# 08E Final Paid Launch QA

Verdict: QA_NO_GO

Reviewed at: 2026-05-29 UTC
Domain: https://aieditorrsp.net
Scope: production only, final paid launch QA after compliance/payment/auth work

## Bottom line

Do not launch paid production yet.

Production has several GO items: core routes are 200, `/api/credits` reports `paid_enabled=true`, anonymous checkout correctly redirects to Google auth, Google OAuth redirect starts correctly, webhook endpoint exists, unsafe prompts are blocked before provider validation, and checkout code is inspectable with Stripe automatic tax / billing address / tax ID collection.

But QA remains NO_GO because production legal pages still contradict paid launch state, pricing/header/footer visual repairs are not stable, mobile editor layout is visibly broken, and homepage performance misses the launch threshold badly.

## Verdict gates

| Area | Status | Evidence |
|---|---:|---|
| Route 200 smoke | GO | `/`, editor, SEO pages, pricing, legal pages, `robots.txt`, `sitemap.xml`, `/api/credits`, `/api/health`, `/api/prompt-templates` all returned 200. `/api/webhooks/stripe` returned 405 to GET/HEAD, which confirms endpoint exists and does not expose GET. |
| SEO metadata regression | GO with note | Production pages have title, meta description, canonical, and single H1. Core pages include JSON-LD. Support/legal pages have 0 JSON-LD, acceptable unless required by SEO gate. |
| Paid state / credits | GO | `/api/credits` returned anonymous free plan, `daily_limit:2`, `free_remaining:2`, `paid_enabled:true`, checkout links for monthly/yearly/credit_pack. |
| Auth redirect | GO | `/api/auth/login?return_to=/pricing` returns 302 to Google OAuth with callback `https://aieditorrsp.net/api/auth/callback/google` and secure HttpOnly state cookie. |
| Anonymous checkout redirect | GO | `/api/checkout/stripe?plan=monthly/yearly/credit_pack` returns 302 to `/api/auth/login?return_to=...`. |
| Stripe Checkout config inspectable | CODE_GO | Source route sets `automatic_tax[enabled]=true`, `billing_address_collection=required`, `tax_id_collection[enabled]=true`. Authenticated Stripe redirect was not end-to-end tested because no authenticated test account/session was available and real payment is not allowed. |
| Webhook endpoint | GO | `/api/webhooks/stripe` exists and returns 405 for non-webhook method. Source verifies `stripe-signature` before processing. |
| Unsafe prompt block | GO | POST `/api/generate-image` with unsafe prompt returned 400 `UNSAFE_PROMPT_BLOCKED` before image/provider path. |
| Successful generation credit deduction | NOT_TESTED | No authenticated test account/session was available. Source shows credits are committed only after fal result success; production E2E successful generation was not run to avoid consuming provider/credits without a test account. |
| Header/footer design repair | NO_GO | Browser visual QA on `/pricing` shows header nav concatenated/clipped and footer legal links concatenated/clipped. |
| Inner page visual consistency | NO_GO | `/pricing` layout has misaligned pricing grid, awkward empty/white artifact area, duplicate billing CTA after footer, and implementation-style copy. `/ai-photo-prompt-editor` mobile shows two competing editor designs and cramped top UI. |
| Responsive/mobile | NO_GO | 390px editor header is clipped, no usable hamburger, tap targets are cramped, top editor controls/output are unreadable/overlapped by floating icons. |
| Hydration/load/console | NO_GO | Browser console captured repeated `cdn.tailwindcss.com should not be used in production` warnings and 10 blank JS exceptions during browsing. Owner-observed visual jump is consistent with the page mixing legacy/static editor modules with newer live editor sections. |
| Performance | NO_GO | Lighthouse homepage: Performance 56, LCP 17.3s, CLS 0, Accessibility 96, Best Practices 100, SEO 100. Launch threshold Performance >=80 / LCP <2.5s not met. |

## Blocking findings

### P0-1: Production legal copy still contradicts paid-enabled state

Production scan found stale disabled-plan / paid-disabled copy:

- `/privacy`: contains `paid checkout is disabled`.
- `/terms`: contains `PRO — PLANNED / DISABLED` and `CREDIT PACK — PLANNED / DISABLED`.
- `/refund`: contains `paid checkout is disabled`.

This directly conflicts with `/api/credits` reporting `paid_enabled:true`, live Google OAuth, and checkout routes for monthly/yearly/credit_pack.

### P0-2: Pricing page header/footer repair is not fixed in production

Visual QA on `/pricing` desktop found:

- Header logo starts at viewport edge / clipped.
- Nav labels visually concatenate as `EditorLibraryPricingContact`.
- Header CTA appears clipped (`Open Edit...`).
- Footer legal links concatenate as `Privacy PolicyTerms of ServiceCookie PolicyRefund PolicyContact Supp...`.
- Billing CTA block appears after footer/legal area, which feels structurally wrong.

This fails the explicit owner note to verify header/footer design repair remains fixed.

### P0-3: Mobile editor page is not production usable at 390px

Visual QA on `/ai-photo-prompt-editor` at 390px found:

- Header text/links are cramped and clipped; no visible hamburger/menu.
- Top editor module is desktop UI squeezed into mobile: small controls, unreadable generated prompt output, cramped buttons, tiny checkboxes/dropdowns.
- Floating right-side icons overlap important form controls.
- Page visibly jumps between legacy/static top editor and newer live editor lower down, making the route look stitched together.

