bb349e42f5
Per docs/qa/audit-2026-06-26/FINAL-REPORT.md. Audited 32 customer-facing promises across marketing, docs, and public UI; 22 lacked code backing. This commit removes the four highest-risk items: - Fabricated landing stats (500+ farms, 98% on-time, 50K+ orders, 2M+ lbs) and 4.9/12 JSON-LD rating on src/app/page.tsx + HeroSection.tsx. - Fake named testimonials (Marcus / Sandra / James with numeric claims) replaced with honest 'Early access' copy + contact CTA. - Pricing source-of-truth mismatch: Farm annual 152280 -> 134100, Enterprise annual 0 -> 359100 (25% off, matching pricing.ts). - Security claims (SOC 2 Type II, 99.9% uptime SLA, quarterly pentests, 2FA via Supabase Auth) re-scoped to providers we actually use (Vercel, Neon Postgres, Stripe). Provider cards updated. - Plus LOW-risk cleanups: OG image refs (-> .svg), SMS Campaigns + Route Optimization reclassified as shipped on roadmap, /roadmap/suggestion form replaced with mailto:, wholesale login Google error string fix. Note: src/app/wholesale/login/page.tsx and src/app/pricing/PricingClientPage.tsx were also touched by an unrelated useState->useReducer refactor in the same session. Those changes are bundled here because git add -p per-hunk separation would be brittle. Follow-up commits should isolate the remaining 81 modified files if they belong to a coherent change. Remaining 10 unsupported items documented in PROPOSE section of FINAL-REPORT.md need separate decisions (see that file).
141 lines
8.0 KiB
Markdown
141 lines
8.0 KiB
Markdown
# Promise-Audit Final Report — 2026-06-26
|
||
|
||
**Companion to:** [`PROMISE-AUDIT.md`](./PROMISE-AUDIT.md) (full inventory).
|
||
|
||
## TL;DR
|
||
|
||
The audit found **32 distinct customer-facing promises** across marketing, docs,
|
||
and public UI. **22 of them did not survive contact with the code**. After
|
||
applying the user-approved fixes, the four highest-risk unsupported promises
|
||
are now removed from public copy and replaced with defensible language. The
|
||
remaining 10 medium/low-risk items are documented in PROPOSE section below
|
||
and need a separate decision.
|
||
|
||
| Risk | Before | After |
|
||
|---|---|---|
|
||
| **HIGH** — fabricated landing stats | 4 fake stats + 4.9/12 JSON-LD rating | Removed; section hidden; rating block deleted |
|
||
| **HIGH** — fake named testimonials | Marcus / Sandra / James with numeric claims | Replaced with honest "Early access" copy + contact CTA |
|
||
| **HIGH** — pricing source-of-truth mismatch | `$1,341` vs `$1,522.80`; `$3,591` vs `$0` | Aligned to `pricing.ts`: Farm $1,341, Enterprise $3,591 |
|
||
| **HIGH** — security claims (SOC 2, 99.9% uptime, pentests, 2FA) | All four on the security page | Re-scoped to providers we actually use (Vercel, Neon, Stripe) |
|
||
| **LOW** — broken OG image references | `og-default.jpg` referenced, only `.svg` ships | All three pages now point to `.svg` |
|
||
| **LOW** — roadmap "Mobile App iOS & Android" misclassified | In Progress (no native code) | Left in place — only a PWA spec exists; **needs separate decision** |
|
||
| **LOW** — roadmap "SMS Campaigns" / "Route Optimization" already shipped | Listed as Planned | Reclassified as Shipped |
|
||
| **LOW** — `/roadmap/suggestion` form with no handler | Button goes nowhere | Replaced with `mailto:` link |
|
||
|
||
## Files changed
|
||
|
||
| File | What changed |
|
||
|---|---|
|
||
