Ctrlk
Build with Riff

Deploy

Deploy publishes your app to a permanent public URL so real users can access it.

The Deploy button is in the top-right of the App builder — a blue pill with a rocket icon. Clicking it publishes your app to a live URL accessible by anyone you share it with.

Until you deploy, your app runs only in the development workspace, visible only to you.

The deploy flow

  1. Click Deploy in the topbar

  2. A popover opens showing:

    • Any error from a previous failed deployment

    • The deployment URL your app will be (or already is) published at

    • A checklist of pre-deployment validations

  3. Wait for all checklist items to pass (each shows a tick or a block)

  4. Click Deploy inside the popover to start deployment

  5. The topbar button shows "Deploying…" with a spinner while it runs

  6. When complete, the button returns to Deploy and your app is live

Pre-deployment checklist

Riff runs these checks automatically before allowing deployment:

Check
What it verifies

Subdomain available

Your chosen app URL is not already taken

Public username set

Your account has a public username configured

Deploy permission

You have permission to deploy this app

Security checks

Basic security validation passes

Owner first deploy

The first deployment of any app must be done by the app owner

If any check fails, the Deploy button inside the popover stays disabled. The checklist shows which item is blocking and why.

Your app's URL

Deployed apps are published at username.riff.works/app-name. This URL is permanent — it does not change between deployments.

If deployment fails

The topbar button turns amber and shows "Retry Deploy". Open the popover to see the error from the failed attempt. Fix the issue and click Deploy again.

Development vs. production

The workspace is your development environment — changes here do not affect the live app until you deploy. Your development and production databases are separate. See Riff environment for how the two environments relate.

Before you deploy

Riff provides a set of pre-deployment skills you can run before going live. These are not automatic — you trigger them intentionally as part of your readiness process. Think of them as a structured checklist that produces a documented record before anything goes live.

To trigger a skill, type / followed by the skill name in the agent chat.

#
Skill
What it does

1

deployment-check-security

Scans for critical vulnerabilities: leaked API keys, missing auth checks, hardcoded secrets, and injection risks. Reports HIGH and MEDIUM findings only.

2

deployment-check-integration

Maps every external service connection — what data is read, what is written, whether any personal data (PII) is involved. Produces a documented integration record.

3

perform-security-audit

End-to-end security review: authentication, secrets, SQL injection, endpoint authorisation, PII logging, input validation, and error exposure. Creates tasks for all high and critical findings.

4

implement-user-roles

Configures role-based access so each user sees only the data relevant to them — important when the app is shared across teams or departments.

5

implement-ux-checks

Reviews key screens and flows for usability issues before your users encounter them in production.

Run these in order. Each produces a report in the task board. Review findings, action any blockers with the agent, then deploy when all checks are green.

PreviousLogsNextAccess

Last updated

Was this helpful?