Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Production Deployment Guide

Architecture

enc-testnet.ocrybit.workers.dev    Ethereum devnet + block explorer
enc-node.ocrybit.workers.dev       ENC protocol node (Durable Objects)
enc-cloud.ocrybit.workers.dev      Provisioner API (D1 + service bindings)
enc-registry.ocrybit.workers.dev   Registry DataView (Durable Object)
enc-cloud-app.ocrybit.workers.dev  Frontend dashboard (Workers static-assets)

The provisioner uses service bindings to call the node and testnet Workers directly (no public URL fetch between Workers on the same account).

The frontend dashboard was migrated from CF Pages (enc-cloud.pages.dev) to Workers static-assets on 2026-05-13 — CF Pages' /pages/assets/upload endpoint has had persistent 502s, and Workers static-assets uses the more reliable /workers/scripts/<name>/assets-upload-session path. The new Worker uses the name enc-cloud-app to avoid colliding with the provisioner API at enc-cloud.

Prerequisites

  • Cloudflare account with Workers + D1
  • wrangler CLI authenticated (npx wrangler login)
  • impl-node deployed at enc-node.ocrybit.workers.dev
  • utils/ethereum deployed at enc-testnet.ocrybit.workers.dev

1. Generate admin token

yarn keygen

Save the ADMIN_TOKEN — you'll need it to configure the provisioner.

2. Create D1 database

cd provisioner
npx wrangler d1 create enc-cloud

Copy the database_id into provisioner/wrangler.toml.

3. Set secrets

npx wrangler secret put ADMIN_TOKEN --name enc-cloud

4. Deploy provisioner

yarn deploy

This deploys to https://enc-cloud.ocrybit.workers.dev with service bindings to enc-node and enc-testnet.

5. Initialize database

yarn db:init    # create tables
yarn db:seed    # seed shared node URL

6. Configure USDT address

curl -X POST https://enc-cloud.ocrybit.workers.dev/config \
  -H "Content-Type: application/json" \
  -H "X-Admin-Token: YOUR_TOKEN" \
  -d '{"key":"usdt_address","value":"0x5fbdb2315678afecb367f032d93f642f64180aa3"}'

7. Deploy frontend

yarn deploy:frontend

Lands at https://enc-cloud-app.ocrybit.workers.dev (Workers static-assets, configured in frontend/wrangler.jsonc). The provisioner API stays at enc-cloud.ocrybit.workers.dev, so the dashboard's Worker uses a different name to avoid overwriting it.

The build injects production URLs from frontend/.env.production (checked in — no secrets, just public endpoints):

  • VITE_PROV_URL=https://enc-cloud.ocrybit.workers.dev
  • VITE_NODE_URL=https://enc-node.ocrybit.workers.dev
  • VITE_REGISTRY_URL=https://enc-registry.ocrybit.workers.dev
  • VITE_ETH_URL=https://enc-testnet.ocrybit.workers.dev

The wallet extension zip served at /enc-extension.zip is pulled from the impl-wallet-extension submodule at vendor/wallet-extension/dist/enc-extension.zip and copied into frontend/public/ by yarn sync:wallet-extension (auto-invoked by yarn build). Update the extension with git submodule update --remote vendor/wallet-extension && yarn deploy:frontend.

8. Verify

# Templates
curl https://enc-cloud.ocrybit.workers.dev/templates
 
# Deploy an enclave
curl -X POST https://enc-cloud.ocrybit.workers.dev/tenants \
  -H "Content-Type: application/json" \
  -d '{"pub_key":"aaaa...64hex...","name":"test"}'
 
curl -X POST https://enc-cloud.ocrybit.workers.dev/enclaves \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer aaaa...64hex..." \
  -d '{"template":"Personal","name":"My Personal"}'

Service Bindings

The provisioner can't use fetch() to call other Workers on the same CF account (error 1042). Service bindings solve this:

# wrangler.toml
[[services]]
binding = "ENC_NODE"
service = "enc-node"
 
[[services]]
binding = "ENC_TESTNET"
service = "enc-testnet"

Code uses env.ENC_NODE.fetch() in production and regular fetch() for local dev.

Redeployment

# Provisioner only
yarn deploy
 
# Frontend only
yarn deploy:frontend
 
# Both
yarn deploy && yarn deploy:frontend

Admin API

All admin endpoints require X-Admin-Token header.

TOKEN=your_admin_token
 
# Set config
curl -X POST https://enc-cloud.ocrybit.workers.dev/config \
  -H "Content-Type: application/json" -H "X-Admin-Token: $TOKEN" \
  -d '{"key":"usdt_address","value":"0x..."}'
 
# Add to faucet whitelist
curl -X POST https://enc-cloud.ocrybit.workers.dev/faucet/whitelist \
  -H "Content-Type: application/json" -H "X-Admin-Token: $TOKEN" \
  -d '{"address":"0x..."}'
 
# Remove from whitelist
curl -X DELETE https://enc-cloud.ocrybit.workers.dev/faucet/whitelist/0x... \
  -H "X-Admin-Token: $TOKEN"