Reverse-chronological. Live
means you can use it today. Coming
soon means we know exactly what we're building and roughly
when. We don't log internal refactors here — only things you, the
customer, can use or wait for.
Latest
2026-05-19 · Comprehensive Build Plan — final drop
live Native Customer 360 lands at /console/customers. One read joins sales deals (Cyrus) + tickets (Sami) + invoices (Faisal) + churn (Noor) + NPS (Noor) + 90-day touchpoint history. Replaces HubSpot, Salesforce, and Zendesk's customer view in one schema. Migration 078 + v_customer_360 view + 5 routes under /v1/tenant/customers/*.
live Tenant isolation status page at /console/security/isolation. Customers run a live cross-tenant probe — we attempt to read another tenant's data using their JWT across 12 dept schemas; FORCE row-level security must return 0 rows everywhere. Any breach fires a critical signal and locks the account into review. Migration 077 + audit-export queue for GDPR Art 20 + KSA PDPL right-to-portability.
live Connectors catalog reclassified: 'native' (8 — Cyrus CRM, Sami Helpdesk, Maya Email, Iris/Tariq Product, Faisal Finance, Tala HR, Bashir Brand, Maya Marketing) means BBB does it natively; 'migration' (7 — HubSpot, Salesforce, Zendesk, Mailchimp, Jira, Xero, QuickBooks) means one-time import then cancel the external sub; 'core' (12) means we genuinely need them (LinkedIn audience, Twilio carriers, Stripe networks); 'optional' (6) for context-only.
live PWA: install BlackBit on your phone. /manifest.webmanifest with 4 home-screen shortcuts (Signals, Customers, Brand, Marketing). Service worker with 4-strategy cache (shell, hashed assets, console pages, never-cache API). Install prompt for Chromium/Edge/Android + one-time iOS Safari Add-to-Home-Screen hint. 11 icons generated.
+ 1 more in this tier (full list below)
Filter
2026-05-19 · Comprehensive Build Plan — final drop(also pinned above)
live Native Customer 360 lands at /console/customers. One read joins sales deals (Cyrus) + tickets (Sami) + invoices (Faisal) + churn (Noor) + NPS (Noor) + 90-day touchpoint history. Replaces HubSpot, Salesforce, and Zendesk's customer view in one schema. Migration 078 + v_customer_360 view + 5 routes under /v1/tenant/customers/*.
live Tenant isolation status page at /console/security/isolation. Customers run a live cross-tenant probe — we attempt to read another tenant's data using their JWT across 12 dept schemas; FORCE row-level security must return 0 rows everywhere. Any breach fires a critical signal and locks the account into review. Migration 077 + audit-export queue for GDPR Art 20 + KSA PDPL right-to-portability.
live Connectors catalog reclassified: 'native' (8 — Cyrus CRM, Sami Helpdesk, Maya Email, Iris/Tariq Product, Faisal Finance, Tala HR, Bashir Brand, Maya Marketing) means BBB does it natively; 'migration' (7 — HubSpot, Salesforce, Zendesk, Mailchimp, Jira, Xero, QuickBooks) means one-time import then cancel the external sub; 'core' (12) means we genuinely need them (LinkedIn audience, Twilio carriers, Stripe networks); 'optional' (6) for context-only.
live PWA: install BlackBit on your phone. /manifest.webmanifest with 4 home-screen shortcuts (Signals, Customers, Brand, Marketing). Service worker with 4-strategy cache (shell, hashed assets, console pages, never-cache API). Install prompt for Chromium/Edge/Android + one-time iOS Safari Add-to-Home-Screen hint. 11 icons generated.
live New /replaces marketing page lays out the math: $4,400+/mo of SaaS that BBB replaces (HubSpot $800 + Salesforce $800 + Zendesk $575 + Mailchimp $350 + Buffer $65 + Jira $85 + Xero $80 + QuickBooks $90 + Canva $13 + Greenhouse $500 + Highspot $250 + Drata $450 + Wootric $224). BBB Growth tier is $3,500. Net saving ~$11k/yr for the average GCC SMB.
Four creative departments online + cross-dept signal bus + roadmap voting
live Brand & Creative (Bashir) at /console/brand — 5-step wizard: inputs → fal.ai logo gen → palette extract (PIL k-means) + WCAG audit → Google Fonts pairing (Arabic-aware: Tajawal, IBM Plex Sans Arabic, Cairo) → voice & tone markdown guide. Every other dept now reads brand_kit_id.
live Marketing Content (Maya) at /console/marketing — pitch decks (HTML canonical + PDF via Playwright + PPTX via python-pptx + Google Slides export pending OAuth wiring), social posts (7 platforms with per-platform char caps), reel scripts (shot list + B-roll + captions), email campaigns, ad creatives (9 ad platforms), AP-style press releases, SEO-aware blog posts. All inherit Bashir's brand kit.
live Sales Enablement Plus (Cyrus+) at /console/sales-enablement — 6 deal-closer tools: battlecard vs named competitors, one-pager PDF, case study with metrics table, MEDDIC/SPICED/BANT/CHAMP discovery script, ROI calculator as live-formula .xlsx (openpyxl), pricing comparison table.
live Service Operations (Sami) at /console/service-ops — ticket triage with GCC tier-aware bumping, SLA monitor with auto-emit signals on breach, KB autogen via Noor's theme engine, maintenance schedule, asset registry audit, field-service TSP routing, CSAT dispatch.
live Cross-dept signal bus at /console/signals — 22 emit predicates wired across every dept. Critical churn from Noor → sales. Overdue breach from Selim → exec. Privileged container from Mateo → exec. Broken KPI tree from Tariq → exec. Runway < 6mo from Faisal → exec. All filterable by severity + dept + status.
live Roadmap with weighted voting at /console/coming-soon — 40 items shipped, voting weighted by plan tier (Sovereign 25× / Enterprise 10× / Growth 3× / Starter 1×). Metered billing scaffold ready for image / deck / reel / llm_token_1k / social_post / email / voice_minute / ad_creative units.
