Production Deployment

🌐 Production Deployment

This application is designed to be deployed on modern cloud platforms such as Replit, Render, Railway, or Heroku. It requires a persistent PostgreSQL database and specific environment configurations for security and performance.

🔑 Environment Variables

For a production environment, ensure the following variables are configured in your hosting provider's dashboard:

| Variable | Description | Requirement | | :--- | :--- | :--- | | DATABASE_URL | PostgreSQL connection string (e.g., Neon or AWS RDS) | Required | | SESSION_SECRET | A long, random string used to sign session cookies | Required | | OPENAI_API_KEY | Your OpenAI API key for chatbot functionality | Required | | SMTP_PASS | Password/App Key for the SMTP email service | Optional (for emails) | | NODE_ENV | Set to production to enable secure cookies | Recommended | | PORT | The port the server listens on (defaults to 5000) | Optional |

🚀 Deploying to Replit

HCG AI is optimized for Replit's environment, utilizing Neon PostgreSQL for serverless data storage.

1. Import Repository: Create a new Repl and import the project from GitHub.
2. Configure Secrets: Navigate to the "Secrets" tab and add the variables listed in the table above.
3. Database Migration: Run the following command in the Replit Shell to sync the schema:

   npm run db:push
   

4. Startup Command: Ensure your .replit file or the Shell uses:

   node simple-app-server.js
   

☁️ Standard Node.js Hosting (Render, Railway, Heroku)

For platforms that use a Dockerfile or a standard Build Command:

1. Build Command:

   npm install && npm run db:push
   

2. Start Command:

   node simple-app-server.js
   

🗄️ Production Database Setup

This application uses connect-pg-simple to manage user sessions. In a production environment, the server expects a session table to exist in your database.

If your database user does not have "Create Table" permissions at runtime, you must manually create the session table using the following SQL:

CREATE TABLE "session" (
  "sid" varchar NOT NULL COLLATE "default",
  "sess" json NOT NULL,
  "expire" timestamp(6) NOT NULL
)
WITH (OIDS=FALSE);

ALTER TABLE "session" ADD CONSTRAINT "session_pkey" PRIMARY KEY ("sid") NOT DEFERRABLE INITIALLY IMMEDIATE;

CREATE INDEX "IDX_session_expire" ON "session" ("expire");

🔒 Security Checklist

To ensure data integrity and user privacy in production:

• HTTPS: Ensure your hosting provider provides an SSL certificate. The application is configured to use secure: true for cookies when NODE_ENV=production is detected.
• Database Access: If using Neon, enable the "IP Allowlist" if your hosting provider uses static IPs.
• SMTP Security: Ensure SMTP_PASS is never committed to version control. Use a dedicated "App Password" rather than your primary email password.
• Session Management: Rotate your SESSION_SECRET periodically to invalidate old sessions.

🧪 Health Checks

Once deployed, you can verify the status of the API by visiting: https://your-app-url.com/api/test (Returns server status) https://your-app-url.com/health (Returns detailed auth-server health)