# Two-Domain Architecture + Audit Lead Magnet (2026-05-13/14)

<meta charset="UTF-8" id="bkmrk-"></meta> <title id="bkmrk-snowit-%E2%80%94-two-domain-">SnowIT — Two-Domain Architecture + Audit Lead Magnet (2026-05-13/14)</title></head><body># SnowIT — Two-Domain Architecture + Audit Lead Magnet

**Date:** 2026-05-13 + 2026-05-14  
**Sessions:** 9d81f0c3-f7fb-4f8e-bf8c-04091a5dbbec + (current)  
**MC Parent:** #100509 (Skybound pass 2)  
**Status:** LIVE — production serving

---

## Executive Summary

SnowIT executed a strategic brand split and technical implementation across two sessions (2026-05-13 + 2026-05-14), delivering:

1. **Two-domain architecture:** snowit.ba (SMB BiH market) + enterprise.snowit.ba (Enterprise/Norwegian transit/AI security) — unified under single Vercel project via middleware.ts host-based routing
2. **Critical bugs fixed:** snowit.ba pricing EUR→KM unification (300/800/1200 KM), AI/enterprise content archived, LinkedIn pricing 400 KM live
3. **Frontend builds:** enterprise/index.html + case-study.html (anonymized Nordic transit TVM case) + about.html (founder bio, NDA-compliant)
4. **Audit lead magnet pipeline:** snowit.ba/audit.html landing + /api/audit serverless function (pdf-lib MVP, Phase 2 Places API/Sheets/WA deferred pending Vercel Pro upgrade + GCP SA grants)
5. **Infrastructure:** AWS Route 53 CNAME enterprise.snowit.ba → Vercel Edge, middleware.ts host rewrite (vercel.json rewrites don't fire after filesystem match), orphan snowit-enterprise project flagged for deletion

**Founding identity corrected:** SnowIT d.o.o. founded 2022 (not 2026 — CEO Alem Basic caught agent default-year drift on enterprise preview). Founder consulting record (Entur 2022-2024, Ruter/TET 2024-2025) separate from SnowIT delivery history — NDA-compliant anonymization applied to all public copy.

---

## Brand Split Rationale

### Anti-Lie Positioning

SnowIT (founded 2022) pivoted to enterprise AI/transit services in 2026. The company has zero enterprise delivery history as SnowIT entity, but founder Alem Bašić has documented 3-year consulting record at:

- ENTUR (Norwegian national transit, 2022-2024): TVM modernization, solution architect
- RUTER (Oslo/Viken transit via TET Digital, 2024-2025): Cloud ops, IoT/EDA, solution architect

Two-domain split avoids claim fabrication:

- **snowit.ba:** SMB BiH focus (Google Business Profile setup 300 KM, web presence 800 KM, full digital start 1.200 KM) — no enterprise positioning, no false authority
- **enterprise.snowit.ba:** Transparent positioning: "Senior consulting expertise meets agile delivery" with NDA-aware disclosure: "Project delivered by SnowIT founder in prior senior consulting capacity. Client identity disclosable under NDA on inquiry."

### Market Segmentation

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-domain-audience-serv"> <tr> <th>Domain</th> <th>Audience</th> <th>Services</th> <th>Language</th> <th>Pricing Transparency</th> </tr> <tr> <td>snowit.ba</td> <td>SMB BiH (salons, auto, bakeries, cafes)</td> <td>GMB, websites, LinkedIn, SEO</td> <td>BS (primary), EN (minimal)</td> <td>Full (300-2.500 KM on-page)</td> </tr> <tr> <td>enterprise.snowit.ba</td> <td>Enterprise/Norwegian transit/AI security</td> <td>Public transit app dev, AI security harness, legacy modernization</td> <td>EN (primary), BS (i18n toggle)</td> <td>POA (contact-for-quote)</td> </tr></table>

