Deploy procedure

ADMINISTRATOR ::: danger Restricted

:::

The standing deploy protocol — every deploy follows this exactly. Defined in CLAUDE.md as "Standing protocol — every deploy."

Pre-flight

1. Reload skills: rapax-pms-deploy, coding-and-data, data/validation (and website-building/webapp if UI changes)
2. Reload PMSPLANNER-STANDING-INSTRUCTIONS-2026-04-27.md
3. Brief any subagent with the standing instructions

Bump

Edit client/src/App.tsx line ~216 — the only canonical version pin:

<span className="text-sm text-sidebar-foreground/40" data-testid="sidebar-version">v2.31.0.36</span>

Add a one-line changelog entry at the top of the same file (line 16 area), describing what the version closes.

Bump /api/health.version literal in src/index.js to match.

Bump CLASSIFIER_VERSION in src/cl-skeleton/mandatory-slot-presence.js to match.

Test + build

npm test                 # vitest — must be green
tsc --noEmit             # since v2.29.5; must be clean
vite build               # client bundle

Migrate

Migrations are sentinel-gated in kv_state, so apply is idempotent.

npm run db:migrate                                                          # pms-db
wrangler d1 migrations apply rag-corpus --remote                            # rag-corpus

Deploy

scripts/deploy.sh

The script does, in order:

1. Loads scripts/deploy.env (gitignored)
2. Resolves the version string (CLI arg or sidebar span in App.tsx)
3. vite build
4. Apply pending D1 migrations (sentinel-gated)
5. wrangler deploy
6. Sleeps 5s (edge propagation), then probes:
   • /api/auth/login with admin / Spb812 (HTTP 200 expected)
   • /api/health JSON version field matches expected (since v2.29.9, exit 6 on mismatch)
7. Stamps the help portal version (since v2.31.0.36):

   help/scripts/stamp-version.mjs

   This rewrites help/version.json with the just-deployed version + commit + UTC timestamp. Cloudflare Pages picks up the push and rebuilds help.pmsplanner.com automatically.

Exit codes:

Code	Meaning
0	Success
1	Version discovery failed
2	Bad CLI argument
3	Login probe failed
4	Required credential missing
5	Build failure
6	Wrangler deploy failure / version mismatch
7	Migration apply failure

Audit (T0)

After every deploy, run a T0 audit and write audits/v<version>-audit.md:

• Live /api/health probe
• Live /admin panel walk-through (login as admin, verify each tab loads)
• Spot-check the freshly-shipped feature
• Append a CADENCE entry to audits/CADENCE.md

Push to main only after audit clean (per the auto-merge standing instruction, the deploy itself is the approval).

Push the help portal

The help/ folder lives in the same repo. CF Pages is configured to auto-build on push. After scripts/deploy.sh completes:

git add client/src/App.tsx src/index.js src/cl-skeleton/mandatory-slot-presence.js help/version.json
git commit -m "v<version> — <one-line summary>"
git push origin <feature-branch>
gh pr create --title "v<version>" --body "..." --base main
gh pr merge --squash --auto

Auto-merge fires once required checks pass.

Rollback

If post-deploy probes fail and the bug is in code (not data):

# revert the version commit on main
git revert <commit-sha>
git push origin main
# CI will re-deploy automatically; or run scripts/deploy.sh again

If the bug is in a migration, do not revert the migration — write a forward fix migration that restores the prior schema. D1 has no rollback.

Login probe credentials

admin / Spb812 — PBKDF2-SHA256 100K iters + salt in users.password_hash. Cookie jar:

• Linux: /tmp/pms-cookies.txt
• Windows: pick equivalent temp path ($env:TEMP/pms-cookies.txt)