EIAS Deployment Guide¶

Instructions for deploying EIAS to production environments.

Table of Contents¶

Deployment Options
Environment Configuration
Docker Deployment
Vercel Deployment
Self-Hosted Deployment
Database Setup
Security Considerations
Monitoring
Backup and Recovery

Deployment Options¶

Option	Best For	Complexity	Cost
Vercel	Quick deployment, auto-scaling	Low	Free tier available
Docker	Full control, self-hosted	Medium	Depends on infrastructure
Railway	Managed PostgreSQL + hosting	Low	Pay-as-you-go
AWS/GCP	Enterprise, compliance requirements	High	Variable

Environment Configuration¶

Required Variables¶

# Database
DATABASE_URL="postgresql://user:password@host:5432/eias?schema=public"

# Anthropic API
ANTHROPIC_API_KEY="sk-ant-api03-..."

# Authentication (required for production)
NEXTAUTH_SECRET="generate-with-openssl-rand-base64-32"
NEXTAUTH_URL="https://your-domain.com"

Generating Secrets¶

# Generate NEXTAUTH_SECRET
openssl rand -base64 32

Optional Variables¶

# Rate limiting (requests per minute)
RATE_LIMIT_INTERVIEW=20

# Session configuration
SESSION_MAX_AGE=86400

# Logging level
LOG_LEVEL=info

Docker Deployment¶

Production Dockerfile¶

The repository includes a multi-stage Dockerfile optimized for production:

# Build stage
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npx prisma generate
RUN npm run build

# Production stage
FROM node:18-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production

# Copy necessary files
COPY --from=builder /app/next.config.ts ./
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
COPY --from=builder /app/prisma ./prisma

# Install only production dependencies for Prisma
RUN npm install -g prisma

EXPOSE 3000
ENV PORT=3000

CMD ["node", "server.js"]

Docker Compose Production¶

# docker-compose.prod.yml
version: '3.8'

services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "3000:3000"
    environment:
      - DATABASE_URL=postgresql://postgres:${DB_PASSWORD}@db:5432/eias
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=${NEXTAUTH_URL}
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped

  db:
    image: postgres:15-alpine
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=${DB_PASSWORD}
      - POSTGRES_DB=eias
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped

volumes:
  postgres_data:

Deploying with Docker Compose¶

# Create environment file
cp .env.example .env.prod
# Edit .env.prod with production values

# Build and start
docker compose -f docker-compose.prod.yml up -d --build

# Initialize database
docker compose -f docker-compose.prod.yml exec app npx prisma db push

# View logs
docker compose -f docker-compose.prod.yml logs -f app

Vercel Deployment¶

Prerequisites¶

Vercel account
PostgreSQL database (Vercel Postgres, Supabase, Railway, or external)

Steps¶

Connect Repository

# Install Vercel CLI
npm i -g vercel

# Login and link project
vercel login
vercel link

Configure Environment Variables

In Vercel Dashboard → Project → Settings → Environment Variables:

DATABASE_URL=postgresql://...
ANTHROPIC_API_KEY=sk-ant-...
NEXTAUTH_SECRET=your-generated-secret
NEXTAUTH_URL=https://your-project.vercel.app

Deploy

# Deploy to preview
vercel

# Deploy to production
vercel --prod

Run Database Migration

After first deploy:

# Connect to Vercel environment
vercel env pull .env.local

# Push schema
npx prisma db push

Vercel Configuration¶

Add to vercel.json:

{
  "buildCommand": "npx prisma generate && npm run build",
  "framework": "nextjs"
}

Self-Hosted Deployment¶

Using PM2¶

Install PM2

npm install -g pm2

Build Application

npm ci
npm run build

Create PM2 Config

// ecosystem.config.js
module.exports = {
  apps: [{
    name: 'eias',
    script: 'npm',
    args: 'start',
    env: {
      NODE_ENV: 'production',
      PORT: 3000
    },
    instances: 'max',
    exec_mode: 'cluster',
    autorestart: true,
    watch: false,
    max_memory_restart: '1G'
  }]
};

Start Application

pm2 start ecosystem.config.js
pm2 save
pm2 startup

Nginx Reverse Proxy¶

# /etc/nginx/sites-available/eias
server {
    listen 80;
    server_name eias.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name eias.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/eias.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/eias.yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

Enable and test:

sudo ln -s /etc/nginx/sites-available/eias /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Database Setup¶

Managed PostgreSQL Options¶

Provider	Pros	Cons
Vercel Postgres	Integrated, easy setup	Limited free tier
Supabase	Generous free tier, realtime	Added complexity
Railway	Simple, good pricing	Smaller ecosystem
Neon	Serverless, branching	Newer service
AWS RDS	Enterprise features	Complex setup

