Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Production Deployment Guide

Architecture

enc-testnet.ocrybit.workers.dev    Ethereum devnet + block explorer
enc-node.ocrybit.workers.dev       ENC protocol node (Durable Objects)
enc-cloud.ocrybit.workers.dev      Provisioner API (D1 + service bindings)
enc-cloud.pages.dev                Frontend (CF Pages)

The provisioner uses service bindings to call the node and testnet Workers directly (no public URL fetch between Workers on the same account).

Prerequisites

  • Cloudflare account with Workers + Pages + D1
  • wrangler CLI authenticated (npx wrangler login)
  • impl-node deployed at enc-node.ocrybit.workers.dev
  • utils/ethereum deployed at enc-testnet.ocrybit.workers.dev

1. Generate admin token

yarn keygen

Save the ADMIN_TOKEN — you'll need it to configure the provisioner.

2. Create D1 database

cd provisioner
npx wrangler d1 create enc-cloud

Copy the database_id into provisioner/wrangler.toml.

3. Set secrets

npx wrangler secret put ADMIN_TOKEN --name enc-cloud

4. Deploy provisioner

yarn deploy

This deploys to https://enc-cloud.ocrybit.workers.dev with service bindings to enc-node and enc-testnet.

5. Initialize database

yarn db:init    # create tables
yarn db:seed    # seed shared node URL

6. Configure USDT address

curl -X POST https://enc-cloud.ocrybit.workers.dev/config \
  -H "Content-Type: application/json" \
  -H "X-Admin-Token: YOUR_TOKEN" \
  -d '{"key":"usdt_address","value":"0x5fbdb2315678afecb367f032d93f642f64180aa3"}'

7. Deploy frontend

yarn deploy:frontend

First time requires creating the Pages project:

cd frontend
npx wrangler pages project create enc-cloud --production-branch main

The build injects production URLs via env vars:

  • VITE_PROV_URL=https://enc-cloud.ocrybit.workers.dev
  • VITE_NODE_URL=https://enc-node.ocrybit.workers.dev
  • VITE_ETH_URL=https://enc-testnet.ocrybit.workers.dev

8. Verify

# Templates
curl https://enc-cloud.ocrybit.workers.dev/templates
 
# Deploy an enclave
curl -X POST https://enc-cloud.ocrybit.workers.dev/tenants \
  -H "Content-Type: application/json" \
  -d '{"pub_key":"aaaa...64hex...","name":"test"}'
 
curl -X POST https://enc-cloud.ocrybit.workers.dev/enclaves \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer aaaa...64hex..." \
  -d '{"template":"Personal","name":"My Personal"}'

Service Bindings

The provisioner can't use fetch() to call other Workers on the same CF account (error 1042). Service bindings solve this:

# wrangler.toml
[[services]]
binding = "ENC_NODE"
service = "enc-node"
 
[[services]]
binding = "ENC_TESTNET"
service = "enc-testnet"

Code uses env.ENC_NODE.fetch() in production and regular fetch() for local dev.

Redeployment

# Provisioner only
yarn deploy
 
# Frontend only
yarn deploy:frontend
 
# Both
yarn deploy && yarn deploy:frontend

Admin API

All admin endpoints require X-Admin-Token header.

TOKEN=your_admin_token
 
# Set config
curl -X POST https://enc-cloud.ocrybit.workers.dev/config \
  -H "Content-Type: application/json" -H "X-Admin-Token: $TOKEN" \
  -d '{"key":"usdt_address","value":"0x..."}'
 
# Add to faucet whitelist
curl -X POST https://enc-cloud.ocrybit.workers.dev/faucet/whitelist \
  -H "Content-Type: application/json" -H "X-Admin-Token: $TOKEN" \
  -d '{"address":"0x..."}'
 
# Remove from whitelist
curl -X DELETE https://enc-cloud.ocrybit.workers.dev/faucet/whitelist/0x... \
  -H "X-Admin-Token: $TOKEN"