Next stages
Environment locked
Supabase migrations applied
Stripe webhook verified
Test order completed
Live smoke order signed
production apply guide
OmenHall final production apply
A practical bridge from the latest zip to real launch: archive, Vercel env, Supabase migrations, Stripe webhook, test order, live smoke, email, privacy, rollback, and owner go/no-go.
production apply console
Production apply console
Mark real evidence before enabling payments: archive, env, Supabase, Stripe webhook, test order, live smoke, email, privacy, and rollback.
readiness
0%
blocked · local
evidence locks
live blockers
Blockers
Missing or mixed env
Migration order unknown
Webhook is not source of truth
Private data in logs
No recovery or rollback
Do not enable live
live Stripe keys before webhook proof · success redirect treated as payment proof · missing Supabase migration · question_text in public artifact or email preview · answer_text in analytics or logs
Go/no-gocode
Code replacement
Latest archive, clean install, checks, and report hash.
env
Environment
Vercel env matrix without live/test fog.
data
Supabase
Migrations, RLS, service-role-only writes, and deletion path.
money
Stripe
Webhook truth, idempotency, purchase unlock, and refund/recreate.
owner
Owner signoff
Go/no-go, live smoke, first 24h watch, and growth review.
stages
Latest archive applied
The working project uses the latest master-completion archive, not an older zip from a neighboring pass.
Node install verified
Local and Vercel use Node 20.x, dependencies install without manual alchemy.
Environment locked
All live/test env is separated: Supabase, Stripe, Resend, OpenAI, Upstash, and site URLs are not mixed.
Supabase migrations applied
Migrations 0010-0015 are applied in order and the owner knows which project ref they were applied to.
Stripe webhook verified
The webhook, not the redirect page, creates purchase unlock, delivery job, and audit event.
Test order completed
A test purchase completed product → checkout → webhook → unlock → artifact → email → archive.
Live smoke order signed
A minimal live purchase is completed by the owner after env lock and before ads.
Email delivery verified
Resend domain, from address, support address, receipt, recovery, and safe preview are checked.
Privacy smoke passed
Public artifact, analytics, logs, support macros, and email preview contain no private payload.
Monitoring and rollback ready
There is incident log, owner runbook, rollback note, and first 24h watch after deploy.
blocker risks
Wrong archive applied
Check archive name, SHA256, and report file before replacing the project.
Missing or mixed env
Verify env matrix: test, preview, production, live keys, callback URLs, and webhook secret.
Migration order unknown
Apply migrations in order and record project ref and date.
Webhook is not source of truth
Unlock only through verified Stripe webhook, idempotency key, and ledger event.
Redirect-only payment proof
Success page must read purchase status, not act as proof.
Live keys too early
Enable live only after test order, live smoke order, and owner signoff.
Private data in logs
Forbid question_text, answer_text, email, birth_date, payment id, and private_payload in public layers.
No recovery or rollback
Prepare recovery macros, incident log, rollback note, and recreate/refund decision tree.
rooms
Production apply standardOne application order: archive, dependencies, env, migrations, test payment, live smoke, and owner signoff.Apply latest archiveHow to replace the project with the latest zip without losing env or reverting to an old version.Vercel env lockProduction/preview/test/live matrix so keys do not wear each other's cloaks.Supabase migration orderOrder 0010-0015: persistence, checkout, signoff, growth, master completion, and apply guide.Stripe webhook live testWebhook is the source of truth, redirect only shows status.Test order scriptOne test purchase before live: product, checkout, webhook, unlock, artifact, email, archive.Live order signoffA minimal real owner purchase before ads and external traffic.Email and Resend checkEmails must deliver access without exposing private question in subject or preview.Artifact privacy smokeCheck PDF, share-card, gift artifact, analytics, logs, and support macros for private payload.Rollback and monitoringFirst 24 hours after deploy: incident log, rollback note, support macros, and owner review.Owner go/no-goFinal decision: test, live smoke, privacy, recovery, rollback, support, and growth guardrails.Operator handbookShort action book: where to check env, migrations, webhook, email, archive, support, and rollback.AI contractAI does not decide launch, hide blockers, or turn missing evidence into confidence.World-class apply auditWorld-class here means not more glitter, but fewer unknowns before live money.Completion planFinal lane: apply, verify, launch, watch, improve.