Prove the deployment guardrails without changing external state.

2026-06-03 local verification: npm run audit:growth passed 1068 checks after the proof freshness watch was added for stale blocker and recheck tracking.

Command output with passing check count, commit SHA, and clean git status after the build artifacts are regenerated.

Reads source, generated pages, and operational trackers only; does not touch production services.

Fix the missing growth-plan requirement before deploying or changing public growth decisions.

2026-06-03 local verification: npm run audit:launch passed 2323 checks after the proof freshness watch route, CSV, noindex header, and live-audit coverage were added.

Command output with passing check count after npm run build, plus confirmation that noindex, redirect, PDF, tracking, approval, and packet guards still pass.

Reads the generated dist output and configuration only; does not create leads, publish social posts, or touch merchant dashboards.

Fix the guardrail regression before pushing or deploying.

2026-06-03 local verification: npm run audit:worker passed 36 mocked KV and Resend checks.

Command output showing mocked KV and Resend checks for accepted opt-ins, consent queueing, unsubscribe suppression, and scheduled sender status changes.

Uses mocked KV and mocked Resend fetch calls; never writes production KV or sends real email.

Fix Worker lead, consent, follow-up, unsubscribe, or scheduled sender behavior before deploying Worker changes.

2026-06-03 local verification: npm run audit:gear passed 115 checks covering pending gear routes, approved-link requirements, and reactivity suppression.

Command output showing every gear offer has an internal redirect route, approved offers have HTTPS merchant URLs and real tracking IDs, pending routes stay paused, and reactivity games suppress gear CTAs.

Reads TypeScript data and generated dist pages only; does not open merchant dashboards, create affiliate links, or visit merchant URLs.

Fix gear approval fields, redirect pages, or reactivity suppression before activating any gear merchant link.

2026-06-03 after commit 8563d6f deployed: the first live audit saw broad deployment-window 502s across launch and growth ops routes, then npm run audit:live passed 645 checks against https://doggamefinder.com with the proof freshness watch live.

Command output with production URL, passing check count, route set, CSV noindex headers, paused redirect guardrails, and latest deployed commit context.

Fetches production pages and CSV files only; does not submit forms, request indexing, publish content, or change merchant links.

Treat failures as deployment or guardrail regressions; pause public changes until the affected route or header is fixed and the audit passes.

2026-06-03 10:30 CST after site commit 104ac8e: npm run audit:worker:live passed 39 no-write checks against the production Worker without creating a valid lead, real subscription, or Resend email.

Command output with Worker URL, passing check count, /health features, CORS guardrails, invalid email, honeypot, malformed JSON, oversized request, and unsubscribe missing-token results.

Uses invalid email, blocked origin, honeypot, and missing-token paths only; does not create an accepted lead or send Resend email.

Pause Worker or email-follow-up changes until production guardrails pass without valid lead creation.

2026-06-03 12:11 CST latest attempt: GitHub connector checks for commit workflow runs on commit 19af9f9 returned 404; the previous 11:07 CST attempt at commit 4943711 also remained unavailable, so authenticated Launch Audit proof remains required.

Authenticated workflow run URL, commit SHA, workflow name, conclusion, timestamp, latest attempt, and failing job log if the run is not green.

Read-only workflow evidence; a green workflow does not approve merchants, publish social posts, or prove analytics results.

Do not close the Actions visibility lane; rerun or inspect the failed job before treating the push as CI-verified.

2026-06-03 12:11 CST latest attempt: GitHub connector checks for commit workflow runs on commit 19af9f9 returned 404; the previous 11:07 CST attempt at commit 4943711 also remained unavailable, so authenticated Live Site Audit proof remains required.

Authenticated scheduled or manual run URL, production URL, conclusion, timestamp, latest attempt, and failing job log if the run is not green.

Read-only scheduled production fetch evidence; it does not replace merchant, evidence, publishing, GA4, or GSC proof.

Keep production monitoring unconfirmed until the workflow run is visible and green, or record the failed route and fix it.

2026-06-03 12:11 CST latest attempt: GitHub connector checks for commit workflow runs on commit 19af9f9 returned 404; the previous 11:07 CST attempt at commit 4943711 also remained unavailable, so authenticated Live Worker Audit proof remains required.

Authenticated scheduled or manual run URL, Worker URL, conclusion, timestamp, latest attempt, and failing job log if the run is not green.

Read-only/no-write Worker guardrail evidence; it checks negative paths and does not create valid leads.

Keep Worker monitoring unconfirmed until the workflow run is visible and green, or record the failed Worker guardrail and fix it.