# Deployment Guide

Complete guide for deploying the Self-Replicating Business System to production.

## Production Deployment Options

### Option 1: Single VPS (Recommended for Start)

**Specifications**:
- 4 vCPU
- 8GB RAM
- 160GB SSD
- Ubuntu 22.04 LTS

**Providers**:
- DigitalOcean ($48/month)
- Hetzner ($35/month)
- Linode ($48/month)

### Option 2: Kubernetes (For Scale)

For managing 10+ businesses simultaneously.

## Step-by-Step Production Deployment

### 1. Server Setup

```bash
# SSH into your VPS
ssh root@your-server-ip

# Update system
apt update && apt upgrade -y

# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

# Install Docker Compose
apt install docker-compose-plugin -y

# Install Node.js
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt install -y nodejs

# Install pnpm
npm install -g pnpm
```

### 2. Clone Repository

```bash
# Create application directory
mkdir -p /opt/srb
cd /opt/srb

# Clone repository (or upload files)
git clone <your-repo-url> .

# Or upload via SCP
# scp -r self-replicating-business/* root@your-server:/opt/srb/
```

### 3. Configure Environment

```bash
# Copy environment template
cp .env.example .env

# Edit with production values
nano .env
```

**Critical Production Settings**:

```env
# Set to production
NODE_ENV=production

# Use strong passwords
POSTGRES_PASSWORD=<strong-random-password>

# Production database URL
DATABASE_URL=postgresql://srb:<strong-password>@postgres:5432/srb

# All your API keys
ANTHROPIC_API_KEY=sk-ant-...
FACEBOOK_ACCESS_TOKEN=...
GOOGLE_ADS_DEVELOPER_TOKEN=...
# ... etc

# Production alerts
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...
ALERT_EMAIL=alerts@yourdomain.com

# n8n auth
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=<strong-random-password>
```

### 4. Start Services

```bash
# Build and start all services
docker-compose -f infra/docker/docker-compose.yml up -d

# Check status
docker ps

# View logs
docker-compose -f infra/docker/docker-compose.yml logs -f
```

### 5. Initialize Database

```bash
# Run migrations
docker exec srb-orchestrator pnpm db:migrate

# Verify database
docker exec -it srb-postgres psql -U srb -d srb -c "\dt"
```

### 6. SSL/TLS Setup

Using Nginx reverse proxy with Let's Encrypt:

```bash
# Install Nginx
apt install nginx certbot python3-certbot-nginx -y

# Create Nginx config
nano /etc/nginx/sites-available/srb
```

**Nginx Configuration**:

```nginx
server {
    listen 80;
    server_name yourdomain.com;

    # Orchestrator API
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # Dashboard
    location /dashboard {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    # n8n
    location /n8n {
        proxy_pass http://localhost:5678;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
```

```bash
# Enable site
ln -s /etc/nginx/sites-available/srb /etc/nginx/sites-enabled/

# Test config
nginx -t

# Restart Nginx
systemctl restart nginx

# Get SSL certificate
certbot --nginx -d yourdomain.com

# Auto-renewal
systemctl enable certbot.timer
```

### 7. Systemd Service (Auto-restart)

Create `/etc/systemd/system/srb.service`:

```ini
[Unit]
Description=Self-Replicating Business System
After=docker.service
Requires=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/srb
ExecStart=/usr/bin/docker-compose -f infra/docker/docker-compose.yml up -d
ExecStop=/usr/bin/docker-compose -f infra/docker/docker-compose.yml down

[Install]
WantedBy=multi-user.target
```

```bash
# Enable service
systemctl enable srb.service
systemctl start srb.service

# Check status
systemctl status srb.service
```

### 8. Monitoring Setup

```bash
# Install monitoring tools
apt install prometheus grafana -y

# Configure Prometheus
nano /etc/prometheus/prometheus.yml
```

**Prometheus Config**:

```yaml
scrape_configs:
  - job_name: 'srb-orchestrator'
    static_configs:
      - targets: ['localhost:3000']

  - job_name: 'postgres'
    static_configs:
      - targets: ['localhost:5432']

  - job_name: 'redis'
    static_configs:
      - targets: ['localhost:6379']
```

```bash
# Start monitoring
systemctl start prometheus grafana-server
systemctl enable prometheus grafana-server

# Access Grafana at http://your-server:3000
```