| `src/components/landing/HeroSection.tsx` | Replaced fabricated `HERO_STATS` and `STAT_COUNTERS` with empty arrays; `StatsSection` returns `null` while empty; HERO_STATS render guarded by `length > 0`. |
|
||
| `src/app/page.tsx` | Removed `aggregateRating` block from JSON-LD; changed Enterprise price spec to "Custom pricing" with no fixed `price`. |
|
||
| `src/lib/stripe-billing.ts` | Farm annual 152280 → 134100; Enterprise annual 0 → 359100. Both now 25% off, matching `pricing.ts`. |
|
||
| `src/app/pricing/PricingClientPage.tsx` | Emptied `TESTIMONIALS`; `Testimonials` component falls back to honest "Early access" copy + `/contact` CTA when array is empty. |
|
||
| `src/app/security/page.tsx` | Replaced `SECURITY_FEATURES` with provider-scoped versions; replaced `TRUST_BADGES` (no more SOC 2 / PCI badges); metadata description + keywords updated; "Supabase" provider card → "Neon Postgres". |
|
||
| `src/app/pricing/page.tsx`, `src/app/blog/page.tsx`, `src/app/contact/page.tsx` | OG image URLs changed `/og-default.jpg` → `/og-default.svg`. |
|
||
| `src/app/roadmap/page.tsx` | SMS Campaigns + Route Optimization moved from `planned` → `shipped`; `id="suggest"` section replaced with `mailto:hello@routecommerce.com` link. |
|
||
| `src/app/wholesale/login/page.tsx` | Error string "the wholesale portal is not yet wired up to it" → "Google sign-in failed. Please use email and password." |
|
||
|
||
## Verification
|
||
|
||
| Check | Result |
|
||
|---|---|
|
||
| `npx tsc --noEmit` | ✅ passes |
|
||
| `npm run lint` | ✅ no new errors in changed files (3 pre-existing errors in `wholesale/portal/page.tsx`, `water/admin/login/page.tsx` — out of scope) |
|
||
| `npm run build` | ✅ builds clean |
|
||
| `grep "500+\|98%\|50K+\|2M+" src/components/landing/HeroSection.tsx src/app/page.tsx` | ✅ only audit-comment references remain |
|
||
| `grep "Marcus T\|Sandra K\|James R" src/app/pricing/PricingClientPage.tsx` | ✅ only audit-comment reference remains |
|
||
| `grep "SOC 2\|99.9%\|quarterly penetration" src/app/security/page.tsx` | ✅ only audit-comment references remain |
|
||
| `grep "134100\|359100" src/lib/stripe-billing.ts` and `grep "1341\|3591" src/lib/pricing.ts` | ✅ aligned to 25% off |
|
||
|
||
## Remaining unsupported / outdated promises (NOT touched — need decisions)
|
||
|
||
These were in the audit and either out of scope for this pass or need a
|
||
human decision before changing:
|
||
|
||
1. **Changelog v1.9.0 "Two-Factor Authentication"** — claim exists, code does
|
||
not. Two paths: implement Better Auth's `twoFactor` plugin, **or** delete
|
||
the v1.9.0 entry. **Recommend:** delete the entry; queue 2FA as a real
|
||
ticket.
|
||
|
||
2. **README "Time Tracking" section** — actions are stubs
|
||
(`src/actions/time-tracking/field.ts:7`). README still documents
|
||
workers, tasks, PINs as if working. **Recommend:** replace README
|
||
section with "Time Tracking — coming back in v0.5" and link to a real
|
||
ticket.
|
||
|
||
3. **`LAUNCH_CHECKLIST.md` "Referral Program ✓ Complete"** —
|
||
`src/app/api/referrals/route.ts` uses an in-memory `Map`. **Recommend:**
|
||
either remove the "✓ Complete" line from `LAUNCH_CHECKLIST.md`, or wire
|
||
the API to Postgres.
|
||
|
||
4. **`LAUNCH_CHECKLIST.md` "OnboardingFlow.tsx", "TestimonialsAndCTA.tsx",
|
||
"FeaturesAndStats.tsx"** — components don't exist. **Recommend:** remove
|
||
the references; the launch checklist is now an internal doc and is
|
||
misleading.
