Implement zero-secrets Railway deployment architecture with cost protection and multi-platform failover

[Copilot]

Adds comprehensive deployment infrastructure enabling Railway deployment without committed secrets, automatic cost protection, and migration paths to Coolify/VPN hosting when free-tier limits are reached.

Core Architecture

Zero-secrets deployment

• Application runs immediately without API keys via safe stub integrations
• .agents file specifies secret schema for downstream provisioning agents
• master.secrets.json.template provides local secret management structure
• Optional full integration mode via environment variables

Cost protection

• Resource monitoring with configurable thresholds (default: 512MB)
• Automatic shutdown and maintenance mode on limit breach
• Static fallback page (maintenance.html) served during migration

Configuration

Railway deployment (railway.toml, railway.json, nixpacks.toml, Procfile)

• Python 3.12 runtime with FFmpeg
• Single replica, free-tier optimized
• Zero-configuration first deploy

Multi-platform support

• Primary: Railway (auto-configured)
• Secondary: Coolify (documented migration path)
• Tertiary: Hostinger VPN (optional secure deployment)

Security

• Command injection fixed: os.system() → subprocess.run() with argument lists
• All secrets excluded via .gitignore
• Consistent stub key placeholder (stub-key) across configs
• CodeQL: 0 vulnerabilities

Implementation

# app_enhanced.py - Zero-secrets mode with graceful fallback
class Config:
    GROQ_API_KEY = os.environ.get('GROQ_API_KEY', 'stub-key')
    
    @staticmethod
    def is_api_configured():
        return Config.GROQ_API_KEY not in ['groq-key', 'stub-key']

def get_relevant_segments(transcript, user_query):
    if not Config.is_api_configured():
        return get_relevant_segments_stubbed(transcript, user_query)
    # Real API processing...

Documentation

• DEPLOYMENT.md - Platform-agnostic deployment guide
• COOLIFY_MIGRATION.md - Step-by-step migration checklist
• HOSTINGER_VPN_DEPLOYMENT.md - VPN setup and security
• DEPLOYMENT_CHECKLIST.md - Validation workflow

Deploy: railway login && railway init && railway up

Original prompt

UNIVERSAL META-PROMPT FOR REPO-AGNOSTIC ZERO-SECRETS DEPLOYMENT ON RAILWAY (ENHANCED EDITION)

Below is the enhanced, unified meta-prompt. It contains all original sections unchanged, and adds the new capabilities requested: .agents file generation, master secrets architecture, Hostinger VPN + Coolify support markers, cost-protection guardrails, free-tier ceiling detection, automatic shutdown + maintenance landing page, and hooks for multi-host failover.

You will paste this entire document into Gemini’s builder/anti‑gravity system when running against any repository.

---

META-PROMPT START

SYSTEM ROLE / IDENTITY
You are "Railway Zero-Secrets Bootstrapper", an autonomous software engineer and DevOps agent, extended with cross-host orchestration and cost-protection logic.

Your mission:
Given ANY Git repository, you must:
1. Analyze the codebase.
2. Disable or safely stub all external third-party integrations requiring secrets.
3. Wire the project for deployment on Railway using minimal configuration.
4. Guarantee FIRST DEPLOY boots successfully and produces a working public UI URL.
5. Generate a `.agents` file containing:
   - A structured list of all secrets required by the repo.
   - Exact variable names.
   - Expected value formats.
   - Placeholder defaults.
   - Logical grouping into modules.
   - A machine‑readable schema for a *separate secrets‑provisioning agent*.
6. Integrate local secret-management architecture:
   - Detect and write/update a `master.secrets.json` file (or similar) on the user’s machine.
   - This file contains all secrets for all projects.
   - Do NOT commit secrets to the repo.
7. Provide compatibility markers for Hostinger VPN + Coolify:
   - Create placeholders for Coolify deployment config.
   - Create network notes for Hostinger VPN tunneling.
   - Do NOT activate these unless instructed; just create the scaffolding.
8. Add **cost-protection guardrails**:
   - Enforce minimal resource usage.
   - Force low-tier instances.
   - Hard‑limit resource allocations in Railway config.
   - Query Railway usage data.
   - If predicted usage exceeds free tier:
       • Auto-shutdown service.
       • Deploy a temporary static maintenance/landing page.
       • Notify via log/console output.
9. If a free‑tier breach is detected, or if manual update is triggered, the agent must:
   - Export an HTML "Maintenance Mode" landing page.
   - Auto-deploy that page to Railway.
   - Suspend the main service.
   - Prepare the project for migration to Coolify.
   - Generate a migration checklist inside `COOLIFY_MIGRATION.md`.
10. Maintain all previous instructions exactly; only extend functionality.

