Rebuilt [dashboard/](../dashboard/) with `npm run build` — Next.js 14 static export, output went to `dashboard/out/`.
2026-04-07 · [OPEN FILE]
| Severity | :red_circle: SECURITY -- launch blocker |
Day 1--2: Critical fixes
Underground has a thoughtful visual design, but accessibility was not part of the build process. There are 14 launch-blocking issues across contrast, semantics, keyboard access, motion safety, and scr…
Why: If the iOS app ever needs to send cookies or credentials with requests, they'll be silently stripped. Currently using Bearer tokens so this isn't blocking, but it's a gap if auth strategy changes…
NOT READY TO SHIP. There are 5 critical blockers:
Estimated fix time for all 5 blockers: 2-3 hours. The non-critical findings (cache bounds, dev tools in prod, loading states) can ship as fast-follows after launch.
Didn't fix the wrangler.toml warning even though I noticed it. The user asked for a deploy, not a config cleanup, and adding `pages_build_output_dir = "out"` to wrangler.toml would have been an unrela…
Didn't init a git repo for the studio dir. Tempting, but that's a structural decision about how this whole project is versioned and not something to do unilaterally mid-task.
Verified by curling the production URL rather than trusting the wrangler "Deployment complete" message. Cloudflare Pages can lag between upload and propagation, and the only thing that actually proves…
Decide whether `dashboard/` should be a git repo or whether the studio dir as a whole should be one. Right now neither is, which is why "did this get committed" is a meaningless question.
Add `pages_build_output_dir = "out"` to wrangler.toml so the warning goes away.
Bigger structural thing: there's no signal anywhere when an agent file gets added or edited and the dashboard goes out of date. Either a file watcher, a pre-commit-style hook, or just a Kit briefing l…
| Action | No action required unless you want to trim. Low priority. |
Set a monthly spend cap on the Anthropic dashboard (suggest $20/month for Haiku)
Verify `.env` is gitignored and secrets are set as Railway environment variables
Confirm Apple Developer account is active and enrolled
Create a simple privacy policy page using the template from APP_STORE_LAUNCH_GUIDE.md
Host it (GitHub Pages, Vercel static, or a page on your domain)
Same URL can serve as the support URL (add a contact email)
Note the final URLs for App Store Connect
Run `npm run ios:build` to rebuild and sync latest web assets
Open in Xcode (`npm run ios:open`)
Confirm signing team is selected under Signing & Capabilities
Confirm deployment target is iOS 15.0 or iOS 16.0
Confirm "Devices" is set to iPhone only
Run on iPhone simulator -- test all 10 modules, all games, content loading from Railway
Verify the API fetches work in the Capacitor context (content loads from Railway URL)
Archive in Xcode: Product > Archive
Upload to App Store Connect
Install via TestFlight on a physical iPhone
Test: cold start, all modules, games, offline behavior (service worker), content fetching
Capture screenshots in Xcode simulator for required device sizes:
Capture 4--6 screenshots: home screen, expanded module, game, word of the day
Optional: add marketing frames/captions using Figma or Screenshots Pro
Fix any issues found during testing
Rebuild and re-upload if needed
Create app record in App Store Connect (name: Underground, bundle ID: com.taliamalchin.underground)
Upload screenshots for all required device sizes
Fill in description, subtitle, keywords, category, age rating
Set privacy policy URL and support URL
Select pricing: Free
Select availability: all countries (or specific markets)
Complete the App Privacy section (select "Data Not Collected")
Ensure at least a few days of published content exist (Apple requires functional content)
Upload final archive build
Select build in App Store Connect
Submit for review
Monitor App Store Connect for review status (typical: 1--3 days)
Keep publishing daily content via the planner
Respond to any reviewer feedback promptly
If rejected, fix and resubmit (common reasons: missing content, broken links, metadata issues)
Add Sentry error monitoring to both client and server
Fix the `throw err` bug in server/index.ts error handler
Consider lightweight analytics (TelemetryDeck or PostHog)
Document the rollback runbook (Railway redeploy, content unpublish)
Set up phased rollout in App Store Connect for future updates
Kit
morning-briefing
say: “morning briefing”
Luca
brief-writer
say: “new feature”
Maury
market-researcher
say: “new app idea”
Orla
project-manager
say: “new project”
Phil
file-organizer
say: “project feels messy”
Remi
dev-logger
say: “log this session”
Rita
fleet-improver
say: “Rita review the fleet”
Adi
dep-auditor
say: “before launch”
Ali
api-designer
Atlas
launch-pl ship
say: “getting close to launch”
Cane
cost-auditor
say: “how much will this cost”
Dex
code-writer
say: “build this”
Frank
db-architect
say: “new app”
Iverson
researcher
say: “how should I build”
Mason
qa-tester
say: “test this”
Zev
code-reviewer
say: “review this”
Emi
component-builder
say: “build this component”
Landon
system-auditor
say: “monthly review”
Mira
image-prompt
say: “need a hero image”
Nina
accessibility
say: “accessibility check”
Sol
ui-designer
say: “after building UI”
Wren
motion-designer
say: “after adding animations”
Clio
copywriter
say: “write copy for”
Fern
positioning
Soren
naming
say: “name this app”
Vera
brand-voice
say: “before publishing anything”
Hana
app-store
say: “App Store description”
Knox
pricing-strategist
say: “how should I price this”
Petra
legal-checker
Dara
analytics
say: “what does my data show”
Ines
social-strategist
say: “what should I post”
competitor-watcher