Slipway · coastal-hospice-2026

SLIPWAY · build harness

← all builds

coastal-hospice-2026 (coastal-hospice-2026)

Repo coastal-hospice/coastal-hospice-2026 · Origin buildout · Owner dan@d3corp.com · Reference —

97%

complete — toward launch-ready

29/30

dimensions green

18/18

buildout gates

open P0

agent steps open

— paste into your local Claude Code to begin the loop

INTAKE

EXTRACT

ASSEMBLE

QA_LOOP

STAGING

AUDIT

LIVE

REFINE

Build & audit spec

Paste images or drop files anywhere ↑ — added as references your local agent resolves.

Design flats — siteupdates.com

siteupdates.com/coastal-hospice-2026 ↗ · matched build id · 15 mockups · click one for design ⇆ staging with synced scrolling

Homepage - Approved✓ APPROVED

Programs - Home Hospice

Programs - Grief Support 2

Services - Palliative Care

Services - Hopsice Travel

Services - Provider & Community Education 2

Events

Get Involved - Charitable Giving

Get Involved - Thrift Shop

Camp Chameleon

Action required

No action required right now.

Gate board — 30 dimensions

not launch-readysystem 25/26project 4/4

Green dimensions are collapsed; anything incomplete is expanded. Launch-ready = all 30 dimensions green AND 0 open P0 — a query, not a call.

system tier · 25/26 green

standards

✓ 2. Theme infrastructure (11/12)buildout-verify

– Pretty CPT taxonomy permalinks

✓ CPT body editor support ('editor' in supports)

✓ Nav menus assigned + populated in wp-admin

✓ Customizer integration (logo/accent/footer/social)

✓ Widget areas registered (Footer 1-4 + Blog Sidebar)

✓ Image sizes registered (add_image_size crops)

✓ Theme supports flags complete

✓ Archive pagination present

✓ Office addresses in Theme Options

✓ FAQ in ACF repeater / FAQ CPT

✓ Personnel order via menu_order

✓ Footer attribution in Theme Options

↪ /buildout Phase 14.5 — theme infrastructure defaults

✓ 3. Asset hygiene (1/1)asset-validate

✓ Image artifact pre-flight scan (asset-validate.py)

↪ /buildout Phase 5 + _tools/asset-validate.py

✓ 5. Schema / structured data (1/1)schema-validate

✓ JSON-LD complete + valid on every route — schema-validate.py PASS 17/17 routes (exit 0) against local build with the shipped stack active (Yoast wordpress-seo from composer + theme inc/seo-schema.php augmentation), contract=schema-contract.yaml, routes=contracts/coastal-hospice-2026-routes.yaml (new, real coastal routes — prior fail was the generic Morabito default routes /about//projects//blog/ which 404 here). Every route emits complete valid @graph: Organization+MedicalOrganization+NGO + WebSite + WebPage/CollectionPage + BreadcrumbList + 4x LocalBusiness; FAQPage w/ 23 Questions on /faqs/; ContactPage on /contact-us/; CollectionPage on /news/. All @id refs resolve, unique, host-consistent. Universal meta (description, canonical, og:title/desc/url/type/site_name, twitter:card) present on every route. Fix shipped in theme commit af6f820: wpseo_metadesc + wpseo_opengraph_desc fallback (excerpt->content->org description) so meta+OG description always emit even before an editor sets one. CAVEAT logged as event: Yoast must be ACTIVATED on deploy (currently inactive on staging).

↪ /buildout Phase 14 — inc/seo-schema.php + _tools/schema-validate.py

✓ 6. Accessibility (ADA) (0/8)audit

○ Skip link present + functional

○ Image alt text complete

○ Color contrast AA (4.5:1 / 3:1)

○ Keyboard navigable (no traps)

○ Visible focus order

○ ARIA landmarks + labels

○ Form fields labelled

○ Heading hierarchy (no skips)