--------------------------------------------------
GLOBAL ASSUMPTIONS
--------------------------------------------------
(Original assumptions preserved.)
You now also assume:
- Access to the user's local secret master file: `master.secrets.json`.
- Ability to write `.agents` file describing all required secrets.
- Ability to generate fallback configs for Coolify.
- Ability to implement free-tier monitoring and auto-shutdown logic.
- Ability to output a static maintenance page.

--------------------------------------------------
HIGH-LEVEL GOALS
--------------------------------------------------
(Original goals preserved.)
Expanded goals:
- Automatically produce `.agents` secret-spec file.
- Update global `master.secrets.json` with new project keys.
- Inject resource-usage guardrails into `railway.toml`.
- Create `maintenance.html` and deploy it when triggered.
- Create `COOLIFY_SUPPORT.md` and `COOLIFY_MIGRATION.md` stubs.

--------------------------------------------------
STEP-BY-STEP PROCESS
--------------------------------------------------
(All original steps preserved — sections below INSERT the enhancements.)

STEP 1 — REPO ANALYSIS
(Original instructions preserved; no deletions.)

STEP 2 — ENV & SECRET DISCOVERY
(Original instructions preserved.)
Additional requirements:
- After classification, generate a `.agents` file containing all OPTIONAL_INTEGRATION variables using the format:
  {
    "project": "<projectName>",
    "core": [...],
    "optional": [...],
    "required_secrets": [...],
    "schema": {...}
  }
- If ANY env var appears to be a secret, include it in `.agents` even if disabled.
- The `.agents` file must be consumable by another Gemini agent that injects real secrets later.

STEP 3 — DISABLE / STUB OPTIONAL INTEGRATIONS
(Original instructions preserved.)
No deletions.

STEP 4 — STABILIZE CORE INFRA FOR RAILWAY
(Original instructions preserved.)
No deletions.

STEP 5 — RAILWAY CONFIG: FILES & COMMANDS
(Original instructions preserved.)
Enhancements:
- Inject cost guardrails:
  - Use the smallest possible Railway plan type.
  - Explicitly enforce limited RAM/CPU via environment or Nixpacks flags.
  - Add monitoring markers so future agents know where to check usage.

STEP 6 — RAILWAY CLI PROJECT LINKING & METADATA FILES
(Original instructions preserved...

</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR implements a comprehensive zero-secrets deployment architecture for the AFRO-CLIPZ video clipping application, enabling deployment to Railway without requiring committed secrets, with automatic cost protection and multi-platform failover capabilities.

Key Changes:

• Implements stub-mode operation allowing immediate deployment without API keys
• Adds resource monitoring with configurable thresholds and automatic shutdown on limit breach
• Provides multi-platform deployment support (Railway, Coolify, Hostinger VPN) with migration guides

Reviewed changes

Copilot reviewed 16 out of 18 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
requirements.txt	Adds psutil dependency for resource monitoring
railway.toml	Railway deployment configuration with cost protection settings
railway.json	Service definitions for Railway deployment
nixpacks.toml	Build configuration specifying Python 3.12 runtime and FFmpeg
Procfile	Process definition for Railway
app_enhanced.py	Enhanced application with zero-secrets architecture and cost monitoring
maintenance.html	Static maintenance page served during migration
master.secrets.json.template	Template for local secret management
.gitignore	Comprehensive exclusions to prevent secret leakage
.env.example	Environment variable template with documentation
.agents	Machine-readable secret specification schema
README.md	Updated with deployment instructions and feature highlights
DEPLOYMENT.md	Complete deployment guide covering all platforms
DEPLOYMENT_CHECKLIST.md	Step-by-step deployment validation checklist
COOLIFY_SUPPORT.md	Coolify platform setup instructions
COOLIFY_MIGRATION.md	Detailed migration guide from Railway to Coolify
HOSTINGER_VPN_DEPLOYMENT.md	VPN deployment setup and configuration guide
IMPLEMENTATION_SUMMARY.md	Comprehensive implementation documentation

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The FFmpeg subprocess call uses user-provided video_path directly in the command arguments without validation. If video_path comes from user input (e.g., environment variables or API parameters), it should be validated to ensure it doesn't contain path traversal attacks or other malicious inputs. Consider validating that the path exists, is a file, and doesn't escape expected directories.

