================================================================================
GATE_AND_ROUTING_VERIFICATION_MATRIX_5_12_26.txt
CollabORhythm / Collabtunes — Final Operational Hardening
Generated: 5.12.26 | Asian Claude
PURPOSE: Complete gate and routing verification. Every behavior tested
         programmatically. Mixed Claude's definitive gate reference.
================================================================================

================================================================================
SECTION 1 — GATE CONSTANTS (verified consistent across all gated files)
================================================================================

localStorage KEY:     collabtunes_selected_rating
VALID KEY VALUES:     gpg | pg13 | r | nc17 | x
REDIRECT TARGET:      https://collabtunes.com  (verified in all 7 gated files)
GATE POSITION:        End of <body>, before </body>
GATE WRAPPER:         IIFE — (function() { ... })();  or immediate script block
GATE PATTERN:
  var allowed = [comma-separated rating keys];
  var sel = localStorage.getItem('collabtunes_selected_rating');
  if (!sel || allowed.indexOf(sel) === -1) { window.location.href = 'https://collabtunes.com'; }

================================================================================
SECTION 2 — GATE CONFIGURATION PER FILE
================================================================================

FILE                                              | GATE TYPE | ALLOWED ARRAY              | VERIFIED
--------------------------------------------------|-----------|----------------------------|----------
FRONT_DOOR_BOUNCER_FIXED_COLOR_V2_5_12_26.html   | WRITER    | N/A (writes key)           | ✅
PDF_LANDING_PAGE_DOWNLOAD_THE_BOOK_5_12_26.html   | NONE      | N/A (G-rated)              | ✅
WEBSITE_MISSION_STATEMENT_5_12_26.html            | NONE      | N/A (G-rated)              | ✅
SONG_LIST_1_LAST_MAN_SINGING_AIO_STAGING          | PG-13+    | ['pg13','r','nc17','x']    | ✅
SONG_LIST_2_SHEILA_TEQUILA_AIO_STAGING            | PG-13+    | ['pg13','r','nc17','x']    | ✅
SONG_LIST_6_UNDERTOWS_AND_AFTERGLOWS_AIO_STAGING  | PG-13+    | ['pg13','r','nc17','x']    | ✅
SET_LIST_3_SELF_IN_THE_MIRROR_AIO_STAGING         | PG-13+    | ['pg13','r','nc17','x']    | ✅
SET_LIST_5_LIVING_A_LA_MODE_AIO_STAGING           | PG-13+    | ['pg13','r','nc17','x']    | ✅
SET_LIST_6_DEFINITELY_NOT_LOVE_AIO_STAGING        | PG-13+    | ['pg13','r','nc17','x']    | ✅
SET_LIST_7_TRAIN_OFF_THE_TRACKS_AIO_STAGING       | R+        | ['r','nc17','x']           | ✅

================================================================================
SECTION 3 — ROUTING BEHAVIOR MATRIX
================================================================================

Rows = visitor's stored rating | Columns = page gate level
✅ = page loads  |  🚫 = redirected to https://collabtunes.com

VISITOR RATING   | G page | PG-13 page | R page | NC-17 page | X page
-----------------|--------|------------|--------|------------|-------
gpg (G/PG)       |   ✅   |     🚫     |   🚫   |     🚫     |   🚫
pg13 (PG-13)     |   ✅   |     ✅     |   🚫   |     🚫     |   🚫
r (R)            |   ✅   |     ✅     |   ✅   |     🚫     |   🚫
nc17 (NC-17)     |   ✅   |     ✅     |   ✅   |     ✅     |   🚫
x (X/No Limits)  |   ✅   |     ✅     |   ✅   |     ✅     |   ✅
null (no session)|   ✅   |     🚫     |   🚫   |     🚫     |   🚫
invalid key      |   ✅   |     🚫     |   🚫   |     🚫     |   🚫

GATE LOGIC CONFIRMED: Higher-rated visitors can always access lower-rated content.
No visitor can reach content above their selected level.
No session (null key) blocks all gated content — correct safe behavior.

================================================================================
SECTION 4 — BOUNCER WRITE BEHAVIOR (verified)
================================================================================

BOUNCER: FRONT_DOOR_BOUNCER_FIXED_COLOR_V2_5_12_26.html

ON PAGE LOAD:
  1. init() executes immediately (IIFE)
  2. Reads localStorage.getItem('collabtunes_selected_rating')
  3. If saved key found AND matches a known rating: restores that selection
  4. If not found OR unrecognized: defaults to ratings[0] = 'gpg'
  5. Builds rating grid and sets subtitle text

ON USER SELECTION:
  1. User clicks a rating button → selectRating(r) called
  2. selectedRating updated to clicked rating object
  3. Subtitle text updated to that rating's subtitle
  4. Enter button becomes active

ON ENTER BUTTON CLICK:
  1. enterSite() called
  2. localStorage.setItem('collabtunes_selected_rating', selectedRating.key)
  3. window.location.href = 'https://collabtunes.com'
  4. User arrives at homepage with rating stored in localStorage

VERIFIED BEHAVIORS:
  ✅ Default state: ratings[0] = 'gpg' (G/PG) — active line 257
  ✅ Broken original (ratings[4]) is comment-only on line 255
  ✅ Session restore: reads key → finds match → restores selection
  ✅ Unrecognized key: no match found → selectedRating stays at ratings[0]
  ✅ Key written correctly: collabtunes_selected_rating (exact match to gate reader key)