---

## Two-Domain Architecture

### System Diagram

```mermaid

graph LR
    A[snowit.ba] -->|CNAME cname.vercel-dns.com| V[Vercel Edge Network]
    B[enterprise.snowit.ba] -->|CNAME cname.vercel-dns.com| V
    V -->|Project: snowit-site prj_6kWI33mxaX2PClQwe1xt1OUbSxP6| MW[middleware.ts]
    MW -->|Host: snowit.ba, Path: /*| FS1[/index.html /portfolio.html /usluge.html /audit.html]
    MW -->|Host: enterprise.snowit.ba, Path: /*| RW[Rewrite to /enterprise/*]
    RW --> FS2[/enterprise/index.html /enterprise/case-study.html /enterprise/about.html]

    style A fill:#FF6B35
    style B fill:#3b82f6
    style V fill:#0F172A,stroke:#00D4FF
    style MW fill:#1e293b
    style FS1 fill:#334155
    style FS2 fill:#475569

```

### DNS Topology

**AWS Route 53 Hosted Zone:** snowit.ba (ID: Z0412149\*\*\*\*QUPIW)

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-record-type-value-tt"> <tr> <th>Record</th> <th>Type</th> <th>Value</th> <th>TTL</th> </tr> <tr> <td>snowit.ba</td> <td>CNAME</td> <td>cname.vercel-dns.com.</td> <td>300</td> </tr> <tr> <td>enterprise.snowit.ba</td> <td>CNAME</td> <td>cname.vercel-dns.com.</td> <td>300</td> </tr> <tr> <td>clients.snowit.ba</td> <td>CNAME</td> <td>cname.vercel-dns.com.</td> <td>300</td> </tr></table>

**TLS Certificates:** Auto-provisioned by Vercel (Let's Encrypt R12), valid 90 days from 2026-05-13

### Middleware Host Rewrite Pattern

**Problem:** vercel.json `rewrites` with `has` conditions (host-based) run AFTER `handle: filesystem` in Vercel's output config. Filesystem match wins, rewrite never fires — enterprise.snowit.ba/index.html served placeholder instead of /enterprise/index.html.

**Solution:** Extend middleware.ts to handle host-based routing at edge (runs BEFORE filesystem):

```
// middleware.ts (excerpt — commit 1fcbe0b)
export default async function middleware(req: Request): Promise<Response> {
  const url = new URL(req.url);

  // Host-based rewrite: enterprise.snowit.ba/* → /enterprise/*
  if (url.hostname === "enterprise.snowit.ba" && !url.pathname.startsWith("/enterprise")) {
    const destPath = "/enterprise" + (url.pathname === "/" ? "/" : url.pathname);
    const destUrl = new URL(destPath + url.search, req.url);
    return rewrite(destUrl);
  }

  // tim.html auth gate scoped to pathname === "/tim.html" (no regression)
  if (url.pathname === "/tim.html") { /* HMAC cookie check */ }

  return next();
}

```

**Commit:** 1fcbe0b (2026-05-13)

### Path Structure

```

/Users/makinja/clients-external/snowit-site/
├── index.html              (snowit.ba SMB landing)
├── portfolio.html          (SMB portfolio)
├── usluge.html             (SMB services, pricing 300-2500 KM)
├── audit.html              (lead magnet landing, BS copy)
├── /api/audit.js           (serverless function, pdf-lib MVP)
├── /enterprise/
│   ├── index.html          (enterprise landing)
│   ├── case-study.html     (anonymized Nordic transit TVM case)
│   ├── about.html          (founder bio, NDA-compliant)
│   ├── /css/enterprise.css (dark theme, --ent-* tokens)
│   └── /js/i18n.js         (EN+BS dictionaries)
├── middleware.ts           (host rewrite + tim.html auth)
├── vercel.json             (tim.html X-Robots-Tag headers)
└── BUILD-BLUEPRINT.md
```

