Website Preview And Publish Readiness - 2026-05-08¶
Status: review pack for the stacked website readiness pass. Public-safe. No deployment, email, CRM write, analytics install, payment link, or public form workflow was performed by this note.
PR And Preview¶
- Copy alignment PR: https://github.com/mizoz/zalastack-website/pull/2
- Vercel preview from the PR comment:
https://zalastack-website-git-codex-website-copy-f6d3cb-mizozs-projects.vercel.app - Opportunity Desk route:
https://zalastack-website-git-codex-website-copy-f6d3cb-mizozs-projects.vercel.app/opportunity-desk/ - Vercel comment status:
Ready, updated May 8, 2026 5:00pm UTC.
Unauthenticated access check on May 8, 2026:
| URL | Result | Evidence |
|---|---|---|
Preview root / |
HTTP 401 |
Response title: Authentication Required; headers included server: Vercel, x-robots-tag: noindex, and _vercel_sso_nonce cookie. |
Preview /opportunity-desk/ |
HTTP 401 |
Same Vercel authentication page and SSO redirect behavior. |
This means the preview deployment exists, but Vercel Deployment Protection is requiring authentication. Ahmed will not be able to open the preview as a public, unauthenticated visitor unless he is signed in with access to the Vercel project or uses an approved Vercel protection bypass flow. This readiness pass does not disable preview protection.
Local Review Instructions¶
Use local static export review when the Vercel preview is protected:
pnpm preview serves the exported site from out/ on
http://127.0.0.1:4321 by default.
Inspect these routes:
http://127.0.0.1:4321/http://127.0.0.1:4321/opportunity-desk/http://127.0.0.1:4321/ventures/http://127.0.0.1:4321/about/http://127.0.0.1:4321/contact/http://127.0.0.1:4321/documents/http://127.0.0.1:4321/documents/opportunity-desk/
If pnpm preview is already in use, run:
Then use http://127.0.0.1:4322 for the same paths.
Dirty CSS Decision¶
The starting worktree had src/app/globals.css modified after PR #2.
Decision: include it in the stacked readiness branch.
Reason: the current PR #2 markup references classes that were only present in
that dirty file, including site-container, hero-shell,
hero-visual-shell, mesh-card, surface-card, surface-card-elevated,
section-title, section-kicker, section-subtitle, venture-visual, and
status-pill. Without the CSS, the homepage, sign-in panel, and blog title
styles depend on missing global class definitions. The CSS should still be
judged visually in local preview before production publish.
Public Copy QA Checklist¶
The public copy should pass these gates before production:
- No contract-award, revenue, ranking, or grant-success guarantee.
- No implication that ZalaStack is the government, buyer, legal counsel, or supplier/proponent/vendor of record.
- No implication that ZalaStack contacts buyers, changes supplier profiles, accesses gated documents, expresses interest, uploads files, submits bids, or runs portal actions without explicit authorization.
- No claim that live automation, scraping, CRM writeback, email sending, analytics, or form workflows are running from this website.
- No private lead, prospect, CRM, Gmail, payment, or internal strategy data in committed public content.
- Opportunity Desk remains one service lane under broader ZalaStack systems work, alongside Owned Cloud, FRAME YYC, workflow, infrastructure, content systems, and operator tools.
- Local Web Agency-style web-audit/mockup work is not mixed into Opportunity Desk copy.
Static Review Notes¶
Recommended visual checks:
- Homepage hero: confirm the light editorial shell, particles, stats row, and services sections fit desktop and mobile without text overflow.
- Opportunity Desk route: confirm the approval boundaries are prominent and the page does not read like a generic RFP win-guarantee pitch.
- Documents layer: confirm
/documents/opportunity-desk/builds and links from the site. - Contact route: confirm the site uses email/contact prompts only; no live form workflow is implied by this PR.
- Header/footer/nav: confirm Opportunity Desk appears as a lane, not as the whole company identity.
Local screenshots were generated after pnpm build from the static export
served at http://127.0.0.1:4321. They are intentionally stored under ignored
build output and are not committed:
out/_review-screenshots/home-desktop.png- 1440 x 1200out/_review-screenshots/home-mobile.png- 390 x 1200out/_review-screenshots/opportunity-desk-desktop.png- 1440 x 1200out/_review-screenshots/documents-opportunity-desk-desktop.png- 1440 x 1200
Production Publish Checklist¶
Do not publish until Ahmed approves the production step.
Before production:
- Merge PR #2 first, or merge this stacked PR in the intended order so the readiness branch lands on top of the copy-alignment branch.
- Confirm Vercel preview protection is expected; do not disable it just to make review public.
- Review the site locally using the routes above, or through an authenticated Vercel preview session.
- Run:
- Confirm
public/sitemap.xmlincludes/opportunity-desk/. - Confirm
public/documents/opportunity-desk/index.htmlexists afterpnpm docs:build. - Confirm no private data or unsafe claims were introduced in
src/,docs/,public/documents/,public/sitemap.xml, or metadata. - Confirm production Vercel deploy settings point to the intended production branch/domain and do not accidentally publish a protected preview URL.
- Confirm no analytics, CRM writeback, email send, payment, portal, or public form workflow was added without a separate approval.
- Only then approve the production deploy through the normal Vercel/GitHub workflow.
No-action Confirmation¶
This readiness pass is review-only. It does not deploy production, disable preview protection, mutate CRM, send email, create payment links, install analytics, submit forms, contact buyers, access gated procurement documents, or perform portal actions.