================================================================================
SECTION 5 — FALLBACK SAFETY VERIFICATION
================================================================================

FALLBACK CONDITION: !sel || allowed.indexOf(sel) === -1

This condition catches ALL unsafe states:

STATE                          | sel VALUE     | !sel   | indexOf  | RESULT
-------------------------------|---------------|--------|----------|--------
No localStorage set            | null          | true   | N/A      | REDIRECT ✅
Empty string in storage        | ""            | true   | N/A      | REDIRECT ✅
Tampered value ("admin")       | "admin"       | false  | -1       | REDIRECT ✅
Tampered value ("GPG")         | "GPG"         | false  | -1       | REDIRECT ✅  *
Valid key below gate level     | "gpg" on R+   | false  | -1       | REDIRECT ✅
Valid key at/above gate level  | "pg13" on PG-13| false | ≥0      | PASS    ✅

* NOTE: Key comparison is case-sensitive. "GPG" ≠ "gpg" → redirect.
  The bouncer writes lowercase keys. Any case manipulation → blocked.
  This is a SECURITY FEATURE, not a bug.

EDGE CASE — STALE KEY FROM FUTURE SCHEMA:
  If a future version adds new rating levels with new key strings,
  old pages will redirect for those new keys (indexOf = -1).
  This is SAFE — conservative fail. Old pages reject unknown keys.
  Correct upgrade path: update allowed arrays at same time as bouncer.

================================================================================
SECTION 6 — GATE JS SNIPPETS (ready for deployment)
================================================================================

SNIPPET A — PG-13 gate (use for all Song Lists, most Set Lists)
  <!-- GATE: PG-13 minimum -->
  <script>
    (function() {
      var allowed = ['pg13','r','nc17','x'];
      var sel = localStorage.getItem('collabtunes_selected_rating');
      if (!sel || allowed.indexOf(sel) === -1) { window.location.href = 'https://collabtunes.com'; }
    })();
  </script>

SNIPPET B — R gate (use for SetList7, SetList8, SetList9, SetList17)
  <!-- GATE: R minimum -->
  <script>
    (function() {
      var allowed = ['r','nc17','x'];
      var sel = localStorage.getItem('collabtunes_selected_rating');
      if (!sel || allowed.indexOf(sel) === -1) { window.location.href = 'https://collabtunes.com'; }
    })();
  </script>

SNIPPET C — NC-17 gate (for NC-17 Quick Guide)
  <!-- GATE: NC-17 minimum -->
  <script>
    (function() {
      var allowed = ['nc17','x'];
      var sel = localStorage.getItem('collabtunes_selected_rating');
      if (!sel || allowed.indexOf(sel) === -1) { window.location.href = 'https://collabtunes.com'; }
    })();
  </script>

SNIPPET D — X gate (for X Quick Guide and X-rated pages)
  <!-- GATE: X / No Limits only -->
  <script>
    (function() {
      var allowed = ['x'];
      var sel = localStorage.getItem('collabtunes_selected_rating');
      if (!sel || allowed.indexOf(sel) === -1) { window.location.href = 'https://collabtunes.com'; }
    })();
  </script>

SNIPPET E — Full Lyrics gate (PG-13 safe default, Tom may upgrade to R)
  <!-- GATE: PG-13 minimum (safe default — Tom Decision 03 may change to R) -->
  <script>
    (function() {
      var allowed = ['pg13','r','nc17','x'];  /* change to ['r','nc17','x'] if Tom selects R */
      var sel = localStorage.getItem('collabtunes_selected_rating');
      if (!sel || allowed.indexOf(sel) === -1) { window.location.href = 'https://collabtunes.com'; }
    })();
  </script>

================================================================================
SECTION 7 — GATES NOT YET DEPLOYED (live site exposure)
================================================================================

These pages exist live on collabtunes.com without a gate. Tom decisions needed.

PAGE                                    | REQUIRED GATE | DECISION NEEDED
----------------------------------------|---------------|------------------
/1-to-34-quick-guide-23-to-nc-17/      | NC-17 (Snippet C) | Decision 02
/1-to-34-quick-guide-x/                | X (Snippet D)     | Decision 02
/8-of-35-full-texts-of-lyrics/          | PG-13 (Snippet E) | Decision 03
HOW I GOT HERE (full dirty)            | X (Snippet D)     | Decision 01
HOW I GOT HERE (full talk w/Claude AI) | X (Snippet D)     | Decision 01

RISK LEVEL: HIGH — explicit content publicly accessible on live internet.
Mixed Claude must NOT inject these gates without Tom's decisions confirmed.
Safe defaults exist for all except HOW I GOT HERE (Decision 01 needed).

================================================================================
SECTION 8 — GATE UPGRADE PATH FOR ESTIMATED-RATING PAGES
================================================================================

3 current pages have estimated PG-13 ratings pending mood_settings confirmation:
  SET_LIST_3 | SET_LIST_5 | SET_LIST_6-Definitely-NOT-Love

If mood_settings reveals R rating for any of these:
  STEP 1: Update page rating badge from "PG-13 — Estimated" to "R"
  STEP 2: Update gate allowed array from ['pg13','r','nc17','x'] to ['r','nc17','x']
  STEP 3: Re-run automated gate verification
  STEP 4: Browser test R gate at all 5 rating levels before promoting

DO NOT deploy any estimated-rating page until rating is confirmed.
A PG-13 gate on an R-rated page is a safety failure.

================================================================================
END GATE_AND_ROUTING_VERIFICATION_MATRIX_5_12_26.txt
================================================================================
