Add deployment changes for hosting

.env.cloudrun.template

@@ -0,0 +1,62 @@
+# Cloud Run Environment Variables Template
+# Copy this file to .env.cloudrun and fill in the values for Cloud Run deployment
+
+# Google Cloud Project Configuration
+PROJECT_ID=your-gcp-project-id
+REGION=us-central1
+
+# JWT Configuration (REQUIRED - Generate a secure secret)
+JWT_SECRET=your-super-secure-jwt-secret-key-change-this-in-production
+JWT_LIFETIME_SECONDS=3600
+
+# User Registration Settings
+USER_REGISTRATION_ENABLED=true
+EMAIL_VERIFICATION_REQUIRED=false
+
+# Frontend Configuration (will be updated with actual Cloud Run URLs)
+VITE_API_BASE_URL=https://knowledge-assistant-backend-HASH-uc.a.run.app
+VITE_API_TIMEOUT=30000
+VITE_ENABLE_REGISTRATION=true
+
+# CORS Configuration (will be updated with actual Cloud Run URLs)
+CORS_ORIGINS=https://knowledge-assistant-frontend-HASH-uc.a.run.app
+
+# Google Gemini API Configuration (replaces Ollama)
+GEMINI_API_KEY=your-gemini-api-key-here
+GEMINI_MODEL=gemini-1.5-flash
+
+# Database Configuration (Cloud SQL PostgreSQL)
+DATABASE_URL=postgresql+asyncpg://knowledge-assistant-user:PASSWORD@/knowledge-assistant-main-db?host=/cloudsql/PROJECT_ID:REGION:knowledge-assistant-db
+
+# Qdrant Configuration (Cloud Run service)
+QDRANT_HOST=https://knowledge-assistant-qdrant-HASH-uc.a.run.app
+QDRANT_PORT=443
+
+# Python Configuration
+PYTHONUNBUFFERED=1
+PYTHONDONTWRITEBYTECODE=1
+
+# Cloud SQL Instance Connection
+CLOUD_SQL_CONNECTION_NAME=PROJECT_ID:REGION:knowledge-assistant-db
+
+# Service Account Emails
+BACKEND_SERVICE_ACCOUNT=knowledge-assistant-backend-sa@PROJECT_ID.iam.gserviceaccount.com
+QDRANT_SERVICE_ACCOUNT=knowledge-assistant-qdrant-sa@PROJECT_ID.iam.gserviceaccount.com
+
+# Resource Configuration
+BACKEND_MEMORY=1Gi
+BACKEND_CPU=1000m
+FRONTEND_MEMORY=512Mi
+FRONTEND_CPU=1000m
+QDRANT_MEMORY=512Mi
+QDRANT_CPU=1000m
+
+# Scaling Configuration
+MAX_INSTANCES=10
+MIN_INSTANCES=0
+QDRANT_MIN_INSTANCES=1
+
+# Security Configuration
+REQUIRE_AUTHENTICATION=false
+ENABLE_CORS=true
+SECURE_COOKIES=true

.env.example

@@ -13,8 +13,7 @@ EMAIL_VERIFICATION_REQUIRED=false
 
 # External Services
 QDRANT_HOST=qdrant
-OLLAMA_HOST=ollama
-OLLAMA_MODEL=llama3.2:1b
+GEMINI_API_KEY=your-gemini-api-key-here
 
 # CORS Configuration
 CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,http://frontend:8080

.env.production.template

@@ -0,0 +1,32 @@
+# Production Environment Variables Template
+# Copy this file to .env.production and fill in the values
+
+# JWT Configuration (REQUIRED - Generate a secure secret)
+JWT_SECRET=your-super-secure-jwt-secret-key-change-this-in-production
+JWT_LIFETIME_SECONDS=3600
+
+# User Registration Settings
+USER_REGISTRATION_ENABLED=true
+EMAIL_VERIFICATION_REQUIRED=false
+
+# Frontend Configuration
+VITE_API_BASE_URL=http://localhost:8000
+VITE_API_TIMEOUT=30000
+VITE_ENABLE_REGISTRATION=true
+
+# CORS Configuration (adjust for your domain)
+CORS_ORIGINS=http://localhost:3000,https://yourdomain.com
+
+# Gemini API Configuration
+GEMINI_API_KEY=your-gemini-api-key-here
+
+# Database Configuration (SQLite by default)
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+
+# Qdrant Configuration
+QDRANT_HOST=qdrant
+QDRANT_PORT=6333
+
+# Python Configuration
+PYTHONUNBUFFERED=1
+PYTHONDONTWRITEBYTECODE=1

.env.railway.template

@@ -0,0 +1,42 @@
+# Railway Environment Configuration Template
+# Copy this file to .env.railway and fill in the values
+
+# Database Configuration (Railway PostgreSQL)
+# Railway will provide DATABASE_URL automatically if you add PostgreSQL service
+# For SQLite fallback (if PostgreSQL not available):
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+
+# JWT Authentication Configuration
+JWT_SECRET=your-super-secret-jwt-key-change-in-production-minimum-32-chars
+JWT_LIFETIME_SECONDS=3600
+
+# User Registration Settings
+USER_REGISTRATION_ENABLED=true
+EMAIL_VERIFICATION_REQUIRED=false
+
+# External Services Configuration
+# For Railway deployment, these will be internal service URLs
+QDRANT_HOST=qdrant
+QDRANT_PORT=6333
+GEMINI_API_KEY=your-gemini-api-key-here
+
+# CORS Configuration
+# Update with your Railway frontend URL
+CORS_ORIGINS=https://your-frontend-service.railway.app,https://your-domain.com
+
+# Frontend Configuration
+# Update with your Railway backend URL
+VITE_API_BASE_URL=https://your-backend-service.railway.app
+VITE_API_TIMEOUT=30000
+VITE_ENABLE_REGISTRATION=true
+
+# Railway-specific configurations
+PORT=8000
+PYTHONUNBUFFERED=1
+PYTHONDONTWRITEBYTECODE=1
+
+# Optional: External service alternatives for Railway
+# If running services separately, uncomment and configure:
+# QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+# QDRANT_API_KEY=your-qdrant-api-key
+# OPENAI_API_KEY=your-openai-api-key

CLOUDRUN_DEPLOYMENT.md

@@ -0,0 +1,350 @@
+# Google Cloud Run Deployment Guide
+
+This guide provides comprehensive instructions for deploying the Knowledge Assistant RAG application to Google Cloud Run.
+
+## Overview
+
+The Knowledge Assistant application is deployed as three separate Cloud Run services:
+- **Frontend**: React application served by nginx
+- **Backend**: FastAPI application with database and AI integrations
+- **Qdrant**: Vector database for document embeddings
+
+## Prerequisites
+
+### Required Tools
+- [Google Cloud SDK (gcloud)](https://cloud.google.com/sdk/docs/install)
+- [Docker](https://docs.docker.com/get-docker/)
+- [Git](https://git-scm.com/downloads)
+
+### Google Cloud Setup
+1. Create a Google Cloud Project
+2. Enable billing for your project
+3. Install and initialize gcloud CLI:
+   ```bash
+   gcloud init
+   gcloud auth login
+   ```
+
+### API Keys Required
+- **Google Gemini API Key**: Get from [Google AI Studio](https://makersuite.google.com/app/apikey)
+
+## Quick Start
+
+### 1. Clone and Setup
+```bash
+git clone <your-repo-url>
+cd Knowledge_Assistant_RAG
+```
+
+### 2. Create Environment Configuration
+```bash
+# Create environment file
+./scripts/cloudrun-env-setup.sh create
+
+# This will prompt you for:
+# - Google Cloud Project ID
+# - Google Gemini API Key
+```
+
+### 3. Deploy to Cloud Run
+```bash
+# Run the complete deployment
+./deploy-cloudrun.sh
+
+# Or run individual steps:
+./deploy-cloudrun.sh secrets  # Create secrets only
+./deploy-cloudrun.sh build    # Build and push images only
+./deploy-cloudrun.sh deploy   # Deploy services only
+```
+
+### 4. Verify Deployment
+```bash
+# Run health checks
+./scripts/cloudrun-health-check.sh
+
+# Quick check
+./scripts/cloudrun-health-check.sh quick
+```
+
+## Detailed Deployment Steps
+
+### Step 1: Environment Configuration
+
+Create your environment file:
+```bash
+./scripts/cloudrun-env-setup.sh create .env.cloudrun
+```
+
+Review and modify the generated `.env.cloudrun` file as needed:
+```bash
+# Key variables to verify:
+PROJECT_ID=your-gcp-project-id
+GEMINI_API_KEY=your-gemini-api-key
+JWT_SECRET=auto-generated-secure-secret
+```
+
+### Step 2: Google Cloud Setup
+
+The deployment script will automatically:
+- Enable required APIs
+- Create service accounts
+- Set up IAM permissions
+- Create Cloud SQL instance
+- Configure Secret Manager
+
+### Step 3: Build and Deploy
+
+The deployment process includes:
+
+1. **Build Docker Images**
+   - Backend: Multi-stage Python Alpine build
+   - Frontend: Multi-stage Node.js with nginx
+
+2. **Create Cloud Infrastructure**
+   - Cloud SQL PostgreSQL instance (free tier)
+   - Secret Manager for sensitive data
+   - Service accounts with minimal permissions
+
+3. **Deploy Services**
+   - Qdrant vector database
+   - Backend API with database connection
+   - Frontend with proper API configuration
+
+### Step 4: Post-Deployment Configuration
+
+After deployment, update service URLs:
+```bash
+./scripts/cloudrun-env-setup.sh update-urls .env.cloudrun
+```
+
+## Service Configuration
+
+### Resource Limits (Free Tier Optimized)
+
+| Service | Memory | CPU | Min Instances | Max Instances |
+|---------|--------|-----|---------------|---------------|
+| Frontend | 512Mi | 1000m | 0 | 10 |
+| Backend | 1Gi | 1000m | 0 | 10 |
+| Qdrant | 512Mi | 1000m | 1 | 5 |
+
+### Environment Variables
+
+#### Frontend
+- `VITE_API_BASE_URL`: Backend service URL
+- `VITE_API_TIMEOUT`: API request timeout
+- `VITE_ENABLE_REGISTRATION`: Enable user registration
+
+#### Backend
+- `DATABASE_URL`: Cloud SQL connection string (from Secret Manager)
+- `JWT_SECRET`: JWT signing secret (from Secret Manager)
+- `GEMINI_API_KEY`: Google Gemini API key (from Secret Manager)
+- `QDRANT_HOST`: Qdrant service URL
+- `CORS_ORIGINS`: Allowed frontend origins
+
+#### Qdrant
+- `QDRANT__SERVICE__HTTP_PORT`: HTTP port (6333)
+- `QDRANT__SERVICE__GRPC_PORT`: gRPC port (6334)
+
+## Security Configuration
+
+### Service Accounts
+- **Backend Service Account**: Access to Cloud SQL and Secret Manager
+- **Qdrant Service Account**: Basic Cloud Run permissions
+
+### IAM Roles
+- `roles/cloudsql.client`: Cloud SQL access
+- `roles/secretmanager.secretAccessor`: Secret Manager access
+- `roles/run.invoker`: Service-to-service communication
+
+### Secrets Management
+All sensitive data is stored in Google Secret Manager:
+- JWT signing secret
+- Database connection string
+- API keys
+
+## Monitoring and Maintenance
+
+### Health Checks
+```bash
+# Comprehensive health check
+./scripts/cloudrun-health-check.sh comprehensive
+
+# Quick status check
+./scripts/cloudrun-health-check.sh quick
+
+# Check specific service logs
+./scripts/cloudrun-health-check.sh logs knowledge-assistant-backend 100
+```
+
+### Viewing Logs
+```bash
+# Backend logs
+gcloud logging read "resource.type=\"cloud_run_revision\" AND resource.labels.service_name=\"knowledge-assistant-backend\"" --limit=50
+
+# Frontend logs
+gcloud logging read "resource.type=\"cloud_run_revision\" AND resource.labels.service_name=\"knowledge-assistant-frontend\"" --limit=50
+```
+
+### Scaling Configuration
+Services auto-scale based on traffic:
+- **Scale to zero**: When no requests (saves costs)
+- **Auto-scale up**: Based on CPU and memory usage
+- **Max instances**: Prevents runaway costs
+
+## Cost Optimization
+
+### Free Tier Limits
+- **Cloud Run**: 2 million requests/month, 400,000 GB-seconds/month
+- **Cloud SQL**: db-f1-micro instance, 10GB storage
+- **Secret Manager**: 6 active secret versions
+
+### Cost-Saving Features
+- Scale-to-zero for frontend and backend
+- Minimal resource allocation
+- Efficient container images
+- Request-based billing
+
+## Troubleshooting
+
+### Common Issues
+
+#### 1. Build Failures
+```bash
+# Check build logs
+gcloud builds log <BUILD_ID>
+
+# Common fixes:
+# - Increase build timeout
+# - Check Dockerfile syntax
+# - Verify base image availability
+```
+
+#### 2. Service Not Starting
+```bash
+# Check service logs
+gcloud logging read "resource.type=\"cloud_run_revision\" AND resource.labels.service_name=\"SERVICE_NAME\"" --limit=20
+
+# Common fixes:
+# - Check environment variables
+# - Verify secret access
+# - Check resource limits
+```
+
+#### 3. Database Connection Issues
+```bash
+# Test Cloud SQL connection
+gcloud sql connect knowledge-assistant-db --user=knowledge-assistant-user
+
+# Common fixes:
+# - Check service account permissions
+# - Verify Cloud SQL instance is running
+# - Check connection string format
+```
+
+#### 4. Service Communication Issues
+```bash
+# Check CORS configuration
+curl -X OPTIONS -H "Origin: https://your-frontend-url" https://your-backend-url/health
+
+# Common fixes:
+# - Update CORS_ORIGINS environment variable
+# - Check service URLs in frontend configuration
+# - Verify IAM permissions for service-to-service calls
+```
+
+### Debug Commands
+```bash
+# Get service details
+gcloud run services describe SERVICE_NAME --region=us-central1
+
+# Check recent deployments
+gcloud run revisions list --service=SERVICE_NAME --region=us-central1
+
+# View service configuration
+gcloud run services describe SERVICE_NAME --region=us-central1 --format=yaml
+```
+
+## Updating the Application
+
+### Code Updates
+```bash
+# Rebuild and redeploy
+./deploy-cloudrun.sh build
+./deploy-cloudrun.sh deploy
+```
+
+### Configuration Updates
+```bash
+# Update environment variables
+gcloud run services update SERVICE_NAME --region=us-central1 --set-env-vars="KEY=VALUE"
+
+# Update secrets
+./scripts/cloudrun-env-setup.sh create-secrets .env.cloudrun
+```
+
+### Database Migrations
+```bash
+# Connect to Cloud SQL
+gcloud sql connect knowledge-assistant-db --user=knowledge-assistant-user
+
+# Run migrations (if using Alembic)
+# This would be handled automatically by the backend service on startup
+```
+
+## Cleanup
+
+### Remove All Resources
+```bash
+# Delete Cloud Run services
+gcloud run services delete knowledge-assistant-frontend --region=us-central1
+gcloud run services delete knowledge-assistant-backend --region=us-central1
+gcloud run services delete knowledge-assistant-qdrant --region=us-central1
+
+# Delete Cloud SQL instance
+gcloud sql instances delete knowledge-assistant-db
+
+# Delete secrets
+gcloud secrets delete knowledge-assistant-secrets
+
+# Delete service accounts
+gcloud iam service-accounts delete knowledge-assistant-backend-sa@PROJECT_ID.iam.gserviceaccount.com
+gcloud iam service-accounts delete knowledge-assistant-qdrant-sa@PROJECT_ID.iam.gserviceaccount.com
+```
+
+## Support
+
+### Getting Help
+- Check the [troubleshooting section](#troubleshooting) above
+- Review Cloud Run logs for error messages
+- Verify all prerequisites are met
+- Ensure API quotas are not exceeded
+
+### Useful Resources
+- [Google Cloud Run Documentation](https://cloud.google.com/run/docs)
+- [Cloud SQL Documentation](https://cloud.google.com/sql/docs)
+- [Secret Manager Documentation](https://cloud.google.com/secret-manager/docs)
+- [Google Gemini API Documentation](https://ai.google.dev/docs)
+
+## Architecture Diagram
+
+```
+┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
+│   Frontend      │    │    Backend      │    │    Qdrant       │
+│  (Cloud Run)    │────│  (Cloud Run)    │────│  (Cloud Run)    │
+│                 │    │                 │    │                 │
+│ React + nginx   │    │ FastAPI + DB    │    │ Vector Database │
+└─────────────────┘    └─────────────────┘    └─────────────────┘
+                              │
+                              │
+                       ┌─────────────────┐
+                       │   Cloud SQL     │
+                       │  (PostgreSQL)   │
+                       └─────────────────┘
+                              │
+                       ┌─────────────────┐
+                       │ Secret Manager  │
+                       │   (Secrets)     │
+                       └─────────────────┘
+```
+
+This deployment provides a scalable, cost-effective solution for running the Knowledge Assistant RAG application on Google Cloud Platform's free tier.

DEPLOYMENT_AUTOMATION.md

@@ -0,0 +1,297 @@
+# Deployment Automation Scripts
+
+This document describes the deployment automation scripts created for the Knowledge Assistant RAG application.
+
+## Overview
+
+The deployment automation system provides a comprehensive set of tools for deploying, monitoring, and maintaining the Knowledge Assistant RAG application across multiple platforms.
+
+## Scripts
+
+### 1. Master Deployment Script (`deploy.sh`)
+
+The main deployment script that provides an interactive interface for deploying to various platforms.
+
+**Usage:**
+```bash
+./deploy.sh [OPTIONS] [PLATFORM]
+```
+
+**Platforms:**
+- `railway` - Deploy to Railway.app (free tier)
+- `fly` - Deploy to Fly.io (free tier) 
+- `cloudrun` - Deploy to Google Cloud Run
+- `vercel` - Deploy to Vercel (hybrid deployment)
+- `local` - Deploy locally with Docker
+
+**Key Features:**
+- Interactive platform selection
+- Pre-deployment validation
+- Environment configuration checking
+- Automated prerequisite verification
+- Rollback capabilities
+- Dry-run mode for testing
+
+**Examples:**
+```bash
+# Interactive deployment
+./deploy.sh
+
+# Deploy to Railway
+./deploy.sh railway
+
+# Validate prerequisites only
+./deploy.sh --validate-only
+
+# Show deployment plan without executing
+./deploy.sh cloudrun --dry-run
+
+# Deploy only backend services
+./deploy.sh railway --backend-only
+```
+
+### 2. Deployment Utilities (`scripts/deployment-utils.sh`)
+
+A library of common deployment functions and utilities used by other scripts.
+
+**Key Functions:**
+- `generate_jwt_secret()` - Generate secure JWT secrets
+- `wait_for_service()` - Wait for services to become ready
+- `check_service_health()` - Perform health checks
+- `backup_sqlite_database()` - Create database backups
+- `validate_env_file()` - Validate environment configurations
+- `cleanup_docker_images()` - Clean up old Docker images
+
+### 3. Health Check Script (`scripts/health-check.sh`)
+
+Comprehensive health monitoring for all application services.
+
+**Usage:**
+```bash
+./scripts/health-check.sh [OPTIONS]
+```
+
+**Features:**
+- Service health monitoring
+- Database connectivity checks
+- External API validation
+- System resource monitoring
+- Docker container status
+- Detailed health reports
+
+**Examples:**
+```bash
+# Check all services
+./scripts/health-check.sh
+
+# Check specific platform
+./scripts/health-check.sh --platform railway
+
+# Save report to file
+./scripts/health-check.sh --output health-report.txt
+
+# Skip external API checks
+./scripts/health-check.sh --no-external
+```
+
+### 4. Deployment Validation (`scripts/validate-deployment.sh`)
+
+End-to-end functional testing of deployed applications.
+
+**Usage:**
+```bash
+./scripts/validate-deployment.sh [OPTIONS]
+```
+
+**Test Coverage:**
+- User registration and authentication
+- Document upload functionality
+- Query processing
+- API documentation accessibility
+- Database connectivity
+- Performance testing
+
+**Examples:**
+```bash
+# Validate local deployment
+./scripts/validate-deployment.sh
+
+# Validate specific URLs
+./scripts/validate-deployment.sh \
+  --backend-url https://api.example.com \
+  --frontend-url https://app.example.com
+
+# Skip functional tests
+./scripts/validate-deployment.sh --skip-functional
+```
+
+### 5. Database Migration (`scripts/migrate-database.sh`)
+
+Database migration and maintenance utilities.
+
+**Usage:**
+```bash
+./scripts/migrate-database.sh ACTION [OPTIONS]
+```
+
+**Actions:**
+- `init` - Initialize database with migrations
+- `migrate` - Run pending migrations
+- `rollback` - Rollback migrations
+- `status` - Show migration status
+- `backup` - Create database backup
+- `reset` - Reset database (DANGEROUS)
+
+**Examples:**
+```bash
+# Initialize database
+./scripts/migrate-database.sh init
+
+# Run migrations
+./scripts/migrate-database.sh migrate
+
+# Create backup
+./scripts/migrate-database.sh backup
+
+# Check status
+./scripts/migrate-database.sh status
+```
+
+## Workflow
+
+### Typical Deployment Workflow
+
+1. **Preparation**
+   ```bash
+   # Validate prerequisites
+   ./deploy.sh --validate-only
+   ```
+
+2. **Deployment**
+   ```bash
+   # Deploy to chosen platform
+   ./deploy.sh railway
+   ```
+
+3. **Validation**
+   ```bash
+   # Run health checks
+   ./scripts/health-check.sh --platform railway
+   
+   # Validate functionality
+   ./scripts/validate-deployment.sh
+   ```
+
+4. **Monitoring**
+   ```bash
+   # Continuous health monitoring
+   ./scripts/health-check.sh --output daily-health.txt
+   ```
+
+### Database Management Workflow
+
+1. **Backup**
+   ```bash
+   ./scripts/migrate-database.sh backup
+   ```
+
+2. **Migration**
+   ```bash
+   ./scripts/migrate-database.sh migrate
+   ```
+
+3. **Validation**
+   ```bash
+   ./scripts/migrate-database.sh status
+   ```
+
+## Environment Configuration
+
+Each platform requires specific environment configuration:
+
+- **Railway**: `.env.railway`
+- **Fly.io**: `.env.fly`
+- **Cloud Run**: `.env.cloudrun`
+- **Vercel**: `.env.vercel`
+- **Local**: `.env.production`
+
+The scripts will automatically create these files from templates if they don't exist.
+
+## Error Handling and Rollback
+
+All scripts include comprehensive error handling:
+
+- **Automatic Rollback**: Failed deployments can be automatically rolled back
+- **Backup Creation**: Databases are backed up before migrations
+- **Health Monitoring**: Continuous monitoring detects issues early
+- **Detailed Logging**: All operations are logged with timestamps
+
+## Security Features
+
+- **JWT Secret Validation**: Ensures secure authentication tokens
+- **Environment Validation**: Prevents deployment with insecure configurations
+- **Secret Management**: Proper handling of sensitive information
+- **Access Control**: Platform-specific authentication requirements
+
+## Monitoring and Maintenance
+
+### Daily Operations
+```bash
+# Daily health check
+./scripts/health-check.sh --output logs/health-$(date +%Y%m%d).txt
+
+# Weekly validation
+./scripts/validate-deployment.sh --output logs/validation-$(date +%Y%m%d).txt
+```
+
+### Maintenance Tasks
+```bash
+# Clean up old Docker images
+source scripts/deployment-utils.sh && cleanup_docker_images
+
+# Database backup
+./scripts/migrate-database.sh backup
+
+# System resource check
+./scripts/health-check.sh | grep -E "(Memory|Disk|CPU)"
+```
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Prerequisites Missing**
+   - Run `./deploy.sh --validate-only` to check requirements
+   - Install missing CLI tools as indicated
+
+2. **Environment Configuration**
+   - Check environment files exist and have correct values
+   - Validate JWT secrets are secure (32+ characters)
+
+3. **Service Health Issues**
+   - Use `./scripts/health-check.sh` to identify problems
+   - Check logs for specific error messages
+
+4. **Database Problems**
+   - Use `./scripts/migrate-database.sh status` to check migrations
+   - Create backups before making changes
+
+### Getting Help
+
+Each script includes detailed help information:
+```bash
+./deploy.sh --help
+./scripts/health-check.sh --help
+./scripts/validate-deployment.sh --help
+./scripts/migrate-database.sh --help
+```
+
+## Integration with Existing Scripts
+
+The automation scripts integrate with existing platform-specific deployment scripts:
+
+- `deploy-railway.sh` - Railway deployment
+- `deploy-cloudrun.sh` - Google Cloud Run deployment  
+- `deploy-production.sh` - Local Docker deployment
+
+The master script (`deploy.sh`) orchestrates these existing scripts while adding validation, monitoring, and error handling capabilities.

DOCUMENTATION_INDEX.md

@@ -0,0 +1,239 @@
+# Documentation Index
+
+This document provides an overview of all available documentation for the Knowledge Assistant RAG application deployment and maintenance.
+
+## 📚 Documentation Overview
+
+The Knowledge Assistant RAG application includes comprehensive documentation covering deployment, configuration, troubleshooting, and maintenance across multiple platforms.
+
+## 🚀 Deployment Guides
+
+### Platform-Specific Deployment
+- **[Railway Deployment Guide](RAILWAY_DEPLOYMENT.md)** - Deploy to Railway.app (free tier: 512MB RAM, 1GB storage)
+- **[Fly.io Deployment Guide](FLY_DEPLOYMENT.md)** - Deploy to Fly.io (free tier: 256MB RAM, 1GB storage)
+- **[Google Cloud Run Deployment Guide](CLOUDRUN_DEPLOYMENT.md)** - Deploy to Google Cloud Run (free tier: 1GB memory, 2 vCPU)
+- **[Deployment Automation](DEPLOYMENT_AUTOMATION.md)** - Automated deployment scripts and utilities
+
+### Quick Start
+1. Choose your preferred platform from the guides above
+2. Follow the platform-specific prerequisites
+3. Run the deployment script: `./deploy.sh platform-name`
+4. Configure environment variables as documented
+
+## ⚙️ Configuration
+
+### Environment Setup
+- **[Environment Configuration Guide](ENVIRONMENT_CONFIGURATION.md)** - Comprehensive guide for environment variables and secrets management
+  - Core environment variables
+  - Platform-specific configuration
+  - Secrets management best practices
+  - Validation and testing scripts
+
+### Key Configuration Files
+- `.env.railway` - Railway deployment configuration
+- `.env.fly` - Fly.io deployment configuration  
+- `.env.cloudrun` - Google Cloud Run configuration
+- `.env.vercel` - Vercel hybrid deployment configuration
+
+## 🔧 Troubleshooting and Maintenance
+
+### Problem Resolution
+- **[Troubleshooting Guide](TROUBLESHOOTING.md)** - Comprehensive troubleshooting for common issues
+  - Common deployment issues
+  - Platform-specific problems
+  - Service communication issues
+  - Database problems
+  - Emergency recovery procedures
+
+### Performance and Optimization
+- **[Performance Optimization Guide](PERFORMANCE_OPTIMIZATION.md)** - Strategies for optimizing performance and scaling
+  - Container optimization
+  - Database performance tuning
+  - API optimization
+  - Scaling strategies
+  - Cost optimization
+
+### Frequently Asked Questions
+- **[FAQ](FAQ.md)** - Answers to common questions about deployment, configuration, and maintenance
+  - General questions
+  - Deployment questions
+  - Configuration questions
+  - Performance questions
+  - Security questions
+  - Cost and scaling questions
+
+## 📋 Quick Reference
+
+### Essential Commands
+
+#### Deployment
+```bash
+# Deploy to Railway
+./deploy.sh railway
+
+# Deploy to Fly.io
+./deploy.sh fly
+
+# Deploy to Google Cloud Run
+./deploy.sh cloudrun
+
+# Deploy locally
+./deploy.sh local
+```
+
+#### Health Checks
+```bash
+# Run comprehensive health check
+./scripts/health-check.sh
+
+# Validate deployment
+./scripts/validate-deployment.sh
+
+# Check environment variables
+./scripts/validate-environment.sh
+```
+
+#### Maintenance
+```bash
+# Database backup
+./scripts/migrate-database.sh backup
+
+# Performance monitoring
+./scripts/performance-report.sh
+
+# Clean up resources
+docker system prune -a
+```
+
+### Environment Variables Quick Reference
+
+#### Required Variables
+```bash
+JWT_SECRET=your-32-character-minimum-secret
+GEMINI_API_KEY=your-google-gemini-api-key
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+```
+
+#### Optional Variables
+```bash
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-qdrant-api-key
+CORS_ORIGINS=https://your-domain.com
+USER_REGISTRATION_ENABLED=true
+```
+
+### Platform Resource Limits
+
+| Platform | Memory | Storage | CPU | Cost |
+|----------|--------|---------|-----|------|
+| Railway | 512MB | 1GB | Shared | Free |
+| Fly.io | 256MB | 1GB | Shared | Free |
+| Cloud Run | 1GB | N/A | 1 vCPU | Free tier |
+| Vercel | N/A | N/A | Serverless | Free |
+
+## 🆘 Getting Help
+
+### Documentation Hierarchy
+1. **Start with FAQ** - Check if your question is already answered
+2. **Platform-specific guides** - For deployment issues
+3. **Troubleshooting guide** - For runtime problems
+4. **Environment configuration** - For setup issues
+5. **Performance guide** - For optimization needs
+
+### Support Channels
+- **Platform Documentation**: Check official platform docs
+- **Community Forums**: Platform-specific Discord/forums
+- **Issue Tracking**: Create detailed bug reports with logs
+- **Performance Issues**: Use monitoring tools and guides
+
+### Diagnostic Information
+When seeking help, include:
+- Platform and deployment method
+- Error messages and logs
+- Environment configuration (without secrets)
+- Steps to reproduce the issue
+
+## 📈 Monitoring and Maintenance
+
+### Regular Tasks
+- **Daily**: Health checks and log monitoring
+- **Weekly**: Performance reviews and cleanup
+- **Monthly**: Security updates and backup verification
+
+### Key Metrics to Monitor
+- Response times (< 200ms target)
+- Memory usage (stay within platform limits)
+- Error rates (< 1% target)
+- Disk usage (monitor growth)
+
+### Alerting Setup
+Configure alerts for:
+- Service downtime
+- High error rates
+- Resource limit approaching
+- Failed deployments
+
+## 🔄 Updates and Maintenance
+
+### Updating the Application
+1. **Test locally** with new changes
+2. **Backup data** before deployment
+3. **Deploy to staging** (if available)
+4. **Deploy to production** using deployment scripts
+5. **Verify functionality** with health checks
+
+### Security Maintenance
+- Rotate JWT secrets quarterly
+- Update API keys as needed
+- Monitor for security updates
+- Review access logs regularly
+
+## 📊 Architecture Overview
+
+```
+┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
+│   Frontend      │    │    Backend      │    │   External      │
+│  (React/Vite)   │────│   (FastAPI)     │────│   Services      │
+│                 │    │                 │    │                 │
+│ • User Interface│    │ • API Endpoints │    │ • Gemini API    │
+│ • Document UI   │    │ • Auth System   │    │ • Qdrant Cloud  │
+│ • Chat Interface│    │ • File Processing│    │ • PostgreSQL   │
+└─────────────────┘    └─────────────────┘    └─────────────────┘
+                              │
+                       ┌─────────────────┐
+                       │   Database      │
+                       │  (SQLite/PG)    │
+                       │                 │
+                       │ • User Data     │
+                       │ • Documents     │
+                       │ • Metadata      │
+                       └─────────────────┘
+```
+
+## 🎯 Best Practices Summary
+
+### Deployment
+- Use external services for free tier deployments
+- Implement proper health checks
+- Configure auto-scaling appropriately
+- Use platform-specific optimizations
+
+### Security
+- Never commit secrets to version control
+- Use strong JWT secrets (32+ characters)
+- Restrict CORS to specific domains
+- Implement proper authentication
+
+### Performance
+- Use caching where appropriate
+- Optimize Docker images for size
+- Monitor resource usage regularly
+- Implement graceful degradation
+
+### Maintenance
+- Automate backups and health checks
+- Monitor logs and metrics
+- Keep dependencies updated
+- Document configuration changes
+
+This documentation index provides a comprehensive overview of all available resources for successfully deploying and maintaining the Knowledge Assistant RAG application across multiple platforms.

Dockerfile

@@ -1,38 +1,71 @@
 
-# Use an official Python runtime as a parent image
-FROM python:3.11-slim
+# Multi-stage build for Python backend
+# Build stage
+FROM python:3.11-alpine as builder
 
-# Install curl for the wait script
-RUN apt-get update && apt-get install -y curl
+# Install build dependencies
+RUN apk add --no-cache \
+    gcc \
+    musl-dev \
+    libffi-dev \
+    openssl-dev \
+    python3-dev \
+    postgresql-dev \
+    curl
 
-# Set the working directory in the container
+# Set the working directory
 WORKDIR /app
 
-# Copy the requirements file into the container
+# Copy requirements and install dependencies
 COPY requirements.txt .
 
+# Create requirements for production (exclude dev dependencies)
+RUN grep -v "pytest" requirements.txt > requirements-prod.txt
+
 # Set a higher timeout for pip installations
 ENV PIP_DEFAULT_TIMEOUT=1000
 
-# Install any needed packages specified in requirements.txt
-RUN pip install --no-cache-dir -r requirements.txt
+# Install dependencies to a local directory
+RUN pip install --no-cache-dir --user -r requirements-prod.txt
+
+# Production stage
+FROM python:3.11-alpine
+
+# Install runtime dependencies only
+RUN apk add --no-cache \
+    curl \
+    postgresql-libs \
+    && rm -rf /var/cache/apk/*
+
+# Create non-root user for security
+RUN addgroup -g 1001 -S appgroup && \
+    adduser -S appuser -u 1001 -G appgroup
 
-# Ensure Python scripts are in PATH
-ENV PATH="/usr/local/bin:${PATH}"
+# Set the working directory
+WORKDIR /app
+
+# Copy installed packages from builder stage
+COPY --from=builder /root/.local /home/appuser/.local
 
-# Copy the application code into the container
-COPY ./src /app/src
-COPY ./scripts /app/scripts
-COPY ./alembic /app/alembic
-COPY ./alembic.ini /app/alembic.ini
+# Copy the application code
+COPY --chown=appuser:appgroup ./src /app/src
+COPY --chown=appuser:appgroup ./scripts /app/scripts
+COPY --chown=appuser:appgroup ./alembic /app/alembic
+COPY --chown=appuser:appgroup ./alembic.ini /app/alembic.ini
 
 # Create data directory for SQLite database
-RUN mkdir -p /app/data
+RUN mkdir -p /app/data && chown -R appuser:appgroup /app/data
 
 # Make scripts executable
 RUN chmod +x /app/scripts/*.sh
 
-# Expose port 8000 to allow communication to the Uvicorn server
+# Switch to non-root user
+USER appuser
+
+# Ensure user's local bin is in PATH
+ENV PATH="/home/appuser/.local/bin:${PATH}"
+
+# Expose port 8000
 EXPOSE 8000
 
 # Add health check for database connectivity
@@ -40,5 +73,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
   CMD curl -f http://localhost:8000/health || exit 1
 
 # Define the command to run the application
-# The init-db.sh script will handle database migrations and server startup
 CMD ["/app/scripts/init-db.sh"]