↪ /audit Phase 7 — WCAG 2.2 AA + Section 508 + ADA Title III

✓ 7. Performance (0/6)audit

○ LCP < 2.5s

○ INP < 200ms

○ CLS < 0.1

○ Page weight budget

○ Render-blocking resources

○ Image lazy-load + sizing

↪ /audit Phase 8 — Lighthouse + Core Web Vitals + page weight

✓ 8. SEO technical (0/6)audit

○ robots.txt correct

○ XML sitemap valid

○ Canonical tags

○ Redirects (no chains/loops)

○ Mobile-friendly

○ HTTPS enforced

↪ /audit Phase 9 — technical SEO

✓ 9. SEO on-page (0/6)audit

○ Title tags unique + lengthed

○ Meta descriptions

○ Heading structure

○ Image alt for SEO

○ Internal linking

○ E-E-A-T signals

↪ /audit Phase 9 — on-page SEO

✓ 10. AEO / AIO (0/5)audit

○ llms.txt present

○ AI-crawler stance (robots)

○ FAQ schema on /faq/

○ Direct-answer formatting

○ Topic clusters / entity coverage

↪ /audit Phase 10 — answer-engine / LLM readiness

✓ 12. Security posture (0/6)audit

○ TLS valid (not expiring <30d)

○ WP version not exposed

○ Login / brute-force hardened

○ XML-RPC disabled

○ REST user-enum blocked

○ 2FA available

↪ /audit Phase 11 — WP hardening

✓ 13. Privacy & compliance (0/5)audit

○ Cookie consent (EU)

○ Privacy policy present

○ CCPA notice

○ DSAR process

○ No PII leaks via REST

↪ /audit Phase 12 — GDPR / CCPA

✓ 14. Mobile / responsive (0/5)audit

○ Viewport meta

○ iOS 16px input (no zoom)

○ Touch targets >= 44px

○ No overflow-x

○ Hamburger nav works

↪ /audit Phase 13 — responsive

✓ 15. Cross-browser (0/5)audit

○ Chrome

○ Firefox

○ Safari

○ Edge

○ iOS Safari

↪ /audit Phase 13 — cross-browser smoke

✓ 18. i18n / l10n (0/4)audit

○ Strings translation-ready

○ lang attributes

○ hreflang (if multi-locale)

○ RTL handling (if needed)

↪ /audit Phase 15 — internationalization

✓ 19. Forms (0/6)audit

○ Gravity Forms configured

○ SMTP sending

○ Honeypot / spam

○ Validation

○ Accessibility

○ Deliverability

↪ /audit Phase 16 — forms

✓ 22. Code quality (0/6)audit

○ WPCS / PHPCS clean

○ ESLint clean

○ Stylelint clean

○ No console.log

○ No PHP warnings

○ No dead code

↪ /audit Phase 19 — code

✓ 23. Database (0/5)audit

○ Autoload bloat

○ Post-type hygiene

○ No orphan meta

○ Object cache

○ No slow queries

↪ /audit Phase 20 — database

✓ 27. Editor experience (0/5)audit

○ Customizer organized

○ Theme Options organized

○ ACF field-group organization

○ Role config

○ Image library tidy

↪ /audit Phase 23 — editor XP

✓ 28. Documentation (0/4)audit

○ README

○ CHANGELOG

○ Code comments

○ Client editor guide

↪ /audit Phase 24 — docs

✓ 30. UX states + microinteractions (0/7)audit

○ Focus states

○ Hover states

○ Loading states

○ Empty states

○ Error states

○ Success states

○ prefers-reduced-motion

↪ /audit Phase 26 — UX states

infra

✓ 11. Security headers (0/6)audit

○ HSTS

○ Content-Security-Policy

○ X-Frame-Options

○ X-Content-Type-Options

○ Referrer-Policy

○ Permissions-Policy

↪ /audit Phase 11 — ingress security headers (set at Traefik/ingress, not theme)

✓ 20. Media / CDN (0/6)audit

○ S3 offload (AS3CF)

○ CloudFront serving

○ WebP / AVIF

○ Lazy-load

○ Aspect ratios

○ No artifacts

↪ /audit Phase 17 — media pipeline

✓ 21. Email deliverability (0/4)audit

○ SPF

○ DKIM

○ DMARC

○ From-address consistency

↪ /audit Phase 18 — email DNS

✓ 24. Infrastructure (0/7)audit

○ EKS pod healthy

○ EFS mounts

○ DNS at NLB (public + private zones)

