Deploying AI Agents to the Cloud - Part 1: Preparing Your Project for Production
By AgentForge Hub8/14/202524 min read
Intermediate
π Deploying AI Agents to the Cloud
Part 1 of 5
Series Progress20% Complete
View All Parts in This Series
Ad Space
Deploying AI Agents to the Cloud - Part 1: Preparing Your Project for Production
Moving from development to production is one of the most critical phases in any AI agent project. While your agent might work perfectly on your local machine, production environments present unique challenges: security vulnerabilities, scalability issues, monitoring requirements, and configuration management complexities.
In this comprehensive guide, you'll learn how to transform your development-ready AI agent into a production-grade application that's secure, scalable, and maintainable.
What You'll Learn in This Tutorial
By the end of this tutorial, you'll have:
- β Production-ready codebase with proper error handling and logging
- β Secure configuration management using environment variables
- β Comprehensive monitoring and observability setup
- β Security hardening measures implemented
- β Performance optimization techniques applied
- β Deployment checklist for quality assurance
Estimated Time: 35-40 minutes
Understanding Production vs Development
Before diving into the specifics, let's understand why preparing for production is crucial:
Development Environment Characteristics:
- Forgiving: Errors might not break everything
- Accessible: Direct access to logs and debugging tools
- Flexible: Easy to make changes and restart services
- Insecure: Often uses hardcoded secrets and minimal validation
Production Environment Characteristics:
- Unforgiving: A single error can crash your entire service
- Remote: Limited access to debugging information
- Stable: Changes require careful planning and rollback strategies
- Secure: Must protect user data and prevent unauthorized access
Step 1: Code Quality and Cleanup
The first step in production preparation is ensuring your code is clean, maintainable, and follows best practices.
Understanding Code Quality Impact
Poor code quality in production leads to:
- Runtime errors that crash your agent
- Security vulnerabilities from unvalidated inputs
- Performance issues from inefficient algorithms
- Maintenance nightmares when you need to fix bugs
1.1 Remove Development Artifacts
Let's start by cleaning up development-specific code that shouldn't exist in production:
// BEFORE: Development code with debug statements
class AIAgent {
async processMessage(message) {
console.log("DEBUG: Processing message:", message); // Remove this
debugger; // Remove this
// TODO: Implement better error handling // Fix this
const response = await this.openai.chat.completions.create({
model: "gpt-4",
messages: [{ role: "user", content: message }],
temperature: 0.7
});
console.log("Raw response:", response); // Remove this
return response.choices[0].message.content;
}
}
// AFTER: Production-ready code
class AIAgent {
constructor(config, logger) {
this.config = config;
this.logger = logger;
this.openai = new OpenAI({ apiKey: config.openaiApiKey });
}
async processMessage(message) {
// Input validation - critical for production
if (!message || typeof message !== 'string') {
throw new Error('Invalid message format');
}
// Rate limiting check
await this.checkRateLimit();
try {
this.logger.info('Processing user message', {
messageLength: message.length
});
const response = await this.openai.chat.completions.create({
model: this.config.model,
messages: [{ role: "user", content: message }],
temperature: this.config.temperature,
max_tokens: this.config.maxTokens
});
this.logger.info('Message processed successfully');
return response.choices[0].message.content;
} catch (error) {
this.logger.error('Failed to process message', {
error: error.message,
messageLength: message.length
});
throw new Error('Failed to process your request. Please try again.');
}
}
async checkRateLimit() {
// Implementation depends on your rate limiting strategy
// This is crucial for production to prevent API abuse
}
}
Why These Changes Matter:
- Input Validation: Prevents crashes from malformed data
- Structured Logging: Enables debugging without console.log spam
- Error Handling: Provides user-friendly error messages
- Configuration: Makes the agent configurable without code changes
- Rate Limiting: Prevents API quota exhaustion
1.2 Implement Comprehensive Error Handling
Production systems need robust error handling that doesn't expose sensitive information:
// Enhanced error handling for production
class ProductionErrorHandler {
constructor(logger) {
this.logger = logger;
}
handleAPIError(error, context = {}) {
// Log detailed error information for debugging
this.logger.error('API Error occurred', {
message: error.message,
stack: error.stack,
context: context,
timestamp: new Date().toISOString()
});
// Return user-friendly error messages
if (error.status === 429) {
return 'I'm currently experiencing high demand. Please try again in a moment.';
}
if (error.status === 401) {
return 'Authentication error. Please contact support.';
}
if (error.status >= 500) {
return 'I\'m experiencing technical difficulties. Please try again later.';
}
// Generic fallback
return 'I encountered an unexpected error. Please try again.';
}
handleValidationError(error) {
this.logger.warn('Validation error', { error: error.message });
return 'Please check your input and try again.';
}
}
1.3 Code Linting and Formatting
Set up automated code quality tools:
// package.json - Add these scripts and dependencies
{
"scripts": {
"lint": "eslint src/",
"lint:fix": "eslint src/ --fix",
"format": "prettier --write src/",
"type-check": "tsc --noEmit",
"test": "jest",
"test:production": "NODE_ENV=production jest --coverage"
},
"devDependencies": {
"eslint": "^8.0.0",
"prettier": "^3.0.0",
"typescript": "^5.0.0",
"jest": "^29.0.0",
"@types/node": "^20.0.0"
}
}
// .eslintrc.js - Production-focused linting rules
module.exports = {
extends: ['eslint:recommended', '@typescript-eslint/recommended'],
rules: {
// Prevent common production issues
'no-console': 'error', // Force use of proper logging
'no-debugger': 'error', // Remove debugger statements
'no-unused-vars': 'error', // Clean up unused code
'prefer-const': 'error', // Prevent accidental mutations
// Security-focused rules
'no-eval': 'error', // Prevent code injection
'no-implied-eval': 'error',
'no-new-func': 'error',
// Performance rules
'no-await-in-loop': 'warn', // Suggest Promise.all for parallel processing
}
};
Step 2: Environment Configuration Management
Proper configuration management is crucial for production deployment security and flexibility.
