blackroad-os/blackroad-operating-system
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/BlackRoad-Operating-System.git synced 2026-03-17 05:57:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
805887db0ea5d2b04a1950f9306b08994c966f5a
blackroad-operating-system/DEPLOYMENT_NOTES.md
Claude bcfd03b72a feat: BlackRoad OS Phase 2.5 - Infrastructure Wiring Complete 
Phase 2.5 wires up the infrastructure decisions and prepares BlackRoad OS
for production deployment. This phase codifies architectural choices and
creates deployment-ready configurations.

## Key Decisions Codified

-  Monorepo as canonical OS home (for Phase 1-2)
-  Prism Console served from backend at /prism
-  Documentation via GitHub Pages (MkDocs)
-  Vanilla JavaScript frontend maintained

## New Infrastructure

### Documentation & Planning
- PHASE2_5_SUMMARY_FOR_ALEXA.md - Complete Phase 2.5 summary
- BLACKROAD_OS_REPO_MAP.md - Repository structure map
- DEPLOYMENT_NOTES.md - Production deployment guide

### Backend Infrastructure
- backend/app/routers/prism_static.py - Prism Console static router
- backend/static/prism/ - Prism Console UI skeleton
  - index.html, css/prism.css, js/prism-core.js

### Documentation System
- .github/workflows/docs-deploy.yml - MkDocs deployment automation
- codex-docs/mkdocs.yml - MkDocs + Material theme config
- codex-docs/DEPLOY_DOCS.md - Docs deployment guide
- codex-docs/docs/ - Complete documentation structure

### Updated Files
- backend/app/main.py - Added Prism router, OpenAPI tags
- MASTER_ORCHESTRATION_PLAN.md - Added Phase 2.5 section

## URL Structure (Production)

- https://blackroad.systems → Main OS
- https://blackroad.systems/prism → Prism Console
- https://blackroad.systems/api/* → REST API
- https://docs.blackroad.systems → Documentation

## Post-Merge Checklist

1. Configure GitHub Pages (5 min)
2. Configure Railway deployment (10 min)
3. Configure Cloudflare DNS (15 min)
4. Verify all routes work (5 min)
5. Monitor first deployment (10 min)

See PHASE2_5_SUMMARY_FOR_ALEXA.md for complete post-merge instructions.

## Implementation Status

 Phase 2.5 Complete - Ready for production deployment

---

Where AI meets the open road. 🛣️
2025-11-18 04:11:50 +00:00

17 KiB
Raw Blame History

🚀 BlackRoad OS Deployment Notes

Version: 2.5 Date: 2025-11-18 Purpose: Production deployment checklist and reference

Pre-Deployment Checklist

Prerequisites

  • GitHub repository: blackboxprogramming/BlackRoad-Operating-System
  • Railway account with project created
  • Cloudflare account with domains added
  • Domain registrar: GoDaddy (or other)
  • Railway CLI installed: curl -fsSL https://railway.app/install.sh | sh
  • Git configured and authenticated

Environment Variables

Required Variables

Backend Service (Railway)

# Core Settings
ENVIRONMENT=production
DEBUG=False
SECRET_KEY=<generate-with-openssl-rand-hex-32>
APP_NAME="BlackRoad Operating System"
APP_VERSION="1.0.0"

# Database (auto-injected by Railway)
DATABASE_URL=${{Postgres.DATABASE_URL}}
DATABASE_ASYNC_URL=${{Postgres.DATABASE_ASYNC_URL}}

# Redis (auto-injected by Railway)
REDIS_URL=${{Redis.REDIS_URL}}

# CORS (update with your domains)
ALLOWED_ORIGINS=https://blackroad.systems,https://os.blackroad.systems,https://blackroad.ai,https://www.blackroad.systems

# Public URLs
API_BASE_URL=https://blackroad.systems
FRONTEND_URL=https://blackroad.systems

# JWT Settings
ACCESS_TOKEN_EXPIRE_MINUTES=30
REFRESH_TOKEN_EXPIRE_DAYS=7
ALGORITHM=HS256

# Blockchain
WALLET_MASTER_KEY=<generate-with-openssl-rand-hex-32>

Optional Variables (Add as Needed)

# AI Integration
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...

# External Services
GITHUB_TOKEN=ghp_...
STRIPE_SECRET_KEY=sk_live_...
STRIPE_PUBLISHABLE_KEY=pk_live_...
TWILIO_ACCOUNT_SID=...
TWILIO_AUTH_TOKEN=...
SLACK_BOT_TOKEN=xoxb-...
DISCORD_BOT_TOKEN=...