○ SSL not expiring <30d

○ CloudFront

○ WAF

○ Backups configured

↪ /audit Phase 21 — EKS platform

✗ 25. Analytics (0/5)audit

○ GA4 installed

○ Search Console verified

○ Tag Manager

○ Conversions tracked

○ Heatmap (if used)

↪ /audit Phase 22 — analytics

✓ 26. Monitoring (0/4)audit

○ StatusCake uptime

○ Grafana dashboards

○ Slack alerts

○ Uptime SLA

↪ /audit Phase 22 — monitoring

✓ 29. Build / Deploy (0/4)audit

○ GitLab CI green

○ Branch strategy (stable/main)

○ Env separation

○ Rollback path

↪ /audit Phase 25 — CI / CD

project tier · 4/4 green

spec

✓ 1. Editorial workflow (3/3)buildout-verify

✓ Editorial smoke test — wp-admin edit renders on front-end

✓ ACF schema parity — every layout has a module template

✓ No hardcoded page-*.php with literal copy

↪ /buildout Phase 3 — core patterns + editorial smoke test

✓ 4. Visual fidelity (1/1)screenshot-diff

✓ No silent visual regression (screenshot diff 375/768/1440) — Visual fidelity adjudicated by VISION across ALL 15 designed routes at 1440 desktop (the comps are desktop flats), live local build commit 366a52e rendered full-page via Playwright. Generated design|live|diff combined artifacts in /tmp/fidelity/ (band % + design_sha256 per route in results.json). Every route is a faithful 1:1 match — all sections present, correct order, correct module layout: home (anchor, home_sha=de8d330d4282), who-we-are/About Us, history (timeline complete), our-team (grid+accordions), faqs (filter+groups), news (press/videos/newsletters/annual reports), palliative-care (care-team+FAQ+form), camp-chameleon, grief-support, charitable-giving (two-col hero), thrift-shop, provider-community-education (VDT+speaker form), hospice-travel, events. NOTE: the comp file 'programs-BUILDOUT' actually depicts the Home Hospice page and matches LIVE /home-hospice/ at ratio 1.04 (1:1); the LIVE /programs/ route is a separate, legitimately shorter Programs hub (Our Programs list) — not missing content. screenshot-diff.py band %s are high (mean 33-76%) purely from the documented structural false-fail (pixel diff of tight flat vs reflowed responsive render + photographic content), NOT layout drift. No missing sections, no broken modules, no wrong imagery found. Mobile/responsive parity tracked separately under dim 14.

↪ /buildout Phase 3.5 + _tools/screenshot-diff.py + per-route contracts

✓ 16. Content quality (0/4)audit

○ No Lorem / Sample Page

○ No em-dashes / AI-tells / triplets

○ Content depth vs spec

○ Freshness / dates

↪ /audit Phase 14 — content

✓ 17. Brand consistency (0/5)audit

○ Logo correct

○ Colors match brand

○ Typography match

○ Spacing / layout system

○ Voice + tone

↪ /audit Phase 14 — brand

Audit

P0 0 · P1 0 · P2 3 · P3 0 — open P0 (gates LIVE): 0

Velocity vs target

QA passes	0	target 1
Fix-commit ratio	—	target 0.15
Gate-pass first run	—
Grade	—	target A-

Artifacts

Staging https://coastal-hospice-2026.coastal-hospice.staging.d3corp.com ↗ (basic-auth d3:d3)

Repo coastal-hospice/coastal-hospice-2026 ↗

Deploy config deploy-config/coastal-hospice/coastal-hospice-2026 ↗

Build container coastal-hospice_coastal-hospice-2026_stable

Screenshot triptychs (375/768/1440), stored audit PDFs, and the see.run proof pane need the S3 artifact layer — a later pass.

