Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ency07/B2B/llms.txt

Use this file to discover all available pages before exploring further.

ERP B2B Premium supports three deployment targets: Vercel (recommended for zero-config serverless), Docker (for self-hosted VPS or Kubernetes), and bare Node.js standalone mode. All three options share the same production build (npm run build) and the same set of required environment variables.

Hardware requirements (production)

ResourceMinimumRecommended
RAM2 GB4 GB
CPU2 cores4 cores
Storage20 GB SSD40 GB SSD
Node.js20.x LTS22.x LTS
The primary performance bottleneck is Supabase (Postgres + storage), not the Next.js frontend. For high-traffic workloads (>10 k req/min) use Vercel Pro or horizontal container scaling.

Deployment methods

Vercel is the zero-configuration path. The vercel.json in the repository root pre-configures the framework, region, and security headers.
1

Install the Vercel CLI

npm i -g vercel
2

Add environment variables

Run each command and paste the value when prompted:
vercel env add NEXT_PUBLIC_SUPABASE_URL
vercel env add NEXT_PUBLIC_SUPABASE_ANON_KEY
vercel env add SUPABASE_SERVICE_ROLE_KEY
vercel env add NEXT_PUBLIC_SITE_URL
3

Deploy to production

vercel --prod

vercel.json highlights

SettingValue
framework"nextjs"
regions["iad1"] (US East — Virginia)
Build commandnpm run build
Install commandnpm install
Security headers applied globally to all routes (/(.*)):
HeaderValue
X-Frame-OptionsDENY
X-Content-Type-Optionsnosniff
Referrer-Policystrict-origin-when-cross-origin
X-XSS-Protection1; mode=block
Environment variables in vercel.json use the @ prefix (e.g. @supabase-url) to reference Vercel project secrets rather than embedding raw values. This keeps credentials out of the repository.

Security headers

All deployment targets should include the headers defined in vercel.json. If you are not using Vercel, add equivalent headers in your reverse proxy (Nginx, Caddy, AWS ALB):
# Nginx example
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-XSS-Protection "1; mode=block" always;

CI/CD pipeline

The GitHub Actions workflow at .github/workflows/ci.yml runs automatically on every push and pull request to main / master. It executes five quality gates in sequence:
StepCommandPurpose
1npx tsc --noEmitTypeScript type check — zero type errors required
2npm run lintESLint — no new lint errors allowed
3npx vitest run --reporter=verboseUnit and integration tests
4npx vitest run --coverage --reporter=textCoverage report
5npm audit --audit-level=highSecurity audit — flags high+ vulnerabilities
The CI job uses Node.js 22.x and npm caching to keep runs fast. npm audit is configured with continue-on-error: true so audit findings are surfaced as warnings rather than blocking merges, but the DevOps team must review and resolve high+ findings before each production release.

Pre-deploy validation script

Before any deployment you can run the local validation script which mirrors the CI gates:
bash scripts/deploy.sh
The script verifies that NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY are set, then runs tsc --noEmit, lint, vitest run, and npm run build in order. It exits non-zero on the first failure.

Build docs developers (and LLMs) love