admin/cim_summary
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9480a3c9942ab9aa02a4288223c3c4509d9badc6
cim_summary/DEPLOYMENT_GUIDE.md
Jon 6057d1d7fd 🔧 Fix authentication and document upload issues 
## What was done:
 Fixed Firebase Admin initialization to use default credentials for Firebase Functions
 Updated frontend to use correct Firebase Functions URL (was using Cloud Run URL)
 Added comprehensive debugging to authentication middleware
 Added debugging to file upload middleware and CORS handling
 Added debug buttons to frontend for troubleshooting authentication
 Enhanced error handling and logging throughout the stack

## Current issues:
 Document upload still returns 400 Bad Request despite authentication working
 GET requests work fine (200 OK) but POST upload requests fail
 Frontend authentication is working correctly (valid JWT tokens)
 Backend authentication middleware is working (rejects invalid tokens)
 CORS is configured correctly and allowing requests

## Root cause analysis:
- Authentication is NOT the issue (tokens are valid, GET requests work)
- The problem appears to be in the file upload handling or multer configuration
- Request reaches the server but fails during upload processing
- Need to identify exactly where in the upload pipeline the failure occurs

## TODO next steps:
1. 🔍 Check Firebase Functions logs after next upload attempt to see debugging output
2. 🔍 Verify if request reaches upload middleware (look for '�� Upload middleware called' logs)
3. 🔍 Check if file validation is triggered (look for '🔍 File filter called' logs)
4. 🔍 Identify specific error in upload pipeline (multer, file processing, etc.)
5. 🔍 Test with smaller file or different file type to isolate issue
6. 🔍 Check if issue is with Firebase Functions file size limits or timeout
7. 🔍 Verify multer configuration and file handling in Firebase Functions environment

## Technical details:
- Frontend: https://cim-summarizer.web.app
- Backend: https://us-central1-cim-summarizer.cloudfunctions.net/api
- Authentication: Firebase Auth with JWT tokens (working correctly)
- File upload: Multer with memory storage for immediate GCS upload
- Debug buttons available in production frontend for troubleshooting
2025-07-31 16:18:53 -04:00

