COASTAL COMMAND - TODO LIST Last Updated: January 26, 2026 Development Environment: dev23cc1.coastalcommandfl.com ================================================================================ OVERALL STATUS: 95% Complete - Production Ready (pending Stripe configuration) ================================================================================ [X] EVAL AND VALIDATE ALL PAGES AND LINKS AFTER FOLDER RESTRUCTURE - COMPLETED - Fixed Auth.php redirect (admin.php -> /) - Fixed customer/customers.php admin link (now uses admin subdomain URL) - Added URL constants to config.php (SITE_URL, ADMIN_URL, CUSTOMER_URL, API_URL) - Updated admin/index.php - 40+ API fetch calls now use API_URL constant - Updated customer/index.php - API fetch calls now use API_URL constant - Updated api/index.php CORS origins for all subdomains - Updated test files (API_TEST.php, webhook-test.php) with new API URL - Verified Stripe webhook: api.coastalcommandfl.com/stripe-webhook.php - Verified Twilio webhook: api.coastalcommandfl.com/twilio-webhook.php ================================================================================ CRITICAL - BLOCKING PRODUCTION ================================================================================ [ ] STRIPE PRICE IDS - BLOCKING CUSTOMER SIGNUPS - Go to Stripe Dashboard -> Products - Create recurring Price for each service plan (monthly, quarterly, annual, one-time) - Copy Price ID (starts with price_) - Run SQL to update services table: UPDATE services SET stripe_price_id = 'price_xxxxxxxxxxxxx' WHERE service_id = 1; - Repeat for all service plans - Without this, checkout flow will fail [X] CREATE ADMIN USERS - COMPLETED - 4 admin users exist: * admin@coastalcommandfl.com (admin, active) * keith@coastalcommandfl.com (admin, active, last login 2026-01-25) * joe@coastalcommandfl.com (admin, pending) * caralyn@coastalcommandfl.com (business_user, pending) ================================================================================ HIGH PRIORITY - PRE-PRODUCTION ================================================================================ [ ] GEMINI API QUOTA - CHATBOT NOT WORKING - Error: 429 "RESOURCE_EXHAUSTED" - quota exceeded - Go to: https://ai.google.dev/gemini-api/docs/rate-limits - Options: a) Wait for quota reset (free tier resets daily/monthly) b) Enable billing on Google AI Studio to increase limits c) Check usage at: https://ai.dev/rate-limit - Current API key stored in: system_config table (coastalcommandfl_KEY) - Fallback message added to chat.php when quota exceeded [X] VERIFY EMAIL LINKS - COMPLETED - Checked mail-helper.php - no admin.php references found - All references use correct /index.php paths [ ] GEOCODE EXISTING CUSTOMERS (2 customers, 0 have GPS) - Login to admin -> Settings page - Click "Geocode All Customers" - Wait for completion - Required for route optimization to work properly [ ] TEST COMPLETE CUSTOMER SIGNUP FLOW (Blocked by Stripe Price IDs) - Visit /signup/ and fill form - Complete Stripe checkout (test card: 4242 4242 4242 4242) - Verify customer record created in database - Check email received with password setup link - Click link and set password - Verify auto-login to customer portal - Test customer portal dashboard access [ ] TEST WEBHOOKS - Test Stripe webhook with test payment - Verify customer auto-created - Test Twilio webhook (call (850) 818-8318) - Verify IVR menu works ================================================================================ DATABASE STATUS (as of Jan 25, 2026) ================================================================================ - Admin Users: 4 (2 active, 2 pending) - Customers: 2 (0 geocoded) - Service Zones: 6 (FL Panhandle) - Routes: 2 - Orders: 0 - Subscriptions: 0 - Services: 8 defined (ALL MISSING STRIPE PRICE IDS) - Content Sections: 30 active ================================================================================ PRODUCTION DEPLOYMENT CHECKLIST ================================================================================ DNS CONFIGURATION: [ ] Point coastalcommandfl.com to production server [ ] Configure CNAMEs for subdomains: - admin.coastalcommandfl.com - customer.coastalcommandfl.com - api.coastalcommandfl.com DONE dig -t A admin.coastalcommandfl.com +short coastalcommandfl.com. 165.245.140.104 keith@cc1:/var/www/html/DEVELOPMENT$ dig -t A api.coastalcommandfl.com +short