# AI Editor RSP — Compliance Final Recheck After Deploy

- Task: t_586c83e4
- Role: 墨盾 Compliance Final Recheck
- Production URL: https://aieditorrsp.net
- Repo: /root/projects/aieditorrsp
- Checked at: 2026-06-03T08:18:35Z
- Scope: read-only production + source review for paid/provider/credits/login/pricing/legal wording consistency
- Legal note: operational compliance review only, not formal legal advice.

## Verdict

COMPLIANCE_NO_GO

The hero first-screen compliance constraint is mostly satisfied: Account Credits, Login with Google, Pro buttons, and hard-coded free quota are no longer visible in the homepage hero first screen. However, production still has material launch-blocking inconsistencies around paid checkout, provider state, OAuth login, credits, pricing, and legal disclosures.

## P0 blockers

### P0-1 — Pricing/legal pages claim paid checkout is live, but production login/checkout is not usable

Evidence:
- Production `/pricing` visible text says: “Paid plans start from Google login and continue to Stripe Checkout with tax shown before payment confirmation.”
- Production `/pricing` visible text says: “LIVE BILLING”.
- Production billing disclosure says: “Paid checkout, subscriptions, and credit packs are live for authenticated users.”
- Source: `src/components/StitchStudio.tsx:195-199` renders the live billing disclosure globally into pricing and policy pages via `BillingDisclosure`.
- Source: `src/components/PublicPages.tsx:69` renders `CreditAccountPanel context="pricing"`, which labels the section as `Live billing`.
- Production curl to `/api/checkout/stripe?plan=monthly` follows to Google OAuth error `redirect_uri_mismatch` for `https://aieditorrsp.net/api/auth/callback/google`.
- Production curl to `/api/auth/login?return_to=/ai-photo-prompt-editor` also follows to the same Google OAuth `redirect_uri_mismatch` page.

Risk:
- Users are told paid checkout is live, but the account flow fails before checkout.
- This is a consumer-payment disclosure mismatch and can create support/chargeback/trust risk.

Required fix:
- Until OAuth + Stripe Checkout + tax + receipt + entitlement are production-verified end-to-end, replace “live billing” wording with “planned / disabled / preview mode”.
- Disable or de-emphasize direct Pro monthly/yearly/credit-pack checkout links if login is not production-ready.
- Fix Google OAuth redirect URI configuration before any “live checkout” claim.

### P0-2 — API reports `paid_enabled: true` while legal/product copy says provider or paid state is not fully proven

Evidence:
- Production `/api/credits` returned:
  `{"authenticated":false,"plan":"free","daily_limit":2,"free_remaining":2,"paid_remaining":0,"remaining":2,"paid_enabled":true,"checkout":{"monthly":"/api/checkout/stripe?plan=monthly","yearly":"/api/checkout/stripe?plan=yearly","credit_pack":"/api/checkout/stripe?plan=credit_pack"}}`
- Source: `src/app/api/credits/route.ts:6-12` sets `paidEnabled` solely from existence of Stripe price envs + DB, not from end-to-end verified OAuth/checkout readiness.
- Production checkout/login currently fails with OAuth redirect mismatch.

Risk:
- UI and API expose paid checkout as available when a critical prerequisite is broken.
- This undermines the compliance requirement from the input brief: “若 provider/Stripe/DB/login 未全部生产验证：不要写 live billing、checkout live、paid checkout live”.

Required fix:
- Gate `paid_enabled` on a real launch flag or verified operational readiness, not only env var presence.
- If preview mode, return `paid_enabled:false` and `checkout:null`, or return a clear disabled reason.

### P0-3 — Provider/credits copy is still not consistently preview-safe

Evidence:
- Homepage first screen is improved and says “checked on generate” / “Generate edit”; it no longer shows first-screen account/paid buttons.
- But homepage below the fold says: “Download high-resolution exports or copy the reusable prompt recipe for rapid reuse.” Source: `src/components/StitchStudio.tsx:157-163`.
- `ProductPreviewEditor` success state says: “The provider returned an image and one credit was accounted for.” Source: `src/components/ProductPreviewEditor.tsx:74-80`.
- `generate-image` backend has explicit `PROVIDER_NOT_CONFIGURED` branches if provider secrets are absent (`src/app/api/generate-image/route.ts:269-299`), but production marketing copy does not clearly present a provider-disabled or provider-verified state.

Risk:
- “high-resolution exports” and successful-provider language may over-promise if generation/provider/export quality has not been production-verified.
- The compliance pre-audit explicitly required avoiding high-resolution export promises unless provider/paid/export path is verified.

