FeatureFooter Turnstile switched to invisible mode (data-execution=execute + appearance=execute + execute callback per Cloudflare's documented invisible pattern, not the non-existent data-size=invisible)
- FeatureManrope replaces Fraunces as the display font, weights 400/600/700, applied via next/font/google
- FeatureAsymmetric corner utility rounded-asym-xs (8px 0 8px 0) added to globals.css and applied to the NavAuthButton login pill
- FeatureFooter responsive grid changed from md:grid-cols-4 to md:grid-cols-2 lg:grid-cols-4, fixes subscribe-button overlap at 768-1024px viewports
- OpsNotion publications cleaned up: Day 12 LI confirmed-not-published, Apr 23 entry renamed Day 27 -> Day 26 (resolves two gaps), Day 25 NL-DPP DE duplicate archived
- OpsSkill rule locked: Behind-the-curtain and Changelog must always be separate LI comments (cite-key dpp-linkedin-behind-curtain-changelog-separate); per-comment char count ≤1200 with 50-char headroom (cite-key dpp-linkedin-comment-char-limit); -maik suffix convention for draft preservation
- OpsMANDATORY SESSION START Step 1.6 added: acknowledge-on-receive ritual when a -maik.md companion file is found in the most recent LI post folder
- Docsvoice-learnings.md canonical artifact landed at docs/voice-learnings.md, 23 confirmed voice patterns, 8 candidate gaps, 6-element governance cycle, L-001 seed entry from commit 26f19ca (best -> right)
- ContentTranslation fix on messages/en.json footer.otherLangLink: Subscribe auf Deutsch -> Auf Deutsch abonnieren ->
- v0.31.0
Three days of foundations: legal trail, monthly restore drill, design language locked
Saturday's weekend session shipped the monthly database restore drill and locked the Centralization Principle as a foundational platform rule. Sunday's session shipped the real iubenda integration, the executive summary PDF pipeline, and the signed legal attestation. Monday published the no-refund policy with Article 16(m) framing, codified seven new launch-scope items, and locked the IntelliCoach document design language alongside the Page-Fit Algorithm specification.
- SecurityMonthly database restore drill scripted and ran successfully for the first time, full snapshot restored to scratch in 20 seconds (LS-S01, Sat)
- FeatureReal iubenda integration shipped, privacy plus cookies plus terms now stream from iubenda's API with a one-hour cache, real consent banner replaces the placeholder (LS-L01, Sun)
- FeatureExecutive summary PDF pipeline end to end, 45-page full document plus 45-page preview with irreversible body obfuscation per ADR 048, purchase CTA on page 5 (LS-P02, Sun)
- FeatureNo-refund policy text published with Article 16(m) digital-goods waiver framing, extended-preview-on-request alternative, defective-product carve-out, Whop merchant-of-record pointer (LS-L05, Mon)
- InfraFiling convention YYYY-MM-DD-HHMM applied across DPP working folders, 20 folders renamed (LinkedIn folders excepted)
- OpsCentralization Principle locked as a foundational platform rule, one canonical source per concern, surfaces compose rather than duplicate (Sat)
- OpsDesign system pass 2, three new shadow utilities, ProductCard and BuildLog now compose the canonical Card component, Footer subscribe button uses the Button component, 19 arbitrary Tailwind values eliminated (Sat)
- OpsTypography migration completion, Roboto removed across 8 sites, Fraunces applied to hero h1 plus blog day headlines plus 5 editorial surfaces (Sat follow-up)
- Opsmaik-iubenda Claude Code skill activated at ~/.claude/skills/maik-iubenda/SKILL.md for future iubenda touchpoints
- DocsLegal Attestation signed by IntelliCoach Pte Ltd for European Union plus Singapore plus United Kingdom plus United States with California CCPA in scope (LS-L04)
- DocsADR 014 (iubenda integration) plus ADR 048 (PDF preview Hybrid E obfuscation) plus 24 backfilled ADRs covering Days 6 through 28 added to docs/decisions/
- DocsSeven new launch-scope items codified, LS-L06 extended-preview form, LS-L07 Article 16(m) checkout consent capture, LS-L08 portal sweep plus lawyer review, LS-A01 Attention Insight pre-launch pass, LS-A02 Plerdy install plus iubenda consent wiring, LS-A03 analytics API integration deferred, LS-A04 daily database diff deferred
- ContentIntelliCoach document design language locked, warm Brene-leaning workbook style refined with Fraunces typography weight pushed to 600 to 700 on display roles, validated reference at pdf-doc-warmth-fraunces-bold.html
- ContentPage-Fit Algorithm v1 specified, five-pass page-splitting pipeline (preprocessor, render via Playwright on Chromium 108+, measure, re-balance, verify), grounded in Knuth-Plass plus CSS Fragmentation Level 3 plus Chromium RenderingNG
- ContentDay 28 LinkedIn post published, 'A toast to the work nobody sees', full standard structure with Who/What/Why plus Journey plus Behind-the-curtain comments and emoji-categorized changelog highlights
- v0.30.0
iubenda integration goes live, executive summary pipeline ships
Sunday's session swapped the hand-rolled GDPR placeholders for real iubenda-served privacy + cookies + terms text, signed the IntelliCoach legal attestation for EU/Singapore/UK/US (CCPA in scope), and shipped the executive summary PDF pipeline end to end. The 45-page free preview with irreversible Hybrid E obfuscation (ADR 048) lands on every product page; full purchase converts the preview to the unredacted document.
