Sardis

Deployment Guide

Production-like staging deployment for Sardis API, dashboard, and demo live mode on Cloud Run and AWS App Runner.

Production-like staging deployment for Sardis API + landing demo live mode.

  • Landing + Demo UI -- Deploy on Vercel. Keep API keys server-side only and route live demo calls through /api/demo-proxy.
  • Sardis API -- Deploy containerized API on Cloud Run (recommended) or AWS App Runner. Use Postgres + Redis in staging.
  • Data Layer -- Neon Postgres + Upstash Redis is the fastest low-ops stack for design partner staging.

Required Environment Variables

Minimum variables for secure staging:

# API
DATABASE_URL=postgresql://...
SARDIS_REDIS_URL=rediss://...
SARDIS_SECRET_KEY=...
JWT_SECRET_KEY=...
SARDIS_ADMIN_PASSWORD=...
SARDIS_STRICT_CONFIG=true

# Landing live demo (server-side only)
SARDIS_API_URL=https://<your-api-domain>
SARDIS_API_KEY=sk_...
DEMO_OPERATOR_PASSWORD=<shared-password>

# Optional live demo defaults
DEMO_LIVE_AGENT_ID=agent_demo_01
DEMO_LIVE_CARD_ID=card_demo_01

Use the built-in deploy script (includes build, deploy, health check, and post-deploy hints):

# 1) Prepare local env file copy
cp deploy/gcp/staging/env.cloudrun.staging.yaml deploy/gcp/staging/env.cloudrun.staging.local.yaml

# 2) Generate strong secrets
bash ./scripts/generate_staging_secrets.sh --write deploy/env/.env.generated.secrets

# 3) Deploy
PROJECT_ID="<gcp-project-id>" \
ENV_VARS_FILE="deploy/gcp/staging/env.cloudrun.staging.local.yaml" \
bash ./scripts/deploy_gcp_cloudrun_staging.sh

AWS App Runner (Alternative)

If you prefer AWS credits/stack, use App Runner deployment automation:

# 1) Prepare env
cp deploy/aws/staging/env.apprunner.staging.json deploy/aws/staging/env.apprunner.staging.local.json

# 2) Deploy
AWS_REGION="eu-central-1" \
AWS_ACCOUNT_ID="<aws-account-id>" \
ENV_JSON_FILE="deploy/aws/staging/env.apprunner.staging.local.json" \
bash ./scripts/deploy_aws_apprunner_staging.sh

Frontend Integration (Live Demo)

After API deploy, bootstrap API key and inject landing env vars in Vercel project settings.

# Bootstrap API key from deployed staging API
BASE_URL="https://<your-api-domain>" \
ADMIN_PASSWORD="<SARDIS_ADMIN_PASSWORD>" \
bash ./scripts/bootstrap_staging_api_key.sh

# Add these to Vercel (landing project):
SARDIS_API_URL=https://<your-api-domain>
SARDIS_API_KEY=<bootstrap-output>
DEMO_OPERATOR_PASSWORD=<shared-password>

Verification

  • API Health (/health) -- Must return 200 before live demo mode
  • Demo Auth (/api/demo-auth) -- Confirms operator lock + live config status
  • Demo Flow (/demo) -- Run blocked + approved scenarios end-to-end

Runbook References

  • docs/release/api-deployment-plan-gcp-cloudrun.md
  • docs/release/cloud-deployment-and-frontend-integration.md
  • docs/release/investor-demo-operator-kit.md

Production Migration Guide

Take your agent payments from simulation to mainnet in 3 phases. No code changes required between environments.

Architecture

Understanding the Sardis system architecture and data flow. How the Policy Engine, MPC wallets, and settlement layer work together.

On this page

Recommended ArchitectureRequired Environment VariablesCloud Run (Recommended)AWS App Runner (Alternative)Frontend Integration (Live Demo)VerificationRunbook References