Live
Workers (prod) healthy
Workers (dev) healthy
D1 sysos-db 0ms latency
D1 sysos-db-dev isolated
R2 sysos-assets CDN active
WAF block mode (prod)
WAF log mode (dev)
TLS 1.3 enabled
KV sysos-kv global
Workers AI llama-3.1-8b
Neon PostgreSQL (prod) connected
Neon PostgreSQL (dev) connected
Auth /api/auth jwt · 8h
CI/CD dev auto · prod manual
Autoscaling unlimited · 300+ PoPs
Workers (prod) healthy
Workers (dev) healthy
D1 sysos-db 0ms latency
D1 sysos-db-dev isolated
R2 sysos-assets CDN active
WAF block mode (prod)
WAF log mode (dev)
TLS 1.3 enabled
KV sysos-kv global
Workers AI llama-3.1-8b
Neon PostgreSQL (prod) connected
Neon PostgreSQL (dev) connected
Auth /api/auth jwt · 8h
CI/CD dev auto · prod manual
Autoscaling unlimited · 300+ PoPs
Sysos Platform
Infrastructure Architecture · v2.0 · Cloudflare Edge · Multi-Environment
2 environments live
Production · sysos.app
Development · dev.sysos.app
v2.0 · June 2026
CI/CD Pipeline · GitHub Actions · dev auto-deploy · prod manual promote
GitHub
push to main
Build
opennext build
D1 Migrate
sysos-db-dev
Deploy Dev
auto on push
Smoke Tests
/api/health
⚠
manual
promote
manual
promote
D1 Migrate
sysos-db
Deploy Prod
wrangler deploy
Health Check
verified stable
Production Users
Browser · Mobile · API clients
*.sysos.app
Engineering & QA
Internal testing · Validation · Never customers
*.dev.sysos.app
Cloudflare Edge Network
Global · 300+ PoPs · Autoscales to any traffic · Zero cold starts · <5ms isolate start
Global active · Autoscaling on
Wildcard DNS · *.sysos.app + *.dev.sysos.app
Workers isolate: <5ms start
Unlimited concurrency
Scale-to-zero
128MB per request
30s CPU / paid plan
WAF
OWASP + Managed
Block / Log per env
Block / Log per env
DDoS Protection
L3 / L4 / L7
Always-on · Auto
Always-on · Auto
Rate Limiting
1k/min (prod)
Per-tenant via KV
Per-tenant via KV
SSL / TLS
TLS 1.3 (prod)
HSTS preload
HSTS preload
Bot Protection
Fight Mode (prod)
Off in dev
Off in dev
PRODUCTION
sysos.app · *.sysos.app · Existing worker
Cloudflare Workers · sysos
Next.js 15 App Router · opennextjs-cloudflare · Edge SSR
Cloudflare Bindings
D1 Database
sysos-db
SQLite · 10GB · WAL · TTR 30d
R2 Storage
sysos-assets
Zero egress · CDN · Versioned
Workers KV
sysos-kv
Cache · Rate limits · Flags
Workers AI
AI binding
Llama 3.1 · BGE · BART
Durable Objects
CHAT_ROOM class
WebSockets · Distributed locks
Analytics Engine
sysos-analytics
Per-tenant events · SQL
External Services
Neon PostgreSQL
DATABASE_URL
Heavy reads · Analytics
Resend
RESEND_API_KEY
Transactional email
NextAuth v5
/api/auth (admin) · /api/portal-auth (employee)
JWT · 8h sessions · httpOnly · secure · sameSite:lax · NEXTAUTH_URL=https://sysos.app
DEVELOPMENT
dev.sysos.app · *.dev.sysos.app · NEW worker
Cloudflare Workers · sysos-dev
Next.js 15 App Router · opennextjs-cloudflare · Edge SSR · NEW WORKER
Cloudflare Bindings — All Isolated from Prod
D1 Database
sysos-db-dev
Isolated · Own migrations
R2 Storage
sysos-assets-dev
Private only · No CDN
Workers KV
sysos-kv-dev
Isolated cache namespace
Workers AI
AI binding
Shared budget · Quota enforced
Durable Objects
sysos-do-dev
Verbose logs · Isolated
Analytics Engine
sysos-analytics-dev
Isolated dataset
External Services — Separate Credentials
Neon PostgreSQL
DATABASE_URL (dev)
Separate dev branch
Resend
RESEND_API_KEY (dev)
Dev key · Test inbox
NextAuth v5
/api/auth (admin) · /api/portal-auth (employee)
Separate NEXTAUTH_SECRET · NEXTAUTH_URL=https://dev.sysos.app · Isolated JWT
Monitoring & Observability · Both Environments
Analytics Engine
sysos-analytics / -dev
Per-tenant SQL events · Real-time · Separate datasets
Observability
Workers built-in
Dev 100% sampling · Prod 10% · Errors always
Logpush
Production only
R2 · Datadog · Long-term retention
Health Check
/api/health · Both envs
D1 + KV probe · env field in response
LEGEND
Production
Development
Cloudflare Edge
Healthy
Security
Manual gate
---→Prod data flow
---→Dev data flow
Hover any card for details · All environments fully isolated · No shared resources