Verdict: 🟢 SAFE to distribute clones. The Base44 white-label staging template (was "Virtual Restyle") is renamed RoomStager and passed a full pre-distribution /app-safety-check + money/abuse audit (fable-mode + base44-workflow).
6a526acda9e181b2df0d8c04 · slug roomstager · LIVE https://roomstager.base44.app · remixable ONsrc/config/brand.js (appName/nameA/nameB), base44/config.jsonc(was "Migrated from Lovable" → "RoomStager"), index.html (title/author/og/twitter + removed dead canonical→virtualrestyle.com + dead manifest), both structure-guard messages (stageRoom.js + lib/structure.js: "Virtual Restyle" → "this app").
PUT /api/apps/<id> name→RoomStager, slug→roomstager.in the live bundle AND in a fresh clone's sandbox source.
the app's own public/ — clones no longer depend on her live domain staying up. Byte sizes match originals; all serve 200 from roomstager.base44.app.
stageRoom — failed stagings spend no credit butstill make a real Gemini call, so an unbounded forced-failure loop would drain her bill (money-path checklist #12 for an AI-spend app). Checked BEFORE any Gemini spend.
/privacy page (src/pages/Privacy.jsx + route) — was missing (safety-net #5). Generic template driven by BRAND; footer link added. New owner adapts it.
GEMINI_API_KEY;a real POST /remix clone has ZERO secrets → a buyer's clone spends the buyer's own key, never hers. New-owner sheet requires adding their own.
(srverva+rs1, srverva+rs2 — OTP pulled from her Gmail via gws). Each sees exactly its OWN Staging row (count 1, not 2); cross-account GET 404 / UPDATE 403 / DELETE 404 both ways. (created_by reads as null = documented not-serialized gotcha, not a leak.)
admin-only); credits fn seeds 3 server-side on first login; anon fn calls 401; anon writes 403 on all 3 entities.
BEFORE any Gemini spend or credit.
src/functions/*source (re-registers on Publish), all 6 public/ images, the daily-cap + Privacy fixes, and RoomStager brand. function_names:[] is expected (CLI-deployed functions don't travel).
user.role==='admin', first signup on a clone becomes admin); nohardcoded email. Owner (Sondra) confirmed admin on master; test users correctly plain user.
Eject master → VITE_BASE44_APP_ID=<master> npm run build → verify bundle (master id present, copy id absent, RoomStager present, old-brand 0) → site deploy with base44/entities set aside → functions deploy LAST. Gotcha nailed this session: the CLI only finds functions at base44/functions/<name>/entry.js (glob **/entry.{js,ts}) — a flat functions/.js or src/functions/.js yields "No functions found". Both stageRoom + credits deployed; function_names = ['credits','stageRoom'], entities intact.
User.delete + their CreditBalance/Staging rows.Only sondraverva@gmail.com (admin) remains; 0 Staging rows; 1 CreditBalance (hers, 25).
(Happy-path Gemini staging was proven in the 07-11 build; the rename didn't touch the image call, so I did NOT re-fire a paid staging just to re-prove it.)
(App Storefront/new-owner-sheets/roomstager.md (+ .html)): add own GEMINI_API_KEY → Publish once → first signup becomes admin → rebrand in src/config/brand.js.
Generated for the CEO Dashboard · source: PROJECTS/Virtual Restyle/handoffs/roomstager-rename-safety-sweep-2026-07-12.md 🤍