Astro hoists multiple step scripts from Wizard even when the step is not
rendered on the current order page. Several steps bound DOM elements at load
time with no presence check, causing null addEventListener errors on unrelated
order pages.
Add step-presence guards to the obvious offenders used by the shared wizard:
IccImportStep, Block6CertStep, WirelessStep, BundledServiceStep, CPNIStep,
and LNPARegionStep.
- Guard PaymentStep DOM bindings so its hoisted script no longer throws on
pages without a payment step.
- Remove the correct wizard nav element on successful intake submit
(pw-wizard-nav, not the nonexistent pw-wizard-footer).
The cold-visitor Finish flow created the order then called Stripe Checkout
directly, which is gated on intake_data_validated=true and returned 422
INTAKE_NOT_VALIDATED. Now call POST /compliance-orders/:n/validate between
create and checkout (matching the token-order flow), and surface any missing
required fields to the user instead of a raw HTTP error.
Add TruckingValueNotice on the 14 state trucking order pages. Each page now
shows, near the price:
- 'You already owe this' reframe: the tax/fee is a liability the moment the
carrier operates in the state; we do not create it.
- Per-program 'how you protect and recover money' bullets (IFTA fuel-tax
credits/refunds, IRP apportionment vs trip permits, avoided penalties,
citations, out-of-service, and protected operating revenue).
- 'Is this a tax write-off?' section: BOTH our service fee AND the state
tax/fee paid are deductible business expenses (IRC 162), with the exact
return line per entity type (Schedule C / 1120 / 1120-S / 1065), mirroring
the telecom TaxDeductibilityNotice pattern. Fuel taxes noted as part of
fuel cost.
Not tax advice; disclaimer included.
- Wizard Finish button: for visitors with no token/order (e.g. arriving via a
campaign ?dot= link), create the compliance order from collected intake data
and redirect to Stripe Checkout, instead of silently doing nothing.
- StateTrucking: Operating States no longer required; single-state/intrastate
carriers can finish (relabeled 'Other Operating States (if any)').
- build_trucking_campaigns: per-state programs (weight_tax/emissions) now derive
the CTA landing page from the deficiency flag's state suffix (e.g.
state_weight_tax_OR -> OR), not the carrier base state, so a GA-based carrier
flagged for OR weight-mile tax links to the OR page (not a mismatched one).
Campaign CTA buttons link to /order/<slug>?dot=1234567. Add a fast local-only
GET /api/v1/dot/census endpoint (vs the heavy 12s live /dot/lookup) and a ?dot=
branch in the Wizard that seeds intake_data from the carrier's cached FMCSA
census record (name, email, base state, city/street/zip, power units). The
existing StateTrucking step already prefills its inputs from intake_data, so the
form now shows up pre-populated. Best-effort: only fills empty fields, never
blocks the form, never overwrites visitor input.
send_test() replaced company/dot/state placeholders but not
{{ .Subscriber.Attribs.lp_link }}, so the CTA button (Check My Emissions
Status, Register My Tax Account, etc.) rendered as a bare '?dot=...' that
linked to nowhere in every owner test/approval email. Real subscribers were
unaffected (their lp_link attrib is populated). Now the test mirrors the real
audience link via build_lp_link(campaign_type, state).
Lets us fire small, controlled batches (e.g. MCS-150 only, 100/tz, sent today)
while the new sending IPs warm up, instead of the full multi-segment schedule.
Document the self-hosted MTA layout, the May 30-31 reputation collapse, the
Jun 02 remediation (retired burned IPs .91/.92/.93, swapped rotation to fresh
.94/.95/.96, full Yahoo-family hold map, Listmonk sliding-window cap, paused
the 13k-recipient blast scheduled for Jun 03), and the fresh-IP warmup rules +
monitoring commands.
Yahoo operates a large family of consumer domains (AOL, AT&T, Verizon,
Frontier, sbcglobal, bellsouth, etc.) that aggressively defer cold senders
with 421 'unexpected volume / user complaints', which poisons our self-hosted
sending IP for every other provider. Previously we only excluded
aol.com/yahoo.com/ymail.com/rocketmail.com.
Centralize the authoritative block list in scripts/_email_exclusions.py and
import it from both audience builders so they stay in sync.
