docs: refresh post-pre-deploy-audit (M-1, M-2, N-1, N-2)

[fbmoulin]

Resolves the 4 documentation-drift findings deferred from PR #21:

• M-1 (CLAUDE.md "Known issues" stale): rewritten — all 9 P1 + all 12 P2 closed; ~13 P3 remain; added pre-deploy-audit summary (4 MAJOR + 9 MINOR remaining after this PR closes M-1/M-2/N-1/N-2).
• M-2 (WORKFLOW.md aspirational stages): status banner now reflects all 6 stages shipped 2026-04-27 (probe.py 12 tests, post_process.py 6 tests, validate.py 21 tests).
• N-1 (test count drift): CLAUDE.md "52 tests, ~0.6s" -> "210 passed
  • 2 skipped, ~3s (live OpenAI gated)".
• N-2 (cost claim unverified): PERSONALIZATION.md + HANDOFF.md annotated with 2026-04-27 live measurement (text-only ~$0.05/run across 2 runs; $0.32 forecast assumes 3 hero/feature images on top). Forecast number preserved since the breakdown is consistent.

Drive-by:

• README.md reading-order: WORKFLOW.md no longer 'Stages 1, 6 aspirational'; PERSONALIZATION.md no longer 'spec only'.
• ROADMAP.md current-state: rewritten to reflect Phase 0-6 shipped + pre-deploy audit landed. P2-9 deferral clarified (doc reword closed 2026-05-10; A/B harness itself still deferred).
• PERSONALIZATION.md status banner flipped SPEC ONLY -> SHIPPED with pointer to personalize/ + 89 tests + 2 gated live tests.
• HANDOFF.md (historical 2026-04-27 snapshot) got a top-of-file update banner pointing readers to ROADMAP.md / TODO.md / PRE_DEPLOY_AUDIT for current state.
• PRE_DEPLOY_AUDIT_2026-05-10.md findings table updated: M-1, M-2, N-1, N-2 marked RESOLVED with strike-through; executive-summary counts re-narrated.

Summary by CodeRabbit

• Documentation
  • Updated documentation to reflect the completion of Phases 4–6, including the Personalization feature now live.
  • Test results increased to 210 passed + 2 skipped tests.
  • All P1/P2 security audit items have been closed.
  • Pre-deploy audit finalized with remaining items documented for tracking.
  • All six workflow stages are now fully implemented and shipped.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation updates reflect project milestone completion: all six phases shipped as of 2026-05-10, pre-deploy audit items resolved with PR #21, and feature documentation transitioned from spec-only to shipped status with cost reconciliation and audit closure details.

Changes

Phase Completion and Audit Status Updates

Layer / File(s)	Summary
Roadmap Phase Completion ROADMAP.md	"Current state" updated to 2026-05-10: all six phases shipped, Personalization MVP live, P1/P2 audit items closed. Pre-deploy audit completed with BLOCKER fixes. Phase 4 out-of-scope list clarified: A/B harness deferred while doc-reword closed.
Workflow Implementation Status docs/WORKFLOW.md	"Implementation status" updated from 2026-04-27 to 2026-05-10: all six pipeline stages shipped with Stage 6 landing details and Track B vs Track A clarification.
Handoff Snapshot & Cost Reconciliation docs/HANDOFF.md	2026-05-10 historical snapshot added: phases 4–6 shipped, P2 audit items closed, mypy coverage expanded, PR #21 pre-deploy audit landed, test count 210 passed + 2 skipped. Cost budget wording revised for Phase 4 with measured text-only and forecasted image generation costs.
Personalization Feature Shipped docs/PERSONALIZATION.md	Status changed from "spec only" to "SHIPPED" for Phase 4. Added implementation location, P2-11 audit closure reference, live-test cost reconciliation, image cost forecast, and hard $1.00 cap enforcement note.
Pre-Deploy Audit Resolution docs/PRE_DEPLOY_AUDIT_2026-05-10.md	Executive summary: both BLOCKER items (B-1/B-2) fixed in PR #21. Findings table: documentation-drift (M-1/M-2) and doc-correctness items (N-1/N-2) marked resolved via post-audit work.
Supporting Reference Updates CLAUDE.md, README.md	Test summary updated to 210 passed + 2 skipped. Known issues audit status revised with P1/P2 closure totals and remaining P3 estimate. README documentation status claims updated: WORKFLOW.md and PERSONALIZATION.md marked shipped on 2026-04-27.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• fbmoulin/kratos-clone#21: This PR updates documentation to reflect the pre-deploy audit fixes and closures delivered in PR #21, including BLOCKER fixes and documentation resolution work.
• fbmoulin/kratos-clone#6: This PR updates docs/HANDOFF.md with a new historical snapshot that revises test counts and audit/ship status, directly extending the handoff snapshot mechanism originally introduced in PR #6.

