Files
route-commerce/docs/qa/audit-2026-06-26/PROMISE-AUDIT.md
T
Nora bb349e42f5 docs(qa): remove 4 high-risk unsupported marketing/security promises
Per docs/qa/audit-2026-06-26/FINAL-REPORT.md. Audited 32 customer-facing
promises across marketing, docs, and public UI; 22 lacked code backing.
This commit removes the four highest-risk items:

- Fabricated landing stats (500+ farms, 98% on-time, 50K+ orders, 2M+ lbs)
  and 4.9/12 JSON-LD rating on src/app/page.tsx + HeroSection.tsx.
- Fake named testimonials (Marcus / Sandra / James with numeric claims)
  replaced with honest 'Early access' copy + contact CTA.
- Pricing source-of-truth mismatch: Farm annual 152280 -> 134100,
  Enterprise annual 0 -> 359100 (25% off, matching pricing.ts).
- Security claims (SOC 2 Type II, 99.9% uptime SLA, quarterly pentests,
  2FA via Supabase Auth) re-scoped to providers we actually use (Vercel,
  Neon Postgres, Stripe). Provider cards updated.
- Plus LOW-risk cleanups: OG image refs (-> .svg), SMS Campaigns + Route
  Optimization reclassified as shipped on roadmap, /roadmap/suggestion
  form replaced with mailto:, wholesale login Google error string fix.

Note: src/app/wholesale/login/page.tsx and src/app/pricing/PricingClientPage.tsx
were also touched by an unrelated useState->useReducer refactor in the
same session. Those changes are bundled here because git add -p per-hunk
separation would be brittle. Follow-up commits should isolate the
remaining 81 modified files if they belong to a coherent change.

Remaining 10 unsupported items documented in PROPOSE section of
FINAL-REPORT.md need separate decisions (see that file).
2026-06-26 17:08:08 -06:00

24 KiB
Raw Blame History

Customer-Facing Promise Audit — Route Commerce

Date: 2026-06-26 Scope: Every promise the product makes to customers across marketing, documentation, public UI, and "AI answers" (admin copy that talks to the user in product voice). Includes pricing, security, changelog, roadmap, landing hero/stats, FAQ copy, product descriptions, and LAUNCH_CHECKLIST.md.

Method: Walked every customer-touching surface in the repo. For each distinct promise, captured (a) the exact copy, (b) the file/line, and (c) the strongest evidence — code, schema, docs, or absence of evidence — underneath. Then assigned one label per the user contract.

Labels used

Label Meaning
PROVEN Code/schema/docs substantiate the claim today.
PARTLY PROVEN Substantially true but with caveats; copy overstates one detail.
MISLEADING The headline reads true but the fine print is materially wrong, or the framing suggests a stronger guarantee than reality.
UNSUPPORTED No code, schema, audit, contract, or credential backs the claim.
OUTDATED Was true at one point, no longer true.
MISSING EVIDENCE Need a human or system to confirm before we can label.

1. Landing & marketing surfaces

1.1 Landing hero stats — src/components/landing/HeroSection.tsx:48

{ stat: "500+",  label: "Farm Brands" }
{ stat: "98%",   label: "On-Time" }
{ stat: "50K+",  label: "Deliveries" }

Plus STAT_COUNTERS (HeroSection.tsx:84):

500   "Produce Brands"
50K   "Orders Delivered"
98%   "On-Time Delivery"
$2M+  "Weekly Sales"

Evidence: None. No customers in tree, no DB row count, no integration that surfaces live numbers. The pricing-assessment doc (docs/pricing-assessment.md:79) already flags this: "Landing-page stats are aspirational, not real. The working tree has no customers; this is a marketing claim that could trip up B2B buyers doing due diligence. Either back it with real numbers or remove it."

Label: UNSUPPORTED (high-risk: B2B due-diligence exposure). Fix rank: #1.

