Xboard operating guide
Practical release, integration, approval, and support notes for pilots and integration partners.
Operator setup
Run local-dev adapters while testing, then switch production drivers only after credentials, legal copy, consent gates, storage, Stripe, email, and platform accounts have passed preflight and smoke checks.
Approval model
Publishing, boosting, budget changes, sensitive replies, media use, refunds, and automation changes require explicit approval unless a documented approval policy allows the exact action.
API discovery
The API serves OpenAPI JSON at /v1/_meta/openapi.json and a Swagger viewer at /v1/_meta/docs on the configured API host.
Deploy checks
Before release, run typecheck, lint, tests, build, synthetic, preflight, then run pnpm deploy:smoke against the deployed API and web URLs.
Data safety
Client photos, consent records, private messages, health-style intake fields, payment status, tracking identifiers, and internal notes are high-risk data and must stay tenant-scoped, audited, and least-privilege.
Support escalation
Collect tenant name, action, platform, timestamp, and visible reference code. Do not move tokens, private messages, or raw client media outside approved support channels.