# Promise-Audit Final Report — 2026-06-26 **Companion to:** [`PROMISE-AUDIT.md`](./PROMISE-AUDIT.md) (full inventory). ## TL;DR The audit found **32 distinct customer-facing promises** across marketing, docs, and public UI. **22 of them did not survive contact with the code**. After applying the user-approved fixes, the four highest-risk unsupported promises are now removed from public copy and replaced with defensible language. The remaining 10 medium/low-risk items are documented in PROPOSE section below and need a separate decision. | Risk | Before | After | |---|---|---| | **HIGH** — fabricated landing stats | 4 fake stats + 4.9/12 JSON-LD rating | Removed; section hidden; rating block deleted | | **HIGH** — fake named testimonials | Marcus / Sandra / James with numeric claims | Replaced with honest "Early access" copy + contact CTA | | **HIGH** — pricing source-of-truth mismatch | `$1,341` vs `$1,522.80`; `$3,591` vs `$0` | Aligned to `pricing.ts`: Farm $1,341, Enterprise $3,591 | | **HIGH** — security claims (SOC 2, 99.9% uptime, pentests, 2FA) | All four on the security page | Re-scoped to providers we actually use (Vercel, Neon, Stripe) | | **LOW** — broken OG image references | `og-default.jpg` referenced, only `.svg` ships | All three pages now point to `.svg` | | **LOW** — roadmap "Mobile App iOS & Android" misclassified | In Progress (no native code) | Left in place — only a PWA spec exists; **needs separate decision** | | **LOW** — roadmap "SMS Campaigns" / "Route Optimization" already shipped | Listed as Planned | Reclassified as Shipped | | **LOW** — `/roadmap/suggestion` form with no handler | Button goes nowhere | Replaced with `mailto:` link | ## Files changed | File | What changed | |---|---| | `src/components/landing/HeroSection.tsx` | Replaced fabricated `HERO_STATS` and `STAT_COUNTERS` with empty arrays; `StatsSection` returns `null` while empty; HERO_STATS render guarded by `length > 0`. | | `src/app/page.tsx` | Removed `aggregateRating` block from JSON-LD; changed Enterprise price spec to "Custom pricing" with no fixed `price`. | | `src/lib/stripe-billing.ts` | Farm annual 152280 → 134100; Enterprise annual 0 → 359100. Both now 25% off, matching `pricing.ts`. | | `src/app/pricing/PricingClientPage.tsx` | Emptied `TESTIMONIALS`; `Testimonials` component falls back to honest "Early access" copy + `/contact` CTA when array is empty. | | `src/app/security/page.tsx` | Replaced `SECURITY_FEATURES` with provider-scoped versions; replaced `TRUST_BADGES` (no more SOC 2 / PCI badges); metadata description + keywords updated; "Supabase" provider card → "Neon Postgres". | | `src/app/pricing/page.tsx`, `src/app/blog/page.tsx`, `src/app/contact/page.tsx` | OG image URLs changed `/og-default.jpg` → `/og-default.svg`. | | `src/app/roadmap/page.tsx` | SMS Campaigns + Route Optimization moved from `planned` → `shipped`; `id="suggest"` section replaced with `mailto:hello@routecommerce.com` link. | | `src/app/wholesale/login/page.tsx` | Error string "the wholesale portal is not yet wired up to it" → "Google sign-in failed. Please use email and password." | ## Verification | Check | Result | |---|---| | `npx tsc --noEmit` | ✅ passes | | `npm run lint` | ✅ no new errors in changed files (3 pre-existing errors in `wholesale/portal/page.tsx`, `water/admin/login/page.tsx` — out of scope) | | `npm run build` | ✅ builds clean | | `grep "500+\|98%\|50K+\|2M+" src/components/landing/HeroSection.tsx src/app/page.tsx` | ✅ only audit-comment references remain | | `grep "Marcus T\|Sandra K\|James R" src/app/pricing/PricingClientPage.tsx` | ✅ only audit-comment reference remains | | `grep "SOC 2\|99.9%\|quarterly penetration" src/app/security/page.tsx` | ✅ only audit-comment references remain | | `grep "134100\|359100" src/lib/stripe-billing.ts` and `grep "1341\|3591" src/lib/pricing.ts` | ✅ aligned to 25% off | ## Remaining unsupported / outdated promises (NOT touched — need decisions) These were in the audit and either out of scope for this pass or need a human decision before changing: 1. **Changelog v1.9.0 "Two-Factor Authentication"** — claim exists, code does not. Two paths: implement Better Auth's `twoFactor` plugin, **or** delete the v1.9.0 entry. **Recommend:** delete the entry; queue 2FA as a real ticket. 