---

## Audit Lead Magnet Pipeline

### Flow Diagram

```mermaid

sequenceDiagram
    participant U as User (SMB Owner)
    participant L as /audit.html
    participant A as /api/audit
    participant PDF as pdf-lib
    participant SMTP as nodemailer
    participant E as Enis (info@snowit.ba)
    participant GCP as Places API (Phase 2)
    participant GS as Google Sheets (Phase 2)
    participant WA as WhatsApp (Phase 2)

    U->>L: Fill form (name, company, city, industry, contact, notes)
    L->>A: POST {name, company, city, industry, email OR whatsapp, notes}
    A->>A: Validate (honeypot check, required fields)
    A->>PDF: Generate audit PDF (ref SNW-XXXXX-XXXX)
    PDF-->>A: PDF buffer
    A->>SMTP: Send email to info@snowit.ba + lead
    SMTP-->>E: "Novi upit za audit: [company] u [city]"
    A-->>U: {"ok":true,"ref":"SNW-XXXXX-XXXX"}

    Note over GCP,WA: Phase 2 — blocked on Vercel Pro + GCP SA grants
    A-.->GCP: Fetch GBP data (if email)
    GCP-.->A: Profile + reviews + map position
    A-.->GS: Log lead (timestamp, ref, company, city, industry, contact, utm_*)
    A-.->WA: Send WA to lead "Vaš upit primljen, radim na auditu" (if whatsapp)

```

### Phase 1 (LIVE — MVP)

- **Landing:** /audit.html (837 lines, BS copy, Proxima Marketing)
- **Backend:** /api/audit.js (1470 lines, pdf-lib ^1.17.1)
- **Payload schema:** {name, company, city, industry, email?, whatsapp?, notes, \_honey}
- **Honeypot:** \_honey field (hidden, rejects bots)
- **Email delivery:** nodemailer via one.com SMTP (SMTP\_USER/SMTP\_PASS env vars reused from /api/contact)
- **Reference ID:** SNW-{timestamp}-{random 4-digit} (e.g., SNW-17156-9384)
- **Cost:** $0/audit (no external API calls)

### Phase 2 (BLOCKED — Pending CEO actions)

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-blocker-status-owner"> <tr> <th>Blocker</th> <th>Status</th> <th>Owner</th> <th>Cost Impact</th> </tr> <tr> <td>Vercel Pro upgrade ($20/mo)</td> <td>CEO manual action required (UI-only upgrade, no API)</td> <td>CEO Alem Basic</td> <td>+$20/mo</td> </tr> <tr> <td>Google Places API key (tribal-sign-487920-k0)</td> <td>GCP Console enable + API key + HTTP referrer restriction</td> <td>CEO or grant alai-cli-deployer SA permissions</td> <td>~$1.70/mo @100 audits</td> </tr> <tr> <td>Google Sheets SA (snowit-leads-writer@tribal-sign-487920-k0.iam.gserviceaccount.com)</td> <td>GCP Console create SA + download JSON key + share sheet</td> <td>CEO or grant alai-cli-deployer SA permissions</td> <td>$0 (free tier)</td> </tr> <tr> <td>WhatsApp auto-send</td> <td>Meta WhatsApp Cloud API (24-72h approval) OR Twilio WA API</td> <td>FlowForge (after above unblocked)</td> <td>Free 1K/mo OR $0.005/msg</td> </tr></table>

**CEO action path (Option A — manual, 15 min):**

1. Vercel Pro: https://vercel.com/johns-projects-4b43bfa9/settings/billing → Upgrade to Pro
2. Places API: https://console.cloud.google.com/apis/library/places-backend.googleapis.com?project=tribal-sign-487920-k0 → Enable → Create API Key → Restrict to snowit.ba
3. Sheets API: https://console.cloud.google.com/apis/library/sheets.googleapis.com?project=tribal-sign-487920-k0 → Enable → Create SA "snowit-leads-writer" → Download JSON
4. Lead sheet: Create Google Sheet "SnowIT Leads — Audit Lead Magnet" → Share with SA email (Editor access) → Copy sheet ID

**CEO action path (Option B — grant FlowForge gcloud access, automated):** Run script /Users/makinja/clients-external/snowit-site/scripts/setup-gcp-sa-grant.sh (commit 07a7982) to grant alai-cli-deployer@tribal-sign-487920-k0.iam.gserviceaccount.com roles: serviceUsageAdmin + serviceAccountAdmin + serviceAccountKeyAdmin. Then re-dispatch to FlowForge.

