What we're building next.

Side-by-side grade matrix and overlaid score charts for up to 4 domains.

Define exactly which checks run on which domains — useful for staging vs production environments.

First-visit walkthrough of scan → verify → monitor → cmd+k for new dashboard users.

Full v3 redesign of /dashboard and /admin with neutral palette, light + dark themes, Cmd+K palette, keyboard shortcuts, mobile drawer.

Per-domain detail page with KPI strip, score trend, issues over time, full scan history table, notes, tags.

Customer-facing trends with time-range selector, score chart, scans/day, issues/day, grade distribution, top domains.

PCI-DSS, SOC 2, ISO 27001 evaluations across all your verified domains in a single grid view.

Paste up to 20 domains and scan them in parallel. Pro feature with live results table.

Copy-pasteable starter templates for DMARC, SPF, DKIM, MTA-STS, HSTS, CSP, X-Frame-Options, Referrer-Policy.

Full record of every webhook fired with status code, response, latency. Test button included.

Native blocks/embed payloads when the destination URL is hooks.slack.com or discord.com.

Enterprise WeasyPrint reports downloadable from the dashboard with one click.

Install to home screen, offline shell, service worker. Manifest + cache layers shipped.

Real role column on users with token-version revocation. Admins can promote/demote inline.

Public form, admin review queue, featured-on-homepage flag, public API for the marketing site.

Inline-editable notes and tag chips on every verified domain. Up to 12 tags per domain.

Programmatic scan + result fetch with HMAC-signed webhook delivery and per-key revocation.

Multi-user organisations with role-based access and invite-by-email flow.

Given a verified parent domain, automatically discover and scan all subdomains on a schedule.

Compare any two scans of the same domain — what changed between Tuesday and today, line by line.

Block PRs that drop your security score below a configurable threshold. Drop-in workflow.

Page on-call automatically when a critical CVE is discovered on a monitored domain.

Auto-create tickets for new findings and close them when the next scan shows the fix landed.

Connect CQwerty Shield to 5,000+ apps via the existing webhook system.

Run CQwerty Shield under your own brand for managed service provider customers.

Real audit, not just an overlay. Q3 2026.

Augment scans with live threat intel from CTI feeds, not just CVE/KEV.