Suggested change

	model = whisper.load_model(model_name)
	audio_path = "temp_audio.wav"
	# Extract audio using ffmpeg (secure subprocess call)
	try:
	subprocess.run([
	"ffmpeg", "-i", video_path, "-ar", "16000", "-ac", "1",
	# Validate video_path
	base_dir = os.path.abspath(os.getcwd())
	abs_video_path = os.path.abspath(os.path.realpath(video_path))
	if not abs_video_path.startswith(base_dir + os.sep):
	raise ValueError("Invalid video path: path traversal detected")
	if not os.path.isfile(abs_video_path):
	raise ValueError("Invalid video path: file does not exist")
	model = whisper.load_model(model_name)
	audio_path = "temp_audio.wav"
	# Extract audio using ffmpeg (secure subprocess call)
	try:
	subprocess.run([
	"ffmpeg", "-i", abs_video_path, "-ar", "16000", "-ac", "1",

[Copilot]

The FREE_TIER_LIMIT_MB default of 500MB may be too low for Railway's free tier, which provides 512MB. Consider increasing the default to 512MB to align with Railway's actual free tier limit and avoid premature shutdowns.

Suggested change

	FREE_TIER_LIMIT_MB = "500"
	FREE_TIER_LIMIT_MB = "512"

[Copilot]

The maintenance mode badge uses an emoji (🔧) which may not be announced consistently by screen readers. Consider adding aria-label="Maintenance Mode" to the status badge element or using text-based alternatives alongside emojis.

Suggested change

	<div class="status-badge">🔧 Maintenance Mode</div>
	<div class="status-badge" aria-label="Maintenance Mode">🔧 Maintenance Mode</div>

[Copilot]

Including both ffmpeg and ffmpeg-full is redundant and will increase build size/time unnecessarily. ffmpeg-full includes all features of the base ffmpeg package. Consider removing the ffmpeg entry and keeping only ffmpeg-full.

Suggested change

	nixPkgs = ["python312", "ffmpeg", "ffmpeg-full"]
	nixPkgs = ["python312", "ffmpeg-full"]

[Copilot]

The error message "Input video not found" could be more helpful by suggesting next steps. Consider adding information about where the application expects the video file or how to provide one (e.g., "Please ensure input_video.mp4 exists in the working directory, or set VIDEO_INPUT_PATH environment variable to specify a different path").

Suggested change

	print(f"❌ Input video not found: {input_video}")
	print("Please provide a video file to process.")
	print(f"❌ Input video not found: {input_video}\n"
	"Please ensure the video file exists at the specified path.\n"
	f"By default, the application expects the file at '{input_video}'.\n"
	"You can set the VIDEO_INPUT_PATH environment variable to specify a different path.\n")

[Copilot]

Using ast.literal_eval() to parse the API response is risky because it expects Python literal syntax, but the API returns JSON. If the API response contains JSON-specific syntax (like null, true, false instead of None, True, False), this will fail. Use json.loads() instead for proper JSON parsing.

Suggested change

	conversations = ast.literal_eval(response_data)["conversations"]
	conversations = json.loads(response_data)["conversations"]

[Copilot]

The [railway], [railway.optimization], and [railway.maintenance] sections are not standard Railway configuration syntax. Railway primarily uses [build] and [deploy] sections. These custom sections will be ignored by Railway and may cause confusion. Consider removing these or documenting them as informational metadata only.

Suggested change

	[railway]
	# Monitoring configuration for usage tracking
	monitoring = true
	# Free tier optimization
	[railway.optimization]
	minimize_costs = true
	use_free_tier = true
	auto_scale = false
	# Maintenance mode configuration
	[railway.maintenance]
	enabled = false # Will be enabled automatically if free tier exceeded
	fallback_service = "maintenance-static"
	migration_target = "coolify"
	# Monitoring configuration for usage tracking
	# monitoring = true
	# Free tier optimization
	# minimize_costs = true
	# use_free_tier = true
	# auto_scale = false
	# Maintenance mode configuration
	# enabled = false # Will be enabled automatically if free tier exceeded
	# fallback_service = "maintenance-static"
	# migration_target = "coolify"

[Copilot]

FFmpeg is being called to extract audio, but the output format is specified as "mp3" while the filename is "temp_audio.wav". This mismatch between file extension and format may cause issues. Either change the format parameter to match the extension (-f wav) or change the filename to temp_audio.mp3.

Suggested change

	"-b:a", "64k", "-f", "mp3", audio_path, "-y"
	"-b:a", "64k", "-f", "wav", audio_path, "-y"

[Copilot]

The memory usage check uses psutil.Process(os.getpid()).memory_info().rss which only measures the current process's memory. However, the application may spawn child processes (FFmpeg, Whisper model loading) that consume significant memory beyond the parent process. Consider using psutil.virtual_memory() to check system-wide memory usage or tracking child processes explicitly.

[Copilot]

The SVG icon is missing essential accessibility attributes. Add role="img" and aria-label to make the icon accessible to screen readers. For example: <svg role="img" aria-label="Success checkmark" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">