What's new in GutIQ

Disposable-email blocklist + email typo detection

• Hardcoded blocklist of ~680 known disposable / throwaway email domains (mailinator, guerrillamail, yopmail, tempmail, 10minutemail families, plus the dollicons.com / minafter.com domains observed in a recent bot attack). Blocked at signup before any DB writes, captcha quota, or Twilio sends.
• Common email-typo detection: gmial.com → gmail.com, hotmial.com → hotmail.com, example.con → example.com, etc. Soft-rejected with a friendly "Did you mean X?" prompt so the user can retry rather than thinking the form is broken.
• Both blocked attempts and typo suggestions are logged with the email + IP so admin can spot patterns.
• Easy to extend: just add a domain to the map in internal/http/email_blocklist.go.

Per-IP signup rate limit

• Added a per-IP signup rate limit: max 2 signups per minute from the same IP. Configurable via the IP_SIGNUP_RATE_LIMIT_PER_MINUTE env var (set to 0 to disable, raise it to 10 or 30 if false-positives appear).
• Counts every signup_audit row in the past 60 seconds — including prior rate-limit rejections — so an attacker can't game the limit by hammering after their first reject.
• Storage failures fail open: a DB hiccup will not block legitimate signups.
• Bonus fix: getIPAddress() was returning IP:port from r.RemoteAddr; now strips the port. This fixes a hidden bug where every request looked like a different IP, defeating any per-IP logic.

Free learning quests are now publicly readable

• Hotfix: the public /learning landing page advertised "Free Learning Paths" but every card link redirected to login. Free quests are now genuinely public — anyone can read them without an account.
• Anonymous users see the same content with quiz interactions hidden behind a friendly "Sign up to take the quiz" prompt; the final card swaps the Complete button for a sign-up CTA.
• Premium quests still gate anonymous users at /auth/login (with a `next=` redirect so they land back on the quest after signing in).
• Logged-in users keep the existing progress + streak tracking; anonymous users skip those DB writes entirely.

Email forgot-password + dashboard verification nudge

• Forgot-password now supports both SMS and Email channels — users pick whichever they can receive. Both paths have independent rate limits and fail-open behavior; if one channel is degraded, users can switch to the other in one click without losing context.
• Successfully resetting a password via OTP now also auto-verifies that channel (since the user just proved they own it) — solves the unverified-user-can't-receive-OTP loop.
• Dashboard banner nudges unverified users to verify with a clear value prop: 'Verify your phone/email to unlock 3 reports'. Skipped for premium / practitioner / admin / legacy-unlimited users.
• Both desktop and mobile dashboards show the banner.

Verification is a soft gate; admin password reset

• Unverified users can now log in normally — the verification gate at login has been removed. Verification is now a soft gate that only kicks in when a user tries to generate their second report (the 1-report cap from Phase A is the actual security boundary).
• This solves the "stuck forever" trap where a user couldn't receive an OTP, couldn't log in, and couldn't even reset their password. They can now log in, browse, reset their password, and verify whenever they're ready.
• Admin: new "🔑 Reset Password" button on every user row in /admin/users. Modal lets an admin set a new password and (optionally, in the same action) mark the user's phone and/or email as verified — solves the common stuck-user support case in one click.
• Users get a security-notification email when an admin resets their password (no password in the email; admin shares it out-of-band). Alerts the user immediately if the reset wasn't theirs.

Captcha is now strictly fail-open — never blocks signups

• Hotfix: captcha will no longer block a signup under any condition. Empty token, expired token, low score, Google explicitly saying "this is a bot" — all flagged in the audit log, none reject the user.
• Bot defense is now entirely on the per-phone and per-recipient OTP rate limits, which kick in BEFORE Twilio is called.
• Real users were getting blocked when ad-blockers or mobile browsers prevented the reCAPTCHA token from being generated; this fix unblocks them.

Email verification (with phone-only fallback)

• Email + phone dual verification at signup, routed through Twilio Verify (the email channel uses SendGrid under the hood, but going through Twilio means our SendGrid quotas no longer choke verification email delivery).
• Email send is fail-open: if the Twilio email channel is degraded, signup continues with phone-only verification. The user's email_verified flag stays false but they get full access via phone — no friction added by the new step.
• Combined verify page now shows both code fields when email is pending; falls back to phone-only when it's not.
• Per-recipient rate limit (3/hour) extended to email channel — independent from the existing per-phone limit.
• Independent 60-second resend cooldowns for each channel.
• Admin dashboard splits SMS-degraded and Email-degraded into separate 24h counters so you can spot which Twilio channel is having problems.
• Schema: signup_audit gains email_status + email_error columns; otp_send_attempts gains a channel column ('sms' | 'email').