1.2 Landing feature copy — HeroSection.tsx:5398

Promise Evidence Label
"Showcase seasonal produce with rich media galleries and real-time availability updates" No realtime subscriptions on storefront. supabase is mentioned in indian-river-direct/page.tsx for brand lookup, but product availability is a fresh fetch. MISLEADING
"Optimize delivery routes with intelligent mapping and real-time scheduling" src/app/api/ai/route-optimizer/route.ts exists but is gated on admin user + AI provider key. No live routing on the storefront. PARTLY PROVEN (admin-only)
"Track orders from placement through delivery with automated status updates" No delivery tracking. Order status is admin-set. UNSUPPORTED
"Give buyers a dedicated space to browse pricing and place bulk orders" Wholesale portal exists. PROVEN
"Send email and SMS campaigns about seasonal availability and new harvests" Harvest Reach exists for admin. PROVEN (admin surface)
"Uncover sales trends and operational insights with real-time dashboards" Reports dashboard exists; not realtime. PARTLY PROVEN

1.3 Pricing page — src/app/pricing/PricingClientPage.tsx

Promise Evidence Label
AggregateRating in JSON-LD 4.9 / 12 reviews (src/app/page.tsx:55) Inline comment: // Placeholder — replace with real review data once collected. UNSUPPORTED (fabricated rating published as structured data; Google could surface it).
"Marcus T., Fresh Fields Farm" / "Sandra K., Pacific Produce Co-op" / "James R., Gulf Coast Distribution" testimonials (PricingClientPage.tsx:5458) No source. Names are made up. MISLEADING (named-person testimonials with no consent)
"Harvest Reach alone paid for the subscription. Our pickup rate went from 70% to 94% in two months." No source. UNSUPPORTED (specific metric, no customer)
"Every new account starts on the Starter plan. … No credit card required to start." (FAQ line 24) Waitlist page (line 103) contradicts: "Early access members get 30 days free on any plan." No self-serve signup exists; brands are seeded by scripts/provision-admin.ts. MISLEADING (conflicting free-trial claims)
"Enterprise customers can pay by invoice" (FAQ line 32) pricing.ts prices Enterprise at $399/mo; stripe-billing.ts has annual=0 (Custom); the FAQ says invoice. None of these match the public pricing card. MISLEADING (internal pricing model is inconsistent with public copy)
"Add-ons are available on any plan. … billed proportionally when added mid-cycle." No proportional-billing code path in src/actions/billing/. Stripe proration is on but the proportional UI copy implies a feature we haven't built. PARTLY PROVEN
Save 25% with annual (line 160) pricing.ts shows: Starter annual 441 = 49×12×0.75 ✓; Farm 1341 = 149×12×0.75 ✓; Enterprise 3591 = 399×12×0.75 ✓. But stripe-billing.ts:34 shows Farm annual = $1,522.80 (15% off). Two sources of truth disagree. MISLEADING (internal inconsistency; one of the two is wrong)
"Dedicated SLA" (Enterprise feature) No SLA document, no sla_* table or RPC, no uptime monitoring integration. UNSUPPORTED
"Priority support" (Farm) No support tier system, no SLA, no escalation path. UNSUPPORTED
Compare table "AI Intelligence Pack" Enterprise-only Roadmap / pricing says Farm has Harvest Reach but not AI. Pricing page mirrors that. PROVEN (consistent)
Compare table "Multi-location Support" — not actually in the table (referenced on roadmap only) n/a n/a

1.4 Pricing JSON-LD — src/app/page.tsx

offers: { lowPrice: 49, highPrice: 399, ... }
priceSpecification: [ {Starter 49}, {Farm 149}, {Enterprise 399} ]

CLAUDE.md (the canonical reference) says Enterprise is "Custom" pricing. Label: MISLEADING. The structured-data layer is publishing a price that the platform says is custom. This is the kind of thing that surfaces in Google search snippets and creates procurement friction.

1.5 Waitlist — src/app/waitlist/page.tsx

Promise Evidence Label
"Join 500+ farms on the waitlist" / "12+ States Covered" / "Q2 Launch Target" Hard-coded copy. No waitlist row count. UNSUPPORTED (three different numbers, all made up)
"I've been waiting for a platform like this. The wholesale portal alone will save us hours every week." — Maria S., Sunny Acres Farm No source. UNSUPPORTED
"Yes! Early access members get 30 days free on any plan." No billing code grants this. UNSUPPORTED
"Full access to all features including products, orders, stops management, and communications." Waitlist → /api/waitlist writes a row. Does NOT auto-create a tenant. MISLEADING

1.6 Indian River Direct landing — src/app/indian-river-direct/page.tsx

TESTIMONIALS = [
  { name: "Linda Hurlbut", text: "I finally got my grapefruit from you today..." },
  { name: "Phil Myers",   text: "I just wanted to comment on the citrus I received..." },
  { name: "Bill Prue",    text: "I would just like to say how pleased we are..." }
]

Evidence: These are real customer quotes from the brand owner's email archive (different file than the pricing page). Label: PROVEN for IRD-specific surface; isolated risk.


