AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Operator Push Pack

GitHub push pack manifest

Push-safe source paths, forbidden local artifacts and manual GitHub/AWS sequence are kept in one local evidence view before the first MUPZAOS repository push.

Manifest statusSafe sources: 6Forbidden paths: 13Required checks: 5Operator steps: 7
Checks block pushtrue
Forbidden paths explicittrue
No secret valuestrue
Generated artifacts ignoredtrue
GitHub push falsetrue
AWS mutation falsetrue
Production untouchedtrue
MUPZAAI read-onlytrue

Push-safe sources

.gitignoreinclude

Keeps generated folders, env files and local evidence out of Git.

README.mdinclude

Carries project identity, operator boundaries and local setup notes.

docs/include

Runbooks and sprint evidence contracts are source-controlled documentation.

frontend/include

Next.js MUPZAOS operator UI, mock APIs and local contract previews.

scripts/include

QA smoke gates are part of the release evidence pack.

backend/include

Backend boundary README is safe to push and contains no runtime secrets.

Forbidden paths

node_modules/forbidden

Dependency cache, never source.

frontend/node_modules/forbidden

Frontend dependency cache, never source.

.next/forbidden

Generated Next.js build output.

frontend/.next/forbidden

Generated frontend build output.

.deploy/forbidden

Local QA evidence output; keep ignored.

_reuse_inbox/forbidden

Local reuse staging area; never push.

.envforbidden

Runtime values and provider secrets stay outside Git.

.env.*forbidden

Environment variants stay outside Git.

*.logforbidden

Runtime logs can contain sensitive context.

*.tsbuildinfoforbidden

Compiler cache, never source.

*.pem / *.key / *.p12forbidden

Private keys and certificates stay outside Git.

*service-account*.jsonforbidden

Firebase and provider service accounts stay in secret storage.

*credential*.json / *token*.jsonforbidden

Credential and token files stay outside source control.

Required QA before push

Frontend typecheckblocking
exit 0cd D:\mupza-business-os\frontend; npm run typecheck
Frontend production buildblocking
exit 0cd D:\mupza-business-os\frontend; npm run build
Secret guard expansionblocking
MUPZA_SECRET_GUARD_EXPANSION_QA_SMOKE_V1_PASScd D:\mupza-business-os; powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\qa\run-secret-guard-expansion-qa-smoke-v1.ps1
GitHub clean push readinessblocking
MUPZA_GITHUB_CLEAN_PUSH_READINESS_GATE_V1_PASScd D:\mupza-business-os; powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\qa\run-github-clean-push-readiness-gate-v1.ps1
Local release readiness indexblocking
MUPZA_LOCAL_RELEASE_READINESS_INDEX_QA_SMOKE_V1_PASScd D:\mupza-business-os; powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\qa\run-local-release-readiness-index-qa-smoke-v1.ps1

Manual operator sequence

Inspect local statusnone

Review every changed file before staging.

git status --short
Stage push-safe paths onlylocal_git

Stage only source, runbooks, QA scripts and safe backend boundary docs.

git add .gitignore README.md docs frontend scripts backend
Review staged filesnone

Confirm forbidden folders and env files are absent before commit.

git diff --cached --name-status
Create local commitlocal_git

Create one auditable local baseline commit after QA gates pass.

git commit -m "feat: prepare MUPZAOS local foundation"
Attach new GitHub repositorygithub_remote

Use the empty MUPZAOS GitHub repository created manually by the operator.

git remote add origin <NEW_GITHUB_REPO_URL>
Push main branchgithub_remote

Publish only after clean local evidence is green.

git branch -M main; git push -u origin main
Clone into fresh AWS staging serveraws_staging

AWS work starts on staging only; production remains untouched.

git clone <NEW_GITHUB_REPO_URL> mupza-business-os