- Featureiubenda integration shipped via Pro x 1 plus backend API embed (English-only locked pre-launch, German deferred per budget cycle), one-hour cache, real consent banner replaces the placeholder (LS-L01)
- FeatureExecutive summary PDF pipeline end to end, 45-page full document plus 45-page preview with locked Level 5 obfuscation (downscale 500, sigma 2.0, q 48), purchase CTA on page 5 (LS-P02)
- Feature10-level diagnostic ramp tool for visual confidence in the obfuscation severity
- Opsmaik-iubenda Claude Code skill activated at ~/.claude/skills/maik-iubenda/SKILL.md for future iubenda touchpoints
- DocsLegal Attestation signed by IntelliCoach Pte Ltd for European Union plus Singapore plus United Kingdom plus United States with California CCPA in scope (LS-L04)
- DocsADR 049 (iubenda integration via Pro x 1 plus backend API embed; renumbered from ADR 014 on Day 34 due to a numbering collision with the Assume Failure ADR) and ADR 048 (PDF preview Hybrid E obfuscation) added to docs/decisions/
- v0.28.2
Six launch blockers retired, end-to-end testing loop closed
A full-stretch session retired three blockers and three high-priority items from launch scope, then a follow-up reckoning closed the gap between the pre-push hook and CI.
- SecurityContent-Security-Policy-Report-Only header and /api/csp-report endpoint live (LS-S06)
- SecurityCI Security Gates workflow shipped: gitleaks, OSV-Scanner, Semgrep, CodeQL on every push (LS-S07)
- SecurityZod validation and Redis-backed rate limiting on /api/subscribe and /api/feedback/send (LS-S03)
- SecuritySentry scaffold (DSN-less no-op) and ntfy Sev-1 reporter wired into the Whop webhook (LS-S09)
- FeatureFounding-member entitlement columns and migration 0005 (LS-F04)
- FeatureFoundingMemberBadge component with EN/DE copy (LS-F03)
- OpsPre-push hook now shadows CI: gitleaks plus Semgrep plus OSV-Scanner run before every push, ~31 seconds total
- Opsnpm version pinned via .nvmrc, .npmrc, and engines block so local resolution matches the CI lane
- DocsNewsletter template now includes a per-version changelog link
- ContentLightbulb Moments Build Log recap draft saved for Sunday newsletter (LS-C03)
- v0.27.0
Cloudflare WAF, About page headshot, governance harness
Closed the first batch of launch-scope items while running the main chat as an orchestrator dispatching specialist subagents.
- SecurityCloudflare WAF + Bot Fight Mode on public endpoints
- SecurityTurnstile widget on the footer subscribe form
- FeatureOpenGraph image + metadata block live on every locale route
- FeatureAbout page shows a portrait photograph
- InfraCoolify admin port 8000 locked to Tailscale via Hetzner firewall
- OpsSitemap.xml (dynamic) + robots.txt shipped
- OpsLAUNCH-SCOPE governance harness (LS-* tracker) added
- ContentDay 27 blog entry published EN+DE; newsletter sent
- v0.26.0
Next 16.2.4 bump, Fraunces headline font locked
Dependency bump for a DoS CVE plus the first pass of the new typography system on hero beats.