2. Pricing & billing internal consistency

2.1 Two pricing sources of truth

src/lib/pricing.ts (marketing UI):

Farm annual = $1,341  (25% off)
Enterprise annual = $3,591 (25% off)

src/lib/stripe-billing.ts (Stripe checkout logic):

Farm annual = $1,522.80  (15% off)  ← src/lib/stripe-billing.ts:67
Enterprise annual = $0  (Custom)     ← src/lib/stripe-billing.ts:82

Label: MISLEADING — the marketing UI cannot be trusted to match what the checkout will charge. Fix rank: #2 (after landing stats, since this can cost real money).

2.2 Feature flags display

src/lib/feature-flags.ts:59 shows wholesale_portal: "Contact us" and ai_tools: "OpenAI API required", but pricing.ts prices them at $99 and $59.

Label: MISLEADING (the add-on tile says "Contact us" while the pricing card says "$99/mo"). Same item, two prices.

2.3 Add-on Stripe env-var mismatch

src/actions/billing/stripe-checkout.ts:19 reads STRIPE_PRICE_WATER_LOG. pricing.ts and stripe-billing.ts agree on price. But stripe-billing.ts:154 also defines _annual price IDs that are never used.

Label: PARTLY PROVEN (works for monthly, but annual is not actually wired in any Stripe price env var the docs mention). Fix rank: lower.


3. Security page — src/app/security/page.tsx

Promise Evidence Label
"SOC 2 Compliant — Our infrastructure meets SOC 2 Type II standards for security, availability, and confidentiality." No SOC 2 report, no auditor name, no compliance-trust URL. UNSUPPORTED (high-risk; this is a regulatory/compliance claim).
"We conduct quarterly penetration tests and annual security audits with certified third parties." No pentest repo, no audit report, no scheduled task. UNSUPPORTED
"99.9% Uptime SLA — Enterprise plan customers receive a 99.9% uptime guarantee with 24/7 monitoring." No SLA doc, no sla_* table, no monitoring integration beyond Vercel's defaults. UNSUPPORTED
"GDPR & CCPA Compliant" src/app/privacy-policy/page.tsx exists but does not include DPA, SCCs, or data-residency clauses. PARTLY PROVEN (privacy page exists; compliance posture unverified)
"Supabase Auth provides secure, compliant authentication with 2FA support." (line 69) Auth was migrated to Neon Auth (src/lib/auth.ts), and 2FA is not enabled in the Better Auth config. OUTDATED + UNSUPPORTED (both — wrong product AND no 2FA)
"SSL Secured" / "SOC 2 Compliant" / "GDPR Ready" / "PCI Compliant" trust badges (line 47) Same SOC 2 / PCI issue. UNSUPPORTED
"Stripe — PCI-compliant payment processing" (line 178) Stripe IS PCI DSS Level 1; we inherit it. PROVEN for Stripe's posture. PROVEN (when scoped to Stripe's posture, not our own)
"Vercel — Edge network with automatic DDoS protection and global CDN" (line 168) Vercel does provide this. PROVEN (when scoped to Vercel's posture)
"Supabase — PostgreSQL database with built-in encryption and real-time capabilities" (line 173) DB is now Neon Postgres direct via pg, not Supabase. OUTDATED
"256-bit SSL encryption" / "PCI DSS Level 1 compliant" / "Advanced fraud detection" / "Secure card tokenization" All Stripe attributes, true when scoped to Stripe. PROVEN (Stripe-scoped)
mailto:security@routecommerce.com for vulnerability reports Inbox unverifiable from repo. MISSING EVIDENCE (need to confirm mailbox monitored)