Understanding Configuration Security
Why Environment Variables Matter:
- Security: Keep secrets out of your codebase
- Flexibility: Different settings for different environments
- Scalability: Easy to change without redeploying code
- Compliance: Meet security audit requirements
2.1 Comprehensive Environment Setup
Create a robust configuration system:
// config/environment.ts - Type-safe configuration management
interface AppConfig {
// Server Configuration
port: number;
nodeEnv: 'development' | 'staging' | 'production';
// AI Service Configuration
openai: {
apiKey: string;
model: string;
temperature: number;
maxTokens: number;
timeout: number;
};
// Database Configuration (if applicable)
database?: {
url: string;
maxConnections: number;
timeout: number;
};
// Logging Configuration
logging: {
level: 'debug' | 'info' | 'warn' | 'error';
format: 'json' | 'simple';
destination: 'console' | 'file' | 'both';
};
// Security Configuration
security: {
rateLimitWindow: number;
rateLimitMax: number;
corsOrigins: string[];
requireAuth: boolean;
};
// Monitoring Configuration
monitoring: {
enabled: boolean;
endpoint?: string;
apiKey?: string;
sampleRate: number;
};
}
export function loadConfig(): AppConfig {
// Validate required environment variables
const requiredVars = [
'OPENAI_API_KEY',
'NODE_ENV'
];
const missing = requiredVars.filter(name => !process.env[name]);
if (missing.length > 0) {
throw new Error(`Missing required environment variables: ${missing.join(', ')}`);
}
const config: AppConfig = {
port: parseInt(process.env.PORT || '3000', 10),
nodeEnv: process.env.NODE_ENV as AppConfig['nodeEnv'],
openai: {
apiKey: process.env.OPENAI_API_KEY!,
model: process.env.OPENAI_MODEL || 'gpt-4',
temperature: parseFloat(process.env.OPENAI_TEMPERATURE || '0.7'),
maxTokens: parseInt(process.env.OPENAI_MAX_TOKENS || '1000', 10),
timeout: parseInt(process.env.OPENAI_TIMEOUT || '30000', 10)
},
logging: {
level: (process.env.LOG_LEVEL as AppConfig['logging']['level']) || 'info',
format: (process.env.LOG_FORMAT as AppConfig['logging']['format']) || 'json',
destination: (process.env.LOG_DESTINATION as AppConfig['logging']['destination']) || 'console'
},
security: {
rateLimitWindow: parseInt(process.env.RATE_LIMIT_WINDOW || '900000', 10), // 15 minutes
rateLimitMax: parseInt(process.env.RATE_LIMIT_MAX || '100', 10),
corsOrigins: (process.env.CORS_ORIGINS || '').split(',').filter(Boolean),
requireAuth: process.env.REQUIRE_AUTH === 'true'
},
monitoring: {
enabled: process.env.MONITORING_ENABLED === 'true',
endpoint: process.env.MONITORING_ENDPOINT,
apiKey: process.env.MONITORING_API_KEY,
sampleRate: parseFloat(process.env.MONITORING_SAMPLE_RATE || '1.0')
}
};
// Validate configuration
validateConfig(config);
return config;
}
function validateConfig(config: AppConfig): void {
// Validate port range
if (config.port < 1 || config.port > 65535) {
throw new Error('Port must be between 1 and 65535');
}
// Validate OpenAI configuration
if (!config.openai.apiKey.startsWith('sk-')) {
throw new Error('Invalid OpenAI API key format');
}
if (config.openai.temperature < 0 || config.openai.temperature > 2) {
throw new Error('OpenAI temperature must be between 0 and 2');
}
// Validate security settings for production
if (config.nodeEnv === 'production') {
if (config.security.corsOrigins.length === 0) {
console.warn('WARNING: No CORS origins specified for production');
}
if (!config.security.requireAuth) {
console.warn('WARNING: Authentication disabled in production');
}
}
}
2.2 Environment File Templates
Create environment file templates for different deployment scenarios:
# .env.example - Template for development
# Copy this to .env and fill in your values
# Server Configuration
PORT=3000
NODE_ENV=development
# OpenAI Configuration
OPENAI_API_KEY=sk-your-api-key-here
OPENAI_MODEL=gpt-4
OPENAI_TEMPERATURE=0.7
OPENAI_MAX_TOKENS=1000
OPENAI_TIMEOUT=30000
# Logging Configuration
LOG_LEVEL=info
LOG_FORMAT=simple
LOG_DESTINATION=console
# Security Configuration
RATE_LIMIT_WINDOW=900000
RATE_LIMIT_MAX=100
CORS_ORIGINS=http://localhost:3000,http://localhost:3001
REQUIRE_AUTH=false
# Monitoring Configuration (optional)
MONITORING_ENABLED=false
# MONITORING_ENDPOINT=https://your-monitoring-service.com/api
# MONITORING_API_KEY=your-monitoring-api-key
MONITORING_SAMPLE_RATE=1.0
# .env.production - Template for production deployment
# These should be set in your cloud provider's environment variable settings
NODE_ENV=production
PORT=3000
# OpenAI Configuration - Set these in your cloud provider
OPENAI_API_KEY=
OPENAI_MODEL=gpt-4
