Admin

Guided Production Deployment

Oracle Cloud Deployment Wizard

A controlled phase-by-phase deployment path for Oracle Cloud, Hostinger DNS, TLS, OpenRouter, email, payments, workers, monitoring, and final order simulation.

Blocked

Local checks

7/16

Blocking checks

9

Required env

6/6

Optional integrations

0/11

Readiness Audit

  • Docker production image definition

    Dockerfile missing

    Create the production Dockerfile.

  • Docker Compose local stack

    docker-compose.yml missing

    Restore docker-compose.yml.

  • Docker Compose production override

    docker-compose.production.yml missing

    Create docker-compose.production.yml.

  • Prisma schema

    prisma/schema.prisma missing

    Restore prisma/schema.prisma.

  • Local env example

    .env.example missing

    Create .env.example.

  • Production env example

    .env.production.example missing

    Create .env.production.example.

  • Health endpoint

    src/app/api/health/route.ts missing

    Restore /api/health.

  • Metrics endpoint

    src/app/api/metrics/route.ts missing

    Restore /api/metrics.

  • Git repository metadata

    .git missing

    Run inside the project repository.

  • npm run build

    Script "build" is configured

  • npm run lint

    Script "lint" is configured

  • npm test

    Script "test" is configured

  • npm run prisma:generate

    Script "prisma:generate" is configured

  • npm run worker

    Script "worker" is configured

  • npm run scheduler

    Script "scheduler" is configured

  • npm run env:validate

    Script "env:validate" is configured

Environment Wizard

NEXT_PUBLIC_APP_URL

configured

Used by the frontend and callbacks to know the public application origin.

https://kaollo.online

Must be a valid http or https URL.

NEXTAUTH_URL

configured

Defines the canonical callback base URL for Auth.js/NextAuth.

https://kaollo.online

Must match the production domain exactly.

AUTH_SECRET

configured

Signs authentication tokens and protects sessions.

da5...324

At least 32 characters.

NEXTAUTH_SECRET

configured

Compatibility secret for NextAuth session signing.

c90...755

At least 32 characters.

DATABASE_URL

configured

Connects Prisma, migrations, orders, accounts, logs, and AI memory.

pos...hop

Must be a PostgreSQL connection string.

REDIS_URL

configured

Powers BullMQ workers, scheduler jobs, retries, and queue telemetry.

red...379

Must be a Redis URL.

OPENROUTER_API_KEY

optional

Allows the AI order and business agents to call the configured model provider.

not configured

Required before production AI agents are enabled.

RESEND_API_KEY

optional

Sends order, payment, shipping, delivery, and refund notifications.

not configured

Required before production email delivery is enabled.

RESEND_FROM

optional

Defines the sender identity for transactional emails.

not configured

Must be a verified sender in Resend.

STRIPE_SECRET_KEY

optional

Enables Stripe checkout and payment verification.

not configured

Use test keys until the live payment flow is verified.

STRIPE_WEBHOOK_SECRET

optional

Verifies Stripe webhook signatures before payments update orders.

not configured

Must match the webhook endpoint configured in Stripe.

MOLLIE_API_KEY

optional

Enables Mollie payments for supported regions.

not configured

Use test mode until Mollie checkout has passed validation.

S3_ENDPOINT

optional

Stores uploaded product images and future generated assets.

not configured

Must be a reachable S3-compatible endpoint when object storage is enabled.

S3_BUCKET

optional

Separates uploaded media from the application filesystem.

not configured

Bucket must exist and be writable by the configured credentials.

S3_ACCESS_KEY_ID

optional

Authenticates object storage writes.

not configured

Required when S3 storage is enabled.

S3_SECRET_ACCESS_KEY

optional

Authenticates object storage writes.

not configured

Required when S3 storage is enabled.

SENTRY_DSN

optional

Captures production exceptions and performance traces.

not configured

Optional but recommended before go-live.

Sequential Phases

Step 1

Phase 1 - Production Readiness Audit

Verify the local production foundation before any cloud action is taken.

blocked

Prerequisites

  • Existing Phase 5 codebase
  • Local repository checkout
  • Node dependencies installed

Validations

  • Docker configuration exists
  • Docker Compose configuration exists
  • Git metadata exists
  • Node package scripts exist
  • Prisma schema exists
  • Environment examples exist
  • Health and metrics endpoints exist

Manual actions

  • Fix every blocked local check before continuing.

