feat: trust pages + Brain UI polish + schema integrity for June 1 launch#93
Merged
thecelestialmismatch merged 3 commits intoMay 26, 2026
Merged
Conversation
added 2 commits
May 13, 2026 13:20
PUT and DELETE handlers now await params per Next.js 15 requirement.
params is Promise<{id}> not {id} directly.
Sprint 4 follow-up. Removes contradictions and credibility gaps the
audit flagged before the June 1 launch and June 5 client deadline.
Trust pages (resolve the local-only-vs-hosted contradiction):
- new /security route — data egress matrix (what leaves vs what stays
inside customer boundary), detection pattern SHA-256 integrity model
with verify command, compliance roadmap (SOC 2 Q4 2026, FIPS 140-3
Q1 2027, FedRAMP-equivalent Q2 2027), vulnerability disclosure policy
with safe harbor and 24h/90d SLA
- new /deployment-modes route — hosted trial vs self-hosted Docker vs
air-gapped, with DFARS 7012 / SC.3.177 / HIPAA / air-gap compliance
matrix and a 30-second decision flowchart. Hosted is clearly labeled
NOT for CUI/PHI
Pricing + schema.org integrity:
- fix layout.tsx JSON-LD — stale prices (Pro \$69) replaced with real
grid (Pro \$199, Growth \$499, Enterprise \$999, Agency \$2499, plus
the \$999 Audit Pack one-time SKU from the audit doc)
- drop "Kaelus endpoint" residue from FAQ JSON-LD and partners metadata
- pricing page placeholder traction ("2M+ scans / 500+ teams") replaced
with defensible facts (110 NIST controls, <10ms p95, 16 engines,
76,598 DIB orgs needing CMMC L2)
Brain AI UI/UX (was showing literal markdown + bland greeting):
- ReactMarkdown render for bot replies — bold, code, lists now display
- greeting frames product as "works offline" with 6 quick-action chips
visible from chat open (was hidden until first message)
- network-error fallback now names the offline-answerable topics so
users know what to retry
- "Local CMMC knowledge · works offline" capability badge in footer
Discoverability:
- sitemap.ts adds /security + /deployment-modes (priority 0.85)
- homepage footer + pricing footer wire Privacy/Terms/Security/Deployment
- blog post copy: last "Kaelus endpoint" residue replaced
Verification:
- npm run build: passing, both new routes prerendered static
- tsc --noEmit: clean
- npm run lint: warnings only (unused vars in pre-existing files)
- npm test: 138/138 passing
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
…eroSection snapshot Merging in 30+ main commits including BEAST UI v3.0 (steel/sky/cream palette, NavV3 + FooterV3, PlatformDashboard in hero, L99 live scanner + ROI calculator, HERMES agent roster, Day 3/7 email drip, SPRS dashboard widget, /sign-up 404 fix). Conflict resolution: - app/page.tsx, app/pricing/page.tsx → take main (new design system wins) - app/security/page.tsx → take ours (audit-aligned: data egress matrix, vulnerability disclosure SLA, FIPS roadmap; main's version was a shorter stub) - app/layout.tsx JSON-LD offers → manual merge: kept 4-tier pricing (Free / Pro $199 / Growth $499 / Enterprise $999) to mirror main's pricing page (no Agency tier), retained our Audit Pack $999 one-time SKU. Dropped Federal — pricing page no longer ships it. Footer injection: - components/layout/FooterV3.tsx: added /security to Resources column + bottom bar, /deployment-modes to Compliance column. Both dark and light variants. Snapshot: - components/landing/__tests__/__snapshots__/HeroSection.test.tsx.snap countdown drifted (170 → 168 days). Pre-existing fragile test using real-time `new Date()` — regenerated. Long-term fix is mocking Date in the test, deferred to a separate PR. Verification: - npm run build — passing, /security 485 B, /deployment-modes 485 B static - npm test — 449/449 passing (was 448/449 before snapshot update) - Brain UI markdown render, deployment-modes page, security page all rendered correctly against the new NavV3 + design-token palette
thecelestialmismatch
pushed a commit
that referenced
this pull request
May 26, 2026
…g doctrine Merging 10 commits of main (PRs #87-#93) into the Stage 0 branch. Main's work includes the BEAST UI v3 palette (#88), L99 demo+ROI+blog (#90), and the June 1 trust pages launch (#93). Doctrine takes precedence on every contested file; main's surface improvements are preserved everywhere they don't conflict with HERMES doctrine. Conflict resolutions: - BACKLOG.md, CLAUDE.md, pricing/page.tsx → kept --ours (HERMES doctrine, $499 lead, RPO channel, Mode A/B/C architecture honesty are non-negotiable per the 2026-05-26 pivot in DECISIONS.md) - app/page.tsx → kept --theirs (main rebuilt with NavV3/FooterV3, DeploymentModes component, FaqAccordion, scroll effects) THEN edited the PRICING block to align with doctrine: * Replaced 5-tier PRICING array (Free / Pro $199 / Growth $499 / Enterprise $999 / Federal $2,499) with a single LEAD_PRODUCT constant for the $499 one-time CMMC AI Risk Report * Replaced 5-card pricing