Poem

🐰 Six phases shipped, the docs align,
With audit items closing, all signs shine,
The handoff snapshot marks the way,
From spec to shipped, milestone's here to stay!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: resolving four documentation-drift audit findings (M-1, M-2, N-1, N-2) through post-audit documentation refresh across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/refresh-post-audit-2026-05-10

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the project documentation across several files to reflect the current state of the codebase as of May 2026. Specifically, it marks all six development phases as shipped, updates test counts to 210, and reconciles OpenAI cost forecasts with actual measurements. The documentation now correctly shows that P1 and P2 audit findings are closed and provides an updated status for the pre-deploy audit. Feedback was provided to correct an inconsistency in the reported number of remaining major and minor issues in CLAUDE.md to ensure it aligns with the latest audit results.

[gemini-code-assist]

The counts for remaining findings and the list of deferred items are inconsistent with the updates in docs/PRE_DEPLOY_AUDIT_2026-05-10.md. Since this PR resolves M-1, M-2, N-1, and N-2 (and N-3 was already resolved via B-2), the remaining count should be 3 MAJOR (M-3 cryptography, M-4, M-5) and 6 MINOR (N-4 through N-9). Additionally, "doc drift" should be removed from the deferred list as it is the primary focus of this PR.

Suggested change

	> CVE within M-3 also bumped there. Remaining: 4 MAJOR + 9 MINOR
	> deferred (cryptography 41 bump, doc drift, in-memory rate-limit storage,
	> Playwright 1.57 memory regression, Dockerfile hardening, etc.).
	> CVE within M-3 also bumped there. Remaining: 3 MAJOR + 6 MINOR
	> deferred (cryptography 41 bump, in-memory rate-limit storage,
	> Playwright 1.57 memory regression, Dockerfile hardening, etc.).

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

README.md (1)

20-20: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Inconsistent status claim for PERSONALIZATION.md.

Line 20 describes docs/PERSONALIZATION.md as "spec only — not yet implemented", but line 176 in the reading order section states it was "shipped 2026-04-27". This contradicts the PR objective which indicates personalization was shipped in Phase 4.

🔧 Proposed fix

-| **Architecture specs** | `docs/PROMPT_v2.md`, `docs/WORKFLOW.md`, `docs/PERSONALIZATION.md` | Optimized LLM prompt for design-system extraction, 6-stage workflow plan, and OpenAI Responses-API personalization architecture (spec only — not yet implemented). |
+| **Architecture specs** | `docs/PROMPT_v2.md`, `docs/WORKFLOW.md`, `docs/PERSONALIZATION.md` | Optimized LLM prompt for design-system extraction, 6-stage workflow plan, and OpenAI Responses-API personalization architecture (shipped 2026-04-27). |

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 20, The README has contradictory status text for
docs/PERSONALIZATION.md: the Architecture specs table line that says "spec only
— not yet implemented" should be reconciled with the Reading order entry that
marks PERSONALIZATION as "shipped 2026-04-27"; update the Architecture specs
table entry for docs/PERSONALIZATION.md to reflect the shipped status (or
conversely update the Reading order entry if the correct state is "not yet
implemented") so both sections match, keeping the chosen status and date
consistent with the PR objective that personalization shipped in Phase 4.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/PRE_DEPLOY_AUDIT_2026-05-10.md`:
- Around line 14-18: The executive summary and CLAUDE.md disagree on remaining
issue counts; reconcile them to "3 MAJOR, 6 MINOR" by updating the incorrect
text. Use the detailed findings table to confirm that M-1 and M-2 are resolved,
M-3 partially deferred (cryptography), and M-4/M-5 deferred (total 3 MAJOR
remaining), and N-1..N-3 resolved with N-4..N-9 deferred (6 MINOR remaining),
then edit the CLAUDE.md/Executive Summary section so both state "3 MAJOR, 6
MINOR remaining after this PR" and ensure any nearby summary lines referencing
"4 MAJOR + 9 MINOR" are corrected.

In `@docs/WORKFLOW.md`:
- Around line 6-11: Update the status banner date in docs/WORKFLOW.md so it
reflects the actual completion date of the implementation: change the string
"Implementation status (2026-05-10)" to "Implementation status (2026-04-27)";
locate the banner line containing that exact phrase and replace the date to
match the Phase 5 landing date referenced in the surrounding lines (e.g., the
lines mentioning Phase 5 (2026-04-27) and scripts like `scripts/probe.py`).