The lower live editor section itself is more usable, but the route as a whole fails responsive QA.

### P1-1: Pricing page visual/copy polish is still not launch-grade

Observed on `/pricing`:

- Pricing card grid is misaligned with awkward spacing and tall empty areas.
- CTA labels differ between cards and bottom billing module (`Upgrade to Pro` vs `PRO MONTHLY`, `Select Annual` vs `PRO YEARLY`).
- Customer-facing copy still says `Private preview`, `limited testing through fal`, `Provider enabled for limited preview`, which reads like an internal rollout note.
- Free plan uses `$0/day`, which is awkward for a pricing page.

### P1-2: Console/production asset warnings

Browser console captured repeated production warnings:

```text
cdn.tailwindcss.com should not be used in production
```

The browser also captured 10 blank JS exceptions while navigating/test viewing. Needs root-cause check before launch.

### P1-3: Performance below launch threshold

Lighthouse homepage result:

```json
{
  "performance": 56,
  "accessibility": 96,
  "bestPractices": 100,
  "seo": 100,
  "lcp": "17.3 s",
  "cls": "0"
}
```

This fails the site QA threshold: Performance >=80 and LCP <2.5s.

## Passing evidence

### HTTP route smoke

All required production content routes returned 200:

- `/`
- `/ai-photo-prompt-editor`
- `/chatgpt-photo-editing-prompts`
- `/ai-photo-editing-prompts`
- `/prompt-library`
- `/pricing`
- `/privacy`
- `/terms`
- `/cookie-policy`
- `/refund`
- `/contact`
- `/robots.txt`
- `/sitemap.xml`

API routes:

- `/api/credits`: 200
- `/api/health`: 200
- `/api/prompt-templates`: 200
- `/api/webhooks/stripe`: 405 for GET/HEAD, endpoint present

### API/payment/auth checks

`/api/credits`:

```json
{
  "authenticated": false,
  "plan": "free",
  "daily_limit": 2,
  "free_remaining": 2,
  "paid_remaining": 0,
  "remaining": 2,
  "paid_enabled": true,
  "checkout": {
    "monthly": "/api/checkout/stripe?plan=monthly",
    "yearly": "/api/checkout/stripe?plan=yearly",
    "credit_pack": "/api/checkout/stripe?plan=credit_pack"
  }
}
```

Auth login:

- `GET /api/auth/login?return_to=/pricing` returns 302 to Google OAuth.
- Sets `aieditorrsp_oauth_state` with `HttpOnly; Secure; SameSite=Lax`.

Anonymous checkout:

- `GET /api/checkout/stripe?plan=monthly` returns 302 to `/api/auth/login?return_to=%2Fapi%2Fcheckout%2Fstripe%3Fplan%3Dmonthly`.
- Same behavior verified for yearly and credit pack.

Unsafe prompt:

```json
{"ok":false,"code":"UNSAFE_PROMPT_BLOCKED","message":"This request matches a blocked safety category."}
```

HTTP 400. This happens before image/provider validation.

Safe prompt without image:

```json
{"ok":false,"code":"IMAGE_REQUIRED","message":"Upload a JPG, PNG, or WebP source image before generating."}
```

HTTP 400. This verifies validation path without consuming provider/credits.

## Artifacts

- `/root/projects/aieditorrsp/08e-final-paid-launch-qa.md`
- `/root/projects/aieditorrsp/reports/08e-api-checks.txt`
- `/root/projects/aieditorrsp/reports/08e-production-http-seo-scan.txt`
- `/root/projects/aieditorrsp/reports/08e-lighthouse-home.json`
- `/root/projects/aieditorrsp/reports/08e-lighthouse-summary.txt`
- Browser screenshot evidence:
  - `/root/.hermes/profiles/motest/cache/screenshots/browser_screenshot_3d775cf052a64d359bd2a8594decca8e.png` (`/pricing` desktop)
  - `/root/.hermes/profiles/motest/cache/screenshots/browser_screenshot_c5bbc77daeaa4703b61a707382d57bd2.png` (`/ai-photo-prompt-editor` mobile 390px)
  - `/root/.hermes/profiles/motest/cache/screenshots/browser_screenshot_843b60ac8cf34a9285d9c018daa18d33.png` (homepage desktop)

## Required fixes before QA_GO

1. Remove remaining disabled/plan-disabled copy from `/privacy`, `/terms`, `/refund`, and make legal copy match live paid/auth/credit behavior.
2. Repair `/pricing` header and footer spacing/clipping/concatenation.
3. Rework `/pricing` card layout and move/merge bottom billing CTA into a coherent pre-footer flow.
4. Fix 390px `/ai-photo-prompt-editor` responsive layout: mobile header/menu, stacked editor controls, readable generated prompt, no overlapping floating icons, no duplicate competing editor systems.
5. Remove production `cdn.tailwindcss.com` runtime usage and investigate blank JS exceptions.
6. Improve homepage LCP/performance to meet launch threshold.
7. If a test Google account/session is available, run authenticated checkout-to-Stripe redirect and successful generation credit deduction E2E in test mode only.

## Final result

QA_NO_GO