StackPatch is liveSee product

Back to StackPatch
Engineering changelog

What we shipped

Public engineering log. Every entry below is a real production deploy. Newest first.

2026-05-01V1.6 — distribution + checkout polish

Apple Pay enabled at checkout, dev.to launch shipped, full V1 copy parity, JSON-LD on every comparison page

  • Apple Pay domain `mindsparkstack.com` registered with Stripe — Apple Pay now appears at /patch checkout for iOS users (was previously only enabled on Stripe-hosted buy.stripe.com)
  • dev.to build-log article published — first real distribution into the indie-dev community, canonical to /patch
  • /patch hero badge updated to V1 status with live distro / CVE counts; secondary waitlist card no longer claims "MVP launches in 7-14 days"
  • Welcome email body rewritten — drops the never-wired "Pro free 30 days" and time-bound MVP claim, leads with V1 live + LTD founder seat
  • Homepage Free quickscan bullet + site-wide meta description now list all 5 distros (Ubuntu/Debian/Alpine/AlmaLinux/Rocky) — was 2-3 distros
  • JSON-LD WebPage + SoftwareApplication schemas on /patch/vs-vuls, /patch/vs-trivy, /patch/vs-grype, /patch/vs-snyk — Google rich-results uplift on competitor-search queries
  • /patch/cves/digest gets CollectionPage schema
  • Site-wide WebSite schema in <body> with sameAs links to dev.to author profile + GitHub repo
  • umami-postgres image refreshed (postgres:16.13-alpine) with verified pg_dump backup
  • 6 retired-subsystem crons disabled (wat-lex/liaison/aura/janitor compose-yml-renamed; x_reinstatement_watcher X-suspended; strategy-bakeoff trading-retired) — active cron count 37→31
2026-04-30V1.5 — autonomous loop completion

Full PRD shipped: paid activation loop, funnel instrumentation, SEO surfaces

  • Per-CVE pages now have JSON-LD Article schema + dynamic title/description from cached data — every cached USN/NVD record is now a unique SEO surface
  • Sitemap is now dynamic, enumerates 100 most-recent USN + 100 most-recent NVD records (was static 23 entries)
  • /security page — plain-language data handling reference (what we collect/don't, where it lives, retention, breach response, how to verify)
  • /changelog page — this page
  • /status page + /api/stackpatch/status — public service health dashboard reading poller state files directly
  • /patch/usn-8222-1 — second high-search-volume CVE landing (OpenSSH cluster fix)
  • /patch/cve-2026-31431 — dedicated SEO landing for the kernel local-priv-esc
  • /patch — pricing FAQ block (6 cards: 3-server limit, after 50 seats, refund, RHEL/Alpine, auto-apply, ESM)
  • /patch/scan — trust panel + curl|bash one-liner above the form
  • /patch/audit/[server] — top-level status badge (clean/action_needed/critical/stale), share-with-customers copy block, what-this-doesn't-certify caveats, JSON/CSV export
  • /patch/onboarding/success — server-side validates Stripe session, idempotent customer + token creation, install command + trust panel
  • /install.sh — authenticated install script with --uninstall flag, /var/run/reboot-required detection
  • /api/stackpatch/{enroll,inventory,event,audit/[s]/export,status} — full backend
  • Funnel instrumentation — events.jsonl with daily-rotating IP hash, 10 event types, server-side scan_run/server_enrolled/inventory_received and client-side page_view beacons
  • Founder seat counter on /patch reads filesystem (real "X / 50 claimed", no faked scarcity)
  • Result-conditional quickscan endings — vulnerable/clean/unsupported each get different CTA
  • Email alert dispatcher cron @ :40 — new findings + stale-host (24h threshold + 72h re-alert dedup)
  • Stripe customer_id persistence — unblocks future Customer Portal
  • Stripe payment_link updated to redirect to /patch/onboarding/success?session_id={CHECKOUT_SESSION_ID}
2026-04-30V1.0 — pivot complete

Killed VaultAgent + Fleet Pilot + Fleet Architect; StackPatch is the only product

  • Header/nav/footer chrome cleanup — was still pitching retired SKUs on every page
  • Homepage rewritten — announcement bar, hero, FeaturedProducts, FinalCta all StackPatch-only
  • /vault, /pilot, /fleet-architect → permanentRedirect to /patch (308 + noindex)
  • 4 Stripe products archived (VaultAgent Proxy/Starter/Enterprise + Accuoa Fleet Fit-Check)
  • 9 VaultAgent + content-engine crons disabled on the VPS
  • Content engine topics.txt rewritten to 30 StackPatch / CVE / patch-ops seeds
  • /patch/vs-vuls — honest 12-row green/red/grey comparison page (recommends vuls.io if better fit)
2026-04-30Quickscan upgrade

Free curl|bash now returns real CVE matches against the live USN + Debian DSA feeds

  • V0 was a 2-CVE curated list — most users saw "no matches" on real vulnerable boxes
  • Now: subprocess matcher script joins inventory × cached USN feed (51 records) + Debian Security Tracker bookworm/trixie/bullseye (~110K fix-records) using dpkg --compare-versions
  • Sub-second response time per request
  • Debian DSA poller cron @ daily 04:00 UTC
2026-04-30Foundations

StackPatch V0 ships from scratch

  • Inventory collector cron @ :03 — bash script reading /etc/os-release, uname, dpkg, docker, ports, modprobe
  • CVE poller cron @ :23,:53 — Ubuntu USN feed + NVD recent CVEs
  • Matcher cron @ :33 — joins inventory × USN, writes findings JSONL
  • /patch product page + /patch/scan free quickscan + /patch/audit/mss-vps public demo + /patch/playbook reference
  • Stripe webhook handler for $99 LTD checkout + welcome HTML email

Source: github.com/Accuoa/mindsparkstack-next — every commit lands on the public repo before going to production.

Want a new feature? Email agents@mindsparkstack.com. Founder cohort customers get higher priority on requests.