Docker production image definition: Dockerfile missing

Docker Compose local stack: docker-compose.yml missing

Docker Compose production override: docker-compose.production.yml missing

Prisma schema: prisma/schema.prisma missing

Local env example: .env.example missing

Production env example: .env.production.example missing

Health endpoint: src/app/api/health/route.ts missing

Metrics endpoint: src/app/api/metrics/route.ts missing

Git repository metadata: .git missing

Step 2

Phase 2 - Oracle Cloud Setup

Guide the operator through OCI VM, networking, and security setup.

manual action

Prerequisites

  • Oracle Cloud account
  • Amsterdam region access
  • SSH key pair

Validations

  • Operator confirms VM exists
  • Ports 22, 80, and 443 are open
  • Internet Gateway is attached

Manual actions

  • Create the Ubuntu VM in Oracle Cloud.
  • Attach the SSH public key.
  • Configure VCN, subnet, internet gateway, route table, and security list.
  • Do not continue until the public IP is visible in OCI.

Required operator input

Oracle regionvisible

Required to continue the guided production deployment.

Example: eu-amsterdam-1

VM shapevisible

Required to continue the guided production deployment.

Example: VM.Standard.A1.Flex

VM public IPvisible

Required to continue the guided production deployment.

Example: 203.0.113.10

Compartmentvisible

Required to continue the guided production deployment.

Example: production

VCN name or OCIDvisible

Required to continue the guided production deployment.

Example: lucky100-vcn

Subnet name or OCIDvisible

Required to continue the guided production deployment.

Example: public-subnet

Operator confirmation and external credentials are required.

Step 3

Phase 3 - SSH Connection

Verify secure access to the VM before server changes are performed.

manual action

Prerequisites

  • VM public IP
  • SSH private key on operator machine
  • Port 22 open

Validations

  • SSH command succeeds
  • Remote hostname and OS can be read

Manual actions

  • Run the generated SSH test command and paste the result into the wizard.

Required operator input

SSH usernamemasked

Required for secure server access.

Example: ubuntu

SSH private key locationmasked

Required for secure server access.

Example: ~/.ssh/lucky100_oci

VM public IPvisible

Required to continue the guided production deployment.

Example: 203.0.113.10

Operator confirmation and external credentials are required.

Step 4

Phase 4 - Server Preparation

Prepare Ubuntu with Docker, firewall rules, app user, and deployment directories.

manual action

Prerequisites

  • SSH verified
  • sudo access

Validations

  • Docker works
  • Docker Compose works
  • Firewall allows only 22/80/443
  • Disk/RAM/CPU report generated

Manual actions

  • Review every generated command before execution on the server.

Operator confirmation and external credentials are required.

Step 5

Phase 5 - GitHub

Clone the production repository and stamp the deployment version.

manual action

Prerequisites

  • GitHub repository
  • Deploy key or token if private

Validations

  • Repository access verified
  • Branch exists
  • Deployment version generated

Manual actions

  • Confirm whether repository access is public or provide a deploy key.

Required operator input

Repository URLvisible

Required to continue the guided production deployment.

Example: https://github.com/account/webshop.git

Branchvisible

Required to continue the guided production deployment.

Example: main

Operator confirmation and external credentials are required.

Step 6

Phase 6 - Environment Wizard

Collect and validate required secrets without logging or displaying them.

manual action

Prerequisites

  • Production domain decision
  • Database and Redis topology decision

Validations

  • Required env vars pass schema validation
  • Secrets are masked
  • Optional integrations are marked pending

Manual actions

  • Enter every required value and keep optional providers disabled until credentials are real.

Required operator input

Public application URLvisible

Used by the frontend and callbacks to know the public application origin.

Example: https://lucky100.online

Auth callback URLvisible

Defines the canonical callback base URL for Auth.js/NextAuth.

Example: https://lucky100.online

Auth secretmasked

Signs authentication tokens and protects sessions.

Example: Generate with: openssl rand -base64 32

NextAuth secretmasked

Compatibility secret for NextAuth session signing.

Example: Generate with: openssl rand -base64 32

PostgreSQL connection stringmasked

Connects Prisma, migrations, orders, accounts, logs, and AI memory.

Example: postgresql://user:password@postgres:5432/autonomy_commerce

Redis connection stringmasked

Powers BullMQ workers, scheduler jobs, retries, and queue telemetry.

Example: redis://redis:6379

OpenRouter API keymasked

Allows the AI order and business agents to call the configured model provider.

Example: sk-or-v1-...

