This report reflects the live production deployment on https://agentos-app.vercel.app. No P0 or P1 findings were observed in this pass. The remaining open issue is the custom-domain DNS cutover.
https://agentos-app.vercel.app/api/ops/crewAnonymous callers could enumerate the full 102-item active and standby crew matrix, including per-item topology and queue state.
That exposed more control-plane inventory than a public health surface should reveal.
Keep public ops access summary-only. Require an ops-admin bearer token for per-item matrix details, failovers, and incident history. This fix is already live.
https://agentos-app.vercel.app/docs/apiThe API reference documented stale signup and health contracts that no longer matched the live routes.
Developers could copy invalid request payloads or expect fields that the live API does not return.
Document only the route contracts that were re-verified against production. This fix is already live.
https://agentos.serviceThe custom domain is attached in Vercel but the apex DNS record does not yet resolve publicly.
The branded production hostname is unavailable, so launch traffic must stay on the Vercel hostname until DNS propagates.
Create the apex DNS record A @ -> 76.76.21.21 at the current DNS provider. Keep the canonical production URL on agentos-app.vercel.app until agentos.service resolves and serves HTTPS.
Agent OS is ready for public traffic on https://agentos-app.vercel.app. The remaining operational blocker is external to the codebase: add the apex DNS record for agentos.service and then re-verify HTTPS before switching the canonical hostname.