### 9. Backup Setup

```bash
# Create backup script
nano /opt/srb/scripts/backup.sh
```

**Backup Script**:

```bash
#!/bin/bash

BACKUP_DIR="/opt/srb/backups"
DATE=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p $BACKUP_DIR

# Backup database
docker exec srb-postgres pg_dump -U srb srb > $BACKUP_DIR/db_$DATE.sql

# Backup business data
tar -czf $BACKUP_DIR/data_$DATE.tar.gz /opt/srb/data

# Upload to S3 (optional)
# aws s3 cp $BACKUP_DIR/db_$DATE.sql s3://your-bucket/backups/

# Delete old backups (keep last 30 days)
find $BACKUP_DIR -name "*.sql" -mtime +30 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete

echo "Backup completed: $DATE"
```

```bash
# Make executable
chmod +x /opt/srb/scripts/backup.sh

# Add to crontab (daily at 2 AM)
crontab -e
# Add: 0 2 * * * /opt/srb/scripts/backup.sh
```

### 10. Firewall Configuration

```bash
# Install UFW
apt install ufw -y

# Allow SSH
ufw allow 22/tcp

# Allow HTTP/HTTPS
ufw allow 80/tcp
ufw allow 443/tcp

# Enable firewall
ufw enable

# Check status
ufw status
```

## Post-Deployment Checklist

- [ ] All Docker containers running (`docker ps`)
- [ ] Database accessible and migrated
- [ ] SSL certificate installed (https://yourdomain.com)
- [ ] Environment variables configured
- [ ] Backups running daily
- [ ] Monitoring dashboards accessible
- [ ] Alerts configured (Slack/Email)
- [ ] Firewall enabled
- [ ] systemd service enabled
- [ ] Test creating a business

## Creating First Production Business

```bash
# SSH into server
ssh root@your-server

# Enter orchestrator container
docker exec -it srb-orchestrator sh

# Run CLI
node dist/cli/create-business.js \
  --name "My First Business" \
  --idea "AI-powered meal planning SaaS"
```

## Monitoring Production

### Health Checks

```bash
# Check all services
docker ps

# Check logs
docker-compose logs -f orchestrator

# Check database
docker exec -it srb-postgres psql -U srb -d srb -c "SELECT COUNT(*) FROM \"Business\";"

# Check n8n
curl http://localhost:5678

# Check dashboard
curl http://localhost:3001
```

### Key Metrics to Monitor

1. **System Health**
   - CPU usage < 70%
   - Memory usage < 80%
   - Disk space > 20% free

2. **Application Health**
   - Workflow success rate > 95%
   - API response time < 500ms
   - Database connections < 100

3. **Business Health**
   - Active businesses count
   - Total monthly revenue
   - Workflow execution rate

## Scaling Production

### Vertical Scaling (Upgrade VPS)

```bash
# Stop services
docker-compose down

# Resize VPS in provider panel

# Start services
docker-compose up -d
```

### Horizontal Scaling (Multiple Workers)

Edit `docker-compose.yml`:

```yaml
orchestrator:
  ...
  deploy:
    replicas: 3  # Run 3 instances
```

### Database Scaling

For high load:

```yaml
postgres:
  ...
  environment:
    - POSTGRES_MAX_CONNECTIONS=200
    - POSTGRES_SHARED_BUFFERS=2GB
```

## Troubleshooting

### Container Won't Start

```bash
# Check logs
docker logs srb-orchestrator

# Restart container
docker restart srb-orchestrator

# Rebuild if needed
docker-compose build orchestrator
docker-compose up -d
```

### Database Connection Issues

```bash
# Check PostgreSQL logs
docker logs srb-postgres

# Verify connection
docker exec -it srb-postgres psql -U srb -d srb

# Reset database (DANGER: loses data)
docker-compose down -v
docker-compose up -d
```

### High CPU/Memory Usage

```bash
# Check resource usage
docker stats

# Limit resources in docker-compose.yml
services:
  orchestrator:
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4G
```

## Security Best Practices

1. **API Keys**
   - Rotate every 90 days
   - Use different keys for dev/prod
   - Never commit to git

2. **Database**
   - Strong passwords (20+ chars)
   - Disable remote access if not needed
   - Regular backups

3. **Server**
   - Keep system updated
   - Disable root SSH (use sudo user)
   - Enable fail2ban

4. **Application**
   - Set budget limits
   - Monitor spending daily
   - Review decisions weekly

## Maintenance

### Weekly Tasks
- Review business performance
- Check error logs
- Verify backups

### Monthly Tasks
- Update dependencies
- Review and optimize budgets
- Audit API usage and costs
- Security updates

### Quarterly Tasks
- Rotate API keys
- Review and update strategies
- Performance optimization
- Capacity planning

## Cost Optimization

1. **Use Reserved Instances** (save 30-50%)
2. **Optimize Docker Images** (smaller = faster)
3. **Cache Aggressively** (reduce API calls)
4. **Schedule Non-Critical Tasks** (off-peak hours)
5. **Monitor API Usage** (avoid overages)

---

**Deployment Status**: ✅ Ready for Production

For support: See logs or contact admin