OPENAI_TEMPERATURE=0.7
OPENAI_MAX_TOKENS=1000
OPENAI_TIMEOUT=30000
# Production Logging
LOG_LEVEL=warn
LOG_FORMAT=json
LOG_DESTINATION=console
# Production Security
RATE_LIMIT_WINDOW=900000
RATE_LIMIT_MAX=50
CORS_ORIGINS=https://yourdomain.com
REQUIRE_AUTH=true
# Production Monitoring
MONITORING_ENABLED=true
MONITORING_ENDPOINT=
MONITORING_API_KEY=
MONITORING_SAMPLE_RATE=0.1
Step 3: Production-Grade Logging and Monitoring
Proper logging and monitoring are essential for maintaining production AI agents.
Understanding Production Logging Needs
Why Structured Logging Matters:
- Debugging: Quickly identify issues in production
- Performance: Monitor response times and resource usage
- Security: Track suspicious activities and attacks
- Business Intelligence: Understand user behavior patterns
3.1 Implement Structured Logging
// logging/logger.ts - Production-grade logging system
import winston from 'winston';
import { AppConfig } from '../config/environment';
interface LogContext {
userId?: string;
sessionId?: string;
requestId?: string;
action?: string;
duration?: number;
[key: string]: any;
}
class ProductionLogger {
private logger: winston.Logger;
constructor(config: AppConfig['logging']) {
// Configure Winston for production use
this.logger = winston.createLogger({
level: config.level,
format: this.createFormat(config.format),
transports: this.createTransports(config.destination),
// Important: Don't exit on handled exceptions in production
exitOnError: false,
// Handle uncaught exceptions
handleExceptions: true,
handleRejections: true
});
}
private createFormat(format: 'json' | 'simple') {
const baseFormat = winston.format.combine(
winston.format.timestamp(),
winston.format.errors({ stack: true })
);
if (format === 'json') {
return winston.format.combine(
baseFormat,
winston.format.json()
);
}
return winston.format.combine(
baseFormat,
winston.format.colorize(),
winston.format.simple()
);
}
private createTransports(destination: 'console' | 'file' | 'both') {
const transports: winston.transport[] = [];
if (destination === 'console' || destination === 'both') {
transports.push(new winston.transports.Console());
}
if (destination === 'file' || destination === 'both') {
// Rotate log files to prevent disk space issues
transports.push(
new winston.transports.File({
filename: 'logs/error.log',
level: 'error',
maxsize: 5242880, // 5MB
maxFiles: 5
}),
new winston.transports.File({
filename: 'logs/combined.log',
maxsize: 5242880, // 5MB
maxFiles: 5
})
);
}
return transports;
}
// Structured logging methods
info(message: string, context: LogContext = {}) {
this.logger.info(message, context);
}
warn(message: string, context: LogContext = {}) {
this.logger.warn(message, context);
}
error(message: string, context: LogContext = {}) {
this.logger.error(message, context);
}
debug(message: string, context: LogContext = {}) {
this.logger.debug(message, context);
}
// Specialized logging methods for AI agents
logAPICall(provider: string, model: string, tokens: number, duration: number, context: LogContext = {}) {
this.info('API call completed', {
...context,
provider,
model,
tokens,
duration,
type: 'api_call'
});
}
logUserInteraction(action: string, success: boolean, duration: number, context: LogContext = {}) {
this.info('User interaction', {
...context,
action,
success,
duration,
type: 'user_interaction'
});
}
logSecurityEvent(event: string, severity: 'low' | 'medium' | 'high', context: LogContext = {}) {
this.warn('Security event', {
...context,
event,
severity,
type: 'security_event'
});
}
}
export { ProductionLogger, LogContext };
3.2 Request Tracking and Correlation
Implement request correlation IDs for debugging complex interactions:
// middleware/requestTracking.ts
import { Request, Response, NextFunction } from 'express';
import { v4 as uuidv4 } from 'uuid';
import { ProductionLogger } from '../logging/logger';
interface TrackedRequest extends Request {
requestId: string;
startTime: number;
}
export function requestTrackingMiddleware(logger: ProductionLogger) {
return (req: Request, res: Response, next: NextFunction) => {
// Add unique request ID for tracking
const trackedReq = req as TrackedRequest;
trackedReq.requestId = uuidv4();
trackedReq.startTime = Date.now();
// Add request ID to response headers for debugging
res.setHeader('X-Request-ID', trackedReq.requestId);
// Log incoming request
logger.info('Incoming request', {
requestId: trackedReq.requestId,
method: req.method,
url: req.url,
userAgent: req.get('User-Agent'),
ip: req.ip
});
// Log response when finished
res.on('finish', () => {
