AgentOS

SABRONMBC command center

Tripsynk Launch Board — target 2026-07-07

Goal (Nabil, 2026-07-06 evening): web + mobile launch-ready by tomorrow. Definition used: web serving current build on a real domain with working prod schema + secrets; mobile submittable to TestFlight + Play internal track. Full audits: web repo + mobile repo, 2026-07-06 ~19:00 UTC.

Headline findings

  1. tripsynk.com is lost — drop-caught May 2026, parked by HugeDomains (registrar DropCatch). Every subdomain is squatter wildcard. Decision (Nabil): launch on sabrontravels.com (owned to 2029).
  2. Web prod code is CURRENT (Coolify auto-deploys main; 9323397 live 18:55 UTC) — the "stale prod" worry was outdated. But the prod DB schema has likely never been migrated — the CI migration step has skip-logged on every run in history because zero GitHub Actions secrets exist. Code-vs-schema mismatch is the top technical risk.
  3. All production vendor secrets are placeholders (Auth0/Stripe/R2/AI keys) — signup, payments, uploads cannot work live until Nabil's launch-secrets session.
  4. Mobile would ship broken today: EAS production env still holds a previous app generation's dev config — localhost API URL, no Auth0, DEV_MODE=true, plus an exposed OpenAI key (inlined into any built bundle; rotate it). Icon is still the Obytes template (store-rejection risk); brand still cobalt; version 0.1.0.
  5. Stripe Connect 5-PR series is complete (mobile PR #28 merged; web #36/#39/#40/#41). Mobile main is ~5 weeks behind web's product direction — acceptable for v1 internal.

Done tonight (by agent)

Corrections for the secrets session (important)

In flight / landed (evening 2)

Evening 3 (post-merge verification)

Corrections found in Nabil's session (2026-07-07 00:0x)

Night 2 — the migration run (2026-07-07 01:30–02:00 UTC)

🔑 Nabil-gated critical path (nothing above unblocks launch without these)

Web (the launch-secrets session — runbook infra/coolify/launch-secrets.md, now domain-swapped):

  1. Auth0 prod tenant: Regular Web App + API audience + provisioning Action (callbacks now on sabrontravels.com).
  2. Stripe live mode: keys, webhook wh.sabrontravels.com/wh/stripe, Connect Express platform profile.
  3. Cloudflare R2: bucket, scoped token, CORS, avatar WAF rule.
  4. Anthropic + Voyage keys (or decide: hide AI surfaces at launch).
  5. Generate 6 shared secrets (openssl rand -hex 32) per runbook table.
  6. Set the ~14 GitHub Actions secrets → first real migration run fixes the schema drift; verify prod Hasura schema right after.
  7. Create the worker-service Coolify app (GDPR purge cron — compliance, not a feature).

Mobile: 8. Approve executing the EAS env cleanup (script in PR) + rotate the exposed OpenAI key. 9. Decide: TestFlight/internal on dev-tenant Auth0 + test-mode Stripe (doable tomorrow) vs waiting for prod tenant (not doable tomorrow). 10. App Store Connect app record (com.tripsynk) + Play Console record; screenshots/descriptions; privacy policy URL on sabrontravels.com; Play service-account JSON.

Honest assessment

Morning pass (2026-07-07 ~06:30 UTC) — independent launch-audit + pipeline fix