deploy: Railway template — persistent volume config + submission guide (Growth Day 13)#52
deploy: Railway template — persistent volume config + submission guide (Growth Day 13)#52alokit-bot wants to merge 4 commits into
Conversation
…p, cleaner flow - Replace verbose opening paragraph with a punchy blockquote value prop (one sentence, clear on what changes: CORS handled, keys never in code, costs on users' bill) - Add 'Get started' section right at the top with two clear paths: Option A = managed relay (zero setup), Option B = 3-command docker compose self-host + npm fallback for non-Docker users - Move 'How it works' flow diagram up before the comparison table (diagram → compare → quickstart is a more natural reading order) - Tighten 'How it compares' closing line with bold emphasis on the key differentiator - Remove redundant 'The problem' section (content absorbed into hero paragraph)
…os-only - Add railway.toml: Nixpacks build, persistent volume, health check at /health, ON_FAILURE restart policy. Railway provisions SQLite storage automatically. - Add render.yaml: web service + 1 GB persistent disk at /app/data, auto-generated ENCRYPTION_SECRET and APP_SECRET, DB_PATH pointed at mount. - Update vercel.json: modern rewrites (replaces deprecated routes), maxLambdaSize, X-Content-Type-Options security header. - Update README 'Deploy in one click': replace single Vercel button with 3-platform comparison table (Railway=persistent/recommended, Render=free tier, Vercel=demos). Each platform gets its own section with step-by-step instructions. Vercel section includes explicit warning about ephemeral filesystem data loss. - Add Railway deploy button to README header badges alongside Vercel and skills.sh. Fixes: SQLite + Vercel silent data loss (BACKLOG 🟠). GROWTH_PLAN Day 11.
- .replit: run config (nodejs-20 module, port 3000→80, cloudrun deploy target) - replit.nix: Node 20 + gcc/gnumake for better-sqlite3 native build - README header: Run on Replit badge added alongside Railway/Vercel - README platform table: Replit row (free tier, Repl workspace storage) - README new section: Run on Replit — 3-step setup with Secrets instructions - Submission guide: byok-relay-project/submissions/replit-template.md
📝 WalkthroughWalkthroughAdds deployment configuration files for Railway ( ChangesMulti-platform Deployment Support
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
README.md (1)
6-8: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winProvision
TOKEN_HMAC_SECRETin one-click setup guidance.Current deployment instructions default to HMAC key fallback on
ENCRYPTION_SECRET, which reduces secret isolation. AddTOKEN_HMAC_SECRETto the Railway/Vercel prompt parameters and platform setup steps.Suggested README step updates
-2. Set `ENCRYPTION_SECRET` (`openssl rand -hex 32`), `ALLOWED_ORIGINS` (your frontend domain), `APP_SECRET` (`openssl rand -hex 32`), leave `DB_PATH` as `/data/relay.db` +2. Set `ENCRYPTION_SECRET` (`openssl rand -hex 32`), `TOKEN_HMAC_SECRET` (`openssl rand -hex 32`), `ALLOWED_ORIGINS` (your frontend domain), `APP_SECRET` (`openssl rand -hex 32`), leave `DB_PATH` as `/data/relay.db` @@ -3. `ENCRYPTION_SECRET` and `APP_SECRET` are auto-generated by Render +3. `ENCRYPTION_SECRET` and `APP_SECRET` are auto-generated by Render; also set `TOKEN_HMAC_SECRET` (generate with `openssl rand -hex 32`) @@ - - `APP_SECRET` — `openssl rand -hex 32` + - `APP_SECRET` — `openssl rand -hex 32` + - `TOKEN_HMAC_SECRET` — `openssl rand -hex 32` @@ -2. Set `ENCRYPTION_SECRET`, `ALLOWED_ORIGINS`, and `APP_SECRET` +2. Set `ENCRYPTION_SECRET`, `TOKEN_HMAC_SECRET`, `ALLOWED_ORIGINS`, and `APP_SECRET`Also applies to: 209-241
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@README.md` around lines 6 - 8, The one-click deployment buttons for Railway and Vercel in the README do not include TOKEN_HMAC_SECRET as a configurable environment variable parameter. Add TOKEN_HMAC_SECRET to the envs parameter in the Railway deployment button URL and to the env parameter in the Vercel deployment button URL. Include appropriate descriptions and generation instructions for TOKEN_HMAC_SECRET (e.g., generate with openssl rand -hex 32) similar to how ENCRYPTION_SECRET is documented. This ensures proper secret isolation during one-click deployments instead of relying on fallback behavior using ENCRYPTION_SECRET.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Around line 18-20: The fenced code block containing the URL
https://relay.byokrelay.com is missing a language identifier after the opening
triple backticks, which violates the markdown linting rule MD040. Add the
language identifier "text" after the opening triple backticks so the fence reads
```text instead of just ``` to properly specify the code block language.
In `@submissions/railway-template.md`:
- Around line 19-21: The fenced code blocks at lines 19 and 87 are missing
language identifiers, which violates the markdown linting rule MD040. Add the
language identifier "text" to both code fences by changing the opening fence
markers from triple backticks (```) to triple backticks followed by the word
"text" (```text). This applies to both the Railway template URL block around
line 19 and the alternate template URL block around line 87.
- Around line 99-100: The documentation for the `/health` endpoint response at
line 99 in railway-template.md incorrectly specifies the response format as the
object `{"status":"ok"}` when the service actually returns a boolean `ok`
payload. Update the documented response format to reflect what the service
actually returns instead of the incorrect object structure, ensuring post-deploy
validation expectations match the actual API response.
