Admin users — click to expand
Liveness
Form factor
Collector versions
Envoy firmware (top 5)
Recent alerts
Fleet ISP health
Platform Event Management
Central operations view for all OwlWatt events — fleet devices, API infrastructure, billing, and security.
Alert types reference
Fleet / Devices
API / Infrastructure
Billing / Subscriptions
Security
Collector software
Pi OS image
Heartbeats per minute (last 24h)
Telemetry rows per minute (last 24h)
Per-customer freshness
Anomaly log (last 50)
Abuse detection -- top source IPs (last 5 min)
Failed login spikes (last 5 min)
4xx by endpoint (last 5 min)
Product Roadmap
Source: cloud/app/data/plan.yaml — generated view. Run owlwatt-plan sync to regenerate from source.
Foundations
Lock every decision we'd regret reversing before writing code. Architecture, brand voice, scope, supplier research.
- a. ✓ Architecture of Record (17 locked decisions)
- b. ✓ Product brief (Olivier verbatim)
- c. ✓ Startup plan (phased)
- d. ✓ Brand voice + naming brief
- e. ✓ Scope lock (1 brand, 1 tier, 3 pipes)
- f. ✓ RPi dropship supplier research
- g. ✓ Brand naming pass (OwlWatt)
- h. ○ LLC formation (MA)
- i. ✓ Brand domain purchase
- j. ○ Trademark filing (USPTO TEAS Plus)
Cloud Enphase Credentials
Cloud-to-cloud OAuth for Enphase Enlighten/Kilowatt. Fallback pipe for customers without local collector access.
- a. ✓ Cloud credential store
- b. ✓ Collector enrollment fetches creds
Pre-Install Contract Review
Prospective solar customers upload their installer proposal for a plain-English assessment -- escalator vs fleet median, red-flag clauses, buyout terms.
- a. ✓ Marketing surface at owlwatt.com/pre-install-review
- b. ✓ OCR + Anthropic pipeline (prospect-tuned prompt)
- c. ✓ Report delivery via Resend
- d. ✓ Report delivery via Resend (5-min SLA) with monitoring CTA
Marketing, SEO & Analytics
Get owlwatt.com indexed by Google, establish organic traffic channels, and instrument the site for conversion tracking.
- a. ✓ Landing page rewrite with refined value prop
- b. ✓ 5 SEO content pages at /learn/
- c. ✓ sitemap.xml with all public pages
- d. ✓ Plausible Analytics (being phased out after 2026-05-26)
- a. ✓ IndexNow live (Bing/Yandex/DDG) — v392
- b. ✓ CF Early Hints ON (2026-05-19)
- c. ✓ CF Crawler Hints ON (2026-05-19)
- d. ✓ PostHog (PAYG) — PR #33, merged 53a925e, 2026-05-19
- e. ✓ Rewardful affiliate attribution LIVE
- f. ✓ Plausible removed from 41 customer-facing HTML files (PR #89, 2026-05-27)
- g. 🟡 Impact affiliate platform — BLOCKED (rejected by impact.com 2026-05-29); pivoted to Rewardful + direct outreach
- h. ✓ Google Search Console — domain property verified + sitemap.xml submitted
- i. ✓ JSON-LD structured data (SoftwareApplication + Organization — LocalBusiness skipped, national SaaS)
- j. ✓ og:image 1200×630 landscape — og-card-1200x630.png live, twitter:card upgraded to summary_large_image across 39 HTML files (2026-05-27)
- l. ✓ 5 state SEO landing pages — CA, MA, TX, NJ, NY
- a. ✓ PostHog analytics.js on all 27 customer-facing pages (PR #38)
- b. ✓ Server-side Stripe webhook events via posthog_client.py (PR #38)
- c. ✓ Session replay opt-in on /signup, /pricing, /confirm, /pair, /founders (PR #38)
- d. 🟡 Parallel verification running (until ~2026-05-26)
- e. ○ Remove Plausible snippet after verification passes
Attack Surface Hardening
Triggered by 2026-04-20 external-audit findings. Closes brute-force, enumeration, and privilege-escalation gaps on a paid-customer production system. Zero-cost -- all mitigations reuse existing infra. Completed 2026-05-20.
- a. ✓ Login rate limits
- b. ✓ Security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
- c. ✓ Permissions-Policy header (camera/microphone/usb/geolocation/payment disabled)
- d. ✓ Host-routing tightening — admin paths denied on unknown hosts (fly.dev/direct-IP)
- e. ✓ JWT secret split — APP_JWT_SECRET decoupled from admin_provision_token
- f. ✓ APP_JWT_SECRET rotated (2026-05-19)
- g. ✓ OWLWATT_SESSION_SECRET rotated (2026-05-20 — symmetric pair closure)
- h. ✓ ADMIN_OWNER_EMAIL relabeled to work email (gmail removed from admin UI)
- i. ✓ Secret rotation runbook (docs/security/secret-rotation-runbook.md)
- j. ✓ Signed OTA manifest — ed25519 verification on collector updates (PR
Support Bot (inbound plumbing + AI assistant)
End-to-end customer email support, human-staffed in Phase 1 with a Claude-Sonnet AI assistant assuming drafts/auto-send in Phases 2 & 3. 72-hour human SLA for non-critical issues.