coastalcommandfl.com. 165.245.140.104 keith@cc1:/var/www/html/DEVELOPMENT$ dig -t A customer.coastalcommandfl.com +short coastalcommandfl.com. 165.245.140.104 SSL CERTIFICATES: [ ] Obtain wildcard cert for *.coastalcommandfl.com or SANs cert [ ] Update Apache VirtualHost configs with new cert paths [ ] Verify HTTPS works on all subdomains DONE SSLCertificateFile /etc/ssl/certs/coastalcommandfl.com/fullchain_coastalcommandfl_com.pem SSLCertificateKeyFile /etc/ssl/private/coastalcommandfl.com/_.coastalcommandfl.com.key STRIPE PRODUCTION: [ ] Switch from Test Mode to Live Mode [ ] Update Stripe API keys in database (system_config table) [ ] Update webhook URL to production: https://api.coastalcommandfl.com/stripe-webhook.php [ ] Add checkout.session.completed event to webhook TWILIO PRODUCTION: [ ] Update Twilio webhook URL to production [ ] Test phone number forwarding [ ] A2P 10DLC Registration - Required for SMS delivery to US carriers - Register brand at: Twilio Console -> Messaging -> Regulatory Compliance - Register campaign (use case: Customer Care / Notifications) - Link phone number to campaign - Without this, SMS replies may be filtered/blocked by carriers EMAIL CONFIGURATION: [ ] Verify Gmail API works in production [ ] Test all automated emails (signup, password reset, welcome) [ ] Configure SPF/DKIM records for better deliverability SECURITY HARDENING: [ ] Change all database passwords [ ] Restrict admin access by IP (optional) [ ] Enable fail2ban or similar [ ] Set up automated backups [ ] Configure log rotation ================================================================================ NOT YET IMPLEMENTED - FUTURE FEATURES ================================================================================ [X] GOOGLE ANALYTICS - COMPLETED (G-KYTYXVZ1NW) - Added to: public/index.php (main site) - Added to: signup/index.php - Added to: public/privacy/index.php - Added to: public/terms/index.php - Conversion tracking: Can configure in GA dashboard [X] AI CHAT BOT - COMPLETED (Gemini-powered) - Custom AI chat widget built - Backend: api/chat.php (uses Gemini API) - Frontend: public/js/chat-widget.js - Added to: public/index.php, signup/index.php - Knowledge base: Services, pricing, FAQs, business info - No notifications - AI handles queries, directs to phone/email when needed [ ] CONTACT/SUPPORT FORM - Create website contact form - Connect to messages system in admin - Options: a) Convert quote inquiries to message threads b) Create simple contact form posting to send_message API c) Integrate Twilio SMS to create message threads [ ] GOOGLE PLACES ADDRESS AUTOCOMPLETE - SIGNUP FORM - Add address autocomplete to /signup/ form for better UX - Requires Google Cloud API key with Places API enabled - Steps: a) Go to Google Cloud Console -> Create/select project b) Enable "Places API" c) Create API key (restrict to coastalcommandfl.com domains) d) Add Google Places JS library to signup/index.php e) Initialize autocomplete on address field f) Optionally restrict to Florida addresses only - Free tier: $200/mo credit (~10K autocomplete requests) - File to modify: /signup/index.php (line 385-386) ================================================================================ HIGH PRIORITY - EMPLOYEE & AUTOMATION ================================================================================ [ ] AUTOMATED FOLLOW-UPS SYSTEM - IN PROGRESS - Post-service review request emails (Google/Facebook links) - Overdue invoice reminder sequence (3, 7, 14 days) - Monthly service reminder for recurring customers - Inactive customer re-engagement (90 days) - Quote follow-up automation (3 days, 7 days) - Uses: Gmail API (email), Twilio (SMS), Cron jobs - Database tables: automated_messages, message_templates, message_log [ ] EMPLOYEE PORTAL (Operational Data Only - NO PII) - Employee login system (separate from customer/admin) - Database: employees table (name, email, phone, role, hire_date) - Schedule viewing (assigned routes/days) - Time clock / timesheet entry - Route assignments for the day - PTO request submission - Company document access (handbook, training) - NOTE: Bank info, SSN, tax forms handled by Gusto - NOT stored locally [X] TWILIO AI VOICE BOT (Like Chatbot but Phone) - COMPLETED - Created: api/twilio-voice-ai.php - Hybrid IVR + AI: Callers can press buttons OR speak naturally - Speech-to-text → Gemini → Text-to-speech - Uses same knowledge base as web chatbot (chatbot_knowledge table) - Automatic fallback to voicemail if AI fails or no answer - Voicemails saved to message_threads table - To activate: Update Twilio webhook URL to: https://api.coastalcommandfl.com/twilio-voice-ai.php [X] TWILIO AI SMS BOT - COMPLETED - Created: api/twilio-sms-ai.php - Receives incoming SMS and responds with AI-powered answers - Uses same Gemini API and knowledge base as chatbot/voice bot - Optimized for SMS length (keeps responses concise) - Tracks conversation history for context - Logs all conversations to sms_conversation_log table - Handles opt-out keywords (STOP, UNSUBSCRIBE, etc.) - To activate: Set Twilio "A message comes in" webhook to: https://api.coastalcommandfl.com/twilio-sms-ai.php [ ] GUSTO INTEGRATION - API integration for timesheet sync from Employee Portal - Employee onboarding link generation - Payroll status visibility in admin dashboard - Documentation: https://docs.gusto.com/ [ ] AI MARKETING SUITE (Lower Priority) - Email campaign builder with templates - SMS campaign manager (Twilio bulk with opt-out) - Referral code system with credit tracking - AI-generated social media posts (Gemini) - Review request automation (part of follow-ups) ================================================================================ OPTIONAL ENHANCEMENTS (LOW PRIORITY) ================================================================================ CUSTOMER PORTAL CONTENT: [ ] Add upcoming service schedule to dashboard [ ] Add service history with dates [ ] Add payment history and invoices [ ] Add profile editing (address, phone, bins) [ ] Add subscription management (pause, cancel, upgrade) [ ] Add support ticket creation DRIVER MOBILE APP (PWA): [ ] Mobile-optimized route display [ ] GPS tracking during service [ ] Mark stops as completed [ ] Upload before/after photos [ ] Real-time progress updates [ ] Offline capability REAL-TIME UPDATES (WEBSOCKET): [ ] Live route progress tracking [ ] Customer ETA notifications [ ] Admin dashboard live updates [ ] Driver location tracking on map [ ] Technology: Pusher or similar ANALYTICS DASHBOARD ENHANCEMENTS: [ ] Revenue charts and trends [ ] Customer acquisition metrics [ ] Service completion rates [ ] Geographic heat maps [ ] Churn analysis MARKETING FEATURES: [ ] Referral program tracking [ ] Discount codes/coupons [ ] Email marketing campaigns [ ] Customer retention automation [ ] Review request automation ================================================================================ COMPLETED FEATURES (for reference) ================================================================================ [X] Multi-Subdomain Architecture (admin, customer, api, public) [X] Database Architecture (25+ tables, CMS, service zones) [X] Security Implementation (Twilio/Stripe webhook validation, bcrypt, prepared statements) [X] Admin Dashboard (AJAX, all features working) [X] Customer Portal (signup flow, login, password setup) [X] Route Optimization (OSRM integration) [X] Service Area Zones (6 FL Panhandle zones) [X] Payment Integration (Stripe test mode - needs Price IDs) [X] Communication Integration (Gmail API, Twilio IVR) [X] Content Management System (all website content in DB) [X] Legal Pages (Terms of Service, Privacy Policy - CMS managed) [X] Directory Structure (organized for production) [X] Responsive Design (mobile-friendly) ================================================================================ KNOWN ISSUES (NON-CRITICAL) ================================================================================ [X] admin.php references - FIXED (all updated to use subdomain URLs) [X] SSL certificates - DONE (wildcard cert configured) - OSRM public API rate limits (self-host for production if needed) - Nominatim geocoding rate limit 1/second (handled with rate limiting) ================================================================================ CONTACT INFO ================================================================================ Business: Coastal Command Bin Cleaning FL Phone: (850) 818-8318 Email: info@coastalcommandfl.com Address: 1016 Thomas Drive, PMB 327, Panama City Beach, FL 32408 Service Area: Florida Panhandle (Fort Walton Beach, Destin, Niceville, Crestview, Panama City Beach) ================================================================================