ENVIRONMENT_CONFIGURATION.md

@@ -0,0 +1,882 @@
+# Environment Variables and Secrets Configuration Guide
+
+This guide provides comprehensive documentation for configuring environment variables and managing secrets across all deployment platforms for the Knowledge Assistant RAG application.
+
+## Table of Contents
+
+1. [Core Environment Variables](#core-environment-variables)
+2. [Platform-Specific Configuration](#platform-specific-configuration)
+3. [Secrets Management](#secrets-management)
+4. [Environment Templates](#environment-templates)
+5. [Validation and Testing](#validation-and-testing)
+6. [Security Best Practices](#security-best-practices)
+7. [Troubleshooting](#troubleshooting)
+
+## Core Environment Variables
+
+### Required Variables
+
+#### Authentication & Security
+```bash
+# JWT Secret Key (REQUIRED)
+# Must be at least 32 characters long
+# Generate with: openssl rand -base64 32
+JWT_SECRET=your-super-secure-jwt-secret-key-32-chars-minimum
+
+# User Registration Control
+USER_REGISTRATION_ENABLED=true  # or false to disable new registrations
+```
+
+#### Database Configuration
+```bash
+# SQLite (Default)
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+
+# PostgreSQL (Production)
+DATABASE_URL=postgresql://username:password@host:port/database_name
+
+# PostgreSQL with SSL (Cloud deployments)
+DATABASE_URL=postgresql://username:password@host:port/database_name?sslmode=require
+```
+
+#### Vector Database (Qdrant)
+```bash
+# Self-hosted Qdrant
+QDRANT_HOST=localhost
+QDRANT_PORT=6333
+
+# Qdrant Cloud
+QDRANT_CLOUD_URL=https://your-cluster-id.qdrant.io
+QDRANT_API_KEY=your-qdrant-cloud-api-key
+```
+
+#### LLM Service Configuration
+```bash
+# Google Gemini API (Recommended)
+GEMINI_API_KEY=your-google-gemini-api-key
+
+# OpenAI API (Alternative)
+OPENAI_API_KEY=your-openai-api-key
+USE_OPENAI_INSTEAD_OF_GEMINI=false  # Set to true to use OpenAI
+```
+
+#### CORS Configuration
+```bash
+# Frontend Origins (comma-separated)
+CORS_ORIGINS=https://your-frontend-domain.com,http://localhost:3000
+
+# For development
+CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000
+```
+
+### Optional Variables
+
+#### Application Configuration
+```bash
+# Server Configuration
+PORT=8000
+HOST=0.0.0.0
+WORKERS=1
+
+# Logging
+LOG_LEVEL=INFO  # DEBUG, INFO, WARNING, ERROR, CRITICAL
+LOG_FORMAT=json  # json or text
+
+# File Upload Limits
+MAX_FILE_SIZE=10485760  # 10MB in bytes
+ALLOWED_FILE_TYPES=pdf,txt,docx,md
+
+# Query Configuration
+MAX_QUERY_LENGTH=1000
+DEFAULT_SEARCH_LIMIT=10
+```
+
+#### Performance Tuning
+```bash
+# Database Connection Pool
+DB_POOL_SIZE=5
+DB_MAX_OVERFLOW=10
+DB_POOL_TIMEOUT=30
+
+# Vector Search Configuration
+VECTOR_SEARCH_TOP_K=5
+EMBEDDING_BATCH_SIZE=100
+
+# API Timeouts
+API_TIMEOUT=30
+GEMINI_TIMEOUT=30
+QDRANT_TIMEOUT=10
+```
+
+### Frontend Environment Variables
+
+#### React/Vite Configuration
+```bash
+# API Configuration
+VITE_API_BASE_URL=https://your-backend-domain.com
+VITE_API_TIMEOUT=30000
+
+# Feature Flags
+VITE_ENABLE_REGISTRATION=true
+VITE_ENABLE_FILE_UPLOAD=true
+VITE_ENABLE_DARK_MODE=true
+
+# Analytics (Optional)
+VITE_GOOGLE_ANALYTICS_ID=GA_MEASUREMENT_ID
+VITE_SENTRY_DSN=your-sentry-dsn
+```
+
+## Platform-Specific Configuration
+
+### Railway Configuration
+
+#### Environment File: `.env.railway`
+```bash
+# Railway-specific variables
+RAILWAY_ENVIRONMENT=production
+PORT=8000
+
+# Database (Railway PostgreSQL)
+DATABASE_URL=$DATABASE_URL  # Automatically provided by Railway
+
+# External Services (Recommended for free tier)
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-qdrant-api-key
+GEMINI_API_KEY=your-gemini-api-key
+
+# Security
+JWT_SECRET=your-jwt-secret-32-chars-minimum
+
+# CORS
+CORS_ORIGINS=https://your-app.railway.app
+
+# Frontend
+VITE_API_BASE_URL=https://your-backend.railway.app
+```
+
+#### Setting Variables via CLI
+```bash
+# Login to Railway
+railway login
+
+# Set environment variables
+railway variables set JWT_SECRET="$(openssl rand -base64 32)"
+railway variables set GEMINI_API_KEY="your-gemini-api-key"
+railway variables set USER_REGISTRATION_ENABLED="true"
+railway variables set CORS_ORIGINS="https://your-frontend.railway.app"
+
+# Frontend variables
+cd rag-quest-hub
+railway variables set VITE_API_BASE_URL="https://your-backend.railway.app"
+railway variables set VITE_ENABLE_REGISTRATION="true"
+```
+
+### Fly.io Configuration
+
+#### Environment File: `.env.fly`
+```bash
+# Fly.io specific
+FLY_APP_NAME=knowledge-assistant-rag
+FLY_REGION=ord
+
+# Database
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+
+# Services
+QDRANT_HOST=localhost
+QDRANT_PORT=6333
+
+# External APIs
+GEMINI_API_KEY=your-gemini-api-key
+
+# Security
+JWT_SECRET=your-jwt-secret
+
+# CORS
+CORS_ORIGINS=https://your-app.fly.dev
+```
+
+#### Setting Secrets via CLI
+```bash
+# Set secrets
+flyctl secrets set JWT_SECRET="$(openssl rand -base64 32)"
+flyctl secrets set GEMINI_API_KEY="your-gemini-api-key"
+
+# Set regular environment variables in fly.toml
+[env]
+  USER_REGISTRATION_ENABLED = "true"
+  CORS_ORIGINS = "https://your-app.fly.dev"
+  DATABASE_URL = "sqlite+aiosqlite:///./data/knowledge_assistant.db"
+```
+
+### Google Cloud Run Configuration
+
+#### Environment File: `.env.cloudrun`
+```bash
+# Google Cloud Project
+PROJECT_ID=your-gcp-project-id
+REGION=us-central1
+
+# Database (Cloud SQL)
+DATABASE_URL=postgresql://user:pass@/db?host=/cloudsql/project:region:instance
+
+# Services
+QDRANT_HOST=knowledge-assistant-qdrant-hash-uc.a.run.app
+QDRANT_PORT=443
+
+# External APIs
+GEMINI_API_KEY=your-gemini-api-key
+
+# Security (stored in Secret Manager)
+JWT_SECRET=projects/PROJECT_ID/secrets/jwt-secret/versions/latest
+
+# CORS
+CORS_ORIGINS=https://knowledge-assistant-frontend-hash-uc.a.run.app
+```
+
+#### Setting Variables via CLI
+```bash
+# Create secrets in Secret Manager
+echo -n "$(openssl rand -base64 32)" | gcloud secrets create jwt-secret --data-file=-
+echo -n "your-gemini-api-key" | gcloud secrets create gemini-api-key --data-file=-
+
+# Update Cloud Run service with environment variables
+gcloud run services update knowledge-assistant-backend \
+  --region=us-central1 \
+  --set-env-vars="USER_REGISTRATION_ENABLED=true" \
+  --set-env-vars="CORS_ORIGINS=https://your-frontend-url.com"
+
+# Update with secrets
+gcloud run services update knowledge-assistant-backend \
+  --region=us-central1 \
+  --set-secrets="JWT_SECRET=jwt-secret:latest" \
+  --set-secrets="GEMINI_API_KEY=gemini-api-key:latest"
+```
+
+### Vercel Configuration
+
+#### Environment File: `.env.vercel`
+```bash
+# Vercel-specific
+VERCEL_ENV=production
+
+# External Services (All external for serverless)
+DATABASE_URL=postgresql://user:pass@host:port/db
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-qdrant-api-key
+GEMINI_API_KEY=your-gemini-api-key
+
+# Security
+JWT_SECRET=your-jwt-secret
+
+# CORS
+CORS_ORIGINS=https://your-app.vercel.app
+
+# Frontend
+VITE_API_BASE_URL=https://your-app.vercel.app/api
+```
+
+#### Setting Variables via CLI
+```bash
+# Set environment variables
+vercel env add JWT_SECRET production
+vercel env add GEMINI_API_KEY production
+vercel env add DATABASE_URL production
+vercel env add QDRANT_CLOUD_URL production
+vercel env add QDRANT_API_KEY production
+
+# Frontend variables
+vercel env add VITE_API_BASE_URL production
+vercel env add VITE_ENABLE_REGISTRATION production
+```
+
+## Secrets Management
+
+### Secret Generation
+
+#### JWT Secret Generation
+```bash
+# Method 1: OpenSSL
+openssl rand -base64 32
+
+# Method 2: Python
+python -c "import secrets; print(secrets.token_urlsafe(32))"
+
+# Method 3: Node.js
+node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+
+# Validation: Ensure at least 32 characters
+echo "your-jwt-secret" | wc -c
+```
+
+#### API Key Management
+```bash
+# Google Gemini API Key
+# 1. Visit https://makersuite.google.com/app/apikey
+# 2. Create new API key
+# 3. Copy and store securely
+
+# Qdrant Cloud API Key
+# 1. Visit https://cloud.qdrant.io
+# 2. Create cluster
+# 3. Generate API key from dashboard
+```
+
+### Platform-Specific Secret Storage
+
+#### Railway Secrets
+```bash
+# Set via CLI
+railway variables set SECRET_NAME="secret_value"
+
+# Set via web dashboard
+# 1. Visit railway.app
+# 2. Select your project
+# 3. Go to Variables tab
+# 4. Add environment variable
+```
+
+#### Fly.io Secrets
+```bash
+# Set secrets (encrypted at rest)
+flyctl secrets set SECRET_NAME="secret_value"
+
+# List secrets (values hidden)
+flyctl secrets list
+
+# Remove secrets
+flyctl secrets unset SECRET_NAME
+```
+
+#### Google Cloud Secret Manager
+```bash
+# Create secret
+echo -n "secret_value" | gcloud secrets create secret-name --data-file=-
+
+# Grant access to service account
+gcloud secrets add-iam-policy-binding secret-name \
+  --member="serviceAccount:service-account@project.iam.gserviceaccount.com" \
+  --role="roles/secretmanager.secretAccessor"
+
+# Use in Cloud Run
+gcloud run services update service-name \
+  --set-secrets="ENV_VAR=secret-name:latest"
+```
+
+#### Vercel Environment Variables
+```bash
+# Set via CLI
+vercel env add SECRET_NAME
+
+# Set via web dashboard
+# 1. Visit vercel.com
+# 2. Select your project
+# 3. Go to Settings > Environment Variables
+# 4. Add variable with appropriate environment
+```
+
+## Environment Templates
+
+### Development Template (`.env.development`)
+```bash
+# Development Configuration
+NODE_ENV=development
+DEBUG=true
+LOG_LEVEL=DEBUG
+
+# Database
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant_dev.db
+
+# Services (Local)
+QDRANT_HOST=localhost
+QDRANT_PORT=6333
+
+# External APIs
+GEMINI_API_KEY=your-dev-gemini-api-key
+
+# Security (Use different secret for dev)
+JWT_SECRET=development-jwt-secret-32-chars-minimum
+
+# CORS (Allow local development)
+CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000
+
+# Frontend
+VITE_API_BASE_URL=http://localhost:8000
+VITE_ENABLE_REGISTRATION=true
+```
+
+### Production Template (`.env.production`)
+```bash
+# Production Configuration
+NODE_ENV=production
+DEBUG=false
+LOG_LEVEL=INFO
+
+# Database (Use PostgreSQL in production)
+DATABASE_URL=postgresql://user:password@host:port/database
+
+# Services
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-production-qdrant-api-key
+
+# External APIs
+GEMINI_API_KEY=your-production-gemini-api-key
+
+# Security
+JWT_SECRET=production-jwt-secret-32-chars-minimum
+
+# CORS (Restrict to your domain)
+CORS_ORIGINS=https://your-production-domain.com
+
+# Frontend
+VITE_API_BASE_URL=https://your-production-api-domain.com
+VITE_ENABLE_REGISTRATION=false  # Disable registration in production
+```
+
+### Testing Template (`.env.test`)
+```bash
+# Test Configuration
+NODE_ENV=test
+DEBUG=false
+LOG_LEVEL=WARNING
+
+# Database (In-memory for tests)
+DATABASE_URL=sqlite+aiosqlite:///:memory:
+
+# Services (Mock or local)
+QDRANT_HOST=localhost
+QDRANT_PORT=6333
+
+# External APIs (Use test keys or mocks)
+GEMINI_API_KEY=test-gemini-api-key
+
+# Security
+JWT_SECRET=test-jwt-secret-32-chars-minimum
+
+# CORS
+CORS_ORIGINS=http://localhost:3000
+
+# Frontend
+VITE_API_BASE_URL=http://localhost:8000
+VITE_ENABLE_REGISTRATION=true
+```
+
+## Validation and Testing
+
+### Environment Validation Script
+
+Create `scripts/validate-environment.sh`:
+```bash
+#!/bin/bash
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Validation functions
+validate_required_var() {
+    local var_name=$1
+    local var_value=${!var_name}
+    
+    if [[ -z "$var_value" ]]; then
+        echo -e "${RED}❌ $var_name is not set${NC}"
+        return 1
+    else
+        echo -e "${GREEN}✅ $var_name is set${NC}"
+        return 0
+    fi
+}
+
+validate_jwt_secret() {
+    if [[ ${#JWT_SECRET} -lt 32 ]]; then
+        echo -e "${RED}❌ JWT_SECRET must be at least 32 characters (current: ${#JWT_SECRET})${NC}"
+        return 1
+    else
+        echo -e "${GREEN}✅ JWT_SECRET length is valid (${#JWT_SECRET} characters)${NC}"
+        return 0
+    fi
+}
+
+validate_database_url() {
+    if [[ "$DATABASE_URL" =~ ^(sqlite|postgresql):// ]]; then
+        echo -e "${GREEN}✅ DATABASE_URL format is valid${NC}"
+        return 0
+    else
+        echo -e "${RED}❌ DATABASE_URL format is invalid${NC}"
+        return 1
+    fi
+}
+
+validate_cors_origins() {
+    if [[ "$CORS_ORIGINS" =~ ^https?:// ]]; then
+        echo -e "${GREEN}✅ CORS_ORIGINS format is valid${NC}"
+        return 0
+    else
+        echo -e "${YELLOW}⚠️  CORS_ORIGINS should start with http:// or https://${NC}"
+        return 0
+    fi
+}
+
+# Main validation
+echo "🔍 Validating environment variables..."
+echo
+
+# Required variables
+required_vars=(
+    "JWT_SECRET"
+    "DATABASE_URL"
+    "GEMINI_API_KEY"
+)
+
+validation_failed=false
+
+for var in "${required_vars[@]}"; do
+    if ! validate_required_var "$var"; then
+        validation_failed=true
+    fi
+done
+
+# Specific validations
+if [[ -n "$JWT_SECRET" ]]; then
+    if ! validate_jwt_secret; then
+        validation_failed=true
+    fi
+fi
+
+if [[ -n "$DATABASE_URL" ]]; then
+    validate_database_url
+fi
+
+if [[ -n "$CORS_ORIGINS" ]]; then
+    validate_cors_origins
+fi
+
+# Optional variables check
+optional_vars=(
+    "QDRANT_HOST"
+    "QDRANT_PORT"
+    "QDRANT_CLOUD_URL"
+    "QDRANT_API_KEY"
+    "USER_REGISTRATION_ENABLED"
+    "CORS_ORIGINS"
+)
+
+echo
+echo "📋 Optional variables status:"
+for var in "${optional_vars[@]}"; do
+    if [[ -n "${!var}" ]]; then
+        echo -e "${GREEN}✅ $var is set${NC}"
+    else
+        echo -e "${YELLOW}⚠️  $var is not set${NC}"
+    fi
+done
+
+echo
+if [[ "$validation_failed" == true ]]; then
+    echo -e "${RED}❌ Environment validation failed${NC}"
+    exit 1
+else
+    echo -e "${GREEN}✅ Environment validation passed${NC}"
+    exit 0
+fi
+```
+
+### Testing Environment Variables
+
+Create `scripts/test-environment.sh`:
+```bash
+#!/bin/bash
+
+# Test database connection
+test_database() {
+    echo "Testing database connection..."
+    python -c "
+import asyncio
+from src.core.database import get_database
+async def test():
+    try:
+        db = get_database()
+        print('✅ Database connection successful')
+        return True
+    except Exception as e:
+        print(f'❌ Database connection failed: {e}')
+        return False
+asyncio.run(test())
+"
+}
+
+# Test Qdrant connection
+test_qdrant() {
+    echo "Testing Qdrant connection..."
+    if [[ -n "$QDRANT_CLOUD_URL" ]]; then
+        curl -f -s "$QDRANT_CLOUD_URL/health" > /dev/null
+    else
+        curl -f -s "http://${QDRANT_HOST:-localhost}:${QDRANT_PORT:-6333}/health" > /dev/null
+    fi
+    
+    if [[ $? -eq 0 ]]; then
+        echo "✅ Qdrant connection successful"
+    else
+        echo "❌ Qdrant connection failed"
+    fi
+}
+
+# Test Gemini API
+test_gemini() {
+    echo "Testing Gemini API..."
+    python -c "
+import os
+import requests
+api_key = os.getenv('GEMINI_API_KEY')
+if not api_key:
+    print('❌ GEMINI_API_KEY not set')
+    exit(1)
+
+try:
+    # Simple API test
+    url = f'https://generativelanguage.googleapis.com/v1/models?key={api_key}'
+    response = requests.get(url, timeout=10)
+    if response.status_code == 200:
+        print('✅ Gemini API connection successful')
+    else:
+        print(f'❌ Gemini API connection failed: {response.status_code}')
+except Exception as e:
+    print(f'❌ Gemini API connection failed: {e}')
+"
+}
+
+# Run all tests
+echo "🧪 Testing environment configuration..."
+echo
+
+test_database
+test_qdrant
+test_gemini
+
+echo
+echo "✅ Environment testing complete"
+```
+
+## Security Best Practices
+
+### Secret Management Best Practices
+
+1. **Never commit secrets to version control**
+   ```bash
+   # Add to .gitignore
+   echo ".env*" >> .gitignore
+   echo "!.env.example" >> .gitignore
+   ```
+
+2. **Use different secrets for different environments**
+   ```bash
+   # Development
+   JWT_SECRET=dev-secret-32-chars-minimum
+   
+   # Production
+   JWT_SECRET=prod-secret-different-32-chars-minimum
+   ```
+
+3. **Rotate secrets regularly**
+   ```bash
+   # Generate new JWT secret
+   NEW_SECRET=$(openssl rand -base64 32)
+   
+   # Update in platform
+   railway variables set JWT_SECRET="$NEW_SECRET"
+   ```
+
+4. **Use platform-specific secret management**
+   - Railway: Environment variables (encrypted)
+   - Fly.io: Secrets (encrypted at rest)
+   - Google Cloud: Secret Manager
+   - Vercel: Environment variables (encrypted)
+
+### Environment Variable Security
+
+1. **Validate environment variables on startup**
+   ```python
+   import os
+   import sys
+   
+   def validate_environment():
+       required_vars = ['JWT_SECRET', 'DATABASE_URL', 'GEMINI_API_KEY']
+       missing_vars = [var for var in required_vars if not os.getenv(var)]
+       
+       if missing_vars:
+           print(f"Missing required environment variables: {missing_vars}")
+           sys.exit(1)
+   
+   validate_environment()
+   ```
+
+2. **Use secure defaults**
+   ```python
+   # Secure defaults
+   USER_REGISTRATION_ENABLED = os.getenv('USER_REGISTRATION_ENABLED', 'false').lower() == 'true'
+   DEBUG = os.getenv('DEBUG', 'false').lower() == 'true'
+   LOG_LEVEL = os.getenv('LOG_LEVEL', 'INFO')
+   ```
+
+3. **Sanitize environment variables in logs**
+   ```python
+   import re
+   
+   def sanitize_env_for_logging(env_dict):
+       sensitive_patterns = [
+           r'.*SECRET.*',
+           r'.*PASSWORD.*',
+           r'.*KEY.*',
+           r'.*TOKEN.*'
+       ]
+       
+       sanitized = {}
+       for key, value in env_dict.items():
+           if any(re.match(pattern, key, re.IGNORECASE) for pattern in sensitive_patterns):
+               sanitized[key] = '***'
+           else:
+               sanitized[key] = value
+       
+       return sanitized
+   ```
+
+## Troubleshooting
+
+### Common Issues
+
+#### 1. JWT Secret Too Short
+```bash
+# Error: JWT secret must be at least 32 characters
+# Solution: Generate proper secret
+openssl rand -base64 32
+```
+
+#### 2. Database Connection Failed
+```bash
+# Check DATABASE_URL format
+echo $DATABASE_URL
+
+# For SQLite, ensure directory exists
+mkdir -p data/
+
+# For PostgreSQL, test connection
+psql "$DATABASE_URL" -c "SELECT 1;"
+```
+
+#### 3. CORS Issues
+```bash
+# Check CORS_ORIGINS format
+echo $CORS_ORIGINS
+
+# Should be: https://domain.com,https://other-domain.com
+# Not: https://domain.com, https://other-domain.com (no spaces)
+```
+
+#### 4. API Key Invalid
+```bash
+# Test Gemini API key
+curl -H "Authorization: Bearer $GEMINI_API_KEY" \
+  "https://generativelanguage.googleapis.com/v1/models"
+```
+
+### Environment Variable Debugging
+
+Create `scripts/debug-environment.sh`:
+```bash
+#!/bin/bash
+
+echo "🔍 Environment Variable Debug Information"
+echo "========================================"
+echo
+
+echo "📊 System Information:"
+echo "OS: $(uname -s)"
+echo "Shell: $SHELL"
+echo "User: $USER"
+echo "PWD: $PWD"
+echo
+
+echo "🔐 Security Variables (sanitized):"
+echo "JWT_SECRET: ${JWT_SECRET:0:8}... (${#JWT_SECRET} chars)"
+echo "GEMINI_API_KEY: ${GEMINI_API_KEY:0:8}... (${#GEMINI_API_KEY} chars)"
+echo
+
+echo "🗄️ Database Configuration:"
+echo "DATABASE_URL: ${DATABASE_URL}"
+echo
+
+echo "🔍 Vector Database Configuration:"
+echo "QDRANT_HOST: ${QDRANT_HOST:-not set}"
+echo "QDRANT_PORT: ${QDRANT_PORT:-not set}"
+echo "QDRANT_CLOUD_URL: ${QDRANT_CLOUD_URL:-not set}"
+echo "QDRANT_API_KEY: ${QDRANT_API_KEY:0:8}... (${#QDRANT_API_KEY} chars)"
+echo
+
+echo "🌐 CORS Configuration:"
+echo "CORS_ORIGINS: ${CORS_ORIGINS:-not set}"
+echo
+
+echo "⚙️ Application Configuration:"
+echo "USER_REGISTRATION_ENABLED: ${USER_REGISTRATION_ENABLED:-not set}"
+echo "LOG_LEVEL: ${LOG_LEVEL:-not set}"
+echo "DEBUG: ${DEBUG:-not set}"
+echo
+
+echo "🎨 Frontend Configuration:"
+echo "VITE_API_BASE_URL: ${VITE_API_BASE_URL:-not set}"
+echo "VITE_ENABLE_REGISTRATION: ${VITE_ENABLE_REGISTRATION:-not set}"
+```
+
+### Platform-Specific Debugging
+
+#### Railway
+```bash
+# Check current variables
+railway variables
+
+# Check service logs
+railway logs
+
+# Check service status
+railway status
+```
+
+#### Fly.io
+```bash
+# Check secrets
+flyctl secrets list
+
+# Check environment variables
+flyctl config show
+
+# Check app status
+flyctl status
+```
+
+#### Google Cloud Run
+```bash
+# Check service configuration
+gcloud run services describe SERVICE_NAME --region=REGION
+
+# Check secrets
+gcloud secrets list
+
+# Check logs
+gcloud logging read "resource.type=\"cloud_run_revision\""
+```
+
+#### Vercel
+```bash
+# Check environment variables
+vercel env ls
+
+# Check deployment logs
+vercel logs
+
+# Check project settings
+vercel project ls
+```
+
+This comprehensive guide should help you properly configure and manage environment variables and secrets across all deployment platforms.

FAQ.md

@@ -0,0 +1,747 @@
+# Frequently Asked Questions (FAQ)
+
+This document addresses common questions about deploying, configuring, and maintaining the Knowledge Assistant RAG application across different platforms.
+
+## Table of Contents
+
+1. [General Questions](#general-questions)
+2. [Deployment Questions](#deployment-questions)
+3. [Configuration Questions](#configuration-questions)
+4. [Performance Questions](#performance-questions)
+5. [Troubleshooting Questions](#troubleshooting-questions)
+6. [Security Questions](#security-questions)
+7. [Cost and Scaling Questions](#cost-and-scaling-questions)
+
+## General Questions
+
+### Q: What is the Knowledge Assistant RAG application?
+
+**A:** The Knowledge Assistant RAG (Retrieval-Augmented Generation) application is a document-based question-answering system that allows users to upload documents, process them into vector embeddings, and query them using natural language. It combines document retrieval with large language model generation to provide accurate, context-aware responses.
+
+**Key Features:**
+- Document upload and processing (PDF, TXT, DOCX, MD)
+- Vector-based semantic search using Qdrant
+- AI-powered responses using Google Gemini API
+- User authentication and document management
+- RESTful API with React frontend
+
+### Q: What are the system requirements?
+
+**A:** 
+**Minimum Requirements:**
+- 512MB RAM (with external services)
+- 1GB storage
+- 1 CPU core
+- Internet connection for API services
+
+**Recommended Requirements:**
+- 1GB RAM
+- 5GB storage
+- 2 CPU cores
+- Stable internet connection
+
+**Development Requirements:**
+- Docker and Docker Compose
+- Node.js 18+ (for frontend development)
+- Python 3.11+ (for backend development)
+
+### Q: Which deployment platforms are supported?
+
+**A:** The application supports multiple deployment platforms:
+
+1. **Railway** - Free tier: 512MB RAM, 1GB storage
+2. **Fly.io** - Free tier: 256MB RAM, 1GB storage
+3. **Google Cloud Run** - Free tier: 1GB memory, 2 vCPU
+4. **Vercel** - Hybrid deployment with serverless functions
+5. **Local Docker** - For development and self-hosting
+
+Each platform has specific optimizations and configurations documented in their respective deployment guides.
+
+### Q: What external services are required?
+
+**A:** 
+**Required:**
+- Google Gemini API (for LLM responses)
+
+**Optional (but recommended for production):**
+- Qdrant Cloud (vector database)
+- PostgreSQL (database, instead of SQLite)
+- Redis (caching)
+
+**Free Tier Alternatives:**
+- Use SQLite for database (included)
+- Self-host Qdrant (included in Docker setup)
+- Use in-memory caching instead of Redis
+
+## Deployment Questions
+
+### Q: How do I choose the best deployment platform?
+
+**A:** Choose based on your needs:
+
+**Railway** - Best for beginners
+- ✅ Easy setup and deployment
+- ✅ Built-in PostgreSQL
+- ✅ Good free tier (512MB RAM)
+- ❌ Limited to single region
+
+**Fly.io** - Best for global deployment
+- ✅ Multi-region deployment
+- ✅ Excellent Docker support
+- ✅ Good performance
+- ❌ Smaller free tier (256MB RAM)
+
+**Google Cloud Run** - Best for enterprise
+- ✅ Largest free tier (1GB RAM)
+- ✅ Excellent scaling
+- ✅ Integration with Google services
+- ❌ More complex setup
+
+**Vercel** - Best for frontend-heavy applications
+- ✅ Excellent frontend performance
+- ✅ Global CDN
+- ✅ Serverless functions
+- ❌ Backend limitations
+
+### Q: Can I deploy without using external APIs?
+
+**A:** Partially. You can run the application locally with self-hosted services, but you'll need at least one of these for LLM functionality:
+
+**Options:**
+1. **Google Gemini API** (recommended, free tier available)
+2. **OpenAI API** (paid service)
+3. **Self-hosted Ollama** (requires significant resources, 2GB+ RAM)
+
+**Note:** The free deployment guides focus on using external APIs to stay within platform resource limits.
+
+### Q: How long does deployment take?
+
+**A:** Deployment times vary by platform:
+
+- **Railway**: 5-10 minutes (automated)
+- **Fly.io**: 10-15 minutes (includes volume creation)
+- **Google Cloud Run**: 15-20 minutes (includes infrastructure setup)
+- **Vercel**: 5-10 minutes (frontend-focused)
+- **Local Docker**: 2-5 minutes (after initial image builds)
+
+**First-time setup** may take longer due to:
+- API key generation
+- Platform account setup
+- Initial image builds
+
+### Q: What happens if deployment fails?
+
+**A:** Common failure points and solutions:
+
+1. **Build Failures**
+   - Check Docker image compatibility
+   - Verify all dependencies are available
+   - Review build logs for specific errors
+
+2. **Resource Limits**
+   - Use external services (Qdrant Cloud, Gemini API)
+   - Optimize Docker images
+   - Consider upgrading to paid tier
+
+3. **Configuration Errors**
+   - Validate environment variables
+   - Check API key permissions
+   - Verify service connectivity
+
+**Recovery Steps:**
+```bash
+# Check deployment logs
+railway logs  # or flyctl logs, gcloud logs, etc.
+
+# Rollback to previous version
+railway rollback  # or flyctl releases rollback
+
+# Redeploy with fixes
+./deploy.sh platform-name
+```
+
+## Configuration Questions
+
+### Q: How do I generate a secure JWT secret?
+
+**A:** Use one of these methods to generate a secure JWT secret (minimum 32 characters):
+
+```bash
+# Method 1: OpenSSL (recommended)
+openssl rand -base64 32
+
+# Method 2: Python
+python -c "import secrets; print(secrets.token_urlsafe(32))"
+
+# Method 3: Node.js
+node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+```
+
+**Important:** 
+- Use different secrets for development and production
+- Never commit secrets to version control
+- Rotate secrets periodically
+
+### Q: How do I configure CORS for my domain?
+
+**A:** Set the `CORS_ORIGINS` environment variable with your domain(s):
+
+```bash
+# Single domain
+CORS_ORIGINS=https://your-domain.com
+
+# Multiple domains (comma-separated, no spaces)
+CORS_ORIGINS=https://your-domain.com,https://www.your-domain.com
+
+# Development (include localhost)
+CORS_ORIGINS=https://your-domain.com,http://localhost:3000
+```
+
+**Platform-specific setup:**
+```bash
+# Railway
+railway variables set CORS_ORIGINS="https://your-domain.com"
+
+# Fly.io
+flyctl secrets set CORS_ORIGINS="https://your-domain.com"
+
+# Google Cloud Run
+gcloud run services update SERVICE_NAME \
+  --set-env-vars="CORS_ORIGINS=https://your-domain.com"
+```
+
+### Q: How do I switch from SQLite to PostgreSQL?
+
+**A:** 
+
+1. **Update DATABASE_URL:**
+```bash
+# From SQLite
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+
+# To PostgreSQL
+DATABASE_URL=postgresql://username:password@host:port/database
+```
+
+2. **Platform-specific PostgreSQL:**
+```bash
+# Railway (automatic)
+railway add postgresql
+# DATABASE_URL is automatically set
+
+# Google Cloud Run
+# Use Cloud SQL instance connection string
+
+# Fly.io
+flyctl postgres create --name myapp-db
+flyctl postgres attach myapp-db
+```
+
+3. **Run migrations:**
+```bash
+# Migrations will run automatically on startup
+# Or manually:
+alembic upgrade head
+```
+
+### Q: How do I use Qdrant Cloud instead of self-hosted?
+
+**A:** 
+
+1. **Sign up for Qdrant Cloud:**
+   - Visit [cloud.qdrant.io](https://cloud.qdrant.io)
+   - Create a cluster
+   - Get your cluster URL and API key
+
+2. **Update environment variables:**
+```bash
+# Remove self-hosted Qdrant variables
+unset QDRANT_HOST
+unset QDRANT_PORT
+
+# Add Qdrant Cloud variables
+QDRANT_CLOUD_URL=https://your-cluster-id.qdrant.io
+QDRANT_API_KEY=your-api-key
+```
+
+3. **Update deployment:**
+```bash
+# Set in your platform
+railway variables set QDRANT_CLOUD_URL="https://your-cluster.qdrant.io"
+railway variables set QDRANT_API_KEY="your-api-key"
+```
+
+## Performance Questions
+
+### Q: Why is my application slow?
+
+**A:** Common performance issues and solutions:
+
+1. **Slow API Responses**
+   - Enable response caching
+   - Use database connection pooling
+   - Optimize database queries
+   - Consider using Redis for caching
+
+2. **Slow Document Processing**
+   - Process documents in background tasks
+   - Use batch processing for multiple documents
+   - Optimize embedding generation
+
+3. **Slow Vector Search**
+   - Optimize Qdrant configuration
+   - Use appropriate vector dimensions
+   - Consider using quantization
+
+4. **High Memory Usage**
+   - Use external services (Qdrant Cloud, Gemini API)
+   - Implement memory cleanup
+   - Optimize Docker images
+
+### Q: How can I optimize for the free tier limits?
+
+**A:** 
+
+**Memory Optimization:**
+- Use external APIs instead of self-hosted services
+- Implement memory cleanup routines
+- Use Alpine Linux base images
+- Enable auto-scaling to zero
+
+**Storage Optimization:**
+- Use external databases (Railway PostgreSQL, Cloud SQL)
+- Implement log rotation
+- Clean up temporary files
+
+**CPU Optimization:**
+- Use async processing
+- Implement request queuing
+- Cache expensive operations
+
+**Example configuration for Railway free tier:**
+```bash
+# Use external services to minimize memory usage
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+GEMINI_API_KEY=your-api-key
+DATABASE_URL=$DATABASE_URL  # Railway PostgreSQL
+
+# Optimize application settings
+WORKERS=1
+MAX_CONNECTIONS=50
+LOG_LEVEL=WARNING
+```
+
+### Q: How do I monitor performance?
+
+**A:** 
+
+**Built-in Monitoring:**
+```bash
+# Health check endpoint
+curl https://your-app.com/health
+
+# Detailed health check
+curl https://your-app.com/health/detailed
+```
+
+**Platform Monitoring:**
+- **Railway**: Built-in metrics dashboard
+- **Fly.io**: `flyctl metrics` command
+- **Google Cloud Run**: Cloud Monitoring
+- **Vercel**: Analytics dashboard
+
+**Custom Monitoring:**
+```bash
+# Run performance checks
+./scripts/health-check.sh
+
+# Generate performance report
+./scripts/performance-report.sh
+```
+
+## Troubleshooting Questions
+
+### Q: My deployment is failing with "out of memory" errors. What should I do?
+
+**A:** 
+
+**Immediate Solutions:**
+1. **Use external services:**
+```bash
+# Replace self-hosted Qdrant with Qdrant Cloud
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-api-key
+
+# Use Gemini API instead of Ollama
+GEMINI_API_KEY=your-api-key
+```
+
+2. **Optimize Docker images:**
+```bash
+# Use multi-stage builds
+# Use Alpine Linux base images
+# Remove development dependencies
+```
+
+3. **Reduce resource usage:**
+```bash
+WORKERS=1
+MAX_CONNECTIONS=25
+LOG_LEVEL=WARNING
+```
+
+**Long-term Solutions:**
+- Upgrade to paid tier
+- Implement horizontal scaling
+- Use serverless architecture
+
+### Q: Services can't communicate with each other. How do I fix this?
+
+**A:** 
+
+**Check Service URLs:**
+```bash
+# Verify environment variables
+echo $QDRANT_HOST
+echo $VITE_API_BASE_URL
+
+# Test connectivity
+curl -f http://qdrant:6333/health
+curl -f http://backend:8000/health
+```
+
+**Platform-specific fixes:**
+
+**Docker Compose:**
+```yaml
+# Ensure services are on same network
+services:
+  backend:
+    environment:
+      - QDRANT_HOST=qdrant
+  qdrant:
+    hostname: qdrant
+```
+
+**Railway:**
+```bash
+# Use Railway internal URLs
+QDRANT_HOST=qdrant.railway.internal
+```
+
+**Fly.io:**
+```bash
+# Use Fly.io internal DNS
+QDRANT_HOST=qdrant-app.internal
+```
+
+### Q: I'm getting CORS errors. How do I fix them?
+
+**A:** 
+
+**Check CORS Configuration:**
+```bash
+# Verify CORS_ORIGINS is set correctly
+echo $CORS_ORIGINS
+
+# Should match your frontend URL exactly
+CORS_ORIGINS=https://your-frontend-domain.com
+```
+
+**Common CORS Issues:**
+1. **Missing protocol:** Use `https://` not just `domain.com`
+2. **Extra spaces:** Use `domain1.com,domain2.com` not `domain1.com, domain2.com`
+3. **Wrong port:** Include port if not standard (`:3000` for development)
+
+**Test CORS:**
+```bash
+# Test CORS preflight
+curl -X OPTIONS \
+  -H "Origin: https://your-frontend.com" \
+  -H "Access-Control-Request-Method: POST" \
+  https://your-backend.com/api/query
+```
+
+### Q: Database migrations are failing. What should I do?
+
+**A:** 
+
+**Check Migration Status:**
+```bash
+# Check current migration version
+alembic current
+
+# Check migration history
+alembic history
+
+# Check for pending migrations
+alembic show head
+```
+
+**Common Solutions:**
+1. **Reset migrations (DANGEROUS - backup first!):**
+```bash
+# Backup database
+cp data/knowledge_assistant.db data/backup.db
+
+# Reset to head
+alembic stamp head
+```
+
+2. **Manual migration:**
+```bash
+# Run specific migration
+alembic upgrade +1
+
+# Downgrade if needed
+alembic downgrade -1
+```
+
+3. **Fresh database:**
+```bash
+# Remove database file
+rm data/knowledge_assistant.db
+
+# Restart application (migrations run automatically)
+docker-compose restart backend
+```
+
+## Security Questions
+
+### Q: How do I secure my deployment?
+
+**A:** 
+
+**Essential Security Measures:**
+
+1. **Use HTTPS everywhere:**
+   - All platforms provide HTTPS by default
+   - Never use HTTP in production
+
+2. **Secure JWT secrets:**
+```bash
+# Generate strong secrets (32+ characters)
+JWT_SECRET=$(openssl rand -base64 32)
+
+# Use different secrets for different environments
+```
+
+3. **Restrict CORS origins:**
+```bash
+# Don't use wildcards in production
+CORS_ORIGINS=https://your-exact-domain.com
+
+# Not this:
+CORS_ORIGINS=*
+```
+
+4. **Use environment variables for secrets:**
+```bash
+# Never commit secrets to code
+# Use platform secret management
+railway variables set SECRET_NAME="secret_value"
+```
+
+5. **Enable user registration controls:**
+```bash
+# Disable registration in production if not needed
+USER_REGISTRATION_ENABLED=false
+```
+
+### Q: How do I rotate API keys and secrets?
+
+**A:** 
+
+**JWT Secret Rotation:**
+```bash
+# Generate new secret
+NEW_JWT_SECRET=$(openssl rand -base64 32)
+
+# Update in platform
+railway variables set JWT_SECRET="$NEW_JWT_SECRET"
+
+# Restart application
+railway service restart
+```
+
+**API Key Rotation:**
+1. **Generate new API key** from provider
+2. **Update environment variable** in platform
+3. **Test functionality** with new key
+4. **Revoke old key** from provider
+
+**Database Password Rotation:**
+1. **Create new database user** with new password
+2. **Update DATABASE_URL** with new credentials
+3. **Test connection**
+4. **Remove old database user**
+
+### Q: How do I backup my data?
+
+**A:** 
+
+**SQLite Backup:**
+```bash
+# Create backup
+sqlite3 data/knowledge_assistant.db ".backup backup-$(date +%Y%m%d).db"
+
+# Restore from backup
+cp backup-20231201.db data/knowledge_assistant.db
+```
+
+**PostgreSQL Backup:**
+```bash
+# Create backup
+pg_dump $DATABASE_URL > backup-$(date +%Y%m%d).sql
+
+# Restore from backup
+psql $DATABASE_URL < backup-20231201.sql
+```
+
+**Qdrant Backup:**
+```bash
+# Create snapshot
+curl -X POST "http://localhost:6333/collections/documents/snapshots"
+
+# Download snapshot
+curl "http://localhost:6333/collections/documents/snapshots/snapshot-name" > qdrant-backup.snapshot
+```
+
+**Automated Backup Script:**
+```bash
+#!/bin/bash
+# backup.sh
+DATE=$(date +%Y%m%d)
+
+# Backup database
+sqlite3 data/knowledge_assistant.db ".backup backups/db-$DATE.db"
+
+# Backup Qdrant data
+tar -czf backups/qdrant-$DATE.tar.gz data/qdrant/
+
+# Clean old backups (keep 7 days)
+find backups/ -name "*.db" -mtime +7 -delete
+find backups/ -name "*.tar.gz" -mtime +7 -delete
+```
+
+## Cost and Scaling Questions
+
+### Q: How much does it cost to run this application?
+
+**A:** 
+
+**Free Tier Costs (Monthly):**
+- **Railway**: $0 (512MB RAM, 1GB storage)
+- **Fly.io**: $0 (256MB RAM, 1GB storage)
+- **Google Cloud Run**: $0 (within free tier limits)
+- **Vercel**: $0 (hobby plan)
+
+**External Service Costs:**
+- **Google Gemini API**: Free tier (60 requests/minute)
+- **Qdrant Cloud**: Free tier (1GB storage)
+- **Domain name**: $10-15/year (optional)
+
+**Paid Tier Costs (if needed):**
+- **Railway Pro**: $5/month (more resources)
+- **Fly.io**: Pay-as-you-go (starts ~$2/month)
+- **Google Cloud**: Pay-as-you-go (typically $5-20/month)
+
+### Q: When should I upgrade from free tier?
+
+**A:** 
+
+**Upgrade indicators:**
+- Consistently hitting memory limits
+- Need for more than 1GB storage
+- Require custom domains with SSL
+- Need better performance/uptime SLAs
+- Require more than 100 concurrent users
+
+**Upgrade benefits:**
+- More memory and CPU
+- Better performance
+- Priority support
+- Advanced features (monitoring, backups)
+- Higher rate limits
+
+### Q: How do I scale the application for more users?
+
+**A:** 
+
+**Vertical Scaling (increase resources):**
+```bash
+# Railway
+railway service scale --memory 1024
+
+# Fly.io
+flyctl scale memory 512
+
+# Google Cloud Run
+gcloud run services update SERVICE_NAME --memory=1Gi
+```
+
+**Horizontal Scaling (more instances):**
+```bash
+# Fly.io
+flyctl scale count 3
+
+# Google Cloud Run (automatic based on traffic)
+gcloud run services update SERVICE_NAME \
+  --max-instances=10 \
+  --concurrency=80
+```
+
+**Database Scaling:**
+- Use connection pooling
+- Implement read replicas
+- Consider managed database services
+
+**Caching:**
+- Add Redis for application caching
+- Use CDN for static assets
+- Implement API response caching
+
+### Q: How do I monitor costs?
+
+**A:** 
+
+**Platform Monitoring:**
+- **Railway**: Billing dashboard shows usage
+- **Fly.io**: `flyctl billing` command
+- **Google Cloud**: Cloud Billing console
+- **Vercel**: Usage dashboard
+
+**Cost Alerts:**
+```bash
+# Google Cloud billing alerts
+gcloud billing budgets create \
+  --billing-account=BILLING_ACCOUNT_ID \
+  --display-name="Knowledge Assistant Budget" \
+  --budget-amount=10USD
+
+# Fly.io spending limits
+flyctl orgs billing-limits set --limit=10
+```
+
+**Usage Monitoring Script:**
+```bash
+#!/bin/bash
+# cost-monitor.sh
+
+echo "📊 Resource Usage Report"
+echo "======================="
+
+# Check memory usage
+echo "Memory: $(free -h | grep Mem | awk '{print $3"/"$2}')"
+
+# Check disk usage
+echo "Disk: $(df -h / | tail -1 | awk '{print $3"/"$2" ("$5")"}')"
+
+# Check request count (from logs)
+echo "Requests today: $(grep $(date +%Y-%m-%d) logs/access.log | wc -l)"
+
+# Estimate costs based on usage
+echo "Estimated monthly cost: $0 (free tier)"
+```
+
+This FAQ covers the most common questions about deploying and managing the Knowledge Assistant RAG application. For more specific issues, refer to the detailed troubleshooting guide or platform-specific documentation.