const duration = Date.now() - trackedReq.startTime;
logger.info('Request completed', {
requestId: trackedReq.requestId,
method: req.method,
url: req.url,
statusCode: res.statusCode,
duration
});
});
next();
};
}
Step 4: Security Hardening
Security is paramount when deploying AI agents to production.
Understanding AI Agent Security Risks
Common Security Vulnerabilities:
- Prompt Injection: Malicious prompts that manipulate AI behavior
- Data Leakage: AI accidentally revealing sensitive information
- API Abuse: Unauthorized access to your AI services
- Input Validation: Malformed inputs causing crashes
4.1 Input Validation and Sanitization
// security/inputValidator.ts
import Joi from 'joi';
import DOMPurify from 'isomorphic-dompurify';
interface ValidationRule {
schema: Joi.Schema;
sanitize?: boolean;
}
class InputValidator {
private static readonly schemas = {
chatMessage: Joi.object({
message: Joi.string()
.min(1)
.max(4000) // Prevent extremely long messages
.required()
.pattern(/^[^<>{}]*$/) // Basic XSS prevention
}),
userQuery: Joi.object({
query: Joi.string()
.min(1)
.max(1000)
.required(),
context: Joi.string()
.max(2000)
.optional()
})
};
static validateChatMessage(input: any): { message: string } {
const { error, value } = this.schemas.chatMessage.validate(input);
if (error) {
throw new Error(`Invalid chat message: ${error.details[0].message}`);
}
// Sanitize HTML content
return {
message: DOMPurify.sanitize(value.message)
};
}
static validateUserQuery(input: any): { query: string; context?: string } {
const { error, value } = this.schemas.userQuery.validate(input);
if (error) {
throw new Error(`Invalid user query: ${error.details[0].message}`);
}
return {
query: DOMPurify.sanitize(value.query),
context: value.context ? DOMPurify.sanitize(value.context) : undefined
};
}
// Check for potential prompt injection attempts
static checkPromptInjection(message: string): boolean {
const suspiciousPatterns = [
/ignore\s+previous\s+instructions/i,
/system\s*:\s*/i,
/assistant\s*:\s*/i,
/\[INST\]/i,
/\[\/INST\]/i,
/<\|im_start\|>/i,
/<\|im_end\|>/i
];
return suspiciousPatterns.some(pattern => pattern.test(message));
}
}
export { InputValidator };
4.2 Rate Limiting and DDoS Protection
// security/rateLimiter.ts
import rateLimit from 'express-rate-limit';
import RedisStore from 'rate-limit-redis';
import Redis from 'ioredis';
import { AppConfig } from '../config/environment';
import { ProductionLogger } from '../logging/logger';
class RateLimitManager {
private redis?: Redis;
private logger: ProductionLogger;
constructor(config: AppConfig, logger: ProductionLogger) {
this.logger = logger;
// Use Redis for distributed rate limiting in production
if (process.env.REDIS_URL) {
this.redis = new Redis(process.env.REDIS_URL);
}
}
createGeneralLimiter(config: AppConfig['security']) {
return rateLimit({
windowMs: config.rateLimitWindow,
max: config.rateLimitMax,
// Use Redis store for distributed systems
store: this.redis ? new RedisStore({
sendCommand: (...args: string[]) => this.redis!.call(...args),
}) : undefined,
message: {
error: 'Too many requests, please try again later.',
retryAfter: Math.ceil(config.rateLimitWindow / 1000)
},
// Custom key generator for more sophisticated limiting
keyGenerator: (req) => {
return req.ip + ':' + (req.get('User-Agent') || '');
},
// Skip successful responses to allow regular usage
skipSuccessfulRequests: false,
skipFailedRequests: false,
// Custom handler for rate limit exceeded
handler: (req, res) => {
this.logger.logSecurityEvent('Rate limit exceeded', 'medium', {
ip: req.ip,
userAgent: req.get('User-Agent')
});
res.status(429).json({
error: 'Too many requests',
message: 'Please wait before making another request',
retryAfter: Math.ceil(config.rateLimitWindow / 1000)
});
}
});
}
// Stricter rate limiting for AI API calls (more expensive)
createAILimiter() {
return rateLimit({
windowMs: 60 * 1000, // 1 minute
max: 10, // 10 AI calls per minute per IP
store: this.redis ? new RedisStore({
sendCommand: (...args: string[]) => this.redis!.call(...args),
}) : undefined,
message: {
error: 'AI service rate limit exceeded',
message: 'Please wait before making another AI request'
},
handler: (req, res) => {
this.logger.logSecurityEvent('AI rate limit exceeded', 'high', {
ip: req.ip,
userAgent: req.get('User-Agent')
});
res.status(429).json({
error: 'AI service temporarily unavailable',
message: 'Please try again in a minute'
});
}
});
}
}
export { RateLimitManager };
Step 5: Performance Optimization
Optimize your AI agent for production performance and cost efficiency.
