Home / Product / Atlas and Studio

Studio Deploy + Knowledge Repo - Runbook v1

Updated Jun 16, 2026 · Affirmology_StudioDeploy_Runbook_v1.md

Studio Deploy + Knowledge Repo - Runbook v1

How to get the Studio live at studio.affirmology.ai, and how to stand up a safe knowledge repo for Sol and Colin that never contains equity or share documents.

The hard truth that shapes the plan

The Studio engine spends ElevenLabs credits and runs FFmpeg + WeasyPrint. Cloudflare Pages and Workers cannot run it (they are static / edge only). The engine needs a real server. So the front-end and the subdomain live on Cloudflare; the engine lives either on the laptop (Phase 1) or on Render (Phase 2).

The plan (staged)

• Phase 1, live this week for Sol: the WHOLE Studio app runs on the laptop (UI, API, script phase, audio renders, the SQLite library DB), front-end reachable at studio.affirmology.ai via Cloudflare, engine and storage on the laptop over Tailscale Funnel (the proven demo setup), logins via Cloudflare Access. Works when the laptop is on. NO Render account needed yet.
• Persistence in Phase 1 lives on the laptop/SSD: finished audios go to a stable SSD folder (e.g. /Volumes/Affirmology/studio-media) and the library SQLite DB stays on the laptop, both survive restarts. Back them up (Time Machine or a copy) so a laptop failure cannot erase them.
• Phase 2, 24/7 long term: lift the engine and storage off the laptop onto Render (Docker) + R2, subdomain points at Render, laptop no longer needed. The render.yaml, Dockerfile, R2 backend, and STUDIO_REQUIRE_AUTH flag are kept ready so this is a config switch, not a rebuild.

Who does what

• Claude Code (terminal, on the laptop): all code, the git repos and pushes, the Cloudflare Worker route that sends studio.affirmology.ai/api/* to the laptop funnel, the auth flags, and (Phase 2) the Render deploy from the existing Dockerfile / render.yaml. It can verify by curling the endpoints.
• Jeff (Cloudflare dashboard in the browser, I guide you): add the subdomain, create the Pages project, set the Cloudflare Access policy (Sol + Jeff emails), and start the laptop server + funnel.
• Jeff (GitHub in the browser): create the two private repos; confirm the knowledge repo excludes share docs.

You never type secrets into anything except your own Cloudflare/Render dashboards. Claude Code never has your passwords.

PHASE 1 - step by step (do these in order)

You act in two places: TERMINAL (you paste my blocks to Claude Code) and CLOUDFLARE (your browser, I give you every click). After each step there is a CHECK. Do not move on until the check passes. If a check fails, paste the error to me or to Claude Code.

Step 1 - Put the Studio on GitHub (Claude Code)

Paste to Claude Code:

In affirmology-studio/, initialize git if needed, commit everything, and push to a NEW PRIVATE GitHub repo named affirmology-studio under jeffparkerlove22. Confirm it is PRIVATE. Add a .gitignore for .env, data/, pycache, and any secrets. Show me the repo URL when done.

CHECK: Claude Code shows a github.com/jeffparkerlove22/affirmology-studio URL and confirms it is private.

Step 2 - Start the engine and expose it (Claude Code, on the laptop)

Paste to Claude Code:

Run the studio locally and expose it publicly with Tailscale Funnel so a Cloudflare Worker can reach it. Set STUDIO_REQUIRE_AUTH=true and pick a strong STUDIO_AUTH_TOKEN. Do not print my OpenRouter or ElevenLabs keys. Then tell me three things: (1) the public Tailscale funnel URL for the studio, (2) the STUDIO_AUTH_TOKEN, (3) the exact commands to start the server and the funnel again later. Verify it yourself by curling the funnel URL /api/health and show me the JSON.

CHECK: Claude Code shows {"status":"ok"...} from the funnel URL and gives you the funnel URL plus the token. Copy those two somewhere safe, you need them in Step 5.

