Skip to content

Deployment Guide

Fabrizio Degni edited this page Jul 8, 2026 · 1 revision

Deployment Guide

PolicyWatcher production deployment currently assumes:

  • Hostinger for the Next.js application;
  • SQLite database stored outside the extracted application root;
  • optional VPS renderer;
  • optional VPS operations agent.

Hostinger Application Package

Use the packaging script:

bash scripts/package-release.sh

The generated Hostinger package excludes:

  • database files;
  • local .env files;
  • test files;
  • archived deployment packages;
  • unsafe deployment quarantine folders.

Required Hostinger Variables

GEMINI_API_KEY=
API_SECRET=
SESSION_HMAC_SECRET=
DATABASE_URL=file:/home/USER/domains/policywatcher.online/policywatcher-data/production.db
APP_URL=https://www.policywatcher.online
NEXT_PUBLIC_APP_URL=https://www.policywatcher.online
ADMIN_USER=
ADMIN_PASSWORD=
AUDITOR_USER=
AUDITOR_PASSWORD=

Recommended:

RENDERER_URL=https://render.policywatcher.online
RENDERER_SECRET=
VPS_AGENT_URL=https://ops.policywatcher.online
VPS_AGENT_SECRET=
ADMIN_ALERT_EMAIL=
SMTP_HOST=
SMTP_PORT=
SMTP_USER=
SMTP_PASS=
SMTP_FROM=

Leave disabled in production:

ALLOW_DATABASE_SEED_ENDPOINT=
ALLOW_SEEDED_PUBLIC_DATA=

Database Initialization

On Hostinger SSH, Node may not be in the default shell path. Activate the Hostinger Node runtime first when needed.

For production SQLite:

export DATABASE_URL="file:/home/USER/domains/policywatcher.online/policywatcher-data/production.db"
bash scripts/hostinger-init-db.sh

Then initialize the monitored inventory:

node scripts/hostinger-seed-inventory.mjs

Do not run /api/seed in production.

First Production Scan

Use the admin Cron Manager to scan in batches:

  • start with a small limit such as 5;
  • inspect strategy evidence;
  • remediate suspended sources;
  • repeat until verified baselines exist;
  • avoid publishing seeded data as public evidence.

Clone this wiki locally