FLY_DEPLOYMENT.md

@@ -0,0 +1,642 @@
+# Fly.io Deployment Guide
+
+This guide provides comprehensive instructions for deploying the Knowledge Assistant RAG application to Fly.io, a platform that offers generous free tier resources and excellent Docker support.
+
+## Fly.io Resource Limits (Free Tier)
+
+- **Memory**: 256MB RAM per app (shared across all machines)
+- **Storage**: 1GB persistent storage per app
+- **Bandwidth**: Unlimited
+- **Machines**: Up to 3 shared-cpu-1x machines
+- **Regions**: Deploy globally in multiple regions
+- **Custom Domains**: Supported with automatic HTTPS
+
+## Prerequisites
+
+### Required Tools
+- [Fly CLI (flyctl)](https://fly.io/docs/getting-started/installing-flyctl/)
+- [Docker](https://docs.docker.com/get-docker/)
+- [Git](https://git-scm.com/downloads)
+
+### Fly.io Account Setup
+1. Sign up at [fly.io](https://fly.io)
+2. Install and authenticate Fly CLI:
+   ```bash
+   # Install flyctl
+   curl -L https://fly.io/install.sh | sh
+   
+   # Add to PATH (add to your shell profile)
+   export PATH="$HOME/.fly/bin:$PATH"
+   
+   # Authenticate
+   flyctl auth login
+   ```
+
+### API Keys Required
+- **Google Gemini API Key**: Get from [Google AI Studio](https://makersuite.google.com/app/apikey)
+
+## Deployment Strategies
+
+### Strategy 1: Single App Deployment (Recommended)
+
+Deploy backend and frontend as a single Fly.io app with internal routing.
+
+#### Step 1: Prepare Application
+
+1. Clone the repository:
+   ```bash
+   git clone <your-repo-url>
+   cd Knowledge_Assistant_RAG
+   ```
+
+2. Create Fly.io configuration:
+   ```bash
+   flyctl launch --no-deploy
+   ```
+
+3. This creates a `fly.toml` file. Replace it with our optimized configuration:
+   ```toml
+   app = "knowledge-assistant-rag"
+   primary_region = "ord"
+   
+   [build]
+     dockerfile = "Dockerfile.fly"
+   
+   [env]
+     PORT = "8080"
+     DATABASE_URL = "sqlite+aiosqlite:///./data/knowledge_assistant.db"
+     QDRANT_HOST = "localhost"
+     QDRANT_PORT = "6333"
+     USER_REGISTRATION_ENABLED = "true"
+   
+   [http_service]
+     internal_port = 8080
+     force_https = true
+     auto_stop_machines = true
+     auto_start_machines = true
+     min_machines_running = 0
+     processes = ["app"]
+   
+   [[http_service.checks]]
+     grace_period = "10s"
+     interval = "30s"
+     method = "GET"
+     timeout = "5s"
+     path = "/health"
+   
+   [mounts]
+     source = "knowledge_data"
+     destination = "/app/data"
+   
+   [[vm]]
+     memory = "256mb"
+     cpu_kind = "shared"
+     cpus = 1
+   ```
+
+#### Step 2: Create Optimized Dockerfile
+
+Create `Dockerfile.fly` for single-app deployment:
+```dockerfile
+# Multi-stage build for optimized production image
+FROM node:18-alpine AS frontend-builder
+
+WORKDIR /app/frontend
+COPY rag-quest-hub/package*.json ./
+RUN npm ci --only=production
+
+COPY rag-quest-hub/ ./
+RUN npm run build
+
+FROM python:3.11-alpine AS backend-builder
+
+WORKDIR /app
+RUN apk add --no-cache gcc musl-dev libffi-dev
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+FROM python:3.11-alpine AS qdrant
+
+RUN apk add --no-cache curl
+RUN curl -L https://github.com/qdrant/qdrant/releases/latest/download/qdrant-x86_64-unknown-linux-musl.tar.gz | tar xz
+RUN mv qdrant /usr/local/bin/
+
+FROM python:3.11-alpine AS production
+
+# Install runtime dependencies
+RUN apk add --no-cache nginx supervisor curl
+
+# Copy Python dependencies
+COPY --from=backend-builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=backend-builder /usr/local/bin /usr/local/bin
+
+# Copy Qdrant binary
+COPY --from=qdrant /usr/local/bin/qdrant /usr/local/bin/
+
+# Copy application code
+WORKDIR /app
+COPY src/ ./src/
+COPY alembic/ ./alembic/
+COPY alembic.ini ./
+
+# Copy frontend build
+COPY --from=frontend-builder /app/frontend/dist ./static/
+
+# Create nginx configuration
+RUN mkdir -p /etc/nginx/conf.d
+COPY <<EOF /etc/nginx/conf.d/default.conf
+server {
+    listen 8080;
+    server_name _;
+    
+    # Serve static frontend files
+    location / {
+        root /app/static;
+        try_files \$uri \$uri/ /index.html;
+    }
+    
+    # Proxy API requests to backend
+    location /api/ {
+        proxy_pass http://localhost:8000/;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+    
+    # Health check endpoint
+    location /health {
+        proxy_pass http://localhost:8000/health;
+    }
+}
+EOF
+
+# Create supervisor configuration
+COPY <<EOF /etc/supervisor/conf.d/supervisord.conf
+[supervisord]
+nodaemon=true
+user=root
+
+[program:qdrant]
+command=/usr/local/bin/qdrant --config-path /app/qdrant-config.yaml
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:backend]
+command=python -m uvicorn src.main:app --host 0.0.0.0 --port 8000
+directory=/app
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:nginx]
+command=nginx -g "daemon off;"
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+EOF
+
+# Create Qdrant configuration
+COPY <<EOF /app/qdrant-config.yaml
+service:
+  http_port: 6333
+  grpc_port: 6334
+  host: 0.0.0.0
+
+storage:
+  storage_path: /app/data/qdrant
+
+cluster:
+  enabled: false
+EOF
+
+# Create data directory
+RUN mkdir -p /app/data/qdrant
+
+EXPOSE 8080
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+```
+
+#### Step 3: Create Persistent Volume
+
+```bash
+# Create volume for data persistence
+flyctl volumes create knowledge_data --region ord --size 1
+```
+
+#### Step 4: Set Secrets
+
+```bash
+# Set required secrets
+flyctl secrets set JWT_SECRET=$(openssl rand -base64 32)
+flyctl secrets set GEMINI_API_KEY=your-gemini-api-key-here
+
+# Optional: Set CORS origins for production
+flyctl secrets set CORS_ORIGINS=https://your-app.fly.dev
+```
+
+#### Step 5: Deploy
+
+```bash
+# Deploy the application
+flyctl deploy
+
+# Check deployment status
+flyctl status
+
+# View logs
+flyctl logs
+```
+
+### Strategy 2: Multi-App Deployment
+
+Deploy each service as separate Fly.io apps for better resource isolation.
+
+⚠️ **Note**: This approach uses more resources and may exceed free tier limits.
+
+#### Backend App
+
+1. Create backend app:
+   ```bash
+   mkdir fly-backend && cd fly-backend
+   flyctl launch --name knowledge-assistant-backend --no-deploy
+   ```
+
+2. Configure `fly.toml`:
+   ```toml
+   app = "knowledge-assistant-backend"
+   primary_region = "ord"
+   
+   [build]
+     dockerfile = "../Dockerfile"
+   
+   [env]
+     DATABASE_URL = "sqlite+aiosqlite:///./data/knowledge_assistant.db"
+     QDRANT_HOST = "knowledge-assistant-qdrant.internal"
+     QDRANT_PORT = "6333"
+   
+   [http_service]
+     internal_port = 8000
+     force_https = true
+     auto_stop_machines = true
+     auto_start_machines = true
+     min_machines_running = 0
+   
+   [mounts]
+     source = "backend_data"
+     destination = "/app/data"
+   
+   [[vm]]
+     memory = "128mb"
+     cpu_kind = "shared"
+     cpus = 1
+   ```
+
+#### Qdrant App
+
+1. Create Qdrant app:
+   ```bash
+   mkdir fly-qdrant && cd fly-qdrant
+   flyctl launch --name knowledge-assistant-qdrant --no-deploy
+   ```
+
+2. Configure `fly.toml`:
+   ```toml
+   app = "knowledge-assistant-qdrant"
+   primary_region = "ord"
+   
+   [build]
+     image = "qdrant/qdrant:latest"
+   
+   [env]
+     QDRANT__SERVICE__HTTP_PORT = "6333"
+     QDRANT__SERVICE__GRPC_PORT = "6334"
+   
+   [http_service]
+     internal_port = 6333
+     auto_stop_machines = false
+     auto_start_machines = true
+     min_machines_running = 1
+   
+   [mounts]
+     source = "qdrant_data"
+     destination = "/qdrant/storage"
+   
+   [[vm]]
+     memory = "64mb"
+     cpu_kind = "shared"
+     cpus = 1
+   ```
+
+#### Frontend App
+
+1. Create frontend app:
+   ```bash
+   mkdir fly-frontend && cd fly-frontend
+   flyctl launch --name knowledge-assistant-frontend --no-deploy
+   ```
+
+2. Configure `fly.toml`:
+   ```toml
+   app = "knowledge-assistant-frontend"
+   primary_region = "ord"
+   
+   [build]
+     dockerfile = "../rag-quest-hub/Dockerfile"
+   
+   [env]
+     VITE_API_BASE_URL = "https://knowledge-assistant-backend.fly.dev"
+   
+   [http_service]
+     internal_port = 80
+     force_https = true
+     auto_stop_machines = true
+     auto_start_machines = true
+     min_machines_running = 0
+   
+   [[vm]]
+     memory = "64mb"
+     cpu_kind = "shared"
+     cpus = 1
+   ```
+
+## Database Configuration
+
+### SQLite (Default)
+- Uses persistent volumes for data storage
+- Suitable for single-instance deployments
+- Automatic backups with volume snapshots
+
+### PostgreSQL (Optional)
+```bash
+# Add PostgreSQL to your app
+flyctl postgres create --name knowledge-assistant-db
+
+# Attach to your app
+flyctl postgres attach knowledge-assistant-db
+
+# Update environment variable
+flyctl secrets set DATABASE_URL=postgresql://...
+```
+
+## External Service Alternatives
+
+### Qdrant Cloud
+For better resource utilization:
+```bash
+flyctl secrets set QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+flyctl secrets set QDRANT_API_KEY=your-api-key
+```
+
+### Google Gemini API
+Already configured by default:
+```bash
+flyctl secrets set GEMINI_API_KEY=your-gemini-api-key
+```
+
+## Monitoring and Maintenance
+
+### Health Checks
+```bash
+# Check app status
+flyctl status
+
+# View logs
+flyctl logs
+
+# Monitor metrics
+flyctl metrics
+```
+
+### Scaling
+```bash
+# Scale machines
+flyctl scale count 2
+
+# Scale memory
+flyctl scale memory 512
+
+# Scale to zero (cost optimization)
+flyctl scale count 0
+```
+
+### Updates
+```bash
+# Deploy updates
+flyctl deploy
+
+# Rollback if needed
+flyctl releases rollback
+```
+
+## Cost Optimization
+
+### Free Tier Management
+- Use single-app deployment to stay within limits
+- Enable auto-stop for cost savings
+- Monitor resource usage in dashboard
+
+### Resource Optimization
+- Use Alpine Linux base images
+- Minimize memory allocation
+- Enable machine auto-stop/start
+
+## Troubleshooting
+
+### Common Issues
+
+#### 1. Memory Limit Exceeded
+```bash
+# Check memory usage
+flyctl metrics
+
+# Solutions:
+# - Reduce memory allocation in fly.toml
+# - Use external services (Qdrant Cloud)
+# - Optimize Docker images
+```
+
+#### 2. Volume Mount Issues
+```bash
+# Check volumes
+flyctl volumes list
+
+# Create volume if missing
+flyctl volumes create knowledge_data --size 1
+```
+
+#### 3. Service Communication
+```bash
+# Check internal DNS
+flyctl ssh console
+nslookup knowledge-assistant-qdrant.internal
+
+# Update service URLs in configuration
+```
+
+#### 4. Build Failures
+```bash
+# Check build logs
+flyctl logs --app knowledge-assistant-rag
+
+# Common fixes:
+# - Verify Dockerfile syntax
+# - Check base image availability
+# - Ensure all files are included
+```
+
+### Debug Commands
+```bash
+# SSH into machine
+flyctl ssh console
+
+# Check running processes
+flyctl ssh console -C "ps aux"
+
+# View configuration
+flyctl config show
+
+# Check machine status
+flyctl machine list
+```
+
+## Security Considerations
+
+### Secrets Management
+- Use `flyctl secrets` for sensitive data
+- Never commit secrets to version control
+- Rotate secrets regularly
+
+### Network Security
+- Internal services use `.internal` domains
+- HTTPS enforced by default
+- Private networking between apps
+
+### Access Control
+- Use Fly.io organizations for team access
+- Implement proper authentication in application
+- Monitor access logs
+
+## Backup and Recovery
+
+### Volume Snapshots
+```bash
+# Create snapshot
+flyctl volumes snapshots create knowledge_data
+
+# List snapshots
+flyctl volumes snapshots list knowledge_data
+
+# Restore from snapshot
+flyctl volumes create knowledge_data_restore --snapshot-id snap_xxx
+```
+
+### Database Backups
+```bash
+# For SQLite
+flyctl ssh console -C "sqlite3 /app/data/knowledge_assistant.db .dump" > backup.sql
+
+# For PostgreSQL
+flyctl postgres db dump knowledge-assistant-db > backup.sql
+```
+
+## Performance Optimization
+
+### Cold Start Optimization
+- Keep minimum machines running for critical services
+- Use smaller base images
+- Optimize application startup time
+
+### Regional Deployment
+```bash
+# Deploy to multiple regions
+flyctl regions add lax sea
+
+# Check current regions
+flyctl regions list
+```
+
+### Caching
+- Enable HTTP caching for static assets
+- Use Redis for application caching (if needed)
+- Implement proper cache headers
+
+## Migration from Other Platforms
+
+### From Railway
+1. Export environment variables
+2. Create Fly.io apps with similar configuration
+3. Migrate data using volume snapshots
+4. Update DNS records
+
+### From Docker Compose
+1. Convert docker-compose.yml to fly.toml
+2. Create separate apps for each service
+3. Configure internal networking
+4. Deploy and test
+
+## Support and Resources
+
+### Getting Help
+- [Fly.io Documentation](https://fly.io/docs/)
+- [Fly.io Community Forum](https://community.fly.io/)
+- [Fly.io Discord](https://discord.gg/fly)
+
+### Useful Commands
+```bash
+# Get help
+flyctl help
+
+# Check account status
+flyctl auth whoami
+
+# View billing
+flyctl billing
+
+# Monitor apps
+flyctl apps list
+```
+
+## Architecture Diagram
+
+### Single App Deployment
+```
+┌─────────────────────────────────────┐
+│         Fly.io Machine              │
+│  ┌─────────────┐ ┌─────────────┐    │
+│  │   nginx     │ │  Backend    │    │
+│  │ (Port 8080) │ │ (Port 8000) │    │
+│  └─────────────┘ └─────────────┘    │
+│  ┌─────────────┐ ┌─────────────┐    │
+│  │   Qdrant    │ │   SQLite    │    │
+│  │ (Port 6333) │ │   Database  │    │
+│  └─────────────┘ └─────────────┘    │
+│                                     │
+│  Volume: /app/data (1GB)            │
+└─────────────────────────────────────┘
+```
+
+### Multi-App Deployment
+```
+┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
+│   Frontend      │    │    Backend      │    │    Qdrant       │
+│   (Fly App)     │────│   (Fly App)     │────│   (Fly App)     │
+│                 │    │                 │    │                 │
+│ React + nginx   │    │ FastAPI + DB    │    │ Vector Database │
+│   (64MB RAM)    │    │   (128MB RAM)   ���    │   (64MB RAM)    │
+└─────────────────┘    └─────────────────┘    └─────────────────┘
+```
+
+This deployment provides a cost-effective, scalable solution for running the Knowledge Assistant RAG application on Fly.io's free tier with excellent global performance.

PERFORMANCE_OPTIMIZATION.md

@@ -0,0 +1,1295 @@
+# Performance Optimization and Scaling Guidelines
+
+This guide provides comprehensive strategies for optimizing performance and scaling the Knowledge Assistant RAG application across different deployment platforms and usage scenarios.
+
+## Table of Contents
+
+1. [Performance Monitoring](#performance-monitoring)
+2. [Container Optimization](#container-optimization)
+3. [Database Performance](#database-performance)
+4. [API Optimization](#api-optimization)
+5. [Frontend Performance](#frontend-performance)
+6. [Vector Database Optimization](#vector-database-optimization)
+7. [LLM Service Optimization](#llm-service-optimization)
+8. [Scaling Strategies](#scaling-strategies)
+9. [Platform-Specific Optimizations](#platform-specific-optimizations)
+10. [Cost Optimization](#cost-optimization)
+
+## Performance Monitoring
+
+### Key Performance Indicators (KPIs)
+
+#### Application Metrics
+```bash
+# Response Time Targets
+- API Response Time: < 200ms (95th percentile)
+- Document Upload: < 5s for 10MB files
+- Query Processing: < 2s for complex queries
+- Vector Search: < 100ms for similarity search
+
+# Throughput Targets
+- Concurrent Users: 100+ simultaneous users
+- Requests per Second: 1000+ RPS
+- Document Processing: 10+ documents/minute
+```
+
+#### Resource Metrics
+```bash
+# Memory Usage
+- Backend: < 256MB baseline, < 512MB peak
+- Frontend: < 64MB
+- Qdrant: < 128MB for 10k documents
+
+# CPU Usage
+- Backend: < 50% average, < 80% peak
+- Database: < 30% average
+- Vector Operations: < 70% during indexing
+```
+
+### Monitoring Implementation
+
+#### Application Performance Monitoring (APM)
+```python
+# Add to src/core/monitoring.py
+import time
+import psutil
+from functools import wraps
+from typing import Dict, Any
+import logging
+
+logger = logging.getLogger(__name__)
+
+class PerformanceMonitor:
+    def __init__(self):
+        self.metrics = {}
+    
+    def track_request_time(self, endpoint: str):
+        def decorator(func):
+            @wraps(func)
+            async def wrapper(*args, **kwargs):
+                start_time = time.time()
+                try:
+                    result = await func(*args, **kwargs)
+                    duration = time.time() - start_time
+                    self.record_metric(f"{endpoint}_duration", duration)
+                    return result
+                except Exception as e:
+                    duration = time.time() - start_time
+                    self.record_metric(f"{endpoint}_error_duration", duration)
+                    raise
+            return wrapper
+        return decorator
+    
+    def record_metric(self, name: str, value: float):
+        if name not in self.metrics:
+            self.metrics[name] = []
+        self.metrics[name].append({
+            'value': value,
+            'timestamp': time.time()
+        })
+        
+        # Keep only last 1000 measurements
+        if len(self.metrics[name]) > 1000:
+            self.metrics[name] = self.metrics[name][-1000:]
+    
+    def get_system_metrics(self) -> Dict[str, Any]:
+        return {
+            'cpu_percent': psutil.cpu_percent(),
+            'memory_percent': psutil.virtual_memory().percent,
+            'disk_usage': psutil.disk_usage('/').percent,
+            'network_io': psutil.net_io_counters()._asdict()
+        }
+
+# Usage in FastAPI
+from fastapi import FastAPI
+from src.core.monitoring import PerformanceMonitor
+
+app = FastAPI()
+monitor = PerformanceMonitor()
+
+@app.get("/health")
+@monitor.track_request_time("health_check")
+async def health_check():
+    return {
+        "status": "healthy",
+        "metrics": monitor.get_system_metrics()
+    }
+```
+
+#### Health Check Endpoints
+```python
+# Enhanced health check with performance metrics
+@app.get("/health/detailed")
+async def detailed_health_check():
+    start_time = time.time()
+    
+    # Test database connection
+    db_start = time.time()
+    try:
+        await test_database_connection()
+        db_time = time.time() - db_start
+        db_status = "healthy"
+    except Exception as e:
+        db_time = time.time() - db_start
+        db_status = f"unhealthy: {str(e)}"
+    
+    # Test Qdrant connection
+    qdrant_start = time.time()
+    try:
+        await test_qdrant_connection()
+        qdrant_time = time.time() - qdrant_start
+        qdrant_status = "healthy"
+    except Exception as e:
+        qdrant_time = time.time() - qdrant_start
+        qdrant_status = f"unhealthy: {str(e)}"
+    
+    total_time = time.time() - start_time
+    
+    return {
+        "status": "healthy" if db_status == "healthy" and qdrant_status == "healthy" else "degraded",
+        "checks": {
+            "database": {"status": db_status, "response_time": db_time},
+            "qdrant": {"status": qdrant_status, "response_time": qdrant_time}
+        },
+        "metrics": monitor.get_system_metrics(),
+        "total_response_time": total_time
+    }
+```
+
+## Container Optimization
+
+### Multi-Stage Docker Builds
+
+#### Optimized Backend Dockerfile
+```dockerfile
+# Build stage
+FROM python:3.11-slim as builder
+
+WORKDIR /app
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y \
+    gcc \
+    g++ \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Python dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir --user -r requirements.txt
+
+# Production stage
+FROM python:3.11-slim
+
+# Install runtime dependencies only
+RUN apt-get update && apt-get install -y \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy Python packages from builder
+COPY --from=builder /root/.local /root/.local
+
+# Copy application code
+WORKDIR /app
+COPY src/ ./src/
+COPY alembic/ ./alembic/
+COPY alembic.ini ./
+
+# Create non-root user
+RUN useradd --create-home --shell /bin/bash app
+RUN chown -R app:app /app
+USER app
+
+# Make sure scripts in .local are usable
+ENV PATH=/root/.local/bin:$PATH
+
+EXPOSE 8000
+
+CMD ["python", "-m", "uvicorn", "src.main:app", "--host", "0.0.0.0", "--port", "8000"]
+```
+
+#### Optimized Frontend Dockerfile
+```dockerfile
+# Build stage
+FROM node:18-alpine as builder
+
+WORKDIR /app
+
+# Copy package files
+COPY package*.json ./
+RUN npm ci --only=production
+
+# Copy source and build
+COPY . .
+RUN npm run build
+
+# Production stage
+FROM nginx:alpine
+
+# Copy built assets
+COPY --from=builder /app/dist /usr/share/nginx/html
+
+# Copy optimized nginx configuration
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Add health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD curl -f http://localhost/ || exit 1
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
+```
+
+### Image Size Optimization
+
+#### Before and After Comparison
+```bash
+# Before optimization
+REPOSITORY                    TAG       SIZE
+knowledge-assistant-backend   latest    7.84GB
+knowledge-assistant-frontend  latest    579MB
+
+# After optimization
+REPOSITORY                    TAG       SIZE
+knowledge-assistant-backend   latest    156MB  # 98% reduction
+knowledge-assistant-frontend  latest    23MB   # 96% reduction
+```
+
+#### Optimization Techniques
+```dockerfile
+# Use Alpine Linux base images
+FROM python:3.11-alpine instead of python:3.11
+
+# Multi-stage builds to exclude build dependencies
+FROM node:18-alpine as builder
+# ... build steps ...
+FROM nginx:alpine as production
+
+# Minimize layers and combine RUN commands
+RUN apk add --no-cache curl \
+    && pip install --no-cache-dir -r requirements.txt \
+    && rm -rf /var/cache/apk/*
+
+# Use .dockerignore to exclude unnecessary files
+echo "node_modules" >> .dockerignore
+echo ".git" >> .dockerignore
+echo "*.md" >> .dockerignore
+echo "tests/" >> .dockerignore
+```
+
+## Database Performance
+
+### SQLite Optimization
+
+#### Configuration Tuning
+```python
+# src/core/database.py
+from sqlalchemy import create_engine
+from sqlalchemy.pool import StaticPool
+
+# Optimized SQLite configuration
+DATABASE_CONFIG = {
+    "pool_pre_ping": True,
+    "pool_recycle": 300,
+    "poolclass": StaticPool,
+    "connect_args": {
+        "check_same_thread": False,
+        "timeout": 20,
+        "isolation_level": None,
+    },
+    "echo": False,  # Disable SQL logging in production
+}
+
+# SQLite PRAGMA optimizations
+async def optimize_sqlite_connection(connection):
+    await connection.execute("PRAGMA journal_mode=WAL")
+    await connection.execute("PRAGMA synchronous=NORMAL")
+    await connection.execute("PRAGMA cache_size=10000")
+    await connection.execute("PRAGMA temp_store=MEMORY")
+    await connection.execute("PRAGMA mmap_size=268435456")  # 256MB
+```
+
+#### Indexing Strategy
+```sql
+-- Create indexes for common queries
+CREATE INDEX IF NOT EXISTS idx_documents_user_id ON documents(user_id);
+CREATE INDEX IF NOT EXISTS idx_documents_created_at ON documents(created_at);
+CREATE INDEX IF NOT EXISTS idx_documents_title ON documents(title);
+
+-- Composite indexes for complex queries
+CREATE INDEX IF NOT EXISTS idx_documents_user_created ON documents(user_id, created_at);
+
+-- Full-text search index
+CREATE VIRTUAL TABLE IF NOT EXISTS documents_fts USING fts5(
+    title, content, content=documents, content_rowid=id
+);
+```
+
+### PostgreSQL Optimization
+
+#### Connection Pooling
+```python
+# Optimized PostgreSQL configuration
+DATABASE_CONFIG = {
+    "pool_size": 5,
+    "max_overflow": 10,
+    "pool_pre_ping": True,
+    "pool_recycle": 3600,
+    "echo": False,
+}
+
+# Connection pool monitoring
+from sqlalchemy import event
+from sqlalchemy.pool import Pool
+
+@event.listens_for(Pool, "connect")
+def set_postgresql_pragma(dbapi_connection, connection_record):
+    with dbapi_connection.cursor() as cursor:
+        # Optimize for read-heavy workloads
+        cursor.execute("SET default_transaction_isolation TO 'read committed'")
+        cursor.execute("SET statement_timeout TO '30s'")
+        cursor.execute("SET lock_timeout TO '10s'")
+```
+
+#### Query Optimization
+```python
+# Use database-specific optimizations
+from sqlalchemy import text
+
+# Efficient pagination
+async def get_documents_paginated(db, user_id: int, offset: int, limit: int):
+    query = text("""
+        SELECT id, title, content, created_at
+        FROM documents 
+        WHERE user_id = :user_id
+        ORDER BY created_at DESC
+        LIMIT :limit OFFSET :offset
+    """)
+    
+    result = await db.execute(query, {
+        "user_id": user_id,
+        "limit": limit,
+        "offset": offset
+    })
+    return result.fetchall()
+
+# Use EXPLAIN ANALYZE to optimize queries
+async def analyze_query_performance(db, query: str):
+    explain_query = f"EXPLAIN ANALYZE {query}"
+    result = await db.execute(text(explain_query))
+    return result.fetchall()
+```
+
+## API Optimization
+
+### Response Caching
+
+#### In-Memory Caching
+```python
+from functools import lru_cache
+from typing import Optional
+import hashlib
+import json
+
+class QueryCache:
+    def __init__(self, max_size: int = 1000):
+        self.cache = {}
+        self.max_size = max_size
+    
+    def _generate_key(self, query: str, filters: dict) -> str:
+        cache_data = {"query": query, "filters": filters}
+        return hashlib.md5(json.dumps(cache_data, sort_keys=True).encode()).hexdigest()
+    
+    def get(self, query: str, filters: dict) -> Optional[dict]:
+        key = self._generate_key(query, filters)
+        return self.cache.get(key)
+    
+    def set(self, query: str, filters: dict, result: dict, ttl: int = 300):
+        if len(self.cache) >= self.max_size:
+            # Remove oldest entry
+            oldest_key = next(iter(self.cache))
+            del self.cache[oldest_key]
+        
+        key = self._generate_key(query, filters)
+        self.cache[key] = {
+            "result": result,
+            "expires_at": time.time() + ttl
+        }
+    
+    def is_expired(self, entry: dict) -> bool:
+        return time.time() > entry["expires_at"]
+
+# Usage in API endpoints
+query_cache = QueryCache()
+
+@app.post("/query")
+async def query_documents(request: QueryRequest):
+    # Check cache first
+    cached_result = query_cache.get(request.query, request.filters)
+    if cached_result and not query_cache.is_expired(cached_result):
+        return cached_result["result"]
+    
+    # Process query
+    result = await process_query(request.query, request.filters)
+    
+    # Cache result
+    query_cache.set(request.query, request.filters, result)
+    
+    return result
+```
+
+#### Redis Caching (Optional)
+```python
+import redis
+import json
+from typing import Optional
+
+class RedisCache:
+    def __init__(self, redis_url: str = "redis://localhost:6379"):
+        self.redis_client = redis.from_url(redis_url)
+    
+    async def get(self, key: str) -> Optional[dict]:
+        try:
+            cached_data = self.redis_client.get(key)
+            if cached_data:
+                return json.loads(cached_data)
+        except Exception as e:
+            logger.warning(f"Redis get error: {e}")
+        return None
+    
+    async def set(self, key: str, value: dict, ttl: int = 300):
+        try:
+            self.redis_client.setex(key, ttl, json.dumps(value))
+        except Exception as e:
+            logger.warning(f"Redis set error: {e}")
+```
+
+### Request Optimization
+
+#### Async Processing
+```python
+import asyncio
+from concurrent.futures import ThreadPoolExecutor
+
+# Process multiple documents concurrently
+async def process_documents_batch(documents: List[str]) -> List[dict]:
+    semaphore = asyncio.Semaphore(5)  # Limit concurrent processing
+    
+    async def process_single_document(doc: str) -> dict:
+        async with semaphore:
+            return await process_document(doc)
+    
+    tasks = [process_single_document(doc) for doc in documents]
+    results = await asyncio.gather(*tasks, return_exceptions=True)
+    
+    # Filter out exceptions
+    return [result for result in results if not isinstance(result, Exception)]
+
+# Background task processing
+from fastapi import BackgroundTasks
+
+@app.post("/upload-batch")
+async def upload_documents_batch(
+    files: List[UploadFile],
+    background_tasks: BackgroundTasks
+):
+    # Return immediately with task ID
+    task_id = generate_task_id()
+    
+    # Process in background
+    background_tasks.add_task(process_documents_batch, files, task_id)
+    
+    return {"task_id": task_id, "status": "processing"}
+```
+
+#### Request Validation and Sanitization
+```python
+from pydantic import BaseModel, validator
+from typing import Optional, List
+
+class QueryRequest(BaseModel):
+    query: str
+    limit: Optional[int] = 10
+    filters: Optional[dict] = {}
+    
+    @validator('query')
+    def validate_query(cls, v):
+        if len(v.strip()) < 3:
+            raise ValueError('Query must be at least 3 characters long')
+        if len(v) > 1000:
+            raise ValueError('Query too long (max 1000 characters)')
+        return v.strip()
+    
+    @validator('limit')
+    def validate_limit(cls, v):
+        if v is not None and (v < 1 or v > 100):
+            raise ValueError('Limit must be between 1 and 100')
+        return v
+```
+
+## Frontend Performance
+
+### Bundle Optimization
+
+#### Vite Configuration
+```typescript
+// vite.config.ts
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+import { visualizer } from 'rollup-plugin-visualizer'
+
+export default defineConfig({
+  plugins: [
+    react(),
+    visualizer({
+      filename: 'dist/stats.html',
+      open: true,
+      gzipSize: true,
+      brotliSize: true,
+    })
+  ],
+  build: {
+    rollupOptions: {
+      output: {
+        manualChunks: {
+          vendor: ['react', 'react-dom'],
+          ui: ['@radix-ui/react-dialog', '@radix-ui/react-dropdown-menu'],
+          utils: ['date-fns', 'clsx', 'tailwind-merge']
+        }
+      }
+    },
+    chunkSizeWarningLimit: 1000,
+    minify: 'terser',
+    terserOptions: {
+      compress: {
+        drop_console: true,
+        drop_debugger: true
+      }
+    }
+  },
+  server: {
+    port: 3000,
+    host: true
+  }
+})
+```
+
+#### Code Splitting
+```typescript
+// Lazy load components
+import { lazy, Suspense } from 'react'
+
+const Dashboard = lazy(() => import('./pages/Dashboard'))
+const DocumentUpload = lazy(() => import('./components/DocumentUpload'))
+const ChatInterface = lazy(() => import('./components/ChatInterface'))
+
+function App() {
+  return (
+    <Suspense fallback={<div>Loading...</div>}>
+      <Routes>
+        <Route path="/dashboard" element={<Dashboard />} />
+        <Route path="/upload" element={<DocumentUpload />} />
+        <Route path="/chat" element={<ChatInterface />} />
+      </Routes>
+    </Suspense>
+  )
+}
+```
+
+### React Performance Optimization
+
+#### Memoization
+```typescript
+import { memo, useMemo, useCallback } from 'react'
+
+// Memoize expensive components
+const DocumentList = memo(({ documents, onSelect }) => {
+  const sortedDocuments = useMemo(() => {
+    return documents.sort((a, b) => 
+      new Date(b.created_at).getTime() - new Date(a.created_at).getTime()
+    )
+  }, [documents])
+
+  const handleSelect = useCallback((doc) => {
+    onSelect(doc.id)
+  }, [onSelect])
+
+  return (
+    <div>
+      {sortedDocuments.map(doc => (
+        <DocumentItem 
+          key={doc.id} 
+          document={doc} 
+          onSelect={handleSelect}
+        />
+      ))}
+    </div>
+  )
+})
+
+// Optimize re-renders with React.memo
+const DocumentItem = memo(({ document, onSelect }) => {
+  return (
+    <div onClick={() => onSelect(document)}>
+      {document.title}
+    </div>
+  )
+})
+```
+
+#### Virtual Scrolling
+```typescript
+import { FixedSizeList as List } from 'react-window'
+
+const VirtualizedDocumentList = ({ documents }) => {
+  const Row = ({ index, style }) => (
+    <div style={style}>
+      <DocumentItem document={documents[index]} />
+    </div>
+  )
+
+  return (
+    <List
+      height={600}
+      itemCount={documents.length}
+      itemSize={80}
+      width="100%"
+    >
+      {Row}
+    </List>
+  )
+}
+```
+
+### API Client Optimization
+
+#### Request Deduplication
+```typescript
+class APIClient {
+  private pendingRequests = new Map<string, Promise<any>>()
+
+  async request(url: string, options: RequestInit = {}) {
+    const key = `${options.method || 'GET'}:${url}:${JSON.stringify(options.body)}`
+    
+    if (this.pendingRequests.has(key)) {
+      return this.pendingRequests.get(key)
+    }
+
+    const promise = fetch(url, options)
+      .then(response => response.json())
+      .finally(() => {
+        this.pendingRequests.delete(key)
+      })
+
+    this.pendingRequests.set(key, promise)
+    return promise
+  }
+}
+```
+
+#### Request Batching
+```typescript
+class BatchedAPIClient {
+  private batchQueue: Array<{
+    query: string
+    resolve: (result: any) => void
+    reject: (error: any) => void
+  }> = []
+  private batchTimeout: NodeJS.Timeout | null = null
+
+  async query(query: string): Promise<any> {
+    return new Promise((resolve, reject) => {
+      this.batchQueue.push({ query, resolve, reject })
+      
+      if (this.batchTimeout) {
+        clearTimeout(this.batchTimeout)
+      }
+      
+      this.batchTimeout = setTimeout(() => {
+        this.processBatch()
+      }, 50) // Batch requests for 50ms
+    })
+  }
+
+  private async processBatch() {
+    if (this.batchQueue.length === 0) return
+
+    const batch = [...this.batchQueue]
+    this.batchQueue = []
+    this.batchTimeout = null
+
+    try {
+      const queries = batch.map(item => item.query)
+      const results = await this.sendBatchRequest(queries)
+      
+      batch.forEach((item, index) => {
+        item.resolve(results[index])
+      })
+    } catch (error) {
+      batch.forEach(item => {
+        item.reject(error)
+      })
+    }
+  }
+}
+```
+
+## Vector Database Optimization
+
+### Qdrant Performance Tuning
+
+#### Configuration Optimization
+```yaml
+# qdrant-config.yaml
+service:
+  http_port: 6333
+  grpc_port: 6334
+  host: 0.0.0.0
+
+storage:
+  storage_path: /qdrant/storage
+  snapshots_path: /qdrant/snapshots
+  
+  # Performance optimizations
+  wal_capacity_mb: 32
+  wal_segments_ahead: 0
+  
+  # Memory optimization
+  memmap_threshold_kb: 65536
+  indexing_threshold_kb: 20000
+
+cluster:
+  enabled: false
+
+# Collection configuration for optimal performance
+collection_config:
+  vectors:
+    size: 1536  # For OpenAI embeddings
+    distance: Cosine
+  
+  # Optimize for search performance
+  hnsw_config:
+    m: 16
+    ef_construct: 100
+    full_scan_threshold: 10000
+  
+  # Optimize for memory usage
+  quantization_config:
+    scalar:
+      type: int8
+      quantile: 0.99
+      always_ram: true
+```
+
+#### Indexing Strategy
+```python
+from qdrant_client import QdrantClient
+from qdrant_client.models import Distance, VectorParams, OptimizersConfig
+
+async def create_optimized_collection(client: QdrantClient, collection_name: str):
+    await client.create_collection(
+        collection_name=collection_name,
+        vectors_config=VectorParams(
+            size=1536,
+            distance=Distance.COSINE
+        ),
+        optimizers_config=OptimizersConfig(
+            deleted_threshold=0.2,
+            vacuum_min_vector_number=1000,
+            default_segment_number=0,
+            max_segment_size_kb=None,
+            memmap_threshold_kb=None,
+            indexing_threshold_kb=20000,
+            flush_interval_sec=5,
+            max_optimization_threads=1
+        ),
+        hnsw_config={
+            "m": 16,
+            "ef_construct": 100,
+            "full_scan_threshold": 10000,
+            "max_indexing_threads": 0,
+            "on_disk": False
+        }
+    )
+```
+
+#### Batch Operations
+```python
+async def batch_upsert_vectors(
+    client: QdrantClient,
+    collection_name: str,
+    vectors: List[dict],
+    batch_size: int = 100
+):
+    """Efficiently upsert vectors in batches"""
+    for i in range(0, len(vectors), batch_size):
+        batch = vectors[i:i + batch_size]
+        
+        points = [
+            {
+                "id": vector["id"],
+                "vector": vector["embedding"],
+                "payload": vector["metadata"]
+            }
+            for vector in batch
+        ]
+        
+        await client.upsert(
+            collection_name=collection_name,
+            points=points,
+            wait=False  # Don't wait for indexing
+        )
+    
+    # Wait for all operations to complete
+    await client.create_snapshot(collection_name)
+```
+
+### Embedding Optimization
+
+#### Caching Strategy
+```python
+import hashlib
+from typing import Dict, List, Optional
+
+class EmbeddingCache:
+    def __init__(self, max_size: int = 10000):
+        self.cache: Dict[str, List[float]] = {}
+        self.max_size = max_size
+    
+    def _get_cache_key(self, text: str) -> str:
+        return hashlib.md5(text.encode()).hexdigest()
+    
+    def get(self, text: str) -> Optional[List[float]]:
+        key = self._get_cache_key(text)
+        return self.cache.get(key)
+    
+    def set(self, text: str, embedding: List[float]):
+        if len(self.cache) >= self.max_size:
+            # Remove oldest entry (simple FIFO)
+            oldest_key = next(iter(self.cache))
+            del self.cache[oldest_key]
+        
+        key = self._get_cache_key(text)
+        self.cache[key] = embedding
+
+# Usage in embedding service
+embedding_cache = EmbeddingCache()
+
+async def get_embeddings_with_cache(texts: List[str]) -> List[List[float]]:
+    embeddings = []
+    texts_to_embed = []
+    cache_indices = []
+    
+    # Check cache first
+    for i, text in enumerate(texts):
+        cached_embedding = embedding_cache.get(text)
+        if cached_embedding:
+            embeddings.append(cached_embedding)
+        else:
+            embeddings.append(None)
+            texts_to_embed.append(text)
+            cache_indices.append(i)
+    
+    # Generate embeddings for uncached texts
+    if texts_to_embed:
+        new_embeddings = await generate_embeddings(texts_to_embed)
+        
+        # Update cache and results
+        for i, embedding in enumerate(new_embeddings):
+            cache_index = cache_indices[i]
+            embeddings[cache_index] = embedding
+            embedding_cache.set(texts_to_embed[i], embedding)
+    
+    return embeddings
+```
+
+## LLM Service Optimization
+
+### Google Gemini API Optimization
+
+#### Request Batching
+```python
+import asyncio
+from typing import List, Dict, Any
+
+class GeminiAPIOptimizer:
+    def __init__(self, api_key: str, max_concurrent: int = 5):
+        self.api_key = api_key
+        self.semaphore = asyncio.Semaphore(max_concurrent)
+        self.request_queue = []
+    
+    async def generate_response_batch(
+        self, 
+        prompts: List[str],
+        **kwargs
+    ) -> List[str]:
+        """Process multiple prompts concurrently with rate limiting"""
+        
+        async def process_single_prompt(prompt: str) -> str:
+            async with self.semaphore:
+                return await self.generate_response(prompt, **kwargs)
+        
+        tasks = [process_single_prompt(prompt) for prompt in prompts]
+        results = await asyncio.gather(*tasks, return_exceptions=True)
+        
+        # Handle exceptions
+        processed_results = []
+        for result in results:
+            if isinstance(result, Exception):
+                logger.error(f"Gemini API error: {result}")
+                processed_results.append("Error processing request")
+            else:
+                processed_results.append(result)
+        
+        return processed_results
+    
+    async def generate_response(self, prompt: str, **kwargs) -> str:
+        """Single request with retry logic"""
+        max_retries = 3
+        base_delay = 1
+        
+        for attempt in range(max_retries):
+            try:
+                response = await self._make_api_request(prompt, **kwargs)
+                return response
+            except Exception as e:
+                if attempt == max_retries - 1:
+                    raise
+                
+                delay = base_delay * (2 ** attempt)
+                await asyncio.sleep(delay)
+        
+        raise Exception("Max retries exceeded")
+```
+
+#### Response Caching
+```python
+class LLMResponseCache:
+    def __init__(self, ttl: int = 3600):  # 1 hour TTL
+        self.cache = {}
+        self.ttl = ttl
+    
+    def _get_cache_key(self, prompt: str, **kwargs) -> str:
+        cache_data = {"prompt": prompt, **kwargs}
+        return hashlib.md5(json.dumps(cache_data, sort_keys=True).encode()).hexdigest()
+    
+    def get(self, prompt: str, **kwargs) -> Optional[str]:
+        key = self._get_cache_key(prompt, **kwargs)
+        entry = self.cache.get(key)
+        
+        if entry and time.time() - entry["timestamp"] < self.ttl:
+            return entry["response"]
+        
+        # Remove expired entry
+        if entry:
+            del self.cache[key]
+        
+        return None
+    
+    def set(self, prompt: str, response: str, **kwargs):
+        key = self._get_cache_key(prompt, **kwargs)
+        self.cache[key] = {
+            "response": response,
+            "timestamp": time.time()
+        }
+```
+
+## Scaling Strategies
+
+### Horizontal Scaling
+
+#### Load Balancing Configuration
+```yaml
+# nginx.conf for load balancing
+upstream backend_servers {
+    least_conn;
+    server backend1:8000 weight=1 max_fails=3 fail_timeout=30s;
+    server backend2:8000 weight=1 max_fails=3 fail_timeout=30s;
+    server backend3:8000 weight=1 max_fails=3 fail_timeout=30s;
+}
+
+server {
+    listen 80;
+    
+    location /api/ {
+        proxy_pass http://backend_servers;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        
+        # Health check
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+        proxy_connect_timeout 5s;
+        proxy_send_timeout 10s;
+        proxy_read_timeout 30s;
+    }
+}
+```
+
+#### Database Scaling
+```python
+# Read/Write splitting for PostgreSQL
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker
+
+class DatabaseManager:
+    def __init__(self, write_url: str, read_urls: List[str]):
+        self.write_engine = create_engine(write_url)
+        self.read_engines = [create_engine(url) for url in read_urls]
+        self.current_read_index = 0
+    
+    def get_write_session(self):
+        Session = sessionmaker(bind=self.write_engine)
+        return Session()
+    
+    def get_read_session(self):
+        # Round-robin read replicas
+        engine = self.read_engines[self.current_read_index]
+        self.current_read_index = (self.current_read_index + 1) % len(self.read_engines)
+        
+        Session = sessionmaker(bind=engine)
+        return Session()
+```
+
+### Vertical Scaling
+
+#### Resource Allocation Guidelines
+```yaml
+# Kubernetes resource allocation
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: knowledge-assistant-backend
+spec:
+  replicas: 3
+  template:
+    spec:
+      containers:
+      - name: backend
+        image: knowledge-assistant-backend:latest
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+        env:
+        - name: WORKERS
+          value: "2"  # 2 workers per container
+        - name: MAX_CONNECTIONS
+          value: "100"
+```
+
+### Auto-Scaling Configuration
+
+#### Platform-Specific Auto-Scaling
+
+**Google Cloud Run:**
+```yaml
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: knowledge-assistant-backend
+  annotations:
+    run.googleapis.com/execution-environment: gen2
+spec:
+  template:
+    metadata:
+      annotations:
+        autoscaling.knative.dev/minScale: "0"
+        autoscaling.knative.dev/maxScale: "100"
+        run.googleapis.com/cpu-throttling: "false"
+    spec:
+      containerConcurrency: 80
+      timeoutSeconds: 300
+      containers:
+      - image: gcr.io/project/knowledge-assistant-backend
+        resources:
+          limits:
+            cpu: "1000m"
+            memory: "1Gi"
+```
+
+**Fly.io Auto-Scaling:**
+```toml
+# fly.toml
+[http_service]
+  internal_port = 8000
+  force_https = true
+  auto_stop_machines = true
+  auto_start_machines = true
+  min_machines_running = 0
+  processes = ["app"]
+
+[[http_service.checks]]
+  grace_period = "10s"
+  interval = "30s"
+  method = "GET"
+  timeout = "5s"
+  path = "/health"
+
+[metrics]
+  port = 9091
+  path = "/metrics"
+```
+
+## Platform-Specific Optimizations
+
+### Railway Optimizations
+
+#### Memory Management
+```python
+# Optimize for Railway's 512MB limit
+import gc
+import psutil
+
+class MemoryManager:
+    def __init__(self, threshold_percent: float = 80):
+        self.threshold_percent = threshold_percent
+    
+    def check_memory_usage(self):
+        memory_percent = psutil.virtual_memory().percent
+        if memory_percent > self.threshold_percent:
+            self.cleanup_memory()
+    
+    def cleanup_memory(self):
+        # Clear caches
+        if hasattr(self, 'query_cache'):
+            self.query_cache.clear()
+        if hasattr(self, 'embedding_cache'):
+            self.embedding_cache.clear()
+        
+        # Force garbage collection
+        gc.collect()
+        
+        logger.info(f"Memory cleanup completed. Usage: {psutil.virtual_memory().percent}%")
+
+# Use in API endpoints
+memory_manager = MemoryManager()
+
+@app.middleware("http")
+async def memory_check_middleware(request: Request, call_next):
+    memory_manager.check_memory_usage()
+    response = await call_next(request)
+    return response
+```
+
+### Fly.io Optimizations
+
+#### Multi-Region Deployment
+```bash
+# Deploy to multiple regions
+flyctl regions add lax sea fra
+
+# Check current regions
+flyctl regions list
+
+# Configure region-specific scaling
+flyctl scale count 2 --region ord
+flyctl scale count 1 --region lax
+flyctl scale count 1 --region sea
+```
+
+### Google Cloud Run Optimizations
+
+#### Cold Start Optimization
+```python
+# Minimize cold start time
+import asyncio
+from contextlib import asynccontextmanager
+
+# Pre-initialize services
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    # Startup
+    await initialize_database()
+    await initialize_qdrant_client()
+    await warm_up_gemini_api()
+    
+    yield
+    
+    # Shutdown
+    await cleanup_resources()
+
+app = FastAPI(lifespan=lifespan)
+
+async def warm_up_gemini_api():
+    """Warm up Gemini API with a simple request"""
+    try:
+        await generate_response("Hello", max_tokens=1)
+    except Exception:
+        pass  # Ignore warm-up failures
+```
+
+## Cost Optimization
+
+### Resource Usage Monitoring
+
+#### Cost Tracking Script
+```bash
+#!/bin/bash
+# cost-monitor.sh
+
+echo "📊 Resource Usage Report - $(date)"
+echo "=================================="
+
+# Memory usage
+echo "💾 Memory Usage:"
+free -h | grep -E "(Mem|Swap)"
+
+# Disk usage
+echo -e "\n💽 Disk Usage:"
+df -h | grep -E "(Filesystem|/dev/)"
+
+# Docker resource usage
+echo -e "\n🐳 Container Resource Usage:"
+docker stats --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
+
+# Database size
+echo -e "\n🗄️ Database Size:"
+if [ -f "data/knowledge_assistant.db" ]; then
+    du -sh data/knowledge_assistant.db
+fi
+
+# Log file sizes
+echo -e "\n📝 Log File Sizes:"
+find logs/ -name "*.log" -exec du -sh {} \; 2>/dev/null | sort -hr
+
+echo -e "\n✅ Report complete"
+```
+
+### Cost-Effective Architecture Patterns
+
+#### Serverless-First Approach
+```python
+# Design for serverless with minimal cold start
+class ServerlessOptimizedApp:
+    def __init__(self):
+        self.db_connection = None
+        self.qdrant_client = None
+        self.llm_client = None
+    
+    async def get_db_connection(self):
+        if not self.db_connection:
+            self.db_connection = await create_database_connection()
+        return self.db_connection
+    
+    async def get_qdrant_client(self):
+        if not self.qdrant_client:
+            self.qdrant_client = await create_qdrant_client()
+        return self.qdrant_client
+    
+    async def process_request(self, request):
+        # Lazy initialization
+        db = await self.get_db_connection()
+        qdrant = await self.get_qdrant_client()
+        
+        # Process request
+        return await handle_request(request, db, qdrant)
+
+# Global instance for serverless
+app_instance = ServerlessOptimizedApp()
+```
+
+This comprehensive performance optimization guide provides strategies for maximizing the efficiency and scalability of the Knowledge Assistant RAG application across all deployment platforms while maintaining cost-effectiveness.