2026-05-18 · Tier 8.2
Connect your GitHub repo · multi-dept audit · Theo drafts patches on findings
live /console/projects is live. Paste a public GitHub URL — BBB clones the repo (≤50 MB), walks the file tree, and indexes it. Freya (Security STRIDE) + Sofia (Engineering incident triage) audit in parallel against the actual code. Each finding lands in your console with severity, category, evidence pointer, file path + line number, and a proposed action. Audit completes in ~30–60s.
live Theo draft-patch on demand: click any finding → 'Get Theo's patch'. Theo (code_writer) reads the cited file, the finding, and produces a structured patch with summary, plan, diff blocks, named tests, migration callouts, and rollback notes. Refuses to invent file paths — flags missing context as open_questions instead of hallucinating (R1 anti-hallucination guard rail).
live Migration 043_projects.sql applied to bbb-prod: bbb_projects schema with 4 tables (projects, project_audits, project_findings, suppressions), FORCE-RLS on all four scoped to auth.jwt().org_id, 12 indexes for hot paths. Same shape as every other bbb_* dept schema.
live Risk-fix bundle in this tier: R5 noise control (cross-dept dedup, confidence floor 0.55, per-dept cap 20, severity-first sort), R7 secret scanner (AWS/GitHub/Anthropic/Stripe/PEM detection before any file content reaches an LLM prompt), R8 application-level cross-tenant assertion helper with 19 green unit tests, R9 re-audit revalidation (auto-closes findings whose file/line no longer exists).
live Branch auto-detection: clone first calls `git ls-remote --symref HEAD` so repos using master (or develop) instead of main work without the customer specifying the branch. Idempotent URL normaliser fixed a double-.git bug that triggered the misleading 'Authentication failed' git error.
live Audit prompts strengthened to require file_path per finding, with a copy of the repo's file tree pasted into the prompt as ground truth. Findings emitting paths not in the tree get auto-validated with three-tier matching (exact / cleaned / unique suffix); unmatched paths drop confidence to 0.45 so the R5 floor suppresses them from the default view.
live Atlas classifier routes 'audit my repo / scan my code / find bugs in my project' to a guided handoff: tells the customer to go to /console/projects, connect the repo, and click Run audit. Reason: a cloned-repo audit produces structured findings with real file paths — far higher quality than a one-shot Atlas dispatch.
live First live audit on fastapi/fastapi: 11 deduped findings in 44 seconds (2 P2, 6 P3, 3 P4) covering OAuth bearer-token format validation, recursive schema DoS via $ref, OAuth scope parsing without sanitization, missing audit logs on auth events, cached_property memory bloat. No P1 — fastapi is mature. Theo draft-patch on the top P2 returned a structured RFC-6750 validation plan with the right blockers flagged honestly.
2026-05-17 · Tier 8.1
Engineering dept now WRITES code · new specialist Theo · spec → patch + tests + risks
live Engineering's fifth specialist is live: THEO — Implementation Engineer. The other four engineers (Sofia / Kenzo / Ivo / Lina) judge code (triage, RCA, perf, release-readiness). Theo writes it. Send a spec + code context to POST /v1/tenant/engineering/lead/dispatch and Theo returns a structured patch: file-level diffs, named tests, migration / env / secret callouts, rollback notes, open questions. Stays inside the spec — if anything's ambiguous, Theo lists open_questions instead of guessing.
live Atlas classifier extended: 'write the code for X', 'implement Y', 'add an endpoint', 'fix this bug', 'change function X so it does Y', or any spec → patch request now routes to engineering (Theo). Trivial coding questions a customer can ask Claude Code directly are still skipped — Atlas reserves Theo for production-scoped, auditable change requests.
live Migration 042_engineering_code_writer.sql applied: ALTER bbb_engineering.engineering_records DROP + ADD kind CHECK to include 'code_writer'. Stable constraint name engineering_records_kind_check. Idempotent — re-applying is a no-op.
live Engineering severity scale now has a code-specific meaning when kind = code_writer: p1 = touches auth / billing / RLS / hot-table migration; p2 = customer-facing API contract or shared library; p3 = feature work in one module; p4 = cleanup / refactor / docs. Theo refuses to mark a change p1-p2 without naming the deciding evidence.
live Marketing copy updated: /departments + /pitch Engineering card now reads "Sofia + Kenzo + Ivo + Lina + Theo" with 7 agents / 29 skills (was 4 specialists / 6 agents / 28 skills). Blurb explicitly mentions the code-writer skill so the answer to 'can the dept actually program?' is yes.
2026-05-17 · Tier 8.0
Tenth AI department · Quality Assurance live · skill library visible · Atlas now routes across 10 depts
live Quality Assurance department now LIVE in production with three specialists + Lead. JUANA (Calibration) owns skill_calibration + drill_score_audit — scores each agent's last 50 runs against the rubric, flags drift / anomalies / tier-demotion candidates. MAYA (Dual-Judge Grading) owns dual_judge_score + agreement_rate_audit — scores drafts on the 5-axis rubric (accuracy / register / completeness / cultural fit / voice) and audits inter-judge agreement. TARIQ (Mentor Escalation) owns mentor_escalation + agent_re_training_plan — when an agent fails ≥2 consecutive drills, picks a mentor + writes the 14-day recovery plan. POST /v1/tenant/qa/lead/dispatch routes any QA task to the right specialist. Internal-tighter role gate — specialist tier = read-only because calibration data is sensitive.
live Atlas orchestrator now routes across all TEN departments. Classifier extended to recognize QA-shaped language: 'grade this draft', 'is <agent> any good on <skill>', 'audit the drill scores', 'mentor escalation', 'judges disagree', 'recovery plan for <agent>'. Verified live: a 'why is Yara failing the polish drill' task routes to qa.juana.skill_calibration; a 'score this Khaleeji reply' routes to qa.maya.dual_judge_score.