Understanding Performance Bottlenecks
Common Performance Issues:
- API Latency: Slow responses from AI services
- Memory Leaks: Unbounded memory growth over time
- CPU Usage: Inefficient processing algorithms
- Database Queries: Slow or excessive database operations
5.1 Response Caching Strategy
// performance/cacheManager.ts
import NodeCache from 'node-cache';
import crypto from 'crypto';
import { ProductionLogger } from '../logging/logger';
interface CacheOptions {
ttl: number; // Time to live in seconds
maxKeys: number; // Maximum number of cached items
}
class ResponseCacheManager {
private cache: NodeCache;
private logger: ProductionLogger;
private hitCount = 0;
private missCount = 0;
constructor(options: CacheOptions, logger: ProductionLogger) {
this.logger = logger;
this.cache = new NodeCache({
stdTTL: options.ttl,
maxKeys: options.maxKeys,
useClones: false, // Better performance
deleteOnExpire: true
});
// Log cache statistics periodically
setInterval(() => this.logCacheStats(), 5 * 60 * 1000); // Every 5 minutes
}
generateCacheKey(userMessage: string, model: string, temperature: number): string {
// Create a hash of the input parameters
const input = JSON.stringify({ userMessage, model, temperature });
return crypto.createHash('sha256').update(input).digest('hex');
}
async get(key: string): Promise<string | null> {
const value = this.cache.get<string>(key);
if (value) {
this.hitCount++;
this.logger.debug('Cache hit', { key, hitRate: this.getHitRate() });
return value;
}
this.missCount++;
this.logger.debug('Cache miss', { key, hitRate: this.getHitRate() });
return null;
}
async set(key: string, value: string, ttl?: number): Promise<void> {
this.cache.set(key, value, ttl);
this.logger.debug('Cache set', { key });
}
private getHitRate(): number {
const total = this.hitCount + this.missCount;
return total > 0 ? this.hitCount / total : 0;
}
private logCacheStats(): void {
const stats = this.cache.getStats();
this.logger.info('Cache statistics', {
hits: stats.hits,
misses: stats.misses,
keys: stats.keys,
ksize: stats.ksize,
vsize: stats.vsize,
hitRate: this.getHitRate()
});
}
// Clear cache for maintenance or memory management
clear(): void {
this.cache.flushAll();
this.hitCount = 0;
this.missCount = 0;
this.logger.info('Cache cleared');
}
}
export { ResponseCacheManager };
Why Caching Matters for AI Agents:
- Cost Reduction: AI API calls are expensive - caching identical requests saves money
- Performance: Cached responses are instant vs 1-3 second API calls
- Rate Limiting: Reduces API usage, helping stay within rate limits
- User Experience: Faster responses improve user satisfaction
5.2 Database Connection Pooling
If your agent uses a database, implement connection pooling for better performance:
// database/connectionPool.ts
import { Pool } from 'pg';
import { AppConfig } from '../config/environment';
import { ProductionLogger } from '../logging/logger';
class DatabaseManager {
private pool: Pool;
private logger: ProductionLogger;
constructor(config: AppConfig['database'], logger: ProductionLogger) {
this.logger = logger;
if (!config) {
throw new Error('Database configuration is required');
}
this.pool = new Pool({
connectionString: config.url,
max: config.maxConnections,
idleTimeoutMillis: 30000,
connectionTimeoutMillis: config.timeout,
// Production-specific settings
ssl: process.env.NODE_ENV === 'production' ? { rejectUnauthorized: false } : false,
// Connection health checks
keepAlive: true,
keepAliveInitialDelayMillis: 10000,
});
// Monitor connection pool health
this.setupPoolMonitoring();
}
private setupPoolMonitoring(): void {
this.pool.on('connect', (client) => {
this.logger.debug('New database client connected');
});
this.pool.on('error', (err, client) => {
this.logger.error('Database pool error', { error: err.message });
});
// Log pool statistics periodically
setInterval(() => {
this.logger.info('Database pool statistics', {
totalCount: this.pool.totalCount,
idleCount: this.pool.idleCount,
waitingCount: this.pool.waitingCount
});
}, 5 * 60 * 1000); // Every 5 minutes
}
async query(text: string, params?: any[]): Promise<any> {
const start = Date.now();
try {
const result = await this.pool.query(text, params);
const duration = Date.now() - start;
this.logger.debug('Database query executed', {
duration,
rowCount: result.rowCount
});
return result;
} catch (error) {
const duration = Date.now() - start;
this.logger.error('Database query failed', {
error: error.message,
duration,
query: text
});
throw error;
}
}
async close(): Promise<void> {
await this.pool.end();
this.logger.info('Database pool closed');
}
}
export { DatabaseManager };
Step 6: Health Checks and Monitoring
Implement comprehensive health checks for production monitoring.