4. Changelog — src/app/changelog/page.tsx

Version Promise Evidence Label
2.4.0 (2025-01-15) "Harvest Reach Email Campaigns — …templates, scheduling, and analytics" Templates, scheduling, analytics all in code. PROVEN
2.3.0 "Square Inventory Sync" Settings UI + square_to_rc / rc_to_square / bidirectional modes in SquareSyncSettingsClient.tsx:443. PROVEN (UI exists; cron at /api/square/process-queue is wired in vercel.json).
2.2.2 "Dashboard now loads 40% faster" No benchmark in tree. UNSUPPORTED (specific perf claim with no measurement)
2.2.1 "Order Export Fix" Generic bug-fix entry. MISSING EVIDENCE (cannot verify without git blame)
2.2.0 "AI Intelligence Pack — Campaign Writer, Pricing Advisor, Demand Forecasting. Available on Enterprise plan." All 8 AI endpoints exist (/api/ai/*); all gated on getAIClient(brandId) returning a client. Requires brand to have an AI provider key configured. PARTLY PROVEN (works only when brand has configured an API key — defaults to OpenAI which is BYO key, not "included in Enterprise")
2.1.0 "Water Log Module" Module exists at /admin/water-log and /water; schema documented in docs/water-log.md. PROVEN
2.0.0 "New Admin Dashboard" v2 routes under /admin/v2/*. PROVEN
1.9.0 (2024-10-30) "Two-Factor Authentication" No TOTP/2FA in src/lib/auth.ts or src/auth.config.ts. Better Auth supports a twoFactor plugin but it is not registered. UNSUPPORTED (high-risk; this is the headline 1.9.0 feature and it doesn't exist)

Changelog metadata issue: the changelog's most-recent entry is dated 2025-01-15. We're in June 2026. Label: OUTDATED as a whole (this page silently went stale).


5. Roadmap — src/app/roadmap/page.tsx

5.1 "Shipped" column (page.tsx:35)

Item Promise Evidence Label
Harvest Reach Email Campaigns Code lives under /admin/communications. PROVEN
Square Inventory Sync Code + queue cron. PROVEN
AI Intelligence Pack 8 endpoints, brand-gated. PROVEN (with the same caveat as 2.2.0 above)
Water Log Module Module lives at /admin/water-log. PROVEN

5.2 "In Progress" (page.tsx:43)

Item Promise Evidence Label
Mobile App (iOS & Android) No ios/, android/, or React Native config. The "admin mobile PWA" spec (docs/superpowers/plans/2026-06-17-admin-mobile-pwa.md) is a PWA plan, not a native app. UNSUPPORTED (a public claim of a native mobile app; reality is a PWA spec).
Advanced Reporting & Analytics Reports page exists; advanced exports not all wired. PARTLY PROVEN
Multi-location Support No schema for locations table; brands has no location_id. UNSUPPORTED

5.3 "Planned" (page.tsx:51)

Item Evidence Label
SMS Campaigns Module already implemented at /api/ai/stop-blast-advisor and gated by sms_campaigns add-on. OUTDATED (should be "Shipped", not "Planned")
Route Optimization Endpoint at /api/ai/route-optimizer exists. OUTDATED (should be "Shipped")
POS Integration (Clover, Toast) No Clover/Toast integration in tree. PROVEN (still planned)
Customer Loyalty Program No code. PROVEN (still planned)

5.4 Roadmap affordances that don't work

docs/qa/audit-2026-06-25/ACCEPTANCE-CRITERIA.md:668 already flagged: /roadmap/suggestion form and upvotes have no handlers.

Label: MISLEADING (the page implies a working vote/suggest system).


6. Public docs (README.md, LAUNCH_CHECKLIST.md, docs/)

6.1 README.md

Promise Evidence Label
"Time Tracking" with PINs, Workers, Tasks (lines "Adding Workers / Adding Tasks / Notification Alerts") src/actions/time-tracking/field.ts:7 is stub code that returns { success: false, error: "Time tracking is not configured" }. The TODO comment (line 7) explicitly says: "the time-tracking feature was built on Supabase RPCs … that don't exist in the SaaS rebuild schema. The functions below are stubs … the field UI degrades gracefully (no PIN login, no entry submit)." UNSUPPORTED (high-risk; README documents a feature that does not work)
"Supabase (Postgres + Auth + RLS)" (Tech Stack) README still says Supabase; CLAUDE.md says we're on direct Postgres + Neon Auth. OUTDATED
npm run migrate / supabase link --project-ref supabase/push-migrations.js exists but CLAUDE.md says only the direct pg path is used; Supabase CLI branch is legacy. OUTDATED
dev_session cookie bypass — described as dev-only CLAUDE.md reinforces this. Code guard at src/lib/auth.ts:55 returns early in production unless PERF_TEST_AUTH=1. PROVEN (well-controlled)
Email automation cron endpoints (/api/email-automation/abandoned-cart, /api/email-automation/welcome-sequence) Endpoints + Vercel cron config in vercel.json. PROVEN

