Skip to lesson

Lesson 4 of 7 / HQ fundamentals

Deploy a Private HQ App

Turn an approved idea into a small web app, restrict it to company members, and prove the access gate in a private browser session.

Begin lesson
Complete in
About 3 minutes, plus build time
Written path
6 steps
Outcome

You will deploy a company-scoped app that loads for signed-in members and shows a sign-in wall to anonymous visitors.

Recorded walkthrough

Watch the complete path.

Follow the recording once, then use the written steps below as the durable checklist. English captions are available from the player controls.

HQ / Tutorial recording

This walkthrough uses demo data and shows the complete recorded workflow. Use the written steps below as your durable checklist while you follow along.

Before You Begin

  1. HQ is signed in to a cloud-backed company.

  2. You can describe the page or app you want to create.

  3. You know which company should own the app and who should be allowed to view it.

  4. A private or incognito browser window is available for the final access test.

Step-by-step walkthrough

  1. Step 1

    Describe the app

    Run Deploy and describe a small app built from information approved for this audience. Do not ask the published page to reveal raw credentials.

    CommandRun exactly as shown
     /deploy
     Create a mini site that summarizes approved company information without exposing credentials.
    
    Expected result

    HQ starts creating the web app from your description.

  2. Step 2

    Choose the owning company

    When HQ asks for scope, identify the company that should own and authorize the app.

    PromptSend in your AI session
     Use [company name].
    
    Expected result

    HQ scopes the app to the selected company.

  3. Step 3

    Require company-member access

    Add the access requirement before deployment finishes so anonymous visitors cannot see the app.

    PromptSend in your AI session
     Please make sure only members logged into [company name] can see it.
    
    Expected result

    HQ applies a signed-in company-member gate to the app.

  4. Step 4

    Wait for deployment

    Leave the session open while HQ builds and publishes the app. This wait is one processing state, not another setup step.

    Expected result

    HQ reports that the app is live and that the company access gate is set.

  5. Step 5

    Verify the signed-in experience

    Open the returned app address while signed in and inspect only the summary that the intended audience is allowed to see.

    NavigationOpen this destination
     Open [app URL] in your signed-in browser
    
    Expected result

    The app loads for the authorized member account without revealing raw credential values.

  6. Step 6

    Prove the anonymous gate

    Open a private browser window and visit the same app address without signing in.

    NavigationOpen this destination
     Open [app URL] in a private browser window
    
    Expected result

    The private session reaches a sign-in wall instead of the app content.

Observable finish line

You are done when this is true.

The app loads for a signed-in company member, the same address is blocked behind sign-in in a private window, and no raw credential appears in the deployed content.