Fills the 7 missing /services/trucking/* pages referenced by
setup_trucking_campaigns.py (kentucky, new-mexico, connecticut done earlier;
these 4 complete the set). Each follows the Oregon page template with
service-specific requirements + CTAs routing to the correct /order/ page.
Add 6 flag-based campaign segments to build_trucking_campaigns.py keyed off
fmcsa_carriers.deficiency_flags: for_hire_boc3, irp_ifta, intrastate_authority,
state_weight_tax (per-state LP), state_emissions (CA->ca-mcp-carb), hazmat.
Each injects an order-LP link into subscriber attribs (lp_link) and only
schedules when its CAMPAIGN_*_ID source template env is set (nightly run never
breaks on unconfigured templates). Adds --list-segments audience report and a
synthetic-data segment test (fixed a real psycopg2 % escaping bug in LIKE).
- DOT lookup now returns prerequisite_status {usdot_active, authority_active,
authority_pending} from live FMCSA data so the order flow can advise
sequencing BEFORE a customer places an order.
- State-requirements recommendations annotated with prerequisite + label
(e.g. IRP/IFTA/state taxes need an active USDOT) for UI warnings.
Add /order/{irp-registration,ifta-application,ifta-quarterly,or-weight-mile-tax,
ny-hut-registration,ky-kyu-registration,nm-weight-distance,ct-highway-use-fee,
ca-mcp-carb,state-dot-registration,intrastate-authority,osow-permit,
state-trucking-bundle,hazmat-phmsa,state-emissions,usdot-reactivation}.
Each renders the slug-gated state-trucking intake wizard. Site builds 48 pages,
new routes verified to render correct intake sections.
Dependency edges can now require the prerequisite be ACTIVE at FMCSA, not
just our handler completed. mc-authority/ucr/d&a now wait for an active
USDOT; BOC-3 stays parallel-OK (can file while authority pending). Adds
_prerequisite_active() polling FMCSA QC API, a waiting_on_activation hold
state with next-check timestamp, and a 21-day authority vetting estimate
for customer comms. Branch logic unit-tested.
_get_authority_state() returns structured FMCSA authority state; handle()
branches on active/pending/revoked/none:
- active: file/refresh BOC-3 (current behavior)
- pending: file BOC-3 + insurance/21-day-vetting reminder
- revoked: file + recommend reinstatement (mc-authority, never auto-charge)
- none (USDOT only): flag MC authority needed first, do not file blindly
recommended_followups + authority_state persisted in admin todo for
upsell-approve on the order timeline.
Cross-references every DOT/state/hazmat slug across COMPLIANCE_SERVICES,
REQUIRED_FIELDS, SERVICE_META, INTAKE_MANIFEST, and SERVICE_HANDLERS, and
verifies every required field is collectible by its assigned intake steps.
Caught + fixed missing usdot-reactivation SERVICE_META entry. 24/24 pass.
Adds Tawk_API.onLoad mobile guard (max-width 768px -> hideWidget) in shared
footer snippet and current built pages so mobile browsers no longer get the
proactive text bubble covering content.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Forms that legally require the client's signature were not being captured
correctly:
- MCS-150 handler created a perjury e-sign record but then submitted to FMCSA
anyway, before the client signed. Now it gates submission: request the
signature, hold, and only file when handle_esign_completed re-dispatches with
client_approved=True.
- MCS-150 e-sign links were signed with JWT_SECRET/ADMIN_JWT_SECRET, but the
portal verifies with CUSTOMER_JWT_SECRET, so every link returned "Invalid
portal link." New shared dot_esign helper signs with CUSTOMER_JWT_SECRET.
- carrier-closeout (final MCS-150 Out of Business) and entity-dissolution
(Articles of Dissolution + no-lawsuits/liens/judgments attestation) captured
no signature at all. Both now request a signed attestation before the
workflow proceeds.
- mc-authority / emergency-temporary-authority now get a correctly labeled
OP-1 applicant certification instead of an "MCS-150" record.
Also fixes a latent dispatcher bug: order["service_slug"] was never set, so
handlers sharing a class fell back to their default SERVICE_SLUG. This made
entity-dissolution run the carrier-closeout branch and mc-authority/etc. look
like mcs150-update. Now the resolved slug is injected into order_data.
