Portal Foundation

Docker-free VM deployment is the primary path. Feature surfaces will build on this foundation after Supabase credentials and production service details are configured.

Foundation

Setup Boundary

The app can boot without database credentials for /up. /readyz checks Supabase and queue connectivity with a tight timeout, so it will fail until the server env file has real credentials.

Runtime

Node.js, pnpm, systemd, Caddy, Next.js, and a separate worker process.

Guardrails

  • Supabase credentials stay in the VM env file.
  • Migrations use DATABASE_DIRECT_URL only.
  • Web traffic uses DATABASE_URL.
  • Worker traffic uses WORKER_DATABASE_URL.
  • Caddy proxies to the Node process managed by systemd.

Next Step

Add the Supabase connection strings to the VM env file, then run migrations and readiness checks.