Docs.

Things deliberately deferred until launch (June 26, 2026 — 20:26 Bogotá). Living list — add items here when a "we'll do it at launch" decision is made, with enough context that no archaeology is needed later.

• Set CRON_SECRET in the Vercel project env (production). Any random string (openssl rand -hex 32). This arms the three scheduled jobs — /api/cron/expire-holds (hourly), /api/cron/reminders (08:00 Bogotá), /api/cron/overdue (13:00 Bogotá) — which refuse to run in production without it. Decided 2026-06-11: not needed while there are no real reservations to expire or remind.
• Confirm transactional emails go live on prod. RESEND_API_KEY must be present in the Vercel production env and EMAIL_DRY_RUN unset — off-production the quote/confirmation/receipt emails deliberately take the skip path, so prod is the first place they really send. Proof a quote email to a studio address before real clients see one.
• Set GOOGLE_SERVICE_ACCOUNT_EMAIL / GOOGLE_SERVICE_ACCOUNT_KEY in the Vercel production env so the office agent's Drive/Docs/Sheets tools work on prod. The values live in the local .env (service account studiodotchat@studiodotchat.iam.gserviceaccount.com, project studiodotchat; key minted 2026-06-12 behind a project-scoped override of the org's iam.disableServiceAccountKeyCreation policy). Drive shares to that email are the access boundary — share only what the agent should see.
• Drop the launch gate (LAUNCH_* env) — the launch act itself.
• Resolve the dev-tunnel local edits (brandon.dev.studio.chat, see the project_dev_tunnel memory). Added 2026-06-14. The personal tunnel left a few working-tree changes; decide their fate before launch:
  • supabase/config.toml — personal [auth] external_url + additional_redirect_urls pointing at sb.brandon.dev.studio.chat. This one WOULD break dev/prod auth if it shipped — Branching syncs the [auth] block to the dev branch and prod, so real sign-ins would get the brandon.dev callback. Now guarded with git update-index --skip-worktree supabase/config.toml; keep it skipped, or strip those two edits. (To commit a legit config change later: --no-skip-worktree, git add -p only the shared hunk, re-skip.)
  • next.config.ts — allowedDevOrigins += "brandon.dev.studio.chat". Harmless (dev-only; the array already ships 192.168.4.26). Left as-is; remove if tidying.
  • Uncommitted but shippable, prod-safe code fixes — decide commit-or-revert: src/lib/auth/request-origin.ts (new) + auth/callback/auth/continue building the redirect origin from forwarded headers (fixes a real reverse-proxy bug — req.url reports the bind host 0.0.0.0:3026 in dev), and src/lib/auth/supabase-browser.ts (PKCE cookie-name pin + the guarded tunnel origin-split). All no-ops on localhost/prod. If committed, add a CHANGELOG entry.

Done items move to the bottom with a date rather than being deleted.

Done

• Prod schema synced through 0010 (2026-06-11) and Brandon's first prod office sign-in completed — the administrator account is linked (see docs/archive/overnight-2026-06-10.md).