Lesson 4 of 7 / HQ fundamentals
Deploy a Private HQ App
Turn an approved idea into a small web app, restrict it to company members, and prove the access gate in a private browser session.
Begin lesson- Complete in
- About 3 minutes, plus build time
- Written path
- 6 steps
You will deploy a company-scoped app that loads for signed-in members and shows a sign-in wall to anonymous visitors.
Recorded walkthrough
Watch the complete path.
Follow the recording once, then use the written steps below as the durable checklist. English captions are available from the player controls.
This walkthrough uses demo data and shows the complete recorded workflow. Use the written steps below as your durable checklist while you follow along.
Before You Begin
HQ is signed in to a cloud-backed company.
You can describe the page or app you want to create.
You know which company should own the app and who should be allowed to view it.
A private or incognito browser window is available for the final access test.
Step-by-step walkthrough
- Step 1
Describe the app
Run Deploy and describe a small app built from information approved for this audience. Do not ask the published page to reveal raw credentials.
CommandRun exactly as shown/deployCreate a mini site that summarizes approved company information without exposing credentials.Expected resultHQ starts creating the web app from your description.
- Step 2
Choose the owning company
When HQ asks for scope, identify the company that should own and authorize the app.
PromptSend in your AI sessionUse [company name].Expected resultHQ scopes the app to the selected company.
- Step 3
Require company-member access
Add the access requirement before deployment finishes so anonymous visitors cannot see the app.
PromptSend in your AI sessionPlease make sure only members logged into [company name] can see it.Expected resultHQ applies a signed-in company-member gate to the app.
- Step 4
Wait for deployment
Leave the session open while HQ builds and publishes the app. This wait is one processing state, not another setup step.
Expected resultHQ reports that the app is live and that the company access gate is set.
- Step 5
Verify the signed-in experience
Open the returned app address while signed in and inspect only the summary that the intended audience is allowed to see.
NavigationOpen this destinationOpen [app URL] in your signed-in browserExpected resultThe app loads for the authorized member account without revealing raw credential values.
- Step 6
Prove the anonymous gate
Open a private browser window and visit the same app address without signing in.
NavigationOpen this destinationOpen [app URL] in a private browser windowExpected resultThe private session reaches a sign-in wall instead of the app content.
Observable finish line
You are done when this is true.
The app loads for a signed-in company member, the same address is blocked behind sign-in in a private window, and no raw credential appears in the deployed content.