AAgentProof

Setup status (diagnostic)

What this deploy has wired

This page reports which environment variables and feature flags are present on the live deploy. It reports presence by name only — values are never echoed. Use it to audit what still needs to be set on Railway Variables before each flow becomes live.

11 / 11 variables set·6 / 13 flags on·17 probes green·2 amber·0 red

Active probes (live checks, not just env-var presence)

Readiness: auth working persistence unverified

The full check-by-check breakdown lives at /system-health. Click through for green/amber/red per check, plus the next-action per row.

  • Auth + Supabase persistence11 green
  • Product feature flags3 green1 amber
  • Intentionally sample-only surfaces2 green1 amber
  • Microsoft connector1 green
  • End-to-end proofs (requires founder live login)2 needs live test

Auth + persistence (Supabase)

Login (magic link), trial workspace activation, invite acceptance, and every persisted entity (workspace progress, reports, manual agents, event audit) all flow through Supabase.

Environment variables

  • NEXT_PUBLIC_SUPABASE_URL

    Supabase client init

    set
  • NEXT_PUBLIC_SUPABASE_ANON_KEY

    Supabase client init (public anon key, RLS-protected)

    set
  • NEXT_PUBLIC_APP_URL

    Magic-link redirect target (builds emailRedirectTo)

    Set to the live Railway domain, e.g. https://your-app.up.railway.app

    set

Feature flags

  • AGENTPROOF_SUPABASE_AUTH_ENABLED

    Real Supabase auth path (without it, login falls back to local-only mode)

    on
  • AGENTPROOF_PRIVATE_BETA_INVITES_ENABLED

    Invite create/accept flow

    on
  • AGENTPROOF_PRIVATE_BETA_EMAILS_ENABLED

    Real invite emails (vs copy-link). Optional.

    off
  • AGENTPROOF_PUBLIC_REGISTRATION_ENABLED

    Self-serve signup on /beta/register. KEEP OFF until public beta.

    off
  • AGENTPROOF_REQUIRE_EMAIL_VERIFICATION

    Force email verification. Defaults to ON when Supabase auth is on.

    off

Microsoft connector (real tenant discovery)

Real OAuth flow to discover Power Platform environments + Copilot Studio agents from a Microsoft tenant. Without these, the 'Connect Microsoft' button returns HTTP 503 setup_needed.

Environment variables

  • MICROSOFT_TENANT_ID

    Microsoft Entra tenant id

    set
  • MICROSOFT_CLIENT_ID

    Microsoft Entra app registration client id

    set
  • MICROSOFT_CLIENT_SECRET

    Server-side token exchange (never sent to browser)

    set
  • MICROSOFT_REDIRECT_URI

    OAuth callback URL

    Must match the Entra app exactly: https://<railway-domain>/api/connectors/microsoft/auth/callback

    set
  • MICROSOFT_POWER_PLATFORM_SCOPE

    Power Platform admin scope

    Typical value: https://api.powerplatform.com/.default

    set
  • MICROSOFT_SESSION_SECRET

    HMAC-signs the pending OAuth handshake cookie (32+ random bytes)

    set

Manual non-Microsoft agent + demo

Add an environment + agent without Microsoft (website chatbot, OpenAI-style agent, custom internal agent, workflow automation). The /workspace/manual-agent/new form (S34AC-R7) writes to whichever repository bundle is configured (Supabase if wired, local-private otherwise).

Feature flags

  • AGENTPROOF_MANUAL_NON_MICROSOFT_AGENT_ENABLED

    Surfaces the manual non-MS path in the readiness command centre

    on
  • AGENTPROOF_DEMO_MODE_ENABLED

    Exposes /demo with two sample agents

    off
  • AGENTPROOF_TRIAL_EXPERIENCE_ENABLED

    Gates the /trial/start CTA. Trial flow is sample-only by design (per S34AC-R7 audit).

    off

Intelligence + AI Radar

Public-preview surfaces for the Intelligence Library and AI Landscape Radar. Per S34AC-R1 the radar is honestly framed as 'curated sample intelligence, live monitoring not yet active'. Making it truly live is a separate build (data feed + human approval queue) — not a config switch.

Feature flags

  • AGENTPROOF_PUBLIC_INTELLIGENCE_PREVIEW_ENABLED

    Public preview content on /intelligence-preview

    on
  • AGENTPROOF_LANDSCAPE_RADAR_PUBLIC_PREVIEW_ENABLED

    /learn/ai-landscape-radar preview content

    on
  • AGENTPROOF_INTELLIGENCE_LIBRARY_FULL_ACCESS_ENABLED

    Full library (workspace + admin only)

    off
  • AGENTPROOF_INTELLIGENCE_REVIEW_CONSOLE_ENABLED

    Admin intelligence review console

    off

Founder admin console

Internal admin surfaces (/admin/operations, /admin/readiness-command-centre, /admin/intelligence-ops, /admin/pilot-control-room, etc). Off by default — exposes founder-only operational data.

Feature flags

  • AGENTPROOF_ADMIN_TOOLS_ENABLED

    All /admin/* routes

    on

Private staging access gate (optional)

Middleware-level Basic Auth gate for a private staging URL. Leave blank in production — only set these when you want to lock down a tester preview behind a username + password.

Environment variables

  • AGENTPROOF_STAGING_ACCESS_GATE_USERNAME

    Basic-Auth username for staging

    set
  • AGENTPROOF_STAGING_ACCESS_GATE_PASSWORD

    Basic-Auth password for staging

    set