Infrastructure
Infrastructure automation for provisioning, configuring, and tearing down SecurityV0 development and test environments.
Documents
| Document | Purpose |
|---|---|
| Environments & Ops Links | Start here. One-page index of every environment + links to its dashboards, logs, uptime monitors, and infra consoles (Grafana, Better Stack, TFC, Atlas, Azure). |
| Deployment Guide | Canonical deployment guide — servers, SSH access, CI/CD, Caddy, troubleshooting (lives in sv0-platform) |
| Multi-Instance Dev Deployment | Architecture of the PR-preview instance system on dev — instance lifecycle, port allocation, Caddy routing, and cleanup |
| Dev Environment Automation | Proposal for automated provisioning of source systems (Azure, AWS, GCP, ServiceNow) per developer using Terraform modules + per-connector Python scripts |
| CI/CD Operations | All GitHub Actions workflows, secrets inventory, credential rotation strategy, Cloudflare Pages projects, runner infrastructure |
| Access Protection | Cloudflare Zero Trust Access configuration — team auth, bot service tokens, branded login, phased SaaS path |
| WorkOS Production Configuration | Live prod auth setup — WorkOS orgs, DNS records, Google OAuth client, gotchas. Single page to check before touching any auth-adjacent record. |
| AWS Organization | AWS Organization structure, account inventory, Terraform state conventions, SSO access, and demo lab account lifecycle |
| Local Dev Credential Bootstrap | Credential inventory (AWS SSO, Cloudflare Access, Wrangler, Azure CLI, Tailscale, SSH, GitHub, TFC, static service tokens) with lifetimes, a daily morning-routine script, and a remote-from-iPhone path that actually works |
Platform Deployment
The platform runs on two Hetzner CPX21 instances in Ashburn, VA:
| Environment | DNS | Purpose |
|---|---|---|
| Dev | dev.securityv0.com / *.dev.securityv0.com | Auto-deploy on main merge; PR-preview instances at <instance>.dev.securityv0.com |
| Prod | app.securityv0.com | Manual deploy with approval gate |
Both use GitHub Actions CI/CD, GHCR for Docker images, and Caddy for automatic TLS.
For full details (SSH access, server setup, Caddy config, workflows, troubleshooting), see the Deployment Guide in sv0-platform. The guide covers SSH key inventory, 1Password root access, Caddy drop-in site configuration, environment secrets, MongoDB backups, and rollback procedures.
URL → compute → DB
The canonical, current environment table (every URL, its compute, database,
telemetry labels, and SSH) now lives in Environments & Ops Links —
which also indexes the dashboards, logs, and uptime monitors for each. As of
2026-05-22 the Azure dev + staging VMs are serving and observable; both Hetzner
dev.securityv0.com and Azure dev-azure.securityv0.com run in parallel during
the migration.
Mongo DB name.
MONGODB_DBenv var overrides the path component ofMONGODB_URI. Never infer the DB name from the URI path — reconcile viadocker exec env | grep MONGODB_and the startupMongoDB connected dbName=…log line. Code path:sv0-platform/src/shared/config/env.ts(with inline comment as of PR #937) andsrc/storage/mongo/client.ts.
See: Multi-Instance Dev Deployment for the Caddy / instance-port topology, and CI/CD Operations for the deploy workflows.
Source System Provisioning
SecurityV0 connectors scan external source systems (Entra ID, ServiceNow, Azure AI Foundry, and in future AWS and GCP). Each developer currently sets up these systems manually through web UIs. The Dev Environment Automation proposal covers the strategy to make this repeatable and fast.
Related
- Connector Framework — defines what each connector needs from its source system
- Hetzner Deployment Plan — original single-server deployment plan (superseded by CI/CD pipeline)