- a. ✓ support_ticket table + in-app form
- b. ✓ Resend inbound/outbound webhook plumbing
- a. ✓ pii_scrub.py: scrub/restore pure functions with known + stray PII redaction
- b. ✓ support_bot.py: generate_draft() best-effort, model haiku-4-5
- c. ✓ SupportTicket.pending_bot_draft / _at / _flagged fields + migration
- d. ✓ Trigger in webhook_support_inbound.py + customer_settings.py (2 sites)
- e. ✓ Admin send-draft + discard-draft endpoints in support_admin_router
- f. ✓ Scope-confinement system prompt + UPL guardrails + output flagging
- g. ✓ Admin HTML UI (editable textarea + Send/Discard buttons)
- a. ○ Category whitelist + confidence threshold
- b. ○ Auto-send pipeline with audit log
Customer Acquisition
Dedicated workstream to find and sign up customers — events, organic search, the proposal-review lead magnet, direct outreach, affiliates, and referrals. The product is built; this is the bottleneck.
- a. ✓ Written acquisition plan — in the Document Library (slug customer-acquisition-plan, v1 current)
- b. 🟡 Home shows & homeowner events — NE calendar built (22 events); booth-spend decision pending
- c. ○ Solarize Mass outreach — contact MassCEC, table at a local community-solar campaign (highest-density solar-owner channel)
- d. ✓ Drive traffic to the pre-install contract-review lead magnet (owlwatt.com/pre-install-review) — CTAs added to landing + 8 marketing pages
- e. ○ Direct founder outreach — first 20 customers
- f. ○ Referral program activation — drive usage of the shipped /refer flow (needs an initial customer base)
- g. 🟡 Affiliate distribution via Rewardful (live) + Impact platform (blocked — rejected by impact.com 2026-05-29; pivoted to Rewardful + direct outreach)
- h. ✓ /apps SEO page — live at owlwatt.com/apps (2026-05-28). MobileApplication + FAQPage + Product schema.org, Apple Smart App Banner, Open Graph, Twitter Card, sitemap entry (0.9). Nav + footer linked.
- i. ✓ 5 /learn cornerstone SEO articles — CA, MA, TX, NJ, NY state landing pages live (2026-05-22). Registered in host-router.
- j. ✓ SEO content strategy doc — published to Document Library (2026-05-22)
- k. ✓ SolarEdge + Windows marketing scrub — false integration claims removed from all customer-facing surfaces (apps.html, vs-omnidian, vs-solaredge-insight, dashboard onboarding copy — PRs 2026-05-29/30)
- l. ○ Paid iOS App Store acquisition (search ads, featured placement)
Ops Instrumentation & API Access
API access and instrumentation so OwlWatt can be operated and measured programmatically — PostHog query access, read-only DB, error tracking, and a unified acquisition/health dashboard.
- a. ✓ PostHog query API key + automated weekly acquisition report (bin/owlwatt-weekly-acquisition-report.py, PR #92)
- b. ✓ Read-only Neon Postgres connection — owlwatt_analytics_readonly role + ~/.secrets/neon_database_url_readonly (PR #92)
- c. ✓ Error tracking (sentry_sdk wired into FastAPI; DSN gated; integrations: FastApi/Starlette/Httpx/Sqlalchemy; sample rates env-driven)
- d. ○ Unified acquisition & health dashboard — signups, funnel, MRR, traffic, uptime (depends on a, b)
- e. ✓ App Store Connect API key — provisioned + verified working (AuthKey_3KTG3UV725.p8 in ~/.secrets/)
- f. 🟡 impact.com API credentials — blocked; impact.com rejected OwlWatt application 2026-05-29; pivoted to Rewardful + direct outreach (no impact.com API needed)
- g. ✓ Resend deliverability instrumentation — hourly collector for sent/delivered/bounced/complained/opened; 5th tile on /admin/ops Traffic section
- h. ✓ Observability Plane v1 — CF/PostHog/Sentry/Fly/Resend hourly collectors + /admin/ops Traffic section + weekly msgcenter digest + singleton-guard (Postgres advisory lock) + Sentry init diagnostic endpoint (/api/admin/_diag/sentry)
Battery Recommendation
"Should I add a battery?" -- 1-10 score, estimated payback in years, recommended capacity. Leverages DSIRE incentives, OpenEI URDB rate plans, and customer telemetry.