RAILWAY_DEPLOYMENT.md

@@ -0,0 +1,273 @@
+# Railway Deployment Guide
+
+This guide covers deploying the Knowledge Assistant RAG application to Railway.app, a platform that offers free hosting with generous resource limits.
+
+## Railway Resource Limits (Free Tier)
+
+- **Memory**: 512MB RAM per service
+- **Storage**: 1GB persistent storage
+- **Build Time**: 10 minutes
+- **Execution Time**: No limits
+- **Bandwidth**: 100GB/month
+- **Custom Domains**: Supported
+
+## Prerequisites
+
+1. **Railway Account**: Sign up at [railway.app](https://railway.app)
+2. **Railway CLI**: Install the Railway CLI
+   ```bash
+   npm install -g @railway/cli
+   # or
+   curl -fsSL https://railway.app/install.sh | sh
+   ```
+3. **Docker**: Ensure Docker is installed locally for testing
+
+## Deployment Options
+
+### Option 1: Single Service Deployment (Recommended for Free Tier)
+
+Deploy the backend service with SQLite database and external services.
+
+#### Step 1: Prepare Environment Variables
+
+1. Copy the Railway environment template:
+   ```bash
+   cp .env.railway.template .env.railway
+   ```
+
+2. Edit `.env.railway` with your values:
+   ```bash
+   # Required: Generate a secure JWT secret (32+ characters)
+   JWT_SECRET=your-super-secure-jwt-secret-key-32-chars-minimum
+   
+   # Optional: Configure external services
+   CORS_ORIGINS=https://your-frontend.railway.app
+   VITE_API_BASE_URL=https://your-backend.railway.app
+   ```
+
+#### Step 2: Deploy Backend Service
+
+1. Login to Railway:
+   ```bash
+   railway login
+   ```
+
+2. Create a new Railway project:
+   ```bash
+   railway new
+   ```
+
+3. Deploy the backend:
+   ```bash
+   railway up
+   ```
+
+4. Set environment variables:
+   ```bash
+   railway variables set JWT_SECRET=your-jwt-secret
+   railway variables set USER_REGISTRATION_ENABLED=true
+   railway variables set CORS_ORIGINS=https://your-domain.com
+   ```
+
+#### Step 3: Deploy Frontend Service
+
+1. Navigate to frontend directory:
+   ```bash
+   cd rag-quest-hub
+   ```
+
+2. Create a new Railway service:
+   ```bash
+   railway service create frontend
+   railway up
+   ```
+
+3. Set frontend environment variables:
+   ```bash
+   railway variables set VITE_API_BASE_URL=https://your-backend.railway.app
+   railway variables set VITE_ENABLE_REGISTRATION=true
+   ```
+
+### Option 2: Multi-Service Deployment
+
+Deploy all services (backend, frontend, qdrant, ollama) as separate Railway services.
+
+⚠️ **Warning**: This approach may exceed free tier limits due to memory usage.
+
+#### Step 1: Deploy Services Individually
+
+1. **Backend Service**:
+   ```bash
+   railway service create backend
+   railway up
+   ```
+
+2. **Frontend Service**:
+   ```bash
+   cd rag-quest-hub
+   railway service create frontend
+   railway up
+   ```
+
+3. **Qdrant Service**:
+   ```bash
+   railway service create qdrant
+   railway deploy --service qdrant --image qdrant/qdrant:latest
+   ```
+
+4. **Ollama Service** (High Memory Usage):
+   ```bash
+   railway service create ollama
+   railway deploy --service ollama --image ollama/ollama:latest
+   ```
+
+#### Step 2: Configure Service Communication
+
+Set environment variables for internal service communication:
+
+```bash
+# Backend service variables
+railway variables set QDRANT_HOST=qdrant.railway.internal
+railway variables set OLLAMA_HOST=ollama.railway.internal
+
+# Frontend service variables
+railway variables set VITE_API_BASE_URL=https://backend.railway.app
+```
+
+## Database Configuration
+
+### Option A: SQLite (Default)
+
+Uses local SQLite database with persistent storage:
+- **Pros**: Simple, no additional setup
+- **Cons**: Limited to single instance, no horizontal scaling
+
+```bash
+railway variables set DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+```
+
+### Option B: Railway PostgreSQL
+
+Add Railway's managed PostgreSQL service:
+
+1. Add PostgreSQL to your project:
+   ```bash
+   railway add postgresql
+   ```
+
+2. Railway automatically sets `DATABASE_URL` environment variable
+
+3. Update your application to use PostgreSQL:
+   ```bash
+   railway variables set DATABASE_URL=$DATABASE_URL
+   ```
+
+## External Service Alternatives
+
+For better resource utilization, consider using external managed services:
+
+### Qdrant Cloud
+
+1. Sign up for [Qdrant Cloud](https://cloud.qdrant.io)
+2. Create a cluster and get API credentials
+3. Set environment variables:
+   ```bash
+   railway variables set QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+   railway variables set QDRANT_API_KEY=your-api-key
+   ```
+
+### OpenAI API (Instead of Ollama)
+
+1. Get OpenAI API key from [platform.openai.com](https://platform.openai.com)
+2. Set environment variables:
+   ```bash
+   railway variables set OPENAI_API_KEY=your-openai-key
+   railway variables set USE_OPENAI_INSTEAD_OF_OLLAMA=true
+   ```
+
+## Monitoring and Maintenance
+
+### Health Checks
+
+Railway automatically monitors your services. Access logs via:
+```bash
+railway logs
+```
+
+### Scaling
+
+Monitor resource usage in Railway dashboard:
+- Memory usage should stay under 512MB
+- CPU usage is unlimited on free tier
+- Storage usage should stay under 1GB
+
+### Updates
+
+Deploy updates using:
+```bash
+railway up
+```
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Memory Limit Exceeded**:
+   - Use external services (Qdrant Cloud, OpenAI API)
+   - Optimize Docker images
+   - Consider upgrading to Railway Pro
+
+2. **Build Timeout**:
+   - Optimize Dockerfile build stages
+   - Use smaller base images
+   - Pre-build dependencies
+
+3. **Service Communication Issues**:
+   - Use Railway internal URLs: `service-name.railway.internal`
+   - Check environment variables
+   - Verify network configuration
+
+4. **Database Connection Issues**:
+   - Ensure DATABASE_URL is correctly set
+   - Check PostgreSQL service status
+   - Verify database migrations
+
+### Getting Help
+
+- Railway Documentation: [docs.railway.app](https://docs.railway.app)
+- Railway Discord: [discord.gg/railway](https://discord.gg/railway)
+- Railway Status: [status.railway.app](https://status.railway.app)
+
+## Cost Optimization
+
+### Free Tier Limits
+
+- Stay within 512MB memory per service
+- Use external APIs for resource-intensive services
+- Monitor bandwidth usage (100GB/month limit)
+
+### Upgrade Considerations
+
+Consider Railway Pro ($5/month) if you need:
+- More memory (up to 32GB)
+- More services
+- Priority support
+- Advanced features
+
+## Security Considerations
+
+1. **Environment Variables**: Never commit secrets to git
+2. **JWT Secret**: Use a strong, unique secret (32+ characters)
+3. **CORS Origins**: Restrict to your actual domains
+4. **Database**: Use PostgreSQL for production workloads
+5. **HTTPS**: Railway provides HTTPS by default
+
+## Next Steps
+
+After successful deployment:
+
+1. Test all functionality
+2. Set up monitoring and alerts
+3. Configure custom domain (optional)
+4. Set up CI/CD pipeline
+5. Plan for scaling and optimization

TROUBLESHOOTING.md

@@ -0,0 +1,894 @@
+# Troubleshooting and Maintenance Guide
+
+This comprehensive guide covers common deployment issues, solutions, and maintenance procedures for the Knowledge Assistant RAG application across all supported platforms.
+
+## Table of Contents
+
+1. [Common Deployment Issues](#common-deployment-issues)
+2. [Platform-Specific Issues](#platform-specific-issues)
+3. [Environment Variables and Secrets](#environment-variables-and-secrets)
+4. [Performance Optimization](#performance-optimization)
+5. [Database Issues](#database-issues)
+6. [Service Communication Problems](#service-communication-problems)
+7. [Monitoring and Logging](#monitoring-and-logging)
+8. [Maintenance Procedures](#maintenance-procedures)
+9. [Emergency Recovery](#emergency-recovery)
+
+## Common Deployment Issues
+
+### 1. Container Build Failures
+
+#### Symptoms
+- Build process fails during Docker image creation
+- "No space left on device" errors
+- Dependency installation failures
+
+#### Solutions
+
+**Memory/Disk Space Issues:**
+```bash
+# Clean up Docker system
+docker system prune -a
+
+# Remove unused images
+docker image prune -a
+
+# Check disk space
+df -h
+```
+
+**Dependency Issues:**
+```bash
+# Clear package manager cache
+npm cache clean --force
+pip cache purge
+
+# Update package lists
+apt-get update  # For Debian/Ubuntu
+apk update      # For Alpine
+```
+
+**Multi-stage Build Optimization:**
+```dockerfile
+# Use .dockerignore to exclude unnecessary files
+echo "node_modules" >> .dockerignore
+echo ".git" >> .dockerignore
+echo "*.md" >> .dockerignore
+echo "tests/" >> .dockerignore
+```
+
+### 2. Memory Limit Exceeded
+
+#### Symptoms
+- Services crash with OOM (Out of Memory) errors
+- Slow performance or timeouts
+- Platform-specific memory limit warnings
+
+#### Solutions
+
+**Immediate Fixes:**
+```bash
+# Check memory usage
+docker stats
+htop
+free -h
+
+# Restart services to clear memory
+docker-compose restart
+```
+
+**Long-term Optimization:**
+```bash
+# Use Alpine Linux base images
+FROM python:3.11-alpine instead of python:3.11
+
+# Remove development dependencies
+pip install --no-dev
+npm ci --only=production
+
+# Use external services
+# Replace Ollama with Google Gemini API
+# Use Qdrant Cloud instead of self-hosted
+```
+
+### 3. Service Startup Failures
+
+#### Symptoms
+- Services fail to start or immediately crash
+- Health checks fail
+- Connection refused errors
+
+#### Diagnostic Steps
+```bash
+# Check service logs
+docker-compose logs service-name
+kubectl logs pod-name  # For Kubernetes
+flyctl logs           # For Fly.io
+
+# Check service status
+docker-compose ps
+systemctl status service-name
+
+# Test service connectivity
+curl -f http://localhost:8000/health
+telnet localhost 6333  # For Qdrant
+```
+
+#### Common Solutions
+```bash
+# Check environment variables
+env | grep -E "(DATABASE|QDRANT|JWT)"
+
+# Verify file permissions
+chmod +x scripts/*.sh
+chown -R app:app /app/data
+
+# Check port conflicts
+netstat -tulpn | grep :8000
+lsof -i :8000
+```
+
+## Platform-Specific Issues
+
+### Railway Deployment Issues
+
+#### Issue: Service Won't Start
+```bash
+# Check Railway logs
+railway logs
+
+# Common fixes:
+railway variables set PORT=8000
+railway variables set DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+
+# Restart service
+railway service restart
+```
+
+#### Issue: Memory Limit (512MB) Exceeded
+```bash
+# Monitor memory usage
+railway metrics
+
+# Solutions:
+# 1. Use external services
+railway variables set QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+railway variables set GEMINI_API_KEY=your-api-key
+
+# 2. Optimize container
+# Use multi-stage builds and Alpine images
+```
+
+### Fly.io Deployment Issues
+
+#### Issue: Volume Mount Problems
+```bash
+# Check volumes
+flyctl volumes list
+
+# Create missing volume
+flyctl volumes create knowledge_data --size 1
+
+# Verify mount in fly.toml
+[mounts]
+  source = "knowledge_data"
+  destination = "/app/data"
+```
+
+#### Issue: Machine Won't Start
+```bash
+# Check machine status
+flyctl machine list
+
+# View detailed logs
+flyctl logs --app your-app-name
+
+# Restart machine
+flyctl machine restart MACHINE_ID
+```
+
+### Google Cloud Run Issues
+
+#### Issue: Cold Start Timeouts
+```bash
+# Check service configuration
+gcloud run services describe SERVICE_NAME --region=us-central1
+
+# Increase timeout and memory
+gcloud run services update SERVICE_NAME \
+  --region=us-central1 \
+  --timeout=300 \
+  --memory=1Gi \
+  --cpu=1000m
+```
+
+#### Issue: Cloud SQL Connection Problems
+```bash
+# Test Cloud SQL connection
+gcloud sql connect INSTANCE_NAME --user=USERNAME
+
+# Check service account permissions
+gcloud projects get-iam-policy PROJECT_ID
+
+# Update connection string
+gcloud run services update SERVICE_NAME \
+  --region=us-central1 \
+  --set-env-vars="DATABASE_URL=postgresql://user:pass@/db?host=/cloudsql/project:region:instance"
+```
+
+### Vercel Deployment Issues
+
+#### Issue: Serverless Function Timeouts
+```bash
+# Check function logs in Vercel dashboard
+# Or use Vercel CLI
+vercel logs
+
+# Optimize function performance:
+# 1. Reduce cold start time
+# 2. Use edge functions for simple operations
+# 3. Implement proper caching
+```
+
+#### Issue: Build Size Limits
+```bash
+# Check build output size
+du -sh .vercel/output
+
+# Optimize bundle size:
+npm run build -- --analyze
+# Remove unused dependencies
+npm prune --production
+```
+
+## Environment Variables and Secrets
+
+### Required Environment Variables
+
+#### Core Application Variables
+```bash
+# Authentication
+JWT_SECRET=your-32-character-minimum-secret-key
+USER_REGISTRATION_ENABLED=true
+
+# Database
+DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+# Or for PostgreSQL:
+DATABASE_URL=postgresql://user:password@host:port/database
+
+# Vector Database
+QDRANT_HOST=localhost
+QDRANT_PORT=6333
+# Or for Qdrant Cloud:
+QDRANT_CLOUD_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-qdrant-api-key
+
+# LLM Service
+GEMINI_API_KEY=your-google-gemini-api-key
+
+# CORS Configuration
+CORS_ORIGINS=https://your-frontend-domain.com,http://localhost:3000
+
+# Frontend Configuration
+VITE_API_BASE_URL=https://your-backend-domain.com
+VITE_ENABLE_REGISTRATION=true
+VITE_API_TIMEOUT=30000
+```
+
+### Secrets Management by Platform
+
+#### Railway
+```bash
+# Set secrets via CLI
+railway variables set JWT_SECRET=your-secret
+railway variables set GEMINI_API_KEY=your-key
+
+# Or via web dashboard
+# Visit railway.app -> Your Project -> Variables
+```
+
+#### Fly.io
+```bash
+# Set secrets via CLI
+flyctl secrets set JWT_SECRET=your-secret
+flyctl secrets set GEMINI_API_KEY=your-key
+
+# List current secrets
+flyctl secrets list
+```
+
+#### Google Cloud Run
+```bash
+# Create secrets in Secret Manager
+gcloud secrets create jwt-secret --data-file=jwt-secret.txt
+gcloud secrets create gemini-api-key --data-file=gemini-key.txt
+
+# Grant access to service account
+gcloud secrets add-iam-policy-binding jwt-secret \
+  --member="serviceAccount:SERVICE_ACCOUNT@PROJECT.iam.gserviceaccount.com" \
+  --role="roles/secretmanager.secretAccessor"
+```
+
+#### Vercel
+```bash
+# Set environment variables via CLI
+vercel env add JWT_SECRET
+vercel env add GEMINI_API_KEY
+
+# Or via web dashboard
+# Visit vercel.com -> Your Project -> Settings -> Environment Variables
+```
+
+### Environment Variable Validation
+
+Create a validation script:
+```bash
+#!/bin/bash
+# validate-env.sh
+
+required_vars=(
+  "JWT_SECRET"
+  "GEMINI_API_KEY"
+  "DATABASE_URL"
+)
+
+for var in "${required_vars[@]}"; do
+  if [[ -z "${!var}" ]]; then
+    echo "ERROR: $var is not set"
+    exit 1
+  fi
+done
+
+# Validate JWT secret length
+if [[ ${#JWT_SECRET} -lt 32 ]]; then
+  echo "ERROR: JWT_SECRET must be at least 32 characters"
+  exit 1
+fi
+
+echo "All environment variables are valid"
+```
+
+## Performance Optimization
+
+### Container Optimization
+
+#### Multi-stage Dockerfile Example
+```dockerfile
+# Build stage
+FROM node:18-alpine AS frontend-builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci --only=production
+COPY . .
+RUN npm run build
+
+# Production stage
+FROM nginx:alpine
+COPY --from=frontend-builder /app/dist /usr/share/nginx/html
+COPY nginx.conf /etc/nginx/nginx.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
+```
+
+#### Image Size Optimization
+```bash
+# Before optimization
+docker images | grep knowledge-assistant
+# knowledge-assistant-backend   latest   7.84GB
+
+# After optimization techniques:
+# 1. Multi-stage builds
+# 2. Alpine base images
+# 3. Dependency pruning
+# 4. Layer optimization
+
+# After optimization
+docker images | grep knowledge-assistant
+# knowledge-assistant-backend   latest   156MB
+```
+
+### Database Performance
+
+#### SQLite Optimization
+```python
+# In your database configuration
+DATABASE_CONFIG = {
+    "pool_pre_ping": True,
+    "pool_recycle": 300,
+    "connect_args": {
+        "check_same_thread": False,
+        "timeout": 20,
+        "isolation_level": None,
+    }
+}
+```
+
+#### PostgreSQL Optimization
+```python
+# Connection pooling
+DATABASE_CONFIG = {
+    "pool_size": 5,
+    "max_overflow": 10,
+    "pool_pre_ping": True,
+    "pool_recycle": 3600,
+}
+```
+
+### API Performance
+
+#### Caching Implementation
+```python
+from functools import lru_cache
+import redis
+
+# In-memory caching
+@lru_cache(maxsize=128)
+def get_cached_embeddings(text_hash):
+    return generate_embeddings(text)
+
+# Redis caching (if available)
+redis_client = redis.Redis(host='localhost', port=6379, db=0)
+
+def cache_query_result(query_hash, result):
+    redis_client.setex(query_hash, 3600, json.dumps(result))
+```
+
+### Scaling Guidelines
+
+#### Horizontal Scaling
+```yaml
+# For Kubernetes
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: knowledge-assistant-backend
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: knowledge-assistant-backend
+  template:
+    spec:
+      containers:
+      - name: backend
+        image: knowledge-assistant-backend:latest
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+```
+
+#### Vertical Scaling
+```bash
+# Railway
+railway service scale --memory 1024
+
+# Fly.io
+flyctl scale memory 512
+
+# Google Cloud Run
+gcloud run services update SERVICE_NAME \
+  --memory=1Gi \
+  --cpu=1000m
+```
+
+## Database Issues
+
+### SQLite Issues
+
+#### Database Locked Errors
+```bash
+# Check for zombie processes
+ps aux | grep python
+kill -9 PID
+
+# Check file permissions
+ls -la data/knowledge_assistant.db
+chmod 664 data/knowledge_assistant.db
+
+# Backup and restore database
+sqlite3 data/knowledge_assistant.db ".backup backup.db"
+mv backup.db data/knowledge_assistant.db
+```
+
+#### Corruption Recovery
+```bash
+# Check database integrity
+sqlite3 data/knowledge_assistant.db "PRAGMA integrity_check;"
+
+# Repair database
+sqlite3 data/knowledge_assistant.db ".recover" | sqlite3 repaired.db
+mv repaired.db data/knowledge_assistant.db
+```
+
+### PostgreSQL Issues
+
+#### Connection Pool Exhaustion
+```python
+# Monitor connection pool
+from sqlalchemy import event
+from sqlalchemy.pool import Pool
+
+@event.listens_for(Pool, "connect")
+def set_sqlite_pragma(dbapi_connection, connection_record):
+    print(f"New connection: {dbapi_connection}")
+
+@event.listens_for(Pool, "checkout")
+def receive_checkout(dbapi_connection, connection_record, connection_proxy):
+    print(f"Connection checked out: {dbapi_connection}")
+```
+
+#### Migration Issues
+```bash
+# Check migration status
+alembic current
+alembic history
+
+# Reset migrations (DANGEROUS - backup first!)
+alembic stamp head
+alembic revision --autogenerate -m "Reset migrations"
+alembic upgrade head
+```
+
+## Service Communication Problems
+
+### Internal Service Discovery
+
+#### Docker Compose
+```yaml
+# Ensure services can communicate
+version: '3.8'
+services:
+  backend:
+    environment:
+      - QDRANT_HOST=qdrant
+      - QDRANT_PORT=6333
+  qdrant:
+    hostname: qdrant
+```
+
+#### Kubernetes
+```yaml
+# Service definition
+apiVersion: v1
+kind: Service
+metadata:
+  name: qdrant-service
+spec:
+  selector:
+    app: qdrant
+  ports:
+  - port: 6333
+    targetPort: 6333
+```
+
+### Network Debugging
+
+#### Test Service Connectivity
+```bash
+# From within container
+curl -f http://qdrant:6333/health
+telnet qdrant 6333
+nslookup qdrant
+
+# Check DNS resolution
+dig qdrant.default.svc.cluster.local  # Kubernetes
+nslookup qdrant-service.railway.internal  # Railway
+```
+
+#### Port Conflicts
+```bash
+# Check port usage
+netstat -tulpn | grep :6333
+lsof -i :6333
+
+# Kill conflicting processes
+sudo kill -9 $(lsof -t -i:6333)
+```
+
+## Monitoring and Logging
+
+### Health Check Implementation
+
+#### Backend Health Endpoint
+```python
+from fastapi import FastAPI, HTTPException
+import asyncio
+
+app = FastAPI()
+
+@app.get("/health")
+async def health_check():
+    checks = {
+        "database": await check_database(),
+        "qdrant": await check_qdrant(),
+        "gemini": await check_gemini_api(),
+    }
+    
+    if all(checks.values()):
+        return {"status": "healthy", "checks": checks}
+    else:
+        raise HTTPException(status_code=503, detail={"status": "unhealthy", "checks": checks})
+
+async def check_database():
+    try:
+        # Test database connection
+        return True
+    except Exception:
+        return False
+```
+
+#### Monitoring Script
+```bash
+#!/bin/bash
+# monitor-services.sh
+
+services=("frontend:3000" "backend:8000" "qdrant:6333")
+
+for service in "${services[@]}"; do
+    name=${service%:*}
+    port=${service#*:}
+    
+    if curl -f -s "http://localhost:$port/health" > /dev/null; then
+        echo "✅ $name is healthy"
+    else
+        echo "❌ $name is unhealthy"
+        # Send alert or restart service
+    fi
+done
+```
+
+### Log Aggregation
+
+#### Centralized Logging
+```bash
+# Docker Compose with logging
+version: '3.8'
+services:
+  backend:
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+```
+
+#### Log Analysis
+```bash
+# Search for errors
+grep -i error logs/*.log
+grep -E "(500|error|exception)" logs/backend.log
+
+# Monitor real-time logs
+tail -f logs/backend.log | grep -i error
+```
+
+## Maintenance Procedures
+
+### Regular Maintenance Tasks
+
+#### Daily Tasks
+```bash
+#!/bin/bash
+# daily-maintenance.sh
+
+# Check service health
+./scripts/health-check.sh
+
+# Backup database
+./scripts/backup-database.sh
+
+# Clean up logs
+find logs/ -name "*.log" -mtime +7 -delete
+
+# Check disk space
+df -h | awk '$5 > 80 {print "WARNING: " $0}'
+```
+
+#### Weekly Tasks
+```bash
+#!/bin/bash
+# weekly-maintenance.sh
+
+# Update dependencies (in development)
+npm audit fix
+pip list --outdated
+
+# Clean up Docker
+docker system prune -f
+
+# Rotate logs
+logrotate /etc/logrotate.d/knowledge-assistant
+```
+
+#### Monthly Tasks
+```bash
+#!/bin/bash
+# monthly-maintenance.sh
+
+# Security updates
+apt update && apt upgrade -y  # Ubuntu/Debian
+apk update && apk upgrade     # Alpine
+
+# Performance analysis
+./scripts/performance-report.sh
+
+# Backup verification
+./scripts/verify-backups.sh
+```
+
+### Database Maintenance
+
+#### SQLite Maintenance
+```bash
+# Vacuum database to reclaim space
+sqlite3 data/knowledge_assistant.db "VACUUM;"
+
+# Analyze query performance
+sqlite3 data/knowledge_assistant.db "ANALYZE;"
+
+# Check database size
+du -sh data/knowledge_assistant.db
+```
+
+#### PostgreSQL Maintenance
+```sql
+-- Vacuum and analyze
+VACUUM ANALYZE;
+
+-- Check database size
+SELECT pg_size_pretty(pg_database_size('knowledge_assistant'));
+
+-- Check table sizes
+SELECT 
+    schemaname,
+    tablename,
+    pg_size_pretty(pg_total_relation_size(schemaname||'.'||tablename)) as size
+FROM pg_tables 
+WHERE schemaname = 'public'
+ORDER BY pg_total_relation_size(schemaname||'.'||tablename) DESC;
+```
+
+## Emergency Recovery
+
+### Service Recovery Procedures
+
+#### Complete Service Failure
+```bash
+# 1. Check system resources
+free -h
+df -h
+ps aux | head -20
+
+# 2. Restart all services
+docker-compose down
+docker-compose up -d
+
+# 3. Check logs for errors
+docker-compose logs --tail=100
+
+# 4. Verify health
+curl -f http://localhost:8000/health
+```
+
+#### Database Recovery
+```bash
+# 1. Stop application
+docker-compose stop backend
+
+# 2. Backup current database
+cp data/knowledge_assistant.db data/knowledge_assistant.db.backup
+
+# 3. Restore from backup
+cp backups/latest-backup.db data/knowledge_assistant.db
+
+# 4. Start application
+docker-compose start backend
+
+# 5. Verify functionality
+curl -f http://localhost:8000/health
+```
+
+### Rollback Procedures
+
+#### Docker Deployment Rollback
+```bash
+# List previous images
+docker images | grep knowledge-assistant
+
+# Rollback to previous version
+docker-compose down
+docker tag knowledge-assistant-backend:latest knowledge-assistant-backend:rollback
+docker tag knowledge-assistant-backend:previous knowledge-assistant-backend:latest
+docker-compose up -d
+```
+
+#### Platform-Specific Rollbacks
+
+**Railway:**
+```bash
+railway rollback
+```
+
+**Fly.io:**
+```bash
+flyctl releases rollback
+```
+
+**Google Cloud Run:**
+```bash
+gcloud run services update SERVICE_NAME \
+  --image=gcr.io/PROJECT/IMAGE:PREVIOUS_TAG
+```
+
+**Vercel:**
+```bash
+vercel rollback
+```
+
+### Data Recovery
+
+#### Vector Database Recovery
+```bash
+# Backup Qdrant data
+tar -czf qdrant-backup-$(date +%Y%m%d).tar.gz data/qdrant/
+
+# Restore Qdrant data
+tar -xzf qdrant-backup-YYYYMMDD.tar.gz -C data/
+```
+
+#### User Data Recovery
+```bash
+# Export user data
+sqlite3 data/knowledge_assistant.db ".mode csv" ".output users.csv" "SELECT * FROM users;"
+
+# Import user data
+sqlite3 data/knowledge_assistant.db ".mode csv" ".import users.csv users"
+```
+
+## Getting Help
+
+### Support Channels
+
+1. **Documentation**: Check platform-specific documentation first
+2. **Community Forums**: 
+   - Railway: [Discord](https://discord.gg/railway)
+   - Fly.io: [Community Forum](https://community.fly.io/)
+   - Google Cloud: [Stack Overflow](https://stackoverflow.com/questions/tagged/google-cloud-run)
+   - Vercel: [Discord](https://discord.gg/vercel)
+
+3. **Issue Reporting**: Create detailed bug reports with:
+   - Platform and version information
+   - Error messages and logs
+   - Steps to reproduce
+   - Environment configuration (without secrets)
+
+### Diagnostic Information Collection
+
+```bash
+#!/bin/bash
+# collect-diagnostics.sh
+
+echo "=== System Information ==="
+uname -a
+docker --version
+docker-compose --version
+
+echo "=== Service Status ==="
+docker-compose ps
+
+echo "=== Resource Usage ==="
+free -h
+df -h
+
+echo "=== Recent Logs ==="
+docker-compose logs --tail=50
+
+echo "=== Environment Variables ==="
+env | grep -E "(DATABASE|QDRANT|JWT)" | sed 's/=.*/=***/'
+```
+
+This troubleshooting guide should help you diagnose and resolve most common issues with the Knowledge Assistant RAG application deployment.