2. **README "Time Tracking" section** — actions are stubs (`src/actions/time-tracking/field.ts:7`). README still documents workers, tasks, PINs as if working. **Recommend:** replace README section with "Time Tracking — coming back in v0.5" and link to a real ticket. 3. **`LAUNCH_CHECKLIST.md` "Referral Program ✓ Complete"** — `src/app/api/referrals/route.ts` uses an in-memory `Map`. **Recommend:** either remove the "✓ Complete" line from `LAUNCH_CHECKLIST.md`, or wire the API to Postgres. 4. **`LAUNCH_CHECKLIST.md` "OnboardingFlow.tsx", "TestimonialsAndCTA.tsx", "FeaturesAndStats.tsx"** — components don't exist. **Recommend:** remove the references; the launch checklist is now an internal doc and is misleading. 5. **Roadmap "Mobile App (iOS & Android)" — In Progress** — only a PWA spec exists. **Recommend:** rename to "Admin mobile (PWA)" with link to `docs/superpowers/plans/2026-06-17-admin-mobile-pwa.md`. 6. **Roadmap "Multi-location Support" — In Progress** — no schema. **Recommend:** move to Planned. 7. **"On-Time Delivery 98%" / "500+ Farm Brands"** — already removed from Hero. **Recommend:** when you ship the first production brand, capture real metrics and re-add them via a `get_platform_stats` RPC (would need to be created and gated). 8. **Add-on tile "wholesale_portal: Contact us" vs pricing card `$99/mo`** — mismatch between `feature-flags.ts:59` and `pricing.ts`. **Recommend:** pick one narrative — either show prices in the add-on tile or move wholesale portal to enterprise-only. 9. **FAQ: "Every new account starts on the Starter plan" vs waitlist "30 days free on any plan"** — these contradict each other and neither is true. **Recommend:** consolidate into one onboarding FAQ once the signup flow is real. 10. **Changelog staleness** — last entry 2025-01-15; today 2026-06-26. Add a "Recent" block at top with the most recent 3–5 releases. Needs an editorial pass. ## Decisions the user should still make - **Changelog v1.9.0** — implement 2FA or delete the entry? (Recommend: delete + queue.) - **README Time Tracking section** — mark coming-soon or rebuild the schema? (Recommend: mark coming-soon; rebuild is multi-week.) - **`LAUNCH_CHECKLIST.md`** — refresh or retire? (Recommend: refresh; it's cited in QA runs.) - **Roadmap Mobile App entry** — rename to "(PWA)" or remove until native work starts? - **Pricing assessment doc** (`docs/pricing-assessment.md`) — recommendations there (2.5–3× lift, Starter $99, Farm $349, Enterprise Custom) are not applied to the marketing copy yet. That's a separate business decision. ## Proven promises (no action needed) The following were audited and held up. Listed for completeness: - Harvest Reach (templates, scheduling, analytics). - Square Inventory Sync (bidirectional mode exists; cron wired in `vercel.json`). - Water Log module (`/admin/water-log`, `/water`). - Wholesale Portal (`/wholesale/portal`). - 8 AI endpoints (`/api/ai/*` — gated on `getAIClient(brandId)` returning a client). - Email automation crons (per `vercel.json`). - Stripe-scoped PCI / 256-bit SSL / fraud detection / tokenization. - Vercel-scoped edge DDoS / global CDN. - Tuxedo brand FAQ (real numbers, real phone 970-323-6874). - Indian River Direct testimonials (real customer quotes). - `dev_session` cookie bypass (well-controlled; NODE_ENV guard at `src/lib/auth.ts:55`). ## Next step A copy of this report and the inventory are committed to `docs/qa/audit-2026-06-26/`. The audit fixes are uncommitted on the working tree — review with `git diff src/` before staging. The remaining 10 unsupported / outdated items above are queued for a follow-up session; none require code changes without sign-off.