---

## Pricing Matrix (snowit.ba SMB)

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-package-price-%28km%29-i"> <tr> <th>Package</th> <th>Price (KM)</th> <th>Includes</th> <th>Delivery</th> </tr> <tr> <td>Google Business Starter</td> <td>300 KM</td> <td>GBP setup + verification + optimization</td> <td>48h</td> </tr> <tr> <td>LinkedIn Launch</td> <td>400 KM</td> <td>LinkedIn Company Page + 5 posts</td> <td>5-7d</td> </tr> <tr> <td>Web + GMB (card1)</td> <td>800 KM</td> <td>1-page website + GBP setup</td> <td>7-10d</td> </tr> <tr> <td>Full Digital Start (card3)</td> <td>1.200 KM</td> <td>Website + GBP + LinkedIn + SEO basics</td> <td>14d</td> </tr> <tr> <td>SnowIT PRO</td> <td>2.500 KM</td> <td>Full package + 3-month support</td> <td>30d</td> </tr></table>

**Currency unification (commit 075ae2b):** All "200 EUR" references replaced with "300 KM" across i18n.js (12 changes), index.html (32 changes), usluge.html (18 changes). LinkedIn 400 KM added (commit bef5820).

---

## NDA Compliance Pattern

### Public Copy (enterprise.snowit.ba)

- **Client names:** FORBIDDEN (Tet, Ruter, Entur, TET Digital) — verified via `grep -i "tet|ruter|entur"` on live HTML = 0 matches
- **Anonymization pattern:** "Major Nordic public transit operator (identity disclosable under NDA on inquiry)"
- **Disclosure box (case-study.html):** 3-paragraph amber-muted banner: 
    - Project delivered by SnowIT founder in prior senior consulting capacity
    - SnowIT (founded 2022) is new to enterprise AI/transit services — founder's prior engagements separate
    - Client identity + specific project details available under NDA on inquiry
- **Founder bio (about.html):** "Norwegian public transit operators" (plural, anonymized), "Client identities available under NDA on inquiry", professional references subject to client approval

### NDA-Protected Facts (BookStack only, not public)

- ENTUR: 03.2022 - 02.2024 (23 months), TVM modernization, Kafka/KSQLDB/GCP/React
- RUTER (via TET Digital): 09.2024 - 09.2025 (13 months), Cloud ops, AWS/IoT/MQTT/Kafka/EDA
- CV evidence: /Users/makinja/personal/cv/Alem-Basic\_no\_2026-02-06T06-08-13Z.pdf
- BookStack finance logs: RPG January 2026, KnowIT MinVei, timesheet January 2026

---

## Founder Identity

**Name:** Alem Bašić  
**Role:** Founder + CEO (SnowIT d.o.o., founded 2022)  
**Background:** 25+ years software engineering, solution architect, senior consulting record at Norwegian public transit operators (Entur 2022-2024, Ruter 2024-2025), expertise in Kafka/cloud/AI security/legacy modernization  
**Education:** (not disclosed on public site — available under NDA)  
**Languages:** BS/EN/NO (professional fluency)  
**Consulting vehicles:** Everdeen partner status (Entur engagement), RPG-Kyndryl subcontractor (Ruter/TET engagement)

**Distinction:** SnowIT (founded 2022, pivoted to enterprise 2026, zero enterprise delivery history as entity) vs Founder (Alem Bašić, 3-year documented consulting record 2022-2025). Public copy transparent about this split — no claim fabrication.