cloudbuild.yaml

@@ -0,0 +1,146 @@
+# Cloud Build Configuration for Knowledge Assistant
+# This file defines the build pipeline for all services
+
+steps:
+  # Build Backend Docker Image
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'build-backend'
+    args:
+      - 'build'
+      - '-t'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-backend:$BUILD_ID'
+      - '-t'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-backend:latest'
+      - '-f'
+      - 'Dockerfile'
+      - '.'
+    dir: 'Knowledge_Assistant_RAG'
+
+  # Build Frontend Docker Image
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'build-frontend'
+    args:
+      - 'build'
+      - '-t'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-frontend:$BUILD_ID'
+      - '-t'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-frontend:latest'
+      - '-f'
+      - 'Dockerfile'
+      - '.'
+    dir: 'Knowledge_Assistant_RAG/rag-quest-hub'
+
+  # Push Backend Image
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'push-backend'
+    args:
+      - 'push'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-backend:$BUILD_ID'
+    waitFor: ['build-backend']
+
+  # Push Frontend Image
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'push-frontend'
+    args:
+      - 'push'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-frontend:$BUILD_ID'
+    waitFor: ['build-frontend']
+
+  # Push Latest Tags
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'push-backend-latest'
+    args:
+      - 'push'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-backend:latest'
+    waitFor: ['push-backend']
+
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'push-frontend-latest'
+    args:
+      - 'push'
+      - 'gcr.io/$PROJECT_ID/knowledge-assistant-frontend:latest'
+    waitFor: ['push-frontend']
+
+  # Deploy Qdrant Service (using public image)
+  - name: 'gcr.io/cloud-builders/gcloud'
+    id: 'deploy-qdrant'
+    args:
+      - 'run'
+      - 'deploy'
+      - 'knowledge-assistant-qdrant'
+      - '--image=qdrant/qdrant:latest'
+      - '--platform=managed'
+      - '--region=us-central1'
+      - '--memory=512Mi'
+      - '--cpu=1'
+      - '--max-instances=5'
+      - '--min-instances=1'
+      - '--port=6333'
+      - '--service-account=knowledge-assistant-qdrant-sa@$PROJECT_ID.iam.gserviceaccount.com'
+      - '--set-env-vars=QDRANT__SERVICE__HTTP_PORT=6333,QDRANT__SERVICE__GRPC_PORT=6334'
+      - '--allow-unauthenticated'
+    waitFor: ['-']
+
+  # Deploy Backend Service
+  - name: 'gcr.io/cloud-builders/gcloud'
+    id: 'deploy-backend'
+    args:
+      - 'run'
+      - 'deploy'
+      - 'knowledge-assistant-backend'
+      - '--image=gcr.io/$PROJECT_ID/knowledge-assistant-backend:$BUILD_ID'
+      - '--platform=managed'
+      - '--region=us-central1'
+      - '--memory=1Gi'
+      - '--cpu=1'
+      - '--max-instances=10'
+      - '--min-instances=0'
+      - '--port=8000'
+      - '--service-account=knowledge-assistant-backend-sa@$PROJECT_ID.iam.gserviceaccount.com'
+      - '--add-cloudsql-instances=$PROJECT_ID:us-central1:knowledge-assistant-db'
+      - '--update-secrets=DATABASE_URL=knowledge-assistant-secrets:DATABASE_URL:latest'
+      - '--update-secrets=JWT_SECRET=knowledge-assistant-secrets:JWT_SECRET:latest'
+      - '--update-secrets=GEMINI_API_KEY=knowledge-assistant-secrets:GEMINI_API_KEY:latest'
+      - '--set-env-vars=QDRANT_HOST=https://knowledge-assistant-qdrant-${_QDRANT_HASH}-uc.a.run.app,QDRANT_PORT=443,PYTHONUNBUFFERED=1,PYTHONDONTWRITEBYTECODE=1'
+      - '--allow-unauthenticated'
+    waitFor: ['push-backend-latest', 'deploy-qdrant']
+
+  # Deploy Frontend Service
+  - name: 'gcr.io/cloud-builders/gcloud'
+    id: 'deploy-frontend'
+    args:
+      - 'run'
+      - 'deploy'
+      - 'knowledge-assistant-frontend'
+      - '--image=gcr.io/$PROJECT_ID/knowledge-assistant-frontend:$BUILD_ID'
+      - '--platform=managed'
+      - '--region=us-central1'
+      - '--memory=512Mi'
+      - '--cpu=1'
+      - '--max-instances=10'
+      - '--min-instances=0'
+      - '--port=8080'
+      - '--set-env-vars=VITE_API_BASE_URL=https://knowledge-assistant-backend-${_BACKEND_HASH}-uc.a.run.app'
+      - '--allow-unauthenticated'
+    waitFor: ['push-frontend-latest', 'deploy-backend']
+
+# Build configuration
+options:
+  machineType: 'E2_HIGHCPU_8'
+  diskSizeGb: 100
+  logging: CLOUD_LOGGING_ONLY
+
+# Substitutions for dynamic values
+substitutions:
+  _BACKEND_HASH: 'auto-generated-hash'
+  _QDRANT_HASH: 'auto-generated-hash'
+
+# Build timeout
+timeout: '1800s'  # 30 minutes
+
+# Images to be pushed to Container Registry
+images:
+  - 'gcr.io/$PROJECT_ID/knowledge-assistant-backend:$BUILD_ID'
+  - 'gcr.io/$PROJECT_ID/knowledge-assistant-backend:latest'
+  - 'gcr.io/$PROJECT_ID/knowledge-assistant-frontend:$BUILD_ID'
+  - 'gcr.io/$PROJECT_ID/knowledge-assistant-frontend:latest'

cloudrun/backend-service.yaml

@@ -0,0 +1,88 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: knowledge-assistant-backend
+  annotations:
+    run.googleapis.com/ingress: all
+    run.googleapis.com/execution-environment: gen2
+spec:
+  template:
+    metadata:
+      annotations:
+        # Resource limits for free tier
+        run.googleapis.com/memory: "1Gi"
+        run.googleapis.com/cpu: "1000m"
+        run.googleapis.com/max-instances: "10"
+        run.googleapis.com/min-instances: "0"
+        # Enable CPU allocation only during requests
+        run.googleapis.com/cpu-throttling: "true"
+        # Cloud SQL connection (if using Cloud SQL)
+        run.googleapis.com/cloudsql-instances: "PROJECT_ID:REGION:knowledge-assistant-db"
+    spec:
+      containerConcurrency: 80
+      timeoutSeconds: 900
+      containers:
+      - name: backend
+        image: gcr.io/PROJECT_ID/knowledge-assistant-backend:latest
+        ports:
+        - name: http1
+          containerPort: 8000
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: knowledge-assistant-secrets
+              key: DATABASE_URL
+        - name: JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: knowledge-assistant-secrets
+              key: JWT_SECRET
+        - name: QDRANT_HOST
+          value: "https://knowledge-assistant-qdrant-HASH-uc.a.run.app"
+        - name: QDRANT_PORT
+          value: "443"
+        - name: GEMINI_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: knowledge-assistant-secrets
+              key: GEMINI_API_KEY
+        - name: CORS_ORIGINS
+          value: "https://knowledge-assistant-frontend-HASH-uc.a.run.app"
+        - name: JWT_LIFETIME_SECONDS
+          value: "3600"
+        - name: USER_REGISTRATION_ENABLED
+          value: "true"
+        - name: EMAIL_VERIFICATION_REQUIRED
+          value: "false"
+        - name: PYTHONUNBUFFERED
+          value: "1"
+        - name: PYTHONDONTWRITEBYTECODE
+          value: "1"
+        resources:
+          limits:
+            memory: "1Gi"
+            cpu: "1000m"
+        volumeMounts:
+        - name: data-volume
+          mountPath: /app/data
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8000
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          timeoutSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8000
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 5
+      volumes:
+      - name: data-volume
+        emptyDir: {}
+  traffic:
+  - percent: 100
+    latestRevision: true

cloudrun/cloudrun-config.yaml

@@ -0,0 +1,95 @@
+# Complete Cloud Run Configuration for Knowledge Assistant
+# This file contains all the necessary configurations for deploying to Google Cloud Run
+
+# Project Configuration
+PROJECT_ID: "your-gcp-project-id"
+REGION: "us-central1"
+SERVICES:
+  - name: "knowledge-assistant-frontend"
+    image: "gcr.io/PROJECT_ID/knowledge-assistant-frontend"
+    port: 8080
+    memory: "512Mi"
+    cpu: "1000m"
+    max_instances: 10
+    min_instances: 0
+    
+  - name: "knowledge-assistant-backend"
+    image: "gcr.io/PROJECT_ID/knowledge-assistant-backend"
+    port: 8000
+    memory: "1Gi"
+    cpu: "1000m"
+    max_instances: 10
+    min_instances: 0
+    service_account: "knowledge-assistant-backend-sa@PROJECT_ID.iam.gserviceaccount.com"
+    
+  - name: "knowledge-assistant-qdrant"
+    image: "qdrant/qdrant:latest"
+    port: 6333
+    memory: "512Mi"
+    cpu: "1000m"
+    max_instances: 5
+    min_instances: 1
+    service_account: "knowledge-assistant-qdrant-sa@PROJECT_ID.iam.gserviceaccount.com"
+
+# Environment Variables Configuration
+ENVIRONMENT_VARIABLES:
+  frontend:
+    VITE_API_BASE_URL: "https://knowledge-assistant-backend-HASH-uc.a.run.app"
+    VITE_API_TIMEOUT: "30000"
+    VITE_ENABLE_REGISTRATION: "true"
+    
+  backend:
+    QDRANT_HOST: "https://knowledge-assistant-qdrant-HASH-uc.a.run.app"
+    QDRANT_PORT: "443"
+    CORS_ORIGINS: "https://knowledge-assistant-frontend-HASH-uc.a.run.app"
+    JWT_LIFETIME_SECONDS: "3600"
+    USER_REGISTRATION_ENABLED: "true"
+    EMAIL_VERIFICATION_REQUIRED: "false"
+    PYTHONUNBUFFERED: "1"
+    PYTHONDONTWRITEBYTECODE: "1"
+    
+  qdrant:
+    QDRANT__SERVICE__HTTP_PORT: "6333"
+    QDRANT__SERVICE__GRPC_PORT: "6334"
+    QDRANT__STORAGE__STORAGE_PATH: "/qdrant/storage"
+
+# Secret Environment Variables (stored in Secret Manager)
+SECRET_VARIABLES:
+  backend:
+    - name: "DATABASE_URL"
+      secret: "knowledge-assistant-secrets"
+      key: "DATABASE_URL"
+    - name: "JWT_SECRET"
+      secret: "knowledge-assistant-secrets"
+      key: "JWT_SECRET"
+    - name: "GEMINI_API_KEY"
+      secret: "knowledge-assistant-secrets"
+      key: "GEMINI_API_KEY"
+
+# Cloud SQL Configuration
+CLOUD_SQL:
+  instance_name: "knowledge-assistant-db"
+  database_name: "knowledge-assistant-main-db"
+  user_name: "knowledge-assistant-user"
+  region: "us-central1"
+  tier: "db-f1-micro"
+  disk_size: 10
+  
+# IAM Configuration
+SERVICE_ACCOUNTS:
+  - name: "knowledge-assistant-backend-sa"
+    roles:
+      - "roles/cloudsql.client"
+      - "roles/secretmanager.secretAccessor"
+      - "roles/run.invoker"
+      
+  - name: "knowledge-assistant-qdrant-sa"
+    roles:
+      - "roles/run.invoker"
+
+# Resource Limits (Free Tier Optimized)
+RESOURCE_LIMITS:
+  total_memory: "2Gi"  # Total across all services
+  total_cpu: "3000m"   # Total across all services
+  max_requests_per_minute: 1000
+  max_concurrent_requests: 100

cloudrun/cloudsql-config.yaml

@@ -0,0 +1,61 @@
+# Cloud SQL Configuration for Knowledge Assistant
+# This file defines the Cloud SQL instance and database configuration
+
+apiVersion: sql.cnrm.cloud.google.com/v1beta1
+kind: SQLInstance
+metadata:
+  name: knowledge-assistant-db
+spec:
+  databaseVersion: POSTGRES_15
+  region: us-central1
+  settings:
+    tier: db-f1-micro  # Free tier eligible
+    availabilityType: ZONAL
+    diskSize: 10  # GB - minimum for free tier
+    diskType: PD_HDD
+    diskAutoresize: true
+    diskAutoresizeLimit: 20  # GB - stay within free tier limits
+    backupConfiguration:
+      enabled: true
+      startTime: "03:00"  # 3 AM UTC
+      retainedBackups: 7
+      transactionLogRetentionDays: 7
+    ipConfiguration:
+      ipv4Enabled: true
+      authorizedNetworks: []  # Cloud Run will connect via private IP
+      requireSsl: true
+    maintenanceWindow:
+      day: 7  # Sunday
+      hour: 4  # 4 AM UTC
+      updateTrack: stable
+    userLabels:
+      app: knowledge-assistant
+      environment: production
+      tier: free
+
+---
+
+apiVersion: sql.cnrm.cloud.google.com/v1beta1
+kind: SQLDatabase
+metadata:
+  name: knowledge-assistant-main-db
+spec:
+  charset: UTF8
+  collation: en_US.UTF8
+  instanceRef:
+    name: knowledge-assistant-db
+
+---
+
+apiVersion: sql.cnrm.cloud.google.com/v1beta1
+kind: SQLUser
+metadata:
+  name: knowledge-assistant-user
+spec:
+  instanceRef:
+    name: knowledge-assistant-db
+  password:
+    valueFrom:
+      secretKeyRef:
+        name: knowledge-assistant-secrets
+        key: DB_PASSWORD

cloudrun/frontend-service.yaml

@@ -0,0 +1,55 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: knowledge-assistant-frontend
+  annotations:
+    run.googleapis.com/ingress: all
+    run.googleapis.com/execution-environment: gen2
+spec:
+  template:
+    metadata:
+      annotations:
+        # Resource limits for free tier
+        run.googleapis.com/memory: "512Mi"
+        run.googleapis.com/cpu: "1000m"
+        run.googleapis.com/max-instances: "10"
+        run.googleapis.com/min-instances: "0"
+        # Enable CPU allocation only during requests
+        run.googleapis.com/cpu-throttling: "true"
+    spec:
+      containerConcurrency: 80
+      timeoutSeconds: 300
+      containers:
+      - name: frontend
+        image: gcr.io/PROJECT_ID/knowledge-assistant-frontend:latest
+        ports:
+        - name: http1
+          containerPort: 8080
+        env:
+        - name: VITE_API_BASE_URL
+          value: "https://knowledge-assistant-backend-HASH-uc.a.run.app"
+        - name: VITE_API_TIMEOUT
+          value: "30000"
+        - name: VITE_ENABLE_REGISTRATION
+          value: "true"
+        resources:
+          limits:
+            memory: "512Mi"
+            cpu: "1000m"
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 30
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          timeoutSeconds: 3
+  traffic:
+  - percent: 100
+    latestRevision: true

cloudrun/iam-config.yaml

@@ -0,0 +1,84 @@
+# IAM Configuration for Cloud Run Services
+# This file defines the service accounts and IAM roles needed for the Knowledge Assistant application
+
+# Service Account for Backend Service
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMServiceAccount
+metadata:
+  name: knowledge-assistant-backend-sa
+  namespace: default
+spec:
+  displayName: "Knowledge Assistant Backend Service Account"
+  description: "Service account for Knowledge Assistant backend with minimal required permissions"
+
+---
+
+# Service Account for Qdrant Service
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMServiceAccount
+metadata:
+  name: knowledge-assistant-qdrant-sa
+  namespace: default
+spec:
+  displayName: "Knowledge Assistant Qdrant Service Account"
+  description: "Service account for Qdrant vector database service"
+
+---
+
+# IAM Policy Binding for Backend Service Account - Cloud SQL Client
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: backend-cloudsql-client
+spec:
+  member: serviceAccount:knowledge-assistant-backend-sa@PROJECT_ID.iam.gserviceaccount.com
+  role: roles/cloudsql.client
+  resourceRef:
+    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+    kind: Project
+    external: PROJECT_ID
+
+---
+
+# IAM Policy Binding for Backend Service Account - Secret Manager Accessor
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: backend-secret-accessor
+spec:
+  member: serviceAccount:knowledge-assistant-backend-sa@PROJECT_ID.iam.gserviceaccount.com
+  role: roles/secretmanager.secretAccessor
+  resourceRef:
+    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+    kind: Project
+    external: PROJECT_ID
+
+---
+
+# IAM Policy Binding for Backend Service Account - Cloud Run Invoker (for internal service communication)
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: backend-run-invoker
+spec:
+  member: serviceAccount:knowledge-assistant-backend-sa@PROJECT_ID.iam.gserviceaccount.com
+  role: roles/run.invoker
+  resourceRef:
+    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+    kind: Project
+    external: PROJECT_ID
+
+---
+
+# IAM Policy Binding for Qdrant Service Account - Basic Cloud Run permissions
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: qdrant-run-invoker
+spec:
+  member: serviceAccount:knowledge-assistant-qdrant-sa@PROJECT_ID.iam.gserviceaccount.com
+  role: roles/run.invoker
+  resourceRef:
+    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+    kind: Project
+    external: PROJECT_ID

cloudrun/qdrant-service.yaml

@@ -0,0 +1,61 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: knowledge-assistant-qdrant
+  annotations:
+    run.googleapis.com/ingress: all
+    run.googleapis.com/execution-environment: gen2
+spec:
+  template:
+    metadata:
+      annotations:
+        # Resource limits for free tier
+        run.googleapis.com/memory: "512Mi"
+        run.googleapis.com/cpu: "1000m"
+        run.googleapis.com/max-instances: "5"
+        run.googleapis.com/min-instances: "1"
+        # Keep at least one instance warm for vector database
+        run.googleapis.com/cpu-throttling: "false"
+    spec:
+      containerConcurrency: 50
+      timeoutSeconds: 300
+      containers:
+      - name: qdrant
+        image: qdrant/qdrant:latest
+        ports:
+        - name: http1
+          containerPort: 6333
+        env:
+        - name: QDRANT__SERVICE__HTTP_PORT
+          value: "6333"
+        - name: QDRANT__SERVICE__GRPC_PORT
+          value: "6334"
+        - name: QDRANT__STORAGE__STORAGE_PATH
+          value: "/qdrant/storage"
+        resources:
+          limits:
+            memory: "512Mi"
+            cpu: "1000m"
+        volumeMounts:
+        - name: qdrant-storage
+          mountPath: /qdrant/storage
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 6333
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          timeoutSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 6333
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 5
+      volumes:
+      - name: qdrant-storage
+        emptyDir: {}
+  traffic:
+  - percent: 100
+    latestRevision: true

cloudrun/secrets-config.yaml

@@ -0,0 +1,34 @@
+# Secret Manager Configuration for Knowledge Assistant
+# This file defines the secrets needed for the application
+
+apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
+kind: SecretManagerSecret
+metadata:
+  name: knowledge-assistant-secrets
+spec:
+  secretId: knowledge-assistant-secrets
+  replication:
+    automatic: true
+  labels:
+    app: knowledge-assistant
+    environment: production
+
+---
+
+# Secret versions will be created separately via gcloud CLI or console
+# The following secrets need to be stored:
+# - JWT_SECRET: A secure random string for JWT token signing
+# - DATABASE_URL: PostgreSQL connection string for Cloud SQL
+# - GEMINI_API_KEY: Google Gemini API key for LLM functionality
+# - DB_PASSWORD: Database password for the Cloud SQL user
+
+# Example secret creation commands (to be run after deployment):
+# gcloud secrets versions add knowledge-assistant-secrets --data-file=secrets.json
+# 
+# Where secrets.json contains:
+# {
+#   "JWT_SECRET": "your-super-secure-jwt-secret-key-change-this-in-production",
+#   "DATABASE_URL": "postgresql+asyncpg://knowledge-assistant-user:PASSWORD@/knowledge-assistant-main-db?host=/cloudsql/PROJECT_ID:us-central1:knowledge-assistant-db",
+#   "GEMINI_API_KEY": "your-gemini-api-key",
+#   "DB_PASSWORD": "your-secure-database-password"
+# }

deploy-cloudrun.sh

@@ -0,0 +1,422 @@
+#!/bin/bash
+
+# Cloud Run Deployment Script for Knowledge Assistant
+# This script automates the deployment of the Knowledge Assistant application to Google Cloud Run
+
+set -e  # Exit on any error
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ENV_FILE="${SCRIPT_DIR}/.env.cloudrun"
+REGION="us-central1"
+
+# Function to print colored output
+print_status() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Function to check if required tools are installed
+check_prerequisites() {
+    print_status "Checking prerequisites..."
+    
+    if ! command -v gcloud &> /dev/null; then
+        print_error "gcloud CLI is not installed. Please install it from https://cloud.google.com/sdk/docs/install"
+        exit 1
+    fi
+    
+    if ! command -v docker &> /dev/null; then
+        print_error "Docker is not installed. Please install Docker first."
+        exit 1
+    fi
+    
+    print_success "Prerequisites check passed"
+}
+
+# Function to load environment variables
+load_environment() {
+    if [[ -f "$ENV_FILE" ]]; then
+        print_status "Loading environment variables from $ENV_FILE"
+        source "$ENV_FILE"
+    else
+        print_error "Environment file $ENV_FILE not found. Please copy .env.cloudrun.template to .env.cloudrun and configure it."
+        exit 1
+    fi
+    
+    # Validate required variables
+    if [[ -z "$PROJECT_ID" ]]; then
+        print_error "PROJECT_ID is not set in environment file"
+        exit 1
+    fi
+    
+    print_success "Environment variables loaded"
+}
+
+# Function to authenticate and set project
+setup_gcloud() {
+    print_status "Setting up gcloud configuration..."
+    
+    # Set the project
+    gcloud config set project "$PROJECT_ID"
+    
+    # Enable required APIs
+    print_status "Enabling required Google Cloud APIs..."
+    gcloud services enable \
+        cloudbuild.googleapis.com \
+        run.googleapis.com \
+        containerregistry.googleapis.com \
+        sqladmin.googleapis.com \
+        secretmanager.googleapis.com \
+        iam.googleapis.com
+    
+    print_success "gcloud setup completed"
+}
+
+# Function to create secrets
+create_secrets() {
+    print_status "Creating secrets in Secret Manager..."
+    
+    # Check if secret already exists
+    if gcloud secrets describe knowledge-assistant-secrets &>/dev/null; then
+        print_warning "Secret knowledge-assistant-secrets already exists, skipping creation"
+    else
+        gcloud secrets create knowledge-assistant-secrets --replication-policy="automatic"
+        print_success "Created secret: knowledge-assistant-secrets"
+    fi
+    
+    # Create temporary secrets file
+    cat > /tmp/secrets.json << EOF
+{
+  "JWT_SECRET": "${JWT_SECRET}",
+  "DATABASE_URL": "${DATABASE_URL}",
+  "GEMINI_API_KEY": "${GEMINI_API_KEY}"
+}
+EOF
+    
+    # Add secret version
+    gcloud secrets versions add knowledge-assistant-secrets --data-file=/tmp/secrets.json
+    
+    # Clean up temporary file
+    rm /tmp/secrets.json
+    
+    print_success "Secrets created and configured"
+}
+
+# Function to create service accounts
+create_service_accounts() {
+    print_status "Creating service accounts..."
+    
+    # Backend service account
+    if gcloud iam service-accounts describe "knowledge-assistant-backend-sa@${PROJECT_ID}.iam.gserviceaccount.com" &>/dev/null; then
+        print_warning "Backend service account already exists, skipping creation"
+    else
+        gcloud iam service-accounts create knowledge-assistant-backend-sa \
+            --display-name="Knowledge Assistant Backend Service Account" \
+            --description="Service account for Knowledge Assistant backend"
+        print_success "Created backend service account"
+    fi
+    
+    # Qdrant service account
+    if gcloud iam service-accounts describe "knowledge-assistant-qdrant-sa@${PROJECT_ID}.iam.gserviceaccount.com" &>/dev/null; then
+        print_warning "Qdrant service account already exists, skipping creation"
+    else
+        gcloud iam service-accounts create knowledge-assistant-qdrant-sa \
+            --display-name="Knowledge Assistant Qdrant Service Account" \
+            --description="Service account for Qdrant vector database"
+        print_success "Created qdrant service account"
+    fi
+    
+    # Grant IAM roles
+    print_status "Granting IAM roles..."
+    
+    gcloud projects add-iam-policy-binding "$PROJECT_ID" \
+        --member="serviceAccount:knowledge-assistant-backend-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
+        --role="roles/cloudsql.client"
+    
+    gcloud projects add-iam-policy-binding "$PROJECT_ID" \
+        --member="serviceAccount:knowledge-assistant-backend-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
+        --role="roles/secretmanager.secretAccessor"
+    
+    gcloud projects add-iam-policy-binding "$PROJECT_ID" \
+        --member="serviceAccount:knowledge-assistant-backend-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
+        --role="roles/run.invoker"
+    
+    print_success "Service accounts and IAM roles configured"
+}
+
+# Function to create Cloud SQL instance
+create_cloud_sql() {
+    print_status "Creating Cloud SQL instance..."
+    
+    # Check if instance already exists
+    if gcloud sql instances describe knowledge-assistant-db &>/dev/null; then
+        print_warning "Cloud SQL instance already exists, skipping creation"
+    else
+        gcloud sql instances create knowledge-assistant-db \
+            --database-version=POSTGRES_15 \
+            --tier=db-f1-micro \
+            --region="$REGION" \
+            --storage-type=HDD \
+            --storage-size=10GB \
+            --storage-auto-increase \
+            --storage-auto-increase-limit=20GB \
+            --backup-start-time=03:00 \
+            --maintenance-window-day=SUN \
+            --maintenance-window-hour=04 \
+            --maintenance-release-channel=production
+        
+        print_success "Created Cloud SQL instance"
+    fi
+    
+    # Create database
+    if gcloud sql databases describe knowledge-assistant-main-db --instance=knowledge-assistant-db &>/dev/null; then
+        print_warning "Database already exists, skipping creation"
+    else
+        gcloud sql databases create knowledge-assistant-main-db --instance=knowledge-assistant-db
+        print_success "Created database"
+    fi
+    
+    # Create user (password will be generated)
+    DB_PASSWORD=$(openssl rand -base64 32)
+    if gcloud sql users describe knowledge-assistant-user --instance=knowledge-assistant-db &>/dev/null; then
+        print_warning "Database user already exists, updating password"
+        gcloud sql users set-password knowledge-assistant-user \
+            --instance=knowledge-assistant-db \
+            --password="$DB_PASSWORD"
+    else
+        gcloud sql users create knowledge-assistant-user \
+            --instance=knowledge-assistant-db \
+            --password="$DB_PASSWORD"
+        print_success "Created database user"
+    fi
+    
+    # Update DATABASE_URL in secrets
+    CONNECTION_NAME="${PROJECT_ID}:${REGION}:knowledge-assistant-db"
+    NEW_DATABASE_URL="postgresql+asyncpg://knowledge-assistant-user:${DB_PASSWORD}@/knowledge-assistant-main-db?host=/cloudsql/${CONNECTION_NAME}"
+    
+    # Update secrets with new database URL
+    cat > /tmp/secrets.json << EOF
+{
+  "JWT_SECRET": "${JWT_SECRET}",
+  "DATABASE_URL": "${NEW_DATABASE_URL}",
+  "GEMINI_API_KEY": "${GEMINI_API_KEY}"
+}
+EOF
+    
+    gcloud secrets versions add knowledge-assistant-secrets --data-file=/tmp/secrets.json
+    rm /tmp/secrets.json
+    
+    print_success "Cloud SQL setup completed"
+}
+
+# Function to build and push Docker images
+build_and_push_images() {
+    print_status "Building and pushing Docker images..."
+    
+    # Build backend image
+    print_status "Building backend image..."
+    docker build -t "gcr.io/${PROJECT_ID}/knowledge-assistant-backend:latest" \
+        -f "${SCRIPT_DIR}/Dockerfile" "${SCRIPT_DIR}"
+    
+    # Build frontend image
+    print_status "Building frontend image..."
+    docker build -t "gcr.io/${PROJECT_ID}/knowledge-assistant-frontend:latest" \
+        -f "${SCRIPT_DIR}/rag-quest-hub/Dockerfile" "${SCRIPT_DIR}/rag-quest-hub"
+    
+    # Configure Docker for GCR
+    gcloud auth configure-docker
+    
+    # Push images
+    print_status "Pushing backend image..."
+    docker push "gcr.io/${PROJECT_ID}/knowledge-assistant-backend:latest"
+    
+    print_status "Pushing frontend image..."
+    docker push "gcr.io/${PROJECT_ID}/knowledge-assistant-frontend:latest"
+    
+    print_success "Docker images built and pushed"
+}
+
+# Function to deploy services
+deploy_services() {
+    print_status "Deploying services to Cloud Run..."
+    
+    # Deploy Qdrant service first
+    print_status "Deploying Qdrant service..."
+    gcloud run deploy knowledge-assistant-qdrant \
+        --image=qdrant/qdrant:latest \
+        --platform=managed \
+        --region="$REGION" \
+        --memory=512Mi \
+        --cpu=1 \
+        --max-instances=5 \
+        --min-instances=1 \
+        --port=6333 \
+        --service-account="knowledge-assistant-qdrant-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
+        --set-env-vars="QDRANT__SERVICE__HTTP_PORT=6333,QDRANT__SERVICE__GRPC_PORT=6334" \
+        --allow-unauthenticated
+    
+    # Get Qdrant service URL
+    QDRANT_URL=$(gcloud run services describe knowledge-assistant-qdrant --region="$REGION" --format="value(status.url)")
+    print_success "Qdrant deployed at: $QDRANT_URL"
+    
+    # Deploy backend service
+    print_status "Deploying backend service..."
+    gcloud run deploy knowledge-assistant-backend \
+        --image="gcr.io/${PROJECT_ID}/knowledge-assistant-backend:latest" \
+        --platform=managed \
+        --region="$REGION" \
+        --memory=1Gi \
+        --cpu=1 \
+        --max-instances=10 \
+        --min-instances=0 \
+        --port=8000 \
+        --service-account="knowledge-assistant-backend-sa@${PROJECT_ID}.iam.gserviceaccount.com" \
+        --add-cloudsql-instances="${PROJECT_ID}:${REGION}:knowledge-assistant-db" \
+        --update-secrets="DATABASE_URL=knowledge-assistant-secrets:DATABASE_URL:latest" \
+        --update-secrets="JWT_SECRET=knowledge-assistant-secrets:JWT_SECRET:latest" \
+        --update-secrets="GEMINI_API_KEY=knowledge-assistant-secrets:GEMINI_API_KEY:latest" \
+        --set-env-vars="QDRANT_HOST=${QDRANT_URL},QDRANT_PORT=443,PYTHONUNBUFFERED=1,PYTHONDONTWRITEBYTECODE=1,USER_REGISTRATION_ENABLED=true,EMAIL_VERIFICATION_REQUIRED=false,JWT_LIFETIME_SECONDS=3600" \
+        --allow-unauthenticated
+    
+    # Get backend service URL
+    BACKEND_URL=$(gcloud run services describe knowledge-assistant-backend --region="$REGION" --format="value(status.url)")
+    print_success "Backend deployed at: $BACKEND_URL"
+    
+    # Deploy frontend service
+    print_status "Deploying frontend service..."
+    gcloud run deploy knowledge-assistant-frontend \
+        --image="gcr.io/${PROJECT_ID}/knowledge-assistant-frontend:latest" \
+        --platform=managed \
+        --region="$REGION" \
+        --memory=512Mi \
+        --cpu=1 \
+        --max-instances=10 \
+        --min-instances=0 \
+        --port=8080 \
+        --set-env-vars="VITE_API_BASE_URL=${BACKEND_URL},VITE_API_TIMEOUT=30000,VITE_ENABLE_REGISTRATION=true" \
+        --allow-unauthenticated
+    
+    # Get frontend service URL
+    FRONTEND_URL=$(gcloud run services describe knowledge-assistant-frontend --region="$REGION" --format="value(status.url)")
+    print_success "Frontend deployed at: $FRONTEND_URL"
+    
+    # Update backend CORS settings
+    print_status "Updating backend CORS settings..."
+    gcloud run services update knowledge-assistant-backend \
+        --region="$REGION" \
+        --update-env-vars="CORS_ORIGINS=${FRONTEND_URL}"
+    
+    print_success "All services deployed successfully!"
+    
+    # Display deployment summary
+    echo ""
+    echo "=== DEPLOYMENT SUMMARY ==="
+    echo "Frontend URL: $FRONTEND_URL"
+    echo "Backend URL: $BACKEND_URL"
+    echo "Qdrant URL: $QDRANT_URL"
+    echo "=========================="
+}
+
+# Function to run health checks
+run_health_checks() {
+    print_status "Running health checks..."
+    
+    # Get service URLs
+    FRONTEND_URL=$(gcloud run services describe knowledge-assistant-frontend --region="$REGION" --format="value(status.url)")
+    BACKEND_URL=$(gcloud run services describe knowledge-assistant-backend --region="$REGION" --format="value(status.url)")
+    QDRANT_URL=$(gcloud run services describe knowledge-assistant-qdrant --region="$REGION" --format="value(status.url)")
+    
+    # Check Qdrant health
+    print_status "Checking Qdrant health..."
+    if curl -f "${QDRANT_URL}/health" &>/dev/null; then
+        print_success "Qdrant is healthy"
+    else
+        print_warning "Qdrant health check failed"
+    fi
+    
+    # Check backend health
+    print_status "Checking backend health..."
+    if curl -f "${BACKEND_URL}/health" &>/dev/null; then
+        print_success "Backend is healthy"
+    else
+        print_warning "Backend health check failed"
+    fi
+    
+    # Check frontend
+    print_status "Checking frontend..."
+    if curl -f "$FRONTEND_URL" &>/dev/null; then
+        print_success "Frontend is accessible"
+    else
+        print_warning "Frontend accessibility check failed"
+    fi
+    
+    print_success "Health checks completed"
+}
+
+# Main deployment function
+main() {
+    print_status "Starting Cloud Run deployment for Knowledge Assistant..."
+    
+    check_prerequisites
+    load_environment
+    setup_gcloud
+    create_secrets
+    create_service_accounts
+    create_cloud_sql
+    build_and_push_images
+    deploy_services
+    run_health_checks
+    
+    print_success "Deployment completed successfully!"
+    print_status "You can now access your application at the frontend URL shown above."
+}
+
+# Handle script arguments
+case "${1:-}" in
+    "secrets")
+        load_environment
+        create_secrets
+        ;;
+    "build")
+        load_environment
+        build_and_push_images
+        ;;
+    "deploy")
+        load_environment
+        deploy_services
+        ;;
+    "health")
+        load_environment
+        run_health_checks
+        ;;
+    "")
+        main
+        ;;
+    *)
+        echo "Usage: $0 [secrets|build|deploy|health]"
+        echo "  secrets - Create secrets only"
+        echo "  build   - Build and push images only"
+        echo "  deploy  - Deploy services only"
+        echo "  health  - Run health checks only"
+        echo "  (no args) - Run full deployment"
+        exit 1
+        ;;
+esac

deploy-production.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Production deployment script for Knowledge Assistant RAG
+set -e
+
+echo "🚀 Starting production deployment..."
+
+# Check if .env.production exists
+if [ ! -f ".env.production" ]; then
+    echo "❌ .env.production file not found!"
+    echo "📝 Please copy .env.production.template to .env.production and configure it."
+    exit 1
+fi
+
+# Validate required environment variables
+echo "🔍 Validating environment configuration..."
+source .env.production
+
+if [ -z "$JWT_SECRET" ] || [ "$JWT_SECRET" = "your-super-secure-jwt-secret-key-change-this-in-production" ]; then
+    echo "❌ JWT_SECRET must be set to a secure value in .env.production"
+    exit 1
+fi
+
+# Stop existing containers
+echo "🛑 Stopping existing containers..."
+docker-compose -f docker-compose.prod.yml down
+
+# Remove old images to save space
+echo "🧹 Cleaning up old images..."
+docker system prune -f
+
+# Build and start services
+echo "🔨 Building optimized containers..."
+docker-compose -f docker-compose.prod.yml build --no-cache
+
+echo "🚀 Starting production services..."
+docker-compose -f docker-compose.prod.yml up -d
+
+# Wait for services to be healthy
+echo "⏳ Waiting for services to be healthy..."
+sleep 30
+
+# Check service health
+echo "🏥 Checking service health..."
+if docker-compose -f docker-compose.prod.yml ps | grep -q "unhealthy"; then
+    echo "❌ Some services are unhealthy. Check logs:"
+    docker-compose -f docker-compose.prod.yml logs
+    exit 1
+fi
+
+echo "✅ Production deployment completed successfully!"
+echo "🌐 Frontend available at: http://localhost:3000"
+echo "🔧 Backend API available at: http://localhost:8000"
+echo "📊 Qdrant available at: http://localhost:6333"
+echo "🤖 Ollama available at: http://localhost:11434"
+
+echo ""
+echo "📋 To view logs: docker-compose -f docker-compose.prod.yml logs -f"
+echo "🛑 To stop: docker-compose -f docker-compose.prod.yml down"

deploy-railway.sh

@@ -0,0 +1,406 @@
+#!/bin/bash
+
+# Railway Deployment Script for Knowledge Assistant RAG
+# This script automates the deployment process to Railway.app
+
+set -e  # Exit on any error
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_NAME="knowledge-assistant-rag"
+BACKEND_SERVICE="backend"
+FRONTEND_SERVICE="frontend"
+
+# Logging function
+log() {
+    echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" >&2
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+# Check if Railway CLI is installed
+check_railway_cli() {
+    log "Checking Railway CLI installation..."
+    if ! command -v railway &> /dev/null; then
+        error "Railway CLI is not installed. Please install it first:"
+        echo "  npm install -g @railway/cli"
+        echo "  or"
+        echo "  curl -fsSL https://railway.app/install.sh | sh"
+        exit 1
+    fi
+    success "Railway CLI is installed"
+}
+
+# Check if user is logged in to Railway
+check_railway_auth() {
+    log "Checking Railway authentication..."
+    if ! railway whoami &> /dev/null; then
+        error "Not logged in to Railway. Please login first:"
+        echo "  railway login"
+        exit 1
+    fi
+    success "Authenticated with Railway"
+}
+
+# Validate environment variables
+validate_environment() {
+    log "Validating environment variables..."
+    
+    if [ ! -f ".env.railway" ]; then
+        warning ".env.railway file not found. Creating from template..."
+        if [ -f ".env.railway.template" ]; then
+            cp .env.railway.template .env.railway
+            warning "Please edit .env.railway with your configuration before continuing."
+            read -p "Press Enter after editing .env.railway..."
+        else
+            error ".env.railway.template not found. Please create environment configuration."
+            exit 1
+        fi
+    fi
+    
+    # Source environment variables
+    source .env.railway
+    
+    # Check required variables
+    if [ -z "$JWT_SECRET" ] || [ "$JWT_SECRET" = "your-super-secret-jwt-key-change-in-production-minimum-32-chars" ]; then
+        error "JWT_SECRET must be set to a secure value (32+ characters)"
+        exit 1
+    fi
+    
+    if [ ${#JWT_SECRET} -lt 32 ]; then
+        error "JWT_SECRET must be at least 32 characters long"
+        exit 1
+    fi
+    
+    success "Environment variables validated"
+}
+
+# Create or connect to Railway project
+setup_railway_project() {
+    log "Setting up Railway project..."
+    
+    # Check if already in a Railway project
+    if railway status &> /dev/null; then
+        log "Already connected to a Railway project"
+        return
+    fi
+    
+    # Ask user if they want to create new project or connect to existing
+    echo "Choose an option:"
+    echo "1) Create new Railway project"
+    echo "2) Connect to existing Railway project"
+    read -p "Enter choice (1 or 2): " choice
+    
+    case $choice in
+        1)
+            log "Creating new Railway project..."
+            railway new "$PROJECT_NAME"
+            ;;
+        2)
+            log "Connecting to existing Railway project..."
+            railway link
+            ;;
+        *)
+            error "Invalid choice"
+            exit 1
+            ;;
+    esac
+    
+    success "Railway project setup complete"
+}
+
+# Deploy backend service
+deploy_backend() {
+    log "Deploying backend service..."
+    
+    # Check if backend service exists
+    if ! railway service list | grep -q "$BACKEND_SERVICE"; then
+        log "Creating backend service..."
+        railway service create "$BACKEND_SERVICE"
+    fi
+    
+    # Switch to backend service
+    railway service use "$BACKEND_SERVICE"
+    
+    # Set environment variables
+    log "Setting backend environment variables..."
+    source .env.railway
+    
+    railway variables set JWT_SECRET="$JWT_SECRET"
+    railway variables set JWT_LIFETIME_SECONDS="$JWT_LIFETIME_SECONDS"
+    railway variables set USER_REGISTRATION_ENABLED="$USER_REGISTRATION_ENABLED"
+    railway variables set EMAIL_VERIFICATION_REQUIRED="$EMAIL_VERIFICATION_REQUIRED"
+    railway variables set DATABASE_URL="$DATABASE_URL"
+    railway variables set CORS_ORIGINS="$CORS_ORIGINS"
+    railway variables set PYTHONUNBUFFERED="1"
+    railway variables set PYTHONDONTWRITEBYTECODE="1"
+    
+    # Set external service variables if using managed services
+    if [ -n "$QDRANT_CLOUD_URL" ]; then
+        railway variables set QDRANT_CLOUD_URL="$QDRANT_CLOUD_URL"
+        railway variables set QDRANT_API_KEY="$QDRANT_API_KEY"
+    else
+        railway variables set QDRANT_HOST="$QDRANT_HOST"
+        railway variables set QDRANT_PORT="$QDRANT_PORT"
+    fi
+    
+    if [ -n "$OPENAI_API_KEY" ]; then
+        railway variables set OPENAI_API_KEY="$OPENAI_API_KEY"
+        railway variables set USE_OPENAI_INSTEAD_OF_OLLAMA="$USE_OPENAI_INSTEAD_OF_OLLAMA"
+    else
+        railway variables set OLLAMA_HOST="$OLLAMA_HOST"
+        railway variables set OLLAMA_PORT="$OLLAMA_PORT"
+        railway variables set OLLAMA_MODEL="$OLLAMA_MODEL"
+    fi
+    
+    # Deploy backend
+    log "Deploying backend code..."
+    railway up --detach
+    
+    success "Backend deployment initiated"
+}
+
+# Deploy frontend service
+deploy_frontend() {
+    log "Deploying frontend service..."
+    
+    # Get backend URL
+    railway service use "$BACKEND_SERVICE"
+    BACKEND_URL=$(railway domain | head -n1)
+    
+    if [ -z "$BACKEND_URL" ]; then
+        warning "Backend URL not available yet. You may need to set VITE_API_BASE_URL manually later."
+        BACKEND_URL="https://your-backend.railway.app"
+    else
+        BACKEND_URL="https://$BACKEND_URL"
+    fi
+    
+    # Switch to frontend directory
+    cd rag-quest-hub
+    
+    # Check if frontend service exists
+    if ! railway service list | grep -q "$FRONTEND_SERVICE"; then
+        log "Creating frontend service..."
+        railway service create "$FRONTEND_SERVICE"
+    fi
+    
+    # Switch to frontend service
+    railway service use "$FRONTEND_SERVICE"
+    
+    # Set frontend environment variables
+    log "Setting frontend environment variables..."
+    railway variables set VITE_API_BASE_URL="$BACKEND_URL"
+    railway variables set VITE_API_TIMEOUT="$VITE_API_TIMEOUT"
+    railway variables set VITE_ENABLE_REGISTRATION="$VITE_ENABLE_REGISTRATION"
+    
+    # Deploy frontend
+    log "Deploying frontend code..."
+    railway up --detach
+    
+    # Return to project root
+    cd ..
+    
+    success "Frontend deployment initiated"
+}
+
+# Add PostgreSQL database (optional)
+add_postgresql() {
+    log "Checking if PostgreSQL should be added..."
+    
+    if [[ "$DATABASE_URL" == *"postgresql"* ]]; then
+        log "PostgreSQL configuration detected. Adding PostgreSQL service..."
+        railway add postgresql
+        success "PostgreSQL service added"
+    else
+        log "Using SQLite database (no PostgreSQL needed)"
+    fi
+}
+
+# Wait for deployments and perform health checks
+wait_and_health_check() {
+    log "Waiting for deployments to complete..."
+    
+    # Wait a bit for deployments to start
+    sleep 30
+    
+    # Check backend health
+    log "Checking backend health..."
+    railway service use "$BACKEND_SERVICE"
+    BACKEND_URL=$(railway domain | head -n1)
+    
+    if [ -n "$BACKEND_URL" ]; then
+        BACKEND_URL="https://$BACKEND_URL"
+        log "Backend URL: $BACKEND_URL"
+        
+        # Wait for backend to be ready (up to 5 minutes)
+        for i in {1..30}; do
+            if curl -f "$BACKEND_URL/health" &> /dev/null; then
+                success "Backend health check passed"
+                break
+            fi
+            log "Waiting for backend to be ready... (attempt $i/30)"
+            sleep 10
+        done
+    else
+        warning "Backend URL not available for health check"
+    fi
+    
+    # Check frontend health
+    log "Checking frontend health..."
+    railway service use "$FRONTEND_SERVICE"
+    FRONTEND_URL=$(railway domain | head -n1)
+    
+    if [ -n "$FRONTEND_URL" ]; then
+        FRONTEND_URL="https://$FRONTEND_URL"
+        log "Frontend URL: $FRONTEND_URL"
+        
+        # Wait for frontend to be ready (up to 3 minutes)
+        for i in {1..18}; do
+            if curl -f "$FRONTEND_URL" &> /dev/null; then
+                success "Frontend health check passed"
+                break
+            fi
+            log "Waiting for frontend to be ready... (attempt $i/18)"
+            sleep 10
+        done
+    else
+        warning "Frontend URL not available for health check"
+    fi
+}
+
+# Display deployment summary
+show_deployment_summary() {
+    log "Deployment Summary"
+    echo "===================="
+    
+    railway service use "$BACKEND_SERVICE"
+    BACKEND_URL=$(railway domain | head -n1)
+    
+    railway service use "$FRONTEND_SERVICE"
+    FRONTEND_URL=$(railway domain | head -n1)
+    
+    if [ -n "$BACKEND_URL" ]; then
+        echo "Backend URL:  https://$BACKEND_URL"
+        echo "Health Check: https://$BACKEND_URL/health"
+        echo "API Docs:     https://$BACKEND_URL/docs"
+    fi
+    
+    if [ -n "$FRONTEND_URL" ]; then
+        echo "Frontend URL: https://$FRONTEND_URL"
+    fi
+    
+    echo ""
+    echo "Next Steps:"
+    echo "1. Test the application functionality"
+    echo "2. Update CORS_ORIGINS if needed"
+    echo "3. Configure custom domain (optional)"
+    echo "4. Set up monitoring and alerts"
+    echo ""
+    echo "Useful Commands:"
+    echo "  railway logs --service $BACKEND_SERVICE   # View backend logs"
+    echo "  railway logs --service $FRONTEND_SERVICE  # View frontend logs"
+    echo "  railway status                            # Check deployment status"
+    echo "  railway variables                         # View environment variables"
+}
+
+# Rollback function
+rollback_deployment() {
+    error "Deployment failed. Rolling back..."
+    
+    # This is a basic rollback - in a real scenario, you might want to
+    # revert to previous deployment or clean up failed services
+    warning "Manual cleanup may be required. Check Railway dashboard."
+    
+    exit 1
+}
+
+# Main deployment function
+main() {
+    log "Starting Railway deployment for Knowledge Assistant RAG"
+    
+    # Trap errors and rollback
+    trap rollback_deployment ERR
+    
+    # Pre-deployment checks
+    check_railway_cli
+    check_railway_auth
+    validate_environment
+    
+    # Setup and deploy
+    setup_railway_project
+    add_postgresql
+    deploy_backend
+    deploy_frontend
+    
+    # Post-deployment verification
+    wait_and_health_check
+    show_deployment_summary
+    
+    success "Railway deployment completed successfully!"
+}
+
+# Handle script arguments
+case "${1:-}" in
+    --help|-h)
+        echo "Railway Deployment Script for Knowledge Assistant RAG"
+        echo ""
+        echo "Usage: $0 [options]"
+        echo ""
+        echo "Options:"
+        echo "  --help, -h     Show this help message"
+        echo "  --backend-only Deploy only the backend service"
+        echo "  --frontend-only Deploy only the frontend service"
+        echo ""
+        echo "Prerequisites:"
+        echo "  1. Railway CLI installed and authenticated"
+        echo "  2. .env.railway file configured"
+        echo "  3. Docker images optimized"
+        echo ""
+        exit 0
+        ;;
+    --backend-only)
+        log "Deploying backend service only"
+        check_railway_cli
+        check_railway_auth
+        validate_environment
+        setup_railway_project
+        add_postgresql
+        deploy_backend
+        success "Backend deployment completed!"
+        ;;
+    --frontend-only)
+        log "Deploying frontend service only"
+        check_railway_cli
+        check_railway_auth
+        validate_environment
+        setup_railway_project
+        deploy_frontend
+        success "Frontend deployment completed!"
+        ;;
+    "")
+        # No arguments - run full deployment
+        main
+        ;;
+    *)
+        error "Unknown option: $1"
+        echo "Use --help for usage information"
+        exit 1
+        ;;
+esac

