---
phase: 01-foundation
plan: 03
type: execute
wave: 3
depends_on:
- "01-01"
- "01-02"
files_modified: []
autonomous: false
requirements:
- AUTH-01
- AUTH-02
- AUTH-03
- AUTH-04
must_haves:
truths:
- "Project is deployed and live at a Vercel URL (teressacopelandhomes.com or a *.vercel.app preview URL)"
- "Agent can log in with email and password in the production deployment"
- "Agent session persists after browser tab close and reopen"
- "Visiting any /agent/* route while logged out redirects to /agent/login"
- "Agent can log out and sees 'You've been signed out'"
- "Database schema is live in Neon with Teressa's seeded account"
- "Vercel Blob store exists and BLOB_READ_WRITE_TOKEN is set in Vercel environment"
artifacts:
- path: "Vercel project"
provides: "Production deployment with all 5 env vars set"
- path: "Neon database"
provides: "users table with Teressa's seeded account"
- path: "Vercel Blob store"
provides: "Single blob store for future document storage (Phase 4+)"
key_links:
- from: "Vercel deployment"
to: "Neon database"
via: "DATABASE_URL env var in Vercel project settings"
pattern: "DATABASE_URL set in Vercel env"
- from: "Vercel deployment"
to: "Auth.js"
via: "AUTH_SECRET env var in Vercel project settings"
pattern: "AUTH_SECRET set in Vercel env"
---
Deploy the project to Vercel, wire all environment variables, run the database migration and seed on the production Neon database, and verify the complete auth flow end-to-end in the live deployment. This plan is a blocking checkpoint — a human must confirm the production deployment works before Phase 1 is complete.
Purpose: Phase 1's success criterion explicitly requires the project to be deployed to Vercel with environment variables wired. This checkpoint ensures that is true before declaring Phase 1 done.
Output: Live production deployment of teressacopelandhomes.com (or *.vercel.app) with working auth.
@/Users/ccopeland/.claude/get-shit-done/workflows/execute-plan.md
@/Users/ccopeland/.claude/get-shit-done/templates/summary.md
@.planning/ROADMAP.md
@.planning/phases/01-foundation/01-CONTEXT.md
@.planning/phases/01-foundation/01-01-SUMMARY.md
@.planning/phases/01-foundation/01-02-SUMMARY.md
Task 1: Push to Git and verify Vercel auto-deploy triggers
Initialize a git repo if not already done, then push to the remote that Vercel's Git integration watches:
```bash
# From the project root directory:
git init
git add .
git commit -m "feat(01-foundation): Next.js scaffold, auth, database schema, and login UI"
git branch -M main
git remote add origin
git push -u origin main
```
Per user decision: Vercel native Git integration is used (push to main → auto-deploy). GitHub Actions are NOT used.
After pushing:
1. Open the Vercel dashboard for the project
2. Watch the deployment in the "Deployments" tab — it should trigger automatically
3. If the deployment FAILS because of missing env vars (expected on first deploy), that is fine — the checkpoint task below addresses this
4. Note the Vercel project URL (either custom domain or *.vercel.app URL)
IMPORTANT: If the Vercel project was not yet created (user setup not yet done), the push will not trigger a deployment. Claude cannot create the Vercel project or set env vars — the user_setup block in Plan 01's frontmatter lists these steps. Only proceed here if the user confirms setup is complete.
If user setup IS complete and the deployment succeeds:
```bash
# Pull env vars for local use (creates .env.local — already in .gitignore)
vercel env pull
# Run migration against production Neon database
npm run db:migrate
# Seed Teressa's account
npm run db:seed
```
If db:migrate and db:seed were already run locally against Neon during Plan 01 (because DATABASE_URL was available early), skip running them again — the onConflictDoNothing in seed.ts makes re-runs safe but unnecessary.
Vercel dashboard shows deployment status; git push completes without error; vercel env pull creates a .env.local file with all 5 required env vars (DATABASE_URL, AUTH_SECRET, BLOB_READ_WRITE_TOKEN, AGENT_EMAIL, AGENT_PASSWORD)
Code is pushed to main, Vercel deployment has triggered (or completed), .env.local populated via vercel env pull
Task 2: Verify complete auth flow in production
Human verification of the complete Phase 1 auth flow in the live Vercel production deployment. See how-to-verify for the 7 test cases.
Complete Phase 1 auth system:
- Branded login page at /agent/login with password toggle
- Protected agent dashboard at /agent/dashboard
- 7-day rolling JWT session (persistent across browser restarts)
- Middleware-enforced route protection for all /agent/* routes
- Logout with "You've been signed out" confirmation
- Neon database with users table and Teressa's seeded account
- Vercel Blob store provisioned
- Deployed to Vercel with all environment variables wired
Open the production URL from the Vercel dashboard (either https://teressacopelandhomes.com or the *.vercel.app preview URL).
**Test 1 — Route protection (AUTH-03):**
- Navigate directly to: `[your-vercel-url]/agent/dashboard`
- Expected: Redirected to `/agent/login` (not a 404 or blank page)
- Pass / Fail?
**Test 2 — Login with wrong credentials (AUTH-01):**
- On /agent/login, enter any email + wrong password
- Expected: Page reloads, shows "Invalid email or password" banner
- The error should NOT say which field is wrong
- Pass / Fail?
**Test 3 — Login with correct credentials (AUTH-01):**
- On /agent/login, enter Teressa's AGENT_EMAIL and AGENT_PASSWORD
- Expected: Redirects to /agent/dashboard showing Teressa's email address
- Pass / Fail?
**Test 4 — Session persistence (AUTH-02):**
- After logging in, close the browser tab (or close and reopen the browser window)
- Navigate back to `[your-vercel-url]/agent/dashboard`
- Expected: Still logged in — dashboard shows without redirecting to login
- Pass / Fail?
**Test 5 — Logout (AUTH-04):**
- On /agent/dashboard, click "Sign out"
- Expected: Redirected to /agent/login with a "You've been signed out" message visible on the page
- Pass / Fail?
**Test 6 — Post-logout protection (AUTH-03):**
- After logging out, navigate to `[your-vercel-url]/agent/dashboard`
- Expected: Redirected to /agent/login (session is invalidated)
- Pass / Fail?
**Test 7 — Password toggle:**
- On /agent/login, type any password in the password field
- Click the show/hide toggle
- Expected: Password becomes visible as plain text
- Pass / Fail?
If all 7 tests pass: type "approved" to complete Phase 1.
If any test fails: describe which test failed and what you saw.
All 7 tests pass and human types "approved"
Human has approved all 7 auth flow tests in the production Vercel deployment
Type "approved" if all 7 tests pass, or describe failures
All verification is human-driven in the checkpoint above. The 7 tests map directly to the Phase 1 success criteria from ROADMAP.md:
| ROADMAP Criterion | Tests |
|-------------------|-------|
| Agent can log in with email and password | Tests 2 + 3 |
| Session persists after browser refresh/tab close | Test 4 |
| Unauthenticated /agent/* routes redirect to login | Tests 1 + 6 |
| Agent can log out | Test 5 |
| Database deployed to Neon, Blob created, Vercel wired | Implicit in Tests 3 + 4 working in production |
All 7 verification tests pass in the production Vercel deployment:
1. /agent/dashboard redirects unauthenticated users to /agent/login
2. Wrong credentials show "Invalid email or password"
3. Correct credentials grant access to /agent/dashboard
4. Session survives browser tab close and reopen
5. Logout redirects to /agent/login with confirmation message
6. Post-logout /agent/dashboard visit redirects to login
7. Password toggle switches between hidden/visible
Human approves the checkpoint with "approved".