Do-now (fastest path)

Force a fresh deploy

Make a tiny code edit (add a comment), save, then Publish again.

After it completes, open the live site in Incognito and hard refresh (Cmd/Ctrl+Shift+R).

Add a build/version fingerprint so we can see what’s live every time.

Replit prompt (copy–paste)

Title: Fix stale deployment: add version stamp, no-cache for index, and diag access in prod

Prompt:

Please add a build/version endpoint and head banner so we can verify the live build, plus ensure no caching on index and that diagnostics are owner-accessible in prod.

A) Build fingerprint

Create server/version.ts:

export const BUILD = {
  sha: process.env.GIT_COMMIT || "dev",
  time: new Date().toISOString(),
  env: process.env.NODE_ENV || "development",
};


In server/index.ts:

import { BUILD } from "./version";
app.get("/version", (_req, res) => res.json(BUILD));
console.log("[build]", BUILD);


In the HTML shell route (or static index handler), set header:

// when serving index.html
res.set("Cache-Control", "no-store");
res.set("X-IBrandBiz-Build", `${BUILD.sha}@${BUILD.time}`);


B) Disable service worker (if any)

If we register a SW, comment out the registration or bump a SW_VERSION to force update; goal: clients don’t stick to stale assets.

C) Diagnostics availability

Ensure /__qa/diag route is allowed in production but owner-gated (keep the owner check; remove if (import.meta.env.MODE === 'production') nav('/')).

D) Remove legacy routes definitively

Make sure the app does not include /pricing/business-assets (no redirect). Unknown pricing paths should 404.

E) Publish

Publish after the changes.

Acceptance

GET /version returns fresh JSON with time ~now and non-dev sha.

Network tab on index.html shows Cache-Control: no-store and X-IBrandBiz-Build header.

/__qa/diag loads in prod for owner.

Visiting /pricing/business-assets returns 404.

Verify after publish (2 checks)

Visit: https://ibrandbiz.com/version
You should see JSON like:

{"sha":"abc1234","time":"2025-10-03T...Z","env":"production"}


If 404 or time is old → still stale.

In DevTools → Network → index.html
Confirm headers: Cache-Control: no-store and X-IBrandBiz-Build: <sha>@<time>.

If those don’t show, you’re still not looking at the latest deployment (wrong domain target or CDN cache).

If still stale after publish

Make sure you’re on the correct live domain (not the *.replit.dev preview).

If you use Cloudflare or another CDN in front of ibrandbiz.com, purge cache.

In Replit “Deployments”, confirm your custom domain is attached to the deployment you just published. (Sometimes there are multiple deployments; attach the domain to the newest.)

Once the live build is confirmed fresh

Open /__qa/diag → copy Server Public IP.

Add that IP to OpenSRS → API → IP Allowlist for the mode you’re using (OTE vs live).

Retry domain search. If it fails, the toast should now show the provider’s message (e.g., “client not permitted from this IP” or “invalid signature”) — send me that exact line and I’ll give you the surgical fix.

We’ve got this. Once the build fingerprint shows up, we can move the domain search to green in minutes.