# CODEX Implementation Guide (Server + Launch Wiring)

This repo is a **pre-launch staging front-end**. It is intentionally safe:
- No “live” PDF/evidence links are active unless `dossier.status === 'live'`
- No model API keys are shipped to the browser
- The roast generator (if enabled) calls a server endpoint

## 1) Publish static artifacts

Target paths (recommended):
- PDF: `/static/hosted/snyk-shadow-dossier.pdf`
- Evidence index: `/static/hosted/evidence/index.html`

### What to ship
- The free public PDF
- Evidence index HTML + any referenced assets (bundles, hashes, trace files)

## 2) Flip dossiers to LIVE

Edit `constants.tsx`:

- Set:
  - `status: 'live'`
  - `pdfPath: '/static/hosted/<file>.pdf'`
  - `evidencePath: '/static/hosted/evidence/index.html'`

Optional:
- Add `sha256` and `bytes` (use `node scripts/hash.mjs path/to.pdf`)
- Add `gumroadUrl` for classified edition
- Confirm `contactEmail`

## 3) Configure base URL (optional)

If you deploy under a domain/subdomain and want absolute links, set:

- `VITE_PUBLIC_BASE_URL=https://infrafabric.io` (or your subdomain)

If unset, the app uses relative links (works fine for same-origin hosting).

## 4) Roast Generator (optional)

### Current behavior
- UI is hidden unless: `VITE_ENABLE_ROAST=true`
- Client calls: `POST /api/roast` with JSON `{ "content": "..." }`
- Expected response: `{ "text": "..." }`

### Implementing the endpoint
You can implement this in whichever server environment you use. Examples are in `server_stubs/`.

Required behavior:
- Validate request body
- Rate limit (recommended)
- Call your LLM provider using a **server-side** secret
- Return JSON `{ text }`

### Provider dependency
If you want Gemini, add `@google/genai` server-side and use `server_stubs/gemini_client_example.ts` as a starting point.

## 5) Replace staged UI labels (optional)

Staged labels are intentional pre-launch.
Once live, you can:
- Rename “Evidence (staged)” back to “Evidence”
- Replace “Request early access” with “Download PDF”
- Enable premium tier by adding Gumroad URL in `constants.tsx`

## 6) Final checklist

- [ ] PDF link works (no 404)
- [ ] Evidence index link works
- [ ] `status` set to `live`
- [ ] Optional: SHA-256 + bytes present and correct
- [ ] No secret keys shipped to client bundles
- [ ] OpenGraph image exists at `/og-dossier.jpg`
- [ ] Favicon present at `/favicon.svg`