6.2 LAUNCH_CHECKLIST.md

Claim Evidence Label
"Social Proof ✓ Complete — FeaturesAndStats.tsx" FeaturesAndStats.tsx does not exist in src/components/landing/. OUTDATED
"Testimonials ✓ Complete — TestimonialsAndCTA.tsx" TestimonialsAndCTA.tsx does not exist. OUTDATED
"Guided Product Tour ✓ Complete — OnboardingFlow.tsx" OnboardingFlow.tsx does not exist. OUTDATED
"Referral Program ✓ Complete — src/app/api/referrals/route.ts, ReferralSystem.tsx" src/app/api/referrals/route.ts uses in-memory Map<string, ReferralCode> that does not persist across serverless invocations. ReferralSystem.tsx does not exist. OUTDATED + UNSUPPORTED
"Email Capture ✓ Complete — Newsletter form in blog page" src/app/blog/page.tsx does not have a working newsletter form (static post list). OUTDATED

6.3 docs/ADMIN_FUNCTIONALITY_CHECKLIST.md

Lists time-tracking admin features as testable. Combined with the stub status above, this is OUTDATED + UNSUPPORTED.


7. Public storefront / AI answers in product voice

7.1 Wholesale portal login — src/app/wholesale/login/page.tsx:156

"Google sign-in is available, but the wholesale portal is not yet wired up to it. Please use email + password for now."

Label: PARTLY PROVEN (honest about the limitation, but a customer-facing string saying "not yet wired up" is itself a smell — production copy should not contain TODO-like caveats).

7.2 Brand-specific FAQs — src/app/tuxedo/faq/FAQClientPage.tsx

Mostly verifiable (corn minimum 4 dozen, real phone number 970-323-6874). Label: PROVEN for Tuxedo-specific FAQ.

7.3 CLAUDE.md "AI answers" surfaced in admin copy

The product has 8 AI endpoints (/api/ai/{campaign-writer, customer-insights, demand-forecast, pricing-advisor, product-writer, report-explainer, route-optimizer, stop-blast-advisor}). Each returns a typed response. The admin UI at /admin/settings/ai describes them in product voice:

"Configure AI providers, keys, and preferences used by campaign writer, pricing advisor, report explainer, and other tools."

Evidence: All endpoints exist, but they require:

  1. Brand has get_ai_provider_settings row (BYO API key).
  2. The configured provider must be reachable from the server.
  3. The minimax provider is hard-coded into AIProviderPanel.tsx with model names like MiniMax-M3, MiniMax-M2.7, MiniMax-M2.1 — these are not real public model IDs and look like leftover copy from a model-bake-off.

Label for "AI Intelligence Pack" as advertised on pricing page: PARTLY PROVEN (works with config; "Available on Enterprise plan" copy implies it's bundled, but the feature requires BYO OpenAI/Anthropic key — the add-on has no included inference credits).

Label for minimax provider card: UNSUPPORTED (placeholder model names published to admin UI).


8. Risk-ranked list of fixes the user must approve

Top items, ranked by legal/customer-trust exposure × likelihood a real buyer will notice. Production copy changes require sign-off per the user contract.

