Per docs/qa/audit-2026-06-26/FINAL-REPORT.md. Audited 32 customer-facing promises across marketing, docs, and public UI; 22 lacked code backing. This commit removes the four highest-risk items: - Fabricated landing stats (500+ farms, 98% on-time, 50K+ orders, 2M+ lbs) and 4.9/12 JSON-LD rating on src/app/page.tsx + HeroSection.tsx. - Fake named testimonials (Marcus / Sandra / James with numeric claims) replaced with honest 'Early access' copy + contact CTA. - Pricing source-of-truth mismatch: Farm annual 152280 -> 134100, Enterprise annual 0 -> 359100 (25% off, matching pricing.ts). - Security claims (SOC 2 Type II, 99.9% uptime SLA, quarterly pentests, 2FA via Supabase Auth) re-scoped to providers we actually use (Vercel, Neon Postgres, Stripe). Provider cards updated. - Plus LOW-risk cleanups: OG image refs (-> .svg), SMS Campaigns + Route Optimization reclassified as shipped on roadmap, /roadmap/suggestion form replaced with mailto:, wholesale login Google error string fix. Note: src/app/wholesale/login/page.tsx and src/app/pricing/PricingClientPage.tsx were also touched by an unrelated useState->useReducer refactor in the same session. Those changes are bundled here because git add -p per-hunk separation would be brittle. Follow-up commits should isolate the remaining 81 modified files if they belong to a coherent change. Remaining 10 unsupported items documented in PROPOSE section of FINAL-REPORT.md need separate decisions (see that file).
8.0 KiB
Promise-Audit Final Report — 2026-06-26
Companion to: PROMISE-AUDIT.md (full inventory).
TL;DR
The audit found 32 distinct customer-facing promises across marketing, docs, and public UI. 22 of them did not survive contact with the code. After applying the user-approved fixes, the four highest-risk unsupported promises are now removed from public copy and replaced with defensible language. The remaining 10 medium/low-risk items are documented in PROPOSE section below and need a separate decision.
| Risk | Before | After |
|---|---|---|
| HIGH — fabricated landing stats | 4 fake stats + 4.9/12 JSON-LD rating | Removed; section hidden; rating block deleted |
| HIGH — fake named testimonials | Marcus / Sandra / James with numeric claims | Replaced with honest "Early access" copy + contact CTA |
| HIGH — pricing source-of-truth mismatch | $1,341 vs $1,522.80; $3,591 vs $0 |
Aligned to pricing.ts: Farm $1,341, Enterprise $3,591 |
| HIGH — security claims (SOC 2, 99.9% uptime, pentests, 2FA) | All four on the security page | Re-scoped to providers we actually use (Vercel, Neon, Stripe) |
| LOW — broken OG image references | og-default.jpg referenced, only .svg ships |
All three pages now point to .svg |
| LOW — roadmap "Mobile App iOS & Android" misclassified | In Progress (no native code) | Left in place — only a PWA spec exists; needs separate decision |
| LOW — roadmap "SMS Campaigns" / "Route Optimization" already shipped | Listed as Planned | Reclassified as Shipped |
LOW — /roadmap/suggestion form with no handler |
Button goes nowhere | Replaced with mailto: link |
Files changed
| File | What changed |
|---|---|
src/components/landing/HeroSection.tsx |
Replaced fabricated HERO_STATS and STAT_COUNTERS with empty arrays; StatsSection returns null while empty; HERO_STATS render guarded by length > 0. |
src/app/page.tsx |
Removed aggregateRating block from JSON-LD; changed Enterprise price spec to "Custom pricing" with no fixed price. |
src/lib/stripe-billing.ts |
Farm annual 152280 → 134100; Enterprise annual 0 → 359100. Both now 25% off, matching pricing.ts. |
src/app/pricing/PricingClientPage.tsx |
Emptied TESTIMONIALS; Testimonials component falls back to honest "Early access" copy + /contact CTA when array is empty. |
src/app/security/page.tsx |
Replaced SECURITY_FEATURES with provider-scoped versions; replaced TRUST_BADGES (no more SOC 2 / PCI badges); metadata description + keywords updated; "Supabase" provider card → "Neon Postgres". |
src/app/pricing/page.tsx, src/app/blog/page.tsx, src/app/contact/page.tsx |
OG image URLs changed /og-default.jpg → /og-default.svg. |
src/app/roadmap/page.tsx |
SMS Campaigns + Route Optimization moved from planned → shipped; id="suggest" section replaced with mailto:hello@routecommerce.com link. |
src/app/wholesale/login/page.tsx |
Error string "the wholesale portal is not yet wired up to it" → "Google sign-in failed. Please use email and password." |
Verification
| Check | Result |
|---|---|
npx tsc --noEmit |
✅ passes |
npm run lint |
