Deployment Safety
Vercel/GitHub Readiness
WarpIntel tracks production deployment and repository-link readiness without exposing provider tokens, installation IDs, private repository data, environment values, database URLs, cron secrets, private EVE data, or separate-project account details.
Public Vercel/GitHub readiness is count-only; provider setup evidence remains protected.
Production deploy health is visible without exposing Vercel account tokens.
Separate-project account lanes stay excluded from WarpIntel unless BOSS explicitly approves crossover.
Dry runs do not change Vercel, GitHub, env vars, repo links, or OAuth connections.
Production deploys working
The current production deployment and https://warpintel.app alias are verified before provider-link changes are treated as ready.
WarpIntel repo identity ready
Production Git metadata must point to WarpIntelHQ/warpintel-app before automated provider-link status can be marked ready.
Vercel project link confirmed
The existing olympus2/warpintel-app project must be confirmed as linked to the expected WarpIntel repository.
Protected setup packet ready
Protected setup and dry-run routes are available for owner review without exposing provider tokens or private repository details.
Protected dry run without provider mutation
Dry runs validate the deployment boundary without changing Vercel settings, GitHub settings, OAuth connections, env vars, or repo links.
Separate-project boundary ready
Provider-link guidance keeps WarpIntel deployment, repo, account, and credential lanes separate from unrelated projects.
Preview deploy smoke gate
A harmless preview deploy smoke should be recorded after the expected Vercel/GitHub link is confirmed.
Tracker confirmation gate
The project tracker should record the confirmed provider link and preview smoke before the lane is marked fully ready.
Production Deploy Baseline
Confirm the current production deployment and domain alias are healthy before provider-link work starts.
Repository Boundary Review
Confirm the expected WarpIntel repository boundary is the only approved deployment source.
Vercel Project Scope
Confirm provider-link work stays on the existing WarpIntel production project.
Preview Smoke Plan
Record the harmless preview smoke that should run after the expected provider link is confirmed.
Environment Secret Boundary
Keep environment values, provider tokens, OAuth values, database URLs, and cron secrets outside repository settings.
Tracker Confirmation Record
Record the provider-link state, preview smoke, and production-alias result in the project tracker.
Wrong Provider Account
Wrong-account evidence stops provider-link activation before repo or project settings are accepted.
Repository Link Mismatch
Unexpected repository identity keeps the provider link gated until the boundary is corrected.
Preview Or Production Regression
Smoke regression keeps the production alias on the known-good deployment until the link path is corrected.
production alias
Represented in public readiness as aggregate status only; provider-side account details stay protected.
WarpIntel repo boundary
Represented in public readiness as aggregate status only; provider-side account details stay protected.
separate-project separation
Represented in public readiness as aggregate status only; provider-side account details stay protected.
owner handoff
Represented in public readiness as aggregate status only; provider-side account details stay protected.
rollback decision points
Represented in public readiness as aggregate status only; provider-side account details stay protected.
secret exclusion
Represented in public readiness as aggregate status only; provider-side account details stay protected.
Vercel Tokens
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Github Tokens
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Oidc Values
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Provider Account Cookies
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Installation Ids
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Private Repository Data
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Env Var Values
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Database Urls
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Cron Secrets
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Eve Tokens
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Private Account Data
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Raw Pasted Inputs
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
Protected Setup Details
Excluded from public pages, health snapshots, smoke logs, screenshots, and readiness feeds.
No-Secret Deploy Rule
Public Vercel/GitHub readiness exposes aggregate setup counts, activation criteria, owner-handoff counts, rollback decision counts, protected-check booleans, deploy/link booleans, no-mutation dry-run safety, and project-separation status only; it does not expose Vercel tokens, GitHub tokens, OIDC values, provider account cookies, installation IDs, private repository data, environment variable values, database URLs, cron secrets, EVE tokens, private account data, or raw pasted analyzer inputs.