Skip to content

Route-Share Launch Gates

Issue: #1046. Parent: #1041.

The reset is a hard cutover. Do not start the destructive old-route wipe (#1047) until these gates are live, deployed, and visible in post-deploy traffic.

Required Gates

  1. Local e2e: imperfect-cli route-share-devstack up --smoke, then imperfect-cli route-share-e2e --live ... against localhost.
  2. Preview e2e: the same route-share e2e command against preview HTTPS URLs.
  3. Real Garmin smoke: imperfect-cli route-garmin-probe --no-dry-run against a generated route page using local Alice's Garmin dev credentials and ngrok callback. Success requires a real course_id plus bounded course URL availability.
  4. Android app-installed smoke: run the Garmin Android app verification from looking-glass#201. OAuth authorization must stay in browser web consent; final Garmin course links may still open the installed app.
  5. Reused-course smoke: resend a route that already has a local RouteSendCourse row. #1068 must verify provider-side reuse and recreate only when Garmin proves the course is missing.
  6. Real WhatsApp unfurl smoke: send an actual route option through WhatsApp and verify the large preview card still appears, no separate HD PNG media is attached, and the image has no baked-in text.
  7. Watch deploy: after each service merge, run the Render + Logfire watch-deploy check and record traffic/errors on the PR.
  8. Rollback point: if route-page loads, route-send callbacks, Footman delivery, or Garmin course creation regress in post-deploy spans, stop before #1047 and restore the previous service versions.

Telemetry Contract

  • Looking Glass owns route-page first HTML/render timing, manifest/GeoJSON/JPG fetch timing, 404/410 rates, slug redirect rates, and cache/offline mode.
  • imperfect-api logs route bundle fetch evidence when route-send and Garmin probes resolve a bundle: manifest/GeoJSON/GPX/JPG status, content type, byte count, fetch timing, asset count, offline hints, localized overlay size when present, and forbidden-field counts.
  • RouteCourseService spans distinguish fresh_create, reused, and stale_reuse_replacement, and include the local course row status, course_id, reuse verification status, provider target status, and stale replacement marker.
  • Route-send spans cover Alice exchange, permission classification, course create/reuse, final response surface, and failure class.
  • Footman/WhatsApp bridge logs distinguish queue admission, link preview requested/accepted/rendered evidence when Footman returns it, media presence, and route-share context without logging route URLs or message text.
  • Cheshire/browser route spans expose aggregate budgets: generated option count, preview render count/duration, public bundle byte total, and route option WhatsApp message count. route_share_generated_options_budget derives from the route-option delivery cap, and route_share_whatsapp_messages_budget is that cap plus the final summary message.
  • Candidate artifact telemetry flags forbidden public artifact kinds through candidate_forbidden_artifact_*. Any png, map_png, or svg entry means the reset is drifting back toward legacy high-resolution PNG/SVG delivery and must be fixed before #1047.

Fake Chat Boundary

The fake chat harness proves payload shape and page OG contract: separate replyable route-option messages, a visible route-page link, a first-party preview.jpg, model-authored option prose that does not duplicate the preview card, no heavy media attachment, and no text baked into preview images. It does not prove WhatsApp's proprietary crawler, cache, or final card rendering. The real WhatsApp unfurl smoke is the launch gate for that behavior.