- a. ○ DSIRE + URDB scraper / API integration
- b. ○ Battery score model
- c. ○ Battery score tile on dashboard
- d. ○ Prospect proposal review battery section
Enphase OAuth Backfill
Customers connect Enphase/SolarEdge/SMA cloud accounts to backfill historical data and daily-reconcile local vs vendor numbers for trust-building audit.
- Historical backfill (one-time on opt-in) -- 12--24 months from vendor cloud
- Daily cross-match audit -- local vs vendor, <=5% deviation OK, alerts on 3-day divergence
Green Button Integration Strategy
Keep bill OCR as primary. Add Green Button XML import as enrichment. Pursue direct Green Button Connect certification with utilities as medium-term play. Skip UtilityAPI until multi-state expansion.
- a. ○ Green Button XML parser (ESPI schema, interval + billing data)
- b. ○ Consumption import pipeline
- c. ○ Bill OCR + Green Button cross-validation pipeline
- d. ○ Green Button Connect (GBC) certification application with target utilities
- e. ○ UtilityAPI evaluation deferred until multi-state expansion (Phase 4+)
Municipal & Community Solar
Extend OwlWatt to municipal deployments (schools, libraries, fire stations) and community solar programs. Same weather-adjusted analysis, different distribution channel and compliance wrapper.
- a. ○ Multi-site fleet management (50-500 sites per account)
- b. ○ RFP-ready compliance documentation & SOC 2 readiness assessment
- c. ○ Commercial inverter integrations (SolarEdge, SMA, Huawei)
- d. ○ Community solar per-subscriber production verification & reporting
Cloud Token Plumbing
CustomerApiToken model + migration, customer-facing token issuance UI, auth dependency, data-export/purge integration, per-token rate keyfunc. Prerequisite for all HA phases.
- a. ✓ Cloud token plumbing
- b. ✓ HA config entry scaffold
Admin Analytics
GET /api/admin/integrations/ha with HA-channel metrics (total connected, 7d active, tier breakdown, HA versions, signup count 30d, conversion rate, new-installs sparkline, median time-to-first-claim). Integrations tab in admin dashboard.
- a. ✓ HA install analytics in admin dashboard
Referral Button
button.owlwatt_refer_friend entity in the HA integration. On press -- fetches customer_id from /api/ha/v1/manifest, opens owlwatt.com/refer?from=ha&referrer=<id> via persistent notification + frontend.open_url.
- a. ✓ Referral button in HA UI
HW Productionalize
Pi goes from hand-assembled beta to drop-shippable product. SolarEdge, SMA, Tesla collector scaffolding begins.
- Dropship supplier locked + Pi OS image pipeline
- Per-unit enrollment QR + pairing-token flow
- Returns / warranty workflow
- Hardware COGS reconciliation with CFO agent monthly
- Multi-vendor collectors: SolarEdge (beta parity), SMA + Tesla (research-grade)
Scale + Adjacencies
Revenue covers Olivier's time. Cloud-side adjacencies unlock -- shade-exclusion defense, multi-state tariff plugins, Claim Concierge managed service, solar law firm referral network. Pi hardware value-adds are Phase 5.x.
- Shade-exclusion defense module (LiDAR + pvlib + PDF)
- Multi-state tariff plugins (MA to CA NEM 3.0, NY, NJ, NC)
- Claim Concierge -- OwlWatt generates claim report, refers to vetted partner collection agency. Flat marketing referral fee paid by partner firm.
- Solar Law Firm Referral Network -- curated panel of solar-dispute attorneys. Flat referral fee per qualified intake.
- Direct branded email to installers with claim backup
- Neighbor comparison / benchmarking (anonymized per-ZIP cohorts)
Pi Value-Add Features
Expand the Pi from "solar monitor" to "home energy nerve center." Each feature increases switching cost and deepens the customer relationship.
- a. ○ EV Charging Optimization -- shift charging to solar hours via smart charger local API
- b. ○ Grid Outage Logging -- Envoy grid-up/down events, feeds battery recommendation
- c. ○ TOU Rate Alerts -- real-time rate monitoring + solar coverage push notifications
- d. ○ Internet Uptime Monitoring -- distinguish collector offline from ISP outage
- e. ○ Whole-Home Energy Disaggregation -- ML on CT clamp waveforms for appliance ID
- f. ○ Hyperlocal Weather Station -- $15 BME280 on GPIO for roof-level conditions
- g. ○ Demand Response Participation -- utility DR program enrollment, revenue-generating
- h. ○ Water Heater Solar Sponge -- $20 smart relay for solar-timed water heating
- i. ○ Backup Cellular Connectivity -- $30 USB LTE modem failover
- j. ○ Indoor Air Quality -- $10 PMS5003 particulate sensor (stretch)
Capacitor iOS
Capacitor app that remote-loads the owlwatt.com dashboard. Phased — 5.3a existing-customers app + APNs push; 5.3b StoreKit IAP + dual-billing as the new-customer acquisition funnel.
