Article•5 min read·
The Plan: From Two Visitors a Day to Inbound Work
Real numbers, three phases, falsifiable targets — written by the AI that has to execute it.
Read full article→
Stu Mason
This week: I shipped GDPR/PECR compliance for a client project, added consent capture, unsubscribe handling, erasure request and retention controls so users can manage consent, unsubscribe from communications, request data deletion and have data expire per policy.
auto-generated by AI from this week's GitHub activity
427★ coolify-mcp11.1K npm installs/mo9.1K Laravel package installs22 PRs this week5★ from 11 reviews15+ years
Activity
Live
PR #203 merged: fix: GDPR/PECR compliance — consent, unsubscribe, erasure, retention
+549-1717 files
Summary Compliance fixes from the audit, in rough order of legal urgency: Marketing consent is no longer pre-ticked. Pre-ticked boxes are invalid consent under UK GDPR (Planet49/ICO guidance). The registration checkbox now defaults to unchecked and the DB column default flips to ...
PR #90 merged: feat: daily GitHub profile sync + hero digest privacy fix
+129-13 files
Profile sync (daily 02:20, after at 02:15) pushes the generated digest into the profile README between markers via the GitHub contents API. First run bootstraps the section plus Work with me / Sign up to my newsletter links pointing at stumason.dev. Existing README content is lef...
Shawn M., Jetpack Labs
"Stu's been embedded with our team for over a year. Daily standups, same Linear board, same Slack. When we needed a maintenance tracking module built -..."
PR #90 opened: feat: daily GitHub profile sync + hero digest privacy fix
+129-13 files
Profile sync (daily 02:20, after at 02:15) pushes the generated digest into the profile README between markers via the GitHub contents API. First run bootstraps the section plus Work with me / Sign up to my newsletter links pointing at stumason.dev. Existing README content is lef...
PR #202 merged: fix: harden payment flow against orphaned holds and webhook races
+369-5613 files
Summary Plugs four money-handling gaps found in the payments audit: Cancelled jobs now release the Stripe card hold. existed but was wired to nothing — cancelling a job left the client's manual-capture authorization sitting on their card until Stripe expired it (~7 days) and or...
PR #206 opened: feat: ops alerting and auth hardening
+170-99 files
Summary The observability + misc-security batch from the audit: Alerting (previously: nothing fired when infra died) Sentry cron monitoring on every scheduled task via — a dead scheduler or failing task raises a missed-check-in alert in Sentry. Previously a dead scheduler silen...
PR #89 merged: feat: auto-generated weekly hero line — the claim that demonstrates itself
+187-218 files
The hero says "I build software that uses AI to solve real problems." This makes the hero prove it: one AI-written sentence about the week's actual shipped work, directly underneath, labelled honestly as auto-generated. Anti-slop measures Input is real data: the week's merged PRs...
PR #205 opened: feat: close the verification black hole for cleaners
+345-1214 files
Summary From the funnel audit: the biggest supply-side leak. A sole-trader cleaner finishing onboarding was told "Your profile is now live" — but wasn't searchable until an admin approved their ID + Right to Work, and approve/reject sent no notification at all. Cleaners sat in ...
MVP Development
4-8 week builds. No theatre, just shipping.
PR #89 opened: feat: auto-generated weekly hero line — the claim that demonstrates itself
+187-218 files
The hero says "I build software that uses AI to solve real problems." This makes the hero prove it: one AI-written sentence about the week's actual shipped work, directly underneath, labelled honestly as auto-generated. Anti-slop measures Input is real data: the week's merged PRs...
PR #88 merged: feat: live open-source proof in hero + scheduled AI summaries
+204-198 files
The claim that updates itself The strongest credential wasn't on the site: 424★ coolify-mcp, 12.3k npm installs/month, 472 stars across public repos. This adds it to the hero proof line, fetched live and cached — the numbers grow on their own. : GitHub repos (total + top repo...
PR #88 opened: feat: live open-source proof in hero + scheduled AI summaries
+204-198 files
The claim that updates itself The strongest credential wasn't on the site: 424★ coolify-mcp, 12.3k npm installs/month, 472 stars across public repos. This adds it to the hero proof line, fetched live and cached — the numbers grow on their own. : GitHub repos (total + top repo...
PR #204 merged: chore: run Claude GitHub workflows on Fable 5
+2-22 files
Bumps the @claude workflow from to and pins the PR-review workflow (previously action default) to the same. Requested by Stu — let's see if the reviews get sick.
This week's activity
22PRs
0releases
20.1klines
PR #204 opened: chore: run Claude GitHub workflows on Fable 5
+2-22 files
Bumps the @claude workflow from to and pins the PR-review workflow (previously action default) to the same. Requested by Stu — let's see if the reviews get sick.
PR #203 opened: fix: GDPR/PECR compliance — consent, unsubscribe, erasure, retention
+549-1717 files
Summary Compliance fixes from the audit, in rough order of legal urgency: Marketing consent is no longer pre-ticked. Pre-ticked boxes are invalid consent under UK GDPR (Planet49/ICO guidance). The registration checkbox now defaults to unchecked and the DB column default flips to ...
PR #87 merged: feat: AI summaries for feed items (cheap LLM pass over automated activity)
+307-610 files
Recreation of #86 (auto-closed when its stacked base branch was deleted). Same content, now based on main. action via existing — default, to override. Stores ; DTO prefers it. Queued at ingest (webhook + sync), no-ops without . backfill (, , ). Preserve across 30-min re-syncs (...
PR #87 opened: feat: AI summaries for feed items (cheap LLM pass over automated activity)
+307-610 files
Recreation of #86 (auto-closed when its stacked base branch was deleted). Same content, now based on main. action via existing — default, to override. Stores ; DTO prefers it. Queued at ingest (webhook + sync), no-ops without . backfill (, , ). Preserve across 30-min re-syncs (...
PR #85 merged: feat: curate activity feed — filter bot noise, dedupe PR events, plain-text excerpts
+462-910 files
Why The homepage feed was an unfiltered webhook dump: every PR appeared twice (opened + merged), dependabot bumps dominated the front page, and raw PR markdown/HTML ( blocks from dependabot bodies) leaked into the cards. For a client-facing portfolio that's noise drowning signal....
Kevin Coyle, Drutek
"Stu gets AI development. He's fast, clever about what to automate, and ships real working tools. Most developers talk about AI - Stu actually builds w..."
PR #202 opened: fix: harden payment flow against orphaned holds and webhook races
+369-5613 files
Summary Plugs four money-handling gaps found in the payments audit: Cancelled jobs now release the Stripe card hold. existed but was wired to nothing — cancelling a job left the client's manual-capture authorization sitting on their card until Stripe expired it (~7 days) and or...
PR #86 opened: feat: AI summaries for feed items (cheap LLM pass over automated activity)
+307-610 files
Stacked on #85 — merge that first; GitHub will retarget this to main. Why Even with bot noise filtered (#85), raw PR bodies are written for reviewers, not clients. This adds the AI pass: a cheap model rewrites each PR/release into 1–2 plain-English sentences for the feed card...
PR #86 closed: feat: AI summaries for feed items (cheap LLM pass over automated activity)
+307-610 files
Stacked on #85 — merge that first; GitHub will retarget this to main. Why Even with bot noise filtered (#85), raw PR bodies are written for reviewers, not clients. This adds the AI pass: a cheap model rewrites each PR/release into 1–2 plain-English sentences for the feed card...
Stu Mason
It works on my agent's machine? · UK