fix(seo): kill sitewide broken email link + stale sitemap page (MARTECH-16) (#1004)

* fix(seo): kill sitewide broken email link and stale sitemap page (MARTECH-16)

Two Ahrefs Site Audit errors on docs.arcade.dev:

- "Page has links to broken page" (229 pages): the footer rendered a
  sitewide mailto: that Cloudflare Email Obfuscation rewrites into
  /cdn-cgi/l/email-protection, which 404s for crawlers. Point the footer
  mail icon at the internal /en/resources/contact-us page instead.
- "3XX redirect in sitemap": a stale logic-extensions/build-your-own page
  lingered after the contextual-access rename and 308-redirects. Delete it;
  the redirect rule already exists.

Regression tests:
- tests/chrome-no-mailto.test.ts: no mailto:/email-protection in shared chrome.
- tests/sitemap.test.ts: no sitemap URL matches a redirect source.

Note: fully clearing the broken-link error also needs Cloudflare "Email
Address Obfuscation" disabled for docs.arcade.dev (infra, out of repo).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* 🤖 Regenerate LLMs.txt

* refactor(seo): move change rationale from code comments to the PR

The narrative comments added in the previous commit (Cloudflare obfuscation
backstory, audit counts, ticket refs) belong in the PR description, not the
code. Keep terse functional notes only — no behavior change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Juan Ibarlucea <juanibarlucea@192.168.1.2>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

Author: 4 people

app/_components/footer.tsx

@@ -54,12 +54,7 @@ const Socials = () => (
     >
       <Linkedin className="h-6 w-6 text-gray-400 transition-colors duration-150 ease-in-out hover:text-gray-900" />
     </a>
-    <a
-      href={`mailto:${urlConfig.company.email}`}
-      rel="noreferrer"
-      target="_blank"
-      title="Send us an email"
-    >
+    <a href="/en/resources/contact-us" title="Contact us">
       <Mail className="h-6 w-6 text-gray-400 transition-colors duration-150 ease-in-out hover:text-gray-900" />
     </a>
   </div>

app/en/guides/logic-extensions/build-your-own/page.mdx

@@ -1,4 +1,4 @@
-<!-- git-sha: 1713003ee9eb311132f7e93563edd85b2da42011 generation-date: 2026-06-02T23:47:34.646Z -->
+<!-- git-sha: 168dbe9f1ea2583887eac41a6f20344ffa661b9c generation-date: 2026-06-10T18:11:23.362Z -->
 
 # Arcade
 
@@ -85,7 +85,6 @@ Arcade delivers three core capabilities: Deploy agents even your security team w
 - [Build an AI Chatbot with Arcade and Vercel AI SDK](https://docs.arcade.dev/en/get-started/agent-frameworks/vercelai): This documentation page guides users through the process of building a browser-based AI chatbot using the Vercel AI SDK and Arcade tools for Gmail and Slack integration. Users will learn how to set up a Next.js project, manage chat state, and implement authorization
 - [Build MCP Server QuickStart](https://docs.arcade.dev/en/get-started/quickstarts/mcp-server-quickstart): The "Build MCP Server QuickStart" documentation provides a step-by-step guide for users to create and run a custom MCP Server using the Arcade MCP framework. It covers prerequisites, installation of necessary tools, server setup, and how to implement and call various
 - [Build Your Own Contextual Access Server](https://docs.arcade.dev/en/guides/contextual-access/build-your-own): This documentation page provides a comprehensive guide for users to build their own webhook server that complies with the Contextual Access Webhook contract, defined by an OpenAPI 3.0 specification. It outlines the necessary steps, including generating server stubs in various
-- [Build Your Own Extension Server](https://docs.arcade.dev/en/guides/logic-extensions/build-your-own): This documentation page provides a comprehensive guide for users to build their own webhook server that complies with the Logic Extensions contract defined by an OpenAPI 3.0 specification. It outlines the necessary steps to implement the server, including generating code stubs in various
 - [Call a tool in your IDE/MCP Client](https://docs.arcade.dev/en/get-started/quickstarts/call-tool-client): This documentation page guides users on how to create and utilize an MCP Gateway within their IDE or MCP Client, enabling them to efficiently call tools from multiple MCP servers for specific workflows. Users will learn to set up the gateway, select relevant tools, and connect
 - [Call tools from MCP clients](https://docs.arcade.dev/en/guides/create-tools/tool-basics/call-tools-mcp): This documentation page provides guidance on how to configure MCP clients to call tools from an MCP server, detailing necessary prerequisites and outcomes. Users will learn to set up their clients using the `arcade configure` command, customize transport options, and manage configuration files
 - [Calling tools in your agent with Arcade](https://docs.arcade.dev/en/get-started/quickstarts/call-tool-agent): This documentation page provides a comprehensive guide on how to utilize Arcade to enable AI agents to call various hosted tools, such as sending emails or creating documents. Users will learn how to install the Arcade client, set up their environment, and implement workflows that leverage