Step 3 - Create the Pages site (you, in Cloudflare)

1. Go to dash.cloudflare.com and click your domain affirmology.ai.
2. Left sidebar: Compute (Workers), then Workers & Pages.
3. Create, then the Pages tab, then Connect to Git.
4. Authorize GitHub if asked, then choose the affirmology-studio repo.
5. Framework preset: None. Build command: leave blank. Build output directory: type web.
6. Click Save and Deploy. Wait for the green Success.

CHECK: click the .pages.dev link it gives you. The Studio screen loads (the API will not work yet, that is expected).

Step 4 - Point the subdomain at it (you, in Cloudflare)

1. In that same Pages project, open the Custom domains tab.
2. Set up a custom domain, type studio.affirmology.ai, Continue, Activate.
3. Cloudflare adds the DNS for you. Wait until it shows Active (a minute or two).

CHECK: open https://studio.affirmology.ai . The Studio screen loads.

Step 5 - Wire /api to your laptop engine (Claude Code, then you confirm)

Give Claude Code the funnel URL and token from Step 2, paste:

Create and deploy a Cloudflare Worker that routes studio.affirmology.ai/api/ to my Tailscale funnel URL [PASTE FUNNEL URL], attaching the studio auth token [PASTE TOKEN] as the header the server expects, exactly like the demo worker does for demo.affirmology.ai. Add the route studio.affirmology.ai/api/ to that Worker. Then verify by curling https://studio.affirmology.ai/api/health and show me the JSON.

CHECK: Claude Code shows {"status":"ok"} from https://studio.affirmology.ai/api/health . In Cloudflare, Compute (Workers), your worker, Settings, Domains & Routes, you should see studio.affirmology.ai/api/*.

Step 6 - Turn on logins for you and Sol (you, in Cloudflare Zero Trust)

1. dash.cloudflare.com, then Zero Trust in the left sidebar (the shield). First time, it may ask you to pick a team name and the free plan, do that.
2. Access, then Applications, then Add an application, then Self-hosted.
3. Application name: Affirmology Studio. Domain: subdomain studio, domain affirmology.ai.
4. On the policy: Action Allow. Include rule: Emails, add jeff@jeffparker.love and solballard@gmail.com.
5. Save. On the login-method screen leave One-time PIN on (it is on by default). Finish.

CHECK: open https://studio.affirmology.ai in a private window. It asks for your email, emails you a 6-digit code, and only those two emails are allowed in.

Step 7 - Hand it to Sol

Keep the laptop on with the server and funnel running (the Step 2 commands). Send Sol the link studio.affirmology.ai and tell her to enter her email to get her code.

CHECK: Sol logs in and the Studio loads for her. Phase 1 done.

Phase 1 status checkpoint (2026-06-15)

DONE and verified on the laptop (Claude Code): - The whole Studio runs on the laptop and persists to the SSD. Audios (MP3 + PDF) save to /Volumes/Affirmology/studio-media; the library DB stays on the laptop. Restart survival verified (library and audio both come back and play). - Public funnel verified at https://macbook-pro-2.tail333640.ts.net:8443 ; script phase works through it; the one approved audio render persists and plays back. The demo funnel on 443 is untouched (studio is on 8443). - Auth verified: token required over the funnel, localhost gate-free, the worker injects the token so the browser never handles it. - UI fixes in: logo gold on "ology"; both Jeff and Sol read "Founder." - Cost discipline holding: script-only, only the one approved render happened. - Phase 2 configs (render.yaml, Dockerfile, R2 backend, STUDIO_REQUIRE_AUTH) parked and ready.

LEFT for Jeff (Cloudflare browser): 1. Point studio.affirmology.ai at the laptop: add the Worker custom domain / route studio.affirmology.ai so it forwards to the funnel (creates the DNS). 2. Cloudflare Access: Zero Trust, Access, add app studio.affirmology.ai, One-time PIN, allowlist jeff@jeffparker.love and solballard@gmail.com only. First ask Claude Code which Cloudflare pieces it already deployed vs what is yours to click, and to re-send the two start commands cleanly (the Tailscale funnel line came through garbled).