Understanding Health Check Importance
Why Health Checks Matter:
- Load Balancer Integration: Cloud providers use health checks to route traffic
- Auto-scaling: Triggers scaling based on application health
- Alerting: Immediate notification when services fail
- Debugging: Quick identification of which components are failing
6.1 Comprehensive Health Check System
// health/healthChecker.ts
import { Request, Response } from 'express';
import { AppConfig } from '../config/environment';
import { ProductionLogger } from '../logging/logger';
import { DatabaseManager } from '../database/connectionPool';
interface HealthCheck {
name: string;
status: 'healthy' | 'unhealthy' | 'degraded';
message?: string;
lastChecked: string;
responseTime?: number;
}
interface HealthReport {
overall: 'healthy' | 'unhealthy' | 'degraded';
timestamp: string;
uptime: number;
version: string;
checks: HealthCheck[];
}
class HealthChecker {
private config: AppConfig;
private logger: ProductionLogger;
private database?: DatabaseManager;
private startTime: number;
constructor(config: AppConfig, logger: ProductionLogger, database?: DatabaseManager) {
this.config = config;
this.logger = logger;
this.database = database;
this.startTime = Date.now();
}
async performHealthCheck(): Promise<HealthReport> {
const checks: HealthCheck[] = [];
// Check database connectivity
if (this.database) {
checks.push(await this.checkDatabase());
}
// Check OpenAI API connectivity
checks.push(await this.checkOpenAI());
// Check memory usage
checks.push(this.checkMemoryUsage());
// Check disk space
checks.push(await this.checkDiskSpace());
// Determine overall health
const overall = this.determineOverallHealth(checks);
const report: HealthReport = {
overall,
timestamp: new Date().toISOString(),
uptime: Date.now() - this.startTime,
version: process.env.npm_package_version || '1.0.0',
checks
};
// Log health check results
this.logger.info('Health check completed', {
overall,
checksCount: checks.length,
healthyCount: checks.filter(c => c.status === 'healthy').length
});
return report;
}
private async checkDatabase(): Promise<HealthCheck> {
const start = Date.now();
try {
await this.database!.query('SELECT 1');
return {
name: 'database',
status: 'healthy',
message: 'Database connection successful',
lastChecked: new Date().toISOString(),
responseTime: Date.now() - start
};
} catch (error) {
return {
name: 'database',
status: 'unhealthy',
message: `Database connection failed: ${error.message}`,
lastChecked: new Date().toISOString(),
responseTime: Date.now() - start
};
}
}
private async checkOpenAI(): Promise<HealthCheck> {
const start = Date.now();
try {
// Make a minimal API call to test connectivity
const response = await fetch('https://api.openai.com/v1/models', {
method: 'GET',
headers: {
'Authorization': `Bearer ${this.config.openai.apiKey}`,
'Content-Type': 'application/json'
},
timeout: 5000
});
if (response.ok) {
return {
name: 'openai',
status: 'healthy',
message: 'OpenAI API accessible',
lastChecked: new Date().toISOString(),
responseTime: Date.now() - start
};
} else {
return {
name: 'openai',
status: 'unhealthy',
message: `OpenAI API returned ${response.status}`,
lastChecked: new Date().toISOString(),
responseTime: Date.now() - start
};
}
} catch (error) {
return {
name: 'openai',
status: 'unhealthy',
message: `OpenAI API unreachable: ${error.message}`,
lastChecked: new Date().toISOString(),
responseTime: Date.now() - start
};
}
}
private checkMemoryUsage(): HealthCheck {
const memUsage = process.memoryUsage();
const totalMem = memUsage.heapTotal;
const usedMem = memUsage.heapUsed;
const memoryUsagePercent = (usedMem / totalMem) * 100;
let status: 'healthy' | 'degraded' | 'unhealthy' = 'healthy';
let message = `Memory usage: ${memoryUsagePercent.toFixed(2)}%`;
if (memoryUsagePercent > 90) {
status = 'unhealthy';
message += ' - Critical memory usage';
} else if (memoryUsagePercent > 70) {
status = 'degraded';
message += ' - High memory usage';
}
return {
name: 'memory',
status,
message,
lastChecked: new Date().toISOString()
};
}
private async checkDiskSpace(): Promise<HealthCheck> {
try {
const fs = require('fs').promises;
const stats = await fs.statfs('.');
const totalSpace = stats.bavail * stats.bsize;
const freeSpacePercent = (stats.bavail / stats.blocks) * 100;
let status: 'healthy' | 'degraded' | 'unhealthy' = 'healthy';
let message = `Free disk space: ${freeSpacePercent.toFixed(2)}%`;
if (freeSpacePercent < 5) {
status = 'unhealthy';
message += ' - Critical disk space';