Portal e-sign page now renders the document-specific certification text from
metadata.perjury_text (so the dissolution no-liabilities attestation and OP-1
cert are actually shown to the signer), not just a generic perjury line.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ROOT CAUSE of orders never fulfilling: the batch Sales Order used the service
SLUG as item_code (e.g. 'mcs150-update') but ERPNext items use the catalog
erpnext_item codes ('MCS150-UPDATE'), so SO creation threw 'Item not found' ->
no SO -> no portal -> no fulfillment. Now maps slug -> erpnext_item (falls back
to COMPLIANCE-SERVICE). DOT ERPNext items were also missing — created them.
Notification: show Subtotal / Discount / Card surcharge / Total so totals like
$35.54 (= $34.50 + $1.04 surcharge) are transparent instead of looking wrong.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Federal DOT services (MCS-150, BOC-3, UCR, authority, D&A, audit, full-compliance,
reactivation, ETA, closeout) now have customer intake pages, so they get an
intake-form link like FCC services instead of the old 'admin-assisted / we're
working on it' message. Only form-less state-level filings stay admin-assisted.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Was reading only updated.rows[0] -> reported a single line item's net as the
'Total' and showed just one service for multi-service batches (e.g. Paul Wilson's
3-service $218 PayPal batch showed as 'mcs150-update $34.50'). Now sums
service_fee - discount + surcharge + gov_fee across all rows and lists every
service.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Gap: dot-registration (new USDOT=MCS-150) routed through intake but never asked
for photo ID; usdot-reactivation, emergency-temporary-authority, carrier-closeout
(final MCS-150 + authority revocation), entity-dissolution, and entity-upgrade-
bundle weren't wired to collect it at all.
- intake_manifest: route usdot-reactivation, ETA, carrier-closeout,
entity-dissolution through the dot-intake step
- DOTIntakeStep DOT_SECTIONS: add dot-sec-photo-id for dot-registration and all
the above (operations + photo ID)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Auto-uncheck conflicting services: closing-down (carrier-closeout, entity-
dissolution) vs any operational filing; new USDOT vs reactivation; new USDOT
vs MCS-150 update.
- Hero: removed 'this is all we do' (we also do telecom); 4-col grid.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- send_test no longer overwrites {{ UnsubscribeURL }} with a dead static URL;
Listmonk renders it into a working per-subscriber unsubscribe link.
- dot-compliance hero grid: 4 columns (minmax 150px, max-width 920px) instead
of 3 to reduce vertical space.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- import_subscribers: was POSTing wrong bulk shape AND fallback used 'list_ids'
(ignored by Listmonk) instead of 'lists' -> subscribers never attached to the
list -> real sends would go to an empty list. Now single-adds with 'lists',
handles already-exists, returns a count, logs if 0 added.
- send_test: passed base['lists'] (objects) instead of IDs -> test send rejected.
Now extracts list IDs.
- create_and_schedule_campaign: add schedule= flag (preview makes drafts).
- --preview: 1 sample carrier/campaign, only owner email, drafts not scheduled,
test sends immediately, never marks real carriers sent.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Each of the 8 daily campaigns gets a test send immediately after creation
using the first row's real carrier data as the sample. TEST_EMAIL env var
overrides the default (carrierone@gmx.com).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
4-card dark hero: specialized in trucking compliance, fast turnaround (1-2 days),
attention to detail (verified against current FMCSA reqs), real people/support.
Trust bar updated: No Login.gov required + Klarna added.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
These were missing — the ETA button in email 188 linked to the order page
with services=emergency-temporary-authority but no matching checkbox existed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The original CREATE INDEX (non-concurrent) on a 2M-row table held a SHARE lock
for ~33 minutes, blocking all 25+ DOT checker queries and causing 'Failed to
fetch' for real users. CONCURRENTLY builds the index without a table lock.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
AbortSignal.timeout() requires Node 17.3+. The API container likely runs an
older Node version, so timeouts never fired -> fetch hung forever when FMCSA
API is down -> nginx proxy timeout -> 'Failed to fetch' in the browser.
Fix: use AbortController + manual setTimeout() which works on all Node versions.
All 3 external fetch points (fmcsaFetch x2, SOS x2) now actually abort at 5s.
Also: guard final res.json() with !res.headersSent so the 12s deadline fallback
and the normal response path can't double-send.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
