Skip to content

SUR-218 — Outstanding work after 2026-04-23 handoff

SUR-218 — Outstanding work after 2026-04-23 handoff

The Astro marketing handoff is live. Cutover, dashboard config, and bundling are done; what remains is small, well-scoped follow-ups.

Linear: SUR-218 · Plan: ~/.claude/plans/sur-218-along-with-a-ancient-pebble.md

Done

  • Edge Function waitlist-signup deployed (honeypot + rate limit)
  • Astro site live at surfc.app
  • React app live at app.surfc.app
  • Supabase dashboard — app.surfc.app + surfc.app added to redirect URLs
  • Supabase config.toml — function registration + redirect URLs
  • Lighthouse CI + link check (warn-only thresholds for now)
  • Playwright suite (30 tests, mocked endpoint, Termly auto-blocked)
  • Modal scrim [hidden] CSS bug fix
  • TWA manifest repointed at app.surfc.app and AAB rebuilt locally
  • Bubblewrap artifacts (twa-manifest.json, gradle wrapper, etc.) gitignored
  • SUR-227 follow-ups filed as inline TODO(SUR-227) comments
  • PostHog wired into Astro marketing (2026-04-23) — CDN-loaded init in BaseLayout.astro, waitlist_submitted / waitlist_duplicate captures in WaitlistForm.astro, and data-cta attribution on Nav / Hero / ClosingCta / WaitlistForm Sign in + Request invitation CTAs (fires app_cta_clicked).
  • PUBLIC_SUPABASE_ANON_KEY decision (2026-04-23) — Netlify has it set; the defensive if (anonKey) headers.apikey = anonKey path in WaitlistForm.astro stays. .env.example documentation unchanged. The key is safe to expose (anon role + RLS).
  • surfc/netlify.toml policies cleanup (2026-04-23) — the two legacy /policies/*.html → clean URL redirects removed, replaced with a single /policies/* → https://surfc.app/policies/:splat 301 bounce. Placed before the SPA catch-all.
  • TWA / assetlinks verification (2026-04-23)assetlinks.json check confirmed passing by Deji. Keystore SHA-256 still matches the value in public/.well-known/assetlinks.json; the file is reachable at https://app.surfc.app/.well-known/assetlinks.json.

Outstanding

All SUR-218 follow-ups are complete. Remaining items belong to separate Linear issues — see below.

Gotchas worth remembering

  • Bubblewrap vendors a 32-bit JDK. Default Gradle heap (-Xmx1536m) can’t reserve the address space and the build dies with “Could not reserve enough space for 1572864KB object heap” even on a 32 GB machine. Fix: set org.gradle.jvmargs=-Xmx768m in the (gitignored) gradle.properties after every fresh bubblewrap init. Long-term fix: install a 64-bit JDK 17 and pass --jdkPath="C:\Program Files\…\jdk-17.x.x" to bubblewrap.

  • Edge Function rate limiter uses an in-memory per-worker Map, not Deno KV (plan deviation, accepted at PR-time). A bot fanning out across workers bypasses the per-IP limit; honeypot is the primary filter for that case.

Downstream issues (not part of SUR-218)

  • SUR-215 — strip LandingPage/WaitlistScreen from surfc/src/App.jsx now that marketing lives at surfc.app. Unblocked.
  • SUR-219 — split .hiw-* and .wl-* rules out of surfc/src/styles.css. Unblocked.
  • SUR-227 — Lighthouse follow-ups (color contrast on /waitlist, render-blocking Google Fonts + CLS, cache headers on icons / og-image). Filed as inline TODO(SUR-227) comments at surfc-web/src/layouts/ BaseLayout.astro, surfc-web/netlify.toml, and surfc-web/src/components/ WaitlistForm.astro — grep TODO(SUR-227) to surface the full list.