live Migration 041_qa_dept.sql applied: bbb_qa schema + bbb_qa.qa_records table with FORCE-RLS scoped to auth.jwt().org_id, plus three indexes (org+created, org+kind, org+status). Same shape as bbb_security and the other eight live dept schemas — predictable, auditable, swappable.
live Dept access matrix extended (apps/bbb_knowledge/dept_auth.py): owner/admin = full, manager = create, specialist + viewer = read-only on qa. Cross-tenant smoke confirmed: a specialist's POST /v1/tenant/qa/records returns 403 with explicit role-tier message.
live Cross-dept dispatch observability now aggregates QA: bbb_admin /dispatches/overview UNIONs the new bbb_qa.qa_records table into the by-dept + by-day + p95 latency rollups. New Dispatches tab renders the qa row alongside the other nine.
live Customer-facing skill library now visible in /console/knowledge → "Your skill library" section. Once you promote a candidate, it lands here with calibrating status, an ETA ("first tier expected in ~12h"), and the partition / summary. QA department's daily drill cycle moves it from calibrating → tier_1 → tier_2 → … . Backed by GET /v1/knowledge/skills.
live Skill candidates pipeline (Tier 7.x) now connects to the QA department. Promoted candidates flow into bbb_qa.qa_records as skill_calibration kind = pending; the next drill cycle scores them. The customer-facing flow now is: upload knowledge → review candidates → promote → QA-dept Juana calibrates → skill goes live in the agent's library.
live Marketing copy updated everywhere: home, /pitch, /departments, /whats-new all read "Ten live · Six on the calendar" (was nine + seven). Long-form pitch hero lede + dept-grid eyebrow + footer trustLine + every "nine live" string flipped to ten.
2026-05-17 · Tier 7.12
New home page · ask Atlas a question · then see the console
live Replaced the home page (/) with a shorter, ask-box-first design. Hero is now a centered Atlas ask box — type any question, Atlas streams the answer in real time against our marketing-FAQ tenant. Below the hero: a dedicated Brain Command Center section at full readable size (no scale, no max-height, no fade). Then 3 compact "How Atlas works" steps, trust strip, closing CTA. Old long-form home preserved at /pitch — every "Read the full pitch →" link on the new home routes there.
live The previous home page had ~6,000 words across 14 sections — too dense for a first-touch visit. The new home is ~4 viewports total (down from ~12), with the most engagement-rich element (the live ask box) immediately above the fold.
live Design exploration sandbox at /preview/ stays live during transition — gallery + 4 design directions (Editorial, Product-first, Live ask box, Mixed). Future redesigns can use the same pattern: ship preview routes, get sign-off, promote one.
live Deployed Tier 7.5-7.10 to production. Marketing site (Cloudflare Pages, production branch): security headers landed (HSTS, X-Frame-Options DENY, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, full CSP), og/default.png 200, robots.txt + sitemap redirect live, hero copy + Meet-the-team + pricing tier anchors all visible. App subdomain (Fly bbb-app): rolling deploy green, /v1/healthz 200, 6 security headers live on /console/login/, password-reset page (/console/login/reset/) 200. Server header leak (BB-022 P3) still emitted by Fly's edge proxy — strippable via Cloudflare in front of app subdomain if you want it closed.
live Privacy Policy overhauled to disclose the agent improvement program. Previously said "We do not use Customer Data to train AI models" — that was true for raw content + base-model training, but the Foundry drill harness has been improving agents from signal data since day one. New section "How we improve our agents using your data" explains: aggregated calibration signals + approve/reject patterns + anonymized skill demonstrations + error/escalation patterns are used to improve platform-wide agent skills; your raw customer messages are never used to train base models; no cross-tenant data leakage by Postgres RLS; improvements ship to every customer at your tier, not just the customer whose signal informed them. Opt-out path documented: [email protected] one-email for self-serve tiers; built into the contract for Enterprise/Sovereign. Lawful basis: legitimate interest (Art. 6(1)(f) GDPR + analogous PDPL provisions), balanced against your rights, balancing-test memo available on request.
live Privacy Policy gap-fill — added lawful-basis table (contract / consent / legal obligation / legitimate interest, matrix'd against every activity); data retention schedule (account / customer data / billing / signals / marketing / logs / incidents — each with period + notes); expanded sub-processor table (now includes Anthropic, OpenAI, Cohere with their SOC 2 + zero-retention enterprise tier compliance posture); breach-notification SLA (72 hours, primary admin email + phone follow-up for sev≥P2); detailed cookie table (every cookie listed with setter / purpose / duration / type).
live Terms of Service overhauled. Section 3 (Trial) corrected from "14 days" to "7 days" matching every other surface on the site. Section 5 (Customer Data) rewritten to disclose the agent improvement program with contractual commitments matching the Privacy Policy. New Section 15 (DPA): Enterprise + Sovereign can request a signed PDPL/GDPR-aligned DPA via [email protected] — redlinable copy within two business days. New Section 16 (AI-specific terms) covers model output non-guarantee, approval gate posture, cultural/regional appropriateness, third-party model providers + zero-retention enterprise tier commitments, acceptable-use restrictions on AI-generated content. Section 17 contact updated to [email protected] + [email protected] (replacing the old personal address).
live New /legal/ hub page lists every legal doc in one place: Terms / Privacy / Data Sovereignty / Security / DPA (on request). Each card carries effective date, plain-language summary, and a direct line for filing requests (privacy@, dsr@, dpo@, legal@, security@). Replaces the previous "each doc lives at its own URL only" structure — visitors can now land at /legal/ and find what they need.
