From Replit prototype to production-ready deployment.
A working operational application needed a secure deployment model across customer environments, with clear controls around identity, APIs, SAP, SQL Server, CI/CD, secrets, and auditability.
The application worked. The question was whether it could operate safely.
The customer had built a useful application in Replit. It solved a real operational problem and had enough value to justify moving beyond experimentation.
The production challenge was larger than hosting. The application needed to run across customer-specific environments, connect to internal business systems, fit existing CI/CD processes, and give IT a clear way to review security, data access, and operational ownership.
Application shape
Angular SPA, Node.js and TypeScript API, customer-side runtime, and integration with internal systems.
Systems involved
SAP B1if, SAP Business One Service Layer, SQL Server reporting, WR1 Classic, and OpenAI API services.
Delivery environment
Bitbucket for source control, Jenkins for CI/CD, and per-customer isolated deployment requirements.
The production challenge
The core risks were architectural and operational. The application needed clear boundaries before it could be deployed with confidence.
The production architecture
The final model separated browser, identity, API, internal systems, external AI services, and secrets into distinct operational tiers.
- Frontend authentication through Keycloak
- JWT bearer tokens for API requests
- Token validation through the Keycloak JWKS endpoint
- API tier inside the customer network perimeter
- Controlled proxy access to SAP, SQL Server, and legacy services
- Audit logging to support traceability
- Runtime injection for secrets and connection strings
- CI/CD alignment with Jenkins and Bitbucket
What changed
The application moved from a useful prototype into a deployment model that IT, security, delivery, and customer teams could review.
Clear boundaries
The browser no longer needed direct access to SAP, SQL Server, or internal legacy services.
Customer isolation
Each customer deployment had its own environment and API runtime inside the relevant network perimeter.
Operational controls
Authentication, token validation, secret handling, and audit logging became explicit parts of the architecture.
Delivery discipline
Bitbucket and Jenkins were treated as part of the production path, not an afterthought.
From prototype reality to production reality.
| Prototype reality | Production reality |
|---|---|
| A useful Replit-built application | An engineering asset with a reviewable deployment model |
| Direct integration needs across SAP and SQL Server | Controlled backend access through the API tier |
| Per-customer deployment complexity | Isolated customer environments with consistent architecture |
| Credentials and connection details required at runtime | Secrets injected through key vault or equivalent controls |
| Existing Bitbucket and Jenkins processes | CI/CD incorporated into the production plan |
production discipline.