# Monitoring
SENTRY_DSN=https://...@sentry.io/...

# Cloud Storage
AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...
AWS_S3_BUCKET=...
AWS_REGION=us-east-1

# Email
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=...
SMTP_PASSWORD=...

Generate Secrets

# Generate SECRET_KEY
openssl rand -hex 32

# Generate WALLET_MASTER_KEY
openssl rand -hex 32

# Generate JWT secret (if separate)
openssl rand -hex 32

Railway Deployment

1. Create Railway Project

Via CLI:

# Login
railway login

# Create new project
railway init

# Link to GitHub repo
railway link

Via Web UI:

  1. Go to https://railway.app/new
  2. Click "Deploy from GitHub repo"
  3. Select blackboxprogramming/BlackRoad-Operating-System
  4. Choose "Deploy Now"

2. Add Database Services

PostgreSQL:

# Via CLI
railway add --plugin postgresql

# Or via Web UI:
# Project → New → Database → Add PostgreSQL

Redis:

# Via CLI
railway add --plugin redis

# Or via Web UI:
# Project → New → Database → Add Redis

3. Set Environment Variables

Via CLI:

# Set individual variables
railway variables set ENVIRONMENT=production
railway variables set DEBUG=False
railway variables set SECRET_KEY=<your-secret-key>
railway variables set ALLOWED_ORIGINS=https://blackroad.systems

# Or upload from file
railway variables set -f backend/.env.example
# (Edit values before uploading!)

Via Web UI:

  1. Project → backend service → Variables
  2. Click "New Variable"
  3. Add each variable from list above
  4. Save

Important: For DATABASE_URL and REDIS_URL, use Railway's variable references:

  • ${{Postgres.DATABASE_URL}}
  • ${{Redis.REDIS_URL}}

These auto-populate with connection strings.

4. Configure Build & Deploy

railway.toml (already in repo):

[build]
builder = "DOCKERFILE"
dockerfilePath = "backend/Dockerfile"

[deploy]
startCommand = "cd backend && uvicorn app.main:app --host 0.0.0.0 --port $PORT"
healthcheckPath = "/health"
healthcheckTimeout = 100
restartPolicyType = "ON_FAILURE"
restartPolicyMaxRetries = 10

Verify Build Settings:

  • Root directory: /
  • Dockerfile path: backend/Dockerfile
  • Start command: Auto-detected from railway.toml

5. Deploy Backend

Via CLI:

# Deploy from current branch
railway up

# Or deploy specific service
railway up --service backend

Via Web UI:

  • Push to main branch → automatic deployment
  • Or click "Deploy" button in Railway dashboard

6. Run Database Migrations

After first deployment:

# Connect to Railway service
railway run bash

# Inside Railway container:
cd backend
alembic upgrade head

# Or run directly:
railway run alembic upgrade head

7. Add Custom Domains

Via Railway Web UI:

  1. Project → backend service → Settings → Networking
  2. Under "Custom Domains", click "Add Domain"
  3. Enter: blackroad.systems
  4. Railway provides CNAME target (e.g., blackroad-os-production.up.railway.app)
  5. Add this CNAME to Cloudflare (see next section)
  6. Wait for SSL provisioning (automatic, 2-5 minutes)
  7. Repeat for other domains/subdomains

Domains to add:

  • blackroad.systems (primary)
  • os.blackroad.systems (optional alias)
  • api.blackroad.systems (optional explicit API subdomain)

8. Verify Deployment

Health Check:

# Check Railway URL first
curl https://blackroad-os-production.up.railway.app/health

# Expected response:
{
  "status": "healthy",
  "timestamp": 1700000000,
  "environment": "production"
}

Check Logs:

