Bilko GCP→Azure Brand Domain Cutover (2026-06-15) — MC #103633

Context

Trigger: GCP billing dead → all-to-Azure migration (CEO directive 2026-06-15).
Scope: Bilko web was already on Azure; api.bilko.cloud was DOWN (HTTP 000, no DNS record). Azure PostgreSQL bilko-demo-pg already populated (63 tables, seed data) so NO DB migration needed — flip-only cutover.

What Changed

1. Cloudflare Worker Redeployment

Worker: bilko-edge-proxy
New version: 20b75f53-7e37-43c1-9145-4dc2364e8306
Rollback target: 707ad1ee-038c-459a-b7aa-588772d1bd49
Routing:
- api.bilko.{cloud,io,company} → bilko-api-demo.purplebeach-f004d490.swedencentral.azurecontainerapps.io
- app.bilko.{cloud,io,company} → bilko-web-demo.purplebeach-f004d490.swedencentral.azurecontainerapps.io

2. DNS Record Added

Zone: bilko.cloud (Cloudflare)
Record: CNAME api.bilko.cloud → bilko-api-demo.purplebeach-f004d490.swedencentral.azurecontainerapps.io (proxied)
Root cause fix: api.bilko.cloud previously had NO DNS record → HTTP 000 failure

3. Configuration Verification

UNLEASH_URL on bilko-api-demo already correct (Azure bilko-unleash), no change required

Verification (PASS)

Health Check — All 6 Brand Domains

Endpoint	Status	Response
`api.bilko.cloud/api/v1/health`	✅ HTTP 200	`{"status":"ok","service":"bilko-api"}`
`api.bilko.io/api/v1/health`	✅ HTTP 200	`{"status":"ok","service":"bilko-api"}`
`api.bilko.company/api/v1/health`	✅ HTTP 200	`{"status":"ok","service":"bilko-api"}`
`app.bilko.cloud`	✅ HTTP 200	Next.js HTML (`lang="hr"`/`"sr-Latn"`/`"bs"`)
`app.bilko.io`	✅ HTTP 200	Next.js HTML (`lang="hr"`/`"sr-Latn"`/`"bs"`)
`app.bilko.company`	✅ HTTP 200	Next.js HTML (`lang="hr"`/`"sr-Latn"`/`"bs"`)

Origin Confirmation

Azure origin confirmed: All responses trace to Azure Container Apps (no GCP markers)
Auth path live: HTTP 410 ENDPOINT_RETIRED → Entra SSO redirect working

Independent Verification

Proveo E2E verdict: PASS
Evidence:
- /tmp/evidence-103633-flip/
- /tmp/evidence-103633-dns2/
- /tmp/evidence-103633-proveo-e2e/verification.md

Rollback Procedure

If issues arise, rollback the Cloudflare Worker:

wrangler rollback --name bilko-edge-proxy --version-id 707ad1ee-038c-459a-b7aa-588772d1bd49

Open Follow-Ups (Low Priority)

CSP cleanup: connect-src on app.bilko.cloud still allowlists old GCP stage URL bilko-api-stage-dh4m46blja-lz.a.run.app — cosmetic, remove in cleanup PR.
Worker repo commit: Commit /tmp/bilko-cf-worker/ to repo apps/edge-proxy/ (MC #100129).
Password rotation: Rotate bilko_admin PG password (surfaced in session transcript).
Service Principal: Durable SP role grant on rg-bilko-demo (blocked by harness, needs CEO terminal).
CI migration: Replace dead GCP Cloud Build stage CI with Azure pipeline.

DEPLOY-MAP.md: Updated with final Cloudflare Worker route table and DNS state (FlowForge-owned).
Parent MC: #103633

Published: 2026-06-15 | Author: Skillforge (ALAI Holding AS) | MC: #103633

Pages & Routing

State Management

Frontend — Status & Architecture

Component Inventory

Design System

Forms & Validation

Figma Validation Report (2026-02-21)

High-Level Design (HLD)

Low-Level Design (LLD)

Validation Report

Bilko — Project Handbook

Pipeline Gate Tracker

ADR-022 — Document Archive Strategy

SPEC-022 — Document Archive Implementation

COMPLIANCE-022 — Archive Review (HIPAA/GDPR/CQC)

HR eRačun — Architecture Decision Record (ADR) + Build Plan

Backend — Target Architecture

Database — Schema & Models

API Reference

Database Schema

Authentication & Authorization

Business Logic

Middleware Stack

External Services Integration

API Coverage Report

Bilko Authentication -- Entra External ID (CIAM)

Bilko RBAC -- Users / Roles / Permissions

Bilko Auth Migration Runbook + Admin Guide

ADR-037 -- Entra Authenticates, Bilko Authorises; Single-Role v1; Multi-Org Deferred

Bilko Self-Serve Trial — CIAM Architecture and Auth Pattern (MC #103232)

Bilko Self-Serve Trial — CIAM Architecture and Auth Pattern (MC #103232)

Test Plan

Testing Guide

Test Inventory

Deployment Guide

CI/CD Pipeline

Environment Configuration

Bilko Stage Environment — Cloud SQL & IAM (Phase 1)

Bilko Stage Environment — Cloud Run Services (Phase 2)

Bilko demo — receipt upload/download fix (GCS shared storage) — MC #103095 (2026-06-07)

Bilko Azure Observability + MS for Startups Credit Setup (2026-06-15)

Bilko ACA Telemetry & Observability Wiring (Azure)

Serbia — Regulatory Summary

Bosnia — Regulatory Summary

Croatia — Regulatory Summary

Multi-Region Overview

Chart of Accounts (All Countries)

Serbia — SEF e-Invoicing

Bosnia — PDV System

Croatia — eRačun & HR-FISK

Bilko HR eRačun — sveRačun (PostLink) Integration & Status Model

Bilko B5 — Per-Line VAT Exemption Classification (MC #103593, 2026-06-15)

Security Architecture

GDPR & Compliance

Bilko CIAM abuse-gate fix — checkBefore moved outside SERIALIZABLE tx (MC #104069, root-cause of #103245)

Bilko Terms of Service (with Sub-Processor disclosure GDPR Art. 28(4))

Bilko Privacy Notice (with Document Archive Sub-Processors §8.1)

DPA Template — Vedlegg B / Annex B: Sub-Processors for Bilko Archive Feature

Sub-Processor Notification Email Template (Bilko)

Bilko GCP→Azure Brand Domain Cutover (2026-06-15) — MC #103633

Bilko GCP→Azure Brand Domain Cutover (2026-06-15) — MC #103633

Context

What Changed

1. Cloudflare Worker Redeployment

2. DNS Record Added

3. Configuration Verification

Verification (PASS)

Health Check — All 6 Brand Domains

Origin Confirmation

Independent Verification

Rollback Procedure

Open Follow-Ups (Low Priority)

Related Documentation