← Back to Reports

v1-internal-release-go-no-go.md

NGIE-AI v1 Internal Release Go/No-Go Report

Validation date: July 7, 2026
Release target: v1 Internal Production Release
Scope: production readiness validation only
Authentication: disabled by release decision
Business logic changed during validation: no

Final Recommendation

GO for Ubuntu + systemd + nginx internal production deployment.

NO-GO for Docker-based production deployment until Docker is installed and the images are built successfully in the target environment.

The recommended hosting option for v1 Internal Release is:

Ubuntu Linux server + Node.js 22 + systemd services + nginx reverse proxy + Let's Encrypt SSL

Docker support exists, but Docker could not be locally verified on this workstation because the docker CLI is not installed.

Passed Checks

CheckStatusEvidence
Reviewed deployment checklistPassdocs/DEPLOYMENT_CHECKLIST.md exists and covers pre-deploy, validation, Ubuntu, health, SSL, CORS, rate limits, logs, GitHub Actions, smoke tests, rollback, and approval.
Reviewed production readiness auditPassreports/production-readiness-audit.md exists and documents readiness, controls, limitations, and release recommendation.
Required environment variables listedPass.env.example includes all required API and frontend environment variables.
Frontend production buildPassnpm run build in frontend/ completed successfully.
Platform API starts in production modePassAPI started locally with NODE_ENV=production on port 3198.
API health checkPassGET /health returned 200.
API readiness checkPassGET /health/ready returned 200.
CORS allow-list configurablePassApproved origin https://admin.example.com returned 200 with matching access-control-allow-origin.
Unapproved CORS origin rejectedPassUnapproved origin https://evil.example.com returned 403.
Rate limiting enabledPassRepeated requests returned 429 Too Many Requests.
Production logs writtenPassAPI wrote JSONL logs to reports/logs/validation/platform-api.log.
GitHub Actions workflow structurePassWorkflow includes name, on, jobs, validate, deploy, checkout, setup-node, tests, and service restart steps.
API testsPassnpm run api:test: 12 passed.
Module testsPassnpm run modules:test: 7 passed.
Workflow testsPassnpm run workflow:test: 3 passed.
Workflow validationPassnpm run workflow:validate: all workflows valid.

Failed or Unverified Checks

CheckStatusDetails
Docker local buildFailed / environment unavailabledocker version failed because Docker is not installed or not available in this workstation shell. Docker files were not build-tested locally.
GitHub Actions full syntax validation with actionlintUnverifiedruby and python were unavailable, and actionlint is not installed. A static structural workflow check passed, but a full Actions parser was not available locally.

Deployment Blockers

Blocking for Docker deployment

  • Docker is not installed locally, so Docker image build verification could not be completed.
  • Before choosing Docker hosting, run:
docker version
docker build -f docker/api.Dockerfile -t ngie-ai-api:v1 .
docker build -f docker/frontend.Dockerfile -t ngie-ai-frontend:v1 .
cd docker
docker compose up --build -d

Not blocking for recommended Ubuntu deployment

No blocking issues were found for the recommended Ubuntu + systemd + nginx deployment path, assuming the deployment server has:

  • Node.js 22 or newer
  • nginx
  • certbot
  • DNS records configured
  • SSL certificates issued
  • .env configured with real approved domains
  • GitHub Actions secrets configured if automatic deployment is used

Security Warnings

  1. Authentication is disabled for v1 Internal Release.

    • This is intentional, but the deployment must remain internal and restricted to approved ecosystem domains.
  2. CORS is not authentication.

    • CORS reduces browser-origin exposure but does not protect the API from direct server-to-server requests.
  3. Rate limiting is in-memory.

    • This is acceptable for one internal server, but it resets on process restart and is not suitable for multi-server public deployment.
  4. Logs may contain operational metadata.

    • Keep reports/logs/*.log out of Git and review log retention policies before broader production use.
  5. GitHub Actions deployment requires secrets.

    • The workflow is structurally present, but deployment depends on correct GitHub environment and secret configuration.
  6. Raw ChatGPT exports must not be deployed unless explicitly approved.

    • Existing .gitignore protections should remain in place.

Recommended Hosting Option

Use the non-Docker Ubuntu path for v1 Internal Release:

Ubuntu 22.04/24.04 LTS
Node.js 22 LTS
systemd services:
  - ngie-ai-api
  - ngie-ai-frontend
nginx reverse proxy
Let's Encrypt SSL
approved DNS names only

Why:

  • This path does not depend on Docker being available.
  • It matches the deployment guide and service examples.
  • It gives straightforward operational visibility through systemctl, journalctl, nginx logs, and API JSONL logs.

Required Before Launch

  • Create production .env from .env.example.
  • Replace example domains with real internal ecosystem domains.
  • Configure DNS A records for frontend and API hostnames.
  • Install SSL certificates with certbot.
  • Install and enable systemd services.
  • Verify:
curl -fsS http://127.0.0.1:3100/health/ready
curl -fsS http://127.0.0.1:3000/api/health
  • Verify public HTTPS endpoints:
curl -fsS https://api.example.com/health/ready
curl -fsS https://admin.example.com/api/health
  • Confirm internal owners accept the authentication-disabled release boundary.

Go/No-Go Decision

GO for v1 Internal Release using Ubuntu + systemd + nginx.

Proceed only after DNS, SSL, environment variables, and deployment secrets are configured on the target server.

Do not choose Docker as the production hosting path until Docker build verification passes in the deployment environment.