Add monorepo sync scaffolding and workflows

infra/railway/ENVIRONMENT_GUIDE.md

@@ -0,0 +1,39 @@
+# Railway Environment Guide
+
+Railway deployments are driven from the monorepo. Each service declares its own variables here so workflows can validate and operators can provision them consistently.
+
+## Core API (`services/core-api`)
+- `CORE_API_DATABASE_URL`
+- `CORE_API_SECRET_KEY`
+- `CORE_API_ALLOWED_ORIGINS`
+- `CORE_API_HEALTHCHECK_URL` (defaults to deployed `/health` endpoint)
+
+## Public API (`services/public-api`)
+- `PUBLIC_API_DATABASE_URL`
+- `PUBLIC_API_SECRET_KEY`
+- `PUBLIC_API_ALLOWED_ORIGINS`
+- `PUBLIC_API_HEALTHCHECK_URL`
+
+## Operator (`services/operator`)
+- `OPERATOR_API_URL`
+- `OPERATOR_SECRET_KEY`
+- `OPERATOR_ALLOWED_ORIGINS`
+- `OPERATOR_HEALTHCHECK_URL`
+
+## Prism Console (`apps/prism-console`)
+- `PRISM_API_URL`
+- `PRISM_CONSOLE_PUBLIC_URL`
+- `PRISM_CONSOLE_AUTH_TOKEN`
+
+## Web (`apps/web`)
+- `WEB_PUBLIC_URL`
+- `WEB_API_URL`
+- `WEB_BUILD_ENV`
+
+## Docs (`docs/site`)
+- `DOCS_PUBLIC_URL`
+
+## Deployment Notes
+- Secrets are injected via `${{ secrets.RAILWAY_TOKEN }}` in GitHub Actions; do not commit credentials.
+- Healthchecks should respond on `/health` and `/version` for every deployed service.
+- Update this guide when adding a new service so deployment workflows remain aligned.