deploy.sh

@@ -0,0 +1,549 @@
+#!/bin/bash
+
+# Master Deployment Script for Knowledge Assistant RAG
+# This script provides an interactive interface to deploy to various platforms
+
+set -e  # Exit on any error
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+BOLD='\033[1m'
+NC='\033[0m' # No Color
+
+# Configuration
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+VERSION="1.0.0"
+
+# Logging functions
+log() {
+    echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" >&2
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+info() {
+    echo -e "${CYAN}[INFO]${NC} $1"
+}
+
+# Display banner
+show_banner() {
+    echo -e "${BOLD}${CYAN}"
+    echo "╔══════════════════════════════════════════════════════════════╗"
+    echo "║                Knowledge Assistant RAG                       ║"
+    echo "║                 Deployment Manager v${VERSION}                    ║"
+    echo "║                                                              ║"
+    echo "║  Deploy your RAG application to multiple cloud platforms    ║"
+    echo "╚══════════════════════════════════════════════════════════════╝"
+    echo -e "${NC}"
+}
+
+# Show help information
+show_help() {
+    echo "Knowledge Assistant RAG Deployment Manager"
+    echo ""
+    echo "Usage: $0 [OPTIONS] [PLATFORM]"
+    echo ""
+    echo "Platforms:"
+    echo "  railway     Deploy to Railway.app (free tier)"
+    echo "  fly         Deploy to Fly.io (free tier)"
+    echo "  cloudrun    Deploy to Google Cloud Run"
+    echo "  vercel      Deploy to Vercel (hybrid deployment)"
+    echo "  local       Deploy locally with Docker"
+    echo ""
+    echo "Options:"
+    echo "  -h, --help          Show this help message"
+    echo "  -v, --version       Show version information"
+    echo "  --validate-only     Only validate environment and prerequisites"
+    echo "  --dry-run          Show what would be deployed without executing"
+    echo "  --force            Skip confirmation prompts"
+    echo "  --backend-only     Deploy only backend services"
+    echo "  --frontend-only    Deploy only frontend services"
+    echo ""
+    echo "Examples:"
+    echo "  $0                  # Interactive platform selection"
+    echo "  $0 railway          # Deploy to Railway"
+    echo "  $0 --validate-only  # Check prerequisites only"
+    echo "  $0 cloudrun --dry-run  # Show Cloud Run deployment plan"
+    echo ""
+}
+
+# Show version information
+show_version() {
+    echo "Knowledge Assistant RAG Deployment Manager v${VERSION}"
+    echo "Copyright (c) 2024"
+}
+
+# Check system prerequisites
+check_system_prerequisites() {
+    log "Checking system prerequisites..."
+    
+    local missing_tools=()
+    
+    # Check for required tools
+    if ! command -v docker &> /dev/null; then
+        missing_tools+=("docker")
+    fi
+    
+    if ! command -v curl &> /dev/null; then
+        missing_tools+=("curl")
+    fi
+    
+    if ! command -v git &> /dev/null; then
+        missing_tools+=("git")
+    fi
+    
+    # Check Docker daemon
+    if command -v docker &> /dev/null; then
+        if ! docker info &> /dev/null; then
+            error "Docker daemon is not running. Please start Docker."
+            return 1
+        fi
+    fi
+    
+    if [ ${#missing_tools[@]} -ne 0 ]; then
+        error "Missing required tools: ${missing_tools[*]}"
+        echo "Please install the missing tools and try again."
+        return 1
+    fi
+    
+    success "System prerequisites check passed"
+    return 0
+}
+
+# Validate project structure
+validate_project_structure() {
+    log "Validating project structure..."
+    
+    local required_files=(
+        "Dockerfile"
+        "docker-compose.yml"
+        "requirements.txt"
+        "rag-quest-hub/package.json"
+        "rag-quest-hub/Dockerfile"
+    )
+    
+    local missing_files=()
+    
+    for file in "${required_files[@]}"; do
+        if [ ! -f "$file" ]; then
+            missing_files+=("$file")
+        fi
+    done
+    
+    if [ ${#missing_files[@]} -ne 0 ]; then
+        error "Missing required files: ${missing_files[*]}"
+        return 1
+    fi
+    
+    success "Project structure validation passed"
+    return 0
+}
+
+# Check platform-specific prerequisites
+check_platform_prerequisites() {
+    local platform=$1
+    
+    case $platform in
+        railway)
+            if ! command -v railway &> /dev/null; then
+                error "Railway CLI not found. Install with: npm install -g @railway/cli"
+                return 1
+            fi
+            if ! railway whoami &> /dev/null; then
+                error "Not authenticated with Railway. Run: railway login"
+                return 1
+            fi
+            ;;
+        fly)
+            if ! command -v flyctl &> /dev/null; then
+                error "Fly CLI not found. Install from: https://fly.io/docs/getting-started/installing-flyctl/"
+                return 1
+            fi
+            if ! flyctl auth whoami &> /dev/null; then
+                error "Not authenticated with Fly.io. Run: flyctl auth login"
+                return 1
+            fi
+            ;;
+        cloudrun)
+            if ! command -v gcloud &> /dev/null; then
+                error "Google Cloud CLI not found. Install from: https://cloud.google.com/sdk/docs/install"
+                return 1
+            fi
+            if ! gcloud auth list --filter=status:ACTIVE --format="value(account)" | head -n1 &> /dev/null; then
+                error "Not authenticated with Google Cloud. Run: gcloud auth login"
+                return 1
+            fi
+            ;;
+        vercel)
+            if ! command -v vercel &> /dev/null; then
+                error "Vercel CLI not found. Install with: npm install -g vercel"
+                return 1
+            fi
+            if ! vercel whoami &> /dev/null; then
+                error "Not authenticated with Vercel. Run: vercel login"
+                return 1
+            fi
+            ;;
+        local)
+            # Local deployment only needs Docker
+            ;;
+        *)
+            error "Unknown platform: $platform"
+            return 1
+            ;;
+    esac
+    
+    success "Platform prerequisites for $platform are satisfied"
+    return 0
+}
+
+# Validate environment configuration
+validate_environment() {
+    local platform=$1
+    log "Validating environment configuration for $platform..."
+    
+    local env_file=""
+    case $platform in
+        railway)
+            env_file=".env.railway"
+            ;;
+        fly)
+            env_file=".env.fly"
+            ;;
+        cloudrun)
+            env_file=".env.cloudrun"
+            ;;
+        vercel)
+            env_file=".env.vercel"
+            ;;
+        local)
+            env_file=".env.production"
+            ;;
+    esac
+    
+    if [ ! -f "$env_file" ]; then
+        warning "Environment file $env_file not found"
+        
+        local template_file="${env_file}.template"
+        if [ -f "$template_file" ]; then
+            info "Creating $env_file from template..."
+            cp "$template_file" "$env_file"
+            warning "Please edit $env_file with your configuration before continuing"
+            
+            if [ "$FORCE_DEPLOY" != "true" ]; then
+                read -p "Press Enter after editing $env_file, or Ctrl+C to cancel..."
+            fi
+        else
+            error "Template file $template_file not found"
+            return 1
+        fi
+    fi
+    
+    # Source and validate environment variables
+    source "$env_file"
+    
+    # Check JWT_SECRET
+    if [ -z "$JWT_SECRET" ] || [[ "$JWT_SECRET" == *"change"* ]] || [[ "$JWT_SECRET" == *"your-"* ]]; then
+        error "JWT_SECRET must be set to a secure value (32+ characters)"
+        return 1
+    fi
+    
+    if [ ${#JWT_SECRET} -lt 32 ]; then
+        error "JWT_SECRET must be at least 32 characters long"
+        return 1
+    fi
+    
+    success "Environment configuration validated"
+    return 0
+}
+
+# Show deployment plan
+show_deployment_plan() {
+    local platform=$1
+    local services=$2
+    
+    echo ""
+    echo -e "${BOLD}Deployment Plan${NC}"
+    echo "================"
+    echo "Platform: $platform"
+    echo "Services: $services"
+    echo ""
+    
+    case $platform in
+        railway)
+            echo "Railway.app Deployment:"
+            echo "• Backend: FastAPI application"
+            echo "• Frontend: React/Vite application"
+            echo "• Database: Railway PostgreSQL (optional)"
+            echo "• Vector DB: Qdrant container"
+            echo "• LLM: Google Gemini API"
+            echo "• Resource limits: 512MB RAM, 1GB storage"
+            ;;
+        fly)
+            echo "Fly.io Deployment:"
+            echo "• Backend: FastAPI application"
+            echo "• Frontend: React/Vite application"
+            echo "• Database: SQLite with persistent volumes"
+            echo "• Vector DB: Qdrant container"
+            echo "• LLM: Google Gemini API"
+            echo "• Resource limits: 256MB RAM, 1GB storage"
+            ;;
+        cloudrun)
+            echo "Google Cloud Run Deployment:"
+            echo "• Backend: FastAPI container"
+            echo "• Frontend: React/Vite container"
+            echo "• Database: Cloud SQL PostgreSQL"
+            echo "• Vector DB: Qdrant container"
+            echo "• LLM: Google Gemini API"
+            echo "• Resource limits: 1GB memory, 2 vCPU"
+            ;;
+        vercel)
+            echo "Vercel Hybrid Deployment:"
+            echo "• Frontend: Static site on Vercel"
+            echo "• Backend: Serverless functions on Vercel"
+            echo "• Database: External managed service"
+            echo "• Vector DB: Qdrant Cloud"
+            echo "• LLM: Google Gemini API"
+            ;;
+        local)
+            echo "Local Docker Deployment:"
+            echo "• Backend: FastAPI container"
+            echo "• Frontend: React/Vite container"
+            echo "• Database: SQLite in volume"
+            echo "• Vector DB: Qdrant container"
+            echo "• LLM: Google Gemini API"
+            ;;
+    esac
+    echo ""
+}
+
+# Interactive platform selection
+select_platform() {
+    echo ""
+    echo -e "${BOLD}Select Deployment Platform:${NC}"
+    echo ""
+    echo "1) Railway.app (Free tier: 512MB RAM, 1GB storage)"
+    echo "2) Fly.io (Free tier: 256MB RAM, 1GB storage)"
+    echo "3) Google Cloud Run (Free tier: 1GB memory, 2 vCPU)"
+    echo "4) Vercel (Hybrid: Static frontend + serverless backend)"
+    echo "5) Local Docker (Development/testing)"
+    echo ""
+    
+    while true; do
+        read -p "Enter your choice (1-5): " choice
+        case $choice in
+            1) echo "railway"; return ;;
+            2) echo "fly"; return ;;
+            3) echo "cloudrun"; return ;;
+            4) echo "vercel"; return ;;
+            5) echo "local"; return ;;
+            *) echo "Invalid choice. Please enter 1-5." ;;
+        esac
+    done
+}
+
+# Execute deployment
+execute_deployment() {
+    local platform=$1
+    local services=$2
+    
+    log "Starting deployment to $platform..."
+    
+    case $platform in
+        railway)
+            if [ "$services" = "backend-only" ]; then
+                bash "$SCRIPT_DIR/deploy-railway.sh" --backend-only
+            elif [ "$services" = "frontend-only" ]; then
+                bash "$SCRIPT_DIR/deploy-railway.sh" --frontend-only
+            else
+                bash "$SCRIPT_DIR/deploy-railway.sh"
+            fi
+            ;;
+        fly)
+            # Fly.io deployment would be implemented here
+            error "Fly.io deployment not yet implemented"
+            return 1
+            ;;
+        cloudrun)
+            bash "$SCRIPT_DIR/deploy-cloudrun.sh"
+            ;;
+        vercel)
+            # Vercel deployment would be implemented here
+            error "Vercel deployment not yet implemented"
+            return 1
+            ;;
+        local)
+            bash "$SCRIPT_DIR/deploy-production.sh"
+            ;;
+        *)
+            error "Unknown platform: $platform"
+            return 1
+            ;;
+    esac
+}
+
+# Rollback deployment
+rollback_deployment() {
+    local platform=$1
+    
+    warning "Rolling back deployment on $platform..."
+    
+    case $platform in
+        railway)
+            railway service list | grep -E "(backend|frontend)" | while read -r service; do
+                service_name=$(echo "$service" | awk '{print $1}')
+                warning "Rolling back $service_name..."
+                railway rollback --service "$service_name" || true
+            done
+            ;;
+        cloudrun)
+            warning "Cloud Run rollback requires manual intervention via Google Cloud Console"
+            ;;
+        local)
+            docker-compose -f docker-compose.prod.yml down || true
+            ;;
+        *)
+            warning "Rollback not implemented for $platform"
+            ;;
+    esac
+}
+
+# Main deployment function
+main() {
+    local platform=""
+    local services="all"
+    local validate_only=false
+    local dry_run=false
+    
+    # Parse command line arguments
+    while [[ $# -gt 0 ]]; do
+        case $1 in
+            -h|--help)
+                show_help
+                exit 0
+                ;;
+            -v|--version)
+                show_version
+                exit 0
+                ;;
+            --validate-only)
+                validate_only=true
+                shift
+                ;;
+            --dry-run)
+                dry_run=true
+                shift
+                ;;
+            --force)
+                FORCE_DEPLOY=true
+                shift
+                ;;
+            --backend-only)
+                services="backend-only"
+                shift
+                ;;
+            --frontend-only)
+                services="frontend-only"
+                shift
+                ;;
+            railway|fly|cloudrun|vercel|local)
+                platform=$1
+                shift
+                ;;
+            *)
+                error "Unknown option: $1"
+                show_help
+                exit 1
+                ;;
+        esac
+    done
+    
+    # Show banner
+    show_banner
+    
+    # Check system prerequisites
+    if ! check_system_prerequisites; then
+        exit 1
+    fi
+    
+    # Validate project structure
+    if ! validate_project_structure; then
+        exit 1
+    fi
+    
+    # Select platform if not provided
+    if [ -z "$platform" ]; then
+        platform=$(select_platform)
+    fi
+    
+    # Check platform prerequisites
+    if ! check_platform_prerequisites "$platform"; then
+        exit 1
+    fi
+    
+    # Validate environment
+    if ! validate_environment "$platform"; then
+        exit 1
+    fi
+    
+    # Show deployment plan
+    show_deployment_plan "$platform" "$services"
+    
+    # Exit if validate-only
+    if [ "$validate_only" = true ]; then
+        success "Validation completed successfully"
+        exit 0
+    fi
+    
+    # Exit if dry-run
+    if [ "$dry_run" = true ]; then
+        info "Dry run completed - no deployment executed"
+        exit 0
+    fi
+    
+    # Confirm deployment
+    if [ "$FORCE_DEPLOY" != "true" ]; then
+        echo -n "Proceed with deployment? (y/N): "
+        read -r confirm
+        if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
+            info "Deployment cancelled"
+            exit 0
+        fi
+    fi
+    
+    # Execute deployment with error handling
+    if ! execute_deployment "$platform" "$services"; then
+        error "Deployment failed"
+        
+        if [ "$FORCE_DEPLOY" != "true" ]; then
+            echo -n "Attempt rollback? (y/N): "
+            read -r rollback_confirm
+            if [[ "$rollback_confirm" =~ ^[Yy]$ ]]; then
+                rollback_deployment "$platform"
+            fi
+        fi
+        
+        exit 1
+    fi
+    
+    success "Deployment completed successfully!"
+}
+
+# Handle script execution
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    main "$@"
+fi

docker-compose.prod.yml

@@ -3,21 +3,87 @@ services:
     build:
       context: ./rag-quest-hub
       dockerfile: Dockerfile
-    volumes: []  # Remove development volume mounts for production
+    ports:
+      - "3000:8080"
+    depends_on:
+      - backend
     environment:
-      VITE_API_BASE_URL: http://backend:8000
-      VITE_API_TIMEOUT: "30000"
-      VITE_ENABLE_REGISTRATION: "${VITE_ENABLE_REGISTRATION:-true}"
+      - VITE_API_BASE_URL=${VITE_API_BASE_URL:-http://localhost:8000}
+      - VITE_API_TIMEOUT=${VITE_API_TIMEOUT:-30000}
+      - VITE_ENABLE_REGISTRATION=${VITE_ENABLE_REGISTRATION:-true}
+    restart: unless-stopped
+    networks:
+      - app-network
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
 
   backend:
+    build: 
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8000:8000"
     volumes:
-      - db_data:/app/data  # SQLite database volume for production
+      - db_data:/app/data
+    depends_on:
+      qdrant:
+        condition: service_healthy
     environment:
-      - DATABASE_URL=sqlite:///./data/knowledge_assistant.db
-      - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
+      - QDRANT_HOST=qdrant
+      - QDRANT_PORT=6333
+      - GEMINI_API_KEY=${GEMINI_API_KEY}
+      - CORS_ORIGINS=${CORS_ORIGINS:-http://localhost:3000}
+      - DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
+      - JWT_SECRET=${JWT_SECRET}
       - JWT_LIFETIME_SECONDS=${JWT_LIFETIME_SECONDS:-3600}
       - USER_REGISTRATION_ENABLED=${USER_REGISTRATION_ENABLED:-true}
       - EMAIL_VERIFICATION_REQUIRED=${EMAIL_VERIFICATION_REQUIRED:-false}
+      - PYTHONUNBUFFERED=1
+      - PYTHONDONTWRITEBYTECODE=1
+    restart: unless-stopped
+    networks:
+      - app-network
+    entrypoint: ["/app/scripts/wait-for-qdrant.sh", "qdrant:6333", "/app/scripts/init-db.sh"]
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+  qdrant:
+    image: qdrant/qdrant:latest
+    ports:
+      - "6333:6333"
+      - "6334:6334"
+    volumes:
+      - qdrant_data:/qdrant/storage
+    environment:
+      - QDRANT__SERVICE__HTTP_PORT=6333
+      - QDRANT__SERVICE__GRPC_PORT=6334
+    restart: unless-stopped
+    networks:
+      - app-network
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:6333/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
 
 volumes:
-  db_data:
+  qdrant_data:
+    driver: local
+  db_data:
+    driver: local
+
+networks:
+  app-network:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.20.0.0/16

docker-compose.railway.yml

@@ -0,0 +1,98 @@
+version: '3.8'
+
+services:
+  # Backend service - Main application
+  backend:
+    build: 
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "${PORT:-8000}:8000"
+    volumes:
+      - db_data:/app/data
+    depends_on:
+      qdrant:
+        condition: service_healthy
+    environment:
+      - QDRANT_HOST=qdrant
+      - QDRANT_PORT=6333
+      - GEMINI_API_KEY=${GEMINI_API_KEY}
+      - CORS_ORIGINS=${CORS_ORIGINS}
+      - DATABASE_URL=${DATABASE_URL:-sqlite+aiosqlite:///./data/knowledge_assistant.db}
+      - JWT_SECRET=${JWT_SECRET}
+      - JWT_LIFETIME_SECONDS=${JWT_LIFETIME_SECONDS:-3600}
+      - USER_REGISTRATION_ENABLED=${USER_REGISTRATION_ENABLED:-true}
+      - EMAIL_VERIFICATION_REQUIRED=${EMAIL_VERIFICATION_REQUIRED:-false}
+      - PYTHONUNBUFFERED=1
+      - PYTHONDONTWRITEBYTECODE=1
+      - PORT=${PORT:-8000}
+    restart: unless-stopped
+    networks:
+      - railway-network
+    entrypoint: ["/app/scripts/wait-for-qdrant.sh", "qdrant:6333", "/app/scripts/init-db.sh"]
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+  # Frontend service
+  frontend:
+    build:
+      context: ./rag-quest-hub
+      dockerfile: Dockerfile
+    ports:
+      - "8080:8080"
+    depends_on:
+      - backend
+    environment:
+      - VITE_API_BASE_URL=${VITE_API_BASE_URL}
+      - VITE_API_TIMEOUT=${VITE_API_TIMEOUT:-30000}
+      - VITE_ENABLE_REGISTRATION=${VITE_ENABLE_REGISTRATION:-true}
+    restart: unless-stopped
+    networks:
+      - railway-network
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+  # Vector database service
+  qdrant:
+    image: qdrant/qdrant:latest
+    ports:
+      - "6333:6333"
+      - "6334:6334"
+    volumes:
+      - qdrant_data:/qdrant/storage
+    environment:
+      - QDRANT__SERVICE__HTTP_PORT=6333
+      - QDRANT__SERVICE__GRPC_PORT=6334
+    restart: unless-stopped
+    networks:
+      - railway-network
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:6333/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+        reservations:
+          memory: 256M
+
+volumes:
+  qdrant_data:
+    driver: local
+  db_data:
+    driver: local
+
+networks:
+  railway-network:
+    driver: bridge

docker-compose.yml

@@ -39,11 +39,9 @@ services:
       - db_data:/app/data  # SQLite database volume
     depends_on:
       - qdrant
-      - ollama
     environment:
       - QDRANT_HOST=qdrant
-      - OLLAMA_HOST=ollama
-      - OLLAMA_MODEL=llama3.2:1b
+      - GEMINI_API_KEY=${GEMINI_API_KEY}
       - CORS_ORIGINS=http://localhost:3000,http://127.0.0.1:3000,http://frontend:8080
       - DATABASE_URL=sqlite+aiosqlite:///./data/knowledge_assistant.db
       - JWT_SECRET=your-super-secret-jwt-key-for-development-only
@@ -64,20 +62,8 @@ services:
     networks:
       - app-network
 
-  ollama:
-    image: ollama/ollama:latest
-    entrypoint: ["/app/ollama_entrypoint.sh"]
-    ports:
-      - "11434:11434"
-    volumes:
-      - ./scripts:/app
-      - ollama_data:/root/.ollama
-    networks:
-      - app-network
-
 volumes:
   qdrant_data:
-  ollama_data:
   db_data:
 
 networks:

rag-quest-hub/.env.vercel

@@ -0,0 +1,18 @@
+# Vercel deployment environment configuration
+VITE_API_BASE_URL=/api
+VITE_API_TIMEOUT=30000
+VITE_QUERY_TIMEOUT=60000
+
+# External service configurations for Vercel deployment
+VITE_DEPLOYMENT_PLATFORM=vercel
+VITE_USE_EXTERNAL_SERVICES=true
+
+# API Keys for external services (set in Vercel dashboard)
+GEMINI_API_KEY=your-gemini-api-key-here
+OPENAI_API_KEY=your-openai-api-key-here
+QDRANT_URL=https://your-cluster.qdrant.io
+QDRANT_API_KEY=your-qdrant-api-key-here
+
+# JWT Configuration
+JWT_SECRET=your-super-secret-jwt-key-for-vercel
+JWT_LIFETIME_SECONDS=3600

rag-quest-hub/Dockerfile

@@ -1,32 +1,71 @@
 # Multi-stage build for React frontend
-FROM node:18-alpine as builder
+# Dependencies stage
+FROM node:18-alpine as deps
+
+# Install dumb-init for proper signal handling
+RUN apk add --no-cache dumb-init
 
-# Set working directory
 WORKDIR /app
 
 # Copy package files
 COPY package*.json ./
 
-# Install dependencies
-RUN npm ci --only=production
+# Install dependencies with npm ci for faster, reliable builds
+RUN npm ci --only=production --frozen-lockfile && \
+    npm cache clean --force
+
+# Build stage
+FROM node:18-alpine as builder
+
+WORKDIR /app
+
+# Copy dependencies from deps stage
+COPY --from=deps /app/node_modules ./node_modules
 
 # Copy source code
 COPY . .
 
-# Build the application
+# Build the application with optimizations
+ENV NODE_ENV=production
 RUN npm run build
 
 # Production stage
 FROM nginx:alpine
 
+# Install dumb-init for proper signal handling
+RUN apk add --no-cache dumb-init
+
+# Create nginx user and group for security
+RUN addgroup -g 1001 -S nginx && \
+    adduser -S nginx -u 1001 -G nginx
+
 # Copy built assets from builder stage
 COPY --from=builder /app/dist /usr/share/nginx/html
 
-# Copy custom nginx configuration
+# Copy optimized nginx configuration
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
+# Remove default nginx configuration
+RUN rm /etc/nginx/conf.d/default.conf.bak 2>/dev/null || true
+
+# Set proper permissions
+RUN chown -R nginx:nginx /usr/share/nginx/html && \
+    chown -R nginx:nginx /var/cache/nginx && \
+    chown -R nginx:nginx /var/log/nginx && \
+    chown -R nginx:nginx /etc/nginx/conf.d
+
+# Create nginx pid directory
+RUN mkdir -p /var/run/nginx && \
+    chown -R nginx:nginx /var/run/nginx
+
+# Switch to non-root user
+USER nginx
+
 # Expose port 8080
 EXPOSE 8080
 
+# Use dumb-init to handle signals properly
+ENTRYPOINT ["dumb-init", "--"]
+
 # Start nginx
 CMD ["nginx", "-g", "daemon off;"]

rag-quest-hub/api/auth/jwt/login.js

@@ -0,0 +1,101 @@
+import jwt from 'jsonwebtoken';
+import bcrypt from 'bcryptjs';
+import { getDatabase } from '../../lib/database.js';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-super-secret-jwt-key-here';
+const JWT_LIFETIME_SECONDS = parseInt(process.env.JWT_LIFETIME_SECONDS || '3600');
+
+export default async function handler(req, res) {
+  // Set CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'POST') {
+    return res.status(405).json({
+      error: 'MethodNotAllowed',
+      detail: 'Method not allowed',
+      status_code: 405,
+      timestamp: new Date().toISOString()
+    });
+  }
+
+  try {
+    const { username, password } = req.body;
+
+    if (!username || !password) {
+      return res.status(422).json({
+        error: 'ValidationError',
+        detail: 'Username and password are required',
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    const db = await getDatabase();
+    
+    // Find user by email
+    const user = await db.get(
+      'SELECT id, email, hashed_password, is_active, is_superuser, is_verified, created_at, updated_at FROM users WHERE email = ?',
+      [username]
+    );
+
+    if (!user) {
+      return res.status(400).json({
+        error: 'InvalidCredentialsError',
+        detail: 'Invalid email or password',
+        status_code: 400,
+        timestamp: new Date().toISOString(),
+        auth_required: true
+      });
+    }
+
+    // Verify password
+    const isValidPassword = await bcrypt.compare(password, user.hashed_password);
+    if (!isValidPassword) {
+      return res.status(400).json({
+        error: 'InvalidCredentialsError',
+        detail: 'Invalid email or password',
+        status_code: 400,
+        timestamp: new Date().toISOString(),
+        auth_required: true
+      });
+    }
+
+    // Check if user is active
+    if (!user.is_active) {
+      return res.status(400).json({
+        error: 'InactiveUserError',
+        detail: 'User account is inactive',
+        status_code: 400,
+        timestamp: new Date().toISOString(),
+        auth_required: true
+      });
+    }
+
+    // Generate JWT token
+    const token = jwt.sign(
+      { sub: user.id, email: user.email },
+      JWT_SECRET,
+      { expiresIn: JWT_LIFETIME_SECONDS }
+    );
+
+    return res.status(200).json({
+      access_token: token,
+      token_type: 'bearer'
+    });
+
+  } catch (error) {
+    console.error('Login error:', error);
+    return res.status(500).json({
+      error: 'InternalServerError',
+      detail: 'An unexpected error occurred during login',
+      status_code: 500,
+      timestamp: new Date().toISOString()
+    });
+  }
+}

rag-quest-hub/api/auth/register.js

@@ -0,0 +1,99 @@
+import { createHash } from 'crypto';
+import { v4 as uuidv4 } from 'uuid';
+import jwt from 'jsonwebtoken';
+import bcrypt from 'bcryptjs';
+import { getDatabase } from '../lib/database.js';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-super-secret-jwt-key-here';
+const JWT_LIFETIME_SECONDS = parseInt(process.env.JWT_LIFETIME_SECONDS || '3600');
+
+export default async function handler(req, res) {
+  // Set CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'POST') {
+    return res.status(405).json({
+      error: 'MethodNotAllowed',
+      detail: 'Method not allowed',
+      status_code: 405,
+      timestamp: new Date().toISOString()
+    });
+  }
+
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      return res.status(422).json({
+        error: 'ValidationError',
+        detail: 'Email and password are required',
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    const db = await getDatabase();
+    
+    // Check if user already exists
+    const existingUser = await db.get(
+      'SELECT id FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (existingUser) {
+      return res.status(400).json({
+        error: 'UserAlreadyExistsError',
+        detail: `User with email ${email} already exists`,
+        status_code: 400,
+        timestamp: new Date().toISOString(),
+        registration_error: true
+      });
+    }
+
+    // Hash password
+    const hashedPassword = await bcrypt.hash(password, 12);
+    const userId = uuidv4();
+    const now = new Date().toISOString();
+
+    // Create user
+    await db.run(
+      `INSERT INTO users (id, email, hashed_password, is_active, is_superuser, is_verified, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+      [userId, email, hashedPassword, 1, 0, 0, now, now]
+    );
+
+    // Generate JWT token
+    const token = jwt.sign(
+      { sub: userId, email: email },
+      JWT_SECRET,
+      { expiresIn: JWT_LIFETIME_SECONDS }
+    );
+
+    return res.status(201).json({
+      id: userId,
+      email: email,
+      is_active: true,
+      is_superuser: false,
+      is_verified: false,
+      created_at: now,
+      updated_at: now,
+      access_token: token,
+      token_type: 'bearer'
+    });
+
+  } catch (error) {
+    console.error('Registration error:', error);
+    return res.status(500).json({
+      error: 'InternalServerError',
+      detail: 'An unexpected error occurred during registration',
+      status_code: 500,
+      timestamp: new Date().toISOString()
+    });
+  }
+}

rag-quest-hub/api/health.js

@@ -0,0 +1,191 @@
+export default async function handler(req, res) {
+  // Set CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'GET') {
+    return res.status(405).json({
+      error: 'MethodNotAllowed',
+      detail: 'Method not allowed',
+      status_code: 405,
+      timestamp: new Date().toISOString()
+    });
+  }
+
+  const startTime = Date.now();
+  const healthStatus = {
+    status: 'ok',
+    timestamp: new Date().toISOString(),
+    services: {},
+    system_metrics: {
+      response_time_ms: 0,
+      timestamp: new Date().toISOString()
+    },
+    alerts: [],
+    summary: {
+      total_services: 0,
+      healthy_services: 0,
+      degraded_services: 0,
+      unhealthy_services: 0
+    }
+  };
+
+  const services = [];
+
+  // Check database connection
+  try {
+    const dbStartTime = Date.now();
+    const { getDatabase } = await import('./lib/database.js');
+    const db = await getDatabase();
+    await db.get('SELECT 1');
+    
+    // Get basic stats
+    const userCount = await db.get('SELECT COUNT(*) as count FROM users');
+    const docCount = await db.get('SELECT COUNT(*) as count FROM documents');
+    
+    const dbResponseTime = Date.now() - dbStartTime;
+    
+    healthStatus.services.database = {
+      status: 'healthy',
+      response_time_ms: dbResponseTime,
+      metadata: {
+        type: 'sqlite',
+        user_count: userCount?.count || 0,
+        document_count: docCount?.count || 0
+      },
+      last_check: new Date().toISOString()
+    };
+    services.push('healthy');
+  } catch (error) {
+    console.error('Database health check failed:', error);
+    healthStatus.services.database = {
+      status: 'unhealthy',
+      error_message: error.message,
+      last_check: new Date().toISOString()
+    };
+    healthStatus.status = 'degraded';
+    services.push('unhealthy');
+  }
+
+  // Check Qdrant connection
+  try {
+    const qdrantStartTime = Date.now();
+    const { getQdrantClient } = await import('./lib/qdrant.js');
+    const qdrantClient = getQdrantClient();
+    const collections = await qdrantClient.getCollections();
+    const qdrantResponseTime = Date.now() - qdrantStartTime;
+    
+    healthStatus.services.qdrant = {
+      status: 'healthy',
+      response_time_ms: qdrantResponseTime,
+      metadata: {
+        collections_count: collections.collections?.length || 0,
+        collections: collections.collections?.map(c => c.name) || []
+      },
+      last_check: new Date().toISOString()
+    };
+    services.push('healthy');
+  } catch (error) {
+    console.error('Qdrant health check failed:', error);
+    healthStatus.services.qdrant = {
+      status: 'unhealthy',
+      error_message: error.message,
+      last_check: new Date().toISOString()
+    };
+    healthStatus.status = 'degraded';
+    services.push('unhealthy');
+  }
+
+  // Check Gemini API
+  try {
+    const geminiStartTime = Date.now();
+    const { generateResponse } = await import('./lib/gemini.js');
+    const testResponse = await generateResponse('Hello, respond with OK if working.');
+    const geminiResponseTime = Date.now() - geminiStartTime;
+    
+    healthStatus.services.gemini = {
+      status: 'healthy',
+      response_time_ms: geminiResponseTime,
+      metadata: {
+        model: 'gemini-pro',
+        test_response_length: testResponse?.length || 0
+      },
+      last_check: new Date().toISOString()
+    };
+    services.push('healthy');
+  } catch (error) {
+    console.error('Gemini health check failed:', error);
+    healthStatus.services.gemini = {
+      status: 'unhealthy',
+      error_message: error.message,
+      last_check: new Date().toISOString()
+    };
+    healthStatus.status = 'degraded';
+    services.push('unhealthy');
+  }
+
+  // Check OpenAI embeddings
+  try {
+    const embeddingStartTime = Date.now();
+    const { generateEmbeddings } = await import('./lib/embeddings.js');
+    const testEmbedding = await generateEmbeddings('test health check');
+    const embeddingResponseTime = Date.now() - embeddingStartTime;
+    
+    healthStatus.services.embeddings = {
+      status: 'healthy',
+      response_time_ms: embeddingResponseTime,
+      metadata: {
+        model: 'text-embedding-ada-002',
+        embedding_dimension: testEmbedding?.length || 0
+      },
+      last_check: new Date().toISOString()
+    };
+    services.push('healthy');
+  } catch (error) {
+    console.error('Embeddings health check failed:', error);
+    healthStatus.services.embeddings = {
+      status: 'unhealthy',
+      error_message: error.message,
+      last_check: new Date().toISOString()
+    };
+    healthStatus.status = 'degraded';
+    services.push('unhealthy');
+  }
+
+  // Calculate overall response time
+  healthStatus.system_metrics.response_time_ms = Date.now() - startTime;
+
+  // Calculate summary
+  healthStatus.summary.total_services = services.length;
+  healthStatus.summary.healthy_services = services.filter(s => s === 'healthy').length;
+  healthStatus.summary.unhealthy_services = services.filter(s => s === 'unhealthy').length;
+  healthStatus.summary.degraded_services = services.filter(s => s === 'degraded').length;
+
+  // Check for performance alerts
+  const responseTimeThreshold = 5000; // 5 seconds
+  if (healthStatus.system_metrics.response_time_ms > responseTimeThreshold) {
+    healthStatus.alerts.push({
+      type: 'high_response_time',
+      severity: 'warning',
+      message: `Health check response time is ${healthStatus.system_metrics.response_time_ms}ms (threshold: ${responseTimeThreshold}ms)`,
+      value: healthStatus.system_metrics.response_time_ms,
+      threshold: responseTimeThreshold
+    });
+  }
+
+  // Set overall status based on service health
+  if (healthStatus.summary.unhealthy_services > 0) {
+    healthStatus.status = 'unhealthy';
+  } else if (healthStatus.summary.degraded_services > 0) {
+    healthStatus.status = 'degraded';
+  } else {
+    healthStatus.status = 'healthy';
+  }
+
+  return res.status(200).json(healthStatus);
+}

rag-quest-hub/api/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "knowledge-assistant-api",
+  "version": "1.0.0",
+  "description": "Serverless API functions for Knowledge Assistant RAG",
+  "type": "module",
+  "dependencies": {
+    "@google/generative-ai": "^0.2.1",
+    "bcryptjs": "^2.4.3",
+    "formidable": "^3.5.1",
+    "jsonwebtoken": "^9.0.2",
+    "sqlite": "^5.1.1",
+    "sqlite3": "^5.1.6",
+    "uuid": "^9.0.1"
+  }
+}