---
Nitpick comments:
In `@README.md`:
- Around line 6-8: The one-click deployment buttons for Railway and Vercel in
the README do not include TOKEN_HMAC_SECRET as a configurable environment
variable parameter. Add TOKEN_HMAC_SECRET to the envs parameter in the Railway
deployment button URL and to the env parameter in the Vercel deployment button
URL. Include appropriate descriptions and generation instructions for
TOKEN_HMAC_SECRET (e.g., generate with openssl rand -hex 32) similar to how
ENCRYPTION_SECRET is documented. This ensures proper secret isolation during
one-click deployments instead of relying on fallback behavior using
ENCRYPTION_SECRET.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6b61ab74-690b-4b54-b6e3-48526387201a
📒 Files selected for processing (7)
.replitREADME.mdrailway.tomlrender.yamlreplit.nixsubmissions/railway-template.mdvercel.json
| ``` | ||
| https://relay.byokrelay.com | ||
| ``` |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Add a language identifier to the fenced URL block.
The code fence at Line 18 is missing a language tag (MD040).
Suggested fix
-```
+```text
https://relay.byokrelay.com</details>
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 18-18: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @README.md around lines 18 - 20, The fenced code block containing the URL
https://relay.byokrelay.com is missing a language identifier after the opening
triple backticks, which violates the markdown linting rule MD040. Add the
language identifier "text" after the opening triple backticks so the fence reads
text instead of just to properly specify the code block language.
</details>
<!-- fingerprinting:phantom:poseidon:hawk -->
<!-- cr-indicator-types:potential_issue -->
<!-- cr-comment:v1:73dbd1cd162f7c4ad4463e9c -->
_Source: Linters/SAST tools_
<!-- This is an auto-generated comment by CodeRabbit -->
| ``` | ||
| https://railway.app/new/template?template=https%3A%2F%2Fgithub.com%2Favikalpg%2Fbyok-relay&envs=ENCRYPTION_SECRET%2CALLOWED_ORIGINS%2CAPP_SECRET%2CDB_PATH&... | ||
| ``` |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Add language identifiers to fenced code blocks.
The fences at Line 19 and Line 87 are missing language tags (MD040).
Suggested fix
-```
+```text
https://railway.app/new/template?template=https%3A%2F%2Fgithub.com%2Favikalpg%2Fbyok-relay&envs=ENCRYPTION_SECRET%2CALLOWED_ORIGINS%2CAPP_SECRET%2CDB_PATH&...@@
- +text
https://railway.app/template/byok-relay
Also applies to: 87-89
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 19-19: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@submissions/railway-template.md` around lines 19 - 21, The fenced code blocks
at lines 19 and 87 are missing language identifiers, which violates the markdown
linting rule MD040. Add the language identifier "text" to both code fences by
changing the opening fence markers from triple backticks (```) to triple
backticks followed by the word "text" (```text). This applies to both the
Railway template URL block around line 19 and the alternate template URL block
around line 87.
Source: Linters/SAST tools
| 1. Deploy completes → check `/health` returns `{"status":"ok"}` | ||
| 2. Dashboard → your service → **Volumes** → **Add Volume** → Mount Path: `/data` |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Fix the documented /health response shape.
Line 99 currently checks for {"status":"ok"}, but the service returns an ok boolean payload. This can cause false negatives in post-deploy validation.
Suggested fix
-1. Deploy completes → check `/health` returns `{"status":"ok"}`
+1. Deploy completes → check `/health` returns JSON with `"ok": true` (for example: `{"ok":true,"version":"...","providers":[...]}`)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 1. Deploy completes → check `/health` returns `{"status":"ok"}` | |
| 2. Dashboard → your service → **Volumes** → **Add Volume** → Mount Path: `/data` | |
| 1. Deploy completes → check `/health` returns JSON with `"ok": true` (for example: `{"ok":true,"version":"...","providers":[...]}`) | |
| 2. Dashboard → your service → **Volumes** → **Add Volume** → Mount Path: `/data` |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@submissions/railway-template.md` around lines 99 - 100, The documentation for
the `/health` endpoint response at line 99 in railway-template.md incorrectly
specifies the response format as the object `{"status":"ok"}` when the service
actually returns a boolean `ok` payload. Update the documented response format
to reflect what the service actually returns instead of the incorrect object
structure, ensuring post-deploy validation expectations match the actual API
response.
Growth Day 13 — Railway Template
Builds on PR #51 (Replit) to round out the one-click deploy story with a properly configured Railway template — the platform recommended for production use.
What changed
railway.toml— production-hardenedNIXPACKS_NODE_VERSION = "20"build arg (pins Node 20; avoids version drift)DB_PATH = "/data/relay.db"env var default — tells byok-relay where Railway mounts the persistent volumeREADME.md— Railway section improvedDB_PATHenv var prompt with/data/relay.dbdefault (so the user sees it during deploy, not buried in docs)/datafrom the dashboard + redeploy stepsubmissions/railway-template.md— submission guidesubmissions/replit-template.md)Why the volume step matters
Without a Railway volume at
/data,relay.dblives on the ephemeral layer and resets on every redeploy — users lose tokens and keys silently. The PR makes this impossible to miss: the deploy button prompts forDB_PATH, the README section has an explicit step, and the submission guide has a post-deploy checklist.Metrics (2026-06-23)
Next step for Avi
Submit to Railway Template Marketplace — full instructions at
submissions/railway-template.md. Takes ~5 minutes with a Railway account.Summary by CodeRabbit
Documentation
Chores