1  # Audit&Fix — TODO
 2  
 3  ## auditandfix.com Website
 4  
 5  ### Score-change notifications (scan.php email capture)
 6  
 7  - **Status:** Not built — keeping copy as-is ("We'll also notify you if your score changes")
 8  - User decision: keep copy, build the feature later
 9  - Options: (a) build scheduled re-scan + email system using optin_timestamp stored with email captures
10  
11  ### Email nurture sequence for scan.php leads
12  
13  - **Status:** Opt-in checkbox built ✓ — outreach pipeline not yet built
14  - Opt-in checkbox added to scan.php email gate (unticked by default)
15  - Label: "Yes, email me tips and occasional offers from Audit&Fix"
16  - JS sends `marketing_optin: true/false` and `optin_timestamp` with save-email API call
17  - **Remaining:** Backend needs to store `marketing_optin` and `optin_timestamp` in scan_emails table, then build outreach pipeline + unsubscribe mechanism
18  
19  ### Referral system
20  
21  - **Status:** Not built
22  - Concept: customer who purchased shares a referral link; if a new customer purchases via that link, referrer gets 15% off their next order
23  - **Components needed:**
24    - Referral code generation (post-purchase, on thank-you.php)
25    - Referral tracking (affiliate-style, cookie or URL param)
26    - Discount application at checkout (inject into PayPal order via API)
27    - Referral attribution in DB
28    - Thank-you page copy + CTA (placeholder copy already on thank-you.php)
29  - **Priority:** Medium — implement after core pipeline is stable
30  
31  ### /a/ dedicated landing page
32  
33  - **Status:** Built ✓ — see `auditandfix.com/a.php`
34  - URL: `/a/{site_id}` — personalised cold outreach landing page
35  - Shows domain + score gauge + grade from prefill data (loaded from `data/orders/{site_id}.json`)
36  - Falls back gracefully if no prefill data exists
37  - reply-processor.js now sends score+grade to store-prefill, builds /a/ short URLs
38  - o.php kept for backwards compatibility; new outreach uses /a/
39  - **Remaining:** Add `/a/(\d+)` rewrite to production .htaccess on Hostinger
40  
41  ### CRO Agent vs Scoring Research — Resolve Timer Disagreement
42  
43  - **Status:** ✅ Researched (2026-03-18) — CRO agent was right
44  - **Verdict:** Remove or replace the countdown timer on auditandfix.com
45  - **Scoring rubric updated:** Countdown timer elements now score 4/10 (not 9/10) for professional services sites — fake/evergreen timers damage trust on B2B cold-traffic pages
46  - **Full research:** `docs/03-pipeline/cro-timer-research.md`
47  - **Action needed (user):** Remove evergreen timer from `auditandfix.com/assets/js/main.js` or replace with a real operational constraint ("Delivering reports within 48 hours")
48  
49  ### SEO — hreflang tags
50  
51  - **Status:** Done ✓ — added to index.php and scan.php
52  - All 14 supported languages + x-default, ?lang= param format
53  
54  ### Schema markup
55  
56  - **Status:** Done ✓
57  - index.php: Organization + Service + FAQPage (8 questions)
58  - scan.php: WebApplication + FAQPage (4 questions)
59  
60  ### og:image
61  
62  - **Status:** Done ✓ — deployed by user (17 March 2026)
63  
64  ### Autoresponder: expand to form, X, and LinkedIn channels
65  
66  - **Status:** Not built
67  - Currently autoresponder only handles `sms` and `email` inbound (hardcoded in `src/inbound/autoresponder.js` line 635: `AND m.contact_method IN ('sms', 'email')`)
68  - **Goal:** When form, X (Twitter), and LinkedIn outreach channels are production-ready, extend the autoresponder to:
69    1. Detect inbound replies via those channels
70    2. Generate appropriate responses (form = email-length, X = 280 chars, LinkedIn = professional tone)
71    3. Send via the correct channel sender
72  - **Prerequisites:**
73    - Form: inbound detection mechanism (no webhook — would need polling or manual import)
74    - X: DM webhook or polling via Twitter API v2
75    - LinkedIn: messaging API access (restricted — may need LinkedIn partnership)
76  - **Trigger:** Enable per-channel as each channel's inbound pipeline is built
77  - **Ref:** Stone Depot (site #461983) was the first case where SMS hit a dead-end and form follow-up was needed manually
78  
79  ### .htaccess production deployment
80  
81  - **Status:** Partially done — production .htaccess rules need updating
82  - .htaccess.example has all current rules (clean URLs + /a/ landing page + data/ block)
83  - **Remaining actions for host terminal:**
84    1. Add clean URL rewrites: scan, thank-you, privacy, terms, cookies, impressum
85    2. Add `/a/(\d+)` rewrite for new landing page
86    3. Add `RewriteRule ^data/ - [F,L]` to block prefill JSON access
87    4. Add `SetEnv BUSINESS_PHONE` and `SetEnv BUSINESS_ABN`