HilltopCommand Center
Secondary · Fintech App · Pre-launch

Knit

Round-up donations app. iOS / React Native + Next.js + Supabase + Plaid + Stripe Connect. Investor deck live; closed beta blocked on the 2026-05-01 Codex audit fixes (PR #1 open) + TestFlight CI + Plaid sandbox health checks.

Audit fixes in PR review
Waitlist signups
Waitlist count
awaiting wire-up
PR #1
Codex audit fixes
awaiting Dan's deploy
Latest TestFlight build
CI not configured
Plaid sandbox health
no monitor yet

Build & deploy status

CI · TestFlight · Vercel · Supabase
knit-app (app repo)Main + Knit rebrand merged
Repo at graychar2425-blip/knit-app (renamed from roundup-for-good 2026-05-01). Local at ~/knit-app. Both PR #2 (KNIT rebrand) and PR #1 (Codex hardening) merged to main 2026-05-01.
Codex fintech auditAll 13 fixed + merged + applied
2026-05-01 audit found 13 issues (3 Critical / 6 High / 3 Medium / 1 Low). All fixed in PR #1 → merged to main. Migration 006_fintech_hardening.sql applied to live Knit Supabase via session pooler 2026-05-01: Stripe idempotency, RLS hardening (BEFORE-UPDATE trigger blocks self-upgrade of is_premium / stripe_customer_id), Plaid webhook ES256 verification, cursor-based sync (added/modified/removed), Charityvest grant idempotency, web onboarding wired to Supabase auth, mobile error-check, MFA + email-confirmation. Verdict: production-ready blockers cleared.
knit-waitlistLive
Vercel · roundupforgood-waitlist.vercel.app · accepting signups
Investor deckLive
Vercel · roundup-investor-deck.vercel.app · 12 slides
Beta iOS prototypeLive
Single-file HTML, 6-screen clickable demo with iPhone bezel · ↗ Open prototype
TestFlight workflowPipeline ready · Dan setup pending
GitHub Action .github/workflows/mobile-testflight.yml committed (in PR #1). Triggers on mobile-v* tag push: EAS Cloud build → TestFlight submit → Telegram notify. Dan one-time setup (~30-45 min, runbook at docs/testflight-setup.md): create App Store Connect app record, run eas credentials once locally, fill 3 IDs in eas.json, add EXPO_TOKEN to GH secrets. Then every release = one tag push.
Knit Supabase projectLive · Healthy · 6/6 migrations applied
Org "Knit" / project "knit" / ref dkedzqzbpkaowsibhged · region us-east-2 (Ohio) · Nano compute (free tier). Created 2026-05-01 via browser-automation. Schema verified via REST: 10 tables exposed (allocations, bank_accounts, charities, donation_batches, donations, payment_methods, push_tokens, transactions, users + auth views). Direct conn IPv6-only on free tier — apps connect via session pooler (aws-1-us-east-2.pooler.supabase.com:5432). Local apps/web/.env.local wired with new URL + anon + service_role keys. Open dashboard: supabase.com/dashboard/project/dkedzqzbpkaowsibhged
Plaid sandboxNo monitor
No daily health check script yet. Plaid MCP not installed. Deferred to roadmap day 1-7.

Pre-launch readiness

Tracked from production checklist · 2026-04-27
  • Investor prototype live (clickable iOS pitch, 6 screens) · open
  • Investor deck shipped (12 slides, real warm-paper design system)
  • Business model analysis (TAM/SAM/SOM, P25/P50/P75)
  • Investor target list (25 firms, Tier 1/2/3, 4-week cadence)
  • Waitlist site live
  • Terms language draft (lawyer review pending)
  • Clone knit-app repo to this host
  • Codex fintech audit (2026-05-01) — 13 issues identified
  • Audit fixes in code · PR #1 merged
  • Apply migration 006_fintech_hardening.sql to live Knit Supabase (all 6 migrations applied via session pooler)
  • Merge PR #1 to main (squashed)
  • Knit Supabase project provisioned + wired to apps/web/.env.local
  • Authenticate Supabase MCP (still broken on Supabase's side — workaround: session pooler conn string in env)
  • Install Plaid MCP (official)
  • Install App Store Connect MCP (zelentsov-dev/asc-mcp)
  • Wire TestFlight CI workflow on tag push
  • Daily Plaid sandbox health check (cron 6 AM)
  • Stripe MCP for Stripe Connect ops
  • Closed beta launch
  • App Store submission

Pipeline + outreach

Investors + waitlist
Investor outreach (DD readiness pending)
25-firm target list compiled. Pre-seed stage. Tier 1/2/3 split with check sizes, conflicts to avoid, and 4-week outreach cadence. Three DD gaps still to close before first call: unit economics deck, 24-month operating plan, cap table cleanup.
Waitlist signups
Waitlist live but signup count not yet wired to this dashboard. Signups stored in waitlist repo data layer; needs ingestion script. Estimated: low double-digits at this stage based on landing-page conversion estimates.
Open Knit blockers
B-KN-01High
knit.app domain not yet registered.
Blocks production email (hello@knit.app, legal@knit.app) and final Vercel DNS swap · ~$15/yr at Cloudflare or Namecheap
B-KN-02High
App Store Connect entry not yet created (bundle ID app.knit.mobile).
Blocks TestFlight submission · ~10 min in Apple Developer portal once you're at a desktop · runbook at docs/testflight-setup.md

Recent activity

Live feed pending repo wire-up
Activity feed will populate after repo clone
Once git clone completes locally and the build script extends to read from the repo's git log + CI artifacts, this section will show the last 12 build / commit / TestFlight events. Until then, intentional empty state.
See cross-business activity