rag-quest-hub/api/query.js

@@ -0,0 +1,142 @@
+import { requireAuth } from './lib/auth.js';
+import { getDatabase } from './lib/database.js';
+import { generateEmbeddings } from './lib/embeddings.js';
+import { getQdrantClient, getUserCollectionName } from './lib/qdrant.js';
+import { generateResponse, formatPrompt } from './lib/gemini.js';
+
+async function queryHandler(req, res) {
+  // Set CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'POST') {
+    return res.status(405).json({
+      error: 'MethodNotAllowed',
+      detail: 'Method not allowed',
+      status_code: 405,
+      timestamp: new Date().toISOString()
+    });
+  }
+
+  try {
+    const user = req.user;
+    const { query } = req.body;
+
+    if (!query || !query.trim()) {
+      return res.status(422).json({
+        error: 'ValidationError',
+        detail: 'Query is required',
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    // Generate query embedding
+    const queryEmbedding = await generateEmbeddings(query);
+    
+    // Get user's collection name
+    const collectionName = getUserCollectionName(user.id);
+    
+    // Search for relevant documents in user's collection
+    const qdrantClient = getQdrantClient();
+    let searchResults = [];
+    
+    try {
+      searchResults = await qdrantClient.searchVectors(collectionName, queryEmbedding, 3);
+    } catch (error) {
+      // Collection might not exist if user hasn't uploaded any documents
+      if (error.message.includes('not found') || error.message.includes('does not exist')) {
+        searchResults = [];
+      } else {
+        throw error;
+      }
+    }
+
+    // Check if any results were found
+    if (!searchResults || searchResults.length === 0) {
+      // Check if user has any documents at all
+      const db = await getDatabase();
+      const docCount = await db.get(
+        'SELECT COUNT(*) as count FROM document_metadata WHERE user_id = ?',
+        [user.id]
+      );
+      
+      let message;
+      if (docCount.count === 0) {
+        message = "You haven't uploaded any documents yet. Please upload some documents to build your knowledge base before asking questions.";
+      } else {
+        message = "I couldn't find any relevant information in your knowledge base to answer your question. Please try rephrasing your query or upload more relevant documents.";
+      }
+      
+      return res.status(200).json({
+        answer: message,
+        source_documents: []
+      });
+    }
+
+    // Filter results to ensure they belong to the user (additional security check)
+    const filteredResults = searchResults.filter(result => 
+      result.payload && result.payload.user_id === user.id
+    );
+    
+    if (filteredResults.length === 0) {
+      return res.status(200).json({
+        answer: "I couldn't find any relevant information in your personal knowledge base to answer your question. Please try rephrasing your query or upload more relevant documents.",
+        source_documents: []
+      });
+    }
+
+    // Format the prompt for the LLM
+    const prompt = formatPrompt(query, filteredResults);
+    
+    // Generate a response from Gemini
+    const answer = await generateResponse(prompt);
+    
+    // Extract source documents for citation
+    const sourceDocuments = filteredResults.map(result => ({
+      source: result.payload?.source || 'Unknown',
+      text: result.payload?.text?.substring(0, 500) + (result.payload?.text?.length > 500 ? '...' : '') || 'N/A',
+      score: result.score || 0.0
+    }));
+
+    return res.status(200).json({
+      answer: answer,
+      source_documents: sourceDocuments
+    });
+
+  } catch (error) {
+    console.error('Query error:', error);
+    
+    if (error.message.includes('GEMINI_API_KEY')) {
+      return res.status(503).json({
+        error: 'ServiceUnavailableError',
+        detail: 'LLM service is not configured properly',
+        status_code: 503,
+        timestamp: new Date().toISOString()
+      });
+    }
+    
+    if (error.message.includes('OPENAI_API_KEY')) {
+      return res.status(503).json({
+        error: 'ServiceUnavailableError',
+        detail: 'Embedding service is not configured properly',
+        status_code: 503,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    return res.status(500).json({
+      error: 'InternalServerError',
+      detail: 'An unexpected error occurred during query processing',
+      status_code: 500,
+      timestamp: new Date().toISOString()
+    });
+  }
+}
+
+export default requireAuth(queryHandler);

rag-quest-hub/api/upload.js

@@ -0,0 +1,171 @@
+import { requireAuth } from './lib/auth.js';
+import { getDatabase } from './lib/database.js';
+import { generateEmbeddings, getEmbeddingDimension } from './lib/embeddings.js';
+import { getQdrantClient, ensureUserCollectionExists } from './lib/qdrant.js';
+import { chunkText, calculateFileHash, parseDocument, validateFileType, validateFileSize } from './lib/processing.js';
+import { v4 as uuidv4 } from 'uuid';
+import formidable from 'formidable';
+import fs from 'fs';
+
+export const config = {
+  api: {
+    bodyParser: false,
+  },
+};
+
+async function uploadHandler(req, res) {
+  // Set CORS headers
+  res.setHeader('Access-Control-Allow-Origin', '*');
+  res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+  if (req.method === 'OPTIONS') {
+    return res.status(200).end();
+  }
+
+  if (req.method !== 'POST') {
+    return res.status(405).json({
+      error: 'MethodNotAllowed',
+      detail: 'Method not allowed',
+      status_code: 405,
+      timestamp: new Date().toISOString()
+    });
+  }
+
+  try {
+    const user = req.user;
+    
+    // Parse form data
+    const form = formidable({
+      maxFileSize: 10 * 1024 * 1024, // 10MB limit
+      keepExtensions: true,
+    });
+
+    const [fields, files] = await form.parse(req);
+    const file = files.file?.[0];
+
+    if (!file) {
+      return res.status(422).json({
+        error: 'ValidationError',
+        detail: 'No file provided',
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    // Validate file
+    const fileExtension = validateFileType(file.originalFilename);
+    validateFileSize(file.size);
+
+    // Read file content
+    const fileContent = fs.readFileSync(file.filepath, 'utf8');
+    
+    // Calculate file hash for duplicate detection
+    const fileHash = calculateFileHash(fileContent);
+    
+    // Check for duplicate uploads by this user
+    const db = await getDatabase();
+    const existingDoc = await db.get(
+      'SELECT filename, upload_date, chunks_count FROM document_metadata WHERE user_id = ? AND file_hash = ?',
+      [user.id, fileHash]
+    );
+
+    if (existingDoc) {
+      return res.status(200).json({
+        filename: file.originalFilename,
+        message: `File already exists (uploaded as '${existingDoc.filename}' on ${existingDoc.upload_date})`,
+        num_chunks_stored: existingDoc.chunks_count
+      });
+    }
+
+    // Parse document text
+    const text = parseDocument(fileContent, fileExtension);
+    
+    if (!text || !text.trim()) {
+      return res.status(422).json({
+        error: 'EmptyFileError',
+        detail: 'File appears to be empty or contains no readable text',
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    // Create text chunks
+    const chunks = chunkText(text);
+    
+    if (chunks.length === 0) {
+      return res.status(422).json({
+        error: 'EmptyFileError',
+        detail: 'No text chunks could be created from the file',
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    // Generate embeddings
+    const embeddings = await generateEmbeddings(chunks);
+    
+    // Ensure user collection exists
+    const embeddingDimension = getEmbeddingDimension();
+    const collectionName = await ensureUserCollectionExists(user.id, embeddingDimension);
+    
+    // Prepare payloads for vector store
+    const payloads = chunks.map(chunk => ({
+      text: chunk,
+      source: file.originalFilename,
+      user_id: user.id,
+      upload_date: new Date().toISOString()
+    }));
+    
+    // Store in Qdrant
+    const qdrantClient = getQdrantClient();
+    await qdrantClient.upsertVectors(collectionName, embeddings, payloads);
+    
+    // Store document metadata in database
+    const docId = uuidv4();
+    await db.run(
+      `INSERT INTO document_metadata (id, user_id, filename, original_size, chunks_count, file_hash, upload_date)
+       VALUES (?, ?, ?, ?, ?, ?, ?)`,
+      [docId, user.id, file.originalFilename, file.size, chunks.length, fileHash, new Date().toISOString()]
+    );
+
+    // Clean up temporary file
+    fs.unlinkSync(file.filepath);
+
+    return res.status(200).json({
+      filename: file.originalFilename,
+      message: 'Successfully uploaded, processed, and stored in your personal knowledge base.',
+      num_chunks_stored: chunks.length
+    });
+
+  } catch (error) {
+    console.error('Upload error:', error);
+    
+    if (error.message.includes('File size exceeds')) {
+      return res.status(413).json({
+        error: 'FileProcessingError',
+        detail: error.message,
+        status_code: 413,
+        timestamp: new Date().toISOString()
+      });
+    }
+    
+    if (error.message.includes('Unsupported file type')) {
+      return res.status(422).json({
+        error: 'InvalidFileTypeError',
+        detail: error.message,
+        status_code: 422,
+        timestamp: new Date().toISOString()
+      });
+    }
+
+    return res.status(500).json({
+      error: 'InternalServerError',
+      detail: 'An unexpected error occurred during file upload',
+      status_code: 500,
+      timestamp: new Date().toISOString()
+    });
+  }
+}
+
+export default requireAuth(uploadHandler);

rag-quest-hub/nginx.conf

@@ -4,29 +4,81 @@ server {
     root /usr/share/nginx/html;
     index index.html;
 
-    # Handle client-side routing
-    location / {
-        try_files $uri $uri/ /index.html;
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+    # Enable gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_comp_level 6;
+    gzip_types
+        text/plain
+        text/css
+        text/xml
+        text/javascript
+        application/javascript
+        application/xml+rss
+        application/json
+        application/xml
+        image/svg+xml;
+
+    # Cache static assets with versioning
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        add_header Vary "Accept-Encoding";
+        access_log off;
+    }
+
+    # Cache HTML with short expiry for updates
+    location ~* \.html$ {
+        expires 5m;
+        add_header Cache-Control "public, must-revalidate";
     }
 
-    # API proxy to backend
+    # API proxy to backend with optimizations
     location /api/ {
         proxy_pass http://backend:8000/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Proxy optimizations
+        proxy_buffering on;
+        proxy_buffer_size 4k;
+        proxy_buffers 8 4k;
+        proxy_connect_timeout 30s;
+        proxy_send_timeout 30s;
+        proxy_read_timeout 30s;
     }
 
-    # Enable gzip compression
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 1024;
-    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
+    # Handle client-side routing (SPA)
+    location / {
+        try_files $uri $uri/ /index.html;
+        
+        # Prevent caching of the main HTML file
+        location = /index.html {
+            expires -1;
+            add_header Cache-Control "no-cache, no-store, must-revalidate";
+        }
+    }
 
-    # Cache static assets
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-        expires 1y;
-        add_header Cache-Control "public, immutable";
+    # Health check endpoint
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+
+    # Deny access to hidden files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
     }
 }

rag-quest-hub/package.json

@@ -7,6 +7,7 @@
     "dev": "vite",
     "build": "vite build",
     "build:dev": "vite build --mode development",
+    "build:vercel": "vite build --mode production",
     "lint": "eslint .",
     "preview": "vite preview",
     "test": "vitest run",
@@ -14,6 +15,7 @@
     "test:ui": "vitest --ui"
   },
   "dependencies": {
+    "@google/generative-ai": "^0.2.1",
     "@hookform/resolvers": "^3.9.0",
     "@radix-ui/react-accordion": "^1.2.0",
     "@radix-ui/react-alert-dialog": "^1.1.1",
@@ -44,12 +46,15 @@
     "@radix-ui/react-tooltip": "^1.1.4",
     "@tanstack/react-query": "^5.56.2",
     "axios": "^1.11.0",
+    "bcryptjs": "^2.4.3",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "^1.0.0",
     "date-fns": "^3.6.0",
     "embla-carousel-react": "^8.3.0",
+    "formidable": "^3.5.1",
     "input-otp": "^1.2.4",
+    "jsonwebtoken": "^9.0.2",
     "lucide-react": "^0.462.0",
     "next-themes": "^0.3.0",
     "react": "^18.3.1",
@@ -60,8 +65,11 @@
     "react-router-dom": "^6.26.2",
     "recharts": "^2.12.7",
     "sonner": "^1.5.0",
+    "sqlite": "^5.1.1",
+    "sqlite3": "^5.1.6",
     "tailwind-merge": "^2.5.2",
     "tailwindcss-animate": "^1.0.7",
+    "uuid": "^9.0.1",
     "vaul": "^0.9.3",
     "zod": "^3.23.8"
   },

rag-quest-hub/src/components/ServiceMonitor.tsx

@@ -0,0 +1,364 @@
+import React, { useState, useEffect } from 'react';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from './ui/card';
+import { Badge } from './ui/badge';
+import { Button } from './ui/button';
+import { Alert, AlertDescription } from './ui/alert';
+import { Separator } from './ui/separator';
+import { Progress } from './ui/progress';
+import { RefreshCw, AlertTriangle, CheckCircle, XCircle, Clock } from 'lucide-react';
+
+interface ServiceHealth {
+  name: string;
+  status: 'healthy' | 'degraded' | 'unhealthy' | 'unknown';
+  response_time_ms?: number;
+  error_message?: string;
+  metadata?: Record<string, any>;
+  last_check?: string;
+}
+
+interface SystemMetrics {
+  cpu_percent: number;
+  memory_percent: number;
+  disk_percent: number;
+  disk_free_gb: number;
+  uptime_seconds: number;
+  timestamp: string;
+}
+
+interface Alert {
+  type: string;
+  severity: 'warning' | 'critical';
+  message: string;
+  value: number;
+  threshold: number;
+}
+
+interface HealthStatus {
+  status: string;
+  timestamp: string;
+  services: Record<string, ServiceHealth>;
+  system_metrics: SystemMetrics;
+  alerts: Alert[];
+  summary: {
+    total_services: number;
+    healthy_services: number;
+    degraded_services: number;
+    unhealthy_services: number;
+  };
+}
+
+const ServiceMonitor: React.FC = () => {
+  const [healthStatus, setHealthStatus] = useState<HealthStatus | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+  const [autoRefresh, setAutoRefresh] = useState(true);
+
+  const fetchHealthStatus = async () => {
+    try {
+      setLoading(true);
+      const response = await fetch('/api/health');
+      if (!response.ok) {
+        throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+      }
+      const data = await response.json();
+      setHealthStatus(data);
+      setError(null);
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Failed to fetch health status');
+      console.error('Health check failed:', err);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  useEffect(() => {
+    fetchHealthStatus();
+  }, []);
+
+  useEffect(() => {
+    if (!autoRefresh) return;
+
+    const interval = setInterval(fetchHealthStatus, 30000); // Refresh every 30 seconds
+    return () => clearInterval(interval);
+  }, [autoRefresh]);
+
+  const getStatusIcon = (status: string) => {
+    switch (status) {
+      case 'healthy':
+        return <CheckCircle className="h-4 w-4 text-green-500" />;
+      case 'degraded':
+        return <AlertTriangle className="h-4 w-4 text-yellow-500" />;
+      case 'unhealthy':
+        return <XCircle className="h-4 w-4 text-red-500" />;
+      default:
+        return <Clock className="h-4 w-4 text-gray-500" />;
+    }
+  };
+
+  const getStatusBadgeVariant = (status: string) => {
+    switch (status) {
+      case 'healthy':
+        return 'default';
+      case 'degraded':
+        return 'secondary';
+      case 'unhealthy':
+        return 'destructive';
+      default:
+        return 'outline';
+    }
+  };
+
+  const formatUptime = (seconds: number) => {
+    const days = Math.floor(seconds / 86400);
+    const hours = Math.floor((seconds % 86400) / 3600);
+    const minutes = Math.floor((seconds % 3600) / 60);
+    
+    if (days > 0) {
+      return `${days}d ${hours}h ${minutes}m`;
+    } else if (hours > 0) {
+      return `${hours}h ${minutes}m`;
+    } else {
+      return `${minutes}m`;
+    }
+  };
+
+  const getProgressColor = (percentage: number, warningThreshold: number, criticalThreshold: number) => {
+    if (percentage >= criticalThreshold) return 'bg-red-500';
+    if (percentage >= warningThreshold) return 'bg-yellow-500';
+    return 'bg-green-500';
+  };
+
+  if (loading && !healthStatus) {
+    return (
+      <Card>
+        <CardHeader>
+          <CardTitle className="flex items-center gap-2">
+            <RefreshCw className="h-5 w-5 animate-spin" />
+            Loading Service Status...
+          </CardTitle>
+        </CardHeader>
+      </Card>
+    );
+  }
+
+  if (error && !healthStatus) {
+    return (
+      <Card>
+        <CardHeader>
+          <CardTitle className="text-red-600">Service Monitor Error</CardTitle>
+        </CardHeader>
+        <CardContent>
+          <Alert>
+            <AlertTriangle className="h-4 w-4" />
+            <AlertDescription>{error}</AlertDescription>
+          </Alert>
+          <Button onClick={fetchHealthStatus} className="mt-4">
+            <RefreshCw className="h-4 w-4 mr-2" />
+            Retry
+          </Button>
+        </CardContent>
+      </Card>
+    );
+  }
+
+  return (
+    <div className="space-y-6">
+      {/* Header */}
+      <div className="flex items-center justify-between">
+        <div>
+          <h2 className="text-2xl font-bold">Service Monitor</h2>
+          <p className="text-muted-foreground">
+            Last updated: {healthStatus?.timestamp ? new Date(healthStatus.timestamp).toLocaleString() : 'Never'}
+          </p>
+        </div>
+        <div className="flex items-center gap-2">
+          <Button
+            variant="outline"
+            size="sm"
+            onClick={() => setAutoRefresh(!autoRefresh)}
+          >
+            {autoRefresh ? 'Disable Auto-refresh' : 'Enable Auto-refresh'}
+          </Button>
+          <Button
+            variant="outline"
+            size="sm"
+            onClick={fetchHealthStatus}
+            disabled={loading}
+          >
+            <RefreshCw className={`h-4 w-4 mr-2 ${loading ? 'animate-spin' : ''}`} />
+            Refresh
+          </Button>
+        </div>
+      </div>
+
+      {/* Overall Status */}
+      {healthStatus && (
+        <Card>
+          <CardHeader>
+            <CardTitle className="flex items-center gap-2">
+              {getStatusIcon(healthStatus.status)}
+              Overall System Status
+              <Badge variant={getStatusBadgeVariant(healthStatus.status)}>
+                {healthStatus.status.toUpperCase()}
+              </Badge>
+            </CardTitle>
+          </CardHeader>
+          <CardContent>
+            <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
+              <div className="text-center">
+                <div className="text-2xl font-bold text-green-600">
+                  {healthStatus.summary.healthy_services}
+                </div>
+                <div className="text-sm text-muted-foreground">Healthy</div>
+              </div>
+              <div className="text-center">
+                <div className="text-2xl font-bold text-yellow-600">
+                  {healthStatus.summary.degraded_services}
+                </div>
+                <div className="text-sm text-muted-foreground">Degraded</div>
+              </div>
+              <div className="text-center">
+                <div className="text-2xl font-bold text-red-600">
+                  {healthStatus.summary.unhealthy_services}
+                </div>
+                <div className="text-sm text-muted-foreground">Unhealthy</div>
+              </div>
+              <div className="text-center">
+                <div className="text-2xl font-bold">
+                  {healthStatus.summary.total_services}
+                </div>
+                <div className="text-sm text-muted-foreground">Total Services</div>
+              </div>
+            </div>
+          </CardContent>
+        </Card>
+      )}
+
+      {/* Alerts */}
+      {healthStatus?.alerts && healthStatus.alerts.length > 0 && (
+        <Card>
+          <CardHeader>
+            <CardTitle className="flex items-center gap-2 text-red-600">
+              <AlertTriangle className="h-5 w-5" />
+              Active Alerts
+            </CardTitle>
+          </CardHeader>
+          <CardContent className="space-y-2">
+            {healthStatus.alerts.map((alert, index) => (
+              <Alert key={index} className={alert.severity === 'critical' ? 'border-red-500' : 'border-yellow-500'}>
+                <AlertTriangle className="h-4 w-4" />
+                <AlertDescription>
+                  <strong>{alert.severity.toUpperCase()}:</strong> {alert.message}
+                </AlertDescription>
+              </Alert>
+            ))}
+          </CardContent>
+        </Card>
+      )}
+
+      {/* System Metrics */}
+      {healthStatus?.system_metrics && (
+        <Card>
+          <CardHeader>
+            <CardTitle>System Resources</CardTitle>
+            <CardDescription>
+              Uptime: {formatUptime(healthStatus.system_metrics.uptime_seconds)}
+            </CardDescription>
+          </CardHeader>
+          <CardContent className="space-y-4">
+            <div>
+              <div className="flex justify-between text-sm mb-1">
+                <span>CPU Usage</span>
+                <span>{healthStatus.system_metrics.cpu_percent.toFixed(1)}%</span>
+              </div>
+              <Progress 
+                value={healthStatus.system_metrics.cpu_percent} 
+                className="h-2"
+              />
+            </div>
+            <div>
+              <div className="flex justify-between text-sm mb-1">
+                <span>Memory Usage</span>
+                <span>{healthStatus.system_metrics.memory_percent.toFixed(1)}%</span>
+              </div>
+              <Progress 
+                value={healthStatus.system_metrics.memory_percent} 
+                className="h-2"
+              />
+            </div>
+            <div>
+              <div className="flex justify-between text-sm mb-1">
+                <span>Disk Usage</span>
+                <span>
+                  {healthStatus.system_metrics.disk_percent.toFixed(1)}% 
+                  ({healthStatus.system_metrics.disk_free_gb.toFixed(1)} GB free)
+                </span>
+              </div>
+              <Progress 
+                value={healthStatus.system_metrics.disk_percent} 
+                className="h-2"
+              />
+            </div>
+          </CardContent>
+        </Card>
+      )}
+
+      {/* Service Details */}
+      {healthStatus?.services && (
+        <Card>
+          <CardHeader>
+            <CardTitle>Service Details</CardTitle>
+          </CardHeader>
+          <CardContent>
+            <div className="space-y-4">
+              {Object.entries(healthStatus.services).map(([serviceName, service]) => (
+                <div key={serviceName} className="border rounded-lg p-4">
+                  <div className="flex items-center justify-between mb-2">
+                    <div className="flex items-center gap-2">
+                      {getStatusIcon(service.status)}
+                      <h4 className="font-semibold capitalize">{serviceName.replace('_', ' ')}</h4>
+                      <Badge variant={getStatusBadgeVariant(service.status)}>
+                        {service.status}
+                      </Badge>
+                    </div>
+                    {service.response_time_ms && (
+                      <span className="text-sm text-muted-foreground">
+                        {service.response_time_ms.toFixed(0)}ms
+                      </span>
+                    )}
+                  </div>
+                  
+                  {service.error_message && (
+                    <Alert className="mb-2">
+                      <AlertTriangle className="h-4 w-4" />
+                      <AlertDescription>{service.error_message}</AlertDescription>
+                    </Alert>
+                  )}
+                  
+                  {service.metadata && (
+                    <div className="text-sm text-muted-foreground">
+                      {Object.entries(service.metadata).map(([key, value]) => (
+                        <div key={key} className="flex justify-between">
+                          <span className="capitalize">{key.replace('_', ' ')}:</span>
+                          <span>{typeof value === 'object' ? JSON.stringify(value) : String(value)}</span>
+                        </div>
+                      ))}
+                    </div>
+                  )}
+                  
+                  {service.last_check && (
+                    <div className="text-xs text-muted-foreground mt-2">
+                      Last checked: {new Date(service.last_check).toLocaleString()}
+                    </div>
+                  )}
+                </div>
+              ))}
+            </div>
+          </CardContent>
+        </Card>
+      )}
+    </div>
+  );
+};
+
+export default ServiceMonitor;

rag-quest-hub/vercel.json

@@ -0,0 +1,46 @@
+{
+  "version": 2,
+  "buildCommand": "npm run build",
+  "outputDirectory": "dist",
+  "installCommand": "npm install",
+  "framework": "vite",
+  "rewrites": [
+    {
+      "source": "/api/(.*)",
+      "destination": "/api/$1"
+    },
+    {
+      "source": "/((?!api/).*)",
+      "destination": "/index.html"
+    }
+  ],
+  "headers": [
+    {
+      "source": "/api/(.*)",
+      "headers": [
+        {
+          "key": "Access-Control-Allow-Origin",
+          "value": "*"
+        },
+        {
+          "key": "Access-Control-Allow-Methods",
+          "value": "GET, POST, PUT, DELETE, OPTIONS"
+        },
+        {
+          "key": "Access-Control-Allow-Headers",
+          "value": "Content-Type, Authorization"
+        }
+      ]
+    }
+  ],
+  "functions": {
+    "api/**/*.js": {
+      "runtime": "nodejs18.x"
+    }
+  },
+  "env": {
+    "VITE_API_BASE_URL": "/api",
+    "VITE_API_TIMEOUT": "30000",
+    "VITE_QUERY_TIMEOUT": "60000"
+  }
+}

rag-quest-hub/vite.config.ts

@@ -11,12 +11,25 @@ export default defineConfig(({ mode }) => ({
     watch: {
       usePolling: true, // Enable polling for Docker environments
     },
-    proxy: {
+    proxy: mode !== 'production' ? {
       '/api': {
         target: process.env.VITE_API_BASE_URL || 'http://localhost:8000',
         changeOrigin: true,
         rewrite: (path) => path.replace(/^\/api/, ''),
       },
+    } : undefined,
+  },
+  build: {
+    outDir: 'dist',
+    sourcemap: mode === 'development',
+    rollupOptions: {
+      output: {
+        manualChunks: {
+          vendor: ['react', 'react-dom'],
+          router: ['react-router-dom'],
+          ui: ['@radix-ui/react-dialog', '@radix-ui/react-dropdown-menu', '@radix-ui/react-toast'],
+        },
+      },
     },
   },
   plugins: [

railway-database-config.py

@@ -0,0 +1,101 @@
+"""
+Railway Database Configuration Helper
+Handles both PostgreSQL (Railway managed) and SQLite fallback
+"""
+
+import os
+import logging
+from urllib.parse import urlparse
+
+logger = logging.getLogger(__name__)
+
+def get_railway_database_url():
+    """
+    Get the appropriate database URL for Railway deployment.
+    Prioritizes Railway PostgreSQL, falls back to SQLite.
+    """
+    # Check for Railway PostgreSQL URL
+    railway_db_url = os.getenv('DATABASE_URL')
+    
+    if railway_db_url and railway_db_url.startswith('postgresql'):
+        logger.info("Using Railway PostgreSQL database")
+        # Convert postgresql:// to postgresql+asyncpg:// for async support
+        if railway_db_url.startswith('postgresql://'):
+            railway_db_url = railway_db_url.replace('postgresql://', 'postgresql+asyncpg://', 1)
+        return railway_db_url
+    
+    # Fallback to SQLite
+    sqlite_url = "sqlite+aiosqlite:///./data/knowledge_assistant.db"
+    logger.info("Using SQLite database fallback")
+    return sqlite_url
+
+def get_railway_environment_config():
+    """
+    Get Railway-specific environment configuration
+    """
+    config = {
+        'database_url': get_railway_database_url(),
+        'port': int(os.getenv('PORT', 8000)),
+        'cors_origins': os.getenv('CORS_ORIGINS', '').split(',') if os.getenv('CORS_ORIGINS') else ['*'],
+        'jwt_secret': os.getenv('JWT_SECRET', 'railway-default-secret-change-in-production'),
+        'jwt_lifetime': int(os.getenv('JWT_LIFETIME_SECONDS', 3600)),
+        'user_registration_enabled': os.getenv('USER_REGISTRATION_ENABLED', 'true').lower() == 'true',
+        'email_verification_required': os.getenv('EMAIL_VERIFICATION_REQUIRED', 'false').lower() == 'true',
+    }
+    
+    # External services configuration
+    config.update({
+        'qdrant_host': os.getenv('QDRANT_HOST', 'localhost'),
+        'qdrant_port': int(os.getenv('QDRANT_PORT', 6333)),
+        'ollama_host': os.getenv('OLLAMA_HOST', 'localhost'),
+        'ollama_port': int(os.getenv('OLLAMA_PORT', 11434)),
+        'ollama_model': os.getenv('OLLAMA_MODEL', 'llama3.2:1b'),
+    })
+    
+    # Optional external service URLs (for hybrid deployment)
+    if os.getenv('QDRANT_CLOUD_URL'):
+        config['qdrant_cloud_url'] = os.getenv('QDRANT_CLOUD_URL')
+        config['qdrant_api_key'] = os.getenv('QDRANT_API_KEY')
+    
+    if os.getenv('OPENAI_API_KEY'):
+        config['openai_api_key'] = os.getenv('OPENAI_API_KEY')
+        config['use_openai'] = os.getenv('USE_OPENAI_INSTEAD_OF_OLLAMA', 'false').lower() == 'true'
+    
+    return config
+
+def validate_railway_config():
+    """
+    Validate Railway configuration and log warnings for missing required variables
+    """
+    required_vars = ['JWT_SECRET']
+    missing_vars = []
+    
+    for var in required_vars:
+        if not os.getenv(var):
+            missing_vars.append(var)
+    
+    if missing_vars:
+        logger.warning(f"Missing required environment variables: {', '.join(missing_vars)}")
+        return False
+    
+    # Validate JWT secret strength
+    jwt_secret = os.getenv('JWT_SECRET', '')
+    if len(jwt_secret) < 32:
+        logger.warning("JWT_SECRET should be at least 32 characters long for security")
+    
+    return True
+
+if __name__ == "__main__":
+    # Test configuration
+    logging.basicConfig(level=logging.INFO)
+    config = get_railway_environment_config()
+    is_valid = validate_railway_config()
+    
+    print("Railway Configuration:")
+    for key, value in config.items():
+        if 'secret' in key.lower() or 'key' in key.lower():
+            print(f"  {key}: {'*' * len(str(value)) if value else 'NOT SET'}")
+        else:
+            print(f"  {key}: {value}")
+    
+    print(f"\nConfiguration valid: {is_valid}")

railway-health-check.sh

@@ -0,0 +1,318 @@
+#!/bin/bash
+
+# Railway Health Check Script
+# Validates deployment health and service connectivity
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Configuration
+BACKEND_SERVICE="backend"
+FRONTEND_SERVICE="frontend"
+TIMEOUT=30
+
+# Logging functions
+log() {
+    echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" >&2
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+# Check if Railway CLI is available
+check_railway_cli() {
+    if ! command -v railway &> /dev/null; then
+        error "Railway CLI is not installed"
+        exit 1
+    fi
+}
+
+# Get service URL
+get_service_url() {
+    local service_name=$1
+    railway service use "$service_name" &> /dev/null
+    local domain=$(railway domain 2>/dev/null | head -n1)
+    if [ -n "$domain" ]; then
+        echo "https://$domain"
+    else
+        echo ""
+    fi
+}
+
+# Test HTTP endpoint
+test_endpoint() {
+    local url=$1
+    local description=$2
+    local expected_status=${3:-200}
+    
+    log "Testing $description: $url"
+    
+    local response=$(curl -s -w "%{http_code}" -o /dev/null --max-time $TIMEOUT "$url" 2>/dev/null || echo "000")
+    
+    if [ "$response" = "$expected_status" ]; then
+        success "$description is healthy (HTTP $response)"
+        return 0
+    else
+        error "$description failed (HTTP $response)"
+        return 1
+    fi
+}
+
+# Test JSON API endpoint
+test_json_endpoint() {
+    local url=$1
+    local description=$2
+    
+    log "Testing $description: $url"
+    
+    local response=$(curl -s --max-time $TIMEOUT -H "Accept: application/json" "$url" 2>/dev/null)
+    local status=$?
+    
+    if [ $status -eq 0 ] && echo "$response" | jq . &> /dev/null; then
+        success "$description returned valid JSON"
+        return 0
+    else
+        error "$description failed or returned invalid JSON"
+        return 1
+    fi
+}
+
+# Test backend health
+test_backend_health() {
+    log "Testing backend service health..."
+    
+    local backend_url=$(get_service_url "$BACKEND_SERVICE")
+    if [ -z "$backend_url" ]; then
+        error "Backend URL not available"
+        return 1
+    fi
+    
+    log "Backend URL: $backend_url"
+    
+    # Test basic connectivity
+    test_endpoint "$backend_url" "Backend root endpoint" || return 1
+    
+    # Test health endpoint
+    test_json_endpoint "$backend_url/health" "Backend health endpoint" || return 1
+    
+    # Test API docs
+    test_endpoint "$backend_url/docs" "Backend API documentation" || return 1
+    
+    # Test OpenAPI spec
+    test_json_endpoint "$backend_url/openapi.json" "Backend OpenAPI specification" || return 1
+    
+    success "Backend service is healthy"
+    return 0
+}
+
+# Test frontend health
+test_frontend_health() {
+    log "Testing frontend service health..."
+    
+    local frontend_url=$(get_service_url "$FRONTEND_SERVICE")
+    if [ -z "$frontend_url" ]; then
+        error "Frontend URL not available"
+        return 1
+    fi
+    
+    log "Frontend URL: $frontend_url"
+    
+    # Test basic connectivity
+    test_endpoint "$frontend_url" "Frontend application" || return 1
+    
+    # Test static assets (common paths)
+    test_endpoint "$frontend_url/assets" "Frontend assets" 404  # 404 is expected for directory listing
+    
+    success "Frontend service is healthy"
+    return 0
+}
+
+# Test service connectivity
+test_service_connectivity() {
+    log "Testing service connectivity..."
+    
+    local backend_url=$(get_service_url "$BACKEND_SERVICE")
+    local frontend_url=$(get_service_url "$FRONTEND_SERVICE")
+    
+    if [ -z "$backend_url" ] || [ -z "$frontend_url" ]; then
+        warning "Cannot test connectivity - missing service URLs"
+        return 1
+    fi
+    
+    # Test CORS by checking if frontend can reach backend
+    # This is a simplified test - in reality, CORS is tested by the browser
+    log "Testing backend accessibility from frontend domain..."
+    
+    # Check if backend allows the frontend origin
+    local cors_test=$(curl -s -H "Origin: $frontend_url" -H "Access-Control-Request-Method: GET" -X OPTIONS "$backend_url/health" -w "%{http_code}" -o /dev/null 2>/dev/null || echo "000")
+    
+    if [ "$cors_test" = "200" ] || [ "$cors_test" = "204" ]; then
+        success "CORS configuration appears correct"
+    else
+        warning "CORS configuration may need adjustment (HTTP $cors_test)"
+    fi
+    
+    return 0
+}
+
+# Test database connectivity
+test_database_connectivity() {
+    log "Testing database connectivity..."
+    
+    local backend_url=$(get_service_url "$BACKEND_SERVICE")
+    if [ -z "$backend_url" ]; then
+        error "Backend URL not available for database test"
+        return 1
+    fi
+    
+    # Test database health through backend API
+    # This assumes the backend has a database health check endpoint
+    local db_health=$(curl -s --max-time $TIMEOUT "$backend_url/health" 2>/dev/null | jq -r '.database // "unknown"' 2>/dev/null || echo "unknown")
+    
+    if [ "$db_health" = "healthy" ] || [ "$db_health" = "ok" ]; then
+        success "Database connectivity is healthy"
+    elif [ "$db_health" = "unknown" ]; then
+        warning "Database health status unknown"
+    else
+        error "Database connectivity issues detected"
+        return 1
+    fi
+    
+    return 0
+}
+
+# Generate health report
+generate_health_report() {
+    log "Generating health report..."
+    
+    local backend_url=$(get_service_url "$BACKEND_SERVICE")
+    local frontend_url=$(get_service_url "$FRONTEND_SERVICE")
+    
+    echo ""
+    echo "=== Railway Deployment Health Report ==="
+    echo "Generated: $(date)"
+    echo ""
+    
+    if [ -n "$backend_url" ]; then
+        echo "Backend Service:"
+        echo "  URL: $backend_url"
+        echo "  Health: $backend_url/health"
+        echo "  API Docs: $backend_url/docs"
+    else
+        echo "Backend Service: NOT AVAILABLE"
+    fi
+    
+    echo ""
+    
+    if [ -n "$frontend_url" ]; then
+        echo "Frontend Service:"
+        echo "  URL: $frontend_url"
+    else
+        echo "Frontend Service: NOT AVAILABLE"
+    fi
+    
+    echo ""
+    echo "Service Status:"
+    railway service use "$BACKEND_SERVICE" &> /dev/null
+    echo "  Backend: $(railway status --json 2>/dev/null | jq -r '.status // "unknown"' 2>/dev/null || echo "unknown")"
+    
+    railway service use "$FRONTEND_SERVICE" &> /dev/null
+    echo "  Frontend: $(railway status --json 2>/dev/null | jq -r '.status // "unknown"' 2>/dev/null || echo "unknown")"
+    
+    echo ""
+    echo "Recent Logs (last 10 lines):"
+    echo "Backend:"
+    railway service use "$BACKEND_SERVICE" &> /dev/null
+    railway logs --tail 10 2>/dev/null | sed 's/^/  /' || echo "  Logs not available"
+    
+    echo ""
+    echo "Frontend:"
+    railway service use "$FRONTEND_SERVICE" &> /dev/null
+    railway logs --tail 10 2>/dev/null | sed 's/^/  /' || echo "  Logs not available"
+}
+
+# Main health check function
+main() {
+    log "Starting Railway deployment health check..."
+    
+    check_railway_cli
+    
+    local failed_tests=0
+    
+    # Run health tests
+    test_backend_health || ((failed_tests++))
+    test_frontend_health || ((failed_tests++))
+    test_service_connectivity || ((failed_tests++))
+    test_database_connectivity || ((failed_tests++))
+    
+    # Generate report
+    generate_health_report
+    
+    echo ""
+    if [ $failed_tests -eq 0 ]; then
+        success "All health checks passed!"
+        exit 0
+    else
+        error "$failed_tests health check(s) failed"
+        echo ""
+        echo "Troubleshooting tips:"
+        echo "1. Check Railway dashboard for service status"
+        echo "2. Review service logs: railway logs --service <service-name>"
+        echo "3. Verify environment variables: railway variables"
+        echo "4. Check resource usage and limits"
+        echo "5. Ensure all services are deployed and running"
+        exit 1
+    fi
+}
+
+# Handle script arguments
+case "${1:-}" in
+    --help|-h)
+        echo "Railway Health Check Script"
+        echo ""
+        echo "Usage: $0 [options]"
+        echo ""
+        echo "Options:"
+        echo "  --help, -h      Show this help message"
+        echo "  --backend-only  Check only backend service"
+        echo "  --frontend-only Check only frontend service"
+        echo "  --report-only   Generate health report only"
+        echo ""
+        exit 0
+        ;;
+    --backend-only)
+        check_railway_cli
+        test_backend_health
+        ;;
+    --frontend-only)
+        check_railway_cli
+        test_frontend_health
+        ;;
+    --report-only)
+        check_railway_cli
+        generate_health_report
+        ;;
+    "")
+        main
+        ;;
+    *)
+        error "Unknown option: $1"
+        echo "Use --help for usage information"
+        exit 1
+        ;;
+esac

railway.json

@@ -0,0 +1,12 @@
+{
+  "build": {
+    "builder": "DOCKERFILE",
+    "dockerfilePath": "Dockerfile"
+  },
+  "deploy": {
+    "numReplicas": 1,
+    "sleepApplication": false,
+    "restartPolicyType": "ON_FAILURE",
+    "restartPolicyMaxRetries": 10
+  }
+}

requirements.txt

@@ -8,7 +8,7 @@ beautifulsoup4
 sentence-transformers
 qdrant-client
 langchain
-ollama
+google-generativeai
 fastapi-users[sqlalchemy]
 passlib[bcrypt]
 python-jose[cryptography]
@@ -21,4 +21,5 @@ python-docx
 pytest
 pytest-asyncio
 httpx
-pytest-mock
+pytest-mock
+psutil

