The SSA Health Platform is cloud-ready from the first commit. The deployment strategy is intentionally progressive: early development and internal reviews run on simple, zero-maintenance PaaS providers (Render, Railway, Vercel) that deploy automatically from GitHub pushes, while the production path targets institutional infrastructure or managed cloud services on AWS, Azure, or Google Cloud. This means the team can validate the full system end-to-end in minutes without touching a server, and then migrate to hardened production infrastructure when the platform is ready for public launch without changing a line of application code.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/LMendoza70/SSA/llms.txt
Use this file to discover all available pages before exploring further.
Deployment Targets
- Development / Staging
- Production
For early development, feature branches, and internal testing:
- Backend: Render or Railway — both support automatic deploys from a connected GitHub branch, zero-config TLS, and environment variable management through a web dashboard.
- Frontend: Vercel — automatic preview deployments per pull request from the Vite build output.
- Database: Render PostgreSQL or Supabase — both provide managed PostgreSQL with connection pooling and support for the
pgvectorextension required by the chatbot module. - Storage: Local filesystem (default) or Cloudflare R2 for zero-egress-fee object storage during early testing.
Environment Variables Reference
The backend reads all runtime configuration from environment variables. Never commit secrets to the repository. Use your hosting provider’s secrets manager or a.env.production file that is excluded from version control.
backend/.env.production
Database Setup
Run these steps once when provisioning a new environment. For subsequent deployments, only the migration step is needed.Create the database
Connect to your PostgreSQL instance as a superuser and create the production database. The
pgvector extension must be enabled in the same database that Prisma will use.Run migrations
Prisma’s
migrate deploy command applies all pending migrations in order without prompting. It is safe to run on a live database — each migration runs inside a transaction.Build and Start
Docker
The platform ships with aDockerfile and docker-compose.yml for containerised deployments. This is the recommended path for institutional servers and any environment where you want a reproducible, isolated runtime.
docker-compose.yml defines three services: postgres (PostgreSQL with pgvector), backend (NestJS), and optionally nginx (reverse proxy with TLS). The backend service reads all configuration from environment variables, which can be injected via a .env file or your container orchestrator’s secrets store.
Health Check
The backend exposes a dedicated health check endpoint that probes all critical dependencies. Use this endpoint for load balancer health checks, uptime monitors, and container readiness probes.HTTP 503 with the affected service marked as "down":
Production Checklist
Complete every item on this checklist before promoting any build to production. Share it with whoever performs the deployment — not just the original developer.
- All environment variables are set and contain no development defaults
-
JWT_SECRETandJWT_REFRESH_SECRETare strong (≥ 64 chars), unique, and different from each other -
NODE_ENV=productionis explicitly set - CORS origins (
CORS_ORIGINS) are restricted to production domains only - Swagger UI is disabled or protected behind authentication in production
- Storage bucket is not publicly writable; IAM permissions are scoped to the application role only
-
pgvectorextension is enabled on the production database - All Prisma migrations have been tested against a staging environment that mirrors production
- Database backups are scheduled and the restore process has been tested
- The database is not directly reachable from the public internet (use a VPC or firewall rule)
- The frontend
VITE_API_URLpoints to the production backend base URL - Social media adapter tokens are valid and have the required scopes for publishing
-
OPENAI_API_KEYhas spending limits configured in the OpenAI dashboard - The health check endpoint (
GET /health) returns200 okafter deployment
- Monitoring and alerting are configured (uptime checks, error rate thresholds)
- Application logs are being collected and retained (not just written to stdout and lost)
- A rollback plan is documented and the previous image or build artifact is retained
Related Pages
Tech Stack
Library choices, versions, and rationale for the full platform stack.
Testing Strategy
How the CI pipeline runs unit and integration tests before every deployment.
API Conventions
REST endpoint patterns, authentication, and Swagger documentation setup.
Architecture Overview
Modular monolith structure, layers, and the design principles behind them.