Vercel + Tailscale
Deploy the GridWork HQ dashboard to Vercel with Tailscale exposing your local pipeline server.
Vercel + Tailscale
This is the recommended setup for zero-ops UI hosting. The Next.js dashboard runs on Vercel's edge network, while the pipeline server runs on your local machine (Mac, Linux, or VPS) exposed via Tailscale.
Architecture
┌─────────────────────────────────┐
│ Vercel (Cloud) │
│ ┌───────────────────────────┐ │
│ │ GridWork HQ Dashboard │ │
│ │ (Next.js SSR/API) │ │
│ └─────────┬─────────────────┘ │
└─────────────┼────────────────────┘
│ HTTPS (Bearer token)
┌─────────▼──────────────────────┐
│ Tailscale Funnel / Public URL │
└─────────┬──────────────────────┘
│
┌─────────────┼────────────────────┐
│ Your Machine (Mac/Linux/VPS) │
│ ┌──────────▼────────────────┐ │
│ │ Pipeline Server │ │
│ │ + Knowledge Vault │ │
│ │ + Claude Code CLI │ │
│ └───────────────────────────┘ │
└──────────────────────────────────┘Why This Split
- The dashboard is a stateless Next.js app — ideal for Vercel's edge network
- The pipeline server needs persistent memory (job queue, cron state) and local Claude Code CLI access
- Vercel serverless functions have a 60-second timeout — pipeline jobs run for minutes
Cost
| Component | Cost |
|---|---|
| Vercel Hobby | Free |
| Vercel Pro (optional) | $20/mo |
| Pipeline server | Runs on hardware you already own |
| Tailscale | Free for personal use |
1. Fork and Import to Vercel
- Fork the
gridwork-hqrepo to your GitHub account - Go to vercel.com/new
- Click Import Git Repository and select your fork
- Framework preset: Next.js (auto-detected)
- Click Deploy — the first deploy will fail (no env vars yet)
2. Run the Setup Wizard Locally
git clone https://github.com/YOUR_ORG/gridwork-hq.git
cd gridwork-hq
npm install
node setup-wizard.mjsWhen Phase 4 asks for deployment target, enter vercel. Set HQ_URL to your Vercel URL (e.g., https://your-gridwork-hq.vercel.app).
3. Add Environment Variables to Vercel
Go to your Vercel project > Settings > Environment Variables and add every key from .env.local. The critical variables:
| Variable | Required | Notes |
|---|---|---|
NEXTAUTH_SECRET | Yes | Generated by wizard |
GITHUB_ID | Yes | GitHub OAuth App Client ID |
GITHUB_SECRET | Yes | GitHub OAuth App Client Secret |
GITHUB_TOKEN | Yes | Personal access token |
GITHUB_ORG | Yes | Your GitHub org/username |
ALLOWED_GITHUB_ID | Yes | Your numeric GitHub user ID (restricts login) |
DATABASE_URL | Yes | SQLite path or Turso URL |
ANTHROPIC_API_KEY | Yes | For server-side API calls |
PIPELINE_SERVER_TOKEN | Yes | Must match pipeline server |
PIPELINE_SERVER_URL | Yes | Your Tailscale funnel URL |
PIPELINE_SERVER_PORT | Yes | Default: 8750 |
DUCTOR_WEBHOOK_TOKEN | Yes | Must match pipeline server |
HQ_URL | Yes | Your Vercel URL |
Do not set NEXTAUTH_URL — Vercel handles this automatically.
Database for Vercel
Local SQLite does not work on Vercel. Use Turso (free tier available):
- Create a Turso database at turso.tech
- Copy the database URL and auth token
- Set in Vercel:
DATABASE_URL— your Turso URL (e.g.,libsql://your-db.turso.io)DATABASE_AUTH_TOKEN— your Turso auth token
4. Update GitHub OAuth App
Update your GitHub OAuth App URLs to match Vercel:
| Field | Value |
|---|---|
| Homepage URL | https://your-gridwork-hq.vercel.app |
| Authorization callback URL | https://your-gridwork-hq.vercel.app/api/auth/callback/github |
5. Set Up the Pipeline Server
On your local machine:
cd ~/agency-workspace/pipeline-server
npm installKey environment variables in pipeline-server/.env:
PIPELINE_SERVER_TOKEN=must-match-vercel
HQ_URL=https://your-gridwork-hq.vercel.app
DUCTOR_WEBHOOK_TOKEN=must-match-vercel
ANTHROPIC_API_KEY=sk-ant-...
KNOWLEDGE_DIR=/Users/yourname/agency-workspace/knowledge
SCRIPTS_DIR=/Users/yourname/agency-workspace/.scripts6. Expose via Tailscale
Install Tailscale
# macOS
brew install tailscale
open /Applications/Tailscale.app
# Linux
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale upCreate a Funnel
tailscale funnel --bg 8750This creates a public URL like https://your-machine.tail12345.ts.net/. Verify it:
tailscale funnel status
curl https://your-machine.tail12345.ts.net/healthUpdate Vercel
Add or update in Vercel environment variables:
PIPELINE_SERVER_URL=https://your-machine.tail12345.ts.net7. Deploy and Test
Push to trigger a Vercel deploy:
cd ~/agency-workspace/gridwork-hq
git add config/brand.json
git commit -m "Configure brand identity"
git push origin mainThen:
- Navigate to your Vercel URL
- Click Sign in with GitHub
- Go to Settings > Pipeline Server > Test Connection
- Run a test pipeline from Mission Control
8. Custom Domain (Optional)
- Vercel dashboard > your project > Settings > Domains
- Enter your custom domain (e.g.,
hq.yourdomain.com) - Configure DNS: CNAME
hqpointing tocname.vercel-dns.com - Update
HQ_URLin both Vercel env vars andpipeline-server/.env - Update GitHub OAuth callback URL
Keeping Secrets in Sync
These secrets must match between Vercel and your pipeline server:
| Secret | Must Match In |
|---|---|
PIPELINE_SERVER_TOKEN | Vercel env + pipeline-server/.env |
DUCTOR_WEBHOOK_TOKEN | Vercel env + pipeline-server/.env |
When rotating secrets:
- Generate new secret:
openssl rand -hex 32 - Update in Vercel env vars and trigger a redeploy
- Update in
pipeline-server/.envand restart the server - Verify: Settings > Pipeline Server > Test Connection