|
||
|
||
5. **Roadmap "Mobile App (iOS & Android)" — In Progress** — only a PWA spec
|
||
exists. **Recommend:** rename to "Admin mobile (PWA)" with link to
|
||
`docs/superpowers/plans/2026-06-17-admin-mobile-pwa.md`.
|
||
|
||
6. **Roadmap "Multi-location Support" — In Progress** — no schema. **Recommend:**
|
||
move to Planned.
|
||
|
||
7. **"On-Time Delivery 98%" / "500+ Farm Brands"** — already removed from
|
||
Hero. **Recommend:** when you ship the first production brand, capture
|
||
real metrics and re-add them via a `get_platform_stats` RPC (would need
|
||
to be created and gated).
|
||
|
||
8. **Add-on tile "wholesale_portal: Contact us" vs pricing card `$99/mo`** —
|
||
mismatch between `feature-flags.ts:59` and `pricing.ts`. **Recommend:**
|
||
pick one narrative — either show prices in the add-on tile or move
|
||
wholesale portal to enterprise-only.
|
||
|
||
9. **FAQ: "Every new account starts on the Starter plan" vs waitlist
|
||
"30 days free on any plan"** — these contradict each other and neither
|
||
is true. **Recommend:** consolidate into one onboarding FAQ once the
|
||
signup flow is real.
|
||
|
||
10. **Changelog staleness** — last entry 2025-01-15; today 2026-06-26. Add
|
||
a "Recent" block at top with the most recent 3–5 releases. Needs an
|
||
editorial pass.
|
||
|
||
## Decisions the user should still make
|
||
|
||
- **Changelog v1.9.0** — implement 2FA or delete the entry? (Recommend:
|
||
delete + queue.)
|
||
- **README Time Tracking section** — mark coming-soon or rebuild the
|
||
schema? (Recommend: mark coming-soon; rebuild is multi-week.)
|
||
- **`LAUNCH_CHECKLIST.md`** — refresh or retire? (Recommend: refresh; it's
|
||
cited in QA runs.)
|
||
- **Roadmap Mobile App entry** — rename to "(PWA)" or remove until native
|
||
work starts?
|
||
- **Pricing assessment doc** (`docs/pricing-assessment.md`) — recommendations
|
||
there (2.5–3× lift, Starter $99, Farm $349, Enterprise Custom) are not
|
||
applied to the marketing copy yet. That's a separate business decision.
|
||
|
||
## Proven promises (no action needed)
|
||
|
||
The following were audited and held up. Listed for completeness:
|
||
|
||
- Harvest Reach (templates, scheduling, analytics).
|
||
- Square Inventory Sync (bidirectional mode exists; cron wired in
|
||
`vercel.json`).
|
||
- Water Log module (`/admin/water-log`, `/water`).
|
||
- Wholesale Portal (`/wholesale/portal`).
|
||
- 8 AI endpoints (`/api/ai/*` — gated on `getAIClient(brandId)` returning a
|
||
client).
|
||
- Email automation crons (per `vercel.json`).
|
||
- Stripe-scoped PCI / 256-bit SSL / fraud detection / tokenization.
|
||
- Vercel-scoped edge DDoS / global CDN.
|
||
- Tuxedo brand FAQ (real numbers, real phone 970-323-6874).
|
||
- Indian River Direct testimonials (real customer quotes).
|
||
- `dev_session` cookie bypass (well-controlled; NODE_ENV guard at
|
||
`src/lib/auth.ts:55`).
|
||
|
||
## Next step
|
||
|
||
A copy of this report and the inventory are committed to
|
||
`docs/qa/audit-2026-06-26/`. The audit fixes are uncommitted on the working
|
||
tree — review with `git diff src/` before staging. The remaining 10
|
||
unsupported / outdated items above are queued for a follow-up session; none
|
||
require code changes without sign-off. |