Email security gateways (Microsoft Defender Safe Links / ATP, Proofpoint,
Mimecast, Barracuda, etc.) auto-fetch and often render every link in a
campaign email to scan for malware. The advanced ones drive a real headless
browser, execute JS, and fire Umami pageviews/clicks that masquerade as human
visits -- inflating campaign click-through.
New site/public/js/pw-bot-filter.js queries multiple real-browser signals and
gates Umami via its official data-before-send hook (umamiBeforeSend), dropping
all events when the visitor is a bot. Signals (from empirical chromium probing):
decisive: navigator.webdriver, HeadlessChrome UA, known scanner UAs, zero/
collapsed screen|viewport|outer geometry, window LARGER than the
physical screen (impossible on real HW; uses outerW/H so page zoom
does not false-positive), software GPU rasterizer (SwiftShader/
llvmpipe/swrast via WebGL UNMASKED_RENDERER), zero logical CPUs.
soft (>=2 to trip): tiny screen, inner>screen, low color depth, empty
navigator.languages, no input device (no fine/coarse pointer + no
hover + 0 touch), no WebGL on a desktop UA.
Designed to FAIL OPEN: only strong/corroborated evidence suppresses, so real
visitors (incl. zoomed, privacy-tooled, remote-desktop, kiosk) still count.
Wired before the Umami tag in Base.astro (Astro pages) and all 86 static
public/**/*.html pages; both load with defer so order is guaranteed and the
hook is defined before Umami reads it.
Tested end-to-end with chromium (site/tests/bot-filter.test.sh, 4/4):
default headless-new, spoofed-Windows-UA + normal 1366x768 window, and
spoofed-UA + 1x1 window are all caught; hook returns null to drop the event.
New page /services/corporate/dexit-reincorporation (matches CRTC service-page
structure): explains DEXIT, the DE franchise-tax dollar driver (real Oracle Health
proxy: $23,600 -> ~$1,000), NV/TX/FL destination guidance, 6-step how-it-works,
3 cited real SEC reincorporation filings (Oracle Health, FG Financial, LogicMark)
with verbatim quotes + EDGAR links, honesty callout, and a lead-gen CTA ('Get my
DEXIT estimate' -> /contact?topic=dexit, NOT a buy-now checkout). Linked from the
corporate services index (new card) + the global Services dropdown across the site.
docs/dexit-cited-filings.md: the filing excerpts + verified gov/statute links.
docs/dexit-readiness-assessment.md: HONEST e2e readiness -- new NV/TX formation is
built (checkout order_type=formation -> formation_orders -> ERPNext SO ->
formation_worker -> TX/NV adapters) but unverified e2e; the 'move a company'
(conversion/domestication) flow + corporate annual-report automation are NOT built;
EIN is kept on a conversion (our ein_worker does NEW EINs only). Page stays lead-gen
until the generic entity-conversion SKU + admin-assisted handler are built+tested.
1. Email: add a 'Problem with your order? We're here to help' support band to
the shared htmlEmail() footer, so EVERY transactional email (confirmation,
portal link, receipts) has a prominent 'Get help with your order' button
linking to /contact. Less silent frustration -> fewer chargebacks.
2. NPI order form: entering a 10-digit NPI now auto-fills provider name, practice
state, and specialty from the live NPPES lookup (same API as the free
compliance-check tool), with a 'Found: <name>' confirmation. Only fills empty
fields so it never clobbers edits.
3. NPI order form: read ?npi= from the URL so the email 'Start my revalidation'
click lands with the NPI prefilled and the rest auto-filled (was being
ignored entirely before).
4. Support FAB: add the floating help button + panel to 27 static public pages
that were missing it (order, portal, trucking, survey, upload pages), so help
is one click away everywhere.
The site header / Services mega-dropdown was duplicated across two render
systems (Astro pages via Base.astro->nav.html, and ~80 pre-rendered static
public/**/index.html pages each embedding their own copy). They had drifted
into 5 different variants (missing 'New Carrier Setup', misplaced Healthcare
column, NEW vs FREE badges, em-dash encoding differences), so
dev.performancewest.net, the order pages, and the rest of the site disagreed.
- Make site/src/partials/nav.html the single source of truth (adopts the most
complete variant).
- Add scripts/sync_nav.py to rewrite every static page's <nav> block from
nav.html (idempotent; --check guards against drift in CI/deploy).
- Run the sync automatically in deploy.sh and scripts/deploy-dev.sh.
- Deprecate scripts/inject_healthcare_nav.py (now delegates to sync_nav.py).
- Neutralize the broken no-op SiteNav.astro component.
All 80 headers + the Astro-built order pages now render the identical dropdown.
