Skip to content

feat(railway): one-click Railway deploy + team hosting guide (Phase 2)#14

Merged
Coding-Dev-Tools merged 1 commit into
mainfrom
feat/railway-template
Jul 15, 2026
Merged

feat(railway): one-click Railway deploy + team hosting guide (Phase 2)#14
Coding-Dev-Tools merged 1 commit into
mainfrom
feat/railway-template

Conversation

@Coding-Dev-Tools

Copy link
Copy Markdown
Owner

What (Phase 2 of the team-hosting plan)

One-click Railway deploy so a team admin hosts one instance on their own Railway account (their cost), and teammates just log in + connect agents — no local install. You sell Team seats; you carry zero hosting burden.

Changes (config + docs only — no code)

  • railway.json — Railway service config (Dockerfile builder, /api/health healthcheck, ON_FAILURE restart). Railway reads it via the Deploy-to-Railway button.
  • README — new "Host on Railway (team, no install for members)" section + a Deploy-to-Railway button pointing at railway.json, with the two required post-build steps called out: a persistent /data volume (so activated keys + memories survive redeploys) and ENGRAPHIS_FORWARDED_ALLOW_IPS=* (so the session cookie gets its Secure flag behind Railway's TLS proxy).
  • docs/HOSTING_RAILWAY.md — 5-minute walk-through: deploy → /data volume → forwarded-allow-ips → custom domain + ENGRAPHIS_DASHBOARD_URL → bootstrap admin (license-exempt) → activate Team key (seat cap, server-validated) → invite members → connect agents (HTTP today; /mcp when feat(agent-connect): mount MCP-over-HTTP at /mcp on the dashboard #12 lands) → cost/limits/backups/security.

Why this shape

  • Infra is one flat instance per team on the admin's Railway account (~$10–25/mo), amortized across seats — not per user. Team = $20/seat/mo; healthy margin, and you don't run hosting (uptime/backups/security stay with the admin).
  • Members never install: they click the invite URL → log in (email/password, never license-gated) → mint a bearer token in Settings → paste into their agent. The instance's Team license is what unlocks /api/remember (402 without it) — that's the "a Team license is required to connect" gate.

Notes / caveats (called out in the guide)

Verified

  • railway.json is valid JSON; all new/edited files are LF (no CRLF pollution). No code changed (config + docs), so the suite is unaffected. Did not update PyPI (per your instruction). Not merging — opening for review.

- railway.json: Railway service config (Dockerfile builder, /api/health
  healthcheck, ON_FAILURE restart). Railway reads it via the Deploy-to-Railway button.
- README: 'Host on Railway (team, no install for members)' section + Deploy-to-Railway
  button pointing at railway.json, with the two required one-click steps called out
  (persistent /data volume so keys + memories survive redeploys; ENGRAPHIS_FORWARDED_ALLOW_IPS=*
  so the session cookie gets its Secure flag behind Railway's proxy).
- docs/HOSTING_RAILWAY.md: 5-minute guide — deploy, /data volume, forwarded-allow-ips,
  custom domain + ENGRAPHIS_DASHBOARD_URL, bootstrap admin (license-exempt) + activate
  Team key (seat cap), invite members, connect agents (HTTP today, /mcp when #12 lands),
  cost/limits/backups/security. The admin hosts one instance on their Railway account;
  teammates only log in + connect agents — no local install.
@Coding-Dev-Tools

Copy link
Copy Markdown
Owner Author

Council Gate Verdict — APPROVE

Risk level: high | Agreement: 1.0 | Council session: council-e6ad8567-7bce-4842-a80b-a4535ad98d99

Per-model scores (rubric: correctness / safety / style / tests / complexity)

  • nvidia/nemotron-3-ultra-550b-a55b: APPROVE (overall 4.8) -- correctness=5.0, safety=5.0, style=5.0, tests=4.0, complexity=5.0
  • nvidia/llama-3.3-nemotron-super-49b-v1.5: APPROVE_WITH_NITS (overall 4.8) -- correctness=5.0, safety=4.0, style=5.0, tests=5.0, complexity=5.0

Engraphis reference

Council verdict persisted as mem_01KXJSQCC856WVGGGC5NEY0VYE (workspace Coding-Dev-Tools). Also logged to security-council workspace as mem_01KXJSQCCZ5XXM42SGTTBQBPJQ (auth/security PR).

Posted automatically by the council-gate PR review cron. Auth/security PRs are reviewed at risk_level=high.

@Coding-Dev-Tools Coding-Dev-Tools added the council-approved Council gate approved this PR (APPROVE / APPROVE_WITH_NITS) label Jul 15, 2026
@Coding-Dev-Tools Coding-Dev-Tools merged commit 9ce0c42 into main Jul 15, 2026
7 checks passed
@Coding-Dev-Tools Coding-Dev-Tools deleted the feat/railway-template branch July 15, 2026 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

council-approved Council gate approved this PR (APPROVE / APPROVE_WITH_NITS)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant