foolish-bandit writes the deployment manual gary was missing
The fork's backend won't run where the rest of the project lives, so foolish-bandit documented exactly where it should run instead - and which keys never leave home.
Gary's backend leans on things a lightweight serverless host can't provide: it shells out to a desktop office suite to turn Word documents into PDFs, handles file uploads, and talks to cloud storage. foolish-bandit's answer isn't to rewrite any of that - it's a thorough, honest deployment guide pointing the backend at Railway or Render (general-purpose app-hosting platforms), with Railway flagged as the smoother path because the document-conversion dependency is already wired in. The guide even owns up to a naming inconsistency in the config rather than papering over it.
The part worth lingering on is the security boundary. The doc draws a hard line around the credentials that bypass database access controls, the storage keys, and the AI provider keys: those stay on the backend and never get shipped to the public-facing frontend.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?