- SecurityNext.js bumped to 16.2.4 (CVE GHSA-q4gf-8mx6-v5v3 mitigated)
- FeatureFraunces display face locked for hero + editorial headlines
- FeatureSystem body font stack adopted (no download, native feel)
- DocsMANIFEST section 3 typography block updated
- ContentDay 26 watermelon-status blog entry published EN+DE
- v0.25.0
Purchase email lock + testing-regimen governance
Post-purchase sign-up form now locks to the email the payment provider confirms, and the missing testing regimen was written into the roadmap, AI memory, and the session kickoff check.
- FixPost-purchase sign-up form locked to payment-provider email
- OpsSession kickoff live-state check flags obvious gaps automatically
- DocsTesting regimen added to public roadmap as foundation piece
- DocsFive ADRs written covering the testing decision set
- ContentDay 25 blog entry published EN+DE
- v0.24.0
First end-to-end paid checkout landed in an account
End-to-end payment flow works: checkout with promo code, webhook to platform, purchase linked to account on the other side of a magic-link signup.
- FeatureEnd-to-end paid checkout verified (test promo, real webhook)
- FeatureWhop webhook writes purchase into platform DB
- FeatureBranded success page after checkout
- FeaturePurchase visible on /account after magic-link signup
- ContentDay 24 blog entry published EN+DE
- v0.23.0
Policy layer, session fingerprint, sensitive-action reauth, webhook seal
Four security features landed on top of the cleaned-up login foundation, all built by parallel subagents and reconciled into one deploy.
- SecurityAuthorization policy layer for logged-in routes
- SecuritySession fingerprint check (network + device drift detection)
- SecurityFresh-reauth gate on sensitive actions
- SecurityStandard Webhooks signature verification on payment webhooks
- OpsParallel subagent workflow proven on four concurrent features
- ContentDay 23 blog entry published EN+DE
- v0.22.0
Magic-link login, Turnstile, account page, auth nav
Phase 0.3 Slice 2 shipped: real login via Postfix relay with Turnstile captcha, a minimal account page, and an auth-aware navbar.
- SecurityCloudflare Turnstile via Better Auth captcha plugin
- FeatureMagic-link login via Better Auth + Postfix SMTP relay
- FeatureMinimal /account page with session display + sign-out
- FeatureAuth-aware navbar shows Login or Account
- InfraThree Stalwart mailboxes provisioned: login@, team@, support@
- Opsadd-secret tooling for safe credential handling (no chat exposure)
- DocsADR 014 written: Assume Failure infrastructure guardrails
- ContentDay 22 blog entry published EN+DE
- v0.21.0
Better Auth foundation, encrypted backups, SOPS secrets
Security foundation complete: auth system on Better Auth, dedicated auth DB on an internal Docker network, encrypted off-site backups via Tailscale, SOPS-managed secrets.
- SecurityBetter Auth configured with magic-link + optional passkey
- SecuritySOPS-managed secrets with no hardcoded fallbacks
- InfraDedicated Postgres DB for auth on internal Docker network
- InfraEncrypted off-site backups streamed to NAS over Tailscale
- DocsWritten security document targeting OWASP ASVS Level 2
- ContentDay 21 blog entry published EN+DE
- v0.20.0
Auth DB skeleton, local backup drill, ADR 013 decision journal
Built the DB container that will hold user data, rehearsed the off-site backup routine, and started a decision journal so AI-driven choices stop evaporating week-to-week.
- InfraDedicated Postgres container ("locked room") for future auth data
- OpsRehearsed encrypted backup routine to home NAS over Tailscale
- OpsSelf-review process tightened on new work
- DocsADR 013 decision journal started (architecture record format)
- ContentDay 20 blog entry published EN+DE
- v0.19.0
Phase 0.0 Security Foundation complete
Security headers, security.txt, dead-code deletion, and a surface audit all landed. Hard prerequisite before DB and auth work unlocked the next phase.
