fix(website): audit sweep (legal, docs, rendering, accuracy)

[ascender1729]

Follow-up to PR #61. Addresses findings from four parallel audits (legal/business/confidential, docs rendering, paper vs website cross-check, blog/docs completeness).

15 files changed, 18 items fixed

P0

• Docs sidebar: 6 guides + 1 reference page were missing from meta.json and are now restored.
• /sbom page softened to match reality (no CycloneDX promise we cannot keep).
• NB-0482 TUV Sud mock replaced with 'NB-XXXX Your certified auditor' across atx-data, console fixtures, hero cert.
• Hero cert has an explicit 'illustrative / not a real certificate' row.
• /security ATX-* IDs clarified as internal tracking IDs; upstream CVE link now points at the upstream advisory index.
• Pricing Enterprise tier drops binding SLA language.
• Standards strip: dropped IEEE 7000, ISO/IEC 42001, ERC-8004 (not implemented per paper); added RFC 8785, RFC 6962, GDPR Article 17.
• VC issuance benchmark aligned to paper (17 ms median, was 3.2 ms).

P1

• Consent hardening: testimonial detail/question/askedBy fields removed from public repo. Only rendered fields remain.
• Rishabh Pathak company anonymised to 'Major US airline'.
• Mermaid palette switched from indigo to atx tokens; diagrams now match v2 design across all 13 docs pages that embed them.
• Sidebar folder selector widened for Fumadocs v15.8 DOM variants.
• Docs nav title switched from serif to sans for consistency with docs body.

P2

• Enforcement banner qualified (main wave, high-risk, Aug 2, 2026).
• BibTeX migrated from @Article to @online until formal publication.
• Console fixture issuers renamed from 'VibeTensor ' to 'Example '.
• Compliance checker results show top-of-page educational disclaimer.

Deferred

• Paper itself needs a separate update (v0.2.0 to v0.3.0).
• New blog posts (Base L2 testnet milestone, framework integrations GA) when natural.

Verified

• Clean next build on main-derived branch.
• Every meta.json page exists on disk.
• No em/en/double-hyphen violations.
• 5 named testimonials retained, detail fields scrubbed.

Summary by CodeRabbit

Release Notes

• New Features

  • Added six new documentation guides: EU Compliance Walkthrough, LangChain, OpenAI Agents SDK, CrewAI, Offline Verify, and Base L2 Anchor integration
  • Added MCP Tools reference documentation

• Documentation

  • Enhanced legal disclaimer on compliance checker tool clarifying educational use
  • Updated security disclosures with tracking references and upstream CVE tracking

• Improvements

  • Updated enforcement timeline with specific dates and risk categorization
  • Improved demo data with generic examples
  • Enhanced diagram theming and styling
  • Updated performance metrics for VC issuance

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key(s) in object: 'ignore'

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

📝 Walkthrough

Walkthrough

Website content and configuration updates across documentation indexing, security disclosures, compliance guidance, pricing features, testimonials, example data placeholders, standards references, Mermaid visualization styling, and hero banner text. No significant control flow modifications.

Changes

Cohort / File(s)	Summary
Documentation Indexing website/content/docs/guides/meta.json, website/content/docs/reference/meta.json	Added six new guide page slugs and one reference page slug to respective pages arrays for index discovery.
Research & Publication Metadata website/content/research-paper.mdx	Updated BibTeX citation from @article to @online type; added organization name and URL; appended note about future formal publication replacement.
Compliance & Legal Guidance website/src/app/(marketing)/demo/compliance-checker/step-result.tsx	Added top-of-page legal advisory callout clarifying that the classification tool is educational only and does not replace qualified EU AI Act legal counsel.
SBOM Documentation website/src/app/(marketing)/sbom/page.tsx	Updated metadata description and page copy to reference v0.3.0 release pyproject.toml and clarify CycloneDX artifact availability; changed external link target from releases page to main branch source.
Security Disclosures website/src/app/(marketing)/security/page.tsx	Added reference field to disclosure entries (null for internal ATX-* IDs; upstream advisory URL for PyJWT); clarified that ATX-* values are internal tracking IDs, not CVEs; updated PyJWT title to generic label.
UI Typography & Sidebar Styling website/src/app/docs/layout.tsx, website/src/app/globals.css	Reduced navigation title font size/weight (18px → 15px, serif → semibold); expanded CSS sidebar selectors to support multiple DOM markup structures for folder section labels.
Mermaid Diagram Configuration website/src/components/mermaid.tsx	Switched theme from "dark" to "base"; extracted hardcoded color values into PALETTE constant; updated font family to var(--font-sans) with fallback; aligned container classes to custom design tokens (rounded-atx-md, border-atx-line-soft, bg-atx-bg-sunken, text-atx-ink-dim).
Marketing Hero Components website/src/components/sections/v2/hero-cert.tsx, website/src/components/sections/v2/hero-v2.tsx	Added "illustrative · not a real certificate" label row to sample certificate display; expanded enforcement timeline messaging with specific date (Aug 2, 2026) and high-risk systems qualifier.
Benchmark Data website/src/components/sections/v2/benchmarks.tsx	Updated "VC issuance end-to-end" benchmark value from 3.2 to 17; refined detail description; adjusted spark series metrics accordingly.
Example Data Placeholders website/src/lib/atx-console-data.ts	Replaced five "VibeTensor" branded issuer names with generic "Example" variants across agent console sample data (Health Provider, Logistics Corp, Talent Services, Financial Services, Legal Services).
Standards & Certificate Sample Data website/src/lib/atx-data.ts	Added RFC standards (8785 JSON canonicalization, 6962 Merkle trees) and GDPR Article 17 erasure to ATX_STANDARDS; removed IEEE 7000 and ISO/IEC 42001 entries; updated notified body example from NB-0482 · TÜV SÜD to NB-XXXX · Your certified auditor placeholder.
Pricing & Testimonials Configuration website/src/lib/config.tsx	Updated "Enterprise" pricing features (support/deployment/audit → priority email/assistance/collaboration); simplified testimonial highlights by removing internal GTM fields (askedBy, question, detail) and generalizing context/event/venue values; updated one company reference to generic "Major US airline".

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(website): v2 revamp - editorial design, /console, 5 new routes, per-framework docs #61 — Introduces the same new documentation pages (eu-compliance-walkthrough, langchain, openai-agents-sdk, crewai, offline-verify, base-l2-anchor, mcp-tools) and updates matching docs metadata, indicating coordinated documentation refresh.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately captures the main theme of the changeset: a comprehensive audit sweep addressing legal disclaimers, documentation updates, rendering improvements, and factual accuracy across the website.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/audit-sweep-2026-04-20

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying attestix with    Cloudflare Pages

Latest commit:	5fc7715
Status:	✅  Deploy successful!
Preview URL:	https://039fb0a0.attestix.pages.dev
Branch Preview URL:	https://fix-audit-sweep-2026-04-20.attestix.pages.dev

View logs