The JavaScript SDK code examples across the docs site point users at pkg.staging.yivi.app and fileshare.staging.yivi.app. Both hostnames resolve to the same staging ingress as the .staging.postguard.eu aliases, but the TLS cert served on the yivi.app names is the placeholder K8s cert (O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate). Any real client doing TLS validation rejects the connection. Anyone following the quickstart fails before reaching the PKG.
Ruben flagged this exact follow-up in commit c7e8413 (PR #93, 2026-05-16): "the docs still reference fileshare.staging.yivi.app in JS-side snippets and fileshare.postguard.eu as a production host — leaving those for a separate review since neither was part of this rename." This issue picks up that thread.
Canonical URLs (verified)
Source of truth: postguard-js/scripts/smoke.mjs and postguard-examples/pg-sveltekit/.env.example both use:
| Environment |
PKG |
Cryptify |
| Staging |
https://pkg.staging.postguard.eu |
https://storage.staging.postguard.eu |
| Production |
https://pkg.postguard.eu |
https://storage.postguard.eu |
Verified live (2026-05-26): pkg.staging.postguard.eu/v2/parameters returns HTTP 405 (real server), storage.staging.postguard.eu/health returns 200. The yivi.app aliases return the K8s placeholder cert and 404 on the API path. fileshare.postguard.eu does not serve /health; storage.postguard.eu/health returns 200.
Files to update
JS-side snippets (replace pkg.staging.yivi.app with pkg.staging.postguard.eu, fileshare.staging.yivi.app with storage.staging.postguard.eu):
docs/index.md lines 47-48docs/repos/postguard-js.md lines 29-30 and 86-87docs/repos/pg-sveltekit.md lines 42-43 and 64-65docs/sdk/getting-started.md lines 33-34docs/sdk/js-encryption.md lines 98-99
Production Cryptify (one line, replace fileshare.postguard.eu with storage.postguard.eu):
docs/repos/pg-dotnet.md line 47
Source-link side effect
docs/repos/pg-sveltekit.md lines 42-43 and 64-65 carry source links to the pinned commit 3d06342fad2c749ca4d043070d1ad9c831c7bfc1 in postguard-examples. The pinned file at that hash already uses pkg.staging.postguard.eu and fileshare.staging.postguard.eu (verified via raw.githubusercontent.com), so the rendered snippet currently does not match the source it links to. Updating the snippets to the canonical URLs also fixes this snippet-vs-source drift, though it leaves a small mismatch on the Cryptify host (pinned file has fileshare., canonical is storage.). The cleanest fix is to repin the source link to a newer commit on main that uses the canonical hosts, or to repin to the storage.staging.postguard.eu rename commit in postguard-examples, and update the snippet text to match exactly what is at that hash.
Verification
After the edit, run npm run docs:build (no warnings expected, build ~7s) and grep -rEn 'yivi\.app|fileshare\.postguard\.eu' docs/ should return nothing under non-dist/ paths.
The JavaScript SDK code examples across the docs site point users at
pkg.staging.yivi.appandfileshare.staging.yivi.app. Both hostnames resolve to the same staging ingress as the.staging.postguard.eualiases, but the TLS cert served on theyivi.appnames is the placeholder K8s cert (O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate). Any real client doing TLS validation rejects the connection. Anyone following the quickstart fails before reaching the PKG.Ruben flagged this exact follow-up in commit c7e8413 (PR #93, 2026-05-16): "the docs still reference
fileshare.staging.yivi.appin JS-side snippets andfileshare.postguard.euas a production host — leaving those for a separate review since neither was part of this rename." This issue picks up that thread.Canonical URLs (verified)
Source of truth:
postguard-js/scripts/smoke.mjsandpostguard-examples/pg-sveltekit/.env.exampleboth use:https://pkg.staging.postguard.euhttps://storage.staging.postguard.euhttps://pkg.postguard.euhttps://storage.postguard.euVerified live (2026-05-26):
pkg.staging.postguard.eu/v2/parametersreturns HTTP 405 (real server),storage.staging.postguard.eu/healthreturns 200. Theyivi.appaliases return the K8s placeholder cert and 404 on the API path.fileshare.postguard.eudoes not serve/health;storage.postguard.eu/healthreturns 200.Files to update
JS-side snippets (replace
pkg.staging.yivi.appwithpkg.staging.postguard.eu,fileshare.staging.yivi.appwithstorage.staging.postguard.eu):docs/index.mdlines 47-48docs/repos/postguard-js.mdlines 29-30 and 86-87docs/repos/pg-sveltekit.mdlines 42-43 and 64-65docs/sdk/getting-started.mdlines 33-34docs/sdk/js-encryption.mdlines 98-99Production Cryptify (one line, replace
fileshare.postguard.euwithstorage.postguard.eu):docs/repos/pg-dotnet.mdline 47Source-link side effect
docs/repos/pg-sveltekit.mdlines 42-43 and 64-65 carry source links to the pinned commit3d06342fad2c749ca4d043070d1ad9c831c7bfc1in postguard-examples. The pinned file at that hash already usespkg.staging.postguard.euandfileshare.staging.postguard.eu(verified viaraw.githubusercontent.com), so the rendered snippet currently does not match the source it links to. Updating the snippets to the canonical URLs also fixes this snippet-vs-source drift, though it leaves a small mismatch on the Cryptify host (pinned file hasfileshare., canonical isstorage.). The cleanest fix is to repin the source link to a newer commit onmainthat uses the canonical hosts, or to repin to thestorage.staging.postguard.eurename commit in postguard-examples, and update the snippet text to match exactly what is at that hash.Verification
After the edit, run
npm run docs:build(no warnings expected, build ~7s) andgrep -rEn 'yivi\.app|fileshare\.postguard\.eu' docs/should return nothing under non-dist/paths.