AWS staging bootstrap checklist
A value-free operator checklist for creating the first MUPZAOS staging server, proving health checks and keeping production, MUPZAAI and LAN authority untouched.
Env families
Bootstrap checklist
AWS staging starts only after local evidence says the source pack is push-safe.
cd D:\mupza-business-os; powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\qa\run-local-release-readiness-index-qa-smoke-v1.ps1Production stays untouched and staging can be rebuilt without business risk.
Create one new AWS EC2 staging instance with an operator-owned SSH key.SSH stays limited while web traffic remains reachable for health checks.
Open 22 only to operator IP, 80 and 443 to internet.MUPZAOS frontend can build and run behind a stable reverse proxy.
Install Node.js LTS, Git, Nginx and a process manager on the staging server.Server receives only the clean GitHub source pack, not local generated folders.
git clone <NEW_GITHUB_REPO_URL> mupza-business-osFirebase, notification, Cloudflare and tag values are never committed.
Create server-side env config from operator-owned secrets, never from source files.Staging server proves the pushed source builds in its real runtime.
cd mupza-business-os/frontend; npm ci; npm run typecheck; npm run buildThe app listens locally before Nginx exposes it.
cd mupza-business-os/frontend; npm run start -- -p 3000Cloudflare and browser traffic hit Nginx, while the app stays private on localhost.
Proxy 80/443 to 127.0.0.1:3000 and keep /api/health reachable.Public health returns value-free readiness before DNS/proxy changes are trusted.
Invoke-WebRequest -Uri https://<staging-domain>/api/health -UseBasicParsingCore operator, POS and release screens are reachable on staging.
Open /, /release-evidence, /operator-push-pack, /staging-health and /pos-desktop.The operator can back out without touching production.
Keep previous process config and DNS unchanged until health and route smoke pass.Staging smoke routes
Owner/admin shell loads.
Public health is value-free.
QA evidence is visible.
Push boundary is visible.
Staging health page is visible.
Cashier desktop route remains reachable.
Notification contracts remain reachable.