# Via CLI
railway logs --service backend --tail 100

# Or in Web UI:
# Project → backend → Logs

Look for:

  • "Starting BlackRoad Operating System Backend..."
  • "Database tables created successfully"
  • "Server running on production mode"
  • No error stack traces

Cloudflare Configuration

1. Add Domain to Cloudflare

If not already added:

  1. Cloudflare dashboard → "Add a site"
  2. Enter: blackroad.systems
  3. Choose: Free plan
  4. Cloudflare scans existing DNS records

2. Update Nameservers at Domain Registrar

At GoDaddy (or your registrar):

  1. Log in to domain management
  2. Find blackroad.systems → DNS settings
  3. Change nameservers from GoDaddy to Cloudflare
  4. Cloudflare provides 2 nameservers (e.g., ns1.cloudflare.com, ns2.cloudflare.com)
  5. Save changes
  6. Wait 5-60 minutes for propagation

Verify:

dig NS blackroad.systems
# Should show Cloudflare nameservers

3. Configure DNS Records

For blackroad.systems zone:

Type Name Target Proxy TTL Notes
CNAME @ blackroad-os-production.up.railway.app Proxied Auto Root domain → Railway
CNAME www blackroad.systems Proxied Auto www redirect
CNAME os blackroad.systems Proxied Auto Optional alias
CNAME api blackroad.systems Proxied Auto Optional explicit API
CNAME prism blackroad.systems Proxied Auto Prism Console alias (future)
CNAME docs blackboxprogramming.github.io Proxied Auto GitHub Pages docs

Important:

  • All CNAMEs should be Proxied (orange cloud icon)
  • This enables Cloudflare CDN, SSL, DDoS protection
  • Use CNAME flattening for root domain (@) - Cloudflare does this automatically

Add DNS Records:

  1. Cloudflare dashboard → DNS → Records
  2. Click "Add record"
  3. Fill in values from table above
  4. Click "Save"
  5. Repeat for each record

4. Configure SSL/TLS

Settings:

  1. Cloudflare → SSL/TLS → Overview
  2. Set encryption mode: Full (strict)
  3. Enable:
    • Always Use HTTPS
    • Automatic HTTPS Rewrites
    • Minimum TLS Version: 1.2

Edge Certificates:

  1. Cloudflare → SSL/TLS → Edge Certificates
  2. Verify:
    • Universal SSL: Active
    • Certificate status: Active
    • Edge certificates: Covers all subdomains

5. Configure Page Rules (Optional)

Rule 1: Redirect www to apex

  • URL: www.blackroad.systems/*
  • Setting: Forwarding URL
  • Status: 301 - Permanent Redirect
  • Destination: https://blackroad.systems/$1

Rule 2: Cache static assets

  • URL: blackroad.systems/static/*
  • Settings:
    • Cache Level: Cache Everything
    • Edge Cache TTL: 1 month

Rule 3: Cache Prism assets

  • URL: blackroad.systems/prism/assets/*
  • Settings:
    • Cache Level: Cache Everything
    • Edge Cache TTL: 1 week

6. Verify DNS & SSL

Check DNS propagation:

# Check A/CNAME records
dig blackroad.systems
dig www.blackroad.systems
dig docs.blackroad.systems

# Check from different locations
# Use: https://dnschecker.org

Check SSL:

# Check certificate
curl -vI https://blackroad.systems 2>&1 | grep -i 'SSL\|TLS'

# Or visit in browser and click padlock icon

Test all routes:

# Main OS
curl -I https://blackroad.systems
# → 200 OK

# Prism
curl -I https://blackroad.systems/prism
# → 200 OK (after Prism UI is deployed)

# API Health
curl https://blackroad.systems/health
# → {"status": "healthy", ...}

# Docs
curl -I https://docs.blackroad.systems
# → 200 OK (after GitHub Pages is set up)

GitHub Pages (Documentation)

1. Build Documentation Locally (Test)

cd codex-docs

# Install MkDocs
pip install mkdocs mkdocs-material

# Test build
mkdocs build --strict

# Test locally
mkdocs serve
# Visit: http://localhost:8001

2. Configure GitHub Pages

Via GitHub Web UI:

  1. Repository → Settings → Pages
  2. Source:
    • Branch: gh-pages (created by workflow)
    • Folder: / (root)
  3. Custom domain: docs.blackroad.systems
  4. Enforce HTTPS
  5. Save

GitHub creates a CNAME file in gh-pages branch automatically.