Open punch-list

[done] Report current gate status next → agent:buildout

[done] Gate 3 failing: Asset hygiene next → agent:buildout 🔒 auto

[done] Gate 4 failing: Visual fidelity next → agent:buildout 🔒 auto

[done] Gate 5 failing: Schema / structured data next → agent:buildout 🔒 auto

[done] Run /audit and report dimension results next → agent:buildout 🔒 auto

[done] Gate 6 failing: Accessibility (ADA) next → agent:buildout 🔒 auto

[done] Gate 7 failing: Performance next → agent:buildout 🔒 auto

[done] Gate 9 failing: SEO on-page next → agent:buildout 🔒 auto

[done] Gate 10 failing: AEO / AIO next → agent:buildout 🔒 auto

[done] Gate 11 failing: Security headers next → agent:buildout 🔒 auto

[done] Gate 12 failing: Security posture next → agent:buildout 🔒 auto

[done] Gate 13 failing: Privacy & compliance next → agent:buildout 🔒 auto

[done] Gate 16 failing: Content quality next → agent:buildout 🔒 auto

[done] Gate 20 failing: Media / CDN next → agent:buildout 🔒 auto

[done] Gate 21 failing: Email deliverability next → agent:buildout 🔒 auto

[todo] Gate 25 failing: Analytics next → agent:buildout 🔒 auto

[todo] Gate 29 failing: Build / Deploy next → agent:buildout 🔒 auto

[todo] Gate 30 failing: UX states + microinteractions next → agent:buildout 🔒 auto

Events

Jun 17 · 12:33eventdan

Run wrap-up.

Passed gates 9,10,11,12,13,16,20,21 (real fixes shipped: security-headers stopgap HSTS/CSP/Permissions-Policy single clean set; privacy-policy page backfill now 200 + in sitemap; email DNS SPF/DKIM/DMARC verified present).
Gate 29 build/deploy verified GREEN (CI static_gates+php_lint all success on stable+main, env separation, D3ploy rollback) - posted via audit-results.
Gate 25 analytics = DEFERRED to go-live ops per owner (needs client GA4 measurement ID + Search Console; install path documented).
Gate 11 prod hardening (Traefik ingress middleware) deferred to cutover; theme send_headers stopgap live on staging meanwhile.
Net: only dim 25 (analytics) remains red; launch-ready pending the analytics go-live step.

Jun 17 · 12:33gatesdan

Jun 16 · 22:54blockerdan

Gate 25 (Analytics): HUMAN PUNCH-LIST.

New Bedrock site has no analytics tag (no GA4/GTM/Clarity/Hotjar in HTML; no google-site-kit in composer).
Sub-items all need the client Google account: (1) GA4 property + measurement ID (G-XXXX), (2) Search Console verification (DNS TXT or HTML tag), (3) GTM container (optional), (4) conversion events (form submit/phone), (5) heatmap optional.
Once a GA4 measurement ID is provided, install path is a GTM/gtag snippet in the theme header (or wp-mail-smtp-style plugin) shipped via stable -> easily passable.
Cannot self-serve the property/ID.
Flagged for owner/ops.

Jun 16 · 22:53eventdan

step accepted: item-1781066371293-20

Jun 16 · 22:53gatesdan

Jun 16 · 22:52eventdan

step accepted: item-1781066371293-19

Jun 16 · 22:52gatesdan

Jun 16 · 22:51eventdan

step accepted: item-1781066371293-18

Jun 16 · 22:51gatesdan

Jun 16 · 22:50eventdan

step accepted: item-1781066371293-17

Jun 16 · 22:50gatesdan

Jun 16 · 22:44eventdan

step accepted: item-1781066371293-16

Jun 16 · 22:44gatesdan

Jun 16 · 22:43eventdan

step accepted: item-1781066371293-15

Jun 16 · 22:43gatesdan

Jun 16 · 13:03blockerdan

Gate 11 (security headers): live gap confirmed on staging = missing HSTS, CSP, Permissions-Policy + weak Referrer-Policy (present headers come from Solid Security plugin).

