Deployment

AI SpendOps deploys three Cloudflare Workers across two environments, with CI/CD via GitHub Actions.

Workers

Worker	Dev Name	Prod Name
Proxy	aispendops-proxy-dev	aispendops-proxy-prod
Usage Consumer	aispendops-usage-consumer-dev	aispendops-usage-consumer-prod
Denial Consumer	aispendops-denial-consumer-dev	aispendops-denial-consumer-prod

All workers are deployed from the LumatechUK/AI SpendOps-proxy monorepo.

CI/CD

GitHub Actions

Trigger	Target	Behaviour
Push to main	Dev	Auto-deploy all changed workers (path-filtered)
Manual dispatch	Prod	Requires manual approval via GitHub Actions workflow dispatch

Path filtering ensures that a change to apps/proxy-worker/ only redeploys the proxy worker, not the consumers (and vice versa).

Deployment Steps

1. Install dependencies (npm ci)
2. Run type checking and linting
3. Run unit tests
4. Deploy via wrangler deploy with environment-specific config
5. Post-deploy smoke test (health check endpoint)

KV Namespaces

Environment	Namespace ID	Contents
Dev	e9ceb...	API key policies, pricing blob, pricing version, tenant overrides, missing model flags
Prod	b3580...	Same structure as Dev

Each environment has its own isolated KV namespace. Data is never shared between environments.

Key Patterns

Pattern	Example	Purpose
key:{hash}	key:a1b2c3d4...	API key policy (HMAC hash lookup)
pricing:blob	—	Full pricing data blob
pricing:version	—	Current pricing version number
pricing:tenant:{tid}	pricing:tenant:t_abc123	Tenant pricing overrides
missing:{provider}:{model}	missing:openai:gpt-5-turbo	Flagged missing model (written once)

Queues

Queue	Environment	Producer	Consumer
usage-events-dev	Dev	Proxy (dev)	Usage Consumer (dev)
usage-events-prod	Prod	Proxy (prod)	Usage Consumer (prod)
denial-events-dev	Dev	Proxy (dev)	Denial Consumer (dev)
denial-events-prod	Prod	Proxy (prod)	Denial Consumer (prod)

Queue settings (max batch size, max retries, visibility timeout) are configured in each worker's wrangler.toml.

Shared Resources

Some resources are shared across environments:

Resource	Details
ClickHouse	Single database. Events are tagged with env field (dev or prod).
Azure SQL	Single database. Tenant/key/pricing data shared (management plane does not differentiate by environment).
Azure Functions	CloudflarePricingSync, BudgetAlertEvaluator, ExchangeRateSync — each targets the appropriate KV namespace based on configuration.