public/llms.txt

@@ -0,0 +1,58 @@
+import { readFileSync } from "node:fs";
+import fg from "fast-glob";
+import { expect, test } from "vitest";
+
+const TIMEOUT = 30_000;
+
+// Raw email links (mailto:) and Cloudflare's obfuscated email endpoint.
+const FORBIDDEN = /mailto:|\/cdn-cgi\/l\/email-protection/gi;
+// Comment forms to blank out before scanning (block/JSX `/* */` and line `//`).
+const BLOCK_COMMENT = /\/\*[\s\S]*?\*\//g;
+const LINE_COMMENT = /(^|[^:])\/\/.*$/;
+const NON_NEWLINE = /[^\n]/g;
+
+/**
+ * Sitewide chrome (footer, navbar, etc. in app/_components) must not contain a
+ * raw email link: Cloudflare Email Obfuscation rewrites it into a
+ * /cdn-cgi/l/email-protection URL that returns 404 to crawlers, so one in
+ * shared chrome becomes a broken link on every page. Link to
+ * /en/resources/contact-us instead. In-content email links on individual pages
+ * are fine and are not scanned here.
+ */
+test(
+  "shared components contain no mailto: or email-protection links",
+  async () => {
+    const files = await fg("app/_components/**/*.{ts,tsx}");
+    const offenders: Array<{ file: string; line: number; match: string }> = [];
+
+    for (const file of files) {
+      // Blank out comments (so explanatory prose mentioning these patterns is
+      // not flagged) while preserving newlines to keep line numbers accurate.
+      const content = readFileSync(file, "utf-8").replace(BLOCK_COMMENT, (m) =>
+        m.replace(NON_NEWLINE, " ")
+      );
+      const lines = content.split("\n");
+
+      for (let i = 0; i < lines.length; i += 1) {
+        const code = lines[i].replace(LINE_COMMENT, "$1");
+        const matches = code.match(FORBIDDEN);
+        if (matches) {
+          for (const match of matches) {
+            offenders.push({ file, line: i + 1, match });
+          }
+        }
+      }
+    }
+
+    for (const offender of offenders) {
+      console.error(
+        `Forbidden sitewide email link in ${offender.file}:${offender.line} — "${offender.match}". ` +
+          "Cloudflare rewrites sitewide email into /cdn-cgi/l/email-protection (404 for crawlers). " +
+          "Link to /en/resources/contact-us instead."
+      );
+    }
+
+    expect(offenders.length).toBe(0);
+  },
+  TIMEOUT
+);

tests/chrome-no-mailto.test.ts

@@ -36,6 +36,67 @@ test("sitemap lists expected URLs", async () => {
   }
 });
 
+test("sitemap contains no URL that we redirect away", async () => {
+  const previousSiteUrl = process.env.SITE_URL;
+  process.env.SITE_URL = "https://example.test";
+
+  try {
+    const { default: sitemap } = await import("../app/sitemap");
+    const entries = await sitemap();
+    const paths = entries.map((entry) =>
+      entry.url.replace("https://example.test", "")
+    );
+
+    // Every redirect `source` in next.config.ts is a path we 3xx away, so a live
+    // page must never sit there — otherwise the sitemap ships a redirecting URL
+    // (Ahrefs flags "3XX redirect in sitemap"). Guards against pages left behind
+    // after a rename.
+    const config = readFileSync(join(process.cwd(), "next.config.ts"), "utf-8");
+    const exactSources = new Set<string>();
+    const prefixSources: string[] = [];
+
+    for (const match of config.matchAll(/source:\s*"([^"]+)"/g)) {
+      const normalized = match[1]
+        .replace(/:locale\([^)]*\)/g, "en")
+        .replace(/:locale/g, "en");
+
+      if (normalized.includes("/:")) {
+        // Wildcard source (e.g. ".../:path*"): match by its static prefix, but
+        // skip any that collapse to just the locale to avoid matching everything.
+        const prefix = normalized.slice(0, normalized.indexOf("/:"));
+        if (prefix.split("/").filter(Boolean).length >= 2) {
+          prefixSources.push(prefix);
+        }
+      } else {
+        exactSources.add(normalized);
+      }
+    }
+
+    const offenders = paths.filter(
+      (path) =>
+        exactSources.has(path) ||
+        prefixSources.some(
+          (prefix) => path === prefix || path.startsWith(`${prefix}/`)
+        )
+    );
+
+    for (const offender of offenders) {
+      console.error(
+        `Sitemap includes ${offender}, which matches a redirect source in next.config.ts. ` +
+          "Delete the stale page (or remove the redirect) so the sitemap ships no 3XX URLs."
+      );
+    }
+
+    expect(offenders).toEqual([]);
+  } finally {
+    if (previousSiteUrl === undefined) {
+      process.env.SITE_URL = undefined;
+    } else {
+      process.env.SITE_URL = previousSiteUrl;
+    }
+  }
+});
+
 test("robots.txt references the sitemap", () => {
   const robotsPath = join(process.cwd(), "public", "robots.txt");
   const robotsContent = readFileSync(robotsPath, "utf-8");