> For the complete documentation index, see [llms.txt](https://docs.riff.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.riff.ai/reference/app-builder/deploy.md).

# Deploy

The Deploy button is in the top-right of the App builder — a blue pill with a rocket icon. Clicking it publishes your app to a live URL accessible by anyone you share it with.

Until you deploy, your app runs only in the development workspace, visible only to you.

## The deploy flow

1. Click **Deploy** in the topbar
2. A popover opens showing:
   * Any error from a previous failed deployment
   * The deployment URL your app will be (or already is) published at
   * A checklist of pre-deployment validations
3. Wait for all checklist items to pass (each shows a tick or a block)
4. Click **Deploy** inside the popover to start deployment
5. The topbar button shows **"Deploying…"** with a spinner while it runs
6. When complete, the button returns to **Deploy** and your app is live

## Pre-deployment checklist

Riff runs these checks automatically before allowing deployment:

| Check               | What it verifies                                              |
| ------------------- | ------------------------------------------------------------- |
| Subdomain available | Your chosen app URL is not already taken                      |
| Public username set | Your account has a public username configured                 |
| Deploy permission   | You have permission to deploy this app                        |
| Security checks     | Basic security validation passes                              |
| Owner first deploy  | The first deployment of any app must be done by the app owner |

If any check fails, the Deploy button inside the popover stays disabled. The checklist shows which item is blocking and why.

## Your app's URL

Deployed apps are published at `username.riff.works/app-name`. This URL is permanent — it does not change between deployments.

## If deployment fails

The topbar button turns amber and shows **"Retry Deploy"**. Open the popover to see the error from the failed attempt. Fix the issue and click Deploy again.

## Development vs. production

The workspace is your development environment — changes here do not affect the live app until you deploy. Your development and production databases are separate. See [Riff environment](/reference/app-builder/riff-environment.md) for how the two environments relate.

## Before you deploy

Riff provides a set of pre-deployment skills you can run before going live. These are not automatic — you trigger them intentionally as part of your readiness process. Think of them as a structured checklist that produces a documented record before anything goes live.

To trigger a skill, type `/` followed by the skill name in the agent chat.

<table><thead><tr><th width="49">#</th><th width="271.4805908203125">Skill</th><th>What it does</th></tr></thead><tbody><tr><td>1</td><td><code>deployment-check-security</code></td><td>Scans for critical vulnerabilities: leaked API keys, missing auth checks, hardcoded secrets, and injection risks. Reports HIGH and MEDIUM findings only.</td></tr><tr><td>2</td><td><code>deployment-check-integration</code></td><td>Maps every external service connection — what data is read, what is written, whether any personal data (PII) is involved. Produces a documented integration record.</td></tr><tr><td>3</td><td><code>perform-security-audit</code></td><td>End-to-end security review: authentication, secrets, SQL injection, endpoint authorisation, PII logging, input validation, and error exposure. Creates tasks for all high and critical findings.</td></tr><tr><td>4</td><td><code>implement-user-roles</code></td><td>Configures role-based access so each user sees only the data relevant to them — important when the app is shared across teams or departments.</td></tr><tr><td>5</td><td><code>implement-ux-checks</code></td><td>Reviews key screens and flows for usability issues before your users encounter them in production.</td></tr></tbody></table>

Run these in order. Each produces a report in the task board. Review findings, action any blockers with the agent, then deploy when all checks are green.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.riff.ai/reference/app-builder/deploy.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.