3. Deploy Documentation

Automatic (via GitHub Actions):

  • Workflow: .github/workflows/docs-deploy.yml
  • Trigger: Push to main branch, or manual dispatch
  • Actions:
    1. Checkout code
    2. Install MkDocs + Material theme
    3. Build docs: mkdocs build --strict
    4. Deploy to gh-pages branch

Manual Deploy (if needed):

cd codex-docs

# Build and deploy
mkdocs gh-deploy

# This creates/updates gh-pages branch

4. Verify Documentation

# Check GitHub Pages URL first
curl -I https://blackboxprogramming.github.io/BlackRoad-Operating-System/

# Then check custom domain
curl -I https://docs.blackroad.systems/

GitHub Secrets (CI/CD)

Required Secrets

For Railway deployment:

# Get Railway token
railway login
railway whoami

# Add to GitHub:
# Settings → Secrets and variables → Actions → New repository secret
Name: RAILWAY_TOKEN
Value: <your-railway-token>

For Cloudflare automation (optional):

# Get Cloudflare API token
# Cloudflare dashboard → Profile → API Tokens → Create Token
# Template: Edit zone DNS

Name: CF_API_TOKEN
Value: <your-cloudflare-token>

Name: CF_ZONE_ID
Value: <zone-id-from-cloudflare-dashboard>

Set Secrets

Via GitHub Web UI:

  1. Repository → Settings → Secrets and variables → Actions
  2. Click "New repository secret"
  3. Add each secret from above
  4. Click "Add secret"

Via GitHub CLI:

gh secret set RAILWAY_TOKEN --body "<your-token>"
gh secret set CF_API_TOKEN --body "<your-token>"
gh secret set CF_ZONE_ID --body "<zone-id>"

Monitoring & Maintenance

Health Checks

Automated (Railway):

  • Railway checks /health endpoint every 30 seconds
  • Auto-restarts on failure
  • Sends alerts (configure in Railway dashboard)

Manual:

# Quick health check
curl https://blackroad.systems/health

# Detailed check
curl https://blackroad.systems/api/docs
# Should show OpenAPI docs

Logs

Railway Logs:

# Tail logs
railway logs --service backend --tail 100

# Or in Web UI:
# Project → backend → Logs

Cloudflare Analytics:

  • Dashboard → Analytics
  • Check: Requests, bandwidth, threats blocked

Database Backups

Railway automatic backups:

  • Daily snapshots (free tier: 7 days retention)
  • To restore: Railway dashboard → Postgres → Backups

Manual backup:

# Export database
railway run pg_dump $DATABASE_URL > backup-$(date +%Y%m%d).sql

# Import database (if needed)
railway run psql $DATABASE_URL < backup-20251118.sql

Cost Monitoring

Railway usage:

# Check current usage
railway usage

# Or in Web UI:
# Project → Usage

Cloudflare analytics:

  • Free tier: Unlimited requests
  • Monitor: SSL/TLS usage, cache hit ratio

Rollback Procedures

Railway Rollback

Via Web UI:

  1. Project → backend → Deployments
  2. Find previous successful deployment
  3. Click "..." → Rollback
  4. Confirm

Via CLI:

railway rollback --service backend

Database Rollback

Via Alembic:

# Rollback last migration
railway run alembic downgrade -1

# Rollback to specific version
railway run alembic downgrade <revision>

DNS Rollback

If needed:

  1. Cloudflare dashboard → DNS → Records
  2. Edit CNAME record
  3. Point to previous target
  4. Save (propagates in ~2 minutes due to proxy)

Troubleshooting

Issue: Railway Deployment Fails

Check:

# View build logs
railway logs --service backend

# Common issues:
# - Missing environment variables
# - Dockerfile syntax error
# - Dependencies not installing

Fix:

  1. Verify all required env vars are set
  2. Test Dockerfile locally: docker build -t test backend/
  3. Check requirements.txt for typos
  4. Re-deploy: railway up