Required fix:
- Replace “Download high-resolution exports” with preview-safe wording such as “Open or download returned previews when generation is available”.
- Add a prominent provider/checkout status notice if the product is still in preview or provider-pending mode.
- Keep success-state language factual, but ensure it only appears after a real successful provider response.

## P1 findings

### P1-1 — Pricing amounts and credit terms vary across source/content surfaces

Evidence:
- Current source pricing cards: Free 2 anonymous previews/day, Pro Monthly $9, Credit Pack $5 (`src/components/PublicPages.tsx:7-38`).
- Checkout API grants monthly/yearly 200 credits and credit_pack 100 credits (`src/app/api/checkout/stripe/route.ts:5-9`).
- Prior extracted production/legal content and older terms showed different values such as $12/mo, $96/yr, $6 pack, 2 credits/day, and 200 credits/month. Browser-rendered production now shows $9/$5 but no annual card, while account panel still exposes Pro yearly.

Risk:
- Inconsistent pricing/credit disclosures across pages, API, and checkout links can create billing dispute risk.

Required fix:
- Create one pricing source of truth for Free, Pro Monthly, Pro Annual, Credit Pack: price, credits, validity, refund window, renewal/cancel terms.
- Ensure `/pricing`, `/terms`, `/refund`, checkout metadata, and account panel all use the same values.

### P1-2 — Policy pages inherit live billing disclosure even when page context is privacy/terms/refund/cookie

Evidence:
- `PolicyPage` renders `<BillingDisclosure />` for all policy pages (`src/components/PublicPages.tsx:123-142`).
- That disclosure currently says paid checkout is live.

Risk:
- A stale billing claim is duplicated across every legal page, raising the chance that one page is missed during future edits.

Required fix:
- Make BillingDisclosure mode-aware: `preview`, `planned`, or `live_verified`.
- Default legal pages to preview-safe language unless a launch flag confirms production billing is verified.

## Positive checks

- Homepage hero first screen no longer exposes Account Credits, Login with Google, Pro monthly/yearly, Credit pack, or hard-coded “2 free generations left today”. Browser snapshot confirmed only upload, prompt, template selection, and Generate Edit are in the hero editor.
- Footer legal links exist and are reachable: `/terms`, `/privacy`, `/cookie-policy`, `/refund`, `/contact` all returned HTTP 200.
- Contact email uses the site domain: `support@aieditorrsp.net`.
- Terms include upload rights, acceptable use, no guaranteed output, and prohibited categories including impersonation, explicit content, minors, ID/doc manipulation, watermark removal, fraud, and protected-IP prompt packs.
- Refund policy covers subscriptions, credit packs, failed generation handling, taxes/receipts, and refund request channel.
- Homepage safety language avoids unlimited-generation claims.

## Checks run

- Read input brief: `/root/.hermes/reports/aieditorrsp-hero-optimization-20260603/input-brief.md`.
- Read parent handoff metadata from Kanban task `t_0e10d584`.
- Git/source state: `git rev-parse HEAD` = `bad3a84a398c89f967998398471c878be16e9011`; `git status --short` produced no dirty output.
- Production HTTP smoke via curl: `/`, `/pricing`, `/privacy`, `/terms`, `/refund`, `/cookie-policy`, `/contact`, `/api/credits`, `/api/checkout/stripe?plan=monthly`, `/api/auth/login?return_to=/ai-photo-prompt-editor`.
- Browser production checks: homepage accessibility snapshot; pricing page snapshot; pricing body text extraction via browser console.
- Source review: `ProductPreviewEditor.tsx`, `CreditAccountPanel.tsx`, `StitchStudio.tsx`, `PublicPages.tsx`, `privacy/page.tsx`, `terms/page.tsx`, `refund/page.tsx`, `cookie-policy/page.tsx`, `api/credits/route.ts`, `api/checkout/stripe/route.ts`, `api/auth/login/route.ts`, `api/generate-image/route.ts`.

## Residual risk

- No authenticated Google OAuth test could complete because production OAuth returned `redirect_uri_mismatch`.
- No Stripe Checkout test could complete because checkout requires login and login is broken.
- No paid entitlement or webhook verification was performed in this compliance pass.
- No real provider generation was executed to avoid unnecessary provider/credit consumption; provider readiness was assessed through source/API state and public claims.

## Next inputs needed

- Frontend/legal remediation commit replacing live billing/checkout language with preview-safe or verified-live language.
- Production Google OAuth redirect URI evidence for `https://aieditorrsp.net/api/auth/callback/google`.
- Stripe Checkout test evidence: product name, price, tax, success/cancel redirect, order record, entitlement/credit grant, webhook update.
- Provider generation evidence or explicit provider-disabled launch mode.
- Single source-of-truth pricing/credits/refund table for Free, Pro Monthly, Pro Annual, and Credit Pack.