- SecuritySix security headers added via Next.js middleware (XFO, XCTO, Referrer-Policy, Permissions-Policy, COOP, HSTS)
- Securitysecurity.txt published per RFC 9116
- SecuritySurface audit: gitleaks + Semgrep clean
- FixDeleted dead code containing hardcoded fallback secret
- DocsHandover document (Hemingway bridge) pattern adopted
- ContentDay 19 blog entry published EN+DE
- v0.18.0
Weekly review, scope correction, no platform code
Recognised perfectionism had hijacked a whole week. Committed to hard architectural decisions for next week (DB, auth, payments). No platform code changes today.
- OpsNext-week commitments recorded: DB, authentication, payments
- DocsWeekly review logged; perfectionism pattern named (CliftonStrengths Maximizer)
- ContentDay 18 blog entry published EN+DE
- v0.17.0
Governance skill self-editing, 1M context window fix
Caught a context-window misconfiguration mid-session and taught the next session to prevent it. The governance skill now self-edits to prevent recurring mistakes.
- OpsAuto-compaction incident diagnosed (1M context not enabled)
- DocsSkill self-editing pattern adopted: yesterday's mistake = tomorrow's guardrail
- DocsPositive-framing rule added to the skill (tell AI what to do, not what not to do)
- ContentDay 17 blog entry published EN+DE
- v0.16.0
LinkedIn image pipeline, fal.ai, ADR 009 visual language
Three AI image providers compared for LinkedIn post typography. fal.ai nano-banana got clean text first try. ADR 009 locks the visual language going forward.
- FeatureLinkedIn image generation via fal.ai nano-banana
- OpsImage engine comparison documented (Gemini, Chrome overlay, fal)
- DocsADR 009 LinkedIn image visual language written
- ContentDay 16 blog entry + LinkedIn Post 5 published
- v0.15.0
German translation framework + real navigation
Bilingual transcreation framework (not literal translation) set up across all pages. Navigation moved from temporary placeholders to the real design. Mockup split into its own subdomain.
- FeatureGerman transcreation for 13 blog entries + 6 product pages
- FeatureReal platform navigation (Products, Bundles, Courses, About, Contact)
- FeatureLanguage switcher wired end-to-end
- InfraMockup split to standalone mockup.intellicoachcourses.com
- DocsGerman style guide written (informal "du", natural voice)
- ContentDay 15 blog entry published EN+DE
- v0.14.0
Three sites merged into one Next.js app with i18n
Roadmap, store, and mockup unified under one Next.js app with next-intl routing. Roadmap rebuilt as 11 components. Groundwork for accounts and login laid.
- FeatureRoadmap page rebuilt as 11 reusable components
- FeatureBilingual routing via next-intl (/en/, /de/)
- FeatureNav simplified to Roadmap / Current / Mockup
- InfraThree separate sites merged into one Next.js app
- InfraCloudflare DNS + Docker restructure for new architecture
- ContentDay 14 blog entry published EN+DE
- v0.12.0
Manifest + Build Log + Claude skill context architecture
Three-document context architecture created: Manifest (vision), Build Log (decisions), Claude skill (learnings). Email relay unblocked after self-banned by its own server.
- FeatureLinkedIn image branding workflow built
- FixSMTP relay unbanned on Stalwart (fail2ban exception added)
- DocsManifest written (vision + North Star)
- DocsBuild Log started (running decision record)
- Docsmaik-dpp Claude skill scaffolded (process learnings)
- ContentDay 12 blog entry + LinkedIn Post 2 published
- v0.11.0
Email deliverability fix, first LinkedIn post, publishing rhythm
Mail server was introducing itself with the wrong hostname, tripping spam filters. Fixed via DNS + Postfix config. First LinkedIn post published; rhythm locked.
- FixSMTP HELO/hostname mismatch fixed — mail now lands in inbox
- FixDKIM, SPF, PTR DNS records tightened (OVH API)
- InfraPostfix identity aligned with sending domain
- OpsPublishing rhythm locked: blog same day, LinkedIn next day
- ContentLinkedIn Post 1 published (build-in-public series kickoff)
- ContentDay 11 blog entry published EN+DE
- v0.10.0
Hero redesign, custom voice-to-blog skill, share links
Roadmap hero restructured with What/Why/Who cards. Custom AI skill turns dictated voice notes into structured draft entries. Shareable anchor links on every build log entry.
