Documentation
Sonnet 4.6 · Reverse-doc complete- Mapped 7 Cloud Functions, 5 frontend lib files, 3 routes; produced a Diátaxis-aligned `CONTEXT.md`.
- Identified 13 latent smells in the codebase pre-flagged for downstream audits (no `error.tsx` boundary, placeholder env vars, etc.).
- Confirmed a public marketing surface exists — added to scope of the site audit.
Hospitality
Opus 4.7 · Service 8/10 · Hospitality 3/10- Failed-state copy: "Audit not found" reads like a 404. Rewrite to acknowledge the user landed somewhere and offer a real next step.
- Post-payment journey is silent — no narrated wait, no founder voice note, no personalised email greeting.
- Landing page lacks welcome — opens with a form, not a hello.
Site quality
Sonnet 4.6 · Grade 2.5 / 5- AI-default purple palette; web/email colour systems diverge.
- Pricing hidden behind the quote form — friction + trust loss before commitment.
- No `og:image`, no sample, no social proof — credibility gaps for a launch.
Production-readiness
Opus 4.7 · 2 critical · 6 high · 5 medium- C1 — `audits/{id}` Firestore rule was `read: if true`, exposing PII to anyone who learned a ULID. Closed by owner-gated read.
- C2 — unauthenticated HTTPS callables had no abuse protection. Closed via Firebase App Check + a Firestore-backed rate limiter.
- No janitor for skills stuck in `queued` if enqueue fails post-webhook; no ops alerting on permanent skill failure.
Architecture depth
Opus 4.7 · 3 deepening candidates- Extract `bundleAudit` module from `consolidate-audit.ts` for testability + a future hook for Claude-synthesised summaries.
- Unify the skill-execution error type across `claude-runner` and `tasks/run-skill` so diagnostic detail survives retries.
- Skill registry "extension point" comment is misleading — make it honest about the three-file edit a new skill requires.
Design system
Sonnet 4.6 · Coming soon- This audit is in flight — Bleeq Audit will run the Nordic-design upgrade pass on its own codebase next, then this slot fills with the real findings.