} else if (freeSpacePercent < 15) {
status = 'degraded';
message += ' - Low disk space';
}
return {
name: 'disk',
status,
message,
lastChecked: new Date().toISOString()
};
} catch (error) {
return {
name: 'disk',
status: 'unhealthy',
message: `Unable to check disk space: ${error.message}`,
lastChecked: new Date().toISOString()
};
}
}
private determineOverallHealth(checks: HealthCheck[]): 'healthy' | 'degraded' | 'unhealthy' {
const unhealthyCount = checks.filter(c => c.status === 'unhealthy').length;
const degradedCount = checks.filter(c => c.status === 'degraded').length;
if (unhealthyCount > 0) {
return 'unhealthy';
} else if (degradedCount > 0) {
return 'degraded';
} else {
return 'healthy';
}
}
// Express middleware for health check endpoint
getHealthCheckHandler() {
return async (req: Request, res: Response) => {
try {
const healthReport = await this.performHealthCheck();
// Set appropriate HTTP status code
let statusCode = 200;
if (healthReport.overall === 'degraded') {
statusCode = 200; // Still functional
} else if (healthReport.overall === 'unhealthy') {
statusCode = 503; // Service unavailable
}
res.status(statusCode).json(healthReport);
} catch (error) {
this.logger.error('Health check failed', { error: error.message });
res.status(500).json({
overall: 'unhealthy',
timestamp: new Date().toISOString(),
error: 'Health check system failure'
});
}
};
}
}
export { HealthChecker, HealthReport };
Step 7: Production Deployment Checklist
Before deploying to production, ensure you've completed all critical steps.
Pre-Deployment Checklist
## Security Checklist
- [ ] All API keys stored in environment variables
- [ ] Input validation implemented for all user inputs
- [ ] Rate limiting configured appropriately
- [ ] CORS settings configured for production domains
- [ ] No hardcoded secrets in codebase
- [ ] Security headers implemented (HTTPS, CSP, etc.)
- [ ] Prompt injection protection in place
## Performance Checklist
- [ ] Response caching implemented where appropriate
- [ ] Database connection pooling configured
- [ ] Memory usage optimized and monitored
- [ ] API timeout settings configured
- [ ] Compression enabled for HTTP responses
- [ ] Static assets optimized and CDN-ready
## Monitoring Checklist
- [ ] Structured logging implemented with appropriate levels
- [ ] Health check endpoints configured
- [ ] Error tracking service integrated
- [ ] Performance monitoring set up
- [ ] Alert thresholds configured
- [ ] Log aggregation service configured
## Reliability Checklist
- [ ] Graceful error handling for all external API calls
- [ ] Circuit breaker pattern implemented for critical services
- [ ] Retry logic with exponential backoff
- [ ] Graceful shutdown handling
- [ ] Database migrations tested
- [ ] Backup and recovery procedures documented
## Documentation Checklist
- [ ] API documentation up to date
- [ ] Environment variable documentation complete
- [ ] Deployment procedures documented
- [ ] Troubleshooting guide created
- [ ] Performance baseline established
- [ ] Security incident response plan documented
Final Production Configuration Example
// production.ts - Final production setup
import express from 'express';
import helmet from 'helmet';
import compression from 'compression';
import { loadConfig } from './config/environment';
import { ProductionLogger } from './logging/logger';
import { RateLimitManager } from './security/rateLimiter';
import { HealthChecker } from './health/healthChecker';
import { ResponseCacheManager } from './performance/cacheManager';
import { requestTrackingMiddleware } from './middleware/requestTracking';
async function createProductionApp() {
// Load and validate configuration
const config = loadConfig();
// Initialize core services
const logger = new ProductionLogger(config.logging);
const cache = new ResponseCacheManager({ ttl: 300, maxKeys: 1000 }, logger);
const rateLimiter = new RateLimitManager(config, logger);
const healthChecker = new HealthChecker(config, logger);
// Create Express app
const app = express();
// Security middleware
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
imgSrc: ["'self'", "data:", "https:"],
},
},
hsts: {
maxAge: 31536000,
includeSubDomains: true,
preload: true
}
}));
// Performance middleware
app.use(compression());
// Request tracking
app.use(requestTrackingMiddleware(logger));
// Rate limiting
app.use(rateLimiter.createGeneralLimiter(config.security));
app.use('/api/chat', rateLimiter.createAILimiter());
