Publish a site with password-protected sharing

Push a Vite / Next / Astro / SvelteKit / plain-HTML site to a short share URL that respects passwords, allow-lists, expirations, and custom domains.

Who this is for

Designers, studios, and agencies who need to share pitch decks, portfolios, client proofs, or data rooms privately — without uploading to Dropbox, emailing ZIPs, or standing up a staging server.

One command from your project folder gives you a short URL with a password you control. Revoke any time, see who opened it, or point your own domain at it.

Prerequisites: install the Clearly Dev Mac app. The `beehaven` CLI is bundled with it — there is nothing to `npm install`.

1. Point the CLI at your project

From any folder containing a buildable static site:

`bash
cd ~/projects/my-portfolio
beehaven compose push
`

The CLI auto-detects your framework — Vite, Next.js (output: "export"), Astro, SvelteKit (adapter-static), plain static folders, or a single index.html. If a dist/ or out/ folder is missing, the CLI runs your build command first.

2. Get your share URL

The first push prints:

`
✓ Composition created: cmp_abc123
✓ Uploaded 42 files (3.1 MB)
✓ Share URL: https://relay.clearly.sh/r/zkm9pt7q4r
`

That URL works immediately — no DNS propagation, no SSL provisioning.

3. Protect it

Open the site in Published Sites on the Clearly dashboard and add a password, an email allow-list, or an expiration:

-Password — viewers see a branded unlock screen
-Allow-list — only specific emails can open the link
-Expiry — link auto-disables after N days
-Immersive — full-bleed iframe with no Clearly chrome (paid plans)

4. Update your site

When the project changes, run beehaven compose push again. The same share URL stays valid — only the content behind it changes. Old file versions are garbage-collected after 7 days.

5. Point your domain at it (Pro)

Add a custom hostname under Published Sites → Custom domains and create a CNAME record:

`
Type Name Value
CNAME portfolio relay.clearly.sh
`

After DNS propagates, https://portfolio.yourdomain.com serves the share page. SSL is handled automatically.

What `beehaven compose push` actually does

1. Detects the framework and runs the build if needed.
2. Uploads the build output to your Clearly Workspace — each file lands in users//compositions//build/.
3. Records the composition metadata (source type, entry point, build size, last-build-at) so it appears in your dashboard.
4. Writes a .beehaven.json link file in your project root so subsequent push commands know which composition to replace.

Every upload is scoped to your Durable Object — nobody else can read it. Share links are the only public surface for a composition.

All `compose` subcommands

bash

beehaven compose push                # build + upload to the current composition
beehaven compose push --name=pitch   # first-time: create composition with a title
beehaven compose status              # list active share links for this site
beehaven compose share --password=x  # mint a new share link
beehaven compose share --expires=7   # mint a 7-day link
beehaven compose rm                  # unlink this folder (composition stays on server)

Security model

-Password hashing — PBKDF2-HMAC-SHA256 with 100k iterations, per-link salt. Never stored in plain text; never sent to the browser.
-Session cookies — HMAC-signed, HttpOnly, Secure, 60-minute default TTL. Revoking a link instantly invalidates outstanding cookies.
-Rate limiting — 5 bad passwords per 10 minutes per IP per link.
-Allow-list — email match is case-insensitive and stored lowercased. Session tokens bind to the email that unlocked them.
-Revocation — soft-delete flag on the share link; every asset request re-checks the DO, so revokes propagate within one request.

Plan limits: Free gets 3 active links per site with a 7-day max expiry. Starter ($29/mo) unlocks 5 links, 90-day expiry, and 1 custom domain. Pro ($99/mo) gets 20 links, unlimited expiry, 3 domains, and immersive mode. See pricing for the full matrix.

FAQ

Does Clearly run my code? No. Uploaded builds are pure static assets served from R2. The share URL is an HTML frame + password gate served by our Worker, and the iframe inside it loads your compiled output unchanged.

Can I use it for full-stack apps? Not today. Compose is for static output (HTML/CSS/JS/media). If you need server-rendered routes, deploy to Vercel/CF Pages and link to it as a regular bookmark.

How big can a site be? Hard cap 500 MB per composition on free plans, 5 GB on paid. Individual files are chunked with presigned uploads so large assets (video reels, 3D scenes) are fine.

Does it work with React Router / client-side routing? Yes — missing paths fall through to index.html automatically (SPA mode).

Can I share a password over iMessage? That’s the whole point.

Documentation Custom Embed