2026-05-16 · Tier 7.10
Mobile cleanup wave 2 · trust-strip no longer overflows · canonical-name sweep on /security /platform /about
live Trust strip stops overflowing under 400px. Was: chips on one row + status nowrap on the right escaped the container at 375px. Now: gap shrinks to gap-x-3 on small screens, the per-chip hint ("Q3 2026 audit", "EU SCC 2021", etc.) is hidden on mobile so the label fits, and the live-status pill stacks below the chips on mobile. Status copy is also responsive — mobile reads "All systems operational," desktop keeps the fuller "All systems operational · 29/29 smoke checks green."
live Mobile header tightened — "BlackBit Brain" wordmark used to wrap to two lines on iPhone SE viewports. Header brand now uses `min-[400px]:` arbitrary breakpoint: under 400px the lockup collapses to the mark-only square; from 400px+ the full horizontal wordmark renders. CTA label is also responsive — "Demo →" under sm (640px) so it fits next to Sign in, full "Book a 20-min demo →" from sm+.
live Body-copy canonical-name sweep on /security, /platform, /about — "BBB" replaced with "BlackBit Brain" in every prose context. Includes the security DEK-encryption blurb, the platform tour blurb + invariants description, the about-page architecture body + tier-promotion description + page eyebrow. Legal docs (terms / privacy / data-sovereignty) keep BBB as a defined term — that's standard legal-doc shorthand.
live Built AgentAvatar — a geometric monogram component for every named BBB agent. SVG-based, 8-hue burnished palette, stable name-hash → color so the same agent gets the same color everywhere on the site. 3 sizes (sm 28px / md 44px / lg 72px). Atlas gets a one-off star variant because Atlas is the orchestrator, not a peer specialist. Per-agent corner mark (dot / wedge / bar / ring) varies by hash bucket so two agents sharing a first letter don't read as identical.
live Designed wordmark — replaced the Tailwind-CSS `[B]` placeholder with a proper SVG mark: amber outer square + inset dark cell (gives it a designed bezel instead of a CSS rectangle) + the letter B in Inter Tight 600 at -0.03em tracking. Centralized in components/brand/Wordmark.astro so Header, Footer, console login, and reset-password page all pull from the same source. Mark-only variant collapses the lockup on viewports under 640px so the brand doesn't wrap into two lines on a 375px header.
live DepartmentGrid Lead labels now render as monogram clusters instead of plain text. "Lead · Felix + Hana + Yara" becomes three overlapping AgentAvatars with a faint ring; >3 leads show a "+N" overflow chip. Same hash → same color rule so Yara is always the same colour whether she shows up on /, /departments, or /skill-tree.
live New "Meet the team" strip on the home page — 10 cards covering Atlas (orchestrator) + the 9 live department Leads. Each card carries the agent's monogram + role + one-sentence ownership statement ("Ticket triage, complaint escalation, retention signals."). Makes the 67-agent claim concrete in 200ms of looking, without needing stock-photo headshots.
live Atlas section augmented — under the fan-out SVG diagram, a "Featuring" strip now shows the actual Lead avatars (Felix · Sienna · Claire · Elias · Sofia) so the abstract BRAND / LEGAL / FINANCE chips above map to real people who run the work.
live Wordmark + AgentAvatar are the first two components in a new components/brand/ directory. Future brand-system additions (favicons, social cards, deck assets) should land here so the brand layer stops drifting across the codebase.
live Italic-amber emphasis pattern reduced from 18+ uses to 3 keystone moments. `.text-accent-em` now ships amber color + medium weight (no italic) for all the secondary headlines; a new `.text-accent-em-italic` class keeps the italic + amber treatment ONLY on the home hero H1 ("The whole team answers."), the Atlas section H2 ("Ask once. The whole team answers."), and the closing CTA H2 ("Or watch it run live."). Brand DNA preserved; the tic is gone.
live Atlas section rebuilt as a 2-col composition (UX review §4.2). Left half: the existing copy. Right half: a custom SVG fan-out diagram showing ASK → 5 dept chips (CS, BRAND, LEGAL, FINANCE, ENG) → ONE answer, with the labels ONE QUESTION / PARALLEL · MILLISECONDS / ONE ANSWER. The diagram makes "fan-out" literal in 200ms of looking, and breaks the single-chord rhythm the reviewer called out.
live /pricing tiers now carry a price anchor under each price. Starter: "≈ 1/5 of one senior GCC specialist's monthly cost (~$7K/mo, $84K/yr published rate)." Growth: "≈ 1/2 of one senior GCC specialist hire." Enterprise: "≈ 1–1.5 senior GCC hires." Sovereign: "≈ 3 senior GCC hires — replaces a department." Reframes $1,500–$20K/mo from "expensive SaaS" to "fraction of one hire," which is the actual buyer frame.
live Departments grid is now a snap-x carousel on mobile (<640px). Each card gets 82% width with snap-start and the strip bleeds to the viewport edge so the next card teases. From sm+ the standard 2-col grid resumes; lg+ goes to 3-col. The 9-card vertical stack on mobile previously lost focus by card 4.
live (2026-05-17 — reverted) Arabic hero accent removed. Reason: a single decorative Arabic phrase on an otherwise-English page read as token. Arabic will land properly as its own dedicated /ar/* surface when full localized content ships, not as a one-line ornament. IBM Plex Sans Arabic imports + .font-arabic utility removed from global.css; the package stays in node_modules for the future /ar/* work.
live Mobile QA pass at 375×812 — hero H1 wraps cleanly, CTAs stack vertically, Atlas SVG diagram is legible (ASK → 5 chips → ONE), dept-grid carousel snaps correctly with the next-card tease. Two follow-ups identified for the next pass: header "BlackBit Brain" wordmark wraps on the very smallest screens (consider shortening to mark-only at <400px); trust-strip text overflows the right edge under 400px (consider wrapping the chips).
live Email routing wired to the 12 group aliases now live on blackbitbrain.com (hello / support / ops / sales / security / privacy / dpo / dsr / legal / forms / it / sienna). /api/contact resolves destination by formId: demo-request → sales@, security → security@, privacy/dsr → dsr@, support → support@, default → hello@. All env-overridable via CONTACT_DEST_* in Cloudflare Pages. Resend transactional sender is now [email protected] (FROM_EMAIL default).
live Legal page email refresh — privacy.mdx now points the "exercise your rights" copy at [email protected] (the dedicated Data Subject Request mailbox); the contact list ladder is privacy@ / dsr@ / dpo@ / legal@ so a regulator, a DSR filer, a DPO inquiry, and a general legal question each land in the right inbox. data-sovereignty.mdx routes its three buckets to privacy@, security@, and sales@. /careers email moved from a placeholder careers@ to hello@; /api SDK request moved to it@.
live Mailbox-config reference (site.config.ts) now lists every public-facing alias as a typed field: contactEmail, salesEmail, securityEmail, privacyEmail, dpoEmail, dsrEmail, legalEmail, supportEmail, opsEmail, itEmail, formsEmail. Future pages should import the constant instead of hard-coding the string so an alias migration is a one-file change.