- FeatureHero redesigned with What/Why/Who cards
- FeatureHero image optimised (24x smaller)
- FeatureDirect anchor links on every build log entry
- FeatureCollapsible Behind the Scenes section per entry
- OpsVoice-note-to-blog-draft AI skill built
- ContentDay 10 blog entry published EN+DE
- v0.9.0
Unified domain: roadmap at root, store at /store, mockup at /mockup
Three separate experiences unified under one domain via Traefik routing. Newsletter signup flow tested end-to-end. Purchases disabled with a May 2026 placeholder.
- FeatureCross-experience navigation bar added
- FeaturePurchases disabled with "Coming May 2026" placeholder
- InfraTraefik routing unified roadmap + store + mockup under one domain
- OpsNewsletter signup tested end-to-end (double opt-in live)
- DocsDaily workflow mode added to AI orchestration skill
- ContentDay 9 blog entry published EN+DE
- v0.8.0
Family Sunday, no shipping, ideas captured
Planned no-ship day. Ideas captured for the week ahead.
- OpsPlanned day off; no deploys
- ContentDay 8 blog entry published EN+DE
- v0.7.0
Weekend planning mode, thinking captured
Weekend mode. Thinking translated into a week-ahead plan. No platform code changes.
- OpsWeek-ahead planning session logged
- ContentDay 7 blog entry published EN+DE
- v0.6.0
Operational work wins, DPP paused
Operational coaching work took priority. DPP paused one day.
- OpsOps-day, no DPP deploys
- ContentDay 6 blog entry published EN+DE
- v0.5.0
Listmonk deployed, newsletter subscribe live, Zernio integration
Listmonk self-hosted on Hetzner behind Traefik. Newsletter subscribe form on roadmap with double opt-in. Zernio LinkedIn integration built as a Claude skill. Personal letter section added to roadmap.
- FeatureRoadmap subscribe form with Listmonk double opt-in
- FeatureZernio LinkedIn integration as a Claude skill (one-command post)
- FeaturePersonal letter section on roadmap (data-driven)
- InfraListmonk deployed via Docker on Hetzner VPS behind Traefik
- InfraSocketLabs SMTP relay configured for Listmonk
- ContentDay 5 blog entry published EN+DE
- v0.4.0
Full 23-page mockup built with Alpine + Tailwind
Pivoted from piecemeal build to building the whole 23-page mockup in one HTML file. Real product images, logo, video embed, and executive summary preview flow wired.
- FeatureAll 23 pages of the mockup built in a single HTML file
- FeatureReal product images + IntelliCoach logo integrated
- FeatureReal video embed on product page
- FeatureExecutive summary preview flow wired
- InfraMockup served by standalone nginx Docker container
- ContentDay 4 blog entry published EN+DE
- v0.3.0
Master plan + build-in-public roadmap page
Full feature brain dump organised into an implementation order. Tech stack decided per component. /maik-dpp orchestration skill designed. Roadmap page built from scratch.
- FeaturePublic roadmap page built from scratch
- Ops/maik-dpp orchestration skill scaffolded
- DocsMaster plan written; full feature set prioritised
- DocsTech stack decisions locked per component
- ContentDay 3 blog entry published EN+DE
- v0.2.0
Migrated off Vercel to self-hosted Hetzner with Traefik
Multi-stage Dockerfile built, Traefik labels configured for automatic HTTPS via Let's Encrypt, DNS cutover from Vercel to Hetzner. Zero downtime.
- InfraMulti-stage Dockerfile for Next.js standalone output
- InfraTraefik labels for automatic HTTPS (Let's Encrypt)
- OpsDNS cutover from Vercel to Hetzner VPS (OVH DNS)
- ContentDay 2 blog entry published EN+DE
- v0.1.0
Zero-to-storefront: Next.js 16 + Whop embedded checkout
First commit to first deploy in one day. Next 16 scaffold, product data structure, all core pages built, Whop embedded checkout SDK wired.
- FeatureNext.js 16 scaffold via create-next-app
- FeatureProduct data structure designed
- FeatureCore pages built: home, products, bundles, about, checkout
- FeatureWhop embedded checkout SDK integrated
- InfraFirst deploy to Vercel (later migrated Day 2)
- ContentDay 1 blog entry published EN+DE
Every build day gets an entry. v1.0.0-ea lands on launch day.