Productionisation case study

From Replit prototype to production-ready deployment.

A working operational application needed a secure deployment model across customer environments, with clear controls around identity, APIs, SAP, SQL Server, CI/CD, secrets, and auditability.

01
Prototype origin
Replit-built operational app
02
Production target
Per-customer isolated environments
03
Core outcome
Controlled architecture and deployment path
04
Delivery context
Bitbucket and Jenkins aligned
Architecture visual showing prototype, API controls, CI/CD, and isolated production customer environments

The application worked. The question was whether it could operate safely.

The customer had built a useful application in Replit. It solved a real operational problem and had enough value to justify moving beyond experimentation.

The production challenge was larger than hosting. The application needed to run across customer-specific environments, connect to internal business systems, fit existing CI/CD processes, and give IT a clear way to review security, data access, and operational ownership.

Application shape

Angular SPA, Node.js and TypeScript API, customer-side runtime, and integration with internal systems.

Systems involved

SAP B1if, SAP Business One Service Layer, SQL Server reporting, WR1 Classic, and OpenAI API services.

Delivery environment

Bitbucket for source control, Jenkins for CI/CD, and per-customer isolated deployment requirements.

The production challenge

The core risks were architectural and operational. The application needed clear boundaries before it could be deployed with confidence.

Where should the API run?
How should each customer environment be isolated?
How should users authenticate?
Which systems should remain internal?
How should SAP and SQL Server be accessed safely?
How should secrets be injected at runtime?
How should Bitbucket and Jenkins support repeatable deployment?
What audit trail was needed for support and accountability?
Client tierAngular SPA on static host or CDN
Identity tierKeycloak as OIDC and SAML broker
API tierNode.js and TypeScript inside the customer network perimeter
Backend systemsSAP, SQL Server reporting, and legacy APIs
External servicesOpenAI API for smart intake and drafting
Secret managementRuntime injection through key vault or equivalent

The production architecture

The final model separated browser, identity, API, internal systems, external AI services, and secrets into distinct operational tiers.

  • Frontend authentication through Keycloak
  • JWT bearer tokens for API requests
  • Token validation through the Keycloak JWKS endpoint
  • API tier inside the customer network perimeter
  • Controlled proxy access to SAP, SQL Server, and legacy services
  • Audit logging to support traceability
  • Runtime injection for secrets and connection strings
  • CI/CD alignment with Jenkins and Bitbucket

What changed

The application moved from a useful prototype into a deployment model that IT, security, delivery, and customer teams could review.

Clear boundaries

The browser no longer needed direct access to SAP, SQL Server, or internal legacy services.

Customer isolation

Each customer deployment had its own environment and API runtime inside the relevant network perimeter.

Operational controls

Authentication, token validation, secret handling, and audit logging became explicit parts of the architecture.

Delivery discipline

Bitbucket and Jenkins were treated as part of the production path, not an afterthought.

From prototype reality to production reality.

Prototype realityProduction reality
A useful Replit-built applicationAn engineering asset with a reviewable deployment model
Direct integration needs across SAP and SQL ServerControlled backend access through the API tier
Per-customer deployment complexityIsolated customer environments with consistent architecture
Credentials and connection details required at runtimeSecrets injected through key vault or equivalent controls
Existing Bitbucket and Jenkins processesCI/CD incorporated into the production plan
Useful prototypes deserve
production discipline.
Evidence before rebuild
Control before scale
Clear path from prototype to production
Book a 30-minute fit call