Issue: Database Connection Errors

Check:

# Verify DATABASE_URL is set
railway variables | grep DATABASE

# Test connection
railway run psql $DATABASE_URL

Fix:

  1. Ensure PostgreSQL plugin is added
  2. Use ${{Postgres.DATABASE_URL}} reference
  3. Check database is running: Railway dashboard → Postgres

Issue: CORS Errors in Browser

Check:

# Verify ALLOWED_ORIGINS
railway variables | grep ALLOWED_ORIGINS

Fix:

  1. Add your domain to ALLOWED_ORIGINS
  2. Include both https://blackroad.systems and https://www.blackroad.systems
  3. No trailing slashes!
  4. Redeploy: railway up

Issue: Cloudflare 522 Error

Cause: Origin (Railway) is down

Check:

# Test Railway directly
curl https://blackroad-os-production.up.railway.app/health

Fix:

  1. Check Railway logs for errors
  2. Verify health endpoint works
  3. Restart service if needed
  4. Wait 1-2 minutes for Cloudflare to detect

Issue: GitHub Pages Not Updating

Check:

# Check workflow status
gh run list --workflow=docs-deploy.yml

# View workflow logs
gh run view <run-id> --log

Fix:

  1. Verify workflow ran successfully
  2. Check gh-pages branch was updated
  3. Check GitHub Pages settings: correct branch/folder
  4. Wait 5-10 minutes for deployment
  5. Hard refresh browser (Ctrl+F5)

Security Checklist

Pre-Production

  • All secrets use environment variables (not hardcoded)
  • SECRET_KEY is unique and strong (32+ hex chars)
  • DEBUG=False in production
  • HTTPS enforced (Cloudflare "Always Use HTTPS")
  • CORS restricted to specific domains (not *)
  • Database uses strong password (Railway auto-generates)
  • API rate limiting enabled (TODO: add middleware)
  • Sentry error monitoring configured (optional)

Post-Production

  • Monitor Railway logs for errors
  • Monitor Cloudflare for attack attempts
  • Enable GitHub Dependabot for vulnerability alerts
  • Regular database backups (Railway automatic)
  • Test disaster recovery (restore from backup)

Quick Reference

Production URLs

Service URL Source
Main OS https://blackroad.systems Railway (backend/static/)
Prism Console https://blackroad.systems/prism Railway (backend/static/prism/)
API Docs https://blackroad.systems/api/docs Railway (OpenAPI)
Health Check https://blackroad.systems/health Railway (endpoint)
Documentation https://docs.blackroad.systems GitHub Pages (codex-docs/)

Development URLs

Service URL Source
Main OS http://localhost:8000 Local backend
Prism Console http://localhost:8000/prism Local backend
API Docs http://localhost:8000/api/docs Local backend
Health Check http://localhost:8000/health Local backend
Documentation http://localhost:8001 mkdocs serve

Important Commands

# Railway
railway login
railway link
railway up
railway logs --tail 100
railway variables
railway status

# Cloudflare (via API - optional)
# Use Web UI for most tasks

# GitHub Pages
cd codex-docs
mkdocs build --strict
mkdocs serve
mkdocs gh-deploy

# Database
railway run alembic upgrade head
railway run alembic downgrade -1
railway run pg_dump $DATABASE_URL > backup.sql

Post-Deployment Checklist

After completing deployment:

  • All services running (Railway dashboard)
  • Health check returns 200: curl https://blackroad.systems/health
  • Main OS loads: https://blackroad.systems
  • Prism Console loads: https://blackroad.systems/prism
  • API docs accessible: https://blackroad.systems/api/docs
  • Documentation accessible: https://docs.blackroad.systems
  • SSL valid (green padlock in browser)
  • DNS resolves correctly (all subdomains)
  • Logs show no errors (Railway + Cloudflare)
  • Database migrations ran successfully
  • Secrets/env vars all set correctly
  • Monitoring configured (optional: Sentry)
  • Team notified of deployment

Where AI meets the open road. 🛣️

Production deployment notes for BlackRoad OS Phase 2.5

Reference in New Issue View Git Blame Copy Permalink