# Vercel + Supabase + Cloudflare Deployment

This is the first deployment lane for Rouge Reels: Vercel hosts the Node game provider, Supabase provides Postgres, and Cloudflare manages DNS.

For the first staging environment, follow `docs/staging-environment-runbook.md`.

## Architecture

- Vercel routes requests through `api/index.js`.
- `api/index.js` reuses the same `src/server.js` request handler used locally.
- Supabase/Postgres is the required production storage backend.
- Cloudflare owns DNS and points the chosen hostname to the Vercel project.
- Rouge Reels v1 supports one configured currency per operator profile. Add separate operator profiles for USD, uBTC, or other supported currencies.
- Rouge Reels does not perform FX conversion; the casino converts before calling the provider.

## Vercel Project Setup

1. Import `Rouge-Reels/game-platform` into Vercel.
2. Use the repository root as the project root.
3. Keep the install command as `npm install`.
4. Keep the build command empty unless Vercel requires one for the project.
5. Set the production branch to `main`.
6. Add environment variables separately for Preview and Production.

Required Vercel environment variables:

```txt
APP_ENV=production
NODE_ENV=production
STORAGE_DRIVER=postgres
DATABASE_URL=<Supabase runtime connection string>
DATABASE_POOL_SIZE=10
OPERATOR_SECRET_<OPERATOR_ID>=<real casino shared secret>
READINESS_OPERATOR_ID=<operator id to verify through /ready>
CASINO_CALLBACK_TIMEOUT_MS=3000
CASINO_CALLBACK_RETRIES=1
```

For staging, set `APP_ENV=staging` even though Vercel may set `NODE_ENV=production`. For real production, set `APP_ENV=production`.

Do not add demo secrets to production. Do not expose database credentials or operator secrets with any public/client-side prefix.

## Supabase Runtime Database

1. Use the existing Supabase project for the first staging environment.
2. Apply `db/schema.sql` before connecting Vercel to the database.
3. Insert the operator and game config rows required by the target environment. Use `docs/staging-operator-seed-template.sql` for the first staging operator.
4. Store real operator signing secrets only in Vercel environment variables.
5. Use a Supabase runtime connection string in `DATABASE_URL`.
6. Use `MIGRATION_DATABASE_URL` only from a trusted admin machine or CI migration job.

For serverless-style deployments, prefer the Supabase connection string intended for pooled runtime access. Keep direct/admin credentials out of Vercel unless a dedicated migration job requires them.

## Cloudflare DNS

1. Add the production hostname in Vercel first.
2. In Cloudflare, create the DNS record Vercel asks for, usually a `CNAME` for the app subdomain.
3. Start with DNS-only mode until Vercel verifies the domain and TLS certificate.
4. After verification, enable Cloudflare proxying only if it does not interfere with Vercel TLS, previews, or callback troubleshooting.
5. Keep API/game/docs/admin hostnames separate when possible.

Recommended first hostnames:

```txt
games.rougereels.com
sandbox.rougereels.com
docs.rougereels.com
```

## Deployment Smoke Test

After deploying staging or production, run:

```powershell
npm.cmd run smoke:deployment -- https://your-vercel-domain.example
```

For a sandbox/staging deployment that intentionally keeps the demo operator enabled, run:

```powershell
$env:SMOKE_INCLUDE_SANDBOX="1"
npm.cmd run smoke:deployment -- https://your-staging-domain.example
```

Expected checks:

- `GET /health` returns `status: "ok"`, `currency: "multi"`, and `supportedCurrencies`.
- `GET /ready?operatorId=<operator>` returns `status: "ready"` without exposing secrets.
- `GET /docs/openapi.json` is reachable.
- Optional sandbox launch/session returns a session and balance in the selected operator currency.

## Go-Live Notes

Do not point a real casino at production until the production-readiness checklist is complete, including legal review, security review, seed encryption, observability, and operator callback validation.