Skip to main content

Deployment & Environments

Deployment focuses on reproducible site builds, safe key handling for sponsorship, and controlled publication of catalogs and site references on chain. There are no mutable servers in the content path.

Environments

Local: developer runs the SPA locally; writes point to testnet; Walrus writes use a dev storage resource.
Testnet/Staging: site builds are published to Walrus and CDN; on‑chain references point to staging versions; sponsorship keys are test‑scoped.
Mainnet/Production: site builds and catalogs are published immutably; on‑chain references are updated via governance workflows.

Build and release

CI: reproducible builds (lockfiles, SRI) and static analysis for diagrams and links.
Artifact publication: upload assets to Walrus; warm CDN; generate a versioned catalog manifest; update Sui Site object references.
Rollback: point on‑chain references back to prior manifest; no in‑place mutation required.

Keys and secrets

Sponsorship keys: stored in HSM/secure enclave where possible; rotated regularly; quotas enforced.
IdP config: OIDC client config for zkLogin stored as environment secrets in CI; no long‑lived tokens are embedded in builds.
No content secrets: media remains public or encrypted; the SPA carries no decryption keys.

Monitoring and SLOs

Client telemetry: page load, fetch success rates, verification failures, sponsored tx settlement times.
Error budgets: tie alerts to user‑visible outcomes (render failures, repeated fallbacks).

Governance and change control

Policy changes (Kiosk, pricing, royalties) go through ADR review and controlled package upgrades.
Site reference updates are gated by multi‑sig or governance accounts; changes are auditable via on‑chain events.

Environments
Build and release
Keys and secrets
Monitoring and SLOs
Governance and change control