2026-05-16 · Tier 7.7
UI/UX polish wave 2 · 16 design + content fixes from the second external review
live Fonts self-hosted via @fontsource (Inter / Inter Tight / JetBrains Mono). Removes the gstatic 503-on-cold-start failure mode where JetBrains Mono code strips on the hero would fall back to system fonts; also eliminates a privacy surface (no per-visitor request to Google). All three faces ship bundled in our own /_astro chunks.
live Hero copy rewritten — "Nine AI departments. One question, the whole team." was actually two mashed thoughts. Now: "One question. The whole team answers." — the Atlas tagline promoted to H1. Lede tightened to mention the seven upcoming departments by name (the home eyebrow was "Six on the calendar" while the lineup is seven — fixed).
live Type scale tightening — body bumped 0.95rem (≈15.2px) → 16.5px with line-height 1.65 for a long-read marketing page. H1 weight raised 500 → 600 so 80px display headings don't read anaemic against the dark background. Same H1 family + tracking; only the weight + body size changed.
live Stats block weighting — the "1,847 hours saved / mo" figure now spans 2 cols + renders at 3.6rem instead of competing in a 4-equal-stat grid. New `featured` flag on the Stats component; rest of the cards stay at 2.4rem. The headline number anchors the section instead of averaging with peers.
live Methodology footnote is now collapsed by default — a "View methodology ›" disclosure replaces the always-visible 11px italic paragraph that competed with the hero stats. Still expandable for CFOs/procurement; doesn't crowd the scan path for everyone else.
live Integrations grid math fix — home page eyebrow read "Nine live · Six on the calendar" and "+6 more — security, infrastructure, research, knowledge, product, QA, analytics, strategy" (which is 8 items, and Security is now live). Corrected to "Nine live · Seven on the calendar" + "+7 more rolling out through 2026 — infrastructure, research, knowledge, product, QA, analytics, strategy." Removed the stale "See all 15" link.
live Wizard plan radios — sales-led tiers (Enterprise, Sovereign) used to look like selectable radios but routed picks to /contact (bait-and-switch). Now: self-serve tiers stay as radios under "Pick a plan"; sales-led tiers render below in a dashed-border card with a "Talk to sales →" link that pre-fills the /contact topic. Same data; honest UX.
live Wizard Step 3 — added recommended presets (Lean / Go-to-market / Full nine / Clear all) as one-click chips that bulk-toggle the dept checkboxes, plus an explicit "Choose later inside the console — skip →" affordance. Step previously felt mandatory when zero was the default; users now have one of three paths through it.
live Sales-page customer-stub cards — the abstract "Tier-1 logistics operator · 1,200 staff" cards read as "we don't have customers yet." Replaced with use-case mini-cards: "customer-care voice in ar-SA + Khaleeji on inbound complaints → 92% first-touch resolution after 4 weeks." Region + size + industry still there; now every card answers the buyer's actual question.
live /pricing 4-tier grid — was rendered as 3-across + Sovereign one-up below (looked like a bug). Now 2×2 on md+, 4-across on xl. Symmetric. Full comparison table below the cards was already in place.
live Top nav refresh — added Resources dropdown (What's new / Blog / Customers / Trust center / Status) via a CSS-only hover+focus-within pattern with keyboard support. Dropped the "NEW" badge from Mobile SDK (the product itself isn't shipped yet; a NEW badge on an empty room is PR, not signal).
live Site-wide focus-visible rings — form inputs that override the global outline with `focus:outline-none` plus a colored border now also get a 4px amber ring + 1px outline for keyboard users. Closes a screen-reader/keyboard a11y gap flagged by the review.
live Error microcopy unified to a utilitarian voice across /wizard, /demo, /login. "That email looks off — typo?" (cute but unhelpful) → "Use a valid email address." / "Use a valid work email address." Same voice across every entry point so users get a consistent system.
live Canonical-name sweep on hero ledes — "BBB" was used interchangeably with "BlackBit Brain" and "the platform" in marketing prose. /pricing, /about, /security, /platform hero ledes + meta descriptions now consistently use "BlackBit Brain." Body usages of BBB-as-shorthand remain where they read naturally (legal docs especially, where BBB is defined as a term).
live Copy fixes — "Twenty minutes. Live walkthrough." → "20 minutes. Live walkthrough." on /demo + /departments. "Spin up your AI organization" → "Launch your AI workforce in minutes" on /wizard. Engineer-speak out, buyer-speak in.
live Chat-widget review — confirmed it IS the product (the BBB AI seeded with the public FAQ, not an offline form). UX review flagged "replace if not actually staffed"; this IS the staff. Comment in SiteLayout.astro now documents the dual purpose: live prospect support + interactive marketing demo.