---

## MC Task Tree

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-mc-id-title-owner-st"> <tr> <th>MC ID</th> <th>Title</th> <th>Owner</th> <th>Status</th> <th>Evidence</th> </tr> <tr> <td>\#100509</td> <td>SnowIT Enterprise Pass 2 (Skybound)</td> <td>skybound</td> <td>ready\_for\_review</td> <td>/tmp/skybound-enterprise-evidence-pending.md</td> </tr> <tr> <td>\#100513</td> <td>snowit.ba SMB cleanup (EUR→KM, AI archive)</td> <td>codecraft</td> <td>ready\_for\_review</td> <td>/tmp/codecraft-snowit-cleanup-100513-evidence.md</td> </tr> <tr> <td>\#100510</td> <td>enterprise.snowit.ba domain move + infra</td> <td>codecraft</td> <td>ready\_for\_review</td> <td>/tmp/codecraft-domain-move-evidence.md + /tmp/codecraft-faza-b-infra-evidence.md</td> </tr> <tr> <td>(child)</td> <td>enterprise.snowit.ba case-study.html</td> <td>frontend-builder</td> <td>ready\_for\_review</td> <td>/tmp/frontend-builder-case-study-evidence.md</td> </tr> <tr> <td>(child)</td> <td>enterprise.snowit.ba about.html</td> <td>frontend-builder</td> <td>ready\_for\_review</td> <td>/tmp/frontend-builder-about-evidence.md</td> </tr> <tr> <td>(child)</td> <td>Audit lead magnet copy (Proxima)</td> <td>proxima</td> <td>done</td> <td>/tmp/proxima-lead-magnet-snowit/\_evidence.md</td> </tr> <tr> <td>\#100543</td> <td>/api/audit backend (pdf-lib MVP)</td> <td>codecraft</td> <td>ready\_for\_review</td> <td>/tmp/codecraft-audit-tool-evidence.txt</td> </tr> <tr> <td>(child)</td> <td>/audit.html landing page</td> <td>builder</td> <td>ready\_for\_review</td> <td>/tmp/builder-audit-html-evidence.md</td> </tr> <tr> <td>(child)</td> <td>GCP SA permission grant script</td> <td>builder</td> <td>ready\_for\_review</td> <td>/tmp/builder-gcp-sa-script-evidence.md</td> </tr> <tr> <td>(child)</td> <td>Vercel Pro + Places API (BLOCKED)</td> <td>flowforge</td> <td>BLOCKED (CEO action)</td> <td>/tmp/flowforge-snowit-vercel-pro-places-evidence.md</td> </tr></table>

---

## Outstanding Decisions

1. **Orphan snowit-enterprise project:** Vercel project prj\_8fTtx2Z0UJY4kqdNJACkfIpQamHi (served placeholder, domain now moved to snowit-site) — delete to avoid confusion? (CEO decision pending)
2. **Vercel Pro upgrade ($20/mo):** Required for Phase 2 Playwright screenshots + real GBP data. CEO must upgrade via UI (Vercel API doesn't support billing changes).
3. **GCP Places API + Sheets SA:** Option A (CEO manual, 15 min) vs Option B (grant FlowForge gcloud access via scripts/setup-gcp-sa-grant.sh, automated).
4. **GA4 + Pixel + GSC tracking IDs:** Placeholders in index.html/enterprise/index.html — CEO provide actual IDs or remove placeholders?
5. **Audit delivery SLA:** Current copy promises "24h" — if Enis volume exceeds capacity, change to "48h" or hire VA?
6. **Follow-up cadence:** Email/WA sequence ends at 7 days — add 10-day or 14-day final nudge, or stick with 3d+7d?
7. **Free vs Paid audit gating:** All audits free (current) vs gate multi-location SMBs at 100 KM audit fee (credited toward paid service)?

---

## Operational Scripts

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-script-path-purpose-"> <tr> <th>Script</th> <th>Path</th> <th>Purpose</th> <th>Usage</th> </tr> <tr> <td>setup-gcp-sa-grant.sh</td> <td>/Users/makinja/clients-external/snowit-site/scripts/</td> <td>One-time GCP SA permission grant for Phase 2 backend</td> <td>./scripts/setup-gcp-sa-grant.sh (or PROJECT\_ID=X ./scripts/setup-gcp-sa-grant.sh)</td> </tr></table>

**Commit:** 07a7982 (executable, bash -n verified, grants serviceUsageAdmin + serviceAccountAdmin + serviceAccountKeyAdmin to alai-cli-deployer@tribal-sign-487920-k0.iam.gserviceaccount.com)

