Enter your passcode
This passcode lives in page source — add Cloudflare Access or Vercel password protection at the host level for a genuinely locked admin. The panel can't access other couples' data: that's protected by Supabase RLS.
Make a free project at supabase.com. In SQL Editor, paste all of garden/supabase-setup.sql and Run.
This build can load live public config from Cloudflare KV. Use the Connection tab to save the Supabase Project URL/public key for every device using the live site.
Configure custom SMTP (Resend, Postmark) so confirmation emails hit the inbox. Full guide in EMAIL-SETUP.md. Set your site URL + redirect URLs in Supabase → Auth → URL Config.
Supabase → Authentication → Providers → enable Google / Apple. Add your deployed URL to allowed origins.
Run npx web-push generate-vapid-keys. Paste only the public key in the Push tab. Put the private key in Supabase Edge Function secrets.
Deploy the Admin app, Main app, and API Worker separately with wrangler deploy. Protect this admin page with a strong Worker ADMIN_TOKEN, and Cloudflare Access later.
https://api.usenightbloom.com/api/admin/config. It updates the live app for every device after refresh. The Supabase publishable/anon public key is okay here when Row Level Security is enabled. The health check now tests the real live API Worker plus Supabase endpoints. Never paste a service_role key here.Generate: npx web-push generate-vapid-keys
localStorage only. For real multi-couple analytics, query your Supabase dashboard.localStorage on this device only. To manage real user data, use the Supabase dashboard directly.