Deployment
CoquiTitle uses AWS Lambda functions deployed via container images and zip packages.
Prerequisites
- AWS CLI configured with appropriate credentials
- Docker (for container Lambdas)
- Terraform 1.13+
- Supabase CLI
- GCP credentials in AWS Secrets Manager
Lambda Functions
| Lambda | Type | Purpose |
|---|---|---|
coquititle-api | Zip | REST API endpoints |
coquititle-ocr-processor | Zip | Document AI OCR processing |
coquititle-pending-docs-processor | Zip | Pending presentation processing |
coquititle-extractor | Container | Multi-pass data extraction |
coquititle-title-state-builder | Container | Deterministic title derivation |
coquititle-evidence-resolver | Container | Evidence validation |
coquititle-report-generator | Container | Multi-pass report generation |
Deploy Sequence
1. Infrastructure (Terraform)
cd /Users/angus/Code/alianza-infra
source scripts/setup-local-auth0-env.sh
terraform plan -var-file=environments/dev/terraform.tfvars
terraform apply
2. Database Migrations
cd /Users/angus/Code/alianza-infra/supabase
supabase link --project-ref yodutvdnvvmbuaxccbex
supabase db push
3. Lambda Functions
Container Lambdas:
cd /Users/angus/Code/alianza-hq/backend/coquititle/lambdas
# Deploy individual Lambda
./deploy.sh extractor
./deploy.sh title-state-builder
./deploy.sh evidence-resolver
./deploy.sh report-generator
# Or deploy all at once
./deploy.sh all
The unified deploy script:
- Builds Docker image using AWS Lambda Python 3.12 base (ARM64)
- Pushes to ECR (
915848750366.dkr.ecr.us-east-2.amazonaws.com) - Updates Lambda function code
- Uses
lambdas/as build context to includeshared/modules
4. Frontend (Vercel)
Push to main branch triggers auto-deploy to app.alianzacap.com
Environment Variables
All Lambdas require these (configured in Terraform):
| Variable | Description |
|---|---|
SUPABASE_HOST | Database host |
SUPABASE_DB_URL_SECRET | Secrets Manager key for DB credentials |
S3_BUCKET | Document storage bucket |
GCP_PROJECT_ID | Google Cloud project for AI services |
LANGFUSE_ENABLED | Enable Langfuse tracing |
LANGFUSE_SECRET_KEY_ARN | Langfuse credentials ARN |
Verify Deployment
# Check Lambdas
aws lambda list-functions \
--query 'Functions[?starts_with(FunctionName, `coquititle`)].FunctionName'
# Check Lambda config
aws lambda get-function-configuration \
--function-name coquititle-extractor-dev
# Tail logs
aws logs tail /aws/lambda/coquititle-extractor-dev --follow
Monitoring
Key CloudWatch log groups:
/aws/lambda/coquititle-api-dev/aws/lambda/coquititle-ocr-processor-dev/aws/lambda/coquititle-extractor-dev/aws/lambda/coquititle-report-generator-dev
Look for:
[MULTIPASS]- Multi-pass extraction/report progress[VALIDATION]- Span validation results[WARNING]- Non-fatal issuesERROR:- Fatal errors[langfuse]- Langfuse tracing status
Troubleshooting
| Issue | Check |
|---|---|
| Lambda 500 | CloudWatch logs, env vars, IAM permissions |
| OCR not running | API invokes OCR (not S3 events) |
| Extraction timeout | Lambda timeout (should be 900s) |
| Evidence failing | ocr_lines table has data |
| Report stuck | Lambda logs for Gemini API errors |