---

## Cost Breakdown

### Phase 1 (LIVE — MVP)

- Vercel Hobby: $0/mo
- AWS Route 53: ~$0.50/mo (hosted zone)
- one.com SMTP: $0 (existing email account)
- **Total:** ~$0.50/mo

### Phase 2 (Pending CEO Actions)

- Vercel Pro: $20.00/mo
- Google Places API: ~$1.70/mo @100 audits/mo ($0.017 per Nearby Search call)
- Google Sheets API: $0 (free tier, 60 req/min)
- WhatsApp API: $0 (free 1,000 conversations/mo via Meta Cloud API) OR $0.005/msg via Twilio
- **Total:** ~$22/mo + $0.017 per audit over 100/mo

---

## Key Commits

<table border="1" cellpadding="5" cellspacing="0" id="bkmrk-sha-message-files-da"> <tr> <th>SHA</th> <th>Message</th> <th>Files</th> <th>Date</th> </tr> <tr> <td>0b95bfb</td> <td>snowit.ba SMB cleanup (AI archive, contact form)</td> <td>\_archive/usluge-ai-blocks-2026-05-13.html, index.html, portfolio.html, usluge.html</td> <td>2026-05-13</td> </tr> <tr> <td>075ae2b</td> <td>EUR→KM unification (300/800/1200 KM)</td> <td>i18n.js, index.html, usluge.html (62 changes)</td> <td>2026-05-13</td> </tr> <tr> <td>bef5820</td> <td>LinkedIn 400 KM pricing</td> <td>usluge.html</td> <td>2026-05-13</td> </tr> <tr> <td>1c4c1de + 6f4e98a</td> <td>enterprise/index.html pass 1</td> <td>enterprise/index.html, enterprise/css/enterprise.css, enterprise/js/i18n.js</td> <td>2026-05-13</td> </tr> <tr> <td>49cd8b2</td> <td>feat(snowit-enterprise): case-study.html anonymized Nordic transit</td> <td>enterprise/case-study.html (375 lines)</td> <td>2026-05-13</td> </tr> <tr> <td>0705d9a</td> <td>feat(snowit-enterprise): about.html founder bio</td> <td>enterprise/about.html, i18n.js, enterprise.css (392 insertions)</td> <td>2026-05-13</td> </tr> <tr> <td>9a7da92 + 7519bed</td> <td>fix: founding date 2022 (not 2026)</td> <td>enterprise/index.html, i18n.js (14 changes)</td> <td>2026-05-13</td> </tr> <tr> <td>1fcbe0b</td> <td>fix: middleware.ts host rewrite (enterprise.snowit.ba)</td> <td>middleware.ts</td> <td>2026-05-13</td> </tr> <tr> <td>f69e804</td> <td>feat: /api/audit backend (pdf-lib MVP)</td> <td>api/audit.js (1470 lines), package.json (+pdf-lib)</td> <td>2026-05-13</td> </tr> <tr> <td>cad6878c</td> <td>feat(snowit-smb): /audit.html lead magnet landing</td> <td>audit.html (837 lines)</td> <td>2026-05-13</td> </tr> <tr> <td>07a7982</td> <td>chore(snowit): scripts/setup-gcp-sa-grant.sh</td> <td>scripts/setup-gcp-sa-grant.sh (38 lines)</td> <td>2026-05-13</td> </tr></table>

---

## Related Resources

- **Repo:** github.com/snowitba/snowit-site
- **Local path:** /Users/makinja/clients-external/snowit-site/
- **BUILD-BLUEPRINT:** /Users/makinja/clients-external/snowit-site/BUILD-BLUEPRINT.md
- **ARCHITECTURE doc:** /Users/makinja/clients-external/snowit-site/docs/ARCHITECTURE-2026-05-14.md (to be created)
- **Memory entry:** ~/.claude/projects/-Users-makinja/memory/project\_snowit\_brand\_split\_lead\_magnet\_2026-05-14.md (to be created)
- **MC parent:** #100509 (Skybound pass 2)

---

**Last updated:** 2026-05-14  
**Documented by:** Skillforge (ALAI Knowledge Management)  
**Status:** LIVE — production serving, Phase 2 blocked on CEO actions