Skip to content
Standard

Standard Production Deployment Guide

Standard Production Deployment Guide

Section titled “Standard Production Deployment Guide”

Last updated: 2026-05-02

Infrastructure Overview

Section titled “Infrastructure Overview”
ComponentPlatformURL
Frontend (SPA)Cloudflare Pageshttps://apistandard.bekaa.eu
API GatewayCloudflare Workerhttps://standard-api.bekaa.eu
DatabaseNeon PostgreSQLManaged external
AuthStandard Native Auth (SSO via Google)Embedded in Worker

Cloudflare Projects

Section titled “Cloudflare Projects”

Frontend — standard-web

Section titled “Frontend — standard-web”
  • Type: Cloudflare Pages
  • Build output: apps/web/dist
  • Custom domain: apistandard.bekaa.eu
  • Framework: React 19 + Vite (SPA)

API Gateway — standard-api-standard-api-gateway-production

Section titled “API Gateway — standard-api-standard-api-gateway-production”
  • Type: Cloudflare Worker
  • Config file: apps/api-gateway/wrangler.toml[env.production]
  • Custom domain: standard-api.bekaa.eu
  • Bindings: Queues (ingestion, KB embedding, report export), R2 buckets (documents, reports, exports), KV cache

Required Secrets

Section titled “Required Secrets”

Set via npx wrangler secret put <NAME> --env production:

SecretDescription
DATABASE_URLNeon PostgreSQL connection string (pooled)
BETTER_AUTH_SECRETJWT signing secret for Standard Native Auth sessions
GOOGLE_CLIENT_IDGoogle OAuth 2.0 client ID
GOOGLE_CLIENT_SECRETGoogle OAuth 2.0 client secret

Environment Variables

Section titled “Environment Variables”

Set in wrangler.toml under [env.production.vars]:

VariableValue
STANDARD_ENVproduction
BETTER_AUTH_URLhttps://standard-api.bekaa.eu
LOG_LEVELinfo
AI_GATEWAY_NAMEstandard-prod

Deploy Commands

Section titled “Deploy Commands”

Frontend

Section titled “Frontend”
Terminal window
# 1. Build
cd apps/web && pnpm build


# 2. Deploy to Cloudflare Pages
npx wrangler pages deploy apps/web/dist \
  --project-name standard-web \
  --branch production \
  --commit-dirty=true

API Gateway

Section titled “API Gateway”
Terminal window
# Deploy to production Worker
npx wrangler deploy \
  --config apps/api-gateway/wrangler.toml \
  --env production

Database Migrations

Section titled “Database Migrations”
Terminal window
# Generate migrations from Drizzle schemas
pnpm db:generate


# Apply migrations
pnpm db:migrate

Verification Checklist

Section titled “Verification Checklist”

  1. API Health: curl https://standard-api.bekaa.eu/health

    • Expected: {"ok":true,"service":"standard-api-standard","database":"connected"}

  2. Frontend: Open https://apistandard.bekaa.eu

    • Expected: Login page renders with Google SSO button

  3. Auth Flow: Sign in with Google

    • Expected: Redirect to dashboard with session

  4. SCF Catalog: Navigate to /scf

    • Expected: Controls and frameworks from synthetic fixture

  5. Admin Panel: Navigate to /admin/*

    • Expected: Organizations, Users, Audit, Licenses, System Health pages

Environment Separation

Section titled “Environment Separation”
AspectDevelopmentProduction
Worker namestandard-api-standard-api-gatewaystandard-api-standard-api-gateway-production
Auth modeMockAuthProvider (legacy headers)Standard Native Auth (sessions + RBAC)
DatabaseNeon dev branchNeon production branch
STANDARD_ENVdevelopmentproduction
Custom domainstandard-api.bekaa.eu

Troubleshooting

Section titled “Troubleshooting”

Google OAuth not working

Section titled “Google OAuth not working”
  • Verify GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET are set as Worker secrets
  • Check redirect URI in Google Console includes https://standard-api.bekaa.eu/api/auth/callback/google

Database connection failed

Section titled “Database connection failed”
  • Check DATABASE_URL secret has the pooled connection string
  • Verify Neon project is active and not suspended

CORS errors

Section titled “CORS errors”
  • API gateway handles CORS via withCors() wrapper
  • Allowed origin: https://apistandard.bekaa.eu