Connection Pooling¶

For serverless deployments, use connection pooling:

# With PgBouncer URL format
DATABASE_URL="postgresql://user:pass@host:6543/eias?pgbouncer=true"

Database Migrations¶

# Push schema (development/small changes)
npx prisma db push

# Create migration (production)
npx prisma migrate dev --name your_migration_name

# Apply migrations in production
npx prisma migrate deploy

Security Considerations¶

HTTPS¶

Always use HTTPS in production. Options: - Let's Encrypt with Certbot - Cloudflare proxy - Managed load balancer (AWS ALB, GCP LB)

API Key Security¶

Store ANTHROPIC_API_KEY in environment variables only
Never commit to version control
Rotate keys periodically
Use separate keys for development/production

Database Security¶

Use strong passwords (32+ characters)
Restrict network access to application servers only
Enable SSL connections
Regular security updates

Rate Limiting¶

Implement at application and infrastructure levels:

// Already implemented in interview API routes
// 20 requests per minute per session

CORS Configuration¶

Configured in Next.js API routes to only allow your domain.

Content Security Policy¶

Add to Next.js config:

// next.config.ts
const securityHeaders = [
  {
    key: 'Content-Security-Policy',
    value: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
  }
];

Monitoring¶

Health Check Endpoint¶

curl https://your-domain.com/api/health
# Returns: {"status":"healthy","timestamp":"..."}

Recommended Monitoring Stack¶

Tool	Purpose
Sentry	Error tracking
Vercel Analytics	Performance monitoring
Datadog/New Relic	Full observability
Uptime Robot	Availability monitoring

Key Metrics to Track¶

Response times (p50, p95, p99)
Error rates
Database connection pool utilization
Claude API latency and errors
Active interview sessions

Logging¶

Configure structured logging:

// Use console.log in production (captured by platform)
console.log(JSON.stringify({
  level: 'info',
  message: 'Interview completed',
  sessionId: session.id,
  duration: completionTime
}));

Backup and Recovery¶

Database Backups¶

Automated backups (recommended for managed services): - Enable point-in-time recovery - Configure retention period (minimum 7 days) - Test restoration procedure quarterly

Manual backups:

# Backup
pg_dump $DATABASE_URL > backup_$(date +%Y%m%d).sql

# Restore
psql $DATABASE_URL < backup_20240115.sql

Backup Strategy¶

Component	Frequency	Retention
Database	Daily	30 days
Application logs	Continuous	90 days
Configuration	On change	Versioned

Disaster Recovery¶

Document recovery procedures
Test backups regularly (monthly)
Maintain runbook for common failures
Define RTO/RPO based on business requirements

Scaling Considerations¶

Horizontal Scaling¶

EIAS is stateless and can scale horizontally: - Add more application instances behind load balancer - Database is the primary bottleneck

Database Scaling¶

For high load: - Add read replicas for read-heavy workloads - Implement connection pooling (PgBouncer) - Consider database partitioning for large datasets

Caching¶

Consider adding caching for: - Project and agent configurations - Frequently accessed data - API responses where appropriate

Cost Optimization¶

Use reserved instances for predictable workloads
Implement auto-scaling for variable load
Monitor and right-size database instances
Cache Claude API responses where appropriate

Troubleshooting Production Issues¶

Application Won't Start¶

# Check logs
docker compose logs app

# Verify environment variables
docker compose exec app env | grep -E "(DATABASE|ANTHROPIC|NEXTAUTH)"

# Test database connection
docker compose exec app npx prisma db pull

Database Connection Issues¶

# Test connectivity
pg_isready -h hostname -p 5432 -U postgres

# Check connection string format
# Must include ?schema=public for Prisma

High Memory Usage¶

Increase Node.js memory limit: NODE_OPTIONS="--max-old-space-size=4096"
Check for memory leaks in custom code
Monitor with pm2 monit

Slow Response Times¶

Check Claude API latency
Review database query performance
Add database indexes if needed
Consider caching frequently accessed data

Maintenance¶

Regular Tasks¶

Weekly: Review error logs, check disk space
Monthly: Update dependencies, review security advisories
Quarterly: Test backup restoration, review access controls

Updating the Application¶

# Pull latest code
git pull origin main

# Install dependencies
npm ci

# Run migrations
npx prisma migrate deploy

# Rebuild and restart
npm run build
pm2 restart eias

Getting Help¶

GitHub Issues: Technical problems and bugs
Documentation: This guide and related docs
Security issues: Contact security@example.com directly