// Health check endpoint
app.get('/health', healthChecker.getHealthCheckHandler());
// Graceful shutdown handling
process.on('SIGTERM', async () => {
logger.info('Received SIGTERM, shutting down gracefully');
// Close server and cleanup resources
server.close(() => {
logger.info('Process terminated');
process.exit(0);
});
});
// Start server
const server = app.listen(config.port, () => {
logger.info(`Production server started`, {
port: config.port,
nodeEnv: config.nodeEnv,
version: process.env.npm_package_version
});
});
return { app, server };
}
// Error handling for unhandled promises and exceptions
process.on('unhandledRejection', (reason, promise) => {
console.error('Unhandled Rejection at:', promise, 'reason:', reason);
process.exit(1);
});
process.on('uncaughtException', (error) => {
console.error('Uncaught Exception thrown:', error);
process.exit(1);
});
export { createProductionApp };
What You've Accomplished
Congratulations! You've successfully prepared your AI agent for production deployment. Your project now includes:
- β Production-ready code with comprehensive error handling
- β Secure configuration management using environment variables
- β Robust logging and monitoring systems
- β Security hardening against common vulnerabilities
- β Performance optimization with caching and connection pooling
- β Health monitoring for operational visibility
- β Deployment checklist for quality assurance
Key Production Features Implemented:
- Input Validation & Security: Protection against prompt injection and malicious inputs
- Rate Limiting: Multi-tier protection against API abuse
- Structured Logging: Comprehensive logging for debugging and monitoring
- Error Handling: User-friendly error messages with detailed logging
- Performance Optimization: Response caching and database connection pooling
- Health Monitoring: Comprehensive health checks for all system components
- Configuration Management: Secure, flexible environment-based configuration
What's Next?
In Part 2: Deploying to Vercel, you'll learn:
- Setting up your project for Vercel deployment
- Configuring environment variables in Vercel
- Setting up custom domains and SSL certificates
- Monitoring and scaling your deployed agent
- Implementing CI/CD workflows
Quick Reference Commands
# Run production build
npm run build
# Run linting and tests
npm run lint
npm run test:production
# Check environment configuration
npm run config:validate
# Start production server locally
NODE_ENV=production npm start
Additional Resources
- Node.js Production Best Practices: nodejs.org/en/docs/guides/nodejs-docker-webapp
- Express.js Security Best Practices: expressjs.com/en/advanced/best-practice-security.html
- Winston Logging Documentation: github.com/winstonjs/winston
- Helmet.js Security: helmetjs.github.io
Ready to deploy your production-ready AI agent to the cloud? Continue to Part 2: Deploying to Vercel to get your agent live on the internet!
Tutorial Navigation
- Part 1: Preparing Your Project for Production (Current)
- Part 2: Deploying to Vercel β
- Part 3: Deploying to AWS β
- Part 4: Deploying to Azure β
- Part 5: Security and Monitoring β
This tutorial is part of our comprehensive AI Agent Deployment series. If you found this helpful, consider subscribing to our newsletter for more in-depth tutorials and AI development insights.
Ad Space
Recommended Tools & Resources
* This section contains affiliate links. We may earn a commission when you purchase through these links at no additional cost to you.
π Featured AI Books
OpenAI API
AI PlatformAccess GPT-4 and other powerful AI models for your agent development.
Pay-per-use
LangChain Plus
FrameworkAdvanced framework for building applications with large language models.
Free + Paid
Pinecone Vector Database
DatabaseHigh-performance vector database for AI applications and semantic search.
Free tier available
AI Agent Development Course
EducationComplete course on building production-ready AI agents from scratch.
$199
π‘ Pro Tip
Start with the free tiers of these tools to experiment, then upgrade as your AI agent projects grow. Most successful developers use a combination of 2-3 core tools rather than trying everything at once.
π Deploying AI Agents to the Cloud
Part 1 of 5
Series Progress20% Complete
View All Parts in This Series
π Join the AgentForge Community
Get weekly insights, tutorials, and the latest AI agent developments delivered to your inbox.
No spam, ever. Unsubscribe at any time.
Loading conversations...