Super Agent Stack
DocsHome

Production Deployment

Best practices for deploying Super Agent Stack applications to production.

Environment Setup

Environment Variables

.env.production
# API Keys
OPENROUTER_KEY=your_production_openrouter_key
SUPER_AGENT_KEY=your_production_super_agent_key

# Application
NODE_ENV=production
PORT=3000

# Security
SESSION_SECRET=your_secure_random_string
ALLOWED_ORIGINS=https://yourdomain.com

# Monitoring (optional)
SENTRY_DSN=your_sentry_dsn
LOG_LEVEL=info

Security

Never commit production API keys to version control. Use environment variables or secret management services.

Security Best Practices

Rate Limiting

middleware/rate-limit.ts
import { Ratelimit } from '@upstash/ratelimit';
import { Redis } from '@upstash/redis';

const ratelimit = new Ratelimit({
  redis: Redis.fromEnv(),
  limiter: Ratelimit.slidingWindow(10, '1 m'), // 10 requests per minute
});

export async function rateLimitMiddleware(req: Request) {
  const ip = req.headers.get('x-forwarded-for') || 'anonymous';
  const { success, limit, reset, remaining } = await ratelimit.limit(ip);

  if (!success) {
    return new Response('Rate limit exceeded', {
      status: 429,
      headers: {
        'X-RateLimit-Limit': limit.toString(),
        'X-RateLimit-Remaining': remaining.toString(),
        'X-RateLimit-Reset': reset.toString(),
      },
    });
  }

  return null;
}

Input Validation

lib/validation.ts
import { z } from 'zod';

export const chatRequestSchema = z.object({
  message: z.string().min(1).max(4000),
  sessionId: z.string().regex(/^[a-zA-Z0-9-_]+$/),
  model: z.string().optional(),
});

export function validateChatRequest(data: unknown) {
  try {
    return chatRequestSchema.parse(data);
  } catch (error) {
    throw new Error('Invalid request data');
  }
}

Authentication

middleware/auth.ts
import { NextRequest } from 'next/server';

export async function authMiddleware(req: NextRequest) {
  const token = req.headers.get('authorization')?.replace('Bearer ', '');

  if (!token) {
    return new Response('Unauthorized', { status: 401 });
  }

  // Verify token (use your auth provider)
  const user = await verifyToken(token);

  if (!user) {
    return new Response('Invalid token', { status: 401 });
  }

  return user;
}

Error Handling

lib/error-handler.ts
export class APIError extends Error {
  constructor(
    message: string,
    public statusCode: number = 500,
    public code?: string
  ) {
    super(message);
    this.name = 'APIError';
  }
}

export function handleAPIError(error: unknown) {
  if (error instanceof APIError) {
    return {
      error: error.message,
      code: error.code,
      statusCode: error.statusCode,
    };
  }

  // Log unexpected errors
  console.error('Unexpected error:', error);

  return {
    error: 'Internal server error',
    statusCode: 500,
  };
}

Monitoring & Logging

Structured Logging

lib/logger.ts
import pino from 'pino';

export const logger = pino({
  level: process.env.LOG_LEVEL || 'info',
  transport: {
    target: 'pino-pretty',
    options: {
      colorize: true,
    },
  },
});

export function logAPIRequest(req: Request, duration: number, status: number) {
  logger.info({
    type: 'api_request',
    method: req.method,
    url: req.url,
    duration,
    status,
    timestamp: new Date().toISOString(),
  });
}

Error Tracking

lib/sentry.ts
import * as Sentry from '@sentry/nextjs';

Sentry.init({
  dsn: process.env.SENTRY_DSN,
  environment: process.env.NODE_ENV,
  tracesSampleRate: 1.0,
});

export function captureError(error: Error, context?: Record<string, any>) {
  Sentry.captureException(error, {
    extra: context,
  });
}

Performance Optimization

Caching

lib/cache.ts
import { Redis } from '@upstash/redis';

const redis = Redis.fromEnv();

export async function getCachedResponse(key: string) {
  return await redis.get(key);
}

export async function setCachedResponse(
  key: string,
  value: any,
  ttl: number = 3600
) {
  await redis.setex(key, ttl, JSON.stringify(value));
}

// Usage in API route
export async function POST(req: Request) {
  const { message } = await req.json();
  const cacheKey = `chat:${hashMessage(message)}`;

  // Check cache
  const cached = await getCachedResponse(cacheKey);
  if (cached) {
    return Response.json(JSON.parse(cached));
  }

  // Make API call
  const response = await makeAPICall(message);

  // Cache response
  await setCachedResponse(cacheKey, response);

  return Response.json(response);
}

Connection Pooling

lib/client.ts
import OpenAI from 'openai';

// Reuse client instance
let clientInstance: OpenAI | null = null;

export function getClient() {
  if (!clientInstance) {
    clientInstance = new OpenAI({
      baseURL: 'https://superagentstack.orionixtech.com/api/v1',
      apiKey: process.env.OPENROUTER_KEY!,
      defaultHeaders: {
        'superAgentKey': process.env.SUPER_AGENT_KEY!,
      },
      maxRetries: 3,
      timeout: 30000,
    });
  }

  return clientInstance;
}

Deployment Platforms

Vercel

bash
# Install Vercel CLI
npm i -g vercel

# Deploy
vercel

# Set environment variables
vercel env add OPENROUTER_KEY production
vercel env add SUPER_AGENT_KEY production

# Deploy to production
vercel --prod

Docker

Dockerfile
FROM node:18-alpine

WORKDIR /app

COPY package*.json ./
RUN npm ci --only=production

COPY . .
RUN npm run build

EXPOSE 3000

CMD ["npm", "start"]
docker-compose.yml
version: '3.8'

services:
  app:
    build: .
    ports:
      - "3000:3000"
    environment:
      - OPENROUTER_KEY=${OPENROUTER_KEY}
      - SUPER_AGENT_KEY=${SUPER_AGENT_KEY}
      - NODE_ENV=production
    restart: unless-stopped

AWS / Cloud Providers

  • Use AWS Secrets Manager or Parameter Store for API keys
  • Deploy behind CloudFront for CDN and DDoS protection
  • Use Application Load Balancer for high availability
  • Enable auto-scaling based on traffic
  • Set up CloudWatch for monitoring and alerts

Production Checklist

Security

  • ☐ API keys stored securely (not in code)
  • ☐ Rate limiting implemented
  • ☐ Input validation on all endpoints
  • ☐ Authentication/authorization in place
  • ☐ HTTPS enabled
  • ☐ CORS configured properly

Performance

  • ☐ Caching implemented
  • ☐ Connection pooling configured
  • ☐ Timeouts set appropriately
  • ☐ CDN configured for static assets

Monitoring

  • ☐ Error tracking (Sentry, etc.)
  • ☐ Logging configured
  • ☐ Uptime monitoring
  • ☐ Performance monitoring
  • ☐ Alerts configured

Reliability

  • ☐ Error handling implemented
  • ☐ Retry logic for failed requests
  • ☐ Graceful degradation
  • ☐ Health check endpoint
  • ☐ Backup strategy

Ready for Production

Following these best practices will ensure your application is secure, performant, and reliable in production.

Next Steps