The site's pre-rendered public/**/index.html pages each embed their own copy
of the Services mega-dropdown and do not read src/partials/nav.html, so the
earlier nav.html-only edit never appeared. inject_healthcare_nav.py adds the
canonical Healthcare block (Medicare Revalidation, Medicare Enrollment, NPI/
NPPES Services, free NPI Compliance Check) to the desktop Column 3 + mobile
menu of all 80 static pages. Idempotent.
- Auto-uncheck conflicting services: closing-down (carrier-closeout, entity-
dissolution) vs any operational filing; new USDOT vs reactivation; new USDOT
vs MCS-150 update.
- Hero: removed 'this is all we do' (we also do telecom); 4-col grid.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- send_test no longer overwrites {{ UnsubscribeURL }} with a dead static URL;
Listmonk renders it into a working per-subscriber unsubscribe link.
- dot-compliance hero grid: 4 columns (minmax 150px, max-width 920px) instead
of 3 to reduce vertical space.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
4-card dark hero: specialized in trucking compliance, fast turnaround (1-2 days),
attention to detail (verified against current FMCSA reqs), real people/support.
Trust bar updated: No Login.gov required + Klarna added.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
These were missing — the ETA button in email 188 linked to the order page
with services=emergency-temporary-authority but no matching checkbox existed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- order/dot-compliance: add carrier-closeout ($199) + entity-dissolution ($49)
cards so the checker's wrap-up CTA actually resolves (was a dead-end: no
matching data-slug checkbox to pre-select)
- new-carrier flag: drop the 'not tax advice / we'll confirm' hedge, reframe
confidently as a fee/cost point (not taxes); only show the Wyoming-LLC caveat
when Wyoming is actually selected
- checker: fix malformed inline style on the sell-truck textarea (missing ;)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Page was missing the hoisted.yFz1BYXO.js script that handles
nav dropdown toggle, mobile menu, auth, and subscribe modal.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bulk updated nav to include Trucking/DOT section in desktop dropdown,
mobile menu, and footer across all public/ HTML pages. Consistent
site chrome everywhere now.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
No such thing as a "licensed compliance firm" — changed to
"Professional compliance consulting" and "Experienced Compliance Team".
Keeps factual descriptions only to avoid any UPL/misrepresentation risk.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When 3+ services are pre-selected from URL and 2+ are bundle components,
automatically check the bundle and uncheck the individual items.
Also triggers bundle uncheck logic after any URL pre-selection.
Prevents showing bundle AND its individual services simultaneously.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
checkboxes were captured at page load before state services rendered.
Now uses getCheckboxes() to re-query each time + delegated change
listener for dynamically added checkboxes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fetchDiscount now fires on page load if promo field has ANY value
(not just from URL param), plus debounced on input events.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Each service line item now shows its price and a green -$X discount
next to it when a coupon is applied. Non-discountable items (BOC-3,
D&A, MC Authority) show price only. Gov fees shown as sub-items.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Non-discountable services: BOC-3 ($25 vendor), D&A (~$100 provider),
MC Authority ($300 gov fee). All other DOT services are pure labor.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Order page now fetches discount code from API and shows:
- Discount line item with percentage and savings amount
- Non-discountable items excluded (D&A)
- Auto-fetches on page load if ?code= param present
- Re-fetches on promo field blur
- Green "You save $X!" text
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Order page: insurance referral checkbox (pre-checked) shown when
?ins=1 from checker or carrier has insurance gap. Flag stored
in intake_data.insurance_referral_requested.
- Checker CTA passes &ins=1 when insurance issues found.
- MCS-150: use mcs150Outdated=N from FMCSA API to show green even
without exact date. Fixes "Filing date not available" for carriers
not in local census.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. Insurance "on file" check: undefined !== null was true, falsely
showing green. Changed to !!field && field !== "0".
2. Insurance lead ticket: filtered for c.id === "insurance" but
actual IDs are insurance_bipd/cargo/bond. Fixed to match prefix.
3. Bundle pricing: was $499 for $376 of services (MORE than
individual). Now includes Safety Audit Prep ($399), making
individual total $775 and bundle saves $276.
4. Order page submit button: inline styles for visibility
(bg-orange-500 not in Astro CSS).
UCR $46 gov fee confirmed correct for 2026 (fees stayed flat).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
/order/dot-compliance — select DOT/FMCSA services and checkout.
8 services: MCS-150, BOC-3, UCR, DOT registration, MC authority,
Drug & Alcohol, Audit Prep, Full Compliance Bundle.
Pre-fills DOT#, email, and promo code from URL params.
Uses same batch order + checkout API as FCC compliance page.
Orange theme for trucking brand.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
