# Bilko Environment Topology — Corrected Canonical Reference (2026-06-09) # Bilko Environment Topology — Corrected Canonical Reference **As of:** 2026-06-09 | **Authority:** MC #103300 C7 (ZAKON PLAN docs) | **Source:** Tool-verified facts only — no inferred data --- ## 1. Production — Customer-Facing **CEO Decision (2026-06-09):** Demo Cloud Run services reused as production ($0 new infra). There is no separate prod Cloud Run deployment.
DomainCloud Run ServiceDNSTLSDatabase
`app.bilko.cloud``bilko-web-demo`Cloudflare CNAME → `ghs.googlehosted.com` (grey/DNS-only)Google-managed cert (provisioned)bilko-demo-db (PostgreSQL 15)
`app-api.bilko.cloud``bilko-api-demo`Cloudflare CNAME → `ghs.googlehosted.com` (grey/DNS-only)Google-managed cert (provisioned)
### Self-Serve Onboarding - Prospect signs up via **Entra External ID (CIAM)** — email OTP flow. - On first login: JIT provisioning creates an empty RLS tenant + 7-day trial (MC #103232). - No manual admin action required for new trial sign-ups. ### AI Chatbot - Tier-router: **Groq → Ollama → Anthropic** (primary → fallback → fallback). - `GROQ_API_KEY` bound to `bilko-api-demo` Cloud Run service (fixed 2026-06-09). --- ## 2. Marketing Landings (Cloudflare Pages)
DomainApp / PathCTA destination
`bilko.cloud``apps/landing-hr``app.bilko.cloud`
`bilko.io``apps/landing-io``app.bilko.cloud`
`bilko.company``apps/landing-ba``app.bilko.cloud`
- Verified live: all register/login CTAs point to `app.bilko.cloud` — zero references to `bilko-demo.alai.no` or legacy domains. - **Known issue MC #103308 (deploy-dir caveat):** Cloudflare Pages workflow currently deploys the repo root `index.html`, not the Next.js `out/` directory. A manual `wrangler deploy out/` was executed 2026-06-09 as a workaround. Permanent fix tracked in MC #103308. --- ## 3. Stage — UAT + Seed / Demo
DomainCloud Run ServiceDatabaseRole
`bilko-demo.alai.no``bilko-web-stage`bilko-staging-db (PostgreSQL 16)UAT, internal QA, seeded demo data
`bilko-demo-api.alai.no``bilko-api-stage`
**Note:** The `bilko-demo.alai.no` and `bilko-demo-api.alai.no` domain mappings remain live and now serve the stage/UAT role (not production-customer-facing). --- ## 4. CI/CD Pipeline
TriggerCloud Build ConfigDeploys to
Push to `main` branch`cloudbuild-stage.yaml`Stage (`bilko-web-stage`, `bilko-api-stage`, `bilko-staging-db`)
Semver tag `vX.Y.Z``cloudbuild.yaml`Demo/Prod (`bilko-web-demo`, `bilko-api-demo`, `bilko-demo-db`)
**Known issue MC #103304:** GitHub Actions is currently DOWN due to billing. This affects any workflows running in GitHub Actions; Cloud Build triggers (above) are unaffected. --- ## 5. Known Issues & Orphaned Resources
MC / RefIssueStatus
MC #103304GitHub Actions billing — Actions disabledOpen
MC #103308Landing deploy-dir: workflow deploys root, not `out/`; manual wrangler deploy applied 2026-06-09Open
MC #103296Orphaned OAuth brand / project 762788903040 — not linked to any active serviceOpen
Retired`api.bilko.cloud` legacy domain — retired, no active Cloud Run mappingRetired 2026-06-09
AvoidedTwo-V70 migration collision — resolved, no duplicate V70 migration in flightResolved 2026-06-09
--- ## 6. Architecture Diagram ``` ┌─────────────────────────────────────────────────────────────────────┐ │ PRODUCTION (customer-facing) │ │ │ │ bilko.cloud ─────┐ │ │ bilko.io ────────┼──► Cloudflare Pages (landing-hr/io/ba) │ │ bilko.company ───┘ │ CTA │ │ ▼ │ │ app.bilko.cloud ──► [CF DNS-only CNAME] ──► bilko-web-demo │ │ app-api.bilko.cloud ─► [CF DNS-only CNAME] ──► bilko-api-demo │ │ │ │ │ │ Google TLS bilko-demo-db │ │ (PG15, RLS) │ │ │ │ Entra External ID (CIAM) → email OTP → JIT tenant + 7-day trial │ │ AI: Groq → Ollama → Anthropic (tier-router) │ └─────────────────────────────────────────────────────────────────────┘ ┌─────────────────────────────────────────────────────────────────────┐ │ STAGE (UAT / internal demo / seeded data) │ │ │ │ bilko-demo.alai.no ────► bilko-web-stage │ │ bilko-demo-api.alai.no ─► bilko-api-stage │ │ │ │ │ bilko-staging-db (PG16) │ └─────────────────────────────────────────────────────────────────────┘ CI/CD: push main → cloudbuild-stage.yaml → STAGE tag vX.Y.Z → cloudbuild.yaml → DEMO/PROD ``` --- ## 7. Decision Log
DateDecisionAuthority
2026-06-09Reuse `bilko-web-demo` / `bilko-api-demo` as production endpoints ($0 new infra)CEO (Alem Basic)
2026-06-09GROQ\_API\_KEY bound to `bilko-api-demo` (was missing, broke AI chatbot)MC #103300 fix
2026-06-09All landing CTA hrefs verified pointing to `app.bilko.cloud`MC #103300 C7 verification
2026-06-09Legacy `api.bilko.cloud` domain retiredMC #103300
--- *Generated by Skillforge (MC #103300 C7). Facts tool-verified in session 2026-06-09. Next review: on any topology change or new domain mapping.*