-
Notifications
You must be signed in to change notification settings - Fork 0
Public Demo
Disclaimer: The live site magic-ai-factory.com is a shared demonstration. Admin login is passwordless (
admin, click Enter admin demo). Do not treat it as a private factory. Self-host for full owner controls.
When AIFACTORY_DEMO_READONLY=1 is set in .env (read by docker compose), the backend blocks operations that would let casual visitors corrupt the shared demo:
| Blocked | Why |
|---|---|
| Factory backup download | Prevents exfiltrating all demo products/secrets |
| Factory restore | Prevents wiping or replacing the shared catalog |
| Settings → Save | Keeps Director/autopilot/URLs stable for everyone (includes GA / head snippet — use NEXT_PUBLIC_GA_MEASUREMENT_ID in .env on demo) |
| Admin password change | Demo admin is passwordless — keeps shared login stable |
| Admin user CRUD | No add/delete/edit; super-admin accounts are never deletable |
Still allowed on demo: browse Pipeline, LLM logs (read), sandbox preview (admin + storefront), git push from sandbox, create products (within normal pipeline), most read-only admin tabs.
Important exception: in Settings, factory_on_hold (Factory pause toggle) is still writable on demo so operators can stop/resume runs without opening full settings writes.
There is no “delete product” button in the UI on any instance.
In project root .env (not in git — survives docker compose build / up):
AIFACTORY_DEMO_READONLY=1docker-compose.yml passes it through:
AIFACTORY_DEMO_READONLY: ${AIFACTORY_DEMO_READONLY:-0}After changing .env:
docker compose build app
docker compose up -d appfill_production_env.py appends AIFACTORY_DEMO_READONLY=1 when you pass --public-url pointing at magic-ai-factory.com (see Deployment).
Leave AIFACTORY_DEMO_READONLY=0 (default) or omit the variable. Use a private bootstrap password, enable backup/restore in Settings, and rotate credentials.
- Settings: blue banner — backup/restore and platform saves disabled.
-
GET /api/admin/auth/me:public_demo: true,blocks_*flags for the SPA.
Full detail: docs/security.md · backup/restore: Owner-Guide §7