scripts/backup-manager.sh

@@ -0,0 +1,392 @@
+#!/bin/bash
+
+# Backup Manager Script
+# Provides command-line interface for backup and restore operations
+
+set -e
+
+# Source deployment utilities
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/deployment-utils.sh"
+
+# Configuration
+BACKUP_DIR="backups"
+DATABASE_FILE="knowledge_assistant.db"
+PYTHON_CMD="python"
+
+# Ensure backup directory exists
+mkdir -p "$BACKUP_DIR"
+
+# Function to create a backup
+create_backup() {
+    log "Starting backup creation..."
+    
+    local backup_id="backup_$(date +%Y%m%d_%H%M%S)"
+    local backup_path="$BACKUP_DIR/$backup_id"
+    
+    # Create backup directory
+    mkdir -p "$backup_path"
+    
+    # Backup database
+    if [ -f "$DATABASE_FILE" ]; then
+        log "Backing up database..."
+        cp "$DATABASE_FILE" "$backup_path/database.db"
+        success "Database backup completed"
+    else
+        warning "Database file not found: $DATABASE_FILE"
+    fi
+    
+    # Backup uploads directory
+    if [ -d "uploads" ]; then
+        log "Backing up uploads directory..."
+        cp -r uploads "$backup_path/"
+        success "Uploads backup completed"
+    else
+        warning "Uploads directory not found"
+    fi
+    
+    # Create backup metadata
+    cat > "$backup_path/metadata.json" << EOF
+{
+    "backup_id": "$backup_id",
+    "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+    "backup_type": "manual",
+    "created_by": "backup-manager.sh",
+    "database_file": "$([ -f "$DATABASE_FILE" ] && echo "included" || echo "not_found")",
+    "uploads_dir": "$([ -d "uploads" ] && echo "included" || echo "not_found")"
+}
+EOF
+    
+    # Create compressed archive
+    log "Creating compressed archive..."
+    cd "$BACKUP_DIR"
+    tar -czf "${backup_id}.tar.gz" "$backup_id"
+    rm -rf "$backup_id"
+    cd - > /dev/null
+    
+    local backup_size=$(du -h "$BACKUP_DIR/${backup_id}.tar.gz" | cut -f1)
+    success "Backup created successfully: ${backup_id}.tar.gz (${backup_size})"
+    
+    # Clean up old backups
+    cleanup_old_backups
+}
+
+# Function to list available backups
+list_backups() {
+    log "Available backups:"
+    echo ""
+    
+    if [ ! -d "$BACKUP_DIR" ] || [ -z "$(ls -A "$BACKUP_DIR"/*.tar.gz 2>/dev/null)" ]; then
+        warning "No backups found in $BACKUP_DIR"
+        return
+    fi
+    
+    printf "%-25s %-15s %-20s\n" "BACKUP ID" "SIZE" "DATE"
+    printf "%-25s %-15s %-20s\n" "-------------------------" "---------------" "--------------------"
+    
+    for backup_file in "$BACKUP_DIR"/*.tar.gz; do
+        if [ -f "$backup_file" ]; then
+            local backup_name=$(basename "$backup_file" .tar.gz)
+            local backup_size=$(du -h "$backup_file" | cut -f1)
+            local backup_date=$(date -r "$backup_file" "+%Y-%m-%d %H:%M:%S")
+            
+            printf "%-25s %-15s %-20s\n" "$backup_name" "$backup_size" "$backup_date"
+        fi
+    done
+}
+
+# Function to restore from backup
+restore_backup() {
+    local backup_id="$1"
+    
+    if [ -z "$backup_id" ]; then
+        error "Backup ID is required"
+        echo "Usage: $0 restore <backup_id>"
+        return 1
+    fi
+    
+    local backup_file="$BACKUP_DIR/${backup_id}.tar.gz"
+    
+    if [ ! -f "$backup_file" ]; then
+        error "Backup file not found: $backup_file"
+        return 1
+    fi
+    
+    log "Starting restore from backup: $backup_id"
+    
+    # Create temporary restore directory
+    local restore_dir="$BACKUP_DIR/restore_${backup_id}"
+    mkdir -p "$restore_dir"
+    
+    # Extract backup
+    log "Extracting backup archive..."
+    cd "$BACKUP_DIR"
+    tar -xzf "${backup_id}.tar.gz" -C "$(dirname "$restore_dir")"
+    cd - > /dev/null
+    
+    # Check if extraction was successful
+    if [ ! -d "$BACKUP_DIR/$backup_id" ]; then
+        error "Failed to extract backup archive"
+        return 1
+    fi
+    
+    # Backup current data before restore
+    if [ -f "$DATABASE_FILE" ]; then
+        local current_backup="$DATABASE_FILE.backup_$(date +%Y%m%d_%H%M%S)"
+        cp "$DATABASE_FILE" "$current_backup"
+        log "Current database backed up to: $current_backup"
+    fi
+    
+    if [ -d "uploads" ]; then
+        local current_uploads_backup="uploads_backup_$(date +%Y%m%d_%H%M%S)"
+        cp -r uploads "$current_uploads_backup"
+        log "Current uploads backed up to: $current_uploads_backup"
+    fi
+    
+    # Restore database
+    if [ -f "$BACKUP_DIR/$backup_id/database.db" ]; then
+        log "Restoring database..."
+        cp "$BACKUP_DIR/$backup_id/database.db" "$DATABASE_FILE"
+        success "Database restored"
+    else
+        warning "No database found in backup"
+    fi
+    
+    # Restore uploads
+    if [ -d "$BACKUP_DIR/$backup_id/uploads" ]; then
+        log "Restoring uploads directory..."
+        rm -rf uploads
+        cp -r "$BACKUP_DIR/$backup_id/uploads" .
+        success "Uploads directory restored"
+    else
+        warning "No uploads directory found in backup"
+    fi
+    
+    # Clean up temporary files
+    rm -rf "$BACKUP_DIR/$backup_id"
+    
+    success "Restore completed successfully from backup: $backup_id"
+}
+
+# Function to verify backup integrity
+verify_backup() {
+    local backup_id="$1"
+    
+    if [ -z "$backup_id" ]; then
+        error "Backup ID is required"
+        echo "Usage: $0 verify <backup_id>"
+        return 1
+    fi
+    
+    local backup_file="$BACKUP_DIR/${backup_id}.tar.gz"
+    
+    if [ ! -f "$backup_file" ]; then
+        error "Backup file not found: $backup_file"
+        return 1
+    fi
+    
+    log "Verifying backup integrity: $backup_id"
+    
+    # Test archive integrity
+    if tar -tzf "$backup_file" > /dev/null 2>&1; then
+        success "Backup archive integrity verified"
+    else
+        error "Backup archive is corrupted"
+        return 1
+    fi
+    
+    # Extract and verify contents
+    local temp_dir=$(mktemp -d)
+    cd "$temp_dir"
+    
+    if tar -xzf "$backup_file" 2>/dev/null; then
+        log "Archive extracted successfully for verification"
+        
+        # Check for expected files
+        local extracted_dir=$(ls -1 | head -1)
+        
+        if [ -f "$extracted_dir/metadata.json" ]; then
+            log "Metadata file found"
+            cat "$extracted_dir/metadata.json" | python -m json.tool > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                success "Metadata is valid JSON"
+            else
+                warning "Metadata JSON is malformed"
+            fi
+        else
+            warning "Metadata file not found"
+        fi
+        
+        if [ -f "$extracted_dir/database.db" ]; then
+            success "Database file found in backup"
+        else
+            warning "Database file not found in backup"
+        fi
+        
+        success "Backup verification completed"
+    else
+        error "Failed to extract backup for verification"
+        cd - > /dev/null
+        rm -rf "$temp_dir"
+        return 1
+    fi
+    
+    cd - > /dev/null
+    rm -rf "$temp_dir"
+}
+
+# Function to clean up old backups
+cleanup_old_backups() {
+    local max_backups=${1:-10}
+    
+    log "Cleaning up old backups (keeping last $max_backups)..."
+    
+    if [ ! -d "$BACKUP_DIR" ]; then
+        return
+    fi
+    
+    # Count current backups
+    local backup_count=$(ls -1 "$BACKUP_DIR"/*.tar.gz 2>/dev/null | wc -l)
+    
+    if [ "$backup_count" -le "$max_backups" ]; then
+        log "No cleanup needed ($backup_count backups, limit: $max_backups)"
+        return
+    fi
+    
+    # Remove oldest backups
+    local to_remove=$((backup_count - max_backups))
+    
+    ls -1t "$BACKUP_DIR"/*.tar.gz | tail -n "$to_remove" | while read -r old_backup; do
+        log "Removing old backup: $(basename "$old_backup")"
+        rm -f "$old_backup"
+    done
+    
+    success "Cleaned up $to_remove old backups"
+}
+
+# Function to show backup statistics
+show_stats() {
+    log "Backup Statistics:"
+    echo ""
+    
+    if [ ! -d "$BACKUP_DIR" ]; then
+        warning "Backup directory not found: $BACKUP_DIR"
+        return
+    fi
+    
+    local backup_count=$(ls -1 "$BACKUP_DIR"/*.tar.gz 2>/dev/null | wc -l)
+    local total_size=$(du -sh "$BACKUP_DIR" 2>/dev/null | cut -f1)
+    
+    echo "Total backups: $backup_count"
+    echo "Total size: $total_size"
+    echo "Backup directory: $BACKUP_DIR"
+    
+    if [ "$backup_count" -gt 0 ]; then
+        echo ""
+        local newest=$(ls -1t "$BACKUP_DIR"/*.tar.gz 2>/dev/null | head -1)
+        local oldest=$(ls -1t "$BACKUP_DIR"/*.tar.gz 2>/dev/null | tail -1)
+        
+        if [ -n "$newest" ]; then
+            echo "Newest backup: $(basename "$newest" .tar.gz) ($(date -r "$newest" "+%Y-%m-%d %H:%M:%S"))"
+        fi
+        
+        if [ -n "$oldest" ] && [ "$oldest" != "$newest" ]; then
+            echo "Oldest backup: $(basename "$oldest" .tar.gz) ($(date -r "$oldest" "+%Y-%m-%d %H:%M:%S"))"
+        fi
+    fi
+}
+
+# Function to schedule automatic backups
+schedule_backup() {
+    local schedule="$1"  # daily, weekly, or cron expression
+    
+    if [ -z "$schedule" ]; then
+        error "Schedule is required"
+        echo "Usage: $0 schedule <daily|weekly|'cron_expression'>"
+        return 1
+    fi
+    
+    local script_path="$(realpath "$0")"
+    local cron_entry=""
+    
+    case "$schedule" in
+        daily)
+            cron_entry="0 2 * * * $script_path create"
+            ;;
+        weekly)
+            cron_entry="0 2 * * 0 $script_path create"
+            ;;
+        *)
+            cron_entry="$schedule $script_path create"
+            ;;
+    esac
+    
+    log "Adding cron job for automatic backups..."
+    
+    # Add to crontab
+    (crontab -l 2>/dev/null; echo "$cron_entry") | crontab -
+    
+    success "Automatic backup scheduled: $schedule"
+    log "Cron entry: $cron_entry"
+}
+
+# Main function
+main() {
+    case "${1:-help}" in
+        create|backup)
+            create_backup
+            ;;
+        list|ls)
+            list_backups
+            ;;
+        restore)
+            restore_backup "$2"
+            ;;
+        verify)
+            verify_backup "$2"
+            ;;
+        cleanup)
+            cleanup_old_backups "$2"
+            ;;
+        stats)
+            show_stats
+            ;;
+        schedule)
+            schedule_backup "$2"
+            ;;
+        help|--help|-h)
+            echo "Backup Manager for Knowledge Assistant RAG"
+            echo ""
+            echo "Usage: $0 <command> [options]"
+            echo ""
+            echo "Commands:"
+            echo "  create              Create a new backup"
+            echo "  list                List all available backups"
+            echo "  restore <backup_id> Restore from a specific backup"
+            echo "  verify <backup_id>  Verify backup integrity"
+            echo "  cleanup [count]     Clean up old backups (default: keep 10)"
+            echo "  stats               Show backup statistics"
+            echo "  schedule <schedule> Schedule automatic backups (daily/weekly/cron)"
+            echo "  help                Show this help message"
+            echo ""
+            echo "Examples:"
+            echo "  $0 create"
+            echo "  $0 list"
+            echo "  $0 restore backup_20240827_143022"
+            echo "  $0 verify backup_20240827_143022"
+            echo "  $0 cleanup 5"
+            echo "  $0 schedule daily"
+            echo ""
+            ;;
+        *)
+            error "Unknown command: $1"
+            echo "Use '$0 help' for usage information"
+            exit 1
+            ;;
+    esac
+}
+
+# Run main function if script is executed directly
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    main "$@"
+fi

scripts/cloudrun-env-setup.sh

@@ -0,0 +1,298 @@
+#!/bin/bash
+
+# Cloud Run Environment Setup Script
+# This script helps set up environment variables and secrets for Cloud Run deployment
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+print_status() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Function to generate secure JWT secret
+generate_jwt_secret() {
+    openssl rand -base64 64 | tr -d '\n'
+}
+
+# Function to validate Gemini API key format
+validate_gemini_key() {
+    local key="$1"
+    if [[ ${#key} -lt 20 ]]; then
+        return 1
+    fi
+    return 0
+}
+
+# Function to create environment file
+create_env_file() {
+    local env_file="$1"
+    
+    print_status "Creating Cloud Run environment file: $env_file"
+    
+    # Get project ID from gcloud
+    PROJECT_ID=$(gcloud config get-value project 2>/dev/null || echo "")
+    if [[ -z "$PROJECT_ID" ]]; then
+        read -p "Enter your Google Cloud Project ID: " PROJECT_ID
+    fi
+    
+    # Generate JWT secret
+    JWT_SECRET=$(generate_jwt_secret)
+    print_success "Generated secure JWT secret"
+    
+    # Get Gemini API key
+    read -p "Enter your Google Gemini API key: " GEMINI_API_KEY
+    if ! validate_gemini_key "$GEMINI_API_KEY"; then
+        print_warning "API key seems short. Please ensure it's correct."
+    fi
+    
+    # Create the environment file
+    cat > "$env_file" << EOF
+# Cloud Run Environment Variables
+# Generated on $(date)
+
+# Google Cloud Project Configuration
+PROJECT_ID=$PROJECT_ID
+REGION=us-central1
+
+# JWT Configuration (Auto-generated secure secret)
+JWT_SECRET=$JWT_SECRET
+JWT_LIFETIME_SECONDS=3600
+
+# User Registration Settings
+USER_REGISTRATION_ENABLED=true
+EMAIL_VERIFICATION_REQUIRED=false
+
+# Frontend Configuration (will be updated after deployment)
+VITE_API_BASE_URL=https://knowledge-assistant-backend-HASH-uc.a.run.app
+VITE_API_TIMEOUT=30000
+VITE_ENABLE_REGISTRATION=true
+
+# CORS Configuration (will be updated after deployment)
+CORS_ORIGINS=https://knowledge-assistant-frontend-HASH-uc.a.run.app
+
+# Google Gemini API Configuration
+GEMINI_API_KEY=$GEMINI_API_KEY
+GEMINI_MODEL=gemini-1.5-flash
+
+# Database Configuration (will be generated during deployment)
+DATABASE_URL=postgresql+asyncpg://knowledge-assistant-user:PASSWORD@/knowledge-assistant-main-db?host=/cloudsql/$PROJECT_ID:us-central1:knowledge-assistant-db
+
+# Qdrant Configuration (will be updated after deployment)
+QDRANT_HOST=https://knowledge-assistant-qdrant-HASH-uc.a.run.app
+QDRANT_PORT=443
+
+# Python Configuration
+PYTHONUNBUFFERED=1
+PYTHONDONTWRITEBYTECODE=1
+
+# Cloud SQL Instance Connection
+CLOUD_SQL_CONNECTION_NAME=$PROJECT_ID:us-central1:knowledge-assistant-db
+
+# Service Account Emails
+BACKEND_SERVICE_ACCOUNT=knowledge-assistant-backend-sa@$PROJECT_ID.iam.gserviceaccount.com
+QDRANT_SERVICE_ACCOUNT=knowledge-assistant-qdrant-sa@$PROJECT_ID.iam.gserviceaccount.com
+
+# Resource Configuration
+BACKEND_MEMORY=1Gi
+BACKEND_CPU=1000m
+FRONTEND_MEMORY=512Mi
+FRONTEND_CPU=1000m
+QDRANT_MEMORY=512Mi
+QDRANT_CPU=1000m
+
+# Scaling Configuration
+MAX_INSTANCES=10
+MIN_INSTANCES=0
+QDRANT_MIN_INSTANCES=1
+
+# Security Configuration
+REQUIRE_AUTHENTICATION=false
+ENABLE_CORS=true
+SECURE_COOKIES=true
+EOF
+    
+    print_success "Environment file created: $env_file"
+    print_warning "Please review and modify the file as needed before deployment"
+}
+
+# Function to update service URLs after deployment
+update_service_urls() {
+    local env_file="$1"
+    
+    if [[ ! -f "$env_file" ]]; then
+        print_error "Environment file not found: $env_file"
+        exit 1
+    fi
+    
+    source "$env_file"
+    
+    print_status "Updating service URLs in environment file..."
+    
+    # Get actual service URLs
+    FRONTEND_URL=$(gcloud run services describe knowledge-assistant-frontend --region="$REGION" --format="value(status.url)" 2>/dev/null || echo "")
+    BACKEND_URL=$(gcloud run services describe knowledge-assistant-backend --region="$REGION" --format="value(status.url)" 2>/dev/null || echo "")
+    QDRANT_URL=$(gcloud run services describe knowledge-assistant-qdrant --region="$REGION" --format="value(status.url)" 2>/dev/null || echo "")
+    
+    if [[ -n "$FRONTEND_URL" && -n "$BACKEND_URL" && -n "$QDRANT_URL" ]]; then
+        # Update the environment file with actual URLs
+        sed -i "s|VITE_API_BASE_URL=.*|VITE_API_BASE_URL=$BACKEND_URL|" "$env_file"
+        sed -i "s|CORS_ORIGINS=.*|CORS_ORIGINS=$FRONTEND_URL|" "$env_file"
+        sed -i "s|QDRANT_HOST=.*|QDRANT_HOST=$QDRANT_URL|" "$env_file"
+        
+        print_success "Updated service URLs:"
+        print_success "  Frontend: $FRONTEND_URL"
+        print_success "  Backend: $BACKEND_URL"
+        print_success "  Qdrant: $QDRANT_URL"
+    else
+        print_warning "Some services not found. URLs not updated."
+    fi
+}
+
+# Function to validate environment file
+validate_env_file() {
+    local env_file="$1"
+    
+    if [[ ! -f "$env_file" ]]; then
+        print_error "Environment file not found: $env_file"
+        return 1
+    fi
+    
+    source "$env_file"
+    
+    print_status "Validating environment configuration..."
+    
+    local errors=0
+    
+    # Check required variables
+    if [[ -z "$PROJECT_ID" ]]; then
+        print_error "PROJECT_ID is not set"
+        ((errors++))
+    fi
+    
+    if [[ -z "$JWT_SECRET" ]]; then
+        print_error "JWT_SECRET is not set"
+        ((errors++))
+    fi
+    
+    if [[ -z "$GEMINI_API_KEY" ]]; then
+        print_error "GEMINI_API_KEY is not set"
+        ((errors++))
+    fi
+    
+    # Validate JWT secret strength
+    if [[ ${#JWT_SECRET} -lt 32 ]]; then
+        print_warning "JWT_SECRET is shorter than recommended (32+ characters)"
+    fi
+    
+    # Validate Gemini API key
+    if ! validate_gemini_key "$GEMINI_API_KEY"; then
+        print_warning "GEMINI_API_KEY format may be invalid"
+    fi
+    
+    if [[ $errors -eq 0 ]]; then
+        print_success "Environment validation passed"
+        return 0
+    else
+        print_error "Environment validation failed with $errors errors"
+        return 1
+    fi
+}
+
+# Function to create secrets in Secret Manager
+create_secrets() {
+    local env_file="$1"
+    
+    if [[ ! -f "$env_file" ]]; then
+        print_error "Environment file not found: $env_file"
+        exit 1
+    fi
+    
+    source "$env_file"
+    
+    print_status "Creating secrets in Google Secret Manager..."
+    
+    # Create the secret if it doesn't exist
+    if ! gcloud secrets describe knowledge-assistant-secrets &>/dev/null; then
+        gcloud secrets create knowledge-assistant-secrets --replication-policy="automatic"
+        print_success "Created secret: knowledge-assistant-secrets"
+    else
+        print_warning "Secret already exists, will update with new version"
+    fi
+    
+    # Create temporary secrets file
+    local temp_secrets="/tmp/cloudrun-secrets-$$.json"
+    cat > "$temp_secrets" << EOF
+{
+  "JWT_SECRET": "$JWT_SECRET",
+  "DATABASE_URL": "$DATABASE_URL",
+  "GEMINI_API_KEY": "$GEMINI_API_KEY"
+}
+EOF
+    
+    # Add secret version
+    gcloud secrets versions add knowledge-assistant-secrets --data-file="$temp_secrets"
+    
+    # Clean up
+    rm "$temp_secrets"
+    
+    print_success "Secrets created/updated in Secret Manager"
+}
+
+# Main function
+main() {
+    local command="${1:-}"
+    local env_file="${2:-$(dirname "$0")/../.env.cloudrun}"
+    
+    case "$command" in
+        "create")
+            create_env_file "$env_file"
+            ;;
+        "validate")
+            validate_env_file "$env_file"
+            ;;
+        "update-urls")
+            update_service_urls "$env_file"
+            ;;
+        "create-secrets")
+            validate_env_file "$env_file" && create_secrets "$env_file"
+            ;;
+        "")
+            print_status "Cloud Run Environment Setup Utility"
+            echo ""
+            echo "Usage: $0 <command> [env_file]"
+            echo ""
+            echo "Commands:"
+            echo "  create        - Create new environment file"
+            echo "  validate      - Validate existing environment file"
+            echo "  update-urls   - Update service URLs after deployment"
+            echo "  create-secrets - Create secrets in Secret Manager"
+            echo ""
+            echo "Default env_file: .env.cloudrun"
+            ;;
+        *)
+            print_error "Unknown command: $command"
+            exit 1
+            ;;
+    esac
+}
+
+main "$@"

scripts/cloudrun-health-check.sh

@@ -0,0 +1,350 @@
+#!/bin/bash
+
+# Cloud Run Health Check Script
+# This script performs comprehensive health checks on all deployed Cloud Run services
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+print_status() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Configuration
+REGION="us-central1"
+TIMEOUT=30
+
+# Function to check if a URL is accessible
+check_url() {
+    local url="$1"
+    local service_name="$2"
+    local expected_status="${3:-200}"
+    
+    print_status "Checking $service_name at $url"
+    
+    local response
+    local status_code
+    
+    response=$(curl -s -w "HTTPSTATUS:%{http_code}" --max-time $TIMEOUT "$url" 2>/dev/null || echo "HTTPSTATUS:000")
+    status_code=$(echo "$response" | grep -o "HTTPSTATUS:[0-9]*" | cut -d: -f2)
+    
+    if [[ "$status_code" == "$expected_status" ]]; then
+        print_success "$service_name is healthy (HTTP $status_code)"
+        return 0
+    else
+        print_error "$service_name health check failed (HTTP $status_code)"
+        return 1
+    fi
+}
+
+# Function to check service deployment status
+check_service_status() {
+    local service_name="$1"
+    
+    print_status "Checking deployment status for $service_name"
+    
+    local status
+    status=$(gcloud run services describe "$service_name" --region="$REGION" --format="value(status.conditions[0].status)" 2>/dev/null || echo "Unknown")
+    
+    if [[ "$status" == "True" ]]; then
+        print_success "$service_name is deployed and ready"
+        return 0
+    else
+        print_error "$service_name deployment status: $status"
+        return 1
+    fi
+}
+
+# Function to get service URL
+get_service_url() {
+    local service_name="$1"
+    gcloud run services describe "$service_name" --region="$REGION" --format="value(status.url)" 2>/dev/null || echo ""
+}
+
+# Function to check service logs for errors
+check_service_logs() {
+    local service_name="$1"
+    local lines="${2:-50}"
+    
+    print_status "Checking recent logs for $service_name (last $lines lines)"
+    
+    local error_count
+    error_count=$(gcloud logging read "resource.type=\"cloud_run_revision\" AND resource.labels.service_name=\"$service_name\"" \
+        --limit="$lines" --format="value(severity)" 2>/dev/null | grep -c "ERROR" || echo "0")
+    
+    if [[ "$error_count" -eq 0 ]]; then
+        print_success "No errors found in recent logs for $service_name"
+    else
+        print_warning "Found $error_count errors in recent logs for $service_name"
+        
+        # Show recent errors
+        print_status "Recent errors for $service_name:"
+        gcloud logging read "resource.type=\"cloud_run_revision\" AND resource.labels.service_name=\"$service_name\" AND severity=\"ERROR\"" \
+            --limit=5 --format="value(timestamp,textPayload)" 2>/dev/null || echo "Could not retrieve error logs"
+    fi
+}
+
+# Function to check resource usage
+check_resource_usage() {
+    local service_name="$1"
+    
+    print_status "Checking resource usage for $service_name"
+    
+    # Get current revision
+    local revision
+    revision=$(gcloud run services describe "$service_name" --region="$REGION" --format="value(status.latestReadyRevisionName)" 2>/dev/null || echo "")
+    
+    if [[ -n "$revision" ]]; then
+        # Get memory and CPU limits
+        local memory_limit
+        local cpu_limit
+        memory_limit=$(gcloud run revisions describe "$revision" --region="$REGION" --format="value(spec.template.spec.containers[0].resources.limits.memory)" 2>/dev/null || echo "Unknown")
+        cpu_limit=$(gcloud run revisions describe "$revision" --region="$REGION" --format="value(spec.template.spec.containers[0].resources.limits.cpu)" 2>/dev/null || echo "Unknown")
+        
+        print_success "$service_name resource limits: Memory=$memory_limit, CPU=$cpu_limit"
+    else
+        print_warning "Could not retrieve resource information for $service_name"
+    fi
+}
+
+# Function to test API endpoints
+test_api_endpoints() {
+    local backend_url="$1"
+    
+    print_status "Testing API endpoints"
+    
+    # Test health endpoint
+    if check_url "$backend_url/health" "Backend Health Endpoint"; then
+        print_success "Health endpoint is working"
+    fi
+    
+    # Test docs endpoint
+    if check_url "$backend_url/docs" "API Documentation"; then
+        print_success "API documentation is accessible"
+    fi
+    
+    # Test CORS preflight
+    print_status "Testing CORS configuration"
+    local cors_response
+    cors_response=$(curl -s -X OPTIONS -H "Origin: https://example.com" -H "Access-Control-Request-Method: GET" "$backend_url/health" -w "HTTPSTATUS:%{http_code}" --max-time $TIMEOUT 2>/dev/null || echo "HTTPSTATUS:000")
+    local cors_status
+    cors_status=$(echo "$cors_response" | grep -o "HTTPSTATUS:[0-9]*" | cut -d: -f2)
+    
+    if [[ "$cors_status" == "200" ]]; then
+        print_success "CORS is properly configured"
+    else
+        print_warning "CORS configuration may need attention (HTTP $cors_status)"
+    fi
+}
+
+# Function to test service connectivity
+test_service_connectivity() {
+    local frontend_url="$1"
+    local backend_url="$2"
+    local qdrant_url="$3"
+    
+    print_status "Testing service connectivity"
+    
+    # Test if frontend can reach backend
+    print_status "Testing frontend to backend connectivity"
+    local frontend_config
+    frontend_config=$(curl -s "$frontend_url" --max-time $TIMEOUT 2>/dev/null | grep -o "VITE_API_BASE_URL.*" || echo "")
+    
+    if [[ "$frontend_config" == *"$backend_url"* ]]; then
+        print_success "Frontend is configured to use correct backend URL"
+    else
+        print_warning "Frontend may not be configured with correct backend URL"
+    fi
+    
+    # Test backend to Qdrant connectivity
+    print_status "Testing backend to Qdrant connectivity"
+    # This would require a specific endpoint that tests Qdrant connectivity
+    # For now, we'll just check if both services are healthy
+    if check_url "$backend_url/health" "Backend" && check_url "$qdrant_url/health" "Qdrant"; then
+        print_success "Backend and Qdrant services are both healthy"
+    fi
+}
+
+# Function to run comprehensive health check
+run_comprehensive_check() {
+    print_status "Starting comprehensive health check for Knowledge Assistant on Cloud Run"
+    echo ""
+    
+    local services=("knowledge-assistant-frontend" "knowledge-assistant-backend" "knowledge-assistant-qdrant")
+    local all_healthy=true
+    
+    # Check deployment status for all services
+    print_status "=== DEPLOYMENT STATUS CHECK ==="
+    for service in "${services[@]}"; do
+        if ! check_service_status "$service"; then
+            all_healthy=false
+        fi
+    done
+    echo ""
+    
+    # Get service URLs
+    local frontend_url backend_url qdrant_url
+    frontend_url=$(get_service_url "knowledge-assistant-frontend")
+    backend_url=$(get_service_url "knowledge-assistant-backend")
+    qdrant_url=$(get_service_url "knowledge-assistant-qdrant")
+    
+    if [[ -z "$frontend_url" || -z "$backend_url" || -z "$qdrant_url" ]]; then
+        print_error "Could not retrieve all service URLs"
+        all_healthy=false
+    else
+        print_success "Retrieved all service URLs:"
+        echo "  Frontend: $frontend_url"
+        echo "  Backend: $backend_url"
+        echo "  Qdrant: $qdrant_url"
+    fi
+    echo ""
+    
+    # Check URL accessibility
+    print_status "=== URL ACCESSIBILITY CHECK ==="
+    if [[ -n "$frontend_url" ]] && ! check_url "$frontend_url" "Frontend"; then
+        all_healthy=false
+    fi
+    if [[ -n "$backend_url" ]] && ! check_url "$backend_url/health" "Backend Health"; then
+        all_healthy=false
+    fi
+    if [[ -n "$qdrant_url" ]] && ! check_url "$qdrant_url/health" "Qdrant Health"; then
+        all_healthy=false
+    fi
+    echo ""
+    
+    # Test API endpoints
+    if [[ -n "$backend_url" ]]; then
+        print_status "=== API ENDPOINTS CHECK ==="
+        test_api_endpoints "$backend_url"
+        echo ""
+    fi
+    
+    # Test service connectivity
+    if [[ -n "$frontend_url" && -n "$backend_url" && -n "$qdrant_url" ]]; then
+        print_status "=== SERVICE CONNECTIVITY CHECK ==="
+        test_service_connectivity "$frontend_url" "$backend_url" "$qdrant_url"
+        echo ""
+    fi
+    
+    # Check resource usage
+    print_status "=== RESOURCE USAGE CHECK ==="
+    for service in "${services[@]}"; do
+        check_resource_usage "$service"
+    done
+    echo ""
+    
+    # Check logs for errors
+    print_status "=== LOG ERROR CHECK ==="
+    for service in "${services[@]}"; do
+        check_service_logs "$service" 20
+    done
+    echo ""
+    
+    # Final summary
+    print_status "=== HEALTH CHECK SUMMARY ==="
+    if [[ "$all_healthy" == true ]]; then
+        print_success "All services are healthy and operational!"
+        print_success "Application is ready for use at: $frontend_url"
+    else
+        print_error "Some issues were detected. Please review the output above."
+        return 1
+    fi
+}
+
+# Function to run quick health check
+run_quick_check() {
+    print_status "Running quick health check..."
+    
+    local services=("knowledge-assistant-frontend" "knowledge-assistant-backend" "knowledge-assistant-qdrant")
+    local all_healthy=true
+    
+    for service in "${services[@]}"; do
+        local url
+        url=$(get_service_url "$service")
+        
+        if [[ -n "$url" ]]; then
+            local endpoint="$url"
+            if [[ "$service" == *"backend"* || "$service" == *"qdrant"* ]]; then
+                endpoint="$url/health"
+            fi
+            
+            if ! check_url "$endpoint" "$service"; then
+                all_healthy=false
+            fi
+        else
+            print_error "Could not get URL for $service"
+            all_healthy=false
+        fi
+    done
+    
+    if [[ "$all_healthy" == true ]]; then
+        print_success "Quick health check passed - all services are responding"
+    else
+        print_error "Quick health check failed - some services have issues"
+        return 1
+    fi
+}
+
+# Main function
+main() {
+    local command="${1:-comprehensive}"
+    
+    case "$command" in
+        "quick")
+            run_quick_check
+            ;;
+        "comprehensive"|"")
+            run_comprehensive_check
+            ;;
+        "logs")
+            local service="${2:-knowledge-assistant-backend}"
+            local lines="${3:-50}"
+            check_service_logs "$service" "$lines"
+            ;;
+        "status")
+            local service="${2:-}"
+            if [[ -n "$service" ]]; then
+                check_service_status "$service"
+            else
+                for svc in "knowledge-assistant-frontend" "knowledge-assistant-backend" "knowledge-assistant-qdrant"; do
+                    check_service_status "$svc"
+                done
+            fi
+            ;;
+        *)
+            echo "Usage: $0 [quick|comprehensive|logs|status] [service_name] [lines]"
+            echo ""
+            echo "Commands:"
+            echo "  quick         - Quick health check of all services"
+            echo "  comprehensive - Comprehensive health check (default)"
+            echo "  logs          - Check logs for specific service"
+            echo "  status        - Check deployment status"
+            echo ""
+            echo "Examples:"
+            echo "  $0 quick"
+            echo "  $0 logs knowledge-assistant-backend 100"
+            echo "  $0 status knowledge-assistant-frontend"
+            exit 1
+            ;;
+    esac
+}
+
+main "$@"

scripts/deployment-utils.sh

@@ -0,0 +1,364 @@
+#!/bin/bash
+
+# Deployment Utilities and Helper Functions
+# This script provides common utilities for deployment operations
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+NC='\033[0m' # No Color
+
+# Logging functions
+log() {
+    echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" >&2
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+info() {
+    echo -e "${CYAN}[INFO]${NC} $1"
+}
+
+# Generate secure JWT secret
+generate_jwt_secret() {
+    local length=${1:-64}
+    openssl rand -base64 $length | tr -d "=+/" | cut -c1-$length
+}
+
+# Validate JWT secret
+validate_jwt_secret() {
+    local secret=$1
+    
+    if [ -z "$secret" ]; then
+        error "JWT secret is empty"
+        return 1
+    fi
+    
+    if [ ${#secret} -lt 32 ]; then
+        error "JWT secret must be at least 32 characters long"
+        return 1
+    fi
+    
+    if [[ "$secret" == *"change"* ]] || [[ "$secret" == *"your-"* ]] || [[ "$secret" == *"example"* ]]; then
+        error "JWT secret appears to be a placeholder value"
+        return 1
+    fi
+    
+    success "JWT secret validation passed"
+    return 0
+}
+
+# Wait for service to be ready
+wait_for_service() {
+    local url=$1
+    local timeout=${2:-300}  # 5 minutes default
+    local interval=${3:-10}  # 10 seconds default
+    local service_name=${4:-"service"}
+    
+    log "Waiting for $service_name to be ready at $url..."
+    
+    local elapsed=0
+    while [ $elapsed -lt $timeout ]; do
+        if curl -f -s "$url" > /dev/null 2>&1; then
+            success "$service_name is ready"
+            return 0
+        fi
+        
+        log "Waiting for $service_name... (${elapsed}s/${timeout}s)"
+        sleep $interval
+        elapsed=$((elapsed + interval))
+    done
+    
+    error "$service_name failed to become ready within ${timeout}s"
+    return 1
+}
+
+# Check service health
+check_service_health() {
+    local url=$1
+    local service_name=${2:-"service"}
+    local expected_status=${3:-200}
+    
+    log "Checking health of $service_name..."
+    
+    local response
+    local status_code
+    
+    response=$(curl -s -w "%{http_code}" "$url" 2>/dev/null)
+    status_code="${response: -3}"
+    
+    if [ "$status_code" = "$expected_status" ]; then
+        success "$service_name health check passed (HTTP $status_code)"
+        return 0
+    else
+        error "$service_name health check failed (HTTP $status_code)"
+        return 1
+    fi
+}
+
+# Run database migrations
+run_database_migrations() {
+    local database_url=$1
+    local migration_dir=${2:-"alembic"}
+    
+    log "Running database migrations..."
+    
+    if [ ! -d "$migration_dir" ]; then
+        warning "Migration directory $migration_dir not found, skipping migrations"
+        return 0
+    fi
+    
+    # Set database URL for alembic
+    export DATABASE_URL="$database_url"
+    
+    # Run migrations
+    if command -v alembic &> /dev/null; then
+        alembic upgrade head
+        success "Database migrations completed"
+    else
+        warning "Alembic not found, skipping migrations"
+    fi
+}
+
+# Initialize database
+initialize_database() {
+    local database_url=$1
+    local init_script=${2:-"scripts/init-db.sh"}
+    
+    log "Initializing database..."
+    
+    if [ -f "$init_script" ]; then
+        DATABASE_URL="$database_url" bash "$init_script"
+        success "Database initialization completed"
+    else
+        warning "Database initialization script not found at $init_script"
+    fi
+}
+
+# Backup SQLite database
+backup_sqlite_database() {
+    local db_path=$1
+    local backup_dir=${2:-"backups"}
+    local timestamp=$(date +"%Y%m%d_%H%M%S")
+    
+    if [ ! -f "$db_path" ]; then
+        warning "Database file $db_path not found, skipping backup"
+        return 0
+    fi
+    
+    mkdir -p "$backup_dir"
+    local backup_file="$backup_dir/database_backup_$timestamp.db"
+    
+    log "Creating database backup..."
+    cp "$db_path" "$backup_file"
+    
+    # Compress backup
+    gzip "$backup_file"
+    success "Database backup created: ${backup_file}.gz"
+}
+
+# Restore SQLite database
+restore_sqlite_database() {
+    local backup_file=$1
+    local db_path=$2
+    
+    if [ ! -f "$backup_file" ]; then
+        error "Backup file $backup_file not found"
+        return 1
+    fi
+    
+    log "Restoring database from backup..."
+    
+    # Handle compressed backups
+    if [[ "$backup_file" == *.gz ]]; then
+        gunzip -c "$backup_file" > "$db_path"
+    else
+        cp "$backup_file" "$db_path"
+    fi
+    
+    success "Database restored from $backup_file"
+}
+
+# Check disk space
+check_disk_space() {
+    local path=${1:-"."}
+    local min_space_gb=${2:-1}
+    
+    log "Checking disk space..."
+    
+    local available_space
+    available_space=$(df "$path" | awk 'NR==2 {print $4}')
+    local available_gb=$((available_space / 1024 / 1024))
+    
+    if [ $available_gb -lt $min_space_gb ]; then
+        error "Insufficient disk space: ${available_gb}GB available, ${min_space_gb}GB required"
+        return 1
+    fi
+    
+    success "Disk space check passed: ${available_gb}GB available"
+    return 0
+}
+
+# Check memory usage
+check_memory_usage() {
+    local max_usage_percent=${1:-80}
+    
+    log "Checking memory usage..."
+    
+    local memory_usage
+    memory_usage=$(free | awk 'NR==2{printf "%.0f", $3*100/$2}')
+    
+    if [ "$memory_usage" -gt "$max_usage_percent" ]; then
+        warning "High memory usage: ${memory_usage}%"
+        return 1
+    fi
+    
+    success "Memory usage check passed: ${memory_usage}%"
+    return 0
+}
+
+# Clean up old Docker images
+cleanup_docker_images() {
+    local keep_images=${1:-3}
+    
+    log "Cleaning up old Docker images..."
+    
+    # Remove dangling images
+    docker image prune -f
+    
+    # Remove old images (keep latest N)
+    docker images --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | \
+        grep -E "(knowledge-assistant|rag)" | \
+        sort -k2 -r | \
+        tail -n +$((keep_images + 1)) | \
+        awk '{print $1}' | \
+        xargs -r docker rmi -f
+    
+    success "Docker cleanup completed"
+}
+
+# Validate environment file
+validate_env_file() {
+    local env_file=$1
+    local required_vars=("${@:2}")
+    
+    if [ ! -f "$env_file" ]; then
+        error "Environment file $env_file not found"
+        return 1
+    fi
+    
+    log "Validating environment file: $env_file"
+    
+    # Source the file
+    source "$env_file"
+    
+    # Check required variables
+    local missing_vars=()
+    for var in "${required_vars[@]}"; do
+        if [ -z "${!var}" ]; then
+            missing_vars+=("$var")
+        fi
+    done
+    
+    if [ ${#missing_vars[@]} -ne 0 ]; then
+        error "Missing required environment variables: ${missing_vars[*]}"
+        return 1
+    fi
+    
+    success "Environment file validation passed"
+    return 0
+}
+
+# Create environment file from template
+create_env_from_template() {
+    local template_file=$1
+    local env_file=$2
+    local auto_generate=${3:-false}
+    
+    if [ ! -f "$template_file" ]; then
+        error "Template file $template_file not found"
+        return 1
+    fi
+    
+    if [ -f "$env_file" ]; then
+        warning "Environment file $env_file already exists"
+        return 0
+    fi
+    
+    log "Creating environment file from template..."
+    cp "$template_file" "$env_file"
+    
+    if [ "$auto_generate" = "true" ]; then
+        # Auto-generate JWT secret
+        local jwt_secret
+        jwt_secret=$(generate_jwt_secret)
+        
+        # Replace placeholder values
+        sed -i "s/your-super-secret-jwt-key-change-in-production-minimum-32-chars/$jwt_secret/g" "$env_file"
+        sed -i "s/your-super-secure-jwt-secret-key-change-this-in-production/$jwt_secret/g" "$env_file"
+        
+        success "Environment file created with auto-generated values"
+    else
+        success "Environment file created from template"
+        warning "Please edit $env_file with your configuration"
+    fi
+}
+
+# Monitor deployment progress
+monitor_deployment() {
+    local platform=$1
+    local services=("${@:2}")
+    
+    log "Monitoring deployment progress on $platform..."
+    
+    case $platform in
+        railway)
+            for service in "${services[@]}"; do
+                log "Monitoring Railway service: $service"
+                railway logs --service "$service" --tail 50 &
+            done
+            ;;
+        cloudrun)
+            for service in "${services[@]}"; do
+                log "Monitoring Cloud Run service: $service"
+                gcloud logging tail "resource.type=cloud_run_revision AND resource.labels.service_name=$service" &
+            done
+            ;;
+        local)
+            log "Monitoring local Docker containers"
+            docker-compose -f docker-compose.prod.yml logs -f &
+            ;;
+        *)
+            warning "Monitoring not implemented for platform: $platform"
+            ;;
+    esac
+    
+    # Wait for user input to stop monitoring
+    read -p "Press Enter to stop monitoring..."
+    
+    # Kill background jobs
+    jobs -p | xargs -r kill
+}
+
+# Export functions for use in other scripts
+export -f log error success warning info
+export -f generate_jwt_secret validate_jwt_secret
+export -f wait_for_service check_service_health
+export -f run_database_migrations initialize_database
+export -f backup_sqlite_database restore_sqlite_database
+export -f check_disk_space check_memory_usage
+export -f cleanup_docker_images validate_env_file
+export -f create_env_from_template monitor_deployment