356 lines
7.4 KiB
Markdown
Raw Blame History

# Deployment Guide - Cloud-Only Architecture
This guide covers the standardized deployment process for the CIM Document Processor, which has been optimized for cloud-only deployment using Google Cloud Platform services.
## Architecture Overview
- **Frontend**: React/TypeScript application deployed on Firebase Hosting
- **Backend**: Node.js/TypeScript API deployed on Google Cloud Run (recommended) or Firebase Functions
- **Storage**: Google Cloud Storage (GCS) for all file operations
- **Database**: Supabase (PostgreSQL) for data persistence
- **Authentication**: Firebase Authentication
## Prerequisites
### Required Tools
- [Google Cloud CLI](https://cloud.google.com/sdk/docs/install) (gcloud)
- [Firebase CLI](https://firebase.google.com/docs/cli)
- [Docker](https://docs.docker.com/get-docker/) (for Cloud Run deployment)
- [Node.js](https://nodejs.org/) (v18 or higher)
### Required Permissions
- Google Cloud Project with billing enabled
- Firebase project configured
- Service account with GCS permissions
- Supabase project configured
## Quick Deployment
### Option 1: Deploy Everything (Recommended)
```bash
# Deploy backend to Cloud Run + frontend to Firebase Hosting
./deploy.sh -a
```
### Option 2: Deploy Components Separately
```bash
# Deploy backend to Cloud Run
./deploy.sh -b cloud-run
# Deploy backend to Firebase Functions
./deploy.sh -b firebase
# Deploy frontend only
./deploy.sh -f
# Deploy with tests
./deploy.sh -t -a
```
## Manual Deployment Steps
### Backend Deployment
#### Cloud Run (Recommended)
1. **Build and Deploy**:
```bash
cd backend
npm run deploy:cloud-run
```
2. **Or use Docker directly**:
```bash
cd backend
npm run docker:build
npm run docker:push
gcloud run deploy cim-processor-backend \
--image gcr.io/cim-summarizer/cim-processor-backend:latest \
--region us-central1 \
--platform managed \
--allow-unauthenticated
```
#### Firebase Functions
1. **Deploy to Firebase**:
```bash
cd backend
npm run deploy:firebase
```
### Frontend Deployment
1. **Deploy to Firebase Hosting**:
```bash
cd frontend
npm run deploy:firebase
```
2. **Deploy Preview Channel**:
```bash
cd frontend
npm run deploy:preview
```
## Environment Configuration
### Required Environment Variables
#### Backend (Cloud Run/Firebase Functions)
```bash
NODE_ENV=production
PORT=8080
PROCESSING_STRATEGY=agentic_rag
GCLOUD_PROJECT_ID=cim-summarizer
DOCUMENT_AI_LOCATION=us
DOCUMENT_AI_PROCESSOR_ID=your-processor-id
GCS_BUCKET_NAME=cim-summarizer-uploads
DOCUMENT_AI_OUTPUT_BUCKET_NAME=cim-summarizer-document-ai-output
LLM_PROVIDER=anthropic
VECTOR_PROVIDER=supabase
AGENTIC_RAG_ENABLED=true
ENABLE_RAG_PROCESSING=true
SUPABASE_URL=your-supabase-url
SUPABASE_ANON_KEY=your-supabase-anon-key
SUPABASE_SERVICE_KEY=your-supabase-service-key
ANTHROPIC_API_KEY=your-anthropic-key
OPENAI_API_KEY=your-openai-key
JWT_SECRET=your-jwt-secret
JWT_REFRESH_SECRET=your-refresh-secret
```
#### Frontend
```bash
VITE_API_BASE_URL=your-backend-url
VITE_FIREBASE_API_KEY=your-firebase-api-key
VITE_FIREBASE_AUTH_DOMAIN=your-project.firebaseapp.com
VITE_FIREBASE_PROJECT_ID=your-project-id
```
## Configuration Files
### Firebase Configuration
#### Backend (`backend/firebase.json`)
```json
{
"functions": {
"source": ".",
"runtime": "nodejs20",
"ignore": [
"node_modules",
"src",
"logs",
"uploads",
"*.test.ts",
"*.test.js",
"jest.config.js",
"tsconfig.json",
".eslintrc.js",
"Dockerfile",
"cloud-run.yaml"
],
"predeploy": ["npm run build"],
"codebase": "backend"
}
}
```
#### Frontend (`frontend/firebase.json`)
```json
{
"hosting": {
"public": "dist",
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**",
"src/**",
"*.test.ts",
"*.test.js"
],
"headers": [
{
"source": "**/*.js",
"headers": [
{
"key": "Cache-Control",
"value": "public, max-age=31536000, immutable"
}
]
}
],
"rewrites": [
{
"source": "**",
"destination": "/index.html"
}
],
"cleanUrls": true,
"trailingSlash": false
}
}
```
### Cloud Run Configuration
#### Dockerfile (`backend/Dockerfile`)
- Multi-stage build for optimized image size
- Security best practices (non-root user)
- Proper signal handling with dumb-init
- Optimized for Node.js 20
#### Cloud Run YAML (`backend/cloud-run.yaml`)
- Resource limits and requests
- Health checks and probes
- Autoscaling configuration
- Environment variables
## Development Workflow
### Local Development
```bash
# Backend
cd backend
npm run dev
# Frontend
cd frontend
npm run dev
```
### Testing
```bash
# Backend tests
cd backend
npm test
# Frontend tests
cd frontend
npm test
# GCS integration tests
cd backend
npm run test:gcs
```
### Emulators
```bash
# Firebase emulators
cd backend
npm run emulator:ui
cd frontend
npm run emulator:ui
```
## Monitoring and Logging
### Cloud Run Monitoring
- Built-in monitoring in Google Cloud Console
- Logs available in Cloud Logging
- Metrics for CPU, memory, and request latency
### Firebase Monitoring
- Firebase Console for Functions monitoring
- Real-time database monitoring
- Hosting analytics
### Application Logging
- Structured logging with Winston
- Correlation IDs for request tracking
- Error categorization and reporting
## Troubleshooting
### Common Issues
1. **Build Failures**
- Check Node.js version compatibility
- Verify all dependencies are installed
- Check TypeScript compilation errors
2. **Deployment Failures**
- Verify Google Cloud authentication
- Check project permissions
- Ensure billing is enabled
3. **Runtime Errors**
- Check environment variables
- Verify service account permissions
- Review application logs
### Debug Commands
```bash
# Check deployment status
gcloud run services describe cim-processor-backend --region=us-central1
# View logs
gcloud logs read "resource.type=cloud_run_revision"
# Test GCS connection
cd backend
npm run test:gcs
# Check Firebase deployment
firebase hosting:sites:list
```
## Security Considerations
### Cloud Run Security
- Non-root user in container
- Minimal attack surface with Alpine Linux
- Proper signal handling
- Resource limits
### Firebase Security
- Authentication required for sensitive operations
- CORS configuration
- Rate limiting
- Input validation
### GCS Security
- Service account with minimal permissions
- Signed URLs for secure file access
- Bucket-level security policies
## Cost Optimization
### Cloud Run
- Scale to zero when not in use
- CPU and memory limits
- Request timeout configuration
### Firebase
- Pay-per-use pricing
- Automatic scaling
- CDN for static assets
### GCS
- Lifecycle policies for old files
- Storage class optimization
- Request optimization
## Migration from Local Development
This deployment configuration is designed for cloud-only operation:
1. **No Local Dependencies**: All file operations use GCS
2. **No Local Database**: Supabase handles all data persistence
3. **No Local Storage**: Temporary files only in `/tmp`
4. **Stateless Design**: No persistent local state
## Support
For deployment issues:
1. Check the troubleshooting section
2. Review application logs
3. Verify environment configuration
4. Test with emulators first
For architecture questions:
- Review the design documentation
- Check the implementation summaries
- Consult the GCS integration guide
Reference in New Issue View Git Blame Copy Permalink