PrerequisitesPilot API databaseThe landing app exposes the Arc Suite pilot API. By default it uses the bundled demo seed. To switch it to Supabase/Postgres, run:
-- Supabase SQL Editor or Supabase CLIlanding/supabase/migrations/2026060201_arc_pilot_schema.sql
landing/supabase/migrations/2026060202_workspace_auth.sql
landing/supabase/migrations/2026060501_analytics_events.sql
landing/supabase/migrations/2026060502_investor_leads.sql
landing/supabase/migrations/2026060601_rate_limit_events.sql
landing/supabase/seed.sql
Then configure the landing deployment:
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_ROLE_KEY=...
ARC_WORKSPACE_ID=wrk_arc_demo
ARC_ANALYTICS_SALT=...
CRON_SECRET=...
When these env vars are present, /api/pilot/summary, /api/agents, /api/transactions, /api/reputation/:agentId, and /api/access/check read from Supabase. If Supabase is unavailable, the API falls back to demo seed data. /api/health reports whether the API is using Supabase or seed data. Protected/api/readiness verifies required Supabase tables for production operation. Protected /api/ops/rate-limits/cleanup removes old rate-limit buckets; Vercel Cron runs it daily when CRON_SECRET is configured.
Conversion analytics are captured through /api/analytics/events and summarized through protected /api/analytics/summary. The tracked funnel events are demo, investor page, GitHub, X, and Treasury access-check interactions.
Investor CRM light is captured through /api/leads and listed through protected GET /api/leads. Leads store the same anonymous/session ids used by analytics. Public lead, analytics, and access-check endpoints are rate-limited. Leads also include an invisible honeypot field to filter simple bot submissions.
Run locally# Clone
git clone https://github.com/maksutovdesign/arc.git
cd arc
# Install all workspaces
npm install
# Verify all apps
npm run lint:all
npm run build:all
npm run test:smoke
npm run monitor:prod
# Run each app (separate terminals)
npm run dev --workspace=landing # → http://localhost:3000
npm run dev --workspace=treasury # → http://localhost:3001
npm run dev --workspace=reputation # → http://localhost:3002
npm run dev --workspace=marketplace # → http://localhost:3003
monitor:prod checks production health, Supabase data source, readiness access guards, CORS preflight, security headers, and the four public app surfaces. GitHub Actions also runs this monitor every 30 minutes through Arc Suite Production Monitor. The monitor records per-check latency, writes a Markdown run summary in GitHub Actions, warns above ARC_MONITOR_LATENCY_WARN_MS (default 5000) and fails aboveARC_MONITOR_LATENCY_FAIL_MS (default 15000).
When that monitor fails, it can notify Slack and Sentry. Add either or both GitHub repository secrets:
- ARC_SLACK_WEBHOOK_URL or SLACK_WEBHOOK_URL for a Slack Incoming Webhook.
- ARC_SENTRY_DSN or SENTRY_DSN for a Sentry project DSN.
The notifier is dependency-free and skips missing sinks, so the workflow stays usable before alert destinations are configured. To test delivery without breaking production, run Arc Suite Production Monitor manually from GitHub Actions with send_test_alert=true.
Runtime Sentry is configured in all Next.js apps with @sentry/nextjs. Set NEXT_PUBLIC_SENTRY_DSN in Vercel for browser errors, and SENTRY_DSN or ARC_SENTRY_DSN for server/API errors. Optional source map upload usesSENTRY_AUTH_TOKEN, SENTRY_ORG, and SENTRY_PROJECT. Landing also exposes a protected POST /api/ops/sentry-test endpoint for manual runtime verification.
Deploy to Vercel# Install Vercel CLI
npm i -g vercel
# Deploy Treasury
cd treasury && vercel --prod
# Deploy Reputation
cd ../reputation && vercel --prod
# Deploy Marketplace
cd ../marketplace && vercel --prod