2026-05-16 · Tier 7.6
QA + UI-UX sweep · 17 fixes from two external reviews · marketing-site credibility pass
live Home pricing block retired — the per-user '$99/$299/$499' tile on / was contradicting the canonical flat-tenant pricing at /pricing + /wizard. Replaced with a single 'Four flat-tenant tiers. From $1,500/mo.' tease that links to /pricing. Primary + secondary CTAs unified across hero, closing CTA, top nav: Primary = 'Start a 7-day trial → /wizard'; Secondary = 'Book a 20-min demo → /demo'. 'Request early access' + 'Talk to us →' retired (they both led to /wizard anyway).
live Integrations grid honesty pass — removed Instagram + Facebook Pages (OAuth/publish flow not end-to-end), downgraded LinkedIn → SOON (publish client has stubs). Every remaining 'live' chip maps to a real connector in packages/integrations/integrations/social/platform_clients/. Same fix applied to /integrations. The grid now says 'Only what actually works — anything not connectable yet is marked SOON.'
live Legal pages now have working titles + H1 + effective date — terms / privacy / data-sovereignty were rendering '<title>undefined — BlackBit Brain</title>' with empty H1 because LegalLayout was reading Astro.props.title directly, but MDX layout frontmatter is passed under Astro.props.frontmatter. Layout now reads both and throws at build time if frontmatter is missing.
live Personal email [email protected] replaced site-wide with group aliases — hello@ / support@ / sales@ / security@ / privacy@ / careers@ / methodology@ / dpo@ at blackbitbrain.com. Removed the scrapable destinationEmail hidden input from /demo and switched /api/contact to a server-side per-formId destination lookup (CONTACT_DEST_DEMO, CONTACT_DEST_SALES, CONTACT_DEST_DEFAULT).
live All public forms now POST instead of GET — /demo, /wizard, /contact had no method attribute so default-GET appended every PII field (name, email, company, message, plan) to the URL on submit, leaking through server logs, browser history, referrer headers. Explicit method='post' + action='/api/contact|/api/checkout-session' set. Wizard inputs now have maxlength (80/254/120/80) + minlength + focus-visible amber rings.
live Wizard validator overhaul — empty email no longer reports 'That email looks off — typo?' (it's 'Required'); free-provider emails (gmail/yahoo/outlook/proton/icloud/aol/yandex/zoho + ~20 more) are rejected on the 'Work email' field with a clear message; Full Name now requires ≥2 chars + Unicode letters / hyphens / apostrophes only + rejects angle brackets outright (closes the script-tag-as-name vector).
live Password reset shipped — login page no longer says 'email support'. Click 'Send me a reset link', Supabase emails a magic link that lands on /console/login/reset where the user sets a new password. PASSWORD_RECOVERY event is observed via supabase.auth.onAuthStateChange; expired-link UI surfaces if hydration fails.
live Security headers — added Strict-Transport-Security, X-Frame-Options DENY, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and a tailored CSP. Applied as Starlette middleware on the bbb-app orchestrator (covers /console/login/ + all API surfaces) and as public/_headers on Cloudflare Pages (covers the marketing site). Server header rewritten to a generic 'BlackBitBrain' so it no longer leaks the Fly build SHA + date.
live Login form skeleton renders SSR-first — the React LoginIsland used to leave the form area blank for ~3s during hydration; now a real <form> skeleton with email + password inputs (autocomplete hints active) is in the SSR'd HTML and gets swapped out by a MutationObserver the moment the React island mounts. Password managers can offer to fill before JS even attaches.
live robots.txt + sitemap redirect — /robots.txt now exists with Disallow: /console/ + Sitemap: /sitemap-index.xml. /sitemap.xml 301s to /sitemap-index.xml so crawlers that probe the canonical filename don't 404.
live OG card system — auto-generated 1200×630 brand card now exists at /og/default.png + /og/blog-default.png. Every link share to Slack / Twitter / LinkedIn / WhatsApp / iMessage shows a real preview instead of a broken image.
live Caption / methodology text contrast bumped to WCAG 2.1 AA — --fg-muted moved from #6b6760 (2.8:1 on --bg) to #9b948a (4.6:1). The 'Methodology:' footnote, integration-grid hover labels, and 'STATUS · ALL SYSTEMS OPERATIONAL' strip are readable to anyone over 40 without leaning in.
live H1 textContent fixed — every '<h1>First.<br/>Second.</h1>' heading was reading 'PeriodSecondWord' to screen readers (no whitespace between the two clauses). Hero + CTA components now inject a single space before each <br> at render time, so 'Software-only.Workforce-priced.' becomes 'Software-only. Workforce-priced.' in the a11y tree without changing visual rendering.
live SkillTreePreview labelled honestly — the home-page Skill Tree section now carries a 'Sample preview · live in your console' badge + a 'See the full Skill Tree anatomy →' link. The illustration is hardcoded sample data (Aiko · Legal); your real tree updates as Foundry-drill agents calibrate. Long-term TODO: pipe live cohort-aggregate data via a public-read /api/foundry/preview.
live Footer hygiene — SOON-badge items (Changelog, Documentation pre-existing) now render as non-clickable <span> instead of <a>, so the badge tells the truth instead of the click leading to a 404. Added LinkedIn / Twitter / GitHub social links below the columns — there was no way to follow the brand from the footer before.
live Hero CTA microcopy — '7-day trial · charged on day 7 · cancel before then with one click' now sits right under the primary button on the home hero. The honest billing copy used to be buried at the bottom of the pricing page; bringing it forward at the decision point eats one common objection before it shows up on a sales call.
2026-05-15 · Tier 7.5
Ninth AI department · cross-dept dispatch observability · auth-flow hardening · save-plan polish
live Security & Trust dept live — Freya (Threat Modeling & Adversarial: STRIDE threat models, jailbreak-atlas adversarial-prompt analysis) + Tobias (Detection & Response: honeytoken audits, monthly purple-team briefs). Internal-tighter role gate, specialist tier = read-only. Atlas extended to 9-way routing: 'audit this prompt for jailbreak/injection risks' now routes to security correctly. Live: a jailbreak_atlas run on a draft customer-care prompt returned sev=p2, risk=75, 4 concrete attack-payload findings.
live Cross-dept dispatch observability — new /bbb-admin → Dispatches tab. Aggregates kind='lead_dispatch' rows across all 9 bbb_<dept>.<dept>_records tables plus bbb_atlas.dispatches. Shows total / failed / avg / p50 / p95 latency per dept, daily-totals sparkline, cross-dept p95. No new metrics table — every Lead already persists elapsed_seconds + model_used + created_at; we aggregate the existing data.