---

Outside diff comments:
In `@README.md`:
- Line 20: The README has contradictory status text for docs/PERSONALIZATION.md:
the Architecture specs table line that says "spec only — not yet implemented"
should be reconciled with the Reading order entry that marks PERSONALIZATION as
"shipped 2026-04-27"; update the Architecture specs table entry for
docs/PERSONALIZATION.md to reflect the shipped status (or conversely update the
Reading order entry if the correct state is "not yet implemented") so both
sections match, keeping the chosen status and date consistent with the PR
objective that personalization shipped in Phase 4.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4e3e618d-800a-469a-a850-0d3ffeffe962

📥 Commits

Reviewing files that changed from the base of the PR and between 59d53b9 and 8162646.

📒 Files selected for processing (7)

• CLAUDE.md
• README.md
• ROADMAP.md
• docs/HANDOFF.md
• docs/PERSONALIZATION.md
• docs/PRE_DEPLOY_AUDIT_2026-05-10.md
• docs/WORKFLOW.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Inconsistency: remaining MAJOR/MINOR counts don't match CLAUDE.md claim.

The executive summary correctly states that after this PR:

• MAJOR: M-1, M-2 resolved; M-3 (cryptography part), M-4, M-5 deferred → 3 remaining
• MINOR: N-1, N-2, N-3 resolved; N-4..N-9 deferred → 6 remaining

However, CLAUDE.md lines 129-130 claims "4 MAJOR + 9 MINOR remaining after this PR".

This appears to be a counting error in CLAUDE.md. Either that file needs correction, or this executive summary needs adjustment to reconcile the discrepancy.

🔢 Verify and align the counts

Check which document has the correct count by reviewing the detailed findings table (lines 75-88). Based on that table:

MAJOR (5 total):

• M-1: RESOLVED ✅
• M-2: RESOLVED ✅
• M-3: split (urllib3 fixed, cryptography DEFERRED) → 1 remaining
• M-4: DEFERRED → 1 remaining
• M-5: DEFERRED → 1 remaining
  Remaining: 3 MAJOR

MINOR (9 total):

• N-1: RESOLVED ✅
• N-2: RESOLVED ✅
• N-3: RESOLVED via B-2 ✅
• N-4..N-9: DEFERRED → 6 remaining
  Remaining: 6 MINOR

If this count (3 MAJOR + 6 MINOR) is correct, update CLAUDE.md:129-130. If CLAUDE.md is correct, adjust this executive summary.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/PRE_DEPLOY_AUDIT_2026-05-10.md` around lines 14 - 18, The executive
summary and CLAUDE.md disagree on remaining issue counts; reconcile them to "3
MAJOR, 6 MINOR" by updating the incorrect text. Use the detailed findings table
to confirm that M-1 and M-2 are resolved, M-3 partially deferred (cryptography),
and M-4/M-5 deferred (total 3 MAJOR remaining), and N-1..N-3 resolved with
N-4..N-9 deferred (6 MINOR remaining), then edit the CLAUDE.md/Executive Summary
section so both state "3 MAJOR, 6 MINOR remaining after this PR" and ensure any
nearby summary lines referencing "4 MAJOR + 9 MINOR" are corrected.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Date inconsistency in status banner.

Line 6 states "Implementation status (2026-05-10)" but line 8 says the stages "landed in Phase 5 (2026-04-27)". The status banner date should reflect when the implementation was completed (2026-04-27), not the date of this documentation update.

📅 Proposed fix

-> **Implementation status (2026-05-10).** All 6 stages shipped.
+> **Implementation status (2026-04-27).** All 6 stages shipped.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	> **Implementation status (2026-05-10).** All 6 stages shipped.
	> Stages 1 (`scripts/probe.py`, 12 tests), 3 (`scripts/post_process.py`, 6 tests),
	> 6 (`scripts/validate.py`, 21 tests) all landed in Phase 5 (2026-04-27). Stage 4
	> Track B (LLM prompt v2) is the optional polished deliverable; Track A (Python
	> generator) is the deterministic baseline. See `docs/AUDIT.md` for findings status
	> and `ROADMAP.md` for the full phase log.
	> **Implementation status (2026-04-27).** All 6 stages shipped.
	> Stages 1 (`scripts/probe.py`, 12 tests), 3 (`scripts/post_process.py`, 6 tests),
	> 6 (`scripts/validate.py`, 21 tests) all landed in Phase 5 (2026-04-27). Stage 4
	> Track B (LLM prompt v2) is the optional polished deliverable; Track A (Python
	> generator) is the deterministic baseline. See `docs/AUDIT.md` for findings status
	> and `ROADMAP.md` for the full phase log.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/WORKFLOW.md` around lines 6 - 11, Update the status banner date in
docs/WORKFLOW.md so it reflects the actual completion date of the
implementation: change the string "Implementation status (2026-05-10)" to
"Implementation status (2026-04-27)"; locate the banner line containing that
exact phrase and replace the date to match the Phase 5 landing date referenced
in the surrounding lines (e.g., the lines mentioning Phase 5 (2026-04-27) and
scripts like `scripts/probe.py`).