Read-only route live

Pharoah App Builder, without the write surface.

This is the Pharoah-branded route over the shared ATTOH/BRG App Builder engine. It proves the backend is reachable and gives the coder a safe integration surface while deploy, token, checkout and tenant actions remain gated.

What is enabled now.

Pharoah gets a branded front door to the live engine, with evidence shown clearly and the risky actions held behind proof gates.

Visible receipt

The live Railway health route reports service, modules, route count, model gateway and Supabase readiness.

GET /health status: ok

Server health proxy

Cloudflare now exposes a same-origin, GET-only proxy that sanitises the backend health response for the Pharoah route.

../api/app-builder/health GET only

Pharoah skin

The shell uses Pharoah Forge Kit colours from the partner repo: black surfaces, gold accent and Inter typography.

#0a0a0f #c8a04a

No-write boundary

The page does not call assemble, deploy, token, GitHub, Stripe, Supabase or provider routes from the browser.

no client fetch no secrets

Route inventory.

The backend is live. The Pharoah route only exposes status and handoff links until the server-side tenant proxy is approved.

Route group Backend routes Pharoah state
Health proof GET /health Visible
Project planning POST /v1/gaps, POST /v1/scaffold, POST /v1/assemble Server proxy required
Materialise and export POST /v1/materialise, POST /v1/export, PATCH /v1/project/{project_id} Tenant proof required
AI calls POST /v1/chat, POST /v1/complete Server proxy required
Deploy and GitHub GET /github/auth-url, POST /github/callback, POST /github/push, POST /deploy/netlify, POST /deploy/vercel Locked
Token issue POST /v1/token/issue Locked

Launch gates before write access.

These gates protect the shared engine and stop Pharoah being treated as the source owner. Pharoah is the branded deployment route.

Next engineering stage

  • Build a server-side Pharoah proxy that holds provider and Supabase credentials outside the browser.
  • Prove tenant auth and RLS with a timestamped Supabase readback before enabling project writes.
  • Add no-write smoke tests for scaffold, materialise, export and deploy route guards.
  • Keep checkout and paid plan actions disabled until Stripe approval receipts exist.