Signup reliability and cost protection

• Twilio fail-open: vendor outages no longer block signups — users still get a free trial report and verify their phone afterwards.
• Per-phone OTP rate limit (3/hour) to bound SMS spend even during traffic spikes or attacks.
• 3-report cap for verified users, 1-report cap for unverified users — existing users grandfathered with unlimited access.
• reCAPTCHA v3 integrated with strict fail-open semantics: a Google outage cannot block legitimate signups.
• Admin: new Unverified Users filter, one-click Verify button, and a vendor-health dashboard showing Twilio + captcha status at a glance.
• New /pricing page (stub) ahead of upcoming Stripe checkout integration.
• Production migration runbook authored for safe rollout to the live database.

PDF migration and pattern-specific SEO content

• Migrated report PDF generation from gofpdf to headless Chrome (chromedp). PDFs now include every report field including archetype, narrative opening, expanded overlays, and all premium content — fixing a long-standing gap where new fields were missing from PDFs.
• Enhanced SEO with foods-for-pattern landing pages across all 12 gut patterns.
• Enhanced SEO with supplements-for-pattern landing pages across 7 gut patterns.

Pattern landing pages + SEO foundation

• Enhanced SEO with 15 in-depth landing pages for all gut patterns and archetypes (75,000+ words of clinically-credible content).
• All world country codes added to the signup phone-number dropdown.
• Fixed report-download redirect bug and the share-link localhost bug.
• SEO content-quality rules and comprehensive internal-linking strategy documented.
• Planned 672 city-specific local SEO pages (84 cities × 8 templates) for future rollout.

Landing page redesign + SEO infrastructure

• Complete redesign of the landing page and all public-facing pages with an award-winning template.
• Critical bug fixes: chat widget crash, CSRF token handling, invisible text, CTA logic.
• SEO infrastructure: meta tags, sitemap, schema markup, gzip compression.
• Enhanced SEO with 200 blog articles across 8 topic categories (gut health, SIBO, leaky gut, IBS, FODMAP, and more).
• Comprehensive 1,182-page SEO plan with phased rollout schedule.
• Phone verification deadlock fix on login: unverified users now redirect cleanly to the verify page.

Premium reports + Dr. Sage + Onboarding

• Free report redesigned with new "AHA-factor" narrative content and GutIQ branding.
• Premium report expanded with 27 clinical-grade fields across all 14 gut patterns.
• Dr. Sage AI assistant introduced for personalized in-app guidance.
• Quiz-centric onboarding tour with 7 clearer steps.
• User feedback rolled in: gender/age profile fields, improved report clarity, session-handling fixes.
• SMS-based forgot-password flow via Twilio Verify.
• Public website content pages with enhanced navigation.

Quiz session reliability

• Fixed quiz reset bug that affected returning users.
• Comprehensive quiz session management improvements.
• Fixed admin report paywall bypass.
• Fixed shareable-link foreign-key error.

Premium upgrades + SMS-only verification

• Premium upgrade form with improved submission UX.
• Backend API support for content pages (replaces blank states).
• Expanded country-code support in signup.
• Comprehensive admin report management with view, download, and share.
• Switched to SMS-only verification flow via Twilio Verify, simplifying signup.

Admin platform + Email + Phone verification

• Comprehensive admin authentication and management system delivered across 7 implementation phases.
• Phone-number capture added to user signup.
• Real-time analytics dashboard with live user, quiz, and report data.
• Production admin setup tooling for non-interactive deployments.
• SendGrid email service powering contact forms and transactional notifications.
• Email verification with OTP and welcome email.
• Phone verification flow + Terms & Conditions acceptance step at signup.

Mobile + Consult Expert + Admin polish

• Mobile-friendly templates with server-side device detection — desktop experience unchanged.
• Quest card design significantly enhanced with rich imagery and visual treatments.
• Markdown parser fixes for properly rendered lists in quest content.
• Consult Expert feature introduced.
• Paywall gating for reports after the Overlay Signals section.
• Mobile menu and navigation fixes.
• Admin panel comprehensive dashboard + analytics enhancement.
• Comprehensive seeding documentation and test-user fixtures.

Landing page + Learn tab + Quests

• Landing page transformed into an ultra-premium clinical-platform aesthetic.
• Floating chat widget added across the site.
• Auto-sliding testimonials and product-showcase section.
• Learn Tab with full educational-quests system.
• Quest navigation wired up with chi URL parameters and template fixes.
• Comprehensive future development roadmap published.

GutIQ v2 quiz + AI assistants

• GutIQ v2 quiz introduced — 48 questions on a 0-4 frequency scale, with auto-save and resume.
• Gigi: interactive in-quiz assistant to improve completion rates.
• Flora: chat assistant for daily logs.
• AI Assistants (Agents) feature with human avatars across the product.
• Auto-fill default times for meal types and default food items.
• Core Gut Type promoted to PRIMARY report section (Doctor Archetype Layer).
• Dashboard chart tooltips show full pattern names.
• Food nutrition display and daily-log edit functionality.

Reports + home + daily log

• Reports tab and dedicated home page introduced.
• Enhanced check-in button on the homepage.
• Ability to log directly from the homepage.

Initial project

• First working project commit with foundational architecture.
• Major iterative changes to lock in the core platform shape.