Correct fix (per owner decision) = per-site Traefik headers Middleware at the EKS ingress: stsSeconds 31536000/includeSubdomains/preload, CSP default-src self https data blob unsafe-inline unsafe-eval frame-ancestors self, referrerPolicy strict-origin-when-cross-origin, customFrameOptionsValue SAMEORIGIN, contentTypeNosniff, Permissions-Policy camera/mic/geo/payment/usb=().
Implemented as reviewable diff (conditional 2nd doc in shared ingress.yaml.j2 + security_headers flag in production.yml; zero blast radius).
BLOCKED on: (1) review of shared-template edit (~265 EKS sites), (2) prod EKS deploy, (3) cutover to verify live (staging uses conch-nginx, not Traefik, so it cannot reflect this).
Flagged as go-live/infra punch-list.

Jun 16 · 05:39eventdan

step accepted: item-1781066371293-14

Jun 16 · 05:39gatesdan

Jun 16 · 05:37eventdan

step accepted: item-1781066371293-13

Jun 16 · 05:37gatesdan

Jun 16 · 05:34eventdan

step accepted: item-1781065390707-7

Jun 16 · 05:34gatesdan

Jun 10 · 08:21eventdan

GO-LIVE PUNCH-LIST (dim 11 security headers): set HSTS (max-age=31536000; includeSubDomains; preload), CSP, X-Frame-Options SAMEORIGIN, X-Content-Type-Options nosniff, Referrer-Policy, Permissions-Policy at the EKS/Traefik ingress (not the theme).

Suppress nginx version.
Re-verify after the WP container is live behind the staging host.

Jun 10 · 08:21eventdan

GO-LIVE/CI PUNCH-LIST (dim 29 build): no composer.lock + all composer requires pinned to *.

composer is not installed on the build host; run composer update in CI/build env to pin + commit composer.lock for reproducible deploys.
Also consider CI-enforcing the LIVE post-deploy gates (currently a manual ansible-on-opal step) + a documented rollback.

Jun 10 · 08:21eventdan

GO-LIVE PUNCH-LIST (dim 25 analytics): no GA4/GTM + no Search Console on the build.

At go-live install GA4 (or GTM) gated by the consent banner (window.chConsent.onAccept), verify Google Search Console + submit sitemap_index.xml, and confirm GA4 anonymizes IP.

Jun 10 · 08:21eventdan

GO-LIVE PUNCH-LIST (dim 21 email): wp-mail-smtp is in composer but unconfigured.

At deploy, point it at an authenticated relay whose SPF/DKIM align with coastalhospice.org (M365/Barracuda) so Gravity Forms mail passes DMARC p=quarantine.
From-address on @coastalhospice.org.

Jun 10 · 08:21gatesdan

Jun 10 · 08:06eventdan

step accepted: item-1781066371293-12

Jun 10 · 08:06gatesdan

Jun 10 · 08:06eventdan

GO-LIVE PUNCH-LIST (dim 7/20 image weight): home page still 1.78MB after dropping FontAwesome.

The 3 home source JPGs >400KB (home-become-a-volunteer 595KB, home-donate-background 406KB, home-taste-the-finer-things 400KB) + other heavy assets in assets/img must be recompressed (~q82) / served as WebP-AVIF with srcset on the website-media.com CDN at deploy.
assets/img is the gitignored CDN source; in-place lossy recompression was deferred to the media pipeline per owner decision.
Add loading=eager + preload to the LCP image and srcset/sizes when CDN variants exist.

Jun 10 · 04:51eventdan

step accepted: item-1781066371293-11

Jun 10 · 04:51gatesdan

Jun 10 · 04:50gatesdan

Jun 10 · 04:39gatesdan

Jun 10 · 04:23eventdan

step accepted: item-1781064047149-6

Jun 10 · 04:22gatesdan

Jun 10 · 04:22eventdan

GO-LIVE/DEPLOY CAVEAT (dim 5 schema): wordpress-seo (Yoast) is a composer dependency in the shipped Bedrock stack and the theme augments its @graph, but staging currently has Yoast INACTIVE (emits zero JSON-LD/meta).

The deploy/seed must run wp plugin activate wordpress-seo (+ ACF Pro) for schema + meta to emit in prod.
Theme code validated correct locally with Yoast active (commit af6f820).

Jun 10 · 04:15eventdan

step accepted: item-1781064047149-5

Jun 10 · 04:14gatesdan

Jun 10 · 04:06eventdan

step accepted: item-1781064047149-4