Disable Vercel Authentication
Make the production deployment public. Right now the Vercel project is protected, which blocks both direct traffic and the custom-domain cutover.
Launch checklist
What you need to do next
§ 01 · Step by step
Next actions in order.
Set a SESSION_SECRET
Add a strong random SESSION_SECRET in Vercel so the lightweight signed-session cookie is not using the development fallback.
Set an OPENROUTER_API_KEY
Add the shared platform key in Vercel so the public demo can run without forcing every visitor to bring their own key.
Add cnc.riera.co.uk to the Vercel project
Register the final hostname on the Vercel project first so Vercel can tell you exactly which DNS target it expects.
Create the matching DNS record in Cloudflare
Point cnc.riera.co.uk at the Vercel target from your Cloudflare zone. This is the main step that still needs your direct DNS access.
Try both the shared-key and BYO-key paths
Confirm that the shared platform key path works and that visitors can also paste their own OpenRouter key when they want more usage.
Review the runtime logs for captured leads
Lightweight login details and generation events are logged server-side in this bootstrap release, so use the logs to inspect who is testing the workflow.
Add managed persistence when you want cross-device history
Browser-scoped history is enough for the first live release. Add a real storage service later if you want durable history and richer follow-up.
§ 02 · Recommended sequence
The sensible order from here.
now
Disable protection, add the secrets, and validate that the live generator works on the production deployment.
next
Finish the cnc.riera.co.uk cutover in Vercel and Cloudflare, then inspect the runtime logs for real usage.
later
Add managed persistence, stronger auth, and richer controller-specific post-processors once real conversations start.