- a. ✓ Implementation plan + scoping (architecture, IAP/dual-billing design, M0-M7 breakdown)
- b. 🟡 App Store Connect — App ID, iOS Distribution cert, APNs key, app record all done (cert/profile created via the App Store Connect API); Small Business Program applied 2026-05-21, pending Apple approval
- c. ✓ Capacitor scaffold + remote-load WebView (loads owlwatt.com dashboard)
- d. ✓ APNs push: DeviceToken model, /api/app/push/register, APNs sender, un-stub push channel
- e. ✓ StoreKit IAP + dual-billing backend — verify/webhook/ledger + billing-router shipped via p1.5b.1+p1.5b.2 (PRs #75 #77 #78 #80, 2026-05-26→27)
- f. ✓ IAP native purchase UI + Restore Purchases — Swift plugin + paywall + Restore + Delete deep-link shipped via p1.5b.3+p1.5b.4 (PRs #82 #84, 2026-05-27)
- g. ✓ Privacy manifest (PrivacyInfo.xcprivacy) + App Store listing draft
- h. ✓ iOS build CI (build-ios.yml)
- i. ✓ App Review + submission — APPROVED for distribution 2026-05-27. Build 2 (reviewSubmission eae3f4c9-f90e-4801-b4aa-4d062f2bebf9) bundled with both subscription products; v1.0 live at https://apps.apple.com/app/owlwatt-solar-monitor/id6771940071. (Original 5.3a submission e8599317 REJECTED 2026-05-26 for 2.3.8 placeholder icons + 3.1.1 IAP required; both fixed in resubmission.)
Disaster Recovery & Backup
Backups and a tested recovery plan for the whole estate — catastrophic loss, breach, or single-component failure — with agentic recovery runbooks. The database currently has no independent backup.
- a. ✓ DR plan document — docs/DISASTER_RECOVERY.md (912 lines, 6 agentic recovery prompts, headline RPO/RTO table — PR #96, 2026-05-27)
- b. ✓ Automated daily Neon pg_dump → R2 + local, AES-256 encrypted, 30-day retention, restore-verified (~/.owlwatt-db-backup, cron 04:23 UTC)
- c. ✓ Encryption-key escrow — OWLWATT_KEK_B64 + APP_FERNET_KEY pulled to ~/.secrets; ~/.secrets itself escrowed daily to R2, AES-256 encrypted (~/.owlwatt-secrets-escrow, cron 04:41 UTC). Neon PITR 6h→7d + production branch protected. Escrow passphrase confirmed saved off-box in Olivier's 1Password (2026-06-01).
- d. ✓ R2 object backup — bin/owlwatt-r2-pdf-backup.sh (PR #91)
- e. 🟡 Hardening — monthly retention ✓, msgcenter failure alerts ✓, B2 second-provider leg LIVE ✓ (cron 04:53 UTC, owlwatt-db-backups-b2 bucket us-east-005, activated 2026-05-27), scoped R2 tokens ✓ (write token wired into all 3 backup crons + read-only token for restores, both verified end-to-end 2026-06-01; backups no longer use the broad prod credential), restore-from-backup drill ✓ (bin/owlwatt-restore-drill.sh — R2→decrypt→isolated Neon branch→restore→row-count→teardown; PASSED 2026-06-01, scheduled monthly 1st @ 05:30 UTC), R2 PDF mirror now cron'd daily 02:15 UTC
Project Gantt Chart
Interactive timeline of all OwlWatt phases. Hover bars for details. Scroll horizontally to navigate.
Critical Path — Blockers & Dependencies
Document Library
Docs stored in R2 — upload new versions without a deploy.
Referral Program
Manage referral partners, track conversions, and view commission stats.
Installer Health Overview
Track installer business viability. When an installer goes under, affected customers lose workmanship warranty + production guarantee coverage.
Landing Page A/B Test
Per-variant impressions, unique visitors, signups, and conversion rate for the 3-arm landing rotation on owlwatt.com — v1-bold / v2-trust / v3-story. Persistent counts from LandingImpression — survives deploys.
Impressions — last 7 days (per variant)
Conversion rate (all-time)
Customers
All non-canary customers. Click View As to open a new tab with that customer's dashboard. An amber banner appears in the customer view; clicking EXIT returns to this page.
Learned patterns
User-submitted contract hints (last 20)
Performance Guarantee Claim Outcomes
Customer-recorded results of filed Performance Guarantee claims. Win rate is computed over decided claims only (pending shown separately).
Support tickets
Integrations — Home Assistant
HA-channel customer analytics. Counts customers with an active API token (used within 7 days).
UA format expected: owlwatt-ha/<version> (HA <ha_version>)