live Save-plans page polish — banner from AgentsIsland now actually selects the linked plan via ?selected={id} query param. /console/save-plans also surfaces a brief green chip after a save plan is created via the redirect from AgentsIsland. The chip auto-dismisses after 4s and strips the query param so refresh doesn't re-fire it.
live Cron-health pill on /bbb-admin → Save plans — surfaces 'cron fresh / stale / silent' verdict based on the latest state.last_checked_at across active plans. Thresholds account for GCC weekends (Sun–Thu run cadence): ≤30h fresh, 30–72h stale (likely weekend), >72h silent (investigate Fly scheduler).
live Voice cloning pre-upload format gate — upload UI now rejects FLAC, AAC raw, WebM audio, and other formats ElevenLabs doesn't accept. Allow-list: WAV / MP3 / M4A / OGG (mime-type with extension fallback). Catches the bad file 5 seconds earlier than ElevenLabs would, with a clearer message.
live Auth-flow hardening — /demo form gets JS-side validation with inline per-field error chips + email regex check + first-invalid-field focus + shake animation. /console/login surfaces explicit 'Email is required' / 'Password is required' / 'That email looks off — typo?' instead of relying on the browser's silent HTML5 popups. /api/checkout-session now server-side rejects empty name + empty company (was silently passing through to Stripe metadata).
2026-05-15 · Tier 7.1
Eight AI departments live · HR & People + Operations ship · Atlas extended to 8-way routing
live HR & People department now live in production with three specialists + Lead. Riyad (Recruiting & Hiring) owns job_spec_drafting + candidate_screen with strict protected-class hygiene. Tahani (Performance & Growth) owns perf_review_synthesis + growth_plan with multi-source feedback citation. Omar (Compensation) owns comp_benchmark + offer_modeling with source-band attribution (Mercer GCC, Radford). POST /v1/tenant/hr/lead/dispatch routes any people task to the right specialist. Internal-tighter role gate — specialist tier is read-only because comp + performance data is sensitive.
live Operations department now live with three specialists + Lead. Nasir (Vendor & Procurement) owns vendor_scorecard + rfp_analysis. Zaina (Process & Workflow) owns process_map + sla_design — every step gets an owner + numeric SLA. Idris (Business Continuity) owns dr_plan + runbook_draft — DR plans require RTO/RPO in minutes per component; runbooks include expected-signal per step so they're readable at 3am. POST /v1/tenant/operations/lead/dispatch routes process/vendor/DR/runbook tasks.
live Atlas orchestrator now routes across all eight departments. Classifier prompt teaches the people-language → hr rule (hire, fire, performance, comp, JD, offer, promotion, PIP) and the process/vendor/DR/runbook language → operations rule. Verified live: a 'top EM resigned, backfill in 8 weeks' task routes to hr; a 'switching Twilio → Telnyx' task routes to operations + legal in parallel.
live Dept access matrix extended: owner/admin = full, manager = create on both new depts, specialist = read-only (matching the engineering pattern), viewer = read-only. Cross-dept routing dispatch automatically drops routes the caller's role can't execute and surfaces a 'dropped_routes' field in the response.
2026-05-15 · Tier 7
Six AI departments live · Atlas cross-dept orchestrator · Customer Success save-plans with daily watchdog
live Six departments are now live in production with named specialists, role-gated APIs, and approval queues: Customer Success (Felix + Hana + Yara), Brand & Communications (Sienna + Rami + Ethan + Lucia), Legal (Claire + Nadia + Samir), Finance (Elias + Jonas + Mira), Marketing (Marco + Hugo + Quentin + Leila + Maya), and Engineering (Sofia + Kenzo + Ivo + Lina). Each has its own POST /v1/tenant/<dept>/* endpoints + a department Lead that classifies tasks and routes to the right specialist.
live Atlas, the cross-department orchestrator, ships at POST /v1/tenant/atlas/dispatch. Free-text task → classifier picks one or two departments → fans out to each dept Lead in parallel (asyncio.gather, no internal HTTP) → consolidator returns one synthesised answer with the single next action. Operator can drill into any dispatch and see every dept output + every specialist invoked. Live at /console/agents.
live Customer Success retention save-plans: bbb_customer_success.save_plans table, full API (create, list, detail, patch, mark-tactic-done, build-from-Yara-dispatch), and a Fly cron machine that runs Sun–Thu 09:00 Asia/Riyadh. It walks every active plan, compares baseline vs latest account_review trajectory, surfaces overdue tactics + crossed escalation gates, and emails the operator on sev=2 via Resend. Persists state back to the row each tick.
live New /console/save-plans page: cards color-coded by latest cron severity, drill-in shows tactics with due-date badges + one-click mark-done, escalation gates with countdowns, and a live trajectory strip (baseline → latest with arrows). Tactic completion is optimistic + idempotent.
live AgentsIsland (Ask Atlas) now detects when a dispatch routed to Yara's retention_strategy and surfaces a one-click "Create save plan from this run" button. Auto-derives 6 tactics + escalation gates + baseline scores from the dispatch and redirects you to the new plan page.
live Department role matrix (apps/bbb_knowledge/dept_auth.py): owner/admin/manager/specialist/viewer × department → access tier (full/create/sales/read/none). Specialists get customer-facing dept create access by default; Engineering is internal-tighter (specialist = read-only, owner/admin/manager required for write).
live Six-dept Atlas now knows the full lineup: customer-success language (a customer says, a ticket, onboarding, renewal, churn risk) routes to CS; internal-infra language (latency, outage, RCA, deploy, p1/p2/p3, oncall) routes to Engineering. Cross-dept tasks pick two departments — e.g. "this account is churning AND tickets show a perf bug" → CS + Engineering in parallel.
live Rami's polish/translate now polishes the right thing: the comms Lead's classifier extracts payload.source_text — just the raw text to transform — so an instruction wrapper like "Polish this opener: …" no longer gets polished alongside the line. Live in production.
live Voice channel cleanup: WhatsApp messages now log to tenant_voice_calls.channel='whatsapp' instead of the sip_trunk stopgap. Migration 036 expands the CHECK constraint to accept the fourth channel value.