grid with a focused single-card CTA section * Section CTA links to /pricing for the Stage 2 subscription tier table * Subtitle now reads "A $499 PO bypasses procurement. Subscriptions don't. Lead with the report, graduate to monitoring in Stage 2." - app/security/page.tsx (add/add) → kept --ours (HERMES version has 23 Mode-A/B/C/Vercel/FedRAMP/Brain-AI doctrine hits vs 2 in main's; ours is the security-team-grade page the doctrine requires) - components/GlobalChat.tsx → merged: kept main's nicer markdown-formatted greeting structure (instant-answer bullets, quick-action prompt) but rewrote the greeting copy to lead with "public information assistant" framing, list the three deployment modes, and include the ⚠ CUI warning paragraph at the bottom. The consent-modal gate, persistent banner, and doctrine-aligned system prompt (committed in 2e5f7ba) are preserved. - tasks/todo.md → merged: kept HERMES Stage 1/2/3 structure (HEAD), folded in main's done items (Supabase 010+011 migrations applied 2026-05-13 moved from blockers to a checked-off line) and main's "in-app coverage map shipped PR #77" line was merged into the Stage 2 section with a note pointing at ~/.claude/plans/stage-2-subscription-surface.md for the follow-up work. Killed "C3PAO white-label dashboard MVP (rebrandable)" per doctrine — replaced with Stage 3 read-only assessor view. Verification: - npx tsc --noEmit: 0 errors - npm run build: green, all routes prerender - grep for remaining conflict markers: only in archived legacy system_prompt_leaks files (literal content, not git markers) What survives from main that's worth flagging: - DeploymentModes landing component (components/landing/DeploymentModes.tsx) was already aligned with HERMES doctrine (Mode A non-CUI, Mode B Docker CUI-safe, Mode C air-gapped). No edit needed there. - ScannerDemo, RoiCalculator, CountdownTimer, FaqAccordion — main's polish components are now live in the homepage. - Supabase migrations 010 + 011 are already in prod (resolves a Stage 0 blocker line in tasks/todo.md).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sprint 4 follow-up. Resolves the credibility-killer contradictions the audit doc surfaced before the June 1 launch / June 5 client deadline.
The single highest-leverage problem the audit identified — "local-only marketing claim contradicted by hosted endpoint in docs" — is now answered on a dedicated
/deployment-modespage with a compliance matrix any C3PAO can read in 30 seconds. The second — "no public security trust page, no SOC 2 timeline, no vulnerability disclosure" — answered on/security.What ships
Trust pages (resolves local-only vs hosted contradiction)
/security— public security & trust page/deployment-modes— public deployment guidePricing + schema.org integrity
app/layout.tsxJSON-LD: stale prices (Pro $69, Growth $199, Enterprise $499) replaced with real grid (Pro $199, Growth $499, Enterprise $999, Agency $2499, + Audit Pack $999 one-time from the audit doc). AI search engines (Perplexity, ChatGPT, Claude, Gemini) read this — broken offers in schema hurt citations.Brain AI UI/UX (per primer.md — "trouble connecting" issue)
ReactMarkdownrendering for bot replies (was literal**bold**in the FAQ answers)Discoverability
sitemap.tsadds/security+/deployment-modesat priority 0.85<span>for Security/Privacy/Terms)Decision filter (from the operating prompt)
Every change passes the four-question filter:
/securityis the evidence for AT.2.056, AU.2.041, CA.3.162, MP.2.120, SC.3.177.Verification
npm run build— passing, both new routes prerendered static (/security486 B,/deployment-modes486 B)./node_modules/.bin/tsc --noEmit— cleannpm run lint— warnings only (pre-existing unused vars, not in changed files)npm test— 138 passed, 0 failedSecret / leak audit
Ran
git ls-files | xargs grep -lE '(sk-[a-zA-Z0-9]{20,}|sk_live_|AKIA|ghp_|xoxb-|AIza|eyJ...)'across the tracked tree. Three matches:app/demo/page.tsx:106—sk-proj-abc123xyz456...(demo sample prompt, clearly fake)components/dashboard/live-scanner.tsx:57—AKIAIOSFODNN7EXAMPLE(AWS canonical example key)lib/gateway/providers/index.ts:234— comment aboutsk-proj-formatAll three are example/demo strings with
EXAMPLEmarkers..gitignorecovers.env*,*.key,*.pem,secrets.json,credentials.json,service-account*.json. Only.env.exampleis tracked.Real secret leaks: 0.
Test plan
/securityon the Vercel preview and confirm data egress / compliance roadmap / disclosure sections render in dark mode/deployment-modesand confirm the compliance matrix table is readable on mobile (640px min-width)<script type="application/ld+json">has the new offers (Pro $199, not $69, plus Audit Pack $999)/pricingand confirm footer has 4 real links (Privacy/Terms/Security/Deployment)/sitemap.xmland confirm/securityand/deployment-modesare listedOut of scope (next PRs)
houndshield/proxy:latest— referenced from/deployment-modes, needs CI workflow