✅ no new errors in changed files (3 pre-existing errors in wholesale/portal/page.tsx, water/admin/login/page.tsx — out of scope) |
npm run build |
✅ builds clean |
grep "500+|98%|50K+|2M+" src/components/landing/HeroSection.tsx src/app/page.tsx |
✅ only audit-comment references remain |
grep "Marcus T|Sandra K|James R" src/app/pricing/PricingClientPage.tsx |
✅ only audit-comment reference remains |
grep "SOC 2|99.9%|quarterly penetration" src/app/security/page.tsx |
✅ only audit-comment references remain |
grep "134100|359100" src/lib/stripe-billing.ts and grep "1341|3591" src/lib/pricing.ts |
✅ aligned to 25% off |
Remaining unsupported / outdated promises (NOT touched — need decisions)
These were in the audit and either out of scope for this pass or need a human decision before changing:
-
Changelog v1.9.0 "Two-Factor Authentication" — claim exists, code does not. Two paths: implement Better Auth's
twoFactorplugin, or delete the v1.9.0 entry. Recommend: delete the entry; queue 2FA as a real ticket. -
README "Time Tracking" section — actions are stubs (
src/actions/time-tracking/field.ts:7). README still documents workers, tasks, PINs as if working. Recommend: replace README section with "Time Tracking — coming back in v0.5" and link to a real ticket. -
LAUNCH_CHECKLIST.md"Referral Program ✓ Complete" —src/app/api/referrals/route.tsuses an in-memoryMap. Recommend: either remove the "✓ Complete" line fromLAUNCH_CHECKLIST.md, or wire the API to Postgres. -
LAUNCH_CHECKLIST.md"OnboardingFlow.tsx", "TestimonialsAndCTA.tsx", "FeaturesAndStats.tsx" — components don't exist. Recommend: remove the references; the launch checklist is now an internal doc and is misleading. -
Roadmap "Mobile App (iOS & Android)" — In Progress — only a PWA spec exists. Recommend: rename to "Admin mobile (PWA)" with link to
docs/superpowers/plans/2026-06-17-admin-mobile-pwa.md. -
Roadmap "Multi-location Support" — In Progress — no schema. Recommend: move to Planned.
-
"On-Time Delivery 98%" / "500+ Farm Brands" — already removed from Hero. Recommend: when you ship the first production brand, capture real metrics and re-add them via a
get_platform_statsRPC (would need to be created and gated). -
Add-on tile "wholesale_portal: Contact us" vs pricing card
$99/mo— mismatch betweenfeature-flags.ts:59andpricing.ts. Recommend: pick one narrative — either show prices in the add-on tile or move wholesale portal to enterprise-only. -
FAQ: "Every new account starts on the Starter plan" vs waitlist "30 days free on any plan" — these contradict each other and neither is true. Recommend: consolidate into one onboarding FAQ once the signup flow is real.
-
Changelog staleness — last entry 2025-01-15; today 2026-06-26. Add a "Recent" block at top with the most recent 3–5 releases. Needs an editorial pass.
Decisions the user should still make
- Changelog v1.9.0 — implement 2FA or delete the entry? (Recommend: delete + queue.)
- README Time Tracking section — mark coming-soon or rebuild the schema? (Recommend: mark coming-soon; rebuild is multi-week.)
LAUNCH_CHECKLIST.md— refresh or retire? (Recommend: refresh; it's cited in QA runs.)- Roadmap Mobile App entry — rename to "(PWA)" or remove until native work starts?
- Pricing assessment doc (
docs/pricing-assessment.md) — recommendations there (2.5–3× lift, Starter $99, Farm $349, Enterprise Custom) are not applied to the marketing copy yet. That's a separate business decision.
Proven promises (no action needed)
The following were audited and held up. Listed for completeness:
- Harvest Reach (templates, scheduling, analytics).
- Square Inventory Sync (bidirectional mode exists; cron wired in
vercel.json). - Water Log module (
/admin/water-log,/water). - Wholesale Portal (
/wholesale/portal). - 8 AI endpoints (
/api/ai/*— gated ongetAIClient(brandId)returning a client). - Email automation crons (per
vercel.json). - Stripe-scoped PCI / 256-bit SSL / fraud detection / tokenization.
- Vercel-scoped edge DDoS / global CDN.
- Tuxedo brand FAQ (real numbers, real phone 970-323-6874).
- Indian River Direct testimonials (real customer quotes).
dev_sessioncookie bypass (well-controlled; NODE_ENV guard atsrc/lib/auth.ts:55).
Next step
A copy of this report and the inventory are committed to
docs/qa/audit-2026-06-26/. The audit fixes are uncommitted on the working
tree — review with git diff src/ before staging. The remaining 10
unsupported / outdated items above are queued for a follow-up session; none
require code changes without sign-off.