2026-05-09 · Tier 6.11
Multi-vendor draft router (Claude + GPT-4o + Cohere) with auto-retire when local catches up
live Every customer-facing draft is now drafted by Claude Sonnet 4, GPT-4o, and Cohere Command-R+ in parallel. Sonnet then judges all four candidates (the three plus our local agent) on the same 5-axis rubric — accuracy, register, completeness, cultural fit, voice — and ships the winner.
live Loser drafts become DPO training pairs for the local agent — every round produces a 'this would have beaten you by N points on register/cultural-fit' lesson. The local agent learns from production traffic without retraining.
live Auto-retire gate: when the local agent wins ≥60% of rounds over rolling-50, the ensemble disables itself and the local model takes over. Tracked live in /bbb-admin → Foundry tab.
live Headline KPI swap: dashboard now shows usable-rate (drafts that ship as-is or with light edits) instead of strict-accept (which was structurally throttled by 240+ pre-fix reviews). The metric that actually maps to 'is the agent doing its job' is finally what's surfaced.
live Arabic now ships with FOUR production dialect voices: MSA (formal regulator/legal/CMA), Khaleeji (Gulf-warm — Saudi, UAE, Qatar, Kuwait, Bahrain, Oman), Egyptian (Cairo media cadence), Levantine (Lebanon/Syria/Jordan/Palestine). Each gets its own ElevenLabs voice ID + persona register.
live Voice coverage extended to 16 languages (added Chinese, Tagalog, Malayalam, Bengali). Email drafter and voice agent both use the same canonical (lang × accent × gender) catalog.
live Console → Settings → Voice pack: customers pick their default Arabic dialect (or 'auto-detect') and can pin a custom voice ID per (language, accent, gender) combo using their own ElevenLabs cloned voices.
live Chat agent system prompt explicitly enumerates the 4 Arabic dialects + their markers + the 'mirror customer's dialect AND honorific stack' rule. No more MSA-cold replies on warm Khaleeji threads.
2026-05-09 · Tier 6.10
Foundry observability — real-time view of all 67 agents
live /bbb-admin → Foundry tab now shows every one of the 67 agents in the fleet, not just dept-level aggregates. Per-agent: level (color-coded ≥7 gold, ≥5 ok), 30-day XP, drill count, reliability score (traffic-lighted), recent trend (↑/→/↓), latest milestone.
live Sortable by level / XP / drills / name; filterable by department. Lead and promotion-ready agents are flagged inline.
live Customer onboarding wizard rewritten — 4-step flow with animated stepper, per-step transitions, live field validation with shake-on-error, save-and-resume, and a 'Workspace ready' success state with three next-action cards.
2026-05-09 · Tier 6
Mobile SDKs, CRM marketplace, KSA region election, 4 active depts
live iOS Swift Package + Android Gradle library for in-app voice — wraps Twilio Voice native SDK; one-line integration.
live CRM marketplace: Salesforce, HubSpot, Zendesk, Freshdesk. OAuth for the first three; API key for Freshdesk. Tokens AES-256-GCM-encrypted under your tenant DEK.
live Per-tenant data residency. Bahrain region available for KSA latency parity (~22ms p50) + PDPL Article 29 alignment. Default Frankfurt (EU).
live Customer Care, Legal, Finance, Marketing departments flipped from learning_only → active. Their leads now run live work.
live Daily summary email — every conversation across voice/chat/WhatsApp, summarized to the operator inbox at 08:00 UTC.
live Chat retention 7 days minimum + per-visitor chat retrieval endpoint (operators can pull any conversation by visitor_id for the last week).
coming soon CallKit / ConnectionService handoff for backgrounded mobile calls (Tier 6.6.1, Q3).
live When a customer says "I want a refund," the agent asks for the order number + email instead of reciting policy. It commits to the next concrete step rather than punting to "contact Customer Care AI" — because it IS Customer Care AI.
live Multi-turn conversation: the widget sends the last 8 turns to the API on every request, so follow-ups land with full context.
live No more [#0]/[#1] citation markers in the rendered chat — citations remain in the audit trail but are hidden from the customer-facing bubble.
live 12 languages auto-detected on first turn at this tier (en, ar, fr, es, de, hi, ur, fa, tr, pt, it, ru). Arabic with Khaleeji-warm register. (Tier 6.10 adds zh/tl/ml/bn for 16 total + 3 more Arabic dialects.)
live Per-tenant voice cloning via ElevenLabs — upload 60 seconds, agent speaks in your brand voice.
live Sentiment + intent on every turn; 7/30/90-day cohort metrics in the console.
live Custom partitions (define your own employee partitions beyond the default `general`).
live HMAC-signed outbound webhooks with exponential backoff retry.
2026-05-06 · Tier 4
Complaint workflow + audit log
live T1 → T2 → T3 → T4 complaint pipeline built into the runtime. Every transition audited; the customer-facing reference number is generated at T1 and follows through all 4 tiers.
live Write-once audit log. Exportable as CSV per tenant for GDPR Article 15 / PDPL Article 14 (data subject access).
live Cost dashboard — per-tenant, per-agent, per-call cost breakdown. STT, TTS, LLM, embeddings, vector queries, rerank — all priced and totaled.
2026-05-04 · Tier 3
Voice on PSTN + WebRTC + WhatsApp
live Inbound voice across the GCC via SIP trunks with the local carriers — your existing carrier relationship stays intact.
live In-browser WebRTC voice ("Talk to us" button) — no phone number needed.
live WhatsApp Business API — inbound + outbound text, images, audio, PDFs.
live Per-tenant Twilio subaccount, auto-provisioned at signup.
2026-05-01 · Tier 1+2
Multi-tenant foundation
live Postgres + pgvector with RLS per tenant, per-tenant DEK encryption (AES-256-GCM).