Deployment
Profy uses Docker Compose for application deployment with Nginx as the public-facing reverse proxy. The platform supports blue-green deployment for zero-downtime releases. Experts run on the Agent Runtime (services/agent-runtime) inside declarative sandboxes (E2B/Docker), orchestrated alongside Core and Web in Compose.
Deployment Architecture
Prerequisites
| Requirement | Version |
|---|---|
| Docker | Latest stable |
| Docker Compose | v2+ |
| Nginx | Host-level installation |
| Domain + SSL | Valid certificate (Let’s Encrypt or commercial) |
| Node.js | >= 20 (for builds) |
| Bun | Latest |
Docker Compose
The application stack is defined indeploy/docker/docker-compose.yml:
| Service | Image | Port | Description |
|---|---|---|---|
core | Built from services/core/ | 8080 | Hono API backend |
web | Built from apps/web/ | 3000 | Next.js frontend |
agent-runtime | Built from services/agent-runtime/ | 8000 | Agent Runtime (FastAPI) for Experts / sandboxes |
redis | redis:alpine | 6379 | Cache, session store, rate limiting |
Quick Deploy
Blue-Green Deployment
The deploy script implements a blue-green strategy for zero-downtime updates.Slot Allocation
| Slot | Core Port | Web Port (Prod) | Web Port (Test) |
|---|---|---|---|
| Blue | 8080 | 3100 | 3000 |
| Green | 8081 | 3101 | 3001 |
Deployment Flow
Health Checks
The deploy script verifies the new environment before switching traffic:- Wait for containers to report healthy status
- HTTP GET to
GET /healthendpoint - Verify response status code
- Only proceed with traffic switch on success
Nginx Configuration
Nginx runs at the host level and serves as the unified entry point.Routing Rules
Key Nginx Settings
| Setting | Value | Purpose |
|---|---|---|
proxy_buffering | off | Required for SSE streaming |
proxy_read_timeout | 300s | Long-lived SSE connections |
client_max_body_size | 50m | File upload support |
| SSL | TLS 1.2+ | HTTPS termination |
Environment Variables
Core API (services/core)
| Variable | Description | Required |
|---|---|---|
DATABASE_URL | PostgreSQL connection string | Yes |
REDIS_URL | Redis connection string | Yes |
JWT_SECRET | Secret key for JWT signing | Yes |
S3_ENDPOINT | S3-compatible storage URL | Yes |
S3_ACCESS_KEY | S3 access key | Yes |
S3_SECRET_KEY | S3 secret key | Yes |
WECHAT_PAY_APP_ID | WeChat Pay app ID | For payments |
WECHAT_PAY_MCH_ID | WeChat Pay merchant ID | For payments |
AGENT_INVOKE_URL | Agent engine endpoint | For tasks |
ALIYUN_SMS_ACCESS_KEY_ID | Aliyun SMS key | For SMS |
Frontend (apps/web)
| Variable | Description | Required |
|---|---|---|
NEXT_PUBLIC_API_URL | Core API base URL | Yes |
BACKEND_URL | Agent Runtime base URL (Compose: http://agent-runtime:8000) | For Experts / chat |
CORE_API_URL | Core API URL inside Docker network | Yes (Compose) |
Agent Runtime & declarative sandboxes
The Agent Runtime lives inservices/agent-runtime/ and is built as the agent-runtime (and optional worker) Compose services. Sandbox provisioning is owned by Core: the E2B template ID is driven by SANDBOX_E2B_TEMPLATE_ID (defaults to profy-sandbox) in services/core/.env*; agent-runtime only selects SANDBOX_PROVIDER=e2b and connects to the sandbox by ID. The sandbox image is built from services/profy-sandbox/ (see make deploy-sandbox).
The Next.js app uses BACKEND_URL to reach the Agent Runtime for invoke/stream flows; no separate Kubernetes cluster is required for the Expert workforce model.
Monitoring & Operations
Health Endpoint
200 OK when the Core API is operational.
Container Logs
Rollback
If a deployment fails post-switch, re-run the deploy script — it will detect the current active slot and deploy to the standby slot, effectively rolling back.Related Pages
Architecture
System architecture and routing overview
Agent Platform
Agent Runtime, Experts, and declarative sandboxes