Resend API keymasked

Sends order, payment, shipping, delivery, and refund notifications.

Example: re_...

Resend sender addressvisible

Defines the sender identity for transactional emails.

Example: Lucky100 <orders@lucky100.online>

Stripe secret keymasked

Enables Stripe checkout and payment verification.

Example: sk_live_...

Stripe webhook secretmasked

Verifies Stripe webhook signatures before payments update orders.

Example: whsec_...

Mollie API keymasked

Enables Mollie payments for supported regions.

Example: live_...

S3-compatible endpointvisible

Stores uploaded product images and future generated assets.

Example: https://s3.eu-central-1.amazonaws.com or https://minio.example.com

S3 bucketvisible

Separates uploaded media from the application filesystem.

Example: lucky100-assets

S3 access keymasked

Authenticates object storage writes.

Example: AKIA...

S3 secret keymasked

Authenticates object storage writes.

Example: Never paste into logs.

Sentry DSNmasked

Captures production exceptions and performance traces.

Example: https://public@sentry.io/project

Step 7

Phase 7 - Database

Verify PostgreSQL, run migrations, seed data, and confirm backups.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • DATABASE_URL is valid
  • Prisma migrations apply
  • Seed completes
  • Backup and restore verification passes

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 8

Phase 8 - Redis

Verify Redis, BullMQ, workers, scheduler, retries, and dead-letter behavior.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • Redis ping succeeds
  • BullMQ queues are writable
  • Worker and scheduler health checks pass

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 9

Phase 9 - Application Deployment

Build Docker images and start the production stack.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • App container healthy
  • Worker healthy
  • Scheduler healthy
  • Health endpoint passes
  • Metrics endpoint emits Prometheus data

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 10

Phase 10 - Domain Configuration

Point the production domain to the Oracle public IP.

manual action

Prerequisites

  • Domain registrar access
  • Oracle VM public IP

Validations

  • A record points to public IP
  • www record is configured if needed
  • DNS propagation confirmed

Manual actions

  • Update Hostinger DNS records and wait for propagation.

Required operator input

Domainvisible

Required to continue the guided production deployment.

Example: lucky100.online

DNS providervisible

Required to continue the guided production deployment.

Example: Hostinger

Public IPvisible

Required to continue the guided production deployment.

Example: 203.0.113.10

Operator confirmation and external credentials are required.

Step 11

Phase 11 - TLS

Install and verify HTTPS, redirects, and HSTS.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • Certificate issued
  • HTTP redirects to HTTPS
  • HSTS header present

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 12

Phase 12 - OpenRouter

Validate AI provider connectivity and run a test inference.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • API key accepted
  • Test inference succeeds
  • AI agents report healthy provider state

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 13

Phase 13 - Email

Validate email provider credentials and send a test message if configured.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • Resend key accepted or integration marked pending
  • Sender domain verified
  • Test email delivered

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 14

Phase 14 - Payments

Validate Stripe and Mollie test or live credentials before enabling checkout.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • Provider credentials accepted or provider disabled
  • Webhook signatures verified
  • Test payment flow succeeds

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Step 15

Phase 15 - End-to-End Validation

Run a full production simulation from order to audit logs.

manual action

Prerequisites

  • Previous phase completed and verified

Validations

  • Order created
  • Payment updates order
  • Queue processes automation
  • AI Order Agent logs memory
  • Tracking and notification records exist
  • Dashboard reflects the transaction

Manual actions

  • Run the wizard-generated validation commands and confirm the result.

Operator confirmation and external credentials are required.

Deployment Summary

  • The deployment is intentionally guided and sequential.
  • Oracle Cloud, Hostinger DNS, SSH keys, payment providers, email, and OpenRouter must be confirmed by the operator.
  • No secret is displayed in wizard output; configured sensitive values are masked.

Missing Credentials

  • No required credentials missing

Go Live Checklist

  • Phase 1 local readiness audit passes.
  • Oracle VM exists and ports 22, 80, and 443 are open.
  • SSH access is verified with the deployment key.
  • Docker Compose stack starts on the VM.
  • Database migrations, seed, backups, Redis, workers, and scheduler pass validation.
  • lucky100.online points to the Oracle public IP.
  • HTTPS certificate, redirect, and HSTS are verified.
  • OpenRouter, Resend, Stripe, and Mollie are enabled only after real credentials pass tests.
  • End-to-end order simulation passes and audit logs are complete.
Autonomy Commerce