START COMMANDS (two terminals): cd affirmology-studio && ./start_public.sh ; the second is the Tailscale funnel line (local 8765 to public 8443), get the exact line from Claude Code.

FINAL TEST: open studio.affirmology.ai in a private window, log in by email code, the Studio loads, generate a script; then have Sol do the same. That is Phase 1 live.

PHASE 2 - 24/7 on Render (this week, once you have a Render account)

11. Create a Render account and connect it to the affirmology-studio GitHub repo. Claude Code already has api/Dockerfile (FFmpeg + WeasyPrint) and render.yaml.
12. In Render, set the secrets: the ElevenLabs key, STUDIO_AUTH_TOKEN, STUDIO_REQUIRE_AUTH=true. Pick an instance with enough memory for a render (a small paid instance, the free tier sleeps and is thin).
13. Optional but recommended: create a Cloudflare R2 bucket and set STUDIO_STORAGE=r2 + the R2 keys so audio and PDFs live in object storage, not on the box.
14. Repoint studio.affirmology.ai/api/* from the laptop funnel to the Render URL (one Worker edit). Keep Cloudflare Access in front. Laptop no longer needed.

When Phase 2 is verified, the laptop demo path stays exactly as it is, untouched.

The knowledge repo for Sol and Colin (keep share docs OUT)

Goal: a repo their Claudes can read for context (charts, brand, scripts, how the Studio works) that contains NO equity, ownership, or fundraising material.

1. Create a SEPARATE private repo, jpl-knowledge. Do not put the whole AFFIRMOLOGY folder in it.
2. Include only safe context: the chart/profile docs, brand and script style, techniques library, the Studio usage docs, public-facing briefs. Copy in deliberately; do not bulk-copy.
3. Rule (corrected by Jeff 2026-06-16): investor-OPPORTUNITY and pitch materials ARE fine to include (the raise opportunity, exec summary, investor brief). NEVER include INTERNAL ownership material: - Affirmology_CoFounderAgreement_v1.* and any co-founder or advisor agreement - Affirmology_TermSheet_v1.* (internal terms), cap table, valuation specifics, SAFE, ownership splits, vesting - Colin's or Sol's specific equity / share grants - Judgment call on Affirmology_FriendsAndFamilyRound_* and Affirmology_ExecSummary_*: include only the investor-facing version free of internal allocations/cap-table numbers; otherwise leave out.
4. Add a .gitignore that blocks *Agreement*, *TermSheet*, *Round*, *Equity*, *CapTable*, *Shares*, *Valuation*, *SAFE* as a safety net.
5. Verification step before the first push (Claude Code runs it): grep the staged files for equity|shares|cap table|term sheet|valuation|SAFE|ownership|vesting|% of the company and report any hit. Push only after a clean result.
6. Connecting Sol and Colin: give them read access to jpl-knowledge only (not the main repo), so their Claude sessions can pull context without ever seeing financials. Do this once the repo is curated and the grep check is clean.

Claude Code kickoff (paste this)

Read Affirmology_StudioDeploy_Runbook_v1.md. Do the Claude Code parts of PHASE 1: make affirmology-studio a clean git repo and push it to a new PRIVATE GitHub repo affirmology-studio under jeffparkerlove22; write the Cloudflare Worker that routes studio.affirmology.ai/api/* to my Tailscale funnel host the same way the demo worker does; set STUDIO_REQUIRE_AUTH=true with a real token; and give me the exact laptop commands to run the server + funnel. Then write me a short checklist of the Cloudflare dashboard steps I do myself (subdomain, Pages, Access policy). Do not put any equity, term sheet, or share documents into any repo. When you are done, verify the /api route by curling the health endpoint and show me the result.