# RentalDriveGo Web Multilingual public website and lead-capture boundary for RentalDriveGo, a SaaS operating platform for rental-car companies. This repository contains the Phase 15 release-readiness candidate. It includes the Phase 14 homepage and integration layer, Phase 15 hardening fixes, dependency-free validation, and a structured evidence package. It is **not approved for production release**. ## Current release recommendation **Not ready for Phase 16.** The Phase 15 review fixed four repository defects and the current dependency-free validation passes, but the pinned clean installation and the dependency-backed, browser, assistive-technology, performance, deployment, and rollback gates were not executable in the supplied validation environment. Production business, legal, content, destination, vendor, credential, observability, and operational approvals also remain open. Do not convert a blocked test into a pass merely because a spreadsheet would look friendlier. That is how defects acquire release notes instead of fixes. ## Implemented product scope - English, French, and Arabic locale-prefixed routes - server-rendered `lang` and document-level LTR/RTL direction - light, dark, and system themes with CSP-compatible pre-paint handling - responsive public homepage and reusable component system - localized demo dialog and client/server form validation - `/api/demo` submission boundary with exact JSON media-type validation - safe deterministic development and test adapters - typed destination, environment, feature-flag, consent, analytics, and integration contracts - privacy-safe analytics allowlists and redaction controls - timeout, failure normalization, idempotency, duplicate, and abuse-control foundations - localized metadata, canonical, reciprocal `hreflang`, Open Graph, robots, and pending-destination behavior - unit, integration, browser, accessibility, visual, and failure-simulation test definitions - Phase 15 defect, command, risk, release-gate, and evidence records The repository intentionally does not activate unapproved production CRM, scheduler, email, analytics, consent, login, pricing, legal, hosting, DNS, monitoring, or production credential configuration. ## Required runtime - Node.js `24.17.0` - pnpm `11.9.0` - Next.js `16.2.9` - React `19.2.7` Use the exact versions in `.node-version`, `.nvmrc`, `package.json`, and `pnpm-lock.yaml`. Do not rewrite the lockfile during release validation. ## Clean setup ```bash corepack enable corepack prepare pnpm@11.9.0 --activate pnpm install --frozen-lockfile cp .env.example .env.local ``` Development routes: - `/en` - `/fr` - `/ar` Root `/` redirects using the locale cookie, then `Accept-Language`, then English. ## Required validation sequence Run the complete sequence on the pinned toolchain from a clean checkout: ```bash pnpm install --frozen-lockfile pnpm validate pnpm validate:phase15 pnpm format:check pnpm lint pnpm typecheck pnpm test:unit pnpm test:integration pnpm test:security pnpm test:privacy SITE_ORIGIN=https://approved-non-production.example \ PUBLIC_RELEASE_APPROVED=false \ pnpm build pnpm test:browser pnpm test:a11y pnpm test:visual pnpm test:e2e pnpm audit --audit-level low pnpm manifest:generate pnpm validate:package ``` Browser, accessibility, visual, performance, deployment, rollback, and human review must use the matrices and evidence requirements under `docs/phase15`. Visual baselines require manual review; a stable screenshot can still be a stable defect. ## Release safety `PUBLIC_RELEASE_APPROVED` defaults to `false`. While false, pages emit `noindex` and `robots.txt` disallows crawling. Before release: - close or explicitly approve every Critical and High release blocker through an accountable owner; - complete pinned clean-install, build, unit, integration, browser, accessibility, visual, performance, deployment, rollback, and smoke evidence; - approve final claims, copy, legal content, destinations, vendors, consent, analytics, credentials, assets, and operational ownership; - rerun targeted Phase 15 regression after any Phase 16 change affecting components, routing, validation, data handling, consent, analytics, integrations, accessibility, RTL, theme, or performance-critical assets. ## Phase 15 evidence Start here: - Implementation report: `docs/PHASE_15_IMPLEMENTATION_REPORT_v1.0.md` - Final recommendation: `docs/phase15/FINAL_RELEASE_RECOMMENDATION_v1.0.md` - Phase 16 handoff: `docs/PHASE_16_HANDOFF_v1.0.md` - Command matrix: `docs/phase15/COMMAND_MATRIX_v1.0.csv` - Defect register: `docs/phase15/DEFECT_REGISTER_v1.0.csv` - Release-gate matrix: `docs/phase15/RELEASE_GATE_MATRIX_v1.0.csv` - Risk-acceptance register: `docs/phase15/RISK_ACCEPTANCE_REGISTER_v1.0.csv` - Updated cumulative issue register: `docs/IMPLEMENTATION_ISSUE_REGISTER_v1.5.csv` - Updated decision log: `docs/DECISION_LOG_v15.0.md` - Static audit evidence: `docs/quality/PHASE_15_STATIC_AUDIT_RESULTS_v1.0.md` - File-change inventory: `docs/quality/PHASE_15_FILE_CHANGES_v1.0.txt` - Package manifest: `PHASE_15_PACKAGE_MANIFEST_v1.0.json` Historical Phase 9 through Phase 14 records remain in `contracts` and `docs`. They are useful traceability inputs, not substitutes for current Phase 15 execution evidence. ## Contribution rules See `CONTRIBUTING.md`. Do not modify immutable Phase 9 contracts, hide failures with broad suppressions, commit real lead data, or activate production integrations without the approvals and regression required by the Phase 16 handoff. ## Phase 16 release status Phase 16 review status: **Launch aborted before deployment**. Dependency-free validation passed, but exact-toolchain, dependency-backed, browser, human, legal, operational, infrastructure, and production gates remain blocked. See `docs/PHASE_16_IMPLEMENTATION_AND_LAUNCH_REPORT_v1.0.md` and `docs/phase16/FINAL_LAUNCH_STATUS_v1.0.md`.