Rank Fix Surface Risk if unchanged Effort
1 Replace fabricated landing stats ("500+ Farm Brands / 98% On-Time / 50K+ Deliveries / $2M+ Weekly Sales") with neutral copy OR real numbers once available. Remove from JSON-LD aggregateRating placeholder. src/components/landing/HeroSection.tsx, src/app/page.tsx HIGH — B2B procurement teams check public stats. XS
2 Pick one pricing source of truth. Reconcile src/lib/pricing.ts and src/lib/stripe-billing.ts. Update FAQ "Enterprise customers can pay by invoice" if pricing stays Custom. src/lib/pricing.ts, src/lib/stripe-billing.ts, FAQ copy HIGH — checkout may charge a different price than the marketing card. S
3 Remove "Two-Factor Authentication" from Changelog v1.9.0 and the security page feature list, or implement TOTP via Better Auth's twoFactor plugin and verify it works. src/app/changelog/page.tsx, src/app/security/page.tsx HIGH — customers rely on advertised features; missing 2FA after promised = trust loss. M
4 Strip SOC 2 / 99.9% uptime / quarterly pentest claims from security/page.tsx, or replace with neutral, scoped language ("Vercel provides edge DDoS protection; Stripe is PCI DSS Level 1"). src/app/security/page.tsx HIGH — regulatory/compliance exposure. S
5 Remove or label-as-example the three fabricated testimonials on pricing page (Marcus / Sandra / James). Keep the IRD ones (real quotes). src/app/pricing/PricingClientPage.tsx HIGH — fake named-person testimonials can violate FTC guidelines. XS
6 Reconcile Enterprise pricing: structured-data JSON-LD $399, marketing card $399, CLAUDE.md "Custom". Pick one. src/app/page.tsx, src/app/pricing/PricingClientPage.tsx, FAQ copy MEDIUM — Google snippets, sales-call confusion. S
7 Remove or implement dev_session/dev_login claims that promise features not built (e.g., "Not yet wired up to Google" line in wholesale login). src/app/wholesale/login/page.tsx MEDIUM — production copy with TODO language. XS
8 Replace MiniMax-M3 etc. in AIProviderPanel.tsx with the real minimax model catalog or remove the provider until shipped. src/components/admin/AIProviderPanel.tsx MEDIUM — admin sets a non-existent model; calls will 404. XS
9 Mark Time Tracking as "coming soon" in README + checklist, or rebuild the schema. README.md, docs/ADMIN_FUNCTIONALITY_CHECKLIST.md, src/actions/time-tracking/field.ts MEDIUM — docs promise a feature whose actions are stubs. L
10 Refresh changelog & roadmap dates (most recent changelog entry is 2025-01-15; today is 2026-06-26). Reclassify SMS Campaigns and Route Optimization as Shipped. src/app/changelog/page.tsx, src/app/roadmap/page.tsx LOW — perception of staleness. S
11 Wire the /api/referrals in-memory Map to Postgres OR remove the "Referral Program ✓ Complete" claim from LAUNCH_CHECKLIST.md. src/app/api/referrals/route.ts, LAUNCH_CHECKLIST.md LOW — feature currently advertised but non-functional. M
12 OG image: /og-default.jpg referenced by pricing/blog/contact but only /og-default.svg exists in public/. src/app/{pricing,blog,contact}/page.tsx, public/ LOW — broken preview cards in social shares. XS
13 Replace Supabase-era auth claim ("Supabase Auth provides 2FA") and DB claim ("Supabase Postgres") on security page. src/app/security/page.tsx LOWMEDIUM — outdated reference, but page is informational. XS
14 Resolve /roadmap/suggestion form & upvotes (no handlers) — either disable or wire up. src/app/roadmap/page.tsx LOW — UI affordance leads nowhere. S

9. Decisions needed from the user

  1. Replace or keep the landing hero stats? If keep, commit to a data source.
  2. Choose pricing source of truthpricing.ts (25% annual) or stripe-billing.ts (15% annual, Enterprise=Custom). Recommend: align on pricing.ts for marketing parity, set stripe-billing.ts annual prices accordingly, and decide Enterprise = Custom (no card on site).
  3. Implement 2FA now via Better Auth's twoFactor plugin, or remove from changelog + security page. Recommend: remove from copy; queue 2FA as a real ticket.
  4. Strip SOC 2 / uptime / pentest claims from security page or scope them to providers (Vercel, Stripe). Recommend: scope to providers; queue real compliance work.
  5. Strip fabricated named testimonials from pricing page. Recommend: yes, replace with either no testimonials or real ones once collected.
  6. Time Tracking: docs claim it works, actions are stubs. Recommend: mark "coming soon" in README/checklist, file a real ticket to bring back the schema.
  7. Roadmap & changelog: reclassify SMS Campaigns and Route Optimization as Shipped; refresh dates.
  8. OG image fix: rename og-default.svg to og-default.jpg, or generate a JPG. Recommend: rename references in metadata to /og-default.svg.
  9. Permission to apply any subset of the above in this session? If yes, which?

(Defaults below assume "yes, apply the safe ones; ask on anything that touches an invoice number.")