# Public Site Contract: Spec 403 Launch Readiness

This feature has no REST, GraphQL, Laravel, Filament, Livewire, Microsoft Graph, database, queue, job, policy, RBAC, or product runtime API contract.

The contract is the public static website behavior that reviewers and smoke tests must verify.

## Rendered Canonical Routes

The following German default routes must render intentionally and expose Tenantial-specific page content and metadata:

- `/`
- `/platform`
- `/pricing`
- `/contact`
- `/trust`
- `/legal`
- `/privacy`
- `/terms`
- `/imprint`
- `/welcome-to-docs/`
- `/guides/intro/`
- `/guides/getting-started/`
- `/guides/first-project-checklist/`
- `/platform/evidence-review/`

The following English route mirrors must render intentionally under `/en/...`:

- `/en/`
- `/en/platform`
- `/en/pricing`
- `/en/contact`
- `/en/trust`
- `/en/legal`
- `/en/privacy`
- `/en/terms`
- `/en/imprint`
- `/en/welcome-to-docs/`
- `/en/guides/intro/`
- `/en/guides/getting-started/`
- `/en/guides/first-project-checklist/`
- `/en/platform/evidence-review/`

## Redirect-Only Aliases

The following aliases must redirect intentionally to `/platform` and must not appear as canonical sitemap entries:

- `/product`
- `/products`
- `/services`
- `/blog`
- `/insights`

The English aliases must redirect intentionally to `/en/platform` and must not appear as canonical sitemap entries:

- `/en/product`
- `/en/products`
- `/en/services`
- `/en/blog`
- `/en/insights`

Current source behavior may use permanent or temporary redirects, but launch review must document which aliases are retained and why.

Current planning baseline:

- `/product`, `/products`, and `/services` use 301 redirects.
- `/blog` and `/insights` use 302 redirects.

## Static Generated Routes

The following static outputs must be available after build:

- `/robots.txt`
- `/sitemap-index.xml`
- generated sitemap child files such as `/sitemap-0.xml`
- `/manifest.json`
- `/favicon.ico`

`robots.txt` must point to `/sitemap-index.xml` for the configured public site URL.

## Metadata Contract

Each rendered canonical route must provide:

- Tenantial-specific page title
- Tenantial-specific page description
- route-appropriate canonical, Open Graph, and Twitter URL values
- German default and English alternate `hreflang` links, plus `x-default` pointing at German
- locale-appropriate Open Graph locale values
- existing social image URL and MIME/type metadata
- no ScrewFast, construction/hardware, template, TenantAtlas, TenantPilot, or TenantCTRL residue in public metadata
- no unsupported proof claims in title, description, Open Graph, Twitter, schema, or docs metadata

## CTA Contract

Every public CTA, navigation item, footer link, docs link, and visible form-like control must satisfy:

- resolves to an intentional route, anchor, static asset, or legitimate external URL
- no public `href="#"` placeholders
- demo/contact paths route to `/contact` or an intentional contact section
- localized public links remain in the current locale where a localized route exists
- no login, account creation, billing, checkout, backend submission, guaranteed provisioning, or app access implication unless implemented
- pricing CTAs remain contact/demo-oriented
- static form controls must not imply backend submission, guaranteed response, account creation, provisioning, or subscription workflow
- footer email/newsletter controls must be removed or reframed if no newsletter workflow exists

## Trust And Pricing Claim Contract

Public copy and metadata must avoid unsupported:

- SOC 2, ISO, or other certification claims
- Microsoft endorsement claims
- compliance guarantees
- recovery guarantees
- uptime guarantees
- fake customer logos
- fake testimonials
- fake "trusted by" claims
- self-serve billing, checkout, subscription, or entitlement claims
- production legal details left as explicit replacement placeholders

## Product Preview Contract

Static product previews must:

- be framed as illustrative, static, or demo content
- avoid implying live tenant data
- avoid internal Laravel/Filament implementation details
- avoid turning visual labels into product runtime taxonomy
- communicate meaning through text or labels, not color alone

## Browser And Accessibility Contract

Validated public routes must:

- avoid body-level horizontal overflow on representative desktop and mobile viewports
- keep primary navigation, CTAs, footer links, and visible controls keyboard reachable
- show visible focus states for interactive elements
- remain understandable with reduced motion
- keep primary content and links usable if JavaScript fails where reasonably possible for a static marketing site

## Launch Review Risk Register

Implementation should explicitly resolve or document these current source risks:

- Starlight child docs routes are public and indexed but not fully covered by current smoke route lists.
- Main-layout `og:url` and `twitter:url` are root-oriented rather than route-specific.
- Social image metadata may reference a missing or type-mismatched asset.
- `/imprint` contains placeholder production details.
- Contact form copy may imply a backend workflow that does not exist.
- Footer `Subscribe` wording may imply a newsletter workflow that does not exist.
- Source placeholder social links with `#` must not be emitted publicly.

## Scope Contract

Implementation and validation must not touch:

- `/Users/ahmeddarrazi/Documents/projects/wt-website/apps/platform`
- Laravel providers, migrations, policies, jobs, queues, database, Filament resources, Livewire components, Blade views, tenant/workspace/RBAC code, Microsoft Graph code, or AuditLog behavior

Scope proof command:

```